Trick To Make Computer Speak Whatever You Type

This is an amazing trick to amaze your friends.By using this trick you can make your computer to speak whatever you type.This trick is working on all microsoft operating system and does not require any programming skills.You have to follow just simple steps and your own Text to Voice software will be ready.If you show this software to any of your friends he will be certainly impressed with you .
Ok,the trick is fairly simple and requires only 3 simple steps from your side.Let’s Begin the tutorial with screenshots to Make Your Computer Speak Whatever You Type


1.Open Notepad and copy and paste the following code into it

Dim message, sapi
message=InputBox("What do you want me to say?","Speak to Me")
Set sapi=CreateObject("sapi.spvoice")
sapi.Speak message

2.Now save the notepad file with the name speak.vbs at your desktop.
3.Now double click on speak.vbs type in the box whatever you want your computer to speak for you.

Its a really funny trick to impress everybody with your computer skills

ref : http://www.pctipstricks.net

Download FL Studio 10.0

FL Studio is one of the world's most popular and exciting music production systems. Everything you need in one package to compose, arrange, record, edit, mix and master professional quality music.


Image-Line have developed FL Studio for over 12 years now and we know music software. Compatibility, connectivity and open standards are the life-blood of producer/musicians. FL Studio will play any sample file (WAV), run plugins (software synthesizers, VSTi & DXi) or MIDI instruments. You will be creating WAV, MP3, OGG or MIDI songs, beats or loops only minutes after launching it.
you can free download FL Studio 10.0 now.

How to hide files in JPEG pictures

If you’re looking to hide files on your PC hard drive, you may have read about ways to encrypt folders or change the attributes on a file so that they cannot be accessed by prying eyes. However, a lot of times hiding files or folders in that way requires that you install some sort of software on your computer, which could then be spotted by someone else.
I’ve actually written quite a few articles on how you can hide files and folders in Windows XP and Vista before, but here I’m going to show you a new way to hide files that is very counter-intuitive and therefore pretty safe! Using a simple trick in Windows, you can actually hide a file inside of the JPG picture file!
You can actually hide any type of file inside of an image file, including txt, exe, mp3, avi, or whatever else. Not only that, you can actually store many files inside of single JPG file, not just one! This can come in very handy if you need to hide files and don’t want to bother with encryption and all that other technical stuff.

Hide File in Picture

In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. You can download either of these two off the Internet and use them without having to pay anything. Here are the steps for creating your hidden stash:

• Create a folder on your hard drive, i.e. C:\Test and put in all of the files that you want to hide into that folder. Also, place the image that you will be using to hide the files in.

• Now select all of the files that you want to hide, right-click on them, and choose the option to add them to a compressed ZIP or RAR file. Only select the files you want to hide, not the picture. Name it whatever you want, i,e. “Hidden.rar”.

• Now you should have a folder that looks something like this with files, a JPG image, and a compressed archive:

• Now here’s the fun part! Click on Start, and then click on Run. Type in “CMD” without the quotes and press Enter. You should now see the command prompt window open. Type in “CD \” to get to the root directory. Then type CD and the directory name that you created, i.e. “CD Test“.

• Now type in the following line: “copy /b DSC06578.JPG + Hidden.rar DSC06578.jpg” and press Enter. Do not use the quotes. You should get a response like below:

Just make sure that you check the file extension on the compressed file, whether it is .ZIP or .RAR as you have to type out the entire file name with extension in the command. I have heard that some people say that they have had problems doing this with a .ZIP extension, so if that doesn’t work, make sure to compress to a .RAR file.
And that’s it! The picture file will have been updated with the compressed archive inside! You can actually check the file size of the picture and see that it has increased by the same amount as the size of the archive.
You can access your hidden file in two ways. Firstly, simply change the extension to .RAR and open the file using WinRAR. Secondly, you can just right-click on the JPG image and choose Open With and then scroll down to WinRAR. Either way, you’ll see your hidden files show up that you can then extract out.

That’s it! That is all it takes to hide files inside JPG picture files! It’s a great way simply because not many people know it’s possible and no one even thinks about a picture as having to the ability to “hide” files. Enjoy!

Ref :  www.online-tech-tips.com

Securing Your Computer System

Today, more and more people are using their computers for everything from communication to online banking and investing to shopping. As we do these things on a more regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. Below are a few easy, cost-effective steps you can take to make your computer more secure.

1. Always make backups of important information and store in a safe place separate from your computer.

2. Update and patch your operating system, web browser and software frequently. If you have a Windows operating system, start by going to www.windowsupdate.microsoft.com and running the update wizard. This program will help you find the latest patches for your Windows computer. Also go to www.officeupdate.microsoft.com to locate possible patches for your Office programs.

3. Install a firewall. Without a good firewall, viruses, worms, Trojans, malware and adware can all easily access your computer from the Internet. Consideration should be given to the benefits and differences between hardware and software based firewall programs.
4. Review your browser and email settings for optimum security. Why should you do this? Active-X and JavaScript are often used by hackers to plant malicious programs into your computers. While cookies are relatively harmless in terms of security concerns, they do still track your movements on the Internet to build a profile of you. At a minimum set your security setting for the “internet zone” to High, and your “trusted sites zone” to Medium Low.

5. Install antivirus software and set for automatic updates so that you receive the most current versions.

6. Do not open unknown email attachments. It is simply not enough that you may recognize the address from which it originates because many viruses can spread from a familiar address.

7. Do not run programs from unknown origins. Also, do not send these types of programs to friends and coworkers because they contain funny or amusing stories or jokes. They may contain a Trojans horse waiting to infect a computer.

8. Disable hidden filename extensions. By default, the Windows operating system is set to “hide file extensions for known file types”. Disable this option so that file extensions display in Windows. Some file extensions will, by default, continue to remain hidden, but you are more likely to see any unusual file extensions that do not belong.

9. Turn off your computer and disconnect from the network when not using the computer. A hacker can not attack your computer when you are disconnected from the network or the computer is off.

10. Consider making a boot disk on a floppy disk in case your computer is damaged or compromised by a malicious program. Obviously, you need to take this step before you experience a hostile breach of your system.
FOR MORE INFORMATION, VISIT HERE: WWW.FREEINTERNETTRICK.CO.CC

Fake shutdown trick

There are many easy and prank windows tricks which you can play with your friends and classmates to make them fool . This one is one of my favorite trick which I used to play in my institute and even got punished for it . We will create fake internet explorer icon and whenever someone try to open IE with that icon it will shutdown whole system automatically . Follow these few easy steps :-

1. Right click on desktop and create new shortcut .

2. Then one new pop up will appear , just type these words in it shutdown -s -t 00

3. Now click next and delete shutdown.exe name and type a name for this shortcut like internet explorer and than click finish . This will be the name of that prank icon which will be displayed on desktop .

4. Now lets make it look like original IE icon by replacing shortcut icon image . Right click on that icon than properties and than change icon . Now again you will find one pop up , just click ok and select IE image from option and click ok after selecting it .

Now you will see that shortcut link will look like Internet Explorer icon and whenever someone click on that icon to open internet explorer it will result as shutdown .

How To Block Sites

How to block sites using a number of ways, this trick happened to be someone who asks how to block certain sites on the previous post in comments here. Well no need to elaborate because this article may be long considering I will give you a way how to block sites.

The first way is by using the system on the windows steps go into the following directory:

C: \ WINDOWS \ system32 \ drivers \ etc

then click open the hosts file with notepad, you will find the IP localhost "127.0.0.1 localhost", create a new IP under it by adding a single digit on the last digit to be 127.0.0.2 localhost IP address of the site and then add the block so you want to be like this example "127.0.0.1 www.facebook.com" without http://, then save.

If you want to add sites that you want to block enough to do such as the above step by adding an IP number at the end of localhost in the site name that will follow your blocks.

Step into the 2 way block the site by using the Add-ons mozilla firefox, please you download the Add-ons on the following link: https: / / addons.mozilla.org/en-US/firefox/addon/3145. for mozilla firefox browser user, do you still have your IE Unistall, how to uninstall IE you can read here or here.

Kan pake other browsers can still rich Opera hehe .. ok yes it hindered both to disable a program or membataasi your program can use this method to run the program Run (Windows + R) on the keyboard type gpedit.msc will mauk to the Local Group Policy Editor Users select configuration and then to the Administrative Templates.

Select System on the right side column look for Do not run specified Windows Application click 2 times your window will pop up select enable and click the button will show the new window appears, at this window you are typing the application you want to be locked so as not to run the example Opera.exe , see figure



if it is just click OK and OK. There are more questions like this if it turns out he knows because Opera locked in this way, well if kek gini aja pake software from a more complete product simpliciti aja visit his site, but the pay-mo hehe if a full search in google search software download must be met.

Oh yes also a long way from the articles so used to block sites that are still confused yes yes I am also confused writing this article. Good luck!

Create custom themes in Gmail with your own photo

Themes available in gmail are all beautiful and captivating but if you are yet not satisfied with the available themes then you can create custom themes using your own pic in gmail.  To create your own theme follow the steps given below.

1. Log in to your Gmail account and click on settings.
2. In the settings page click on themes tab.
3. In themes scroll down to the end of the page and click on “Create your own theme”.
4. A new pop up window will open. There you can select your own color combinations for your inbox and a background image for the theme.
5. When you are done just click on the “save” button and then “close”.
6. Now you can see your own custom theme in action in your Gmail account.

Install Windows xp Very Fast

Now, this tip will be very helpful for those who frequently install windows xp operating system. Normally OS installation takes around 40 minutes to complete, but through this trick you can now save 10-15 minutes. This simple tricks goes this way.
1. Boot through Windows XP CD.
2. After all the files are completely loaded, you get the option to select the partition. Select “c”.
3. Now Format the partition, whether it is normal or quick with NTFS or FAT
4. Once the formatting is completed, All the setup files required for installation are copied. Restart your system by pressing Enter.
Now, here begins the Simple trick to save 10-15 minutes.
5. After rebooting, you get a screen where it takes 40 minutes to complete or finalize the OS installation.
6. Now, Press SHIFT + F10 Key ->  This opens command prompt.
7. Enter “Taskmgr” at the command prompt window. This will open Task Manager.
8. Click the Process Tab, here we find a process called Setup.exe -> Right Click on Setup.exe -> Set Priority -> Select High or Above Normal. Initially it will be Normal.
Thats it, no more work to do. Relax your self and see how fast the installation process completes

Dynamic IP vs Static IP

Static IP addressing is for one customer on one IP address and Dynamic IP addressing assigns a different IP address each time the ISP customer logs on to their computer, but this is dependent upon the Internet Service Provider (ISP) because some ISP's only change the IP address as they deem it necessary.
If you have Dynamic IP Addressing through your Website Host it means that you are sharing an IP Address with several other customers.
If you are a beginner on the internet, an avid internet user, are entertaining the thought of starting your own website business, are a gamer, use VOIP or VPN there are several things you should know about IP Addressing.

Static IP Addressing

If you feel the need to always know what your IP address is then you need a Static IP address, because it is constant. Static IP addresses are more reliable for Voice over Internet Protocol (VOIP), more reliable to host a gaming website or to play X-Box, Play Station, use Virtual Private Network for secure access to files from your company network computer, etc. Static IP addresses are also great if you use your computer as a server, as it should give your file server faster file uploads and downloads. Another plus with Static IP's, when hosting a website you are not sharing your IP with another company who sends out a lot of E-mail SPAM and not only has their website been shut down but in turn gets your IP address blacklisted.
In contrast a static IP address can become a security risk, because the address is always the same. Static IP's are easier to track for data mining companies. Static IP addressing is less cost effective than Dynamic IP Addressing.

Dynamic IP Addressing

The biggest advantages of Dynamic IP Addressing are less security risk as the computer is assigned a new IP address each time the customer logs on, they are cost effective and there is automatic network configuration (the less human intervention with network configuration the better). Dynamic addressing is usually used by ISP's so that one IP address can be assigned to several users, however some ISP's use Sticky Dynamic IP Addressing and do not change the IP address very often. Dynamic IP Addressing can be used by families with several computers or by a small business owner who has a home office. The software that comes with a router allows for Dynamic Host Configuration Protocol (DHCP) setup and assigns each computer attached to the router an IP address automatically.
In contrast, Dynamic IP addressing should not be used for VOIP, VPN, playing online games or game hosting because Dynamic IP addressing is less reliable then Static IP addressing and could cause the service to disconnect while you are on a VOIP, VPN or gaming.

Top Five Tips to Secure Website

A secure website is always essential ingredient of peace of mind for both web-master and the end user.These days hundreds of website come alive on the Internet because of high competition and >web hosting that comes with cheap price tag.But, what people do not understand is value of hack-proof website.Recently, according to a survey conducted by PricewaterhouseCoopers in the year 2009, companies are reducing their security related costs primarily due to recession.But, the number no. of victims is growing without any hurdle.This clearly indicates immense need for security.This post describes few most basic yet powerful ways to curb any hazard to your websites.

1)Vulnerability Assessment
A vulnerability scanner is a tool that searches and maps a system or network for different possible weakness and report it with feedback for the use of administrator.They can give you possible web application vulnerabilities like sql injection, XSS and firewall security breach.Nikto is a very useful open source scanner and also you can use Acunetix Web Vulnerability scanner.

2)Penetration Testing
This is part of security testing in which a deliberate and simulated attack is carried out to circumvent security of a system.This is a must to be deployed step for commercial websites.Security can not be full-proof, as secured wordpress web hosting can be compromised with c99 madshell script written in php.

3)Web Application Firewalls
Web application firewalls are essential for larger and advanced websites as these can not be affordable by everyone.These firewalls are specifically designed for fine tuning web application by keeping a check on HTTP traffic and data leakage by residing in between client and server.

4)Client Security Tools
A web-master can do everything from his part to secure a server.But, risk management has to be one of the most important priority.One can never predict about security in the future.So, clients have to advised by web-masters to use some of browser security tool to save themselves from any loss.Such a tool can be XSS me FireFox add on or Internet Explorer 8's in built XSS filter.

5)Application Whitelists
It is a policy that is employed by administrators to document congiguration pf applications put in the whitelist.This way they can detect any unauthorized changes to the server environment.

These are the five ways to put a secured website on the Internet.But, all these are not affordable by everyone.You must be aware of Internet mobs.While choosing a CMS for your website go for something that gets updated quickly with larger user base like Joomla, Nuke, drupal web hosting etc.

Radmin Download

Radmin 3.0 - Main Radmin Viewer windowMain Radmin Viewer window:

* Folders in Radmin phonebook.
* Explorer-like tree view window with Radmin folders.
* Drag and drop of items and folders.
* Radmin phonebook stored in the file.
* Export-import phonebook files.
* Scan for currently accessible Radmin Servers.
* Ability to create desktop shortcuts to phonebook items.
* Options dialog in main window.
* Defaults for new connections in options.
* Global options for Remote Screen, File transfer, Chat, Audio Chat in the main window options.
* Minimize Radmin Viewer’s main window to its tray icon.


Radmin 3.0 - Remote Screen WindowRemote Screen Window:

* Full screen stretched view mode.
* Smooth scaling of the remote screen window.
* Toolbar at the top allows for fast switching between connection modes, sending key combinations, switching view modes and changing current remote monitor.
* Server cursor support in two ways: replace local cursor, draw with screen updates.
* Mouse wheel and additional buttons support.
* Auto mouse scroll in the Remote Screen window.
* Multiple monitors support.
* Support for color modes from 1-bit to 24-bit true color.
* Special keystrokes handling (Alt-Tab, Windows key, etc).
* Configurable keyboard shortcuts for Radmin commands.
* Fast launch of other connections (file transfer, chat, voice, telnet) from the Remote Screen window without re-entering passwords.
* Ability to keep aspect ratio in stretched view.
* Support for Unicode clipboard contents.
* Smooth scaling.


Radmin 3.0 -File Transfer mode:

* Vertical panel splitting.
* Movable toolbar and combo box panels.
* New hotkeys added to: access folder selection menu, sort files and folders, copy selected files and directories, rename files and folders, switch between panes and refresh the active pane.
* Hotkey to open new file transfer window without entering login and password.
* 4GB+ file transfer support.
* Execute files on the local computer.
* File names in Unicode format support.


Radmin 3.0 - New connection modesNew connection modes:

* Multi-user chat.
* Multi-user audio chat.
* Ability to send a message to a server.


Radmin 3.0 - Radmin ServerRadmin Server:

* Unmatched speed and low CPU usage.
* New DirectScreenTransfer technology using new video hook driver.
* Full compatibility with Windows Vista 32 bit.
* Support of Fast User Switching on Windows XP and Vista.
* New optimized network protocol.
* Multiple monitors support.
* Support of sending cursor shape and position.
* New options interface.
* New Radmin security settings interface.
* New Windows security settings interface.
* Logs in HTML format.
* New IP filtering settings interface.
* Select interface language and an option to auto select language.
* Ability to disable specific connection modes.
* Settings for text and voice chat.


Radmin 3.0 - SecuritySecurity:

* Advanced 256-bit AES encryption for all sending and receiving data.
* Kerberos authentication protocol support.
* New Radmin security supports users with individual rights.
* Radmin security uses new authentication method based on Diffie-Hellman key exchange with 2048-bit key size.
* New Windows security settings interface with support for Trusted Domains for Windows NT 4.0 and Active Directory for Windows Vista, Windows XP, Windows 2003, Windows 2000.
* DNS name and user name info added to the log file.
* Five bad passwords sequence security delay.


Radmin 3.0 - Text chatText chat:

* Private instant messaging.
* Multi-user, real time text chat conversations.
* Custom fonts, text color and size, custom nickname.
* New channels including password protected channels.
* Operator can kick out specific users from a chat.
* Create new channels, including password-protected channels.
* Send text messages to multiple users.
* Save chat history in a separate log.
* User-friendly interface, control with the mouse and using hotkeys and text commands.
* 256-bit encryption enabled for all transferred data.


Radmin 3.0 - Voice chatVoice chat:

* Private, real time voice chat conversations (VoIP analog).
* Multi-user, real time voice chat conversations.
* Conference mode with microphone queue.
* Customizable voice quality to save bandwidth and traffic.
* Creating multiple public and private channels.
* Channel protection with user and operator passwords.
* Short text message sending.
* Record conversations to .wav files.
* Set optimum bandwidth for voice chat.
* 256-bit encryption enabled for all transferred data. 

Download Here

Steps To Deface A Webpage

First of all, I do not deface, I never have (besides friends sites as jokes and all in good fun), and never will. So how do I know how to deface? I guess I just picked it up on the way, so I am no expert in this. If I get a thing or two wrong I apoligize. It is pretty simple when you think that defacing is just replacing a file on a computer. Now, finding the exploit in the first place, that takes skill, that takes knowledge, that is what real hackers are made of. I don't encourage that you deface any sites, as this can be used get credit cards, get passwords, get source code, billing info, email databases, etc.. (it is only right to put up some kind of warning. now go have fun ;)

This tutorial will be broken down into 3 main sections, they are as followed:

1. Finding Vuln Hosts.

2. Getting In.

3. Covering Your Tracks

It really is easy, and I will show you how easy it is.

1. Finding Vuln Hosts

This section needs to be further broken down into two catigories of script kiddies: ones who scan the net for a host that is vuln to a certain exploit and ones who search a certain site for any exploit. The ones you see on alldas are the first kind, they scan thousands of sites for a specific exploit. They do not care who they hack, anyone will do. They have no set target and not much of a purpose. In my opinion these people should either have a cause behind what they are doing, ie. "I make sure people keep up to date with security, I am a messanger" or "I am spreading a political message, I use defacments to get media attention". People who deface to get famous or to show off their skills need to grow up and relize there is a better way of going about this (not that I support the ones with other reasons ether). Anyways, the two kinds and what you need to know about them:

Scanning Script Kiddie: You need to know what signs of the hole are, is it a service? A certain OS? A CGI file? How can you tell if they are vuln? What version(s) are vuln? You need to know how to search the net to find targets which are running whatever is vuln. Use altavista.com or google.com for web based exploits. Using a script to scan ip ranges for a certain port that runs the vuln service. Or using netcraft.com to find out what kind of server they are running and what extras it runs (frontpage, php, etc..) nmap and other port scanners allow quick scans of thousands of ips for open ports. This is a favorate technique of those guys you see with mass hacks on alldas.

Targetted Site Script Kiddie: More respectable then the script kiddies who hack any old site. The main step here is gathering as much information about a site as possible. Find out what OS they run at netcraft or by using: telnet www.site.com 80 then GET / HTTP/1.1 Find out what services they run by doing a port scan. Find out the specifics on the services by telnetting to them. Find any cgi script, or other files which could allow access to the server if exploited by checking /cgi /cgi-bin and browsing around the site (remember to index browse)

Wasn't so hard to get the info was it? It may take awhile, but go through the site slowly and get all the information you can.

2. Getting In

Now that we got the info on the site we can find the exploit(s) we can use to get access. If you were a scanning script kiddie you would know the exploit ahead of time. A couple of great places to look for exploits are Security Focus and packetstorm. Once you get the exploit check and make sure that the exploit is for the same version as the service, OS, script, etc.. Exploits mainly come in two languages, the most used are C and perl. Perl scripts will end in .pl or .cgi, while C will end in .c To compile a C file (on *nix systems) do gcc -o exploit12 file.c then: ./exploit12 For perl just do: chmod 700 file.pl (not really needed) then: perl file.pl. If it is not a script it might be a very simple exploit, or just a theory of a possible exploit. Just do alittle research into how to use it. Another thing you need to check is weither the exploit is remote or local. If it is local you must have an account or physical access to the computer. If it is remote you can do it over a network (internet).

Don't go compiling exploits just yet, there is one more important thing you need to know

Covering Your Tracks

So by now you have gotten the info on the host inorder to find an exploit that will allow you to get access. So why not do it? The problem with covering your tracks isn't that it is hard, rather that it is unpredictable. just because you killed the sys logging doesn't mean that they don't have another logger or IDS running somewhere else. (even on another box). Since most script kiddies don't know the skill of the admin they are targetting they have no way of knowing if they have additional loggers or what. Instead the script kiddie makes it very hard (next to impossible) for the admin to track them down. Many use a stolden or second isp account to begin with, so even if they get tracked they won't get caught. If you don't have the luxery of this then you MUST use multiple wingates, shell accounts, or trojans to bounce off of. Linking them together will make it very hard for someone to track you down. Logs on the wingates and shells will most likely be erased after like 2-7 days. That is if logs are kept at all. It is hard enough to even get ahold of one admin in a week, let alone further tracking the script kiddie down to the next wingate or shell and then getting ahold of that admin all before the logs of any are erased. And it is rare for an admin to even notice an attack, even a smaller percent will actively pursue the attacker at all and will just secure their box and forget it ever happend. For the sake of arugment lets just say if you use wingates and shells, don't do anything to piss the admin off too much (which will get them to call authoritizes or try to track you down) and you deleting logs you will be safe. So how do you do it?

We will keep this very short and too the point, so we'll need to get a few wingates. Wingates by nature tend to change IPs or shutdown all the time, so you need an updated list or program to scan the net for them. You can get a list of wingates that is well updated at http://www.cyberarmy.com/lists/wingate/ and you can also get a program called winscan there. Now lets say we have 3 wingates:

212.96.195.33 port 23

202.134.244.215 port 1080

203.87.131.9 port 23

to use them we go to telnet and connect to them on port 23. we should get a responce like this:

CSM Proxy Server >

to connect to the next wingate we just type in it's ip:port

CSM Proxy Server >202.134.244.215:1080

If you get an error it is most likely to be that the proxy you are trying to connect to isn't up, or that you need to login to the proxy. If all goes well you will get the 3 chained together and have a shell account you are able to connect to. Once you are in your shell account you can link shells together by:

[ E-mail 00]$ ssh 212.23.53.74

You can get free shells to work with until you get some hacked shells, here is a list of free shell accounts. And please remember to sign up with false information and from a wingate if possible.

SDF (freeshell.org) - http://sdf.lonestar.org

GREX (cyberspace.org) - http://www.grex.org

NYX - http://www.nxy.net

ShellYeah - http://www.shellyeah.org

HOBBITON.org - http://www.hobbiton.org

FreeShells - http://www.freeshells.net

DucTape - http://www.ductape.net

Free.Net.Pl (Polish server) - http://www.free.net.pl

XOX.pl (Polish server) - http://www.xox.pl

IProtection - http://www.iprotection.com

CORONUS - http://www.coronus.com

ODD.org - http://www.odd.org

MARMOSET - http://www.marmoset.net

flame.org - http://www.flame.org

freeshells - http://freeshells.net.pk

LinuxShell - http://www.linuxshell.org

takiweb - http://www.takiweb.com

FreePort - http://freeport.xenos.net

BSDSHELL - http://free.bsdshell.net

ROOTshell.be - http://www.rootshell.be

shellasylum.com - http://www.shellasylum.com

Daforest - http://www.daforest.org

FreedomShell.com - http://www.freedomshell.com

LuxAdmin - http://www.luxadmin.org

shellweb - http://shellweb.net

blekko - http://blekko.net

once you get on your last shell you can compile the exploit, and you should be safe from being tracked. But lets be even more sure and delete the evidence that we were there.

Alright, there are a few things on the server side that all script kiddies need to be aware of. Mostly these are logs that you must delete or edit. The real script kiddies might even use a rootkit to automaticly delete the logs. Although lets assume you aren't that lame. There are two main logging daemons which I will cover, klogd which is the kernel logs, and syslogd which is the system logs. First step is to kill the daemons so they don't log anymore of your actions.

[ E-mail ]# ps -def | grep syslogd

[ E-mail ]# kill -9 pid_of_syslogd

in the first line we are finding the pid of the syslogd, in the second we are killing the daemon. You can also use /etc/syslog.pid to find the pid of syslogd.

[ E-mail ]# ps -def | grep klogd

[ E-mail ]# kill -9 pid_of_klogd

Same thing happening here with klogd as we did with syslogd.

now that killed the default loggers the script kiddie needs to delete themself from the logs. To find where syslogd puts it's logs check the /etc/syslog.conf file. Of course if you don't care if the admin knows you were there you can delete the logs completely. Lets say you are the lamest of the script kiddies, a defacer, the admin would know that the box has been comprimised since the website was defaced. So there is no point in appending the logs, they would just delete them. The reason we are appending them is so that the admin will not even know a break in has accurd. I'll go over the main reasons people break into a box:

To deface the website. - this is really lame, since it has no point and just damages the system.

To sniff for other network passwords. - there are programs which allow you to sniff other passwords sent from and to the box. If this box is on an ethernet network then you can even sniff packets (which contain passwords) that are destine to any box in that segment.

To mount a DDoS attack. - another lame reason, the admin has a high chance of noticing that you comprimised him once you start sending hundreds of MBs through his connection.

To mount another attack on a box. - this and sniffing is the most commonly used, not lame, reason for exploiting something. Since you now how a rootshell you can mount your attack from this box instead of those crappy freeshells. And you now have control over the logging of the shell.

To get sensitive info. - some corperate boxes have alot of valueable info on them. Credit card databases, source code for software, user/password lists, and other top secret info that a hacker may want to have.

To learn and have fun. - many people do it for the thrill of hacking, and the knowledge you gain. I don't see this as horrible a crime as defacing. as long as you don't destroy anything I don't think this is very bad. Infact some people will even help the admin patch the hole. Still illegal though, and best not to break into anyone's box.

I'll go over the basic log files: utmp, wtmp, lastlog, and .bash_history

These files are usually in /var/log/ but I have heard of them being in /etc/ /usr/bin/ and other places. Since it is different on alot of boxes it is best to just do a find / -iname 'utmp'|find / -iname 'wtmp'|find / -iname 'lastlog'. and also search threw the /usr/ /var/ and /etc/ directories for other logs. Now for the explanation of these 3.

utmp is the log file for who is on the system, I think you can see why this log should be appended. Because you do not want to let anyone know you are in the system. wtmp logs the logins and logouts as well as other info you want to keep away from the admin. Should be appended to show that you never logged in or out. and lastlog is a file which keeps records of all logins. Your shell's history is another file that keeps a log of all the commands you issued, you should look for it in your $ HOME directory and edit it, .sh_history, .history, and .bash_history are the common names. you should only append these log files, not delete them. if you delete them it will be like holding a big sign infront of the admin saying "You've been hacked". Newbie script kiddies often deface and then rm -rf / to be safe. I would avoid this unless you are really freaking out. In this case I would suggest that you never try to exploit a box again. Another way to find log files is to run a script to check for open files (and then manually look at them to determine if they are logs) or do a find for files which have been editted, this command would be: find / -ctime 0 -print

A few popular scripts which can hide your presence from logs include: zap, clear and cloak. Zap will replace your presence in the logs with 0's, clear will clear the logs of your presence, and cloak will replace your presence with different information. acct-cleaner is the only heavily used script in deleting account logging from my experience. Most rootkits have a log cleaning script, and once you installed it logs are not kept of you anyways. If you are on NT the logs are at C:winNTsystem32LogFiles, just delete them, nt admins most likely don't check them or don't know what it means if they are deleted.

One final thing about covering your tracks, I won't go to into detail about this because it would require a tutorial all to itself. I am talking about rootkits. What are rootkits? They are a very widely used tool used to cover your tracks once you get into a box. They will make staying hidden painfree and very easy. What they do is replace the binaries like login, ps, and who to not show your presence, ever. They will allow you to login without a password, without being logged by wtmp or lastlog and without even being in the /etc/passwd file. They also make commands like ps not show your processes, so no one knows what programs you are running. They send out fake reports on netstat, ls, and w so that everything looks the way it normally would, except anything you do is missing. But there are some flaws in rootkits, for one some commands produce strange effects because the binary was not made correctly. They also leave cenzurat (ways to tell that the file is from a rootkit). Only smart/good admins check for rootkits, so this isn't the biggest threat, but it should be concidered. Rootkits that come with a LKM (loadable kernel module) are usually the best as they can pretty much make you totally invisible to all others and most admins wouldn't be able to tell they were comprimised.

In writting this tutorial I have mixed feelings. I do not want more script kiddies out their scanning hundreds of sites for the next exploit. And I don't want my name on any shouts. I rather would like to have people say "mmm, that defacing crap is pretty lame" especially when people with no lives scan for exploits everyday just to get their name on a site for a few minutes. I feel alot of people are learning everything but what they need to know inorder to break into boxes. Maybe this tutorial cut to the chase alittle and helps people with some knowledge see how simple it is and hopefully make them see that getting into a system is not all it's hyped up to be. It is not by any means a full guide, I did not cover alot of things. I hope admins found this tutorial helpful aswell, learning that no matter what site you run you should always keep on top of the latest exploits and patch them. Protect yourself with IDS and try finding holes on your own system (both with vuln scanners and by hand). Also setting up an external box to log is not a bad idea. Admins should have also seen alittle bit into the mind of a script kiddie and learned a few things he does.. this should help you catch one if they break into your systems.

On one final note, defacing is lame. I know many people who have defaced in the past and regret it now. You will be labeled a script kiddie and a lamer for a long, long time.

By b0iler

http://hacking.3xforum.ro/post/244/1/How_To_Deface_A_Website