sukomabawls
08-04-2007, 11:46 PM
Get an IP address.
!!WARNING!! These can be used to send keyloggers and other virsues so be careful about giving yours away!!
when you're talking to someone in aim or msn send to the contact a file while he is online , send him/her a photo or something else , doing that a peer-to-peer connection opens while your contact gets the file/photo no matter what it is , make sure that you have a DOS Prompt open (located at:start > programs > MS-DOS Prompt) and type the command: netstat while sending them the file and you will see a list in the DOS Prompt of all the connections your computer has that time , one of them must be your friend that is receiving the file.
Sending an email using telnet, you can send it with any email address, great for pranks!
Just as in POP3 connection, when you click on the 'Send' button, your e-mail client contacts the SMTP server of your mail service / ISP. It then uses a set of commands to transmit your e-mail. What we are going to do is try these commands ourselves, and get a first-hand experience of how things work. SMTP servers usually have the DNS address: smtp.<your_isp>.com, or mail.<web_mail_address>.com. Some samples are: mail.monitortools.com, mail.adminfavorites.com.
In this document, we:
shall use Telnet to connect to the SMTP server.
shall give commands to the server, then type our e-mail, and finally tell the server, 'Okay, the e-mail is done. Send it.
can then send more mails, or disconnect from the server.
The steps are quite similar to what you do when you send an e-mail from - for instance - Outlook Express. We are going to use the SMTP server of monitortools.com with the ID 'webmaster'.
Step 1
Connect to the Internet in case you are a dial-up user. Open an MS-DOS prompt, and enter this command:
C:\WINDOWS>telnet mail.monitortools.com 25
This will open a Telnet window, and within a short time, you will be connected to the SMTP server, and the server says:
220 PROTAGONISTNT Mailmax version 4. 8. 3. 0 ESMTP Mail Server Ready
This varies, but you should definitely see the '220' part. It is an indication that the server is ready to service your request.
step 2
Now the server expects you to identify yourself. If you are a dial-up user, you can enter the name of your computer (the one Windows asks you when you intall Windows) or anything else you want. If you have a domain-name, then you should enter the domain-name here. My computer's name is dell01, so I say:
helo dell01
Note that it is 'helo' and not 'hello'. The commands are not case-sensitive, so you can also say HeLo or HELO or hELo. The server replies:
250 HELO 217.120.215.201, How can I help you?
This is like a shake-hand. You tell the server your name, and it says its name! Computers are quite friendly, you see!
step 3
Next give the server your e-mail address. Note that most SMTP servers require that your e-mail address belong to the same domain as the server. For example, if you send mail from Yahoo! SMTP server, you should have a Yahoo! address. You cannot use it if you give it a Hotmail address. Let me give the SMTP server some e-mail address:
mail from: webmaster@monitortools.com
'mail from:' is a SMTP command. Note that there is a space between 'mail' and 'from', followed by a colon (:). The server says:
250 Ok
step 4
Tell the server who you want to send the e-mail to. Let me send a mail to info@activexperts:
rcpt to: info@activexperts.com
There are no restrictions here. You can enter any e-mail address. If there is some problem with the recipient-address, your mail will bounce, but for now, the server doesn't complain. It will say:
250 Ok
step 5
You have told the server your e-mail address, and the recipient's e-mail address, so now you can go ahead and type the e-mail. You have to do that with the data command:
data
The server asks you to go ahead with your e-mail:
354 End data with .
Don't worry with the thing. It'll be explained later.
step 6
Now type in your e-mail, like this:
This is a test e-mail.
Remember to type it all right. Backspace key doesn't work in Windows
Telnet, though it does in Linux. If you make a mistake, try pressing
CTRL-h. If it works, well and good.
.
When you finish your e-mail, press [ENTER], then a '.', and again an [ENTER]. This tells the server that you have finished the e-mail, and it can send it. It will say:
250 Ok: queued as 6AB5150038
Your mail was sent!
step 7
Now you can either send another mail, or disconnect from the server. If you want to send another mail, you should repeat the 'rcpt to:' and 'data' commands. There is no need for 'helo' and 'mail from:', because the server already knows who you are. If you want to disconnect, just say 'quit':
quit
The server will reply:
221 Bye
and you will lose connection with the server. Hurray, you sent a mail direct from the server! Try this in front of your friends who may be used to only GUIs and icons. They will begin to call you up for technical support!
little add on to above:
to make the emails look more authentic you can add a "Subject" to the email by using..... you guesed it a "subject:" command.
the subject should be added after the data and before the email body (text)
should look like this:
C:\WINDOWS>telnet smtp.isp-domain.com 25
helo
mail from:you@domain.com
rcpt to:them@domain.com
data
subject: a spoofed email
helo this is a spoofed email
.
Writeing a buffer overflow and cuasing someone bad laggs
Step 1
Connect to the Internet in case you are a dial-up user. Open an MS-DOS prompt, and enter this command:
C:\WINDOWS>telnet mail.monitortools.com 25
This will open a Telnet window, and within a short time, you will be connected to the SMTP server, and the server says:
220 PROTAGONISTNT Mailmax version 4. 8. 3. 0 ESMTP Mail Server Ready
This varies, but you should definitely see the '220' part. It is an indication that the server is ready to service your request.
Step 2
Now the server expects you to identify yourself. If you are a dial-up user, you can enter the name of your computer (the one Windows asks you when you intall Windows) or anything else you want. If you have a domain-name, then you should enter the domain-name here. My computer's name is dell01, so I say:
helo dell01
Note that it is 'helo' and not 'hello'. The commands are not case-sensitive, so you can also say HeLo or HELO or hELo. The server replies:
250 HELO 217.120.215.201, How can I help you?
This is like a shake-hand. You tell the server your name, and it says its name! Computers are quite friendly, you see!
Step 3
Next give the server your e-mail address. Note that most SMTP servers require that your e-mail address belong to the same domain as the server. For example, if you send mail from Yahoo! SMTP server, you should have a Yahoo! address. You cannot use it if you give it a Hotmail address. Let me give the SMTP server some e-mail address:
mail from: webmaster@monitortools.com
'mail from:' is a SMTP command. Note that there is a space between 'mail' and 'from', followed by a colon (:). The server says:
250 Ok
Step 4
Tell the server who you want to send the e-mail to. Let me send a mail to info@activexperts:
rcpt to: info@activexperts.com
There are no restrictions here. You can enter any e-mail address. If there is some problem with the recipient-address, your mail will bounce, but for now, the server doesn't complain. It will say:
250 Ok
Step 5
You have told the server your e-mail address, and the recipient's e-mail address, so now you can go ahead and type the e-mail. You have to do that with the data command:
data
The server asks you to go ahead with your e-mail:
354 End data with .
Don't worry with the thing. It'll be explained later.
Step 6
Now type in your e-mail, like this:
This is a test e-mail.
Remember to type it all right. Backspace key doesn't work in Windows
Telnet, though it does in Linux. If you make a mistake, try pressing
CTRL-h. If it works, well and good.
.
When you finish your e-mail, press [ENTER], then a '.', and again an [ENTER]. This tells the server that you have finished the e-mail, and it can send it. It will say:
250 Ok: queued as 6AB5150038
Your mail was sent!
Step 7
Now you can either send another mail, or disconnect from the server. If you want to send another mail, you should repeat the 'rcpt to:' and 'data' commands. There is no need for 'helo' and 'mail from:', because the server already knows who you are. If you want to disconnect, just say 'quit':
quit
The server will reply:
221 Bye
and you will lose connection with the server. Hurray, you sent a mail direct from the server! Try this in front of your friends who may be used to only GUIs and icons. They will begin to call you up for technical support!
little add on to above:
to make the emails look more authentic you can add a "Subject" to the email by using..... you guesed it a "subject:" command.
the subject should be added after the data and before the email body (text)
should look like this:
C:\WINDOWS>telnet smtp.isp-domain.com 25
helo
mail from:you@domain.com
rcpt to:them@domain.com
data
subject: You nooby
you just got pranked, ya noob
How to not get banned on runescape, or just hide your IP address for good!
Anonymity stands for keeping ur privacy on the net. U never know who is watching u and what he/she is looking for. The main concern is to keep ur ip (Internet Protocol) hidden.
NOTE: The major problem is about adsl and school connections which have a static ip (doesnt change). Easy to trace.
Exploring the net.
When visiting a site, ur ip date and hour is recorded in webserver's logs. Thats happens in every GET request. So, u can use proxies to stay anonymous.
Anonymizer - http://www.anonymizer.com/
The Cloak - http://www.the-cloak.com/
NOTE: Proxies are caches that relay data. When u configure ur web browser to use a proxy, it never connects to the URL. Instead it always connects to the proxy server, and asks it to get the URL for u. It works similarly with other type of services such as IRC, ICQ etc. There'll won't be direct connection between u and the server, so ur real IP address won't be revealed to the server. When u view a website on the server, the server won't see ur IP.
Cookies.
When u login in a site or a service (ex. yahoo mail) and there is an option the PC to remember the username and password, if u accept this, those data will record in cookies. So, NEVER use a public PC and type username and password. If u have to do this, make sure that the option to remember the username and password s off (or if the msg box popups up, just click no).
Services.
When signing for services on the net, ALWAYS use fake informations. ex. when signing for yahoo, use a fake name and any other fakes data u like. U 'll be able to use the services again, but nobody 'll know who u really are.
ICQ.
Send and receive messages via ICQ server, not directly. Every direct connection enables attacker to learn ur IP. Encrypt ur messages by dedicated software, encryption addons.
NOTE: There are addons which enhance ur ICQ with possibility to encrypt outcoming messages. The user on the other side needs to have the addon as well in order to decrypt your message.
Top Secret Messenger (TSM) - http://www.encrsoft.com/products/tsm.html (trial version has only weak 8-bit encryption)
Chat Buddy - http://www.planet-express.com/sven/technical/dev/chatbuddy/default.html ( a freeware Windows application for encrypting chat sessions)
SSL tunneling.
SSL tunneling means, basically, encryption. U can identify it if the URL starts with https:// (usually a normal normal URL starts with http:// ). So, if a URL doesnt using SSL tunneling, not suggested to give sensitive private or business informations (ex. credit card number).
NOTE: U can secure ur connections too with SSL tunneling. For windows http://www.totalrc.net/?s and for windows and unix http://mike.daewoo.com.pl/computer/stunnel .
FTP transfers.
When using an FTP client program to download files, assure yourself, that it's giving a bogus password, like guest@unknown.com , not your real one. If your browser lets you, turn off the feature that sends your e-mail address as a password for anonymous FTP sessions.
Emailers and remailers.
Do a search on the net and find anonymous mailers. With this way u wont give ur real email. Although be afraid that there is a risk for ur ip to be recorded in email headers. So, u can simply use remailers.
Chain - http://www.obscura.com/crypto.html (is a menu-driven remailer-chaining script)
Raph Levien's remailer availability page - http://www.sendfakemail.com/~raph/remailer-list.html (offers comprehensive information about the subject)
The Cypherpunks Remailers - http://www.csua.berkeley.edu/cypherpunks/remailer/ (developed to provide a secure means of providing anonymity on the nets. Here you can find out about the available remailers, those which have been standard in existance for a long time as well as the new experimental remailers and anonymous servers)
IRC.
Well, u can use proxies or socks4 or socks5. With that way ur ip will be hidden behind the proxy.
U can connect on a BNC, which 'll hide ur ip again.
If u are connected on undernet, u can create a username on @x ( http://cservice.undernet.org/live/ ) join #cservice for help. When u create one, type /msg x@channels.undernet.org login username password. Then /mode urnickname +x .This 'll hide ur ip and ur host.
Firewalls.
U must have a firewall, so ur PC 'll be protected against attacks, trojans etc. Firewalls are listen on ports for incoming and outgoing requests (depends the firewall) blocks any attacks and give u a report.
NOTE: Even if u have a firewall, there is a possibility to get hacked.
Black Ice Defender - http://blackice.iss.net/
Zonealarm - http://www.zonelabs.com/store/content/home.jsp
NOTE: A good place to find all kinds of proxies, socks4 and socks5 is http://www.atomintersoft.com/products/alive-proxy/proxy-list/
Finding a website users passwords
Dont worry it wont work on runescape! srry if i got ur hopes up...
Please know that hacking webpages is consitered lame
in many's opinions, and it will most likly not give
you a good reputation. People can always check logs
once notified of hacking and most likly your address
will come up and then at worst they will press charges
for some elaborate computer crimes law and you will
goto prison for up to 10 years and owe alot of $. So
please attempt to refrain from abusing your knowlage
on this subject. This is for informational purposes
only.
"Free" Web Pages
Free webpages is web page hosting companies
like Tripod and Geocities that host peoples web pages
for free and make money off advertising. There is ways
to hack these companies and have access to all users,
but it would be to complex for most people. This way
is simply social engineering which is not very hard to
do, so don't proclaim yourself an Uberhacker because
you vandalised a poor guy's webpage, who just happened
to have his information on his site. All you have to do
is set up an account with a free email service like
hotmail and find your target. On your targets page up
need to have the date of birth, name, and their old
email, or instead of the DOB there address (I have lost
my pass to a smaller company, and they needed the
address i had registered with). All these free web page
companies have their "verification" for people who have
lost there password to their page. All their is to it
is once you have this information is you either email
the company telling them you changed your email address
and once that is done wait about 2 weeks and then email
them again saying that you lost your password. Most will
email you telling you that you need some sort of
verification, like the DOB or Address. In which you
email them back and tell them and get a new password.
On the other hand, companies like Geocities are too
busy for email so they have set up a web site where
members can get there password back
(http://www.geocities.com/help/pass_form.html).
Getting Passwords
Okay suppose you found a page you want to hack,
that is on someone elses server thats a basic server,
light security. Okay very light security. I will be
truthful. This pretty much works on servers with no
security [=.
Getting a passwd file is pretty easy. Simply telnet
into the servers FTP anonymously and look in the ETC
directory and get the file called Passwd.
Another way to get them is to find your target and in
a WWW browser type
cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd after
the servers name. For example the name may be
http://www.hackme.com/, you would goto
http://www.hackme.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd except instead of www.hackme.com you would replace that with your targets URL.
You may get a passwd file that has no user accounds,
but only defaults which where the encrypted password
should be a * would be in its place. On certain servers
with this you may have a shadowed passwd but on all
passwd files i have come across there is some user
names like FTP and NEWS that have no encrypted passwords
which is replaced with *. If you find only this and no
encrypted passwds you probably have found a fixed
passwd file and you must try another method of hacking
the server. You need to examine this file and look for
a line in the text that looks like this:
rrc:uXDg04UkZgWOQ:201:4:Richard Clark:/export/home/rrc:/bin/kshdoes not need to look exactly like that, the only important part it needs it the uXDg04UkZgWOQ and rcc, which is the login part. Get a program called John the Ripper whcih can be found on any hacking site on the web. If you are to lazy, or stupid to find one on the web heres a good place to go for newbies http://www.hackersclub.com/km/
I will not go in depth right here on passwd files, but i
have written a text on passwd's going good into the
subject which can be found at
http://www.xtalwind.net/~lmclaulin/ugpasswd.txt.
Anyway, using John the Ripper is easy, if you want to
quickly hack something give the command (in DOS prompt)
"john passwd -single" Replace "passwd" in there with
the name of the passwd file, you may have saved it as
passwd.txt or something. An important thing to remember
is that the passwd file needs to be in the same
directory as John. To see a list of other methods for
cracking a passwd file, just type John and it will give
you a list of commands. I have found john won't work
for me with wordlists but other people say that it
works fine for them. You can use incremental mode
(to use that the command is "John passwd -incremental"
It takes like a few days to finish so I wouldn't really
want it to let it go on forever and ever if it was
just some normal passwd file. Unless its like NASA's
passwd file (keep dreaming, they probably change
passwords everyday and that file is very outdated)
I wouldn't want to use that too much. To see a
complete list of John's cracking capabilities, just
type john and it will give you a list of commands
that you may use.
If you Have an Account with the Users Server
The next section is on how you can get a webpage password if
you already have an account with the server.
Exploiting Net Adminstration CGI
Well since nethosting.com either shutdown or whatever I figured what the hell before I forget
how I did the more recent hacks etc... I'd tell you how so maybe you'll find the same sys
elsewhere or be able to use it for ideas.
Basically Nethosting.com did all it's administration via cgi's at net-admin.nethosting.com,
well you need an account, card it if necessary, log in to net-administration, you'll see crap
like ftp administration, email, etc... who really cares about e-mail so we'll go to ftp.
Click on ftp administration. Lets say you were logged in as 7thsphere.com your url would be
something like:
http://net-admin.nethosting.com/cgi-bin/add_ftp.cgi?7thsphere.com+ljad32432jl
Just change the 7thsphere.com to any domain on the sys or if in the chmod cgi just del that part
but keep the + sign and you edit the /usr/home dir. In the ftp administration make a backdoor
account to that domain by creating an ftp who's dir is / since multiple /// still means /.
Once you have your backdoor have fun. Oh yeah and in the email you can add aliases like I did
to rhad's e-mail account at 7thsphere, why the hell is he on that winsock2.2 mailing list?
Well the basic theory of this type of exploitation is that:
- the cgi is passed a paramater which we change to something else to edit it's info
- since it uses the stuff after the + to check that it's a valid logged
in account(like hotmail does), it dosen't check the password again.
- multiple ///'s in unix just mean a /, thus we can get access to people's dir or the entire
/usr/home dir
I used this method for getting passes for a few well known places:
Other Ways Of getting User Pages
Another method that may work with really stupid
Admins is sometimes, when you FTP to a server, you can
leave your home directory and go back a few directories
and find your targets directory. Once you have done
that if you can access the HTML files and save them
to disk and then "edit them". The HTML files may or
may not be stored on FTP but with smarter admins they
are not accessable by other users.
Getting busted "hacking" will not be a fun process
unless you like paying $10,000
srry its super long just didnt want to double post threads lol, please post what you think
!!WARNING!! These can be used to send keyloggers and other virsues so be careful about giving yours away!!
when you're talking to someone in aim or msn send to the contact a file while he is online , send him/her a photo or something else , doing that a peer-to-peer connection opens while your contact gets the file/photo no matter what it is , make sure that you have a DOS Prompt open (located at:start > programs > MS-DOS Prompt) and type the command: netstat while sending them the file and you will see a list in the DOS Prompt of all the connections your computer has that time , one of them must be your friend that is receiving the file.
Sending an email using telnet, you can send it with any email address, great for pranks!
Just as in POP3 connection, when you click on the 'Send' button, your e-mail client contacts the SMTP server of your mail service / ISP. It then uses a set of commands to transmit your e-mail. What we are going to do is try these commands ourselves, and get a first-hand experience of how things work. SMTP servers usually have the DNS address: smtp.<your_isp>.com, or mail.<web_mail_address>.com. Some samples are: mail.monitortools.com, mail.adminfavorites.com.
In this document, we:
shall use Telnet to connect to the SMTP server.
shall give commands to the server, then type our e-mail, and finally tell the server, 'Okay, the e-mail is done. Send it.
can then send more mails, or disconnect from the server.
The steps are quite similar to what you do when you send an e-mail from - for instance - Outlook Express. We are going to use the SMTP server of monitortools.com with the ID 'webmaster'.
Step 1
Connect to the Internet in case you are a dial-up user. Open an MS-DOS prompt, and enter this command:
C:\WINDOWS>telnet mail.monitortools.com 25
This will open a Telnet window, and within a short time, you will be connected to the SMTP server, and the server says:
220 PROTAGONISTNT Mailmax version 4. 8. 3. 0 ESMTP Mail Server Ready
This varies, but you should definitely see the '220' part. It is an indication that the server is ready to service your request.
step 2
Now the server expects you to identify yourself. If you are a dial-up user, you can enter the name of your computer (the one Windows asks you when you intall Windows) or anything else you want. If you have a domain-name, then you should enter the domain-name here. My computer's name is dell01, so I say:
helo dell01
Note that it is 'helo' and not 'hello'. The commands are not case-sensitive, so you can also say HeLo or HELO or hELo. The server replies:
250 HELO 217.120.215.201, How can I help you?
This is like a shake-hand. You tell the server your name, and it says its name! Computers are quite friendly, you see!
step 3
Next give the server your e-mail address. Note that most SMTP servers require that your e-mail address belong to the same domain as the server. For example, if you send mail from Yahoo! SMTP server, you should have a Yahoo! address. You cannot use it if you give it a Hotmail address. Let me give the SMTP server some e-mail address:
mail from: webmaster@monitortools.com
'mail from:' is a SMTP command. Note that there is a space between 'mail' and 'from', followed by a colon (:). The server says:
250 Ok
step 4
Tell the server who you want to send the e-mail to. Let me send a mail to info@activexperts:
rcpt to: info@activexperts.com
There are no restrictions here. You can enter any e-mail address. If there is some problem with the recipient-address, your mail will bounce, but for now, the server doesn't complain. It will say:
250 Ok
step 5
You have told the server your e-mail address, and the recipient's e-mail address, so now you can go ahead and type the e-mail. You have to do that with the data command:
data
The server asks you to go ahead with your e-mail:
354 End data with .
Don't worry with the thing. It'll be explained later.
step 6
Now type in your e-mail, like this:
This is a test e-mail.
Remember to type it all right. Backspace key doesn't work in Windows
Telnet, though it does in Linux. If you make a mistake, try pressing
CTRL-h. If it works, well and good.
.
When you finish your e-mail, press [ENTER], then a '.', and again an [ENTER]. This tells the server that you have finished the e-mail, and it can send it. It will say:
250 Ok: queued as 6AB5150038
Your mail was sent!
step 7
Now you can either send another mail, or disconnect from the server. If you want to send another mail, you should repeat the 'rcpt to:' and 'data' commands. There is no need for 'helo' and 'mail from:', because the server already knows who you are. If you want to disconnect, just say 'quit':
quit
The server will reply:
221 Bye
and you will lose connection with the server. Hurray, you sent a mail direct from the server! Try this in front of your friends who may be used to only GUIs and icons. They will begin to call you up for technical support!
little add on to above:
to make the emails look more authentic you can add a "Subject" to the email by using..... you guesed it a "subject:" command.
the subject should be added after the data and before the email body (text)
should look like this:
C:\WINDOWS>telnet smtp.isp-domain.com 25
helo
mail from:you@domain.com
rcpt to:them@domain.com
data
subject: a spoofed email
helo this is a spoofed email
.
Writeing a buffer overflow and cuasing someone bad laggs
Step 1
Connect to the Internet in case you are a dial-up user. Open an MS-DOS prompt, and enter this command:
C:\WINDOWS>telnet mail.monitortools.com 25
This will open a Telnet window, and within a short time, you will be connected to the SMTP server, and the server says:
220 PROTAGONISTNT Mailmax version 4. 8. 3. 0 ESMTP Mail Server Ready
This varies, but you should definitely see the '220' part. It is an indication that the server is ready to service your request.
Step 2
Now the server expects you to identify yourself. If you are a dial-up user, you can enter the name of your computer (the one Windows asks you when you intall Windows) or anything else you want. If you have a domain-name, then you should enter the domain-name here. My computer's name is dell01, so I say:
helo dell01
Note that it is 'helo' and not 'hello'. The commands are not case-sensitive, so you can also say HeLo or HELO or hELo. The server replies:
250 HELO 217.120.215.201, How can I help you?
This is like a shake-hand. You tell the server your name, and it says its name! Computers are quite friendly, you see!
Step 3
Next give the server your e-mail address. Note that most SMTP servers require that your e-mail address belong to the same domain as the server. For example, if you send mail from Yahoo! SMTP server, you should have a Yahoo! address. You cannot use it if you give it a Hotmail address. Let me give the SMTP server some e-mail address:
mail from: webmaster@monitortools.com
'mail from:' is a SMTP command. Note that there is a space between 'mail' and 'from', followed by a colon (:). The server says:
250 Ok
Step 4
Tell the server who you want to send the e-mail to. Let me send a mail to info@activexperts:
rcpt to: info@activexperts.com
There are no restrictions here. You can enter any e-mail address. If there is some problem with the recipient-address, your mail will bounce, but for now, the server doesn't complain. It will say:
250 Ok
Step 5
You have told the server your e-mail address, and the recipient's e-mail address, so now you can go ahead and type the e-mail. You have to do that with the data command:
data
The server asks you to go ahead with your e-mail:
354 End data with .
Don't worry with the thing. It'll be explained later.
Step 6
Now type in your e-mail, like this:
This is a test e-mail.
Remember to type it all right. Backspace key doesn't work in Windows
Telnet, though it does in Linux. If you make a mistake, try pressing
CTRL-h. If it works, well and good.
.
When you finish your e-mail, press [ENTER], then a '.', and again an [ENTER]. This tells the server that you have finished the e-mail, and it can send it. It will say:
250 Ok: queued as 6AB5150038
Your mail was sent!
Step 7
Now you can either send another mail, or disconnect from the server. If you want to send another mail, you should repeat the 'rcpt to:' and 'data' commands. There is no need for 'helo' and 'mail from:', because the server already knows who you are. If you want to disconnect, just say 'quit':
quit
The server will reply:
221 Bye
and you will lose connection with the server. Hurray, you sent a mail direct from the server! Try this in front of your friends who may be used to only GUIs and icons. They will begin to call you up for technical support!
little add on to above:
to make the emails look more authentic you can add a "Subject" to the email by using..... you guesed it a "subject:" command.
the subject should be added after the data and before the email body (text)
should look like this:
C:\WINDOWS>telnet smtp.isp-domain.com 25
helo
mail from:you@domain.com
rcpt to:them@domain.com
data
subject: You nooby
you just got pranked, ya noob
How to not get banned on runescape, or just hide your IP address for good!
Anonymity stands for keeping ur privacy on the net. U never know who is watching u and what he/she is looking for. The main concern is to keep ur ip (Internet Protocol) hidden.
NOTE: The major problem is about adsl and school connections which have a static ip (doesnt change). Easy to trace.
Exploring the net.
When visiting a site, ur ip date and hour is recorded in webserver's logs. Thats happens in every GET request. So, u can use proxies to stay anonymous.
Anonymizer - http://www.anonymizer.com/
The Cloak - http://www.the-cloak.com/
NOTE: Proxies are caches that relay data. When u configure ur web browser to use a proxy, it never connects to the URL. Instead it always connects to the proxy server, and asks it to get the URL for u. It works similarly with other type of services such as IRC, ICQ etc. There'll won't be direct connection between u and the server, so ur real IP address won't be revealed to the server. When u view a website on the server, the server won't see ur IP.
Cookies.
When u login in a site or a service (ex. yahoo mail) and there is an option the PC to remember the username and password, if u accept this, those data will record in cookies. So, NEVER use a public PC and type username and password. If u have to do this, make sure that the option to remember the username and password s off (or if the msg box popups up, just click no).
Services.
When signing for services on the net, ALWAYS use fake informations. ex. when signing for yahoo, use a fake name and any other fakes data u like. U 'll be able to use the services again, but nobody 'll know who u really are.
ICQ.
Send and receive messages via ICQ server, not directly. Every direct connection enables attacker to learn ur IP. Encrypt ur messages by dedicated software, encryption addons.
NOTE: There are addons which enhance ur ICQ with possibility to encrypt outcoming messages. The user on the other side needs to have the addon as well in order to decrypt your message.
Top Secret Messenger (TSM) - http://www.encrsoft.com/products/tsm.html (trial version has only weak 8-bit encryption)
Chat Buddy - http://www.planet-express.com/sven/technical/dev/chatbuddy/default.html ( a freeware Windows application for encrypting chat sessions)
SSL tunneling.
SSL tunneling means, basically, encryption. U can identify it if the URL starts with https:// (usually a normal normal URL starts with http:// ). So, if a URL doesnt using SSL tunneling, not suggested to give sensitive private or business informations (ex. credit card number).
NOTE: U can secure ur connections too with SSL tunneling. For windows http://www.totalrc.net/?s and for windows and unix http://mike.daewoo.com.pl/computer/stunnel .
FTP transfers.
When using an FTP client program to download files, assure yourself, that it's giving a bogus password, like guest@unknown.com , not your real one. If your browser lets you, turn off the feature that sends your e-mail address as a password for anonymous FTP sessions.
Emailers and remailers.
Do a search on the net and find anonymous mailers. With this way u wont give ur real email. Although be afraid that there is a risk for ur ip to be recorded in email headers. So, u can simply use remailers.
Chain - http://www.obscura.com/crypto.html (is a menu-driven remailer-chaining script)
Raph Levien's remailer availability page - http://www.sendfakemail.com/~raph/remailer-list.html (offers comprehensive information about the subject)
The Cypherpunks Remailers - http://www.csua.berkeley.edu/cypherpunks/remailer/ (developed to provide a secure means of providing anonymity on the nets. Here you can find out about the available remailers, those which have been standard in existance for a long time as well as the new experimental remailers and anonymous servers)
IRC.
Well, u can use proxies or socks4 or socks5. With that way ur ip will be hidden behind the proxy.
U can connect on a BNC, which 'll hide ur ip again.
If u are connected on undernet, u can create a username on @x ( http://cservice.undernet.org/live/ ) join #cservice for help. When u create one, type /msg x@channels.undernet.org login username password. Then /mode urnickname +x .This 'll hide ur ip and ur host.
Firewalls.
U must have a firewall, so ur PC 'll be protected against attacks, trojans etc. Firewalls are listen on ports for incoming and outgoing requests (depends the firewall) blocks any attacks and give u a report.
NOTE: Even if u have a firewall, there is a possibility to get hacked.
Black Ice Defender - http://blackice.iss.net/
Zonealarm - http://www.zonelabs.com/store/content/home.jsp
NOTE: A good place to find all kinds of proxies, socks4 and socks5 is http://www.atomintersoft.com/products/alive-proxy/proxy-list/
Finding a website users passwords
Dont worry it wont work on runescape! srry if i got ur hopes up...
Please know that hacking webpages is consitered lame
in many's opinions, and it will most likly not give
you a good reputation. People can always check logs
once notified of hacking and most likly your address
will come up and then at worst they will press charges
for some elaborate computer crimes law and you will
goto prison for up to 10 years and owe alot of $. So
please attempt to refrain from abusing your knowlage
on this subject. This is for informational purposes
only.
"Free" Web Pages
Free webpages is web page hosting companies
like Tripod and Geocities that host peoples web pages
for free and make money off advertising. There is ways
to hack these companies and have access to all users,
but it would be to complex for most people. This way
is simply social engineering which is not very hard to
do, so don't proclaim yourself an Uberhacker because
you vandalised a poor guy's webpage, who just happened
to have his information on his site. All you have to do
is set up an account with a free email service like
hotmail and find your target. On your targets page up
need to have the date of birth, name, and their old
email, or instead of the DOB there address (I have lost
my pass to a smaller company, and they needed the
address i had registered with). All these free web page
companies have their "verification" for people who have
lost there password to their page. All their is to it
is once you have this information is you either email
the company telling them you changed your email address
and once that is done wait about 2 weeks and then email
them again saying that you lost your password. Most will
email you telling you that you need some sort of
verification, like the DOB or Address. In which you
email them back and tell them and get a new password.
On the other hand, companies like Geocities are too
busy for email so they have set up a web site where
members can get there password back
(http://www.geocities.com/help/pass_form.html).
Getting Passwords
Okay suppose you found a page you want to hack,
that is on someone elses server thats a basic server,
light security. Okay very light security. I will be
truthful. This pretty much works on servers with no
security [=.
Getting a passwd file is pretty easy. Simply telnet
into the servers FTP anonymously and look in the ETC
directory and get the file called Passwd.
Another way to get them is to find your target and in
a WWW browser type
cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd after
the servers name. For example the name may be
http://www.hackme.com/, you would goto
http://www.hackme.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd except instead of www.hackme.com you would replace that with your targets URL.
You may get a passwd file that has no user accounds,
but only defaults which where the encrypted password
should be a * would be in its place. On certain servers
with this you may have a shadowed passwd but on all
passwd files i have come across there is some user
names like FTP and NEWS that have no encrypted passwords
which is replaced with *. If you find only this and no
encrypted passwds you probably have found a fixed
passwd file and you must try another method of hacking
the server. You need to examine this file and look for
a line in the text that looks like this:
rrc:uXDg04UkZgWOQ:201:4:Richard Clark:/export/home/rrc:/bin/kshdoes not need to look exactly like that, the only important part it needs it the uXDg04UkZgWOQ and rcc, which is the login part. Get a program called John the Ripper whcih can be found on any hacking site on the web. If you are to lazy, or stupid to find one on the web heres a good place to go for newbies http://www.hackersclub.com/km/
I will not go in depth right here on passwd files, but i
have written a text on passwd's going good into the
subject which can be found at
http://www.xtalwind.net/~lmclaulin/ugpasswd.txt.
Anyway, using John the Ripper is easy, if you want to
quickly hack something give the command (in DOS prompt)
"john passwd -single" Replace "passwd" in there with
the name of the passwd file, you may have saved it as
passwd.txt or something. An important thing to remember
is that the passwd file needs to be in the same
directory as John. To see a list of other methods for
cracking a passwd file, just type John and it will give
you a list of commands. I have found john won't work
for me with wordlists but other people say that it
works fine for them. You can use incremental mode
(to use that the command is "John passwd -incremental"
It takes like a few days to finish so I wouldn't really
want it to let it go on forever and ever if it was
just some normal passwd file. Unless its like NASA's
passwd file (keep dreaming, they probably change
passwords everyday and that file is very outdated)
I wouldn't want to use that too much. To see a
complete list of John's cracking capabilities, just
type john and it will give you a list of commands
that you may use.
If you Have an Account with the Users Server
The next section is on how you can get a webpage password if
you already have an account with the server.
Exploiting Net Adminstration CGI
Well since nethosting.com either shutdown or whatever I figured what the hell before I forget
how I did the more recent hacks etc... I'd tell you how so maybe you'll find the same sys
elsewhere or be able to use it for ideas.
Basically Nethosting.com did all it's administration via cgi's at net-admin.nethosting.com,
well you need an account, card it if necessary, log in to net-administration, you'll see crap
like ftp administration, email, etc... who really cares about e-mail so we'll go to ftp.
Click on ftp administration. Lets say you were logged in as 7thsphere.com your url would be
something like:
http://net-admin.nethosting.com/cgi-bin/add_ftp.cgi?7thsphere.com+ljad32432jl
Just change the 7thsphere.com to any domain on the sys or if in the chmod cgi just del that part
but keep the + sign and you edit the /usr/home dir. In the ftp administration make a backdoor
account to that domain by creating an ftp who's dir is / since multiple /// still means /.
Once you have your backdoor have fun. Oh yeah and in the email you can add aliases like I did
to rhad's e-mail account at 7thsphere, why the hell is he on that winsock2.2 mailing list?
Well the basic theory of this type of exploitation is that:
- the cgi is passed a paramater which we change to something else to edit it's info
- since it uses the stuff after the + to check that it's a valid logged
in account(like hotmail does), it dosen't check the password again.
- multiple ///'s in unix just mean a /, thus we can get access to people's dir or the entire
/usr/home dir
I used this method for getting passes for a few well known places:
Other Ways Of getting User Pages
Another method that may work with really stupid
Admins is sometimes, when you FTP to a server, you can
leave your home directory and go back a few directories
and find your targets directory. Once you have done
that if you can access the HTML files and save them
to disk and then "edit them". The HTML files may or
may not be stored on FTP but with smarter admins they
are not accessable by other users.
Getting busted "hacking" will not be a fun process
unless you like paying $10,000
srry its super long just didnt want to double post threads lol, please post what you think