How To Start Penetration Testing by Web Application Hacking.

Hello Guys,

Being a hacker is exciting but it is more of Responsible task.
To start learning new things, you must be aware of what's going on in background while hacking foreground.
So,To enrich your Tech-hunger and learn hacking,This is a step toward being Hacker.

Anyways Let's go to Core Part,

Today , we 're going to learn about Web Application Hacking.


As per Wikipedia.org ,

Web Application:

A web application is an application that is accessed over a network such as the Internet or an intranet. The term may also mean a computer software application that is coded in a browser-supported language (such as JavaScript, combined with a browser-rendered markup language like HTML) and reliant on a common web browser to render the application executable."

There are several projects which helps to learn and provide sample hacking application for Techno-geek and Penetration Testers,Among them;These are several projects which can be found helpful.

• Gruyere (live) -- http://google-gruyere.appspot.com/
  
• FreeBank Online(live) -- http://zero.webappsecurity.com/
  
• Crack Me Bank (live) -- http://crackme.cenzic.com/
  
• Acunetix Acublog -- http://testaspnet.vulnweb.com (registration required)
  
• Hacme Tools -- http://www.foundstone.com/us/resources/proddesc/
  

• WebGoat -- http://www.owasp.org/index.php/OWASP_WebGoat_Project

These tools provide in-built Web-Server and Framework to test hacking application.

For a newbie,I would recommend "WebGoat" or "Acuentix".

WebGoat is built upon Java framework,So to install it requires JRE (Java Runtime Environment)has built-in Apache Tomcat Web-Server installed.

It provides several attack systems like SQL Injection,XSS (cross site scripting) attack practice,Firewall Bypassing,Man in The Middle Attack etc.
It provides deep information regarding Web Application and Its Security features.These feature makes it unique,

1. It has buit in Web Server
2. It provides Solution along with Problem
3. It is Open source Software.
4. It provides source of framework along with application.
5. It gives hints whenever some difficulty occur with one click

To install WebGoat,I would recommend using Virtual OS by VMware Or Virtual box as it makes our OS tremendously vulnerable to attack.
 
Download:

For Virtual Sessions :

1) Virtual Box : www.virtualbox.org

or

2) VMware : www.vmware.com

  
So,Its end of post.Meet you guys next time.Till then Have safe hacking and Bring endeavor to satisfy your Techno-lust.

For Query,Post a Comment.

Nirmal Kantharia

 (Nirmal.kantharia@gmail.com)

 

Spyware:

     



There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers.

What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Known spywares:
There are thousands out there, new ones are added to the list everyday.

But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink,Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), NewDotNet, Realplayer, Songspy, Xupiter,WebHancer, Windows Messenger Service.

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.

Check Here:
http://www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.

Try: Google Toolbar (http://toolbar.google.com/)
(Freeware)

Try: AdMuncher (http://www.admuncher.com) This program is Shareware.
Try:Adblock Plus(Firefox addon...You might get it in Google Chrome also)

If you want to remove the "spyware" try these.

Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/)
(Freeware)
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them.

Try: Spybot-S&D (http://www.safer-networking.org/)
(Freeware)
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries.

Try: BPS Spyware and Adware Remover
(http://www.bulletproofsoft.com/spyware-remover.html)
(Shareware)
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php)
(Shareware)
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.

Try: HijackThis 1.97.7
(http://www.spywareinfo.com/~merijn/downloads.html)
(Freeware)
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.


If you would like to prevent "spyware" being install.

Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html)
Info: SpywareBlaster doesn't scan and clean for so-called spyware, but prevents it from being installed in the first place.It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) (Freeware)
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

Try: XP-AntiSpy (http://www.xp-antispy.org/)
(Freeware)
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.

Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree)
(Freeware)
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

If you would like more Information about "spyware".
Check these sites.
http://www.spychecker.com/
http://www.spywareguide.com/
http://www.cexx.org/adware.htm
http://www.thiefware.com/links/
http://simplythebest.net/info/spyware.html

Usefull tools...
Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm)
(Freeware)
Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.

----------------------------------------------------------------------------

     

Have Fun Hacking,
Nirmal kantharia.

Increase Your Modem Speed

     

==========================================
Hack Your Modem And Increase Your Download Speed:



Hack Your Modem and Increase Your Download Speed from 64Kbps to any Speed You Wish.

Most of us will be feeling that the surfing speed which is allocated by our ISP is not enough. People with 64Kbps will think 128Kbps will be cool speed. People with 128Kbps will think 256Kbps will be cool and so on

This tutorial will teach you how to increase your 64Kbps link to 512Kbps or what ever speed you like.

It is very much possible to do this. With a bit of luck if your Cable Internet Service Provider are very uneducated on how this very new technology works and leave some key loopholes open for you to grab vital information on how to accomplish this task. But this tutorial will no guarantee you 100% success.

Okay here we go. I'm going to try to explain you as best as I can to accomplish re-configuring your SB5100, SB4100 or SB3100 cable modem

Theory of cable modem working:

All the cable modems when it boots up it will search for an "Image file" where in all configuration like your upload speed limit and download speed limit is defined. This "Image file" is stored in ISP`s TFTP server. Modem will be pre-configured with the ISP`s TFTP server IP address and the Image file name to be downloaded. When the modem boots up it query TFTP server and download Image file from TFTP server according to this this our speed limits will be set.

Our Mission:

Get this Image file from ISP`s TFTP server, reconfigure it according to our need and force our modem to download this file from our Computer rather than downloading it from our ISP`s TFTP server.

Steps to accomplish:

1). Get cable modems MAC address

2). Get your ISPs TFTP server IP address

3). Get name and path of the "configuration file" or Image file stored in the ISP`s TFTP server.

4). Download Image file from ISP`s TFTP server.

5). Decrypt the Image file which you downloaded from ISP`s TFTP server

6). Modify the Image file

7). Encrypt the modified Image file

8). Change your computer's TCP configuration same as ISP`s TFTP server (i.e. IP address same as ISP`s TFTP server)

9). Host TFTP server in your computer

10). Put Image file in the base directory of your TFTP

11). Restart your modem

12). Changer your PC's IP back as given by ISP

13). OOPS Done. Start surfing with your new speed

1). Get cable modems MAC address

You can either look at the back of the modem to get this MAC Address or you can logon to your Cable modem with your Web Browser hxxp://192.168.100.1/ . This is internal HTML pages stored within your DOCsis cable modem (SB5100, SB4100 and SB3100) that gives you even more vital information on configuration. Unless it is turned off by your ISP. This feature might be totally turned off by your ISP.

2). Get your ISPs TFTP server IP address

3). Get name and path of the "configuration file" or Image file stored in the ISP`s TFTP server.

For getting this vital information you have to do an SNMP walk over your modem. For doing this you can use any one of the tools below

a) There's a program called QUERY.EXE from Weird Solutions which is a BOOTP packet request program that will tell you everything you need to know, without all these extra steps. It will display the Image Filename, TFTP server address, which is really all you need to get started. To use this BOOTP QUERY tool, you need the MAC address of your cable modem

Or

Experts can use Solarwinds SNMP program

Or

c) Beginners can use DOCSIS Diagnosis utility

Or

d) Beginners can use SNMPWALK Tool

use command "snmpwalk 192.168.100.1 public"

NOTE: Use modem's IP address as "192.168.100.1" (SB5100, SB4100 and SB3100) when it asked to provide by any of the above tools. SNMP community is "Public"

Using the above tools you will get the information of your ISP`s TFTP server IP and the name of your "Image file" stored in that TFTP server
All your vital information is stored in this file, One of which is the MaxRateDown 2621440; MaxRateUp 393216;. (This was my ISP settings. Which you can see is similar to what speed I was getting. 40KB/s up and 250 KB/s down)

Among these, the one we need are:
Configuration TFTP Server = 194.*.*..90 (replace this with yours throughout in the doc)
Configuration filename = isrr.bin (replace this with yours throughout in the doc)
And
IP fragments created = 0
IP address.10.xxx.xxx.xxx = 10.xxx.xxx.xxx
IP address.192.168.100.1 = 192.168.100.1 (the IP address of the cable modem, (replace this with yours throughout in the doc)
IP-to-If-index.10.xxx.xxx.xxx = 2

Suggestion: You can do this step by sniffing the modem i.e. "192.168.100.1" when modem boots up. I never tried this method. Try your luck.


4). Download Image file from ISP`s TFTP server.

For doing this got to your command prompt and use below commands with out quotes and bracket.


"C:\tftp -i GET "

Okay now you got Image file from your ISP`s TFTP server.


5). Decrypt the Image file which you downloaded from ISP`s TFTP server.

6). Modify the Image file

7). Encrypt the modified Image file

Use docsis tool which you can download from

http://sourceforge.net/projects/docsis

using this program you can decrypt image file change the upload speed and download speed ,save it and encrypt back. Rename this newly created file same as your original image file.


8). Change your computer's TCP configuration same as ISP`s TFTP server (i.e. IP address same as ISP`s TFTP server)

Go to my network place and right click ->properties
Select your LAN Card right click ->property->Internet Protocol (TCP-IP) double click on it and change it to as following values
Configure your TPC's TCP settings as below
IP: 194.*.*.90 (replace with the ISP's TFTP server)
Netmask: 255.255.255.0
Gateway: 192.168.100.1 (replace with your cable modem's IP address)

Note: Gateway should be 192.168.100.1 then only your modem can communicate with computer.


9). Host TFTP server in your computer

10). Put Image file in the base directory of your TFTP

11). Restart your modem

Download TFTP Server software and host TFTP server in your computer
You can download TFTP server from:

ftp://ftp.ida.net/pub/wireless/tftpd32.exe

Start TFTPD32 server. Go to Settings and set the Security to None. Increase the timeout to 20secs and the Max Retransmit to 6. Choose to translate UNIX filenames. Make sure it's base directory point to where the isrr.bin is (i.e. the image file which you modified). If you need to replicate a directory pathname along with the image file, then make a directory from root that corresponds to the image file pathname.

Restart your modem, and AS SOON as the SEND light goes solid, you should see a receive on your TFTP server i.e. your PC


12). Changer your PC's IP back as given by ISP
13). OOPS Done. Start surfing with your new speed

Now you change your TCP settings of your PC back to normal as given by ISP. (I.e. Put your original IP address and gateway)

Oops you hacked your modem. Test out by downloading some files using DAP (Download accelerator plus)

Note: This speed will remain same until you restart your cable modem. So each time you reboot your modem you have to follow the steps 8,9,10,11 and 12.
==========================================================

P.S: This is not my work...Got from a chat as tutorial.So,I am spreading it.:)

Have Fun Hacking,
Nirmal kantharia.



 

     
     

     
============================================================

How To Bypass Internet Censorship:

Friends,administrator at our college or any public; might have closed internet or have blocked some sites...


Proxy is not so cool but one way to bypass.Excluding it,there are many ways to do so...
Check Out this Site...

http://www.zensur.freerk.com

Enjoy,

Nirmal kantharia.

Comment and critic accepted..:)


============================================================

     
     
      Login with Facebook

Earn Money Online.

Heyy Friends,

Are you a student.Have shortage of Pocket Money.I've faced that problem,too.
There are several ways to earn money online.
But,you know...Now you're a on a way to be " So Called Hacker "..You Probably know about forgery of that..

Even I tried so many times.Made accounts on many sites.
But at the end I got few sites.Which are surely legitimate.
You would surely wanna join this site.

You can earn money online,by just receiving message on your mobile.(I hope,you all have that instrument...You must be talking on that with you Gf/Bf..!)


Just Click on Below Link..! (That will Join you in my friends account)


 

Enjoy,
Nirmal Kantharia

Types Mother Board

Friends, Today We're gonna talk about different types of motherboards available in market..

There are many different motherboard sizes,ranging from Mobile-ITX (60 x 60mm) to WTX (356 x 425mm).

We'll cover the three most common ones –

Most common are ATX or Micro-ATX, but Mini-ITX is becoming increasingly more common.

1]  ATX
              This is the larger of the two most common sizes, and offers the most portability with processor socket.
They almost invariably have six or seven expansion slots and often have more SATA and IDE ports than on a Micro-ATX motherboard.
With more room on the motherboard and more slots, these are usually the choice for building a gaming PC as quite a few ATX motherboards have multiple slots for graphics cards, making it possible to use two or more graphics cards at the same time for greater power.

2]  Micro-ATX
             This motherboard is much more common for less powerful machines.If a person is making you a PC which may means,he's giving away board these kind.

Plus point to it is,It offers a great balance between power and size, most often providing four expansion slots rather than ATX's seven.

The only real difference between ATX and Micro-ATX motherboards is the number of expansion slots and the amount of space on the boards.

3]  Mini-ITX

                These motherboards have really only become particularly common within the last year or two with the introduction of net tops,the desktop equivalent of netbooks, although they have been used for industrial and commercial use for a bit longer than that.

The reason for Mini-ITX computers is simple – a very small, low power computer used for the basic tasks which we use a computer for 90% of the time:
browsing the internet, reading/writing emails, watching the occasional video and maybe doing a bit of word processing etc.

The Mini-ITX motherboard is different from the other two in that it usually has the processor integrated into the motherboard itself.

Furthermore, Mini-ITX motherboards usually have very few SATA ports, rarely have an IDE port, and typically only one expansion slot. As such they're the least flexible and upgradable of all the common motherboard types,but more than make up for it with their diminutive size, relatively low cost and power consumption.

So simply,if you don't want to spend more bucks on laptops,Its the answer.

Boost Your Internet

Friends,First Of All I wanna make sure that,This Work is not mine.
I got it by hacking someone's PC.And thought it would be useful to anyone,That's why I've posted here.
So Let's start...

----------------------------------------------------------------------------------
                       These settings allow you to boost the speed of your broadband Internet connection when using a Cable Modem or DSL Router with Windows 2000 and Windows XP.

1) Open your registry and find the key below.

Create the following DWORD values, as most of these values will not already exist you will need to create them by clicking on 'Edit -> New -> DWORD Value' and then set the value as shown below.

DefaultTTL = "80" hex (or 128 decimal)
Specifies the default time to live (TTL) for TCP/IP packets. The default is 32.

EnablePMTUBHDetect = "0"
Specifies whether the stack will attempt to detect Maximum Transmission Unit (MTU) routers that do not send back ICMP fragmentation-needed messages. The default is 0.

EnablePMTUDiscovery = "1"
Specifies whether the TCP/IP stack will attempt to perform path MTU discovery as specified in RFC 1191. The default is 1.

GlobalMaxTcpWindowSize = "7FFF" hex (or 32767 decimal)
Specifies the system maximum receive window size advertised by the TCP/IP stack.

TcpMaxDupAcks = "2"
Determines the number of duplicate ACKs(Aknowledgement packets) that must be received for the same sequence number of sent data before "fast retransmit" is triggered.

SackOpts = "1"
Enables support for selective acknowledgements as documented by Request for Comment (RFC) 2018. Default is 0.

Tcp1323Opts = "1"
Controls RFC 1323 time stamps and window scaling options. Possible values are: "0" = disable RFC 1323 options, "1" = window scale enabled only, "2" = time stamps enabled only and "3" = both options enabled.

TcpWindowSize = "7FFF" hex (or 32767 decimal)
Specifies the receive window size advertised by the TCP/IP stack. If you have a latent network you can try increasing the value to 93440, 186880, or 372300.

Exit your registry and restart Windows for the changes to take effect.

If you don’t want to edit the registry, here's a little TCP utility that is ideal...

http://www.broadbandreports.com/front/doctorping.zip

----------------------------------------------------------------------------------

Have Fun Hacking.
I'll post as many as I can.But I'll have to halt as some work is  comin' up.
But going by promising to catch ya all later for sure.
So,Meet you guyz later.
Nirmal kantharia

All Trojan Ports

8 ICMP Ping Attack
9 UDP Chargen
19 UDP Chargen
21 TCP FTP service
23 TCP TELNET Service
25 TCP Several trojans use this port
31 TCP Agent 31  Hacker's Paradise
41 TCP Deep Throat
53 TCP DNS service
58 TCP DM Setup
79 TCP Firehotcker
80 TCP Executor
99 TCP Hidden Port 2.0
110 TCP ProMail Trojan
113 TCP Kazimas
121 TCP Jammer Killah
129 TCP Password Generator Protocol
135 TCP UDP Netbios Remote procedure call
137 TCP UDP Netbios name (DoS attacks)
138 TCP UDP Netbios datagram
139 TCP UDP Netbios session (DoS attacks)
146 TCP Infector 1.3
421 TCP Tcp Wrappers
456 TCP Hacker's Paradise
531 TCP Rasmin
555 TCP Stealth Spy  Phaze
666 TCP Attack FTP
911 TCP Dark Shadow
999 TCP DeepThroat
9400 TCP In Command
9999 TCP The Prayer 1.0 - 2.0
1000 TCP Der Spaeher

1001 TCP Silencer  WebEx
1011 TCP Doly Trojan
1012 TCP Doly Trojan
1015 TCP Doly Trojan
1024 TCP NetSpy
1025 UDP Maverick's Matrix
1027 TCP ICQ
1029 TCP ICQ
1032 TCP ICQ
1033 TCP ICQ Trojan
1033 TCP Exploit Descent Manager Module
1042 TCP Rasmin
1045 TCP Rasmin
1080 TCP Socks/Wingate
1090 TCP Xtreme
1170 TCP Voice Streaming Audio
1207 TCP SoftWar
1234 TCP Ultors Trojan
1243 TCP Sub Seven
1245 TCP VooDoo Doll
1257 TCP Sub Seven 2.1
1269 TCP Maverick's Matrix
1492 TCP Ftp 99CMP Trojan
1349 UDP BackOrifice DLL Comm
1394 TCP Gofriller  BackDoor
1492 TCP FTP99CMP
1509 TCP Psyber Streaming Server
1600 TCP Shivka-Burka
1807 TCP SpySender
1981 TCP Shockrave Trojan
1999 TCP BackDoor Trojan
2000 TCP Remote Explorer

2000 UDP Remote Explorer/CallBook
2001 TCP Trojan Cow
2023 TCP Unknown Trojan
2086 TCP Netscape/Corba exploit
2023 TCP Ripper
2115 TCP Bugs
2140 TCP Deep Throat
2140 UDP Deep Throat
2283 TCP Unknown Trojan
2583 UDP Unknown Trojan
2565 TCP Striker
2583 TCP WinCrash
2716 TCP The Prayer 1.2 - 1.3
2721 TCP Phase Zero 
2801 TCP Phineas Phucker
2989 UDP Rat

3024 TCP WinCrash
3129 TCP Master's Paradise
3150 TCP Deep Throat
3150 UDP Deep Throat
3587 UDP ShitHead trojan
3587 TCP ShitHead trojan
3700 TCP Portal of Doom

4092 TCP WinCrash
4321 TCP SchoolBus
4567 TCP File Nail
4590 TCP ICQ Trojan
4950 TCP Unknown trojan
5000 TCP Sokets de Trois v1.

5001 TCP Sokets de Trois v1.
5011 TCP OOTLT
5031 TCP Net Metropolitan
5032 TCP  Net Metropolitan
5321 TCP Firehotcker
5400 TCP Blade Runner
5401 TCP Blade Runner
5402 TCP Blade Runner
5501 UDP
5521 TCP Illusion Mailer
5550 TCP X-Tcp Trojan
5555 TCP ServeMe
5556 TCP BO Facil
5557 TCP BO Facil
5569 TCP Robo-Hack
5666 TCP (PC Crasher)
5742 TCP (WinCrash)

6400 TCP (The Thing)
6667 TCP Sub-7 2.1 (new icq port)
6670 TCP (Deep Throat)
6711 TCP Sub Seven
6712 TCP Sub Seven
6713 TCP Sub Seven
6723 TCP MStream (Attacker to handler)
6771 TCP Deep Throat
6776 TCP Sub Seven
6838 UDP MStream (Agent to handler)
6939 TCP Indoctrination
6969 TCP Gate Crasher  Priority
6970 TCP Gate Crasher
7000 TCP Remote Grab

7028 TCP Unknown trojan
7028 UDP Uknown Trojan
7300 TCP Net Monitor
7301 TCP Net Monitor
7302 TCP Net Monitor
7303 TCP Net Monitor
7304 TCP Net Monitor
7305 TCP Net Monitor
7306 TCP Net Monitor
7307 TCP Net Monitor
7308 TCP Net Monitor
7309 TCP Net Monitor
7323 TCP Sygate Backdoor
7323 UDP Sygate Backdoor
7597 TCP QaZ Trojan Communications
7789 TCP ICKiller
7983 UDP MStream (handler to Agent)

8783 TCP

9325 UDP MStream (agent to handler)
9872 TCP Portal of Doom
9873 TCP Portal of Doom
9874 TCP Portal of Doom
9875 TCP Portal of Doom
9989 TCP iNi-Killer

10067 TCP Portal of Doom
10067 UDP Portal of Doom
10167 TCP Portal of Doom
10167 UDP Portal of Doom
10498 UDP Handler to Agent
10520 TCP Acid Shivers
10607 TCP Coma
10666 UDP Ambush
11000 TCP Senna Spy
11223 TCP Progenic Trojan
12076 TCP GJamer
12223 TCP Hack'99  KeyLogger
12361 TCP TCP Whack-a-mole
12362 TCP TCP Whack-a-mole
12345 TCP Netbus  Ultor's Trojan
12346 TCP Netbus
12361 TCP TCP Whack-a-mole
12362 TCP TCP Whack-a-mole
12456 TCP NetBus
12631 TCP WhackJob
12701 TCP Eclipse 2000
12754 TCP MStream (Attacker to handler)
13000 TCP Senna Spy
13700 TCP Unknown Trojan
15104 TCP MStream (Attacker to handler)
16660 TCP Stacheldraht
16969 TCP Priority
18753 TCP shaft Handler to agent(s)
20000 TCP Millennium
20001 TCP Millennium
20034 TCP (NetBus 2 Pro)
20432 TCP shaft Client to handler(s)
20433 UDP shaft Agent to handler(s)
21544 TCP Unknown Trojan
21554 TCP GirlFriend
22222 TCP Prosiak
20203 TCP Logged!
20331 TCP Unknown Trojan
23456 TCP EvilFTP  UglyFTP
24680 TCP
24680 UDP
26274 TCP Delta Source
26274 UDP Delta Source
27665 TCP Trin00/TFN2K
27374 UDP Sub-7 2.1
27374 TCP Sub-7 2.1
27444 UDP Trin00/TFN2K
27573 UDP Sub-7 2.1
27573 TCP Sub-7 2.1
27665 TCP Trin00 DoS Attack
29891 TCP The Unexplained
30029 TCP AOL Trojan
30999 TCP Kuang2 Trojan
30100 TCP NetSphere
30101 TCP NetSphere
30102 TCP NetSphere
30303 TCP Sockets de Troie
31335 UDP Trin00 DoS Attack
31337 UDP Backorifice/BO-2K
31337 TCP Netpatch
31338 TCP NetSpy DK
31338 UDP Deep BO
31339 TCP NetSpy DK
31666 TCP BOWhack
31785 TCP Hack'a'Tack
31789 UDP Hack'a'Tack
31790 UDP Hack`a'Tack
31791 UDP Hack'a'Tack
32418 TCP Acid Battery
33333 TCP Prosiak
33390 UDP Unknown trojan
34324 TCP BigGluck  TN
34555 UDP Trin00 Ping/Pong Response
33911 UDP Trojan Spirit 2001 
40421 TCP Master's Paradise Trojan
40412 TCP The Spy
40422 TCP Master's Paradise
40423 TCP Master's Paradise
40425 TCP Master's Paradise
40426 TCP Master's Paradise
47252 TCP Delta Source
47262 UDP Delta Source
49301 UDP Online KeyLogger
50505 TCP Sokets de Trois v2.
50766 TCP Fore 1.0 Trojan
50776 TCP Fore
53001 TCP Remote Windows Shutdown
54320 TCP Back Orifice 2000
54320 UDP Back Orifice
54321 TCP School Bus  Back Orifice
54321 UDP Back Orifice 2000
57341 UDP Net Raider Trojan
57341 TCP Net Raider Trojan
60000 TCP Deep Throat
61603 TCP Bunker-Hill Trojan
61348 TCP Bunker-HillTrojan
61466 TCP Telecommando
63485 TCP Bunker-Hill Trojan
65000 TCP Devil
65000 TCP Stacheldraht


Have Fun Hacking.
Nirmal Kantharia

Bandwith

Hacking Basics

Guys,To start with hacking website or a server,you'll require some skill that helps to write your own code.

• First of all, to start hacking.

You'll need a target website.Once you’ve got it, add it for Pinging
[For that,you have to follow these steps(In Windows).
1) Start - Run - cmd
2) type ping "your target website(without quote)"
3) copy that ip address]

• Now, we need to gather information about the website.You have to to Whois lookup.That will gather all information about server.

Go to

http://whois.domaintools.com

& add IP or the website.You’ll see a large amount of information about the website.
Use Google to find even more information about the website.

After all mess up,

• Open Nmap(A tool to hack/get info of online).
  Once you have done that,
   "ip_address nmap –sT –sV"(without quote) in Nmap’s command bar & scan website.]Once done,observe O.S.(Operating System), Ports, Services running on the website server.

• Once done, you’ll need to find banner of the software.
  [Banner: It shows the software & version running on ports.]
  It may chage depending on the OS of server.
  
  • For WIN VISTA & 7:

You need to download & Open Netcat.
[Because Telnet is disabled in WIN VISTA & 7]

Once done type, nc
Ex: nc 127.0.0.1 21
It will show banner with all information.

• For other OS:

Open Telnet[Start > RUN > telnet]

Once done type, O
Ex: O 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
If this doesn’t work you can try the first method.

Once you’ve got the banner, you need to search for vulnerability matching with banner.

• Exploit databases:

Injector_____http://www.inj3ct0r.com/
Milw0rm_____http://www.milw0rm.com
Security Focus_____http://www.securityfocus.com
Osvdb_____http://www.osvdb.org
Cve Mitre_____http://cve.mitre.org
Metasploit_____http://www.metasploit.com

More info:http://www.hackforum.net

Once you’ve got the matching exploit of the same version software.
[If you haven’t got, try another port.]
You need to edit values, compile & run it.

Most common exploit Coders:

• Perl

For perl exploits, Copy the exploit in notepad & save it with .pl extension.
Download & Install, Active Perl:

 http://www.activestate.com/activeperl

Once done, edit the exploit with notepad & double click to run it.

• PHP

For PHP exploits, copy & save it in .php extension.
Download & Install WAMP:


http://www.wampserver.com/en/

Once done, edit the exploit with notepad & execute it from CMD.

• Python

For python exploits, copy & save it in .py extension.
Download & Install python:


http://www.python.org/download

Once done, edit the exploit with notepad & double click to run it.

• C/C++

For C/C++ exploits, copy & save it in notepad.
Download & Install Blood Shed. (Google the link)
Once done, edit the exploit, compile & double click to run it.

If your exploit is successful you will get access to server,
You’ll be able to edit every part of the website.
If your exploit wasn’t successful try with different port, services & software.
You can also use Metasploit web to search exploits.

Fundamentals Of Networking

IP Address:It is an address provided to every computer or nod in network by ISP(Internet Service Provider) to connect to using internet.In VPN(Virtual Private Network ),it may have been provided by server.

Domain Name System (DNS): This allows IP address to be translated to words. It is easier for human being to remember character.
E-mail addresses are also converted by DNS in character or string.

For example, it is much easier for anyone to remember address "facebook.com" than to remember 69.63.189.63.

Dynamic IP Address: One that is not static or other word changing.It is given by your ISP or DHCP(Dynamic Host Configuration Protocol) Server.
Computer will get this number as it logs on to the network and saves you the trouble of having to know details regarding the specific network configurations.
This number can be assigned to anyone using a dial-up connection, Wireless and High Speed Internet(i.e DSL,TSL Cable) connections.

Static IP Address: One that is fixed and never changes.
Most ISP's can offer to assign a single static IP for Some more rupees(or your currency).

IPv4: It is being used by most devices.However,IPv4 IPs are running out quickly.
IPv4 is limited to 4,294,967,296 IPs.

IPv5: This is an experimental protocol for UNIX based systems. In keeping with standard UNIX release conventions, all odd-numbered versions are considered experimental. It was never intended to be used by the general public.

IPv6: The replacement for IPv4.
The estimated number of unique IPs for IPv6 is (340,282,366,920,938,463,463,374,607,431,768,211,456)(Count how many no. are there???!! lolzz) or Base(2)mentisa(128).


If you need any kind of help.Just make sure you comment and publish it.
Have Fun Hacking.
Nirmal Kantharia(man1aachaker)...

1) Character Map - charmap.exe

2) Disk Cleanup - cleanmgr.exe

3) Clipboard Viewer - clipbrd.exe

4) Dr Watson - drwtsn32.exe (Troubleshooting tool)

5) DirectX diagnosis - dxdiag.exe (Diagnose & test DirectX, video & sound cards)

6) Private character editor - eudcedit.exe (allows to create or change characters)

7) IExpress Wizard - iexpress.exe (Create self-extracting)

8) Microsoft Synchronization Manager - mobsync.exe (allow synchronization of files on the network for when working offline)

9) Windows Media Player 5.1 - mplay32.exe (Retro version of Media Player, very basic).

10) ODBC Data Source Administrator - odbcad32.exe (something to do with databases)

11) Object Packager - packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).

12) System Monitor - perfmon.exe (aspect of PC performance, for advanced users only )

13) Program Manager - progman.exe (Legacy Windows 3.x desktop shell).

14) Remote Access phone book - rasphone.exe

15) Registry Editor - regedit.exe (Windows Registry).

16) Network shared folder wizard - shrpubw.exe (create shared folders on network).

17) File siganture verification tool - sigverif.exe

18) Volume Control - sndvol32.exe
 
19) System Configuration Editor - sysedit.exe (modify System.ini & Win.ini just like in Win98! ).

20) Syskey - syskey.exe (Secures XP Account database - Syskey password)

21) Microsoft Telnet Client - telnet.exe

22) Driver Verifier Manager - verifier.exe (  Driver Troubleshooting)

23) Windows for Workgroups Chat - winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).

24) System configuration - msconfig.exe (can use to control starup programs)

25)Policy management - gpedit.msc ( For Policies)

Some RUN Commands For Windows

RUN Menu Commands:
 

1. compmgmt.msc - For Computer management .
2. devmgmt.msc - Device manager.
3. diskmgmt.msc - Disk management.
4. eventvwr.msc - Event viewer.
5. dfrg.msc - Disk defrag.
6. fsmgmt.msc - Shared folders.
7. gpedit.msc - Group policies.
8. lusrmgr.msc - Local users and groups.
9. perfmon.msc - Performance monitor.
10. rsop.msc - Resultant set of policies.
11. secpol.msc - Local security settings.
12. services.msc - Various Services.
13. msconfig - System Configuration Utility.
14. regedit - Registry Editor.
15. msinfo32 - System Information.
16. sysedit - System Edit.
17. win.ini - Windows loading information.
18. system.ini - Likewise win.ini.
19. winver - Shows current version of windows.
20. mailto: - Open default email client.
21. cmd - Open command prompt

How To Add Banner in Windows XP