Government Security
Network Security Resources

Jump to content

Photo

Tips :)

security windows
  • Please log in to reply
91 replies to this topic

#91 einherji

einherji

    Private

  • Members
  • 2 posts

Posted 15 August 2007 - 04:21 AM

You can make firefox up to three times faster very easily, all you need to do is: ;)
1. Typa about:config in the url bar in Firefox.
2. Type network.http in the filter bar.
3. Double click on network.http.pipelining to set it as true
4. Set network.http.pipelining.maxrequests to 30 (Firefox will then make up to 30 requests at a time)
5. Set network.http.proxy.pipelining as True
6. Rightclick anywhere and choose New -> Integer, name it nglayout.initialpaint.delay and make the value 0.
7. Restart Firefox

#92 rave23

rave23

    Private First Class

  • Members
  • 37 posts

Posted 23 April 2008 - 02:02 PM

an awesome way to get someones IP using any kind of messenger/chat/mail (this is not invented by me).

You need:
*NetCat
*A properly forwarded and open port 80 to your system
*a free-url service like dyndns or anything really

Okay, make sure you got port 80 properly forwarded if you are behind a router, or set the premissions if you are using a firewall. It is crucial that this port is reachable from the Outside WAN!

Go to some free-url service, and register your ip. A good way of doing that is using DynDNS together with DeeEnEs.exe, and register a new Dynamic Dns. Say you got iamsocool.dyndns.com associated with your current WAN ip. Good! Or maybe go to the *.tk domain service, and register your ip to get mycoolname.tk.
You get the idea. You can of course, just use your plain ip instead of a domain name, but klicking on a link to some numbers makes most people suspicious. So go ahead and take the time to mask it using some free domain service.

now here comes the fun. Fire up netcat, using the following options: "-l -vv -p 80"
Now you got netcat listening on port 80 for any kind of inbound connection, in verbose mode, so it gives you lots of information.

Now, take your link or url or ip or whatever, and transform it in a clickable link. Like that: Http://iamsocool.dyndns.com or http://mycoolname.tk
Basically, that translates into http://24.123.123.123 (or whatever your Registered ip is), so you can go ahead and use that if you are being lazy. I wouldn't recommend it though, cause it just looks odd.

send your victim the link and get him to klick it. How you do that, i don't know. Be creative. messengers and chats are great, cause most of the time it's gonna happen right away, and you can make sure that he and nobody else actually clicked the link.
What happens if he surfs to your link is, he will create a request on port 80 on your machine, trying to access a website. Now, there isn't a webserver to answer though, so all he gets is a blank page. But behold. You got netcat listening on port 80.
So what actually happens is, the webbrowser of your victim establishes a connection with your computer, and tries to access information from your netcat. Netcat will do nothing though, since we didn't tell it to do anything on inbound connection.

Now, what is that good for? Well... Let's see. Netcat tells you the IP of any inbound connection. Check your netcat window, you will see something similar to this:
############################################
Cmd line: -l -vv -p 80
listening on [any] 80 ...
connect to [192.168.0.123] from (S010600104b294a46.gv.shawcable.net) [24.108.158.98] 47146: NO_DATA

GET / HTTP/1.1
Host: 192.168.0.123
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071127
Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
############################################

does that look familiar to you? No, then let's help you out. You are only interested in the line saying "connect to ..." !

connect to [192.168.0.123] from (S010600104b29****.gv.shawcable.net) [24.108.158.**] 47146: NO_DATA

the first IP adress should be your LAN Adress. you can spot those cause they start with 192.168.* ! You want to ignore those. 2nd IP is the ip of the person who actually clicked on the link. Now, wasn't that a piece of Cake?

now, you might say "lol, i use netstat -a to sniff messenger ip's", so i'm gonna tell you the advantages and the drawbacks of this method.

Advantages:
* You get the actuall IP of the computer who klicked on the link. The netstat method will leave you with the IP of the messenger Relay server. I tested this many times. Plus it works with everything that you can send a link with.
* It's a fresh new way of thinking, and by far more easy than guessing random ports and adresses via netstat.
* you don't have to send any files or whatever
* your victim will end up with a blank page
* it's precise and efficient
Drawbacks
* some technical knowledge required. It won't work without proper port forwarding. Test it with one of your buddies first.
* You have to get the person to visit your link. So some social engineering is required.
* The person might use a proxy, in that case, you won't get the right IP
* you never know for sure if the person you send the link to actually klicked on it, or someone else for example.


i can't stress this enough. Netstat -a will hardly ever work those days. Todays messenger do not send messages Peer to Peer anymore. Like, if i want to send you a message using MSN, my message is being sent to the message-relay-server first, and then bounced to the recipient. That has many reasons, otherwise, how would your IM work behind a router or a firewall? Netstat -a will not work these days. It won't mkay?
I even tested the file transfer method with Yahoo messenger, and oh behold, even my file transfer was being relayed.

It's kinda silly to sniff someone's ip using messengers anyway, and i don't really know why anybody would want to do that ;) Like, getting their IP will enable you to do anything really. Nope, sorry, it won't. This message goes out to most Kids thinking they can do magic with it.
So, you got their IP. Now what? Sure, go ahead and do your portscan. I tell you that 90% of all people in Canada are connected to the internet using hardware supplied by their ISP. And these things always (well, most of the time...) have some sort of router integrated, let it be to enable multiple machines to use the connection or to acces it through W-Lan. And this is where the fun ends.

Back in the days, when everybody was using Dial Up and had a straight connection to the internet, plus old OSes there was actually something someone could do by having their IP adress. anybody here remembers PingOfDeath :D? Or packets with the commands to hang up the connection? Or DoS? Yeah, that was pretty cool. These tutorials might have been valid a long time back, but today, it just won't work anymore. That's the conclusion i came to. Feel free to prove me wrong.

Now of course, there might be some people who are able to utilize these informations to actually "do something" with it, but these people wouldn't be reading this and would have no trouble aquiring their IP in the first place.

Sorry to burst your bubble. I'd say it's gotten a lot more difficult these days to compromise the end-users security. Trojans with Reverse connection and process injection are pretty much the only way. Forget about sub7 or MoSucker, those are museum-pieces. Unless of course, the user just happens to have a free port properly forwarded and you happen to run your trojan on that port. That's a highly unlikely cenario. And if you can get them to run a file, use something with reverse connection in the first place. Now that might be a bit more difficult to set up and all, but it's well worth the trouble. Plus, it doesn't give you all the leet-fun stuff like opening CD Trays and Matrix-Style chat *rollseyes*... Those are only good for lan-parties anyhow :D

wow, now i wrote a lot more than i wanted to... well, maybe i saved some kid out there some trouble...





Also tagged with one or more of these keywords: security, windows