THINK COMPUTERS THINK HACKING

By

ANAND KUMAR SHARMA

www.anandkumarsharma.webs.com www.anandkmrsharma.blogspot.com

COPY RIGHT NOTICE

This manual is intellectual property of Anand Kumar Sharma. It must only be published in its original form. Using parts or republishing altered parts of this guide is strictly prohibited.

COPY RIGHT

BY : ANAND KUMAR SHARMA

To Mummy (Dr. Sunita Sharma) Because I Love You Most.. The Most..

ACKNOWLEDGEMENTS
This book is my not achieved in a single day, but has been the result of learning that I had undergone I some time during my course of study of Computer Engineering. I want to thank a number of people who have directly helped me achieve the dream that I have always wanted to be. Indeed it has been my mother who has been the pillar of strength behind me and makes me what I am today. Thanks are due to friends and to trainers from Kyrion Digital securities who have helped me think far in hacking. In this book I dont intend to make you a great hacker, and honestly speaking which neither I am ,but have tried to give a direction to the budding computer enthusiasts who want to do something in field of computer security. I hope this will benefit you to some extent in shaping your knowledge. If you need any sort of help which in my domain, feel free to drop me a mail on my email address [email protected].

Keep Smiling , Hacking & Visiting my blog !

Love You, Anand Kumar Sharma www.anandkumarsharma.webs.com www.anandkmrsharma.blogspot.com

INTRODUCTION:
What is hacking or what notion or picture comes to your mind when you hear the words Hackers, or Hacking? The most common answer could be as this- A hacker is a boy having big spectacles and sitting in front of computer throughout the day and night, surrounded by thick books on computer and computer related matters. But believe me things are not like this, because your friend talking to you could be a malicious hacker and you wouldnt be knowing that, he may seem,( and actually), he just as another guy or girl in Jeans and T-shirt and saying you, hey buddy can we go to movie next month. Anyways so we find that a hacker can be the guy next door or may be possibly as we had described earlier. So what differentiates hackers from ordinary computer users or what makes them special. The answer the will to learn even when there is nothing to do so, to be inquisitive to the maximum extent and to think Out Of Box. He loves to experiment and see what others overlook. Anyways we can have a debate or a long discussion on Hackers and their characteristics where we might come across many facts that even I dont know, and we jump to some really cool hacking techniques that will benefit us or may benefit us.

WINDOWS HACKS
Most people talk that Windows Operating system is an insecure one and others like Macintosh and Linux are not, but believe me this is not. The reason for this is that because Windows is the mostly used Operating System in world, and especially the Asian Continent, thats why people have come to know the vulnerabilities that have crept in its architecture. So how many of you use login password to secure your computer- I believe most of you, and think that no one can access your computer without your permission or without knowing the password. But I tell you, You are actually not secured ! The reason we see how you are not secured is presented as under-

Passive Attacks on Windows XP/Windows Vista/Windows 7By passive attack we mean that the attacker has somehow got access access to your computer and he wants to leave a backdoor open in your computer so that he can access your computer whenever he wants. We now take a look at different attacks on you computer. NET USER ATTACKNET USER is a keyword supported by the command line programming in windows architecture through the cmd or command prompt. To locate command prompt on you computer simply go to START->ALL PROGRAMS>ACCESSORIES->COMMAND PROMPT or you can go via this START->ALL PROGRAMS-> RUN and type cmd there, without quotes. Now when the command prompt window opens simply type NET USER there, and you will see a list of users like Administrator, Guest, your account and others if they are present in your computer as this

Now because as you can see that I am using Anand so I type as this NET USER Anand * And we get as under

Now type the password what you want, and re type it to confirm. Whoa ! and the password of the machine is changed ! So I hope that you understand the catch here which is that, you can change the login password of any Windows machine without having the knowledge of the previous password. Please note that for Windows Vista/Windows 7 you need to have administrators privileges to carry out this attack. This can be accessed by right clicking on the command prompt icon and choosing Run As Administrator. STICKY KEYS ATTACK Before moving to this attack we need to understand what are Sticky keys. Actually Sticky keys is a feature provided by designers of Windows to extend the usability of this operating system based machines to the physically challenged people. It can be generally accessed by pressing the SHIFT key five times or more and then a prompt like as shown under.

Again if we press the SHIFT key five times or more during the time when we are asked to put the login password, this window will come out, if the defaut settings is not changed from the control panel settings. Now the catch that we need to bring is that can we make this StickyKeys change into the CMD or the Command Prompt window, if we press the SHIFT key Five times? The answer is YES-WE CAN (Its a really enthusiastic slogan that Barrack Obama has given us ) .Now how to achieve this before that we need to have a look at the architecture of Windows. Basically Windows developers have kept the Windows based utilities in a folder called Windows. If your computer has windows installed in C: drive then this folder can be accessed as C:\Windows folder. There the utility responsible for the StickyKeys is SETHC, and that of Command prompt is CMD. Now what we do is that we simply rename the utility of StickyKeys utility, that is SETHC to CMD and CMD to SETHC, so that properties are interchanged. If you rename there in the name folder SETHC it will give an error message regarding that CMD Already exists, then how we do this is that simply we copy the SETHC icon onto a separate folder on desktop or somewhere else and we rename it CMD there. Now we copy the CMD icon to some other folder and rename it as SETHC and we the copy those two renamed icons back to the Windows folder and paste there. You are done here and now when you press the SHIFT key five times, the Command Prompt window comes up ! Now you can type net User as I had described earlier and use this to change password. The most fruitful exploit of this technique is that when the login screens appears simply press the SHIFT key five times and then use the NET USER attack to change the password. This is another passive attack that the attacker can leave in any victims computer where he might have got access once. My advice is that go to your friends house just ask him to bring water for you, and in those five minutes simply execute the Stickykeys attack to open a backdoor for yourself ! BRUTE FORCE ATTACK USING CAIN & ABEL Cain & Abel is a software freely available on internet that can be used to crack the password once you have access to the victims machine. It basically works on Brute Force method or as we can say, guessing and comparing the password that is

stored in the machine in form of SAM (Security Accounts Manager) file, in the windows machine. Please note that it cant be accessed while you are logged in your computer. To use Cain & Abel, simply install it like any software that you do, and proceed as under. First go to CRACKER TOOL on top of the tool bars , then click on the blank space, then click on the + button that you see, you will get something as under.

Now on the names that you get right click the users name and choose the LM Hash or the NT Hash right click and choose brute force or dictionary attack. It will take some time and then the password is cracked !

ACTIVE ATTACKS By active attacks we mean that the attacker is physically present before the machine and does not needs to know the password of the computer at all. He has no back door left open for him and he simply wants to break in the machine. So how does he achieve that? The answer is that he can use few of the described techniques. ADMINISTRATOR ATTACK In this attack when the login screen comes up simply press the button as shown ALT-CTRL-DEL-DEL, the DEL button twice and the classic mode open up. Now in the username box simply type Administrator, without quotes and leave the password field blank. It might work if the Administrators password is left blank during the installation of Windows XP. This sometimes work with windows XP, but may not work with windows vista or windows 7. It this attack works you get access to the computer of the victim and then can access his drives, anyways if you want to access the private files of the victim then

you can use the previously described Net User attack to reset the password and access the private documents of the victim. Change Admin or any User password in this easy wayHeres the Step-By-Step instruction 1. Go to Control Panel->Administrative Tools->Computer Management. 2. On the right pane expand the Computer Management (Local) tree (if it is not already expanded) 3. Double click Local Users and Groups option From System Tools tree. 4. Click the Users option. 5. Now you will see the list of users on the right side pane, such as Administrator, Guest etc. 6. Right click the Administrator and select the option Set Password option. 7. Now you will see a warning message, click on proceed. 8. Now the system asks you for New Password and Confirm Password . 9. After entering the password click on OK. The password is changed. Thats It!

SOFTWARE ATTACK The next possible mechanism to break in the password is by using the software method, my hot pick being the software called OFFLINE PASSWORD CRACKER, which is capable of cracking even the Syskey password. What all you need is to simply burn the software into a disc, say a CD or DVD and then

insert the disc into the computer of victim and believe me it is very easy to use. The software can be easily found by using the best search engine available Google or Astalavista search engine. This software is based on Linux Shell programming and uses the SAM file manipulation technique, to over write the SAM file with a new password or no password! BIOS PASSWORD ATTACK If you use a BIOS password then theres nothing to be so proud of security because again cracking it never a big deal. To crack the BIOS password the easiest way is to open the CPU of the system, locate the motherboard of the computer and remove the Li- battery (Lithium ion battery) that you see. To me it appears like a small coin, and simply taking it out of socket and putting back after five seconds will break the BIOS password of the computer! Additional windows trips and tricks Want to hide your secret files from others without using a folder lock or using similar other software ? Then simply go to the Command Prompt and type this : Attrib C:\folder1 +s +h +r -- to hide folder 1 from others. To make it back to normal just type that same thing followed by s h r. Want to fool your friend by making his drives hide and inaccessible? The trick to accomplish this is by using DISKPART, a disk utility that windows provide us. Simply go to Command Prompt and type these lines: Diskpart List volume and you get something like this

Now type these codes to hide the drive, in our case say drive D: Select volume 3 Remove letter D Quit And you come out of disk part. Now open my computer and you will find that the drive D has disappeared! If you are lenient and a kind hearted person and want to get back those drives for your friend then simply proceed as earlier and type these codes after list volume Select volume 3 Assign letter D Quit For a treat from your friend! SECURE YOUR COMPUTER A BIT You can secure your computer a bit by using SYSKEY encryption technique that MS Windows offers us. The basic mechanism to use syskey is to go to START>RUN-> and type syskey there the prompt will come up like this

Now simply check the Encryption Enabled radio button and press Update. Now a window will come up like this where you will have to put the password to secure your computer.

Simply plug in the password and when you login the next time, before the login window will see the syskey prompt coming up !

WEBSITE TRIPS & TRICKS

Now due to uncontrollable growth I the number of websites and web enables services security of these have become an important for the designers as well as implementers. The websites attacks are of many types like SQL Injection Attack, DOS or Denial Of Service Attack, Web Ripping , Site mapping using Google and many other facts. Lets take a closer look at few of some important attacks. SITE MAPPIING USING GOOGLE Just try to go back to the basics when you were first to computer and did not know how to look for a website. May be that you didnt knew the correct address of the website and you had to visit that portal, how did you manage to do so? If you will try to remember closely you will perhaps find that you went to the search engine most probably Google as it is the most popular one. You typed say yahoo, in the text area and the results and the links were visible immediately. So in a sense Google knows where informations regarding a website are kept on. Another intresting analogy that we can make up is that may be Google knows where the confidential and files labeled as Do Not Distribute are kept ? The answer is yes, and if Google has not been disallowed to search for some files, it will search everything that is submitted to it. So how Google works, let us try to understand. Basically Google uses three kinds of software called Spiders, Crawlers and Robots to look for new content on the web. They can be so called as hungry software that like to keep themselves feeding every time they find something new on the web. If these are not disallowed to look for something they will simply grab that thing and keep them in their cache at least. So now we try to see how information can be digged particularly as we want from Google. A web page is basically a HTML document that is composed of something like this <html> <head> header part</head> <title> your title </title>

<body> //body matter </body> </html> And in this skeleton everything is embedded, like design sheets called CSS, or JavaScript or anything else like flash. If we want to search for something in title, suppose we want food we need to type the syntax as under:Intitle:food And Google will return results regarding food. Again if we want to find something in URL we need to type : Inurl: food To search a particular site for information we can type, and it will return links that are present in that site alone: Site:www.xxx.com To look for a specific file type, say doc file or pdf file we can type as : Filetype: doc food < or anything that you want to search> Again we can combine the two syntaxes that are described as above into a single on to refine our results more, say we want to look for doc files from a site take www.xxx.com then we can write as : Filetype:doc site:www.xxx.com Look for CCTVS across the world- We can find CCTVS or Close Circuit TVs that work on IP based network we have to just type as under Inurl:indexframe.shtml

To see the results. Please be cautious that you may actually land in a girls hostel changing room or the recording studio of a radio station nearby you! Looking for Confidential Files-To look for confidential files we can type as: Filetype:confidential.doc site:www.xxx.com Sometimes the confidential files are labeled as DO NOT DISTRIBUTE, then we can write as Filetype:confidential.doc +DO NOT DISTRIBUTE www.xxx.com Actually these are all the different manifestations of the advanced Google search page that we often overlook . the page can be accessed under the url www.google.com/advanced_search or clicking the button of Advanced Search beside the Google text box. The interface is so simple to use , believe me even you can dig critical informations in minutes! So how can we protect the files from Googles softwares being grabbing them? The simplest way that I know is that make a robots.txt file in the root folder of your web directory and write as under Useragent : * Disallow : /folder1/ And this will disallow the Googles software from creeping in your website under the folder1 files. MORE GOOGLE HACKS : STEALING PASSWORD WITH GOOGLE HACK Google is a treasure trove full of important information, especially for the underground world. This Potential fact can also be utilized in the data for the username and password stored on a server. If the administrator saves important data not in the complete system under the disallowed folder, then most likely it will be reached by the Google search engine. If data is successfully steal in by the unauthorized person, then the will be in misuse.

Here, some google search syntax to crawl the password:

1. "Login: *" "password =*" filetype: xls (searching data command to the system files that are stored in Microsoft Excel)

2. allinurl: auth_user_file.txt (to find files auth_user_file.txt containing password on server).

3. filetype: xls inurl: "password.xls" (looking for username and password in ms excel format). This command can change with admin.xls)

4. intitle: login password (get link to the login page with the login words on the title and password words anywhere. If you want to the query index more pages, type allintitle)

5. intitle: "Index of" master.passwd (index the master password page)

6. index of backup (will search the index backup file on server)

7. intitle: index.of people.lst (will find web pages that contain user list).

8. intitle: index.of passwd.bak ( will search the index backup password files)

9. intitle: "Index of" pwd.db (searching database password files).

10. intitle: "Index of .. etc" passwd (this command will index the password sequence page).

11. index.of passlist.txt (will load the page containing password list in the clear text format).

12. index.of.secret (google will bring on the page contains confidential document). This syntax also changed with government query site: gov to search for government secret files, including password data) or use syntax: index.of.private

13. filetype: xls username password email (will find spreadsheets filese containing a list of username and password).

14. "# PhpMyAdmin MySQL-Dump" filetype: txt (will index the page containing sensitive data administration that build with php)

15. inurl: ipsec.secrets-history-bugs (contains confidential data that have only by the super user). or order with inurl: ipsec.secrets "holds shared secrets"

16. inurl: ipsec.conf-intitle: manpage (useful to find files containing important data for hacking)

17. inurl: "wvdial.conf" intext: "password" (display the dialup connection that contain phone number, username and password)

18. inurl: "user.xls" intext: "password" (showing url that save username and passwords in spread sheet files)

19. filetype: ldb admin (web server will look for the store password in a database that dos not delete by googledork)

20.inurl: search / admin.php (will look for php web page for admin login). If you are lucky, you will find admin configuration page to create a new user.

21. inurl: password.log filetype:log (this keyword is to search for log files in a specific url)

22. filetype: reg HKEY_CURRENT_USER username (this keyword used to look for reg files (registyry) to the path HCU (Hkey_Current_User))

Here, some of the other syntax google that we need to look for confidential data : "Http://username: password @ www ..." filetype: bak inurl: "htaccess | passwd | shadow | ht users" (this command is to take the user names and passwords for backup files) filetype:mdb inurl:account|users|admin|administrators|passwd|password mdb files (this command is to take the password information) filetype:ini ws_ftp pwd (searching admin password with ws_ftp.ini file) intitle: "Index of" pwd.db (searching the encrypted usernames and passwords)

inurl:admin inurl:backup intitle:index.of (searching directories whose names contain the words admin and backup) Index of/ Parent Directory WS _ FTP.ini filetype:ini WS _ FTP PWD (WS_FTP configuration files is to take FTP server access passwords) ext:pwd inurl:(service|authors|administrators|users) # -FrontPage- (there is Microsoft FrontPage passwords) filetype: sql ( "passwd values ****" |" password values ****" | "pass values ****") searching a SQL code and passwords stored in the database) intitle:index.of trillian.ini (configuration files for the Trillian IM) eggdrop filetype:user (user configuration files for the Eggdrop ircbot) filetype:conf slapd.conf (configuration files for OpenLDAP) inurl:wvdial.conf intext:password (configuration files for WV Dial) ext:ini eudora.ini (configuration files for the Eudora mail client) filetype: mdb inurl: users.mdb (potentially to take user account information with Microsoft Access files) intext:powered by Web Wiz Journal (websites using Web Wiz Journal, which in its standard configuration allows access to the passwords file just enter http:///journal/journal.mdb instead of the default http:///journal/) intitle:dupics inurl:(add.asp | default.asp |view.asp | voting.asp) site:duware.com (websites that use DUclassified, DUcalendar, DUdirectory, DUclassmate, DUdownload, DUpaypal, DUforum or DUpics applications, by default allows us to retrieve passwords file) intext: "BiTBOARD v2.0" "BiTSHiFTERS Bulletin Board" (Bitboard2 use the website bulletin board, the default settings make it possible to retrieve the passwords files to be obtained with the ways http:///forum/admin/data _ passwd.dat or http:///forum/forum.php) or http:///forum/forum.php) Searching for specific documents :

filetype: xls inurl: "email.xls" (potentially to take the information contact) phone * * * address * e-mail intitle:curriculum vitae CVs "not for distribution" (confidential documents containing the confidential clause buddylist.blt) AIM contacts list AIM contacts list intitle:index.of mystuff.xml intitle: index.of mystuff.xml Trillian IM contacts list Trillian IM contacts list filetype:ctt msn filetype: Note "msn" MSN contacts list MSN contacts list filetype:QDF (QDF database files for the Quicken financial application) intitle: index.of finances.xls (finances.xls files, potentially to take information on bank accounts, financial Summaries and credit card numbers) intitle: "Index Of"-inurl: maillog (potentially to retrieve e-mail account)

HIDE YOURSELF ON INTERNET Do you know that when you surf the internet, your identity is revealed to all. This means that even your friend to whom you have sent an email, can know that where you were located when you had sent the email, and other information like your ISP name and believe me even you longitude and latitude ! The basic logic behind is that just as we humans have our DNA or specifically DNA fingerprints different from each other, computers on internet too have different addresses from each other. They work on IP address or Internet Protocol Addressing mechanism, which reveals you identity on the web. Your IP address generally looks as as 32 bit decimal number separated by dots and can be accessed in your mahine by typing these commands in the Command Prompt. Ipconfig --- To reveal just IP address

Getmac --- To reveal just your MAC address or machine address which is the physical address of your computer printed on your NIC or Network Interface Card. Ipconfig /all-- To know every possible address that you have on your machine !

IP SPOOFING Lets take a sample IP address as 192.168.xx.xx, and we go to any website like yahoo.com, then our IP address is stored there and we are not anonymous. Then how to hide our anonymity? The answer is using IP spoofing or changing you IP address either in your machines LAN settings or the easier one using special tools , my hot pick being HIDE YOUR IP. This software is really easy to use and it can change the IP address of your based on the data that it fetches or based on the country that you want. Another way to hide yourself on internet is using proxy server website, my hotpick being like hidemyass, accessible at www.hidemyass.com and the Russian proxy server anonymizer- available at www.anonymizer.ru Sometimes attacker can use techniques like this: proxy1->proxy2->proxy3->.>destination,, and he becomes virtually anonymous often referred to as Proxy Bouncing . WEBSITE MAPPING MADE EASIER You want to surf a website and nothing else, but if you are a bit inquisitive you might be interested in knowing what is the networks IP address, the name of the server, its location and else. So how to get these juicy information ? one way is to locate the IP address of the website and search on Location websites like www.ip2location.com, which is of course my hot pick ! How to achieve this is we see as under In Command Prompt simply go and type: ping www.yahoo.com --- it will reveal the IP address of the target server. Now go to the website www.ip2location.com and type the IP address over there, your targets server address comes up with all details.

How the packets travel to the target destination can be accessed viaTracert www.yahoo.com or better if you use the IP address.

To know more about a specific IP address we type : Nslookup <IP address without <>> To some knowing the routers via which the packets travel can be adventurous and this can be accomplished by : Netstat -r Now netstat is another powerful tool offered by network designers to the users. How it is we see just now. CATCH YOUR FRIENDS WHEN YOU ARE CHATTING WITH THEM ! Do you like chatting on your favourite chat engine like, AIM, ICQ or QQ, or any other such chat engine ? If yes then this will be of great interest to you, to catch a stranger or your friend whom you meet on chat engine and reveal his identity! Simply go to the command prompt and type this Netstat And a list of ip address is revealed that you are being connected to. Again type this: Netstat n To see the IP address in numerical form. Now send a message to your friend or better ask him to send a file, and again type Netstat n to your amazement you will see a new IP address on the right hand sidewhich may and probably is your friends IP address ! Now simply go to the website www.ip2location and type the friends IP address to locate him. If you want to locate the operating system that he or she is using simply do this. Ping <ip address of the friend>

And you get a TTL value as the reply. The TTL value indicates the operating system that the friend is using, often 128 indicates Windows Xp and 256 Windows 7. The working of Netstat is that whenever we chat, the remote machine sends an IGMP ( Internet Group Message Protocol) to our machine and when a new connection is established again that message is sent to our machine and we can trace the friend ! Because Netstat is a versatile tool several things are possible using this like tracing routers , using the keyword netstat r , and collect juicy information to hack routers ! Now because we have learnt to hide ourselves on internet we are ready to get some real hacking taste with a thing called WEBSITE RIPPING, or downloading the whole of website onto our computer for analysis or juicy information. A number of tools are available on internet, the most commonly tool being Black Widow Web Ripper and Website Ripper Copier. You actually need to do nothing but simply install the software and then enter the website you want to rip or download. The biggest advantage is that there is no way to avid web ripping, but an anonymous approach is what I always prefer! DATABASE ATTACKS If you internet I believe must have come across places where you need to give your username and password. Now how that works and how to exploit this we take a look here. Basically this works on a database server which is more commonly a SQL server and if you know basics of SQL then you must know the queries that we need to encode to fetch the data from the tables. If you dont know then I present a brief description here. This is such as if you create a table in SQL say named as Table1, and over there you have the usernames and the passwords then you write a simple query as this : SELECT UNAME AND PASSWORD FROM TABLE1 WHERE UNAME=YOU UNAME AND PASSWORD=YOUR PASSWORD The SQL server evaluates this as if :

IF (UNAME=YOUR USERNAME AND PASSWORD= YOUR PASSWORD) is correct then //Goto Welcome Screen Else //Direct to the Relogin Screen Now we see how to exploit this vulnerability. In SQL query if we enter something like this LOGIN :a OR 1=1 PASSWORD: a OR 1=1 ( exactly as this) , then the above condition 1=1 is evaluated and the original username is bypassed ! Now the web server or the database server gives you the access to the database. If you do this attack and get access to the administrators account of the website then think the hell that you can create, because the whole website is in your grip ! This attack mostly works on the Pakistani militant groups or terrorists organization where the designers are not exactly conscious of the database designing part. But as a reminder leave no footprints when you attack and better keep yourself anonymous when launching this attack, because remember you make an entry in the log file of the web server every time you make a visit and there is every probability of being caught !

EMAIL ATTACKS If you use internet and dont know what an email is your stay on internet is worthless! Anyways even the remotest person having some connection with internet is sure to have an email account to send message now and then for some purpose. Often an email can be most dangerous than we can guess because it can result in losing your Job, break up with you loved one or even you arrest ! So to protect you email account is really an important one.

TRACE THE MAILER! Suppose you got an email from your friend stating that he or she is sending the email from London, when actually he is sending from your neighbourhood! So how to catch him? This method is called Email Tracing and is based on the email header that we receive in the mailbox or the incoming mail. Simply open the email header and look for this keyword X-MAILER- will give you the originating mailer to prove whether the mail is fake or real ! If the X-mailer is same as that of the senders email host, then mail is real, else it is a fake mail. X-ORIGINATING IP This will give you the IP of the mailer. All you now need to do is simply trace the IP on www.ip2location.com to reveal the mailer. EMAIL BOUNCING: Do you want to attack the email server of the host whose email service you are using? If you want you need to do this you need to locate the email server and attack on this. For this all you need to do is send an email to an address that is nonexistent. The email wont be delivered and will return you back with the headers of the email server, with its IP and full address! So your work is done and begin you attack on the email server! LOCATING THE MAIL SERVER: Suppose there is a website like Gmail or any other company with its own mail service, so how can we locate the mail server of that organization? The steps are really simple, see how ; Goto command prompt and type nslookup , It will show you your ISP details for reverse DNS enquiry.

Now type set type=mx

//mx is for mail exchanger.

And type the organizations name like Gmail.com or Yahoo.com or anything else and you will be shown something like this :

Here it is showing the mail exchangers of the Gmail web server. Hacking Mail Servers: Note the mail exchangers url like: alt4.gmail-smtp-in.l.google.com (the first one over here), and telnet to it on port 25! I show here a simple example using the DeadFake server Just look at the whole code carefully, after going to Command Prompt : Nslookup Set type=mx Deadfake.com

And type exit Now type telnet mail.deadfake.com 25 Ok, so now you're connected. You need to enter the following information - press ENTER at each new line. You won't be able to press backspace to delete a mistake, so you'll need to type everything correctly first time!

HELO whitehouse.gov This tells the mail server that we are "whitehouse.gov". MAIL FROM: <[email protected]> This tells the server who is sending the mail. RCPT TO: <[email protected]> This tells the server who to deliver the mail to. At this point, if the recipient doesn't exist, you may see a warning message (but not always). DATA This tells the server that we're ready to start writing our message. It should acknowledge, telling you to end your message with a full stop (period) on a single line. All we need to do now, is write our message and don't forget that full stop at the end. Hello dummy@deadfake, I managed to send a fake mail all by myself! . Dont forget that last dot. When you've done that, and pressed enter, simply enter QUIT and your mail should be delivered. There's a little bit more to it, of course. You'll need to enter proper "headers" if you want the mail to look more believable. After doing the DATA command, I'd recommend pasting in the following "headers" to make sure it looks realistic when viewed in Outlook, Hotmail, etc. Date: Sun, 01 Apr 2007 12:49:13 +0100 (BST) From: George W Bush <[email protected]> To: Poor Sod <[email protected]> Subject: Fake mail Hello dummy@deadfake, I managed to send a fake mail all by myself!

. And that's all there is to it.

SEND MAIL TO YOUR FRIEND FROM HIS OWN ADDRESS ! Can we send an email to say a person having email address [email protected] from [email protected], or any other as we wish? The answer is Yes! And this is basically accomplished using some fake mailer services available on internet or starting you own fake mailer service ! A number of websites like mail.anonymizer.name, www.deadfake.com and others are offering this service for free. Again a few services like anonymous mail offer the very same with some charge. The service that you want to use can be found out by some easy Googling. DONT WANT TO LEAK YOUR PERSONAL EMAIL ON INTERNET ? At times you may need to fill up registration forms and you dont want to get a hell of email notifications from the website, so here is a trick- try using a disposable email. A disposable email is one where the email address is valid for sometime say 10 minute in my hot pick website www.10minutemail.com where the email message lasts for just 10 minutes. You can receive messages for 10 minute or more if you want and there is no hassle to register even in the site, its all on the move! PROTECTION FROM EMAIL ATTACKS Email hacking has been most common today due to tremendous growth in the number of hackers and the most common technique that they use is the Phishing attack. In phishing attack they send you a false mail from say Gmail, or any other company asking that you have won a prize say 1 million US$ and want to logon to you Facebook or Yahoo account from a link they provide. Then what happens is that when you click the link a page comes up of say your yahoo account, and you type your username and email in that page. But actually your username and password is being stealed away and you never know of this. So my advice is that please do not go to such false links and please dont click or open any untrusted email. Beware to download any attachment form

any unwanted email as it may contain virus that may make you vulnerable of a Trojan attack.

REVERSE ENGINEERING
If you use computers , then I must believe that you must be using a software, say a music player or something else that is offered to you for sometime, because it is a trial version and until you purchase it by paying for it, can get its full version because it requires a key to be fully functional. Anyways I have another scheme to turn a free version to a fully functional version, whats the scheme is lets see now! Imagine that you want to compare your height with you friend, and say you height is 180 cms. Now you friend is as long as you are, and you say that he is 180 cms, but how you say that he is 180 cms is the logic behind all the talk. Surely the answer is that you compare your height with you friend and say that he is 180 cms. Similarly when we put the key in a software it compares it with the key that is already fed in to it to that you put! or in other words we can say that the key is already present in the software ! So how to retrieve that key, can we get that by breaking the software into pieces, if you think this you are on the right path. To break a software we need a disassemble like WinDissambler or my favourite OllyDebugger, which is the most useful tool for Reverse Engineering. If you are a beginner things may be complicated but if you know a bit of Assembly language programming, would be of immense help to you. We actually a bit of pictorial description to explain the whole of the cracking process. Lets see how this is accomplished. We use the example of power archiver to crack the software and turn the free version to fully functional version. Ok so first things first. Install PowerArchiver (Thats a given) and run it... a message box should pop up saying this is an evaluation version blah blah blah..... then u have the options of clicking I agree to use it as an evaluation version or to enter the registration information ("Enter Registration Code...") click that and enter any name and serial into it. I use ABCDEF for the name and 12345678 for the registration code. Then click OK and you should get an error saying "Incorrect Registration information"

So bust out a pen and paper (which, while cracking, you should always have by you) and write that error down. it is not necessary to write the whole thing down just "Incorrect registration information" will be fine. Now... Open up Olly and then click file/open and open up POWERARC.EXE you should have something like the following...

Next thing we gonna do is right click in the code window (See figure above) and click "Search For-----> All referenced text strings" Next scroll up to the top and highlight the first line. then right click anywhere in that window and click "Search For Text" now be sure to UNCHECK the case sensitive box. now type in the search "incorrect registration information" and press OK. Now... click that line to make sure it is highlighted and press enter. you should now be taken back to the code window.

You now should have landed here... (See figure below)

Now if you scroll up a bit you'll see: 006519A9 > 55 PUSH EBP 006519AA . 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] 006519AD . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] look at the picture below and compare it to the code listed above...

OK so if we take a look at the following code again we see: 006519A9 > 55 PUSH EBP 006519AA . 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-C] 006519AD . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] so highlight the line: 006519AD . 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] and press F2 to set a breakpoint. now were ready to to catch the program by its tail right before it enters the serial generation routine.

Now press F9 to run the program. (if u get any execeptions press shift+F9 until the program runs). now keep olly open and go to PowerArchiver and click "Enter Registration Code" and enter any name for the username but remember what name u used because you will need it later. Enter 12345678 as the registration code and click OK. Olly should break and pop up. if it didnt then you didnt set your BreakPoint right, so go back and look how to set it correctly. Otherwise just continue with the tutorial. Now if you look in the REGISTERS window in olly you will see that EDX contains out userentered serial "12345678", so what we are going to do is set a breakpoint on it so when the program goes to access it to compare it to the real serial it will break and there in plain text we will see the REAL serial to which it is being compared to. So then all we have to do is write that number down close olly and reopen the program normally and enter the same name and then the REAL serial that we just fished out. "well how did you do that??" u may ask... well i'll tell you. First thing you are going to do is highlight the EDX register by left clicking it in the REGISTERS window. Then Right click what you just highlighted and click "Follow In Dump". Now take a look at the Hex Dump Window. You should see you User-entered serial. in our case "12345678" or in hex "31 32 33 34 35 36 37 38". So what you need to do is highlight the first 4 bytes of our user entered serial in our hex dump window. These bytes being "31 32 33 34" then right-click the highlighted bytes and click Breakpoint----->Hardware, On Access,------->DWORD.

Now what that did was tell Olly to break when it accesses our serial again.The next time this serial will be accessesd is then it is compared to the REAL serial generated by PowerArchiver. That being said we will see what the REAL serial for our user-entered name will be. (SEE FIGURE BELOW)

Okay.... do now you have your breakpoint set. Now all you have to do is press F9 and olly should then again break. and what do we have in our register window....well we have our user-entered serial in ESI which is "12345678" and whats that right below it???....it looks like its the REAL serial that the program is checking OUR serial against. it is stored in EDI which contains "BC8097CF"....

write this number down. yours will probably be different especially if you used a different name than ABCDEF.

Have that written down..??? GOOD. Now exit Olly and open PowerArchiver by itself..no Olly this time and now click Enter Registration Code and enter the name that you used when u fished out a serial. and use the serial that we fished out for the registration code. and click OK....YES!!! REGISTRATION ACCEPTED....congratulations you now successfully broke through PowerArchiver's protection scheme. This is often referred to as SERIAL PHISHING. The same phsihing method can be applied to crak to codes of other softwares which come on trial basis and ask you to purchase it.