The Conscience Of A HACKER

Posted: November 13, 2011 in Uncategorized

The Conscience Of A HACKER

Achieving goals is not a matter of having “discipline”. It’s a matter of motivating yourself, and keeping your focus on your goal. Follow these hacks, or any combination of them that works for you, and you should have the motivation and focus you need.

Here they are, in reverse order (links take you to more on each):

#20: Chart Your Progress. Recently I posted about how I created a chart to track my progress with each of my goals. This chart is not just for information purposes, for me to look back and see how I’m doing. It’s to motivate me to keep up with my goals. If I’m diligent about checking my chart every day, and marking dots or “x”s, then I will want to make sure I fill it with dots. I will think to myself, “I better do this today if I want to mark a dot.” Well, that’s a small motivation, but it helps, trust me. Some people prefer to use gold stars. Others have a training log, which works just as well. Or try Joe’s Goals. However you do it, track your progress, and allow yourself a bit of pride each time you give yourself a good mark.

Now, you will have some bad marks on your chart. That’s OK. Don’t let a few bad marks stop you from continuing. Strive instead to get the good marks next time.

#19: Hold Yourself Back. When I start with a new exercise program, or any new goal really, I am rarin’ to go. I am full of excitement, and my enthusiasm knows no boundaries. Nor does my sense of self-limitation. I think I can do anything. It’s not long before I learn that I do have limitations, and my enthusiasm begins to wane.

Well, a great motivator that I’ve learned is that when you have so much energy at the beginning of a program, and want to go all out — HOLD BACK. Don’t let yourself do everything you want to do. Only let yourself do 50-75 percent of what you want to do. And plan out a course of action where you slowly increase over time. For example, if I want to go running, I might think I can run 3 miles at first. But instead of letting myself do that, I start by only running a mile. When I’m doing that mile, I’ll be telling myself that I can do more! But I don’t let myself. After that workout, I’ll be looking forward to the next workout, when I’ll let myself do 1.5 miles. I keep that energy reined in, harness it, so that I can ride it even further.

#18: Join an online (or off-line) group to help keep you focused and motivated. When I started to run, more than a year ago, I joined a few different forums, at different times, on different sites, such as Men’s Health (the Belly-Off Runner’s Club), Runner’s WorldCool Running, and the running group at About.com. I did the same when I was quitting smoking.

Each time I joined a forum, it helped keep me on track. Not only did I meet a bunch of other people who were either going through what I was going through or who had already been through it, I would report my progress (and failures) as I went along. They were there for great advice, for moral support, to help keep me going when I wanted to stop.

#17: Post a picture of your goal someplace visible — near your desk or on your refrigerator, for example. Visualizing your goal, exactly how you think it will be when you’ve achieved it, whether it’s financial goals like traveling to Rome or building a dream house, or physical goals like finishing a marathon or getting a flat stomach, is a great motivator and one of the best ways of actualizing your goals.

Find a magazine photo or a picture online and post it somewhere where you can see it not only daily, but hourly if possible. Put it as your desktop photo, or your home page. Use the power of your visual sense to keep you focused on your goal. Because that focus is what will keep you motivated over the long term — once you lose focus, you lose motivation, so having something to keep bringing your focus back to your goal will help keep that motivation.

#16: Get a workout partner or goal buddy. Staying motivated on your own is tough. But if you find someone with similar goals (running, dieting, finances, etc.), see if they’d like to partner with you. Or partner with your spouse, sibling or best friend on whatever goals they’re trying to achieve. You don’t have to be going after the same goals — as long as you are both pushing and encouraging each other to succeed.

#15: Just get started. There are some days when you don’t feel like heading out the door for a run, or figuring out your budget, or whatever it is you’re supposed to do that day for your goal. Well, instead of thinking about how hard it is, and how long it will take, tell yourself that you just have to start.

I have a rule (not an original one) that I just have to put on my running shoes and close the door behind me. After that, it all flows naturally. It’s when you’re sitting in your house, thinking about running and feeling tired, that it seems hard. Once you start, it is never as hard as you thought it would be. This tip works for me every time.

#14: Make it a pleasure. One reason we might put off something that will help us achieve our goal, such as exercise for example, is because it seems like hard work. Well, this might be true, but the key is to find a way to make it fun or pleasurable. If your goal activity becomes a treat, you actually look forward to it. And that’s a good thing.

#13: Give it time, be patient. I know, this is easier said than done. But the problem with many of us is that we expect quick results. When you think about your goals, think long term. If you want to lose weight, you may see some quick initial losses, but it will take a long time to lose the rest. If you want to run a marathon, you won’t be able to do it overnight. If you don’t see the results you want soon, don’t give up … give it time. In the meantime, be happy with your progress so far, and with your ability to stick with your goals. The results will come if you give it time.

#12: Break it into smaller, mini goals. Sometimes large or longer-term goals can be overwhelming. After a couple weeks, we may lose motivation, because we still have several months or a year or more left to accomplish the goal. It’s hard to maintain motivation for a single goal for such a long time. Solution: have smaller goals along the way.

#11: Reward yourself. Often. And not just for longer-term goals, either. InHack #12, I talked about breaking larger goals into smaller, mini goals. Well, each of those mini goals should have a reward attached to it. Make a list of your goals, with mini goals, and next to each, write down an appropriate reward. By appropriate, I mean 1) it’s proportionate to the size of the goal (don’t reward going on a 1-mile run with a luxury cruise in the Bahamas); and 2) it doesn’t ruin your goal — if you are trying to lose weight, don’t reward a day of healthy eating with a dessert binge. It’s self-defeating.

#10: Find inspiration, on a daily basisInspiration is one of the best motivators, and it can be found everywhere. Every day, seek inspiration, and it will help sustain motivation over the long term. Sources of inspiration can include: blogs, online success stories, forums, friends and family, magazines, books, quotes, music, photos, people you meet.

#9: Get a coach or take a class
These will motivate you to at least show up, and to take action. It can be applied to any goal. This might be one of the more expensive ways of motivating yourself, but it works. And if you do some research, you might find some cheap classes in your area, or you might know a friend who will provide coaching or counseling for free.

#8: Have powerful reasons. Write them downKnow your reasons. Give them some thought … and write them down. If you have loved ones, and you are doing it for them, that is more powerful than just doing it for self-interest. Doing it for yourself is good too, but you should do it for something that you REALLY REALLY want to happen, for really good reasons.

#7: Become aware of your urges to quit, and be prepared for them. We all have urges to stop, but they are mostly unconscious. One of the most powerful things you can do is to start being more conscious of those urges. A good exercise is to go through the day with a little piece of paper and put a tally mark for each time you get an urge. It simply makes you aware of the urges. Then have a plan for when those urges hit, and plan for it beforehand, and write down your plan, because once those urges hit, you will not feel like coming up with a plan.

#6: Make it a rule never to skip two days in a row.This rule takes into account our natural tendency to miss days now and then. We are not perfect. So, you missed one day … now the second day is upon you and you are feeling lazy … tell yourself NO! You will not miss two days in a row! Zen Habits says so! And just get started. You’ll thank yourself later.

#5: Visualize your goal clearly, on a daily basis, for at least 5-10 minutes. Visualize your successful outcome in great detail. Close your eyes, and think about exactly how your successful outcome will look, will feel, will smell and taste and sound like. Where are you when you become successful? How do you look? What are you wearing? Form as clear a mental picture as possible. Now here’s the next key: do it every day. For at least a few minutes each day. This is the only way to keep that motivation going over a long period of time.

#4: Keep a daily journal of your goal. If you are consistent about keeping a journal, it can be a great motivator. A journal should have not only what you did for the day, but your thoughts about how it went, how you felt, what mistakes you made, what you could do to improve. To be consistent about keeping a journal, do it right after you do your goal task each day. Make keeping a journal a sensory pleasure.

#3: Create a friendly, mutually-supportive competition.We are all competitive in nature, at least a little. Some more than others. Take advantage of this part of our human nature by using it to fuel your goals. If you have a workout partner or goal buddy, you’ve got all you need for a friendly competition. See who can log more miles, or save more dollars, each week or month. See who can do more pushups or pullups. See who can lose the most weight or have the best abs or lose the most inches on their waist. Make sure the goals are weighted so that the competition is fairly equal. And mutually support each other in your goals.

#2: Make a big public commitment. Be fully committed. This will do the trick every time. Create a blog and announce to the world that you are going to achieve a certain goal by a certain date. Commit yourself to the hilt.

#1: Always think positive. Squash all negative thoughts. Monitor your thoughts. Be aware of your self-talk. We all talk to ourselves, a lot, but we are not always aware of these thoughts. Start listening. If you hear negative thoughts, stop them, push them out, and replace them with positive thoughts. Positive thinking can be amazingly powerful.

Source >>> http://zenhabits.net/top-20-motivation-hacks-overview/

Search Engine Poisoning

Posted: June 9, 2011 in IT
Search Engine Poisoning

Search Engine Poisoning

Geek’s Words of Wisdom

Posted: June 3, 2011 in IT

>There are 10 types of people in the world: those who understand binary, and those who don’t.

>If at first you don’t succeed; call it version 1.0

>Microsoft: “You’ve got questions. We’ve got dancing paperclips.”

>My pokemon bring all the nerds to the yard, and they’re like you wanna trade cards? Darn right, I wanna trade cards, I’ll trade this but not my charizard.

>1f u c4n r34d th1s u r34lly n33d t0 g37 l41d.

>I’m not anti-social; I’m just not user friendly.

>I would love to change the world, but they won’t give me the source code

>Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

>A computer lets you make more mistakes faster than any invention in human history – with the possible exceptions of handguns and tequila.

>My software never has bugs. It just develops random features.

>The box said ‘Requires Windows 95 or better’. So I installed LINUX.

>Roses are #FF0000
Violets are #0000FF
All my base
Are belong to you

>People say that if you play Microsoft CD’s backwards, you hear satanic things, but that’s nothing, because if you play them forwards, they install Windows.

>The speed of sound is defined by the distance from door to computer divided by the time interval needed to close the media player and pull up your pants when your mom shouts “OH MY GOD WHAT ARE YOU DOING!!!”

>The glass is neither half-full nor half-empty: it’s twice as big as it needs to be.

>In a world without fences and walls, who needs Gates and Windows?

>You have just received the Amish Computer Virus. Since the Amish don’t have computers, it is based on the honor system. So please delete all the files from your computer. Thank you for you cooperation.

>Passwords are like underwear. You shouldn’t leave them out where people can see them. You should change them regularly. And you shouldn’t loan them out to strangers.

>Failure is not an option — it comes bundled with Windows.

>Enter any 11-digit prime number to continue…

>Ethernet (n): something used to catch the etherbunny

>You know it’s love when you memorize her IP number to skip DNS overhead.

>JUST SHUT UP AND REBOOT!!

>Windows had detected you do not have a keyboard. Press ‘F9″ to continue.

>Use The Best…
Linux for Servers
Mac for Graphics
Palm for Mobility
Windows for Solitaire

>Artificial Intelligence is no match for Natural Stupidity.

>UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity.

>C://dos
C://dos.run
run.dos.run

>Hand over the calculator, friends don’t let friends derive drunk.

>MICROSOFT = Most Intelligent Customers Realize Our Software Only Fools Teenagers

>The code that is the hardest to debug is the code that you know cannot possibly be wrong.

>A thousand words are worth a picture, and they load a heck of a lot faster.

>Girls are like internet domain names, the ones I like are already taken.

>A Life? Cool! Where can I download one of those?

>Unix, DOS and Windows…the good, the bad and the ugly.

>How do I set a laser printer to stun?

>I spent a minute looking at my own code by accident. I was thinking “What the hell is this guy doing?”

>Software is like sex: It’s better when it’s free.

>Better to be a geek than an idiot.

>Alcohol & calculus don’t mix. Never drink & derive.

>The difference between e-mail and regular mail is that computers handle e-mail, and computers never decide to come to work one day and shoot all the other computers.

>Windows XP -now comes with free anger management courses.

>I see fragged people

>Who needs friends? My PC is user friendly.

>Windows does not detect a keyboard…Please press ‘ENTER’ to continue…

>Never make fun of the geeks, one day they will be your boss.

>Video games are bad for you? That’s what they said about Rock-n-Roll.

>ACs are like computers- Both work fine until you open Windows!

>I don’t care if the software I run is unstable crap, as long as it is the LATEST unstable crap.

>Who is General Failure and why is he reading my disk?

>”Concept: On the keyboard of life, always keep one finger on the escape button.”

>Computer Science is no more about computers than astronomy is about telescopes.

>Beware of computer programmers that carry screwdrivers.

>Whoa! I can submit my prayers via html based forms!

>Cool people are just idiots wearing pricy clothes

>Who wants to be cool when you can be a nerd

>Who needs the library? I’ve got google!

>You laugh at me because I’m differnt. I pity you because you all use the same damn quotes for your internet profiles.

A-Z bash commands

Posted: April 24, 2011 in IT

I’d like to point out to everyone before reading that this list is very far from completion and does not include all of the extendable possibilities. When I say this, nmap isn’t a built-in command until you install nmap. These commands just stand for those that come with a Linux/UNIX BASH installation.

A

adduser Add a user to the system
addgroup Add a group to the system
alias Create an alias •
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index

B

basename Strip directory and suffix from filenames
bash GNU Bourne-Again SHell
bc Arbitrary precision calculator language
bg Send to background
break Exit from a loop •
builtin Run a shell builtin
bzip2 Compress or decompress named file(s)

C

cal Display a calendar
case Conditionally perform a command
cat Display the contents of a file
cd Change Directory
cfdisk Partition table manipulator for Linux
chgrp Change group ownership
chmod Change access permissions
chown Change file owner and group
chroot Run a command with a different root directory
chkconfig System services (runlevel)
cksum Print CRC checksum and byte counts
clear Clear terminal screen
cmp Compare two files
comm Compare two sorted files line by line
command Run a command – ignoring shell functions •
continue Resume the next iteration of a loop •
cp Copy one or more files to another location
cron Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit Split a file into context-determined pieces
cut Divide a file into several parts
D
date Display or change the date & time
dc Desk Calculator
dd Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes •
df Display free disk space
diff Display the differences between two files
diff3 Show differences among three files
dig DNS lookup
dir Briefly list directory contents
dircolors Colour setup for `ls’
dirname Convert a full pathname to just a path
dirs Display list of remembered directories
dmesg Print kernel & driver messages
du Estimate file space usage

E

echo Display message on screen •
egrep Search file(s) for lines that match an extended expression
eject Eject removable media
enable Enable and disable builtin shell commands •
env Environment variables
ethtool Ethernet card settings
eval Evaluate several commands/arguments
exec Execute a command
exit Exit the shell
expect Automate arbitrary applications accessed over a terminal
expand Convert tabs to spaces
export Set an environment variable
expr Evaluate expressions

F

false Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk Partition table manipulator for Linux
fg Send job to foreground
fgrep Search file(s) for lines that match a fixed string
file Determine file type
find Search for files that meet a desired criteria
fmt Reformat paragraph text
fold Wrap text to fit a specified width.
for Expand words, and execute commands
format Format disks or tapes
free Display memory usage
fsck File system consistency check and repair
ftp File Transfer Protocol
function Define Function Macros
fuser Identify/kill the process that is accessing a file

G

gawk Find and Replace text within file(s)
getopts Parse positional parameters
grep Search file(s) for lines that match a given pattern
groups Print group names a user is in
gzip Compress or decompress named file(s)

H

hash Remember the full pathname of a name argument
head Output the first part of file(s)
help Display help for a built-in command •
history Command History
hostname Print or set system name

I

id Print user and group id’s
if Conditionally perform a command
ifconfig Configure a network interface
ifdown Stop a network interface
ifup Start a network interface up
import Capture an X server screen and save the image to file
install Copy files and set attributes

J

join Join lines on a common field

K

kill Stop a process from running
killall Kill processes by name

L

less Display output one screen at a time
let Perform arithmetic on shell variables •
ln Make links between files
local Create variables •
locate Find files
logname Print current login name
logout Exit a login shell •
look Display lines beginning with a given string
lpc Line printer control program
lpr Off line print
lprint Print a file
lprintd Abort a print job
lprintq List the print queue
lprm Remove jobs from the print queue
ls List information about file(s)
lsof List open files

M

make Recompile a group of programs
man Help manual
mkdir Create new folder(s)
mkfifo Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod Make block or character special files
more Display output one screen at a time
mount Mount a file system
mtools Manipulate MS-DOS files
mv Move or rename files or directories
mmv Mass Move and rename (files)

N

netstat Networking information
nice Set the priority of a command or job
nl Number lines and write files
nohup Run a command immune to hangups
nslookup Query Internet name servers interactively

O

open Open a file in its default application
op Operator access

P

passwd Modify a user password
paste Merge lines of files
pathchk Check file name portability
ping Test a network connection
pkill Stop processes from running
popd Restore the previous value of the current directory
pr Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf Format and print data •
ps Process status
pushd Save and then change the current directory
pwd Print Working Directory

Q

quota Display disk usage and limits
quotacheck Scan a file system for disk usage
quotactl Set disk quotas

R

ram ram disk device
rcp Copy files between two machines
read Read a line from standard input •
readarray Read from stdin into an array variable •
readonly Mark variables/functions as readonly
reboot Reboot the system
rename Rename files
renice Alter priority of running processes
remsync Synchronize remote files via email
return Exit a shell function
rev Reverse lines of a file
rm Remove files
rmdir Remove folder(s)
rsync Remote file copy (Synchronize file trees)

S

screen Multiplex terminal, run remote shells via ssh
scp Secure copy (remote file copy)
sdiff Merge two files interactively
sed Stream Editor
select Accept keyboard input
seq Print numeric sequences
set Manipulate shell variables and functions
sftp Secure File Transfer Program
shift Shift positional parameters
shopt Shell Options
shutdown Shutdown or restart linux
sleep Delay for a specified time
slocate Find files
sort Sort text files
source Run commands from a file `.’
split Split a file into fixed-size pieces
ssh Secure Shell client (remote login program)
strace Trace system calls and signals
su Substitute user identity
sudo Execute a command as another user
sum Print a checksum for a file
symlink Make a new name for a file
sync Synchronize data on disk with memory

T

tail Output the last part of files
tar Tape ARchiver
tee Redirect output to multiple files
test Evaluate a conditional expression
time Measure Program running time
times User and system times
touch Change file timestamps
top List processes running on the system
traceroute Trace Route to Host
trap Run a command when a signal is set(bourne)
tr Translate, squeeze, and/or delete characters
true Do nothing, successfully
tsort Topological sort
tty Print filename of terminal on stdin
type Describe a command •

U

ulimit Limit user resources •
umask Users file creation mask
umount Unmount a device
unalias Remove an alias •
uname Print system information
unexpand Convert spaces to tabs
uniq Uniquify files
units Convert units from one scale to another
unset Remove variable or function names
unshar Unpack shell archive scripts
until Execute commands (until error)
useradd Create new user account
usermod Modify user account
users List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode

V

v Verbosely list directory contents (`ls -l -b’)
vdir Verbosely list directory contents (`ls -l -b’)
vi Text Editor
vmstat Report virtual memory statistics

W

watch Execute/display a program periodically
wc Print byte, word, and line counts
whereis Search the user’s $path, man pages and source files for a program
which Search the user’s $path for a program file
while Execute commands
who Print all usernames currently logged in
whoami Print the current user id and name (`id -un’)
Wget Retrieve web pages or files via HTTP, HTTPS or FTP
write Send a message to another user

X

xargs Execute utility, passing constructed argument list(s)
yes Print a string until interrupted
. Run a command script in the current shell
### Comment / Remark

Furthermore, if you would like to learn more of these commands simply type the command prepended with the “man” command. So if you would like to learn more of the “echo” command you would type “man echo”. This will then display any documentation and/or manuals for the command. Whilst it is not necessarily to replace the –help parameter, it can be useful for learning more of how the command works.

I’d also like to ad that “false : Do nothing, unsuccessfully” is my favourite command.

credit: NoX

DNS Poisoning

Posted: April 23, 2011 in IT

This is an introduction to DNS poisoning which also includes an example of quite a nifty application of it using the IP Experiment. It’s purely educational, so I’m not responsible for how you use the information in it. You’re free do redistribute this tutorial wherever you like, but please keep it in its original form and credit me.

To start, you’ll need

  • A computer running Linux (Ubuntu in my case)
  • A basic understanding of how the Domain Name System (DNS) works

Note that this is a more advanced topic; don’t try this if you don’t know what you’re doing.


Part 1 – Why DNS?

The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that the DNS server supplied.

Here’s a pretty diagram to help explain it

DNS server

If we can find a way to tell the client the wrong IP address, and give them the IP of a malicious server instead, we can do some damage


Part 2 – Malicious DNS Server
So if we want to send clients to a malicious web server, first we need to tell them its IP, and so we need to set up a malicious DNS server.
The server I’ve selected is dnsmasq – its lightweight and the only one that works for this purpose (that I’ve found)
To install dnsmasq on Ubuntu, run sudo apt-get install dnsmasq, or on other distributions of Linux, use the appropriate package manager.

Once you’ve installed it you can go and edit the configuration file (/etc/dnsmasq.conf)

sudo gedit /etc/dnsmasq.conf

The values in there should be sufficient for most purposes. What we want to do is hard-code some IPs for certain servers we want to spoof

The format for this is address=/HOST/IP

So for example;

address=/facebook.com/63.63.63.63

..where 63.63.63.63 is the IP of your malicious web server

Save the file and restart dnsmasq by running

sudo /etc/init.d/dnsmasq restart

You now have a DNS server running which will redirect requests for facebook.com to 63.63.63.63


Part 3 – Malicious Web Server
You probably already have a web server installed. If not, install apache. This is pretty basic, so I won’t cover it here.

There are a couple of things you can do with the web server. It will be getting all the traffic intended for the orignal website, so the most likely cause of action would be to set up some sort of phishing site

I’ll presume you know how to do that though ^_^

Another alternative is to set up some sort of transparent proxy which logs all activity. I might come back to this in the future.


Part 4 – I Can Be Ur DNS Server Plz?
Okay, so now you’ve got a DNS server pointing clients to your malicious server. But no one’s going to listen to it, because it’s not anyone’s DNS server.

You need to set your victim to use your malicious server as its DNS server. If you can access their router settings, this can normally be set. Normally there are two DNS servers specified; change one of them to the IP of your malicious DNS server, hit enter and voila!

Now just wait for your victim to browse to the spoofed website and you’ll have fun playing with their data!

An alternative is to, instead of a spoof webserver, set up a Metasploit browser_autopwn module as detailed here. You can have lots of fun with that ;)

But how do you get a victim? Well this is where my project, the IP Experiment could come in handy. (Link)
If you don’t know, the IP Experiment basically harvests people’s IPs through websites such as forums and scans them for open ports. A surprising number of these IPs have port 80 open and more often that not, that leads straight to a router configuration mini-site. ‘Admin’ and ‘password’ will get you far in life; its fairly easy to login and change the DNS settings, and BOOM. You have a victim!

credit:saifulfaizan

Basics of EXPLOITING

Posted: April 23, 2011 in IT

NOTE: Some statements in here apply to beginners. If you read this and are an advanced user, you might say: “That is not true, I know a way….”. Correct. But it is impossible to include every exception and technique without creating confusion. Read this essay as if you are a beginner….

NOTE 2: Some basic rules all good crackers and exploiters adhere to: Do not change, alter, or delete any info you may find on a site. This is just not done, and can actually
result in prosecution if you get caught.

On your exploiting journey, you may also come across confidential information from members, such as home addresses, credit card info etc. I know I have, many times over. I even found a hole where I could have the checks of site referrals sent to my account! Never use this information to your personal gain! This will be considered theft and misuse of personal information, and can get you into serious trouble…

OK, now with that out of the way, let’s start the series on Exploiting…!

EXPLOITING – THE BASICS

OK, so you are tired of bruteforcing, have spoofed a couple of sites, and have seen posts with custom passes or complete member lists…and you wanna know how… If so, this essay is for you.

This basic exploiting essay assumes you understand or master the following techniques and skills with respect to website security:

* – Basic HTML
* – Brute forcing
* – Proxy use
* – Basic URL handling
* – Basic website structures
* – Basic Spoofing
* – Good AD skills or similar

But most importantly, you need a good brain and have a sincere interest in website security. Exploiting takes a lot of time and requires research on a regular basis. On the other hand, the rewards are well worth the effort in my opinion!

When trying to test the security of websites, you can gain access in the following manners, listed in order of technical difficulty:

1. 1. Guess passwords
2. 2. Brute force attacks
3. 3. Spoof the site
4. 4. Get and decrypt passfiles or logs
5. 5. Using scripts to add passes
6. 6. Get admin access (via telnet or browser)
7. 7. Hack the server via telnet

As you can see in the list above, exploiting is really nothing more than increasing your chances of getting access. Guessing passwords…to bruteforcing…to decrypting passfiles or logs…you increase your chances of getting a working pass with less effort!

HTACCESS and HTPASSWD

Since there are excellent tuts on this already, I am not going to spend a lot of time on this. One question I see a lot from newbies is that they “can not locate the htpasswd”….

A few notes on htaccess and htpasswd:

* – htaccess only sometimes shows the dir to the htpasswd (or passwd or different name)
* – the chances of getting this file are slim, as this vulnerability is well-known out there and most webmasters have denied you access, hidden the file, or placed the file on their home dir.

For the fans, here is some more detailed info on the subject I found:
In order to find the .htpasswd (or interpret the .htaccess) you need to understand the difference between the web root and the system root.

The AuthUserFile is specified in terms of the system root. That is, the directory structure you would see if you were actually logged into the computer through a terminal.

When a web browser accesses a machine, it is through a web server. The web server is configured so that the browser will start at some specific directory in the machine. I refer to that as the web root. It is specified in the web server configuration file, off in some directory you can’t browse to.

So, lets say that the web root is set to /home/users/www.site.com/www. When you surf to http:/www.site.com/ you find yourself in the machine directory /home/users/www.site.com/www (but nothing really tells you that), and if there is an index.html there, you will display it.

So lets say that the web root is set as above, and that the .htaccess contains the line:

code:
————————————————————–

AuthUserFile /home/users/www.site.com/www/hidden/.htpasswd

————————————————————–
(or something similar)

Applying what I said above, you would find the .htpasswd at:

code:
——————————————————–

http://www.site.com/hidden/.htpasswd

——————————————————–

Since the web root is /home/users/www.site.com/www. You still may not be able to read it because it might be forbidden through some other method, say only accessible from certain IP addresses, or . files are not accessible through their web server.

Now, lets say the .htaccess said:

code:
————————————————————–

AuthUserFile /home/users/abc.com/hidden/.htpasswd

————————————————————–

Now, there is no way we can get to it since the web root puts us in home/users/www.site.com/hidden/www and we are well past the days when you could back up above a web root in an Apache web server.

If ../ worked, we would be in luck, since we could specifyhttp://www.site.com/…dden/.htpasswd. This used to work, or the unicoded version worked, or the double unicoded version worked, or quotes worked, or unicoded quotes, etc., etc. Not so anymore….

Our only hope, when the .htpasswd is not on the web root, is to find another exploit that will allow us to access files. Such things exist but are hard to find, so read on….

SO NOW WHAT?

Well, as you tried to get the passfile looking for it in the obvious locations, and failed…maybe there are other ways of obtaining it….

Using AD or another security scanner, you can start looking for so-called vulnerabilities. This means testing the website for security, and trying to find ways into the site. How does this work, you ask? We need a tool to test the security…

For these essays, I will be talking about a tool called WebSiteFinder, or WSF in short. Written by Wolfman, this is a great tool, in my opinion. AD or Passcraft can do the same, so use whatever you feel comfortable with. If you start out, use AD.

To make these tools really effective, you need an exploit list. This is a list of basic paths that will be tested for possible vulnerabilities or access against the website. AD offers a basic exploit list, at least the older versions did. Exploit lists can be found all over the web, but please realise these are very basic, and some of the holes (=vulnerabilities) they have in it, are old and will not work anymore on most sites.

HOW TO MAKE YOUR OWN EXPLOIT LIST

Really good exploiters or crackers will not share their lists with you. The reason: Once some exploits are made public, chances are the holes will be discovered quickly and thus closed! And that is a bummer.

So you have to build your own list. How, you ask? Here are a few tips.

1. ANALYZE, THINK, STUDY, BE CREATIVE
First place to start, is to analyze your current exploit list. What makes sense, and what does not. What paths do you understand? Why do you think that particular path is a vulnerability, and if you came accross it, how would you use it? If you don’t know, ask on a forum via PM, there are many people around that can and will help you. Moreover, read up on security sites (better get used to it), such as packetstorm, securiteam, etc.

NOTE: It is no use to just try exploits on sites if you don’t understand what you are doing. The results can be very bad. You could, unwillingly, do damage to the site!

2. KEEP YOUR EYES ON THE SCREEN
Look at directory trees of sites you visit. Try to go up and down in levels in the dir to possibly find more holes…copy these to your exploit list.

3. STATS and LOGS
These are KING in my book. Why? Stats show the requests made to a website, and some stats list all the requests….including those of someone trying to exploit the site. The paths that this person tried may not have worked on the site, but heh, copy them to your exploit list, they may come in handy for other sites! Access logs show the same thing…moreover, they might tell you alot about the server, home server (FTP logs), usernames, and the basic website structure.

INTERMEZZO: “What to do with the usernames?”
This is a question I get a lot. Someone has seen the stats, and now has a list of usernames. Now what? Well, half the battle is won! Remember the statement I made about increasing your chances in getting access? This is it! Proceed in two ways:
1. Use the usernames and one of your wordlists to do a BF attack
2. Match the usernames to working combos you have. There are tools for this, and try to see if the combos work. Many users use the same password for different sites…see where I am getting at?

4. GOOGLE, GOOGLE, GOOGLE!

I love google. I embrace googling. You should too. Make googling your hobby! Type in a path or exploit, and see what you get, you will be surprised! It will lead you to access logs, vulnerability reports, cool sites, etc. Whatever you find and think is useful, copy to your exploit list…
……………………………………………………………………..

Credits: Adnan Anjum