ey guys long ago they released a script that grabs the ip while talking to the person and shows you it in a control panel and i think they removed it from the site but i still had it on my desktop and would like to share it
with others.
Click Here For Download - IpGet -
you have to be logged in Msn to run the script
You need Windows Live messenger + Messenger plus features.
Once opened it shows this.
Once the script is imported go to your scripts and go to Ip Connections
So this will pop up and then go open a conversation with your slave send him a notepad doesn't need to be a notepad it could be anything and just cancel it fast and like say oops wrong person and it will show his ip in ( New Connections )
After i send something to someone and got their ip.
http://img132.imageshack.us/i/msn6.png/
This tutorial is a way to get ip's for good reasons only if used for any other reasons that gets you in trouble, i am not responsible.
(ALL.RI.RE)
Virus Scan:
http://vscan.novirusthanks.org/analysis/...wLXBsc2M=/
VirusTotal:
http://www.virustotal.com/file-scan/repo...1301433759
Saturday, April 23, 2011
Hacking Cable Modems for Higher Speeds and Free Internet
Local office - has the uplink; connected to the nodes
Local node - a router connected to the community hubs; you have to use a MAC address from another node or you won't be able to get online
Community hub - These are the little green boxes that serve your house; these are connected to bigger and bigger hubs until it's connected to the node.Each node serves several hundred people. When you go on the network, you get automatically assigned an IP address. It checks your MAC, and if it's not registered it tells your computer to use a private DNS server that gives you a "Buy our service" page when you try to go anywhere. But you can just use a different DNS server. If it is registered, you can get access immediately (you borrow someone's MAC from another node); alternatively, you can set your modem to force network access.
This is an estimate of the cable TV network. This is backed by the fact that users have been using uncapped, unregistered modems for years and have not been caught. Cable companies can pinpoint your location down to the neighborhood level. Anyone who says otherwise is ill-informed.
Resources:
Spoiler (Click to View)
http://theoryshare.com/
http://tcniso.net/
Hardware Required
To successfully obtain free, uncapped internet, you need to have a modem which has been hacked:
Motorola SB3100
Motorola SB4100
Motorola SB4200
Motorola SB5100
AMBIT 120
AMBIT 200
AMBIT 250
RCA 245
WebSTAR DPC2100
However, for tutorials on most these you will need to look elsewhere. This tutorial will focus on the SB5100, as it is the easiest to modify (although the SB4100 and SB4200 may also be modified by this method).
You can pick up these modems on eBay. Alternatively, you can buy a pre-modified modem at TCNiSO or Theoryshare. I recommend TCNiSO, as Theoryshare uses illegal copies of the BlackCat software that TCNiSO made.
You will also need a JTAG cable, which you can make yourself (you'll need a 10-pin header, and a ribbon cable that will connect to it, as well as a parallel port plug you can solder the ribbon cable to, as well as a solder iron) or you can buy it from TCNiSO or Theoryshare (again, TCNiSO is recommended). Besides being official, it's better made. The TCNiSO cable will include an OFFICIAL license for the BlackCat software.
Software
You'll need BlackCat from TCNiSO.
Download:
Spoiler (Click to View)
http://www.megaupload.com/?d=R5U6YG8I
Guide
Step 1: Solder the header
[Image: oafjkaabf.jpg]
Kind of blurry, but easy to follow. Grab your 10-pin header (get from radioshack or desolder from an old electronics board). It'll have a black plastic piece with 10 pins sticking out of it. One side will have more pin sticking out than the other; looking from the top of the cable modem, place the short end through the holes. Use some electrical tape and tape it tightly to the board. Torn it over, and solder the pins to the board. Make sure that the solder doesn't touch any other electronics or pins. Make sure that you don't heat any pin long enough to melt the plastic shroud; this will set you back a bit, as you will have to melt the shroud and push the pin back in place.
Take note of the pin hole that has the square.
Step 2: Making the Cable
[Image: oafjgaabf.jpg]
Very simple image, easy to follow. You'll need a DB-25 connector, with access to the pins on the back (so you can't just rip apart a printer cable; go buy a proper one at Radioshack). Picture has a bunch of circles and one square. See this to find out what it will look like on your board. Please note that this is a view of the FRONT of the connector (so everything is flipped around when you solder to the back).
I would recommend getting as long a ribbon cable as possible.
Step 3: Install Blackcat Software
I don't think I need any pictures or special instructions. There's a download link above. Install it.
Step 4: Connect cable to modem
Make sure you connect the cable the right way. Also make sure you connect the power cord to the modem and wall.
Step 5: Connect cable to PC
Plug the cable into the parallel port. Recommend setting it to ECP+EPP in your BIOS.
Step 6: Start Blackcat software
[Image: pafjfaabf.jpg]
When you start BlackCat, if everything is working properly and you didn't screw up the cable, your screen should look something like this. It's very important that it reports the manufacturer and part, and that it connected to the flash. If not, nothing will work.
Step 7: Detect flash
) Click on the 'Flash' tab, click 'Detect'. Check confirmation that the flash is detected.
"Detected a MXIC MX29LV160AB flash ic"
Step 8: Backup your entire flash
On the flash tab, click Read All and save the file somewhere. THIS IS A COMPLETE BACKUP OF YOUR MODEM. If anything goes wrong, you'll need this to restore it. It will take about 10 minutes. Make sure the box on the right (under Size) says 0x00.
Step 9: Bootloader
Go to the SB5100 tab. Under "Install new bootloader", click the folder and open up "SIGMAX-BL_v2.6-LITE.bin" (look in the software download link above). Then click flash. (if you get a Device not connected error, restart. If you still get it, you messed the cable up, or your parallel port isn't configured properly)
Step 10: Firmware
On the SB5100 tab, click "Check" at the bottom. Then click Program. It should ask you to find a file. Download this file: http://rapidshare.com/files/30844399/SB5...d.13.5.zip unzip it and use the .bin inside there (it's the bin other than the bootloader).
Step 11: Reboot Modem
Disconnect the cable from the modem. Remove the power cord. Connect your computer to the modem with an ethernet cable. Plug the power back in.
Step 12: Online configuration
Set your IP address to 192.168.100.2 (gateway 192.168.100.1, mask 255.255.255.0).
Enter "http://192.168.100.1:1337" into your browser. If you see a Sigma page, you did good. Change the last few digits of the MAC and Serial (keep the serial numbers only, and keep the MAC 0-9/A-F) so you don't get caught. Turn on baseline privacy and stealth mode, and forced network access. Turn off all the others.
You also need to change the conig file. Check the forums at theoryshare.com or tcniso.net to see what config file you'll need to change it to.
Step 13: Change IP
Change your IP to automatic. It should pull a new IP from the modem, and you should now have internet access.
Local node - a router connected to the community hubs; you have to use a MAC address from another node or you won't be able to get online
Community hub - These are the little green boxes that serve your house; these are connected to bigger and bigger hubs until it's connected to the node.Each node serves several hundred people. When you go on the network, you get automatically assigned an IP address. It checks your MAC, and if it's not registered it tells your computer to use a private DNS server that gives you a "Buy our service" page when you try to go anywhere. But you can just use a different DNS server. If it is registered, you can get access immediately (you borrow someone's MAC from another node); alternatively, you can set your modem to force network access.
This is an estimate of the cable TV network. This is backed by the fact that users have been using uncapped, unregistered modems for years and have not been caught. Cable companies can pinpoint your location down to the neighborhood level. Anyone who says otherwise is ill-informed.
Resources:
Spoiler (Click to View)
http://theoryshare.com/
http://tcniso.net/
Hardware Required
To successfully obtain free, uncapped internet, you need to have a modem which has been hacked:
Motorola SB3100
Motorola SB4100
Motorola SB4200
Motorola SB5100
AMBIT 120
AMBIT 200
AMBIT 250
RCA 245
WebSTAR DPC2100
However, for tutorials on most these you will need to look elsewhere. This tutorial will focus on the SB5100, as it is the easiest to modify (although the SB4100 and SB4200 may also be modified by this method).
You can pick up these modems on eBay. Alternatively, you can buy a pre-modified modem at TCNiSO or Theoryshare. I recommend TCNiSO, as Theoryshare uses illegal copies of the BlackCat software that TCNiSO made.
You will also need a JTAG cable, which you can make yourself (you'll need a 10-pin header, and a ribbon cable that will connect to it, as well as a parallel port plug you can solder the ribbon cable to, as well as a solder iron) or you can buy it from TCNiSO or Theoryshare (again, TCNiSO is recommended). Besides being official, it's better made. The TCNiSO cable will include an OFFICIAL license for the BlackCat software.
Software
You'll need BlackCat from TCNiSO.
Download:
Spoiler (Click to View)
http://www.megaupload.com/?d=R5U6YG8I
Guide
Step 1: Solder the header
[Image: oafjkaabf.jpg]
Kind of blurry, but easy to follow. Grab your 10-pin header (get from radioshack or desolder from an old electronics board). It'll have a black plastic piece with 10 pins sticking out of it. One side will have more pin sticking out than the other; looking from the top of the cable modem, place the short end through the holes. Use some electrical tape and tape it tightly to the board. Torn it over, and solder the pins to the board. Make sure that the solder doesn't touch any other electronics or pins. Make sure that you don't heat any pin long enough to melt the plastic shroud; this will set you back a bit, as you will have to melt the shroud and push the pin back in place.
Take note of the pin hole that has the square.
Step 2: Making the Cable
[Image: oafjgaabf.jpg]
Very simple image, easy to follow. You'll need a DB-25 connector, with access to the pins on the back (so you can't just rip apart a printer cable; go buy a proper one at Radioshack). Picture has a bunch of circles and one square. See this to find out what it will look like on your board. Please note that this is a view of the FRONT of the connector (so everything is flipped around when you solder to the back).
I would recommend getting as long a ribbon cable as possible.
Step 3: Install Blackcat Software
I don't think I need any pictures or special instructions. There's a download link above. Install it.
Step 4: Connect cable to modem
Make sure you connect the cable the right way. Also make sure you connect the power cord to the modem and wall.
Step 5: Connect cable to PC
Plug the cable into the parallel port. Recommend setting it to ECP+EPP in your BIOS.
Step 6: Start Blackcat software
[Image: pafjfaabf.jpg]
When you start BlackCat, if everything is working properly and you didn't screw up the cable, your screen should look something like this. It's very important that it reports the manufacturer and part, and that it connected to the flash. If not, nothing will work.
Step 7: Detect flash
) Click on the 'Flash' tab, click 'Detect'. Check confirmation that the flash is detected.
"Detected a MXIC MX29LV160AB flash ic"
Step 8: Backup your entire flash
On the flash tab, click Read All and save the file somewhere. THIS IS A COMPLETE BACKUP OF YOUR MODEM. If anything goes wrong, you'll need this to restore it. It will take about 10 minutes. Make sure the box on the right (under Size) says 0x00.
Step 9: Bootloader
Go to the SB5100 tab. Under "Install new bootloader", click the folder and open up "SIGMAX-BL_v2.6-LITE.bin" (look in the software download link above). Then click flash. (if you get a Device not connected error, restart. If you still get it, you messed the cable up, or your parallel port isn't configured properly)
Step 10: Firmware
On the SB5100 tab, click "Check" at the bottom. Then click Program. It should ask you to find a file. Download this file: http://rapidshare.com/files/30844399/SB5...d.13.5.zip unzip it and use the .bin inside there (it's the bin other than the bootloader).
Step 11: Reboot Modem
Disconnect the cable from the modem. Remove the power cord. Connect your computer to the modem with an ethernet cable. Plug the power back in.
Step 12: Online configuration
Set your IP address to 192.168.100.2 (gateway 192.168.100.1, mask 255.255.255.0).
Enter "http://192.168.100.1:1337" into your browser. If you see a Sigma page, you did good. Change the last few digits of the MAC and Serial (keep the serial numbers only, and keep the MAC 0-9/A-F) so you don't get caught. Turn on baseline privacy and stealth mode, and forced network access. Turn off all the others.
You also need to change the conig file. Check the forums at theoryshare.com or tcniso.net to see what config file you'll need to change it to.
Step 13: Change IP
Change your IP to automatic. It should pull a new IP from the modem, and you should now have internet access.
How to change an EXE file to JPG
Well let's change exe to jpg file in a minute, I will also teach a bit of social engineering:
This is used in windows7 in other systems do not know, maybe given ...
*We take the exe file that we will change.
*and open the character map, if you know where you are, easy to give a look
*Now we are going to change the extension to the file, delete exe and replace it with (com)
*Now let's change the extension to JPG, open the Character Map and select the font ARIAL.
*Now choose U +202 E, we give to select and copy
*Now go to the file that had changed the extension to "COM" and type a single space.
---------photos .com------------
*Now is when it comes a bit of social engineering, for example we write a word that makes the file is trustworthy, such as "Playboy"
---------photosplayboy .com------------
*Now paste the character you have copied the map of characters and write "GPJ" FREE QUOTES.
---------photosplayboycom.jpg------------
*And we finished, we have introduced the character he does is to reverse the simple words if, as you can see we have camouflaged exe file like a JPG, and also have used social engineering to make our file to be fully trusted, and we can only change the icon and order.
This is used in windows7 in other systems do not know, maybe given ...
*We take the exe file that we will change.
*and open the character map, if you know where you are, easy to give a look
*Now we are going to change the extension to the file, delete exe and replace it with (com)
*Now let's change the extension to JPG, open the Character Map and select the font ARIAL.
*Now choose U +202 E, we give to select and copy
*Now go to the file that had changed the extension to "COM" and type a single space.
---------photos .com------------
*Now is when it comes a bit of social engineering, for example we write a word that makes the file is trustworthy, such as "Playboy"
---------photosplayboy .com------------
*Now paste the character you have copied the map of characters and write "GPJ" FREE QUOTES.
---------photosplayboycom.jpg------------
*And we finished, we have introduced the character he does is to reverse the simple words if, as you can see we have camouflaged exe file like a JPG, and also have used social engineering to make our file to be fully trusted, and we can only change the icon and order.
Sunday, April 17, 2011
FIXED Hacking any computer in LAN and get all his logins [TUT]
What we need
1. Backtrack 4 (i recommend it but not compulsory)
2.If you donot have backtrack then you can download and run ettercap from google ..
3. Common sense
Lets start
Question comes whats ettercap ?
Ettercap is a suite for man in the middle attacks on LAN.,DNS spoofing etc..
What we are gonna do ?
We are going to perform man in the middle attacks using a basic method called arp poisoning..
Now if you donot know what is arp poisioning then i suggest you google it :) before moving forward
So now we know what the hell is arp poisoning now we gonna see what actually happens when we do arp poisoning
What actually happens.. ?
Before ARP poisoning
After poisoning
Now the Method USING BACKTRACK 4 :
First open Ettercap in graphical mode using :
In konsole
# ettercap -G
Uploaded with ImageShack.us
Select the sniff mode to sniff all the host connected on a LAN
Sniff → Unified sniffing
and
Scan for host inside your network using
Hosts → Scan
After scan is complete we go and check the host list we got.
Now we see the MAC and IP addresses of the hosts inside the window
( Hosts → Hosts List)
These are the machines which are connected in a LAN .
From this list we need to select the machines we need to poison.
Now we choose to ARP poison the machine 192.168.1.2 (in my case) ..you can use other machines from your host list whom you want to poison and remember that the IP of the router will always be 192.168.1.1.
Next
Highlight the line containing 192.168.1.1 and click on the "target 1" button.
(It means this entry will be poisoned in the slave’s arp table so that all that slave uses on internet will first go through us.)
Highlight the line containing 192.168.1.2(in my case) it’s the victims IP address and click on the "target 2" button.
To start the ARP poisoning:
Go to
Mitm → Arp poisoning
and start the sniffer to see the activities and its done ! whatever address slave will visit you will be able to see it :)
Method using Windows :
Download ettercap for windows and rest of the steps are same :)Oui
Note : ettercap in BT is not in GUI mode you may need to install GUI mode if you don't know how to use non GUI one
Use "apt -get install ettercap-gtk" Victoire
1. Backtrack 4 (i recommend it but not compulsory)
2.If you donot have backtrack then you can download and run ettercap from google ..
3. Common sense
Lets start
Question comes whats ettercap ?
Ettercap is a suite for man in the middle attacks on LAN.,DNS spoofing etc..
What we are gonna do ?
We are going to perform man in the middle attacks using a basic method called arp poisoning..
Now if you donot know what is arp poisioning then i suggest you google it :) before moving forward
So now we know what the hell is arp poisoning now we gonna see what actually happens when we do arp poisoning
What actually happens.. ?
Before ARP poisoning
After poisoning
Now the Method USING BACKTRACK 4 :
First open Ettercap in graphical mode using :
In konsole
# ettercap -G
Uploaded with ImageShack.us
Select the sniff mode to sniff all the host connected on a LAN
Sniff → Unified sniffing
and
Scan for host inside your network using
Hosts → Scan
After scan is complete we go and check the host list we got.
Now we see the MAC and IP addresses of the hosts inside the window
( Hosts → Hosts List)
These are the machines which are connected in a LAN .
From this list we need to select the machines we need to poison.
Now we choose to ARP poison the machine 192.168.1.2 (in my case) ..you can use other machines from your host list whom you want to poison and remember that the IP of the router will always be 192.168.1.1.
Next
Highlight the line containing 192.168.1.1 and click on the "target 1" button.
(It means this entry will be poisoned in the slave’s arp table so that all that slave uses on internet will first go through us.)
Highlight the line containing 192.168.1.2(in my case) it’s the victims IP address and click on the "target 2" button.
To start the ARP poisoning:
Go to
Mitm → Arp poisoning
and start the sniffer to see the activities and its done ! whatever address slave will visit you will be able to see it :)
Method using Windows :
Download ettercap for windows and rest of the steps are same :)Oui
Note : ettercap in BT is not in GUI mode you may need to install GUI mode if you don't know how to use non GUI one
Use "apt -get install ettercap-gtk" Victoire
eBook Basic Hacking You MUST know
f Youre Going to Download, please reply to this thread, and say a simple Thank You!
Hey guys, I just joined the forum and I'm trying to make a good first impression on such a huge forum, so I decided to share one of my oldest eBooks
Where Did I get it from?
To be honest with you, I don't even recall the original source of this eBook, but I do know it is a very good and basic one.
What does it cover?
-Where to start
-Needed Programming
-Linux and how to use it
-Password Cracking and Hacking
-Network Hacking [footprinting, etc...]
-Wireless Hacking
-Windows Hacking
-Malware
-Web Hacking
How do we know this is not infected?
Well as I said before, all I am trying to do here is help some members and give a good first impression on here, so if you are not confident enough, don't download it, or just run it sandboxed or something to make sure. To be safe, read the .pdf on Linux if you want!
Download
Hey guys, I just joined the forum and I'm trying to make a good first impression on such a huge forum, so I decided to share one of my oldest eBooks
Where Did I get it from?
To be honest with you, I don't even recall the original source of this eBook, but I do know it is a very good and basic one.
What does it cover?
-Where to start
-Needed Programming
-Linux and how to use it
-Password Cracking and Hacking
-Network Hacking [footprinting, etc...]
-Wireless Hacking
-Windows Hacking
-Malware
-Web Hacking
How do we know this is not infected?
Well as I said before, all I am trying to do here is help some members and give a good first impression on here, so if you are not confident enough, don't download it, or just run it sandboxed or something to make sure. To be safe, read the .pdf on Linux if you want!
Download
How To Hack Your School Network [WORKS]
So, a lot of people here should want to hack his school's network.
It can be really easy, and it can be quite difficult if your scholl have actives network administrators.
Anyway, you can do it following my tutorial, there are a lot of possibilities but I will explain the most efficients methods here...
So, Let's started !
#### Gain local admin privileges ####
It's very easy to gain admin privileges.
1st method :
(cmd not blocked)
How to open CMD?
-Press Windows+R ==> type "cmd.exe" in the box
or
-create a new text file, just write it inside :
Code:
@echo off
command
pause
and save it as "something.bat"
just click on it.
In cmd, type :
Code:
net user *nameyouwantfortheaccounthere* /add
(dont write the stars)
and now type :
Code:
net localgroup Administrators *nameoftheaccount* /add
note :
For non-english computers, the group "Administrators" could not be the same, on french computers, it's called "Administrateurs", so for check what is the name of the group, just type "net localgroup" for see the list of groups on the computer
Now you can connect yourself on the local machine with an admin account
2nd method :
Just burn ophcrack on a dvd
ophcrack can be found here :
http://ophcrack.sourceforge.net/download...ype=livecd
If the BIOS of the computer is password-protected, go here and look for the software solution
Now boot the computer, and when you got the motherboard message, press a key for enter in the BIOS or in the boot-order menu (the key you have to press is different on a lot of motherboards, but it's generally DEL or F2, it's will be displayed on the screen)
Change the boot order and move the DVD to the first position.
Now normally boot the computer and ophcrack will started, in 95% of case, it will find the admin password of the computer.
If not, go to the 3rd method
3rd method :
Ophcrack didn't find the admin password? It's not a problem Roflmao
Just boot on a linux live CD (i highly suggest Backtrack 4 for the following of the tutorial)
the live CD can be found HERE
Just start on the CD, and wait for the command prompt appears
now type in :
Code:
fdisk -l
and search for the windows partition, basicaly the biggest
We will say that the partition is called "dev/sda2" (It can be different on your computer!!!)
now type :
Code:
mkdir /mnt/xp
mount /dev/sda2 /mnt/xp
cd /mnt/xp
Now you are in the root of your windows partition, without any restrictions
just type :
Code:
cd WINDOWS/system32
and remove sethc.exe
Code:
rm sethc.exe
and copy cmd.exe with the name "sethc.exe"
Code:
cp cmd.exe sethc.exe
and you're done.
Just reboot the computer and on the winlogon screen, just hit SHIFT key five times and the cmd prompt will appears.
Now just follow the 1st method and you can access to an admin account.
#### Gain Network Admin Privileges ####
Ok this must be the hardest part, but you can do it Roflmao
So you need to know how is built your school network,it's not a problem, just go, with local admin account, to start>network or go to the control pannel and look at all the computers in the network.
You'll certainly find a lot of computers, search for a computer called "server" or with a name different to others
In my school, the server is called "server1"
try to click on it, it will certainly ask you for username and pass, you can give the pass of your limited account, and you'll certainly access only to the "normal" files that you can acces in normal time when you connect to the network.
So, you need admin passwords, you can succesfuly do it easily Roflmao
1st method :
If you can access to a computer that is used by admins or teachers, just unistall the AV on the computer (easily done in control panel) and install this great tool, fakegina Biggrin
downloadable here
Just move fakegina.dll into C:\WINDOWS\system32
and now press windows + R
type in : "regedit"
go to : "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
and create "GinaDLL" in "REG_SZ" with value "fakegina.dll"
OK you're done, just wait for someone connect to the computer, and the usernames and passwords of the users will be stored in "C:\WINDOWS\system32\passlist.txt"
wait for an admin connect to the machine, and voila, you got his pass.
passlist exemple :
Spoiler (Click to View)
[Image: 20533773997242_fakegina.jpg]
in the format domainname\username password
2nd method :
No privilegiated users are connecting on the computer, it's not a problem, just intercept the packets send by the users to connect to the server.
Just download and install Cain & Abel
Now just google for ARP Poisonning and snif SMB packets, it contains the login informations of the user connecting, just decrypt it with cain and you're done.
You just have to wait an admin to connect on the network
3rd method :
Ok it's not really a skilled method, but it works well.
Just try to watch an admin or a teacher connecting to the network, try to see what is the password typed.
If it's only numbers, it can be a birthday date or something else
Social Engineering is also a good way to go.
#### Gain Full Access To The Main Server ####
Okay, once you've got an admin password, you'll want to have a fully access to the main server.
1st method :
Normally, the administrators are using remote desktop for having access to the main server.
Just try to connect to it : Start > accesories > remote desktop connection
And then,type in the box the name of the main server, in my school, it's "server1"
If you got access to an windows login screen, it's good!
Just try type the admin username and pass.
If it works, you're done, welcome to the main server of your school, you can do what you want Biggrin
2nd method :
If it doesn't work, the server only got one account that can access to the server interactivly, generaly called "administrator"
So just try to find the password, maybe the same as the admin user.
if you don't find the password, use Cain & Abel and snif for RDP packets.
This packets are used when someone use the remote desktop for connect to the server, and they contains the username and the pass of the admin user that can access to the main server with remote desktop.
If you successfuly find packets, great, just open it and search for the password
And when you got it, just connect to the main server, and you're done Roflmao
3rd method :
If you don't find any packet while sniffing, you can pentest the server.
Just use a backtrack live CD, use metasploit and autopwn the server (there are a lot of tutorials on hackforums and all over the internet), there are a lot of chances that the server isn't updated, so enjoy and try to find any vulns to the server
If metasploit succesfully find a vuln, you're done, and you'll access to a shell, ENJOY
#### What To Do With The Main Server ####
A lot of things...
But the first thing to do is to dump the hash of the server, google for fgdump and use it to dump the hashes of the server.
Now crack them with Ophcrack and you'll gain the password of all the accounts of your school, enjoy
Now you got all the powers, I recommend you to not do "funny" things and don't let any tracks, don't touch at the accounts, just access to the teacher's files (some of them store theirs test in their account folder) just enjoy and increase your grades Roflmao
Do it silently and all will be fine
tested and approuved by me..
It can be really easy, and it can be quite difficult if your scholl have actives network administrators.
Anyway, you can do it following my tutorial, there are a lot of possibilities but I will explain the most efficients methods here...
So, Let's started !
#### Gain local admin privileges ####
It's very easy to gain admin privileges.
1st method :
(cmd not blocked)
How to open CMD?
-Press Windows+R ==> type "cmd.exe" in the box
or
-create a new text file, just write it inside :
Code:
@echo off
command
pause
and save it as "something.bat"
just click on it.
In cmd, type :
Code:
net user *nameyouwantfortheaccounthere* /add
(dont write the stars)
and now type :
Code:
net localgroup Administrators *nameoftheaccount* /add
note :
For non-english computers, the group "Administrators" could not be the same, on french computers, it's called "Administrateurs", so for check what is the name of the group, just type "net localgroup" for see the list of groups on the computer
Now you can connect yourself on the local machine with an admin account
2nd method :
Just burn ophcrack on a dvd
ophcrack can be found here :
http://ophcrack.sourceforge.net/download...ype=livecd
If the BIOS of the computer is password-protected, go here and look for the software solution
Now boot the computer, and when you got the motherboard message, press a key for enter in the BIOS or in the boot-order menu (the key you have to press is different on a lot of motherboards, but it's generally DEL or F2, it's will be displayed on the screen)
Change the boot order and move the DVD to the first position.
Now normally boot the computer and ophcrack will started, in 95% of case, it will find the admin password of the computer.
If not, go to the 3rd method
3rd method :
Ophcrack didn't find the admin password? It's not a problem Roflmao
Just boot on a linux live CD (i highly suggest Backtrack 4 for the following of the tutorial)
the live CD can be found HERE
Just start on the CD, and wait for the command prompt appears
now type in :
Code:
fdisk -l
and search for the windows partition, basicaly the biggest
We will say that the partition is called "dev/sda2" (It can be different on your computer!!!)
now type :
Code:
mkdir /mnt/xp
mount /dev/sda2 /mnt/xp
cd /mnt/xp
Now you are in the root of your windows partition, without any restrictions
just type :
Code:
cd WINDOWS/system32
and remove sethc.exe
Code:
rm sethc.exe
and copy cmd.exe with the name "sethc.exe"
Code:
cp cmd.exe sethc.exe
and you're done.
Just reboot the computer and on the winlogon screen, just hit SHIFT key five times and the cmd prompt will appears.
Now just follow the 1st method and you can access to an admin account.
#### Gain Network Admin Privileges ####
Ok this must be the hardest part, but you can do it Roflmao
So you need to know how is built your school network,it's not a problem, just go, with local admin account, to start>network or go to the control pannel and look at all the computers in the network.
You'll certainly find a lot of computers, search for a computer called "server" or with a name different to others
In my school, the server is called "server1"
try to click on it, it will certainly ask you for username and pass, you can give the pass of your limited account, and you'll certainly access only to the "normal" files that you can acces in normal time when you connect to the network.
So, you need admin passwords, you can succesfuly do it easily Roflmao
1st method :
If you can access to a computer that is used by admins or teachers, just unistall the AV on the computer (easily done in control panel) and install this great tool, fakegina Biggrin
downloadable here
Just move fakegina.dll into C:\WINDOWS\system32
and now press windows + R
type in : "regedit"
go to : "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
and create "GinaDLL" in "REG_SZ" with value "fakegina.dll"
OK you're done, just wait for someone connect to the computer, and the usernames and passwords of the users will be stored in "C:\WINDOWS\system32\passlist.txt"
wait for an admin connect to the machine, and voila, you got his pass.
passlist exemple :
Spoiler (Click to View)
[Image: 20533773997242_fakegina.jpg]
in the format domainname\username password
2nd method :
No privilegiated users are connecting on the computer, it's not a problem, just intercept the packets send by the users to connect to the server.
Just download and install Cain & Abel
Now just google for ARP Poisonning and snif SMB packets, it contains the login informations of the user connecting, just decrypt it with cain and you're done.
You just have to wait an admin to connect on the network
3rd method :
Ok it's not really a skilled method, but it works well.
Just try to watch an admin or a teacher connecting to the network, try to see what is the password typed.
If it's only numbers, it can be a birthday date or something else
Social Engineering is also a good way to go.
#### Gain Full Access To The Main Server ####
Okay, once you've got an admin password, you'll want to have a fully access to the main server.
1st method :
Normally, the administrators are using remote desktop for having access to the main server.
Just try to connect to it : Start > accesories > remote desktop connection
And then,type in the box the name of the main server, in my school, it's "server1"
If you got access to an windows login screen, it's good!
Just try type the admin username and pass.
If it works, you're done, welcome to the main server of your school, you can do what you want Biggrin
2nd method :
If it doesn't work, the server only got one account that can access to the server interactivly, generaly called "administrator"
So just try to find the password, maybe the same as the admin user.
if you don't find the password, use Cain & Abel and snif for RDP packets.
This packets are used when someone use the remote desktop for connect to the server, and they contains the username and the pass of the admin user that can access to the main server with remote desktop.
If you successfuly find packets, great, just open it and search for the password
And when you got it, just connect to the main server, and you're done Roflmao
3rd method :
If you don't find any packet while sniffing, you can pentest the server.
Just use a backtrack live CD, use metasploit and autopwn the server (there are a lot of tutorials on hackforums and all over the internet), there are a lot of chances that the server isn't updated, so enjoy and try to find any vulns to the server
If metasploit succesfully find a vuln, you're done, and you'll access to a shell, ENJOY
#### What To Do With The Main Server ####
A lot of things...
But the first thing to do is to dump the hash of the server, google for fgdump and use it to dump the hashes of the server.
Now crack them with Ophcrack and you'll gain the password of all the accounts of your school, enjoy
Now you got all the powers, I recommend you to not do "funny" things and don't let any tracks, don't touch at the accounts, just access to the teacher's files (some of them store theirs test in their account folder) just enjoy and increase your grades Roflmao
Do it silently and all will be fine
tested and approuved by me..
Easy $150+ daily - My own method [ Adult ]
Today I'll show you how you can earn some easy money.
(Please use my reflinks,I'm giving this for free)
1. STEP (Registrations)
- Register account at xProfiles.com as affiliate
- Register account at xProfiles.com as member with fake name and upload some girl pictures (fully or half naked)
- Register on PornHub.com with same member name from xProfile and upload 2-3 pictures
2. STEP (Accept friends on PornHub)
- You will get a lot of friendship requests from horny guys :D , accept them all
- Write something on your blog to show them that you are interested
- When you get more than 50 friends you can go on next step
3. STEP (Your aff link)
- Write "Why this site don't have a chat :( , do you want to chat with me on xProfiles" on your PornHub blog
- Find your affiliate link in xProfiles promo tools,short it with non known shortening service and write on your blog "my xprofiles profile YOURAFFLINK , add me as friend if you want to chat with me"
4. STEP
- Watch how money is coming in your aff account on xProfiles
For every free signup you will get $1.50 but it's not all,if your PornHub friend want to find you on xProfiles he must upgrade his account and you will earn additional $10 :D
(Please use my reflinks,I'm giving this for free)
1. STEP (Registrations)
- Register account at xProfiles.com as affiliate
- Register account at xProfiles.com as member with fake name and upload some girl pictures (fully or half naked)
- Register on PornHub.com with same member name from xProfile and upload 2-3 pictures
2. STEP (Accept friends on PornHub)
- You will get a lot of friendship requests from horny guys :D , accept them all
- Write something on your blog to show them that you are interested
- When you get more than 50 friends you can go on next step
3. STEP (Your aff link)
- Write "Why this site don't have a chat :( , do you want to chat with me on xProfiles" on your PornHub blog
- Find your affiliate link in xProfiles promo tools,short it with non known shortening service and write on your blog "my xprofiles profile YOURAFFLINK , add me as friend if you want to chat with me"
4. STEP
- Watch how money is coming in your aff account on xProfiles
For every free signup you will get $1.50 but it's not all,if your PornHub friend want to find you on xProfiles he must upgrade his account and you will earn additional $10 :D
Subscribe to:
Posts (Atom)