Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 51

Thread: Guides & Tutorials

  1. #11
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    How to Develop a Machine

    --------------------------------------------------------------------------------

    Constructing a Machine

    CPU installation
    1. Locate the CPU slot on the motherboard.
    2. Lift the locking arm on the motherboard’s CPU slot.
    3. Carefully, line the pins on the bottom of the CPU with the holes in the CPU slot. The CPU should easily drop into the slot, do not force it.
    4. After CPU is in the CPU slot make sure the bottom of the CPU is flush with the CPU slot.
    5. Carefully lower the locking arm back down.


    CPU Heat sink Installation
    1. Apply a thin coat of thermal compound to the top of the CPU. Make sure it is spread evenly.
    2. Place the heat sink on top of the CPU, lining up the catches on the CPU slot with the hooks on the Heat sinks connecting arm.
    3. Make sure the heat sink is sitting flush on the CPU.
    4. Plug in the connector from the heat sinks fan into the motherboards fan header.


    Memory Installation
    1. Locate the memory slots on the motherboard.
    2. Unlock the two arms on each side of the memory slot.
    3. Line up the gap on the bottom of the memory module with the indent inside of the memory slot.
    4. Put Memory module inside the slot grooves and firmly press directly down. The memory module should push in to the slot.
    5. Make sure both the slot arms are locked again..

    Motherboard Installation
    2. Make sure case riser screws are in the correct holes.
    3. Install the corresponding back panel plate for the motherboard in the case
    4. Lay the motherboard in case, lining up the i/o connectors in the back with the holes in the back panel plate.
    5. Screw in the board starting with the upper left screw, and continue down the left side of the board. Do the same for each hole.
    6. Plug in the power cable from the power supply unit into the motherboards power connector.

    Case Power Buttons Setup
    Case Front USB ports Setup


    Video Card Installation
    1. Locate the AGP port.
    2. Remove the metal expansion port cover from the back of the case.
    3. Line up the male end of the VGA (video card) with the AGP port. The video card should be perpendicular to the motherboard.
    4. Firmly push the VGA into the AGP port.
    5. Screw the front bracket on the VGA into the hole in the case.
    6. Plug in the power connector from the power supply into the video cards power input.

    Hard Drive Installation
    1. Mount the hard drive in the case in an open 3.5” drive bay, with case screws.
    2. Connect the IDE cable from the hard drive to the motherboards Primary IDE input.
    3. Connect a power connector from the power supply to the hard drives power input.

    CDROM Installation
    1. Mount the CDROM in the case in an open 5.5” drive bay, with case screws.
    2. Connect the IDE cable from the CDROM to the motherboards Secondary IDE input
    3. Connect a power connector from the power supply to the CDROM’s power input.
    4. Connect the audio cable from the CDROM to the motherboard’s CDROM sound connector.

    Connect keyboard, mouse, monitor, power cable and enjoy your new machine.

  2. #12
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    Small Tutorial - Setup your own FTP server

    --------------------------------------------------------------------------------

    Here is a neat little tutorial on how to setup your own FTP server.

    Works really great, and its a great way to share lots of stuff with others.

    Create ftp server

    The first thing to do is to go to

    www.no-ip.com

    Register free at the page. (follow all the instructions you get there) Look at the top, and you see the Host search. write the name you want, and press GO! Then download the program called NO-lP on the site.

    Download and install the software, then write you're registerd username and password in the requested fields. A smiley face should now appear in the program box. Press the box next to it, and I will change to a happy face. press it again, and you have you're ip guided to you're registerd host name.
    You have to press the smiley every time you log on to the internet.
    If you are connected all the time, you whont have to do it again, but try to make sure. It will tell you if you are guided to you're host name or not.

    That was the basics. Now it's time for getting this thing'online.

    Got to www.bpftpserver.com

    it's a pay prog. you can crack it or buy it) Download Bullet proof FTP server, and install it. Start the program, and you will see a big white screen, and some icons on the top.
    press the lightning, and it will say: (example)

    31.07.02 10:41:22 - FTP Server on-line : IP(S) 192.168.1.10,80.212.4.10, on port 21

    Then"youpres-s .-the-human ,head nr '6` from-the right) Right click under user accounts, and choose ADD, Make an account for you're self, and press ok. Mlnimize the program, and go to the internet again. Go to

    www.smartftp.com

    and download the prog (I'm sure the most of you have an FTP prog from before. Write the host name you made at NoIP, and the login pass and port. (Default is port 21.) press connect, and you are online.

    configuring your Bulletproof FTP Server Tutorial

    I thought that perhaps this tutorial might be pretty helpful for those interested in knowing how to configure their Bulletproof FTP Server that don't al ready know how... Here's how to get started,

    This is for the BulletProof FTP Server 2.10. However, It should work fine on most following versions as well.

    I'm assuming you have it installed and cracked.

    Basics 1. Start the program.
    2. Click on Setup> Main > General from the pull-down menu.
    3 . 'Enter your server name into the 'server Name' box. under Connection set the "Max number of users" to any number.
    This is the limit as to how many users can be on your sever at any time.
    4. click on the 'options' tab of that same panel (on the side)
    5. Look at the bottom, under lP options. Put a check in the box "Refuse Multiple Connections from the same lP". This will prevent one person from blocking your FTP to others.
    Create ftp server
    6. Also put a check in the 'Blocked Banned lP instead of notifying client).
    VERY IMPORTANT! If somebody decides to 'Hammer' (attempt to login numerous times VERY quickly) your server/computer may CRASH if you don't enable this.
    7. click on the 'advanced' tab
    8. At the bottom again look at the 'hammering area'
    9. Enable 'anti-hammer' and 'do not reply to people hammering' Set it for the following: Block lP 120 min if 5 connections in 60 sec. You can set this at whatever you want to but that is pretty much a standard click 'OK'

    Adding Users
    11. setup> user accounts form pull-down.
    12. Right click in the empty 'user Accounts' area on the right: choose 'Add'
    13. Enter account name. Cie: logon name)
    14. In the 'Access rights' box right click: choose 'Add'.
    15. Browse until you find the directory (folder) you want to share. In the right column you will see a bunch of checkboxes.
    Put a check in the following ones:
    Read, write, Append, Make, List, and +Subdirs. Press 'select'.
    16. Enter a password for your new FTP account.
    17. Click on 'Miscellaneous' in the left column selected. Enable 'Max Number of Users' set it at a personal account and more that one for a group connects per lP' set it at 1

    Make sure 'Enable Account' is a number other than zero. '1 for account enable 'Max. no. of ....

    18. under 'Files' enable 'show relative path' this is a security issue. A FTP client will now not be able to see the ENTIRE path of the FTP. It will only see the path from the main directory. Hide hidden flies as well.
    Put a tick in both of these.

    Advanced: .
    You don't need to do any of this stuff, but It will help tweak your server and help you maintain order on it. All of the following will be broken down into small little areas that will tell you how to do one thing at a time.

    changing the Port The-defaultport is always-21, 'But you can change this. Many ISPs will routinely do a scan of its own users to finda ftp server, also when peoplescan for pubs they may scan your lP, thus finding your ftp server. If you do decide to change it many suggest that you make the port over 10,000.
    1. setup> Main > General
    2. In the 'Connection' Area is a setting labeled 'Listen on port Number:'
    3. Make it any number you want. That will be your port number.
    4. Click 'OK'

    Making an 'upload only' or 'Download only' ftp server.
    This is for the entire SERVER, not just a user.
    1. Setup> Main > Advanced
    2. In the advanced window you will have the following options:
    downloads, downloads only, and uploads only. By default upload be checked. change it to whatever you want.
    3. click 'OK'

    While you are running your server, usually you will end up spending more time at your computer than you normally do. Don't be afraid to ban lP's. Remember, on your FTP you do as you want.

    Wheny you are online you must also select the open server button next to the -Lighting mark- button which is the on-line Button

    You also have to use the actual Numbered ip Address ie: 66.250.216.67 Or even Better yet. Get a no-ip.com address

    Hope its usefull for you,

    Have fun playing with your very own FTP server.

  3. #13
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    Internet Access over GPRS

    --------------------------------------------------------------------------------

    Internet Access over GPRS


    Introduction

    I will explain how the General Packet Radio Service (GPRS) technology is used for providing mobile/wireless access to the Internet. We explain the fundamental GPRS concepts, protocols, and procedures and demonstrate the main functionality provided by the GPRS network. The key procedures examined are the registration procedure, the routing/tunneling procedure, and the mobility management procedure, all of which enable mobile/wireless IP sessions.
    GPRS is a bearer service of the Global System for Mobile (GSM) communications, which offers packet data capabilities. The key characteristic of the data service provided by GPRS is that it operates in endto- end packet mode. This means that no communication resources are exclusively reserved for supporting the communication needs of every individual mobile user. On the contrary, the communication resources are utilized on a demand basis and are statistically multiplexed between several mobile users. This characteristic renders GPRS ideal for applications with irregular traffic properties (such as Web browsing), because, with this type of traffic, the benefits of statistical multiplexing are exploited; that is, we obtain high utilization efficiency of the communication resources. A direct effect of this property is the drastically increased capacity of the system in the sense that we can support a large number of mobile users with only a limited amount of communication resources. The increased capacity offered by GPRS, combined with the end-to-end packet transfer capabilities, constitute the main factors that drive the use of GPRS in providing wide-area wireless Internet access.


    GPRS Overview

    In general, a GPRS network can be viewed as a special IP network, which offers IP connectivity to IP terminals on the go. To provide such a mobile connectivity service, the GPRS network must feature additional functionality compared with standard IP networks. However, from a high-level point of view, the GPRS network resembles a typical IP network in the sense that it provides typical IP routing and interfaces to the external world through one or more IP routers.

    By using shared radio resources, mobile users gain access to remote Packet Data Networks (PDNs) through a remote access router, which in GPRS terminology is termed Gateway GPRS Support Node (GGSN). You can think of access to a remote PDN as being similar to a typical dial-up connection. Indeed, as discussed in Section 3.3, a user establishes a virtual connection to the remote PDN. However, with GPRS a user may “dial up” to many remote PDNs simultaneously and can be charged by the volume of the transferred data, not by the duration of a connection. GPRS can offer both transparent and nontransparent access to a PDN. With transparent access, the user is not authenticated by the remote PDN, and he or she is assigned an IP address (private or public) from the address space of the GPRS network. On the other hand, with nontransparent access the user’s credentials are sent to the remote PDN and the user is permitted to access this PDN only if he or she is successfully authenticated. In this case, the user is typically assigned an IP address (private or public) from the address space of the PDN he or she is accessing. Note that, irrespective of the type of access to a PDN, a user is always authenticated by the GPRS network before being permitted access to GPRS services (this is further discussed in Section 3.2.3). The nontransparent access is particularly useful for accessing secure intranets (e.g., corporate networks) or Internet Service Providers (ISPs), whereas the transparent access is most appropriate for users who do not maintain subscriptions to third-party ISPs or intranets. As illustrated in Figure 3.1, the GPRS network forms an individual subnet, which (from an address-allocation point of view) contains all users who use transparent access to remote PDNs. External PDNs perceive this subnet as being a typical IP network.


    GPRS Bearers

    GPRS network effectively provides a GPRS bearer — that is, it provides a communication channel with specific attributes between the MS (the terminal) and the GGSN (the router). Over the GPRS bearer, the MS may send IP packets to the GGSN, and it may receive IP packets from the GGSN. As explained below, the GPRS bearer is dynamically set up at the beginning of an IP session (when the user “dials” to a specific PDN), and it can be tailored to match the specific requirements of an application. In other words, it can be set up with specific Quality of Service (QoS) attributes, such as delay, throughput, precedence, and reliability.

    The PCU communicates with the Serving GPRS Support Node (SGSN) over a frame relay interface (Gb). The SGSN provides mobility management functionality, session management, packet scheduling on the downlink, and packet routing/tunneling. The interface between the SGSN and the GGSN (Gn) is entirely based on IP, typically on IPv4. The GGSN provides mainly routing and optionally screening functionality and can be considered to be a remote access router interfacing with the external PDNs. The fact that we have two IP layers within the GGSN implies that some sort of IP-to-IP tunneling is applied across the Gn interface.

  4. #14
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    Tutorial :How to Trace a hacker...

    --------------------------------------------------------------------------------

    Sometimes, it's just not enough to simply know that there's a Trojan or Virus onboard. Sometimes you need to know exactly why that file is onboard, how it got there - but most importantly, who put it there.

    By enumerating the attacker in the same way that they have enumerated the victim, you will be able to see the bigger picture and establish what you're up against. But how can you do this? Read on...

    ## Connections make the world go round ##

    The computer world, at any rate. Every single time you open up a website, send an email or upload your webpages into cyberspace, you are connecting to another machine in order to get the job done. This, of course, presents a major problem, because this simple act is what allows malicious users to target a machine in the first place.

    # How do these people find their victim?

    Well, first of all, they need to get hold of the victim's IP Address. Your IP (Internet Protocol) address reveals your point of entry to the Internet and can be used in many ways to cause your online activities many, many problems. It may not reveal you by name, but it may be uniquely identifiable and it represents your digital ID while you are online (especially so if you're on a fixed IP / DSL etc).

    With an IP address, a Hacker can find out all sorts of weird and wonderful things about their victim (as well as causing all kinds of other trouble, the biggest two being Portnukes/Trojans and the dreaded DoS ((Denial of Service)) attack). Some Hackers like to collect IP Addresses like badges, and like to go back to old targets, messing them around every so often. An IP address is incredibly easy to obtain - until recently, many realtime chat applications (such as MSN) were goldmines of information. Your IP Address is contained as part of the Header Code on all emails that you send and webpages that you visit can store all kinds of information about you. A common trick is for the Hacker to go into a Chatroom, paste his supposed website address all over the place, and when the unsuspecting victim visits, everything about your computer from the operating system to the screen resolution can be logged...and, of course, the all important IP address. In addition, a simple network-wide port scan will reveal vulnerable target machines, and a war-dialler will scan thousands of lines for exposed modems that the hacker can exploit.

    So now that you know some of the basic dangers, you're probably wondering how these people connect to a victim's machine?

    ## Virtual and Physical Ports ##

    Everything that you recieve over the Internet comes as a result of other machines connecting to your computer's ports. You have two types; Physical are the holes in the back of your machine, but the important ones are Virtual. These allow transfer of data between your computer and the outside world, some with allocated functions, some without, but knowing how these work is the first step to discovering who is attacking you; you simply MUST have a basic knowledge of this, or you won't get much further.

    # What the phrases TCP/UDP actually mean

    TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP packet is a block of data which is compressed, then a header is put on it and it is sent to another computer (UDP stands for User Datagram Protocol). This is how ALL internet transfers occur, by sending packets. The header in a packet contains the IP address of the one who originally sent you it. Now, your computer comes with an excellent (and free) tool that allows you to see anything that is connected (or is attempting to connect) to you, although bear in mind that it offers no blocking protection; it simply tells you what is going on, and that tool is NETSTAT.

  5. #15
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    ## Netstat: Your first line of defence ##

    Netstat is a very fast and reliable method of seeing exactly who or what is connected (or connecting) to your computer. Open up DOS (Start/Programs/MS-DOS Prompt on most systems), and in the MSDOS Prompt, type:

    netstat -a

    (make sure you include the space inbetween the "t" and the "a").

    If you're connected to the Internet when you do this, you should see something like:


    Active Connections

    Proto Local Address Foreign Address State
    TCP macintosh: 20034 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED
    TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT
    TCP macintosh MACINTOSH: 0 LISTENING
    TCP macintosh MACINTOSH: 0 LISTENING
    TCP macintosh MACINTOSH: 0 LISTENING


    Now, "Proto(col)" simply means what kind of data transmission is taking place (TCP or UDP), "Local address" is your computer (and the number next to it tells you what port you're connected on), "Foreign Address" is the machine that is connected to you (and what port they're using), and finally "State" is simply whether or not a connection is actually established, or whether the machine in question is waiting for a transmission, or timing out etc.

    Now, you need to know all of Netstat's various commands, so type:

    netstat ?

    You will get something like this:


    Displays protocol statistics and current TCP/IP network connections.

    NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

    -a Displays all connections and listening ports.
    -e Displays Ethernet statistics. This may be combined with the -s option.
    -n Displays addresses and port numbers in numerical form.
    -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
    -r Displays the routing table.
    -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default.


    Have a play around with the various options, but the most important use of these methods is when you combine them. The best command to use is

    netstat -an

    because this will list all connections in Numerical Form, which makes it a lot easier to trace malicious users....Hostnames can be a little confusing if you don't know what you're doing (although they're easily understandable, as we shall see later). Also, by doing this, you can also find out what your own IP address is, which is always useful.

    Also,

    netstat -b

    will tell you what ports are open and what programs are connecting to the internet.

    ## Types of Port ##

    It would be impossible to find out who was attacking you if computers could just access any old port to perform an important function; how could you tell a mail transfer from a Trojan Attack? Well, good news, because your regular, normal connections are assigned to low, commonly used ports, and in general, the higher the number used, the more you should be suspicious. Here are the three main types of port:

    # Well Known Ports These run from 0 to 1023, and are bound to the common services that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp (Simple Mail Transfer Protocol) so if you find one of these ports open (and you usually will), it's usually because of an essential function.

    # Registered Ports These run on 1024 to 49151. Although not bound to a particular service, these are normally used by networking utilities like FTP software, Email client and so on, and they do this by opening on a random port within this range before communicating with the remote server, so don't panic (just be wary, perhaps) if you see any of these open, because they usually close automatically when the system that's running on them terminates (for example, type in a common website name in your browser with netstat open, and watch as it opens up a port at random to act as a buffer for the remote servers). Services like MSN Messenger and ICQ usually run on these Ports.

    # Dynamic/Private Ports Ranging from 49152 to 65535, these things are rarely used except with certain programs, and even then not very often. This is indeed the usual range of the Trojan, so if you find any of these open, be very suspicious. So, just to recap:


    Well Known Ports 0 to 1023 Commonly used, little danger.
    Registered Ports 1024 to 49151 Not as common, just be careful.
    Dynamic/Private Ports 49152 to 65535 Be extremely suspicious.


    ## The hunt is on ##

    Now, it is essential that you know what you're looking for, and the most common way someone will attack your machine is with a Trojan. This is a program that is sent to you in an email, or attempts to bind itself to one of your ports, and when activated, it can give the user your passwords, access to your hard drive...they can even make your CD Tray pop open and shut. At the end of this Document, you will find a list of the most commonly used Trojans and the ports they operate on. For now, let's take another look at that first example of Netstat....

  6. #16
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    Active Connections

    Proto Local Address Foreign Address State
    TCP macintosh: 27374 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED
    TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT
    TCP macintosh MACINTOSH: 0 LISTENING
    TCP macintosh MACINTOSH: 0 LISTENING
    TCP macintosh MACINTOSH: 0 LISTENING


    Now, straight away, this should make more sense to you. Your computer is connected on two ports, 80 and 27374. Port 80 is used for http/www transmissions (ie for all intents and purposes, its how you connect to the net, although of course it's a lot more complicated than that). Port 27374, however, is distinctly suspicious; first of all, it is in the registered port range, and although other services (like MSN) use these, let's assume that you have nothing at all running like instant messengers, webpages etc....you're simply connected to the net through proxy. So, now this connection is looking even more troublesome, and when you realise that 27374 is a common port for Netbus (a potentially destructive Trojan), you can see that something is untoward here. So, what you would do is:


    1) run Netstat , and use:

    Netstat -a

    then

    Netstat -an

    So you have both Hostnames AND IP addresses.


    ## Tracerouting ##

    Having the attacker's IP is all well and good, but what can you do with it? The answer is, a lot more! It's not enough to have the address, you also need to know where the attacker's connections are coming from. You may have used automated tracerouting tools before, but do you jknow how they work?

    Go back to MSDOS and type


    tracert *type IP address/Hostname here*


    Now, what happens is, the Traceroute will show you all the computers inbetween you and the target machine, including blockages, firewalls etc. More often than not, the hostname address listed before the final one will belong to the Hacker's ISP Company. It'll either say who the ISP is somewhere in there, or else you run a second trace on the new IP/hostname address to see who the ISP Company in question is. If the Hostname that you get back doesn't actually seem to mention an actual geographical location within its text, you may think all is lost. But fear not! Suppose you get a hostname such as

    http://www.haha.com

    Well, that tells us nothing, right? Wrong....simply enter the hostname in your browser, and though many times you will get nothing back, sometimes it will resolve to an ISP, and from there you can easily find out its location and in what areas they operate. This at least gives you a firm geographical location to carry out your investigations in.

    If you STILL have nothing, as a last resort you COULD try connecting to your target's ISP's port 13 by Telnet, which will tell you how many hours ahead or behind this ISP is of GMT, thus giving you a geographical trace based on the time mentioned (although bear in mind, the ISP may be doing something stupid like not having their clocks set correctly, giving you a misleading trace. Similarly, a common tactic of Hackers is to deliberately have their computer's clock set to a totally wrong time, so as to throw you off the scent). Also, unless you know what you're doing, I wouldn't advise using Telnet (which is outside the parameters of this tutorial).

    ## Reverse DNS Query ##

    This is probably the most effective way of running a trace on somebody. If ever you're in a chatroom and you see someone saying that they've "hacked into a satellite orbiting the Earth, and are taking pictures of your house right now", ignore them because that's just bad movie nonsense. THIS method is the way to go, with regard to finding out what country (even maybe what State/City etc) someone resides, although it's actually almost impossible to find an EXACT geographical location without actually breaking into your ISP's Head Office and running off with the safe.

    To run an rDNS query, simply go back to MS-DOS and type

    netstat

    and hit return. Any active connections will resolve to hostnames rather than a numerical format.

    # DNS

    DNS stands for Domain Name Server. These are machines connected to the Internet whose job it is to keep track of the IP Addresses and Domain Names of other machines. When called upon, they take the ASCII Domain Name and convert it to the relevant numeric IP Address. A DNS search translates a hostname into an IP address....which is why we can enter "www.Hotmail.com" and get the website to come up, instead of having to actually remember Hotmail's IP address and enter that instead. Well, Reverse DNS, of course, translates the IP Address into a Hostname (ie - in letters and words instead of numbers, because sometimes the Hacker will employ various methods to stop Netstat from picking up a correct Hostname).

    So, for example,

    298.12.87.32 is NOT a Hostname.
    mail6.bol.net.au IS a Hostname.

    Anyway, see the section at the end? (au) means the target lives in Australia. Most (if not all) hostnames end in a specific Country Code, thus narrowing down your search even further. If you know your target's Email Address (ie they foolishly sent you a hate mail, but were silly enough to use a valid email address) but nothing else, then you can use the Country codes to deduce where they're from as well. You can also deduce the IP address of the sender by looking at the emails header (a "hidden" line of code which contains information on the sender)...on Hotmail for example, go to Preferences, and select the "Full Header's Visible" option. Alternatively, you can run a "Finger" Trace on the email address, at:

    www.samspade.org

    Plus, some ISP's include their name in your Email Address with them too (ie Wanadoo, Supanet etc), and your Hacker may be using an email account that's been provided by a Website hosting company, meaning this would probably have the website host's name in the email address (ie Webspawners). So, you could use the information gleaned to maybe even hunt down their website (then you could run a website check as mentioned previously) or report abuse of that Website Provider's Email account (and thus, the Website that it goes with) to

    [email protected]

    If your Hacker happens to reside in the USA, go to:

    www.usps.gov/ncsc/lookups/abbr_state.txt

    for a complete list of US State abbreviatons.

  7. #17
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    ## List of Ports commonly used by Trojans ##

    Please note that this isn't a complete list by any means, but it will give you an idea of what to look out for in Netstat. Be aware that some of the lower Ports may well be running valid services.

    UDP: 1349 Back Ofrice DLL
    31337 BackOfrice 1.20
    31338 DeepBO
    54321 BackOfrice 2000


    TCP: 21 Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash
    23 Tiny Telnet Server
    25 Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator, WinPC, WinSpy, Kuang2 0.17A-0.30
    31 Hackers Paradise
    80 Executor
    456 Hackers Paradise
    555 Ini-Killer, Phase Zero, Stealth Spy
    666 Satanz Backdoor
    1001 Silencer, WebEx
    1011 Doly Trojan
    1170 Psyber Stream Server, Voice
    1234 Ultors Trojan
    1243 SubSeven 1.0 - 1.8
    1245 VooDoo Doll
    1492 FTP99CMP
    1600 Shivka-Burka
    1807 SpySender
    1981 Shockrave
    1999 BackDoor 1.00-1.03
    2001 Trojan Cow
    2023 Ripper
    2115 Bugs
    2140 Deep Throat, The Invasor
    2801 Phineas Phucker
    3024 WinCrash
    3129 Masters Paradise
    3150 Deep Throat, The Invasor
    3700 Portal of Doom
    4092 WinCrash
    4567 File Nail 1
    4590 ICQTrojan
    5000 Bubbel
    5000 Sockets de Troie
    5001 Sockets de Troie
    5321 Firehotcker
    5400 Blade Runner 0.80 Alpha
    5401 Blade Runner 0.80 Alpha
    5402 Blade Runner 0.80 Alpha
    5400 Blade Runner
    5401 Blade Runner
    5402 Blade Runner
    5569 Robo-Hack
    5742 WinCrash
    6670 DeepThroat
    6771 DeepThroat
    6969 GateCrasher, Priority
    7000 Remote Grab
    7300 NetMonitor
    7301 NetMonitor
    7306 NetMonitor
    7307 NetMonitor
    7308 NetMonitor
    7789 ICKiller
    8787 BackOfrice 2000
    9872 Portal of Doom
    9873 Portal of Doom
    9874 Portal of Doom
    9875 Portal of Doom
    9989 iNi-Killer
    10067 Portal of Doom
    10167 Portal of Doom
    10607 Coma 1.0.9
    11000 Senna Spy
    11223 Progenic trojan
    12223 Hack´99 KeyLogger
    12345 GabanBus, NetBus
    12346 GabanBus, NetBus
    12361 Whack-a-mole
    12362 Whack-a-mole
    16969 Priority
    20001 Millennium
    20034 NetBus 2.0, Beta-NetBus 2.01
    21544 GirlFriend 1.0, Beta-1.35
    22222 Prosiak
    23456 Evil FTP, Ugly FTP
    26274 Delta
    30100 NetSphere 1.27a
    30101 NetSphere 1.27a
    30102 NetSphere 1.27a
    31337 Back Orifice
    31338 Back Orifice, DeepBO
    31339 NetSpy DK
    31666 BOWhack
    33333 Prosiak
    34324 BigGluck, TN
    40412 The Spy
    40421 Masters Paradise
    40422 Masters Paradise
    40423 Masters Paradise
    40426 Masters Paradise
    47262 Delta
    50505 Sockets de Troie
    50766 Fore
    53001 Remote Windows Shutdown
    54321 SchoolBus .69-1.11
    61466 Telecommando
    65000 Devil


    ## Summary ##

    The Internet is by no means as anonymous as some people think it is, and although this is to the detriment of people's security online, this also works both ways....it IS possible to find and stop even the most determined of attackers, you just have to be patient and keep hunting for clues which will help you put an end to their exploits.

  8. #18
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    How to remove Hijacker

    --------------------------------------------------------------------------------

    A Hijacker is any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search Hijackers change your search settings. Homepage Hijackers will change your home page to some other site. Error Hijackers will display a new error page when a requested URL is not found. Hijacking has become very common, as these guide illustrate. This guide explains how to clear such hijacks of Microsoft Internet Explorer (IE) manually and how to prevent it by disabling scripting.

    Search Hijacks
    If your Search capability has been hijacked, your use of IE's Search Button (see below) will lead to unexpected (and usually unwanted) results.
    What the hijacker has done is to change four registry keys:
    1. In the Root key HKEY_CURRENT_USER, the key Software\Microsoft\Internet Explorer\Main has a value "Search Page" that has likely been reset to something like "http://www.secret-crush.com/search/search.php"
    2. The value "Search Bar" in this key has also likely been reset to something.
    3. In the Root key HKEY_LOCAL_MACHINE, the key Software\Microsoft\Internet Explorer\Search has a value "SearchAssistant" that has likely been reset to something
    4. The value "CustomizeSearch" in this key has also likely been reset to something.

  9. #19
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    If your Home page changes unexpectedly, you have a "HomePage hijack", and will see this page each time you invoke your browser. What the hijacker has done is to change the registry key:
    * In the Root key HKEY_CURRENT_USER, the key Software\Microsoft\Internet Explorer\Main has a value "Start Page" that has likely been reset to something.
    * In the Root key HKEY_LOCAL_MACHINE, the key Software\Microsoft\Internet Explorer\Main has a value "Start Page" that has likely been reset to something like http://yourbookmarks.ws/

  10. #20
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    IE supports "scripting", a useful but dangerous capability that you will want to disable if you ever visit unknown sites. The scripts that can be run will be Javascript or VBScript, often embedded in a web page you visit. Such scripts can execute ActiveX controls, which can do anything in your machine that any software can do.

    To be stop scripting the easy way, do this: From IE's top menu bar, select the Tools menu. On this menu, choose "Internet Options". It will display a popup dialog box. Click on the Security tab, to see a display like that to the right.

    Each zone has four security levels available, ranging from Low Security to High. IE is configured for Low Security when it is first installed. Medium or High is what you need.


    * High (most secure) Exclude content that could damage your computer.
    * Medium (more secure) Warn before running potentially damaging content.
    * Medium-Low (Same as Medium) No warning before running potentially damaging content.
    * Low Minimal safeguard and warning before running potentially damaging content.



    For the Internet Setting, move the slider to "Medium" This will ensure that you are prompted before signed ActiveX controls are run, and unsigned ActiveX controls will not run.

    But it will still allow active scripting. So click on the "Custom Level" button, and follow these instructions:

    Configure IE so that it does not run Active scripts automatically:

    * On the Tools menu, click Internet Options, click the Security tab, click the Internet Web content zone, and then click Custom Level.
    * In the Settings box, scroll down to the Scripting section, and click Disable under Active scripting and Scripting of Java applets.
    * Click OK, and then click OK again.

    Configure IE so that it does not automatically use items that show active content, such as vertical marquees or animations:

    * On the Tools menu, click Internet Options, click the Security tab, click the Internet Web content zone, and then click Custom Level.
    * In the Settings box, click Disable under Download signed ActiveX controls, Download unsigned ActiveX controls, Initialize and script ActiveX controls not marked as safe, Run ActiveX controls and plugins, and Script ActiveX controls marked safe for scripting.
    * Click OK, and then click OK again.


    Verify that IE's internal Java Just-In-Time (JIT) compiler is disabled:


    * On the Tools menu, click Internet Options, click the Advanced tab, and then click to clear the JIT compiler for virtual machine enabled (requires restart) check box under Java VM.
    * Click OK.

    Configure IE so that it does not run Java programs automatically.


    * On the Tools menu, click Internet Options, click the Security tab, click the Internet Web content zone, and then click Custom Level.
    * In the Settings box, click Disable Java under Java Permissions, click OK and then click OK again.

Page 2 of 6 FirstFirst 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •