Results 1 to 7 of 7

Thread: Chapter 2 - Newbie Questions Answered

  1. #1
    AntiOnline Senior Member
    Join Date
    Oct 2001
    Posts
    514

    Chapter 2 - Newbie Questions Answered

    Chapter 2 - Newbie Questions Answered

    Well, my last tutotial post got positive feedback on it, so its on to chapter 2 out of 8. Remember, I didn't write the tutorials...

    Also, for those who didn't see my earlier chapter, here it is -

    Chapter 1 -
    http://www.antionline.com/showthread...hreadid=134048

    Topics Covered in Chapter 2

    What are Wingates?
    Where do I find out the addresses of Wingates?
    What are Proxys?
    What are Firewalls?
    How do I forge email?
    What are Email headers?
    What does the stuff in an Email header mean?
    What is IRC?
    How can I hack Ops on an IRC channel?
    How can I change my Windows boot-up/turn-off screens?
    How can I break into a windows 9x system?

    --------------------------------------------------------------------------------

    What are Wingates?

    A wingate is a windows-based computer that can be used as a gateway to other computers. It is running the software 'Wingate'. The idea is that you would install it on a LAN (Local Area Network) and then it would allow the people on the LAN to connect to the internet under the wingate computers modem. However, if the person who setup the wingate is stupid (which most of them are) they will leave it improperly configured. This means that not just people who are on the LAN have access to it, everyone on the Internet has access!

    Wingates are kind of like divertions that you can take when connecting to servers (Do I explain this well or what?). Here is an example (using Telnet):

    If I want to connect to "Phreak.org" on port "25", I could simply load telnet up, tell it to connect - and Bingo I’m connected. But how anonymous is that? The chances are that when I connect to that server it logs my IP address along with the time I connected and the date. If I do anything bad, they can contact my Internet Service Provider and get me flung off.

    So, what your probably saying is, "Ok, so is there anyway I can fake my IP address so that they cant find out who I am?". Well, that’s where the Wingates come in. Lets try connecting to Phreak.org again this time through a Wingate:

    I load up telnet, and instead of connecting straight to phreak.org - I connect to the wingate, say, Wingate.com on port 23 (port 23 is the usual port Wingates operate on) and it gives me the prompt "Wingate>". I then type in "Phreak.org 25" and the wingate sends me to Phreak.org on port 25. The difference is - I am connecting under the wingates IP address, and not my own!

    This isn't foolproof though, so don't go around thinking your untraceable - if someone really wanted to find out who you were, chances are they could. However, saying this, most Wingates have little no logging - which means that they dont keep tracks of who goes through them...so you might just get away with your haxor escapades.

    --------------------------------------------------------------------------------

    Where do I find out the addresses of Wingates?

    Well, this is slightly more tricky because Wingates go up and down all the time. A wingate scanner is available from my website as part of the WangScript WarTools ( http://come.to/wangscript ) so you can download that. Basically that scans a range of IP address and tells you if it finds any wingates.

    The second method (far easier) is to connect to some big IRC network (eg. eu.undernet.org or Irc.dal.net) and type the command "/stats k". This will give you a list of all the people banned from the server and their addresses. Chances are most of them have been banned for using Wingates! So, just copy down their addresses and then try telneting to them on port 23. If it responds "Wingate>" - you got one!


    --------------------------------------------------------------------------------

    What are proxies?

    Proxy servers can handle HTTP, FTP and GOPHER. Each have their own ports. A proxy is made up of a server-name and what port it is on.

    Example: proxy.foobar.net:80.

    Server address/name: proxy.foobar.net

    Port: 80

    Say you want to be a bit more anonymous by hiding your IP, one solution would be to use a proxy. If someone tracked the proxy it would give them the location of that server, and not you! So I suppose you could say a proxy achieves the same thing as a wingate. You can use proxies with Netscape, Internet Explorer, and mIRC to anonomize your online time.


    --------------------------------------------------------------------------------

    What are firewalls?

    A firewall is a system (or group of systems) that controls access between two networks. They can exist to block incoming traffic / to permit incoming traffic.


    --------------------------------------------------------------------------------

    How do I forge email?

    Telnet to a mail server on port 25 (usually you can just get an ISP, e.g. BTInternet and then add mail.btinternet.com). Now, different servers will run different mailing programs - that is expected...but when you connect to a mail server the most likely mail program you are likely to encounter is SendMail (a program which is known for glitches and flaws). How do you know if its SendMail? When you telnet to the mail server it might mention 'Sendmail' or there may be some numbers like '8.8.3/8.6.9' that is a pretty good sign that it is running sendmail. Once connected to the mail server, if it is sendmail - type in the following (may be different on some versions):

    Helo <A fake hostname>

    Mail from: <The address you want to make it look like it has come from>

    Rcpt to: <The recipient>

    Data

    <You message to the recipient>

    . (just a single dot)

    If it isn't SendMail then the syntax will be slightly different, but along the same lines. Here is an example of what you might type:

    helo aol.com

    mailfrom: youaredodgy@hacker.com

    rcpt to: billclinton@whitehouse.gov

    data

    I know what your up to you dirty old man

    .

    So is that completely untraceable? Well, No. The average internet user will wet their pants if you forge an email to them from their own address with the message "I will become you!"...and they wont have a clue how to trace it. But anyone with any skill will know exactly how to find out where it came from. They can do this by reading the email headers. Headers are the extra bits that come with an email that you can't by default see (although there will be an option in your email program to switch "Show All Headers" on or "View Source of Email"). The thing is, when you send an email your IP address gets attatched to it (Damn that IP address thing again!). Send a fake mail to yourself and see if you can find your email address in the headers.


    --------------------------------------------------------------------------------

    What are Email headers?

    Headers are the extra bits that come with an email that you can't by default see (although there will be an option in your email program to switch "Show All Headers" on or "View Source of Email"). Here is an example of an email (all the real server names has been removed and replaced by Fakes):

    Return-Path: <wang@fubar.org>

    Received: from fubar.org ([57.11.151.287]) by mta2-svc.dodgy.net

    (InterMail v4.01.01.02 201-229-111-106) with SMTP

    id <19990730093810.ECQX20505.mta2-svc@fubar.org>

    for <Git@dodgy.net>; Fri, 30 Jul 1999 10:38:10 +0100

    Received: med fubar.org via smail vid stdio

    Date: Fri, 30 Jul 1999 04:42:37 -0500 (CDT)

    From: Wang <wang@fubar.org>

    To: Git@dodgy.net

    Subject: Wang is here

    Message-ID: <Pine.LNX.4.10.9907300442090.28581-100000@fubar.org>

    MIME-Version: 1.0

    Content-Type: TEXT/PLAIN; charset=US-ASCII

    X-Mozilla-Status: 8001


    --------------------------------------------------------------------------------

    What does the stuff in an Email header mean?

    Right, now the analysis of what that garbage means! First, why would you want to know what the headers mean? Heres a few reasons why you NEED to know:

    1> It will give you loads of computer names that you can explore and yes!, even hack.

    2> Ever had some spam mail sent to you with loads of adverts, or wondered who email bombed you? The first step to earning how to spot email forgeries and spot the culprit is to be able to read headers.

    3> Learn how you can forge email and avoid getting found out.

    4> Find out the weaknesses of your enemies computer by reading their headers.

    Heres that email example again:

    Return-Path: <wang@fubar.org>

    Received: from fubar.org ([57.11.151.287]) by mta2-svc.dodgy.net

    (InterMail v4.01.01.02 201-229-111-106) with SMTP

    id <19990730093810.ECQX20505.mta2-svc@fubar.org>

    for <Git@dodgy.net>; Fri, 30 Jul 1999 10:38:10 +0100

    Received: med fubar.org via smail vid stdio

    Date: Fri, 30 Jul 1999 04:42:37 -0500 (CDT)

    From: Wang <wang@fubar.org>

    To: Git@dodgy.net

    Subject: Wang is here

    Message-Id: <Pine.LNX.199907300442.13156@fubar.org>

    MIME-Version: 1.0

    Content-Type: TEXT/PLAIN; charset=US-ASCII

    Lets go through that previous email one section at a time:

    Return-Path: <wang@fubar.org>

    This is the address that will be used if you choose to click 'reply' in your email program.

    Received: from fubar.org ([57.11.151.287]) by mta2-svc.dodgy.net

    (InterMail v4.01.01.02 201-229-111-106) with SMTP

    id <19990730093810.ECQX20505.mta2-svc@fubar.org>

    for <Git@dodgy.net>; Fri, 30 Jul 1999 10:38:10 +0100

    This tells us that fubar.org (with the IP address 57.11.151.287) passed this mail onto the computer named mta2-svc.dodgy.net which was running the InterMail email program. SMTP stands for 'simple mail transfer protocol' by the way. Then we can see that this email was sent to Git@dodgy.net, and then it has the date and time information. So basically this part of the header names the computers involved in the mail transfer process, the programs involved and the target address.

    Received: med fubar.org via smail vid stdio

    ok, so this header isn't exactly an everyday one, I am not sure exactly what this part means, but I take it it just tells us that the email was received

    from fubar.org, and the second part is the program that handled it. Smail could be SendMail, you could test that by connecting to the server on port 25 and seeing what it greets you with.

    Date: Fri, 30 Jul 1999 04:42:37 -0500 (CDT)

    From: Wang <wang@fubar.org>

    To: Git@dodgy.net

    Subject: Wang is here

    These few lines are self explanatory.

    Message-Id: <Pine.LNX.199907300442.13156@fubar.org>

    The first part of this message ID says 'Pine'. Pine is an email program for Unix type systems (stands for 'Pine is not Elm'). So we could gather that the person who sent this message was using a unix type system or a shell account loaded with Pine (and he was as well, because I sent this message from my shell account!). The second part of the ID is 19990730 - the date (30/07/99). The next part is the time, 0442 - 04:42. The 13156 is the number identifying who wrote the email.

    MIME-Version: 1.0

    Content-Type: TEXT/PLAIN; charset=US-ASCII

    Mime (Multipurpose Internet Mail Extensions)is a protocol to view email.

    The character set "us-ascii" tells us what character set this email will use. Some email uses ISO ascii instead, generally if it originates outside the US.

    Well, we just analysed that header - I know thats a lot to take in, but try it! When you get an email, check out the headers and use the guide above as a guide. Headers vary LOADS, so dont expect to see exactly what was in my header. However, most of it will be the same, try getting some server names and then telneting to them on ports 25 or 110 (SMTP and POP ports).

    Hacker Hacker covered this topic really well in GTMHH volume 3, so if you want more info, download that.


    --------------------------------------------------------------------------------

    What is IRC?

    IRC always you to connect to millions of chat servers around the world. Every server has a number of rooms (some of them over 1000) dealing with different topics (yes, you guessed it...hacking is quite a big topic there!) Most people will advise you not to go into rooms such as #Hack, #Hacking, #Phreaking, #Crackers etc. and say "I want to know how to hack, teach me!"...and I agree with them! If you do this, the chances are all the hackers will laugh at you and probably nuke you (Nuking involves them using a program to either disconnect you from the chat server, or even crash your computer. These are known as DOS attacks - Denial Of Service)

    Now your probably thinking - why tell us to get on IRC then? Well, if you want to learn about programing - this is a good place to get answers. When I was learning the language Pascal and I got stuck on a few things, I went on IRC and asked some people to help me with them.

    The best IRC client for windows is mIRC. mIRC is quite a neat little program which has its own programing language built in to let you customize it and create your own commands (hacking central or what). When you program in mIRC your programs are called Scripts. There are millions of websites dedicated to distributing these scripts, and there are many different types (Utility scripts, Friendly scripts, War script etc.)

    You can get mIRC at: www.mirc.com

    You can get Scripts from: www.mircx.com / www.mirc.net / www.xcalibre.com

    If you use Unix or linux or something similar, then your best client is probably BitchX (be afraid, be very afraid). This is available from:

    www.bitchx.com

    Ok, now the programming knowledge bit. This is difficult because it really is impossible to write a text file which you can read and then say, right I can program in X now. What you can do though, is read a text file and get a basic idea of how the language works - and then experiment yourself (also try downloading some source codes)


    --------------------------------------------------------------------------------

    How can I hack Ops on an IRC channel?

    Well, you want the moon on a stick don't you? Oh well, here’s what you will need:

    An IRC client, whether it be mIRC or BitchX (Not Globalchat !! urghh!)

    A nice script with quick access to Op commands/Chanserv/Nickserv

    A LinkLooker

    A MCB

    Let’s take a large IRC network, "Irc.Dal.net". Dalnet consist of around 20 servers all around the world so that people can connect to the servers near them and get faster speeds/less lag. Sometimes, a particular IRC server will split from the rest of the network and be 'marooned' on its own for a while. It will then rejoin the rest of the network and everything will go back to normal. There is however, a good exploit of IRC that can happen when these Splits occur.

    When a split occurs, if you quickly connect to the server that has split and join a normally thriving channel (such as #mIRC, #Hackers etc.) you will (usually) find that the room is empty, and you have Ops!! (An @ by your name). When the server then rejoins the rest of the network you will find that you join the 'Real' channel with all the people in - but you still have Ops! This is how most hacks of Channel Ops work. So now your probably saying "So how do I know when a server splits??".

    A Link looker is a tool that will detect a server split. You give it a nickname and some details (including the server to connect to) and it will connect and sit there monitoring the network activity. If a server splits - you will see some text appear warning you of a split. This is when you would normally rush off to join that server/join the room to hack. When you are on a large server like Dalnet, because it has lots of child servers it is more likely to experience a split. However, if you load up a link looker don't suspect to see splits instantly, you may have to wait quite a while!

    So, what happens when your split server rejoins the network and you have Ops in the channel? Well, the experienced will tell you - they quickly deop you to make sure you don't attempt a takeover. They may even have a bot in the room to make sure that no unauthorised nicknames get ops.

    MCB (Multi Collide Bot) is a great program that creates a clone of a nick you want to kill (almost always an op on the channel you are trying to hack) on a server that has split (yes the one Link Looker informed you of). Basically you feed MCB the name or names of the nick you want to kill and tell it what split server to establish those clones and upon rejoin - BAM/SMACK/KIILL!! Yes that’s right, the target is thrown out of the channel (losing ops) and must re-establish a connection with a server to get back onto IRC and into the channel. So yes, you have figured it out. If you kill all of the ops on a channel and you ride in on a split you will be the only op in the channel.

    --------------------------------------------------------------------------------

    How can I change my Windows boot-up/turn off screens?

    Don' you hate that Windows boot-up graphic? Oh! And what about that 'It is now safe to turn off your computer' screen! If you want to show your friends that you’re really serious about hacking, lets think about changing those screens. After all, your friends will probably worship you after you change your 'it is now safe...' screen into a 'It is NEVER safe to turn off your computer' screen. Microsoft has tried to hide these screens from you by making them have different extensions (e.g. a picture would usually have an extension of .jpg, .gif, or .bmp). Here is where to find them:

    Bootup graphic is hidden in either a file named c:\logo.sys and/or ip.sys. To see this file, open File Manager, click "view", then click "by file type," then check the box for "show hidden/system files." Then, back on "view," click "all file details." To the right of the file logo.sys you will see the letters "rhs." These mean this file is "read-only, hidden, system."

    The 'It is now safe', and 'Windows is now shutting down...' screens are in the c:\windows\system directory, I think they are also hidden - so just switch on "show all files". They are called 'Logos.sys' and 'Logow.sys'.

    Now, get hold of an image editing program (you could use MSPaint that comes with Windows, or get hold of a better one like Paint Shop Pro).

    Load up one of the files (I would start with logos.sys or logow.sys), and alter it to your desire, be sure not to alter the size of the picture or the number of colours it uses etc. (It is quite precise about what it should be, if you muck it up then the graphic will not be shown at all! hint: keep a spare copy!)

    Now the trouble with using one of the existing logo files is that they only allow you to use their original colours. If you really want to go alter it well, start a fresh image but make sure the width is 320 and height is 400. Now you are free to use any colour combination available in this program. Remember to save the file as c:\logo.sys for your start-up logo, or c:\windows\logow.sys and or c:\windows\logos.sys for your shutdown screens.

    Now, say you need to get rid of the image you have changed it to, or you have someone who wants to sue your computer - and you don't want them to see what you've done. Here's what you can do to get your start-up logo back. Just change the name of c:logo.sys to something else. Something like logo.bak.

    Microsoft programmed Windows to recognise that their is no screen, and to therefore put the normal one back on (a hidden copy that windows has)!


    --------------------------------------------------------------------------------

    How can I break into a windows 9x system?

    Right, you load up a windows9x computer and your greeted with a LOGON dialog screen - what do you do??? Here are the things you can try:

    1> Try pressing (yes, its true) CANCEL, christ! sometimes that actually works! How much security do you think windows has now??

    2> Load up the computer and press whatever F key you press to get into the Boot menu (on my comp I press F8, but on some it may be different - like F5 or something). Choose to go to MSDOS or similar, so you can access DOS. When you get the DOS prompt type:

    rename c:\windows\*.pwl c:\windows\*.zzz

    This renames the *.pwl files (the one that stored the password) to something so that Windows can't find it. Now when you get to that damn Logon screen, just type anything as the password and you'll get in! When you want to put it back to normal, just go back to dos and type:

    rename c:\windows\*.zzz c:\windows\*.pwl

    3> Ok, what if you cant access the boot keys because someone has disabled them? Turn off the computer, insert a boot disk. When the computer loads up (if it boots from A:\ drive then C:\) it should read the boot disk and drop you into DOS. Now you can use the above technique to gain access.

    4> Right, what if they have been clever and disabled their boot keys AND made sure that it doesn't boot from a:\ ? Well, this is a little extreme...but:

    Get a screwdriver, solder sucker and soldering iron. Open up your the computers casing. Remove the battery, then plug the battery back in. Your computer now hopefully has the CMOS default settings. Go into the CMOS and set it to first check the A: drive when booting up. There may be an alternative to taking the battery out: many motherboards have a 3 pin jumper to reset the CMOS to its default settings. Look for a jumper close to the battery or look at your manual if you have one.
    [shadow]uraloony, Founder of Loony Services[/shadow]
    Visit us at
    [gloworange]http://www.loonyservices.com/[/gloworange]

  2. #2

    Cool

    Its really valuable..
    Be Cool ..


  3. #3
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Re: Chapter 2 - Newbie Questions Answered

    Originally posted by uraloony
    Remember, I didn't write the tutorials...
    Just BTW to readers in case they want the original:
    http://www.geocities.com/donkboyinternet/vol2.htm
    [HvC]Terr: L33T Technical Proficiency

  4. #4
    Member
    Join Date
    Nov 2001
    Posts
    65

    Talking

    Nice, I found that tutorial very useful... Thanks

    BTW, does anybody knows how to change the boot up screen on W2K pro??. Just wondering...
    Todo lo que no me mata me hace mas fuerte...

  5. #5
    Junior Member
    Join Date
    Aug 2001
    Posts
    11

    the recent tutorials ....

    I'm enthusiastically reading and storing for future study this material because at long last ... some actual newbie level stuff! Heh - thx for making it available. I'm sure many will benefit.

  6. #6
    Junior Member
    Join Date
    Aug 2001
    Posts
    11
    nice post although it's not yer work. keep up the good post dude and... when will the part 3 be off?

    h3h3h3
    its the trip... not the destination!!!

  7. #7
    Junior Member
    Join Date
    Dec 2003
    Posts
    28
    Im gonna SOOOOO trip my friend out when i turn off his computer and it says "Internal Error: C drive has been deleted" ahaha!!
    [shadow]Zato[/shadow]

    \"He who fights with monsters should look to it that he himself does not become a monster... when you gaze long into the abyss the abyss also gazes into you.\"
    - Friedrich Nietzsch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •