Thursday, June 21, 2007

User's Guide to Avoiding Virus Infections

Computer viruses are everywhere! This guide will show you how to stay alert and how to avoid getting infections on your computer. Having an updated virus scanner is only a small part of this, there are many ways that you can prevent having viruses other than a virus scanner, as it will not always save you.


Types of viruses
There are many type of viruses. Typical viruses are simply programs or scripts that will do various damage to your computer, such as corrupting files, copying itself into files, slowly deleting all your hard drive etc. This depends on the virus. Most viruses also mail themselves to other people in the address book. This way they spread really fast and appear at others' inboxes as too many people still fall for these. Most viruses will try to convince you to open the attachment, but I have never got one that tricked me. In fact, I found myself emailing people just to make sure they really did send me something. It does not hurt to be safe.


Worms
Worms are different type of viruses, but the same idea, but they are usually designed to copy themselves a lot over a network and usually try to eat up as much bandwidth as possible by sending commands to servers to try to get in. The code red worm is a good example of this. This worm breaks in a security hole in Microsoft IIS (Internet Information Server) in which is a badly coded http server that, despite the security risks, a lot of people use it. When the worm successfully gets in, it will try to go into other servers from there. When IceTeks was run on a dedicated server at my house, there was about 10 or so attempts per day, but because we ran Apache, the attempts did not do anything but waste bandwidth and not much as I had it fixed a special way. Some worms such as the SQL slammer will simply send themselves over and over so many times that they will clog up networks, and sometimes all of the internet. Worms usually affect servers more than home users, but again, this depends on what worm it is. It is suspected that most worms are efforts from the RIAA to try to stop piracy, so they try to clog up networks that could contain files. Unfortunately, the RIAA have the authority to do these damages and even if caught, nothing can be done.


Trojans
Trojans are another type of virus. They are simply like a server in which enables hackers to get into and control the computer. A trojan such as Subseven can enable a hacker to do various things such as control the mouse, eject the cd-rom drive, delete/download/upload files and much more.


MBR virues
Boot sector viruses are another type, they are similar to file viruses, but instead they go in the boot sector and can cause serious damage when the computer is booted, some can easily format your drive simply by booting your computer. These are hard to remove.


Most viruses have various characteristics. For example, a worm can also be a trojan and also infect the boot sector. It all depends on how the virus is written and what it is designed to do. That's why there are not really strong structured categories, as they can easily mix one in the other.


Know the potentially dangerous files
Like any other files, viruses must be opened in order to do something. Most viruses come through e-mail as an attachment. Some will make it look like it's someone you know, and it will try to convince you to open an attachment. Never open attachments at any cost! Some viruses will infect files in programs, so opening a program will actually open the virus, maybe the same one, or another part of it.


All files have what is called an extension; This is the 3 last letters after the last period. For example, setup.exe has a file extension of .exe.


Extensions to watch out for are .exe .com .bat .scr .pif .vbs and others, but these are the most seen. .exe .com .bat .pif and .scr are valid extensions for executables. A virus writer will simply rename it to one of these and it will work the same way. .pif is a shortcut to an ms-dos program and will have the ms dos icon, but will still execute whatever code is in it, so an .exe can be renamed to .pif and be run the same way. .bat is a batch file, which can contain instructions to do various file activities, but again, a .exe can be renamed to .bat and it will execute it! .vbs is a visual basic script. For some reason, Microsoft provides this scripting language along with the scripting host to make it more convenient to design and write viruses quickly and easily, I've never seen another use for this scripting language other than for writing viruses. There are programs that are written with that language, but it is compiled into an exe. Exe is the usual extension for programs, you would not have a software CD install a bunch of vbs files all over!


Bottom line is, if you don't know what a file is just don't open it. Some viruses will sometimes be named a way as to mask the real file extension to make it look like a harmless file such as a image file. This is easily noticed, but can still be missed. Simply don't open unexpected files.


If you get something that appears like something legit, just ask the person it came from if they sent it. Most viruses use a friend's address to make it look like it comes from them. The virus does this by using the person's address when sending itself to the address book contacts.


Downloads
Email is not the only way to get viruses; P2P (file sharing programs such as kazaa, winmx, direct connect etc) is also another way to get viruses.


When downloading programs, the main thing to watch out for is the file size. If you are downloading a program that you expect to be rather large such as a game, don't grab a file that is 10KB, since it's most likely a virus. However, I've been caught with a virus even with large files, so file size is not the only thing to watch, as an exe is still valid even if junk is added at the end, so a 64KB virus will still function even if it is turned into 650MB.


Icons are something to look for too, fortunately, virus writers don't take time to put icons. If your download should be a setup file, you should see the icon of a setup file. If it's just the blank icon that typical plain or corrupted exes have, don't open it.


Another thing to do, which should be obvious, is to scan the file for viruses using updated virus definitions. But don't rely on only your virus scanner, as they are not perfect, and if the virus has not been reported to them yet, they won't know to create a definition for it!


Changing settings to stay safe
If you do open a virus, you want to avoid it going to all your friends. The simplest thing to do is to NOT use the windows address book. It is easy for viruses to get through and Microsoft is not doing anything about it. Just don't use it. Put them in spreadsheet or even better write them down somewhere. Don't use the address book.


Another "feature" to avoid is the auto preview. Some viruses can attempt to open themselves just by opening the email. There are security holes in Microsoft mail programs that allow this. In Microsoft Outlook, click on the view menu and remove auto preview. You need to do this for every folder, but the inbox is most important. In Outlook Express, click on the view menu and go to layout. In the dialog box, you will see a check box for show preview pane. Uncheck it and click ok.


Another thing you should change, especially if you download a lot, is the option that allows you to view the file extension. In Win98, go in any folder, click on view then folder options and choose the view tab and where it says hide file extension for known types, uncheck it. In win2k, it is the same process, but instead, go in the control panel and open the folder options icon.


Avoiding server worms
Some viruses, mostly worms, can exploit through servers and affect other servers from servers that have been infected. A good example is the SQL slammer. This was a worm that affected SQL servers run by Microsoft IIS and Microsoft SQL Server. Once the worm gets in, that particular server starts trying to find more exploitable driving internet connections to a halt in the process. Servers running Apache were unaffected by that, except for the many hits to try to get in. IceTeks received about 100 hits per day when it was run on a dedicated home server. Most hits came from major ISPs and other big websites that had no clue they were still affected.


The simple solution to avoid these types of viruses is to NOT use Microsoft based server software for your server, especially if it is a public server. The operating system is also crucial, but the actual server software is much more. Apache, which is free, is much more secure than Microsoft based server programs such as IIS. IIS may be easier to understand and administer, but it saves a lot of hassle to learn how to use Apache. IIS has a large number of vulnerabilities, such as the ability to gain access to cmd.exe and basically delete the whole drive by doing a ../ request in the address bar. These don't require viruses, but simply commands, but there are worms written to automatically make these commands. The code red does this.


Removing a virus
The best way to do this is to do a clean install. However, depending on how bad the virus is, a simple clean install won't remove it. So to be extra sure, you'll want to do a low level format. This is especially true of you got a boot sector virus, as even repartitioning and formatting won't quite remove it, but sometimes you can get away with an fdisk /mbr, but not all the time. here are various removal tools for viruses, it is good to use them and see if they work, but proceeding with the clean install is recommended. You never know if the virus is completely removed by deleting files you suspect are infected. Some viruses such as the Bugbear will close anti virus programs and other programs to make it hard and annoying to figure out what to do. A clean install is the best way to ensure that it's gone for good.

Viruses are out there, don't be one of the many infected ones! Stay alert and stay safe! Don't open unexpected files, regularly update your virus definitions and scan downloaded files!

How to install System restore on server 2003

Before we begin, you'll need an XP CD. Doesn't matter if it's home or pro. It shouldn't matter if it has a service pack on it, since all the files will be the same source. In testing i used a slipstreamed cd that already had sp1 on it.

In XP, system restore is installed in syssetup.inf under the inf.always section. If you have XP installed, you can open up %windir%\inf\syssetup.inf and search for [Infs.Always], you'll see the section xp looks at for installing system components. You'll notice it has sr.inf, this is the inf for system restore. For server 2003, if you look at syssetup.inf you won't find sr.inf. This doesn't mean system restore won't work in server 2003, it just means they didn't install it.

So first what we're going to need to do is right click on sr.inf and select 'install', to install it on server 2003. If you have xp installed on another computer/partition you can just right click on it. If you don't, then extract \i386\sr.in_ from the XP cd to your desktop, then right click on it and select 'install'. It'll prompt you where the files are, point it to the XP CD. Once done, it'll prompt to restart, say yes.

That was easy, the next part is the tricky part. After restarting you'll get an error saying the service couldn't start. Specifically the error is error 1068. I searched google and found this link -
CODE
http://www.aerdyne.com/Kbase/article_000005.htm.

The error basically means it cannot run under the service it's on. In system restore's case, it runs under the network service. I know this because in services.msc, for path to executable, it says this: C:\WINDOWS\system32\svchost.exe -k netsvcs. This got me thinking so i opened up sr.inf, and found this line:

[SRSvc_delreg]
HKLM,"Software\Microsoft\Windows NT\CurrentVersion\SvcHost","SRGroup"

I opened up regedit, and this registry key didn't exist. So it seems the sr.inf doesn't register system restore to run under the network services group. Using the above registry key as an example, i opened regedit and went to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost

On the right hand side i saw netsvcs. I double clicked on it, but saw SRService no where (SRService is the name for system restore). On a hunch, at the bottom i added SRService, rebooted, and this time got no error on startup. I opened up rstrui.exe, and system restore opened fine. I also had a System restore tab in system properties now too. I was able to make a restore point fine, then restore the computer to it without any problems. So in the above key, you want to double click on netsvcs, and at the bottom of the list, you want to type in SRService (probably case sensitive).

If you're not good with the registry you can save the following as a whatever.reg file and import it, but because it's binary i can't say if it'll work. I recommend manually adding SRService to the netsvcs key.

---copy below to whatever.reg then double click on it -----

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,00,72,00,6f,00,77,00,73,00,65,\
00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,44,00,\
4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,45,00,76,00,65,00,6e,00,74,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,48,00,69,00,64,00,53,00,65,00,\
72,00,76,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,\
00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,\
53,00,65,00,72,00,76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4d,00,65,00,73,00,73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,\
00,6d,00,61,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,\
73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,\
67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,\
00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,\
65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,61,00,63,00,73,00,76,\
00,72,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,53,00,\
65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,4e,00,53,00,00,\
00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,\
00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,\
00,73,00,00,00,54,00,72,00,6b,00,53,00,76,00,72,00,00,00,57,00,33,00,32,00,\
54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,\
00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,\
77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,75,00,61,00,75,00,73,\
00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,\
6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,\
00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,\
6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,\
00,53,00,4e,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,00,00


--- copy above --------------------------------------------------------

That's it! Remember to restart both times.

Little Help for Anonymous Mailer

An anonymous remailer is a computer which has been configured to run remailer software. This software is a specialized kind of email server software. Unlike average email server which goes to great lengths to log all incoming/outgoing traffic and add identifying and traceable info to its outgoing mail (in the form of headers) remailer software ensures that outgoing mail has been STRIPPED CLEAN of any identifying information! Thus the name 'anonymous' remailer.

The remailer performs certain automated tasks which include retrieving mail, decrypting/processing that mail (only mail that is properly encrypted and formatted), obeying the directives within the message and, finally, delivering - remailing - the finished product to a second party in anonymized form. When received by that second party it will reveal only that it was sent from an anonymous source (usually the remailer's name and email address). The IP address shown will be the IP address of the remailer machine.
Using a chain of remailers you can send messages totally anonymous, but you can receive too with a nym, download web pages, send files in FTP, talk in newsgroups, etc...

Remailers protect the privacy and the free speech on-line, because many surveillance systems exist, from marketing to military purpose. The European Parliament scientific unit (STOA) has written up an appraisal of the technologies of political control, beyond the creation of the temporary committee on the ECHELON interception system.

How? Use this tool: https://riot.eu.org/anon/remailer.html.en

How to Keep Files Private

If you want to encrypt the contents of an individual file or directory, Windows XP Pro will do the trick, provided you enable NTFS on your hard drive. To encrypt a file, right-click on it to bring up the Properties window. Click on the Advanced button, then in the Advanced Attributes dialog box click on Encrypt contents to secure data. This will encrypt the file (using either DES, which employs a 56-bit key on each 64-bit block of data, or 3DES, which uses a 56-bit key three times on each 64-bit block of data), and it will provide a certificate just for you. This certificate is key; if you reinstall Windows or otherwise lose your user account, your access to the encrypted files will be gone, too. You need to export your certificates to back them up: For detailed instructions, search on export certificate in Windows Help.

Windows XP does not require you to enter your password when you open the encrypted file. Once you log on to a session, encrypted files are available for you—and anyone who walks up to your system—to view.

Windows XP Home doesn't support this method. Both XP Home and XP Pro, however, let you create password-protected compressed files. To do this, right-click on the desired file and choose Send To | Compressed (zipped) Folder. Open the resulting folder and select Add a Password from the File menu; delete the original file. Note that this encryption is relatively weak. It should dissuade casual users but won't put up much of a fight against someone determined to hack it apart.

Installing IIS On Windows Xp Pro

If you are running Windows XP Professional on your computer you can install Microsoft's web server, Internet Information Server 5.1 (IIS) for free from the Windows XP Pro installation CD and configure it to run on your system by following the instructions below: -

1. Place the Windows XP Professional CD-Rom into your CD-Rom Drive.

2. Open 'Add/Remove Windows Components' found in 'Add/Remove Programs' in the 'Control Panel'.

3. Place a tick in the check box for 'Internet Information Services (IIS)' leaving all the default installation settings intact.

4. Once IIS is installed on your machine you can view your home page in a web browser by typing 'http://localhost' (you can substitute 'localhost' for the name of your computer) into the address bar of your web browser. If you have not placed your web site into the default directory you should now be looking at the IIS documentation.

5. If you are not sure of the name of your computer right-click on the 'My Computer' icon on your desktop, select 'Properties' from the shortcut menu, and click on the 'Computer Name' tab.

6. Your default web directory to place your web site in is 'C:\Inetpub\wwwroot', but if you don't want to over write the IIS documentation found in this directory you can set up your own virtual directory through the 'Internet Information Services' console.

7. The 'Internet Information Services' console can be found in the 'Administration Tools' in the 'Control Panel' under 'Performance and Maintenance', if you do not have the control panel in Classic View.


8. Double-click on the 'Internet Information Services' icon.


8. Once the 'Internet Information Services' console is open you will see any IIS web services you have running on your machine including the SMTP server and FTP server, if you chose to install them with IIS.

9. To add a new virtual directory right click on 'Default Web Site' and select 'New', followed by 'Virtual Directory', from the drop down list.



7. Next you will see the 'Virtual Directory Creation Wizard' from the first screen click the 'next' button.

9. You will then be asked to type in an 'Alias' by which you will access the virtual directory from your web browser (this is the name you will type into your web browser after 'localhost' to view any web pages you place in the directory).

10. Next you will see a 'Browse...' button, click on this to select the directory your web site pages are in on your computer, after which click on the 'next' button to continue.

11. On the final part of the wizard you will see a series of boxes, if you are not worried about security then select them all, if you are and want to run ASP scripts then check the first two, followed by the 'next' button.

12. Once the virtual directory is created you can view the web pages in the folder by typing 'http://localhost/aliasName' (where 'aliasName' is, place the alias you called the virtual directory) into the address bar of your web browser (you can substitute 'localhost' for the name of your computer if you wish).

How to Chain Multiple Proxies

Introduction:
This is a tutorial on chaining proxies for the use of becoming more anonymous while online. There aren’t enough tutorials online about this subject so I decided to make an attempt at writing one. Since it’s on the subject, I included a section on chaining wingates to become anonymous on telnet.
------------------------------------------------------------------------------------

I’m going to assume that most of you have already used a proxy before to hide your real IP address or domain or maybe just used one to surf anonymously online. If you didn’t, well hopefully you can keep up and possibly learn how to use a proxy. Its also best if you know what an IP address or Domain is first, before reading this tutorial. Hmm, I guess I have to show you where to find a proxy too. Well I find that good, updated proxy websites are…

http://www.multiproxy.org/anon_list.htm
http://tools.rosinstrument.com/proxy/

It will be up to you to figure out which ones work or not. I’m not going to do all the work for you icon_smile.gif. You can check and see if the proxy works by going to http://www.privacy.net to see if your IP address changed.
------------------------------------------------------------------------------------

Proxy Servers
A proxy is a server that acts as a gateway between your computer and your destination (website, IRC chat, etc.). These proxies receive requests from users to view, for example, a web page. The proxy will then forward the request to the internet, find your requested page, then send the web page back to you, the user. Most proxies come with a cache (sounds like “cash”) feature that saves former websites that were visited on that proxy. Think of cache as a proxy’s storage room. Each site that you make the proxy visit, it saves in its own storage area (cache). So if the user or someone else requests the same site again later on, the proxy will go back into its cache, find the web page and send it back to the user. This saves time because the proxy doesn’t have to go search the Internet for the web page. It just pulls the site out of its cache.

The use of proxies to stay anonymous is a favorite thing to do among people on the Internet who are either paranoid or just security conscious. The anonymity factor comes from the proxy’s ability to hide your true Internet address. For example, if I were to run a scan on your computer right now, I would get the Internet address that was given to you by your ISP (internet service provider), but if I were to scan you while you were using a proxy, then I would get the Internet address of the proxy server. Basically the whole proxy picture looks like this…

[User]>>>>>[Proxy]>>>>>[Web Pages]

Simple enough, right? Right. So now let’s get to the chaining part.

Proxy Chaining
Proxy chaining is merely connecting to more than one proxy and then to your intended destination. You can use as many proxy servers as you can or want. The more you have, the more anonymous you will be. Remember, it doesn’t matter how many proxies you chain together, you will never be 100% anonymous. Let’s look at an example…

[User]>>>>>[Proxy1]>>>>>[Proxy2]>>>>>[Proxy3]>>>>>[Proxy4]>>>>>[Destination]

The example shows that for a proxy chain to be created, the user must first connect to Proxy1. Once the user is connected to Proxy1, from Proxy1, the user will connect to Proxy2, from Proxy2, the user will connect to Proxy3, from Proxy3, the user will connect to Proxy4, from Proxy4, the user will then connect to the intended destination (web page, Unix server, ftp server, etc.). All together we have 4 proxies in this example. Each proxy is a link in the chain. If the user would be scanned while on the proxy chain in the example, the IP address or domain of Proxy4 would appear on the scan. Now the problem with proxies is they tend to “die out” in a few weeks or less. It all depends. So if Proxy2 were to cease functioning, the chain wouldn’t work. You would need to get rid of Proxy2 and just use Proxy1, Proxy3, and Proxy4 or find another proxy to take Proxy2’s place. This is why proxy chaining can be a real pain if you are using them just to surf the net. If one dies, you have to figure out which one is the one not working, so you have to go through each one to check them or until you find the one that isn’t working.

Proxy chaining is a necessity if you plan on using proxies to execute a “hack”. If you are attempting to gain unauthorized remote access to any server, whether it is through telnet, ftp, or http, chaining is a must. As I said, you will never be 100% anonymous no matter what you do online so it is possible that you still can be tracked even if u chain proxies. Chaining just makes it a lot hard to track someone. To make it even harder, its best to use foreign proxies because if someone wanted to trace you, they would need to get logs of your use of each proxy from each proxy administrator. This could take quite a while or even never at all if one of the proxy’s, or all for that matter, belong to an admin in a country that isn’t too fond of the country you are located in. The longer it takes for the authorities to subpoena the logs of your usage of a single proxy from that proxy’s administrator, the more chance that the other proxies that you used in the chain will have their logs deleted by the time anyone gets to the server administrators of those proxies. So when attempting to do any kind of “hack”, it’s best to use at least five or six proxies in a chain.

HTTP Chaining
HTTP chaining is basically chaining a proxy server in your browser’s address bar. Example:

http://proxy.magusnet.com/-_-http://www.google.com

Notice how the above proxy and destination (yahoo) are seperated by a (-_-) If you wanted to make a chain out of this you would simply add another proxy ex. ( http://proxy.server1.com/-_-http://proxy.server2.com/-_-http://www.destination.com)

Another way to use proxys in your address bar is by adding the proxy IP or domain then the port number. Example…

http://anon.free.anonymizer.com:80/http://www.google.com

Notice how the above proxy and destination server are seperated this time by a (/) forward slash instead of a (-_-) dash, underscore, dash. To make a chain out of this you would again simply add another proxy ex. ( http://proxy1:80/http://proxy2:80/proxy3:80/http://www.yahoo.com)

Browser Chaining
To browser chain is fairly easy. I’ll use Internet Explorer as an example since I believe it is the browser that most people have and use. First you need to find the Internet Options. You can do this by either finding the Explorer icon on the desktop, right click on it, then press properties or if you have a browser window already opened if you are online then you can go to Tools (or sometimes its View) and press Internet Options. Now that you have the Internet Options window up you can now go to the Connections tab, then go to the first Settings button (not LAN Settings, the one above it) and click it. Now you should be in the Settings box. Put a check in the box where it says to Use a proxy server. Now if you wanted to surf using one proxy you would merely put the proxy in the Address: space and put the proxy’s port number in the Port: space. To use a chain here you would put in a proxy along with a “:” colon then the port number followed by a space separting the next proxy then a “:” colon then the port number then a space and so on. The last proxy you add should have its port number placed inside the Port: space. If you did it, then it should look like this exactly…

Address: 213.234.124.23:80 121.172.148.23:80 143.134.54.67 Port: 80

***Notice that each proxy:port is separated by a space and that the last proxy has its port number placed in the Port: space. Do not check the box marked “Bypass proxy server for local addresses”. Press OK when you see that everything is in working order***

Wingates
A wingate is a proxy server that someone installs onto his/her computer which allows for a single or multiple online connection to take place through port 23, the default telnet port. Depending on their security, some wingates will allow anyone online to connect to them and usually stay “alive” or “working” anywhere from a few days to even months. There are people out there that scan for these Wingates and post the computer’s IP number or domain on their website to give anyone online a free list of them to use. You can also scan them yourself by using programs like WinScan.

Chaining Wingates Using Telnet
I’m going to assume you already know what telnet is so I will just get right down to it. To chain using telnet, you would first bring up the DOS prompt and type in “telnet” then your wingate. (Since telnet’s default port is 23 and all wingates run on port 23, the port number is not necessary but I will add it just to show you how you should type any port number out on screen) Example…

C:\WINDOWS>telnet 61.133.119.130 23

So now you have “telnet”, a space, the wingate IP, a space, then the port number 23. Once you are connected to the wingate it should look like this…

Wingate>

Now you would type your next wingate and port number in, then press enter like so…

Wingate> 203.207.173.166 23

You can continue to do this until you connected to as many Wingates as you need. Once you are finished with your wingates you would connect to your destination. Example…

WinGate>arbornet.org

So now the entire picture would look something like this…

C:\Windows> telnet 61.133.119.130 23

Wingate>203.207.173.166 23

Wingate>135.245.18.167 23

Wingate>m-net.arbornet.org
Connecting to host arbornet.org...Connected

Welcome to the Once and Future M-Net
FreeBSD 4.3 (m-net.arbornet.org) (ttypv)

Enter newuser at the login prompt to create a new account
Enter upgrade at the login prompt to find out about increased access

login:

How To Setup Your Own Dns (Domain Name Server)

This is only a quick tutorial, there are literally hundreds of little tricks you can do with a DNS, but this will get your basics up and running. I'm assuming you want to setup a windows DNS server, but the principals will work for most servers.

You will need..

1) A domain name over which you have full control
2) DNS server software(Windows server always comes with one of these)
3) At least one fixed IP address, allthough two is highly desirable
4) An idea of what services you want on your server

The first thing you need to do is create your new domain entry. In windows this is called a "Zone" and you will have one for every domain name you have. Add your main domain in the forward lookup zone as a Primary zone, which will be in the format "Domainname.com", or .co.uk, or whatever, you shouldn't need any more details for this bit. Do *not* allow dynamic updates unless this is a local network DNS. Once it is created you will have 2 entry's under your new domain, "SOA"(Or Start of Authority) and "NS"(Or Name server). If you want a 100% compliant DNS then you should now follow the same process but adding a domain as a reverse lookup zone. Any changes you make to the forward lookup should have the "Update Reverse Lookup" option ticked if its available, if not you must update the reverse zone manually(This is very important).

Now edit the "NS" entry in your forward zone to "NS0.DomainName.Com", and set it to the relevant IP address. Add another (NS) record and set it to "NS1.DomainName.Com". If using 2 IP address, try to make NS0 the first IP. Now you need to configure the SOA entry in the forward lookup zone. The serial number should be changed to a date followed by a number in this format "YYYYMMDDnn", this is not required, but is advised by RIPE. The primary server will be the "NS0.domainname.com" entry you just made and the responsible person should be left for now. The refresh interval should be set somewhere between 1200 to 43200 seconds, the retry should be between 120-7200 seconds and the expires after should be around 2-4 weeks(I'll let you work out the seconds for that). The minimum TTL is quite important, and depending on what you are going to do with the domain, you might need to tweak this a bit. Typically a value between 1-3 hours should be used. Now go to your "Name server" settings in your SOA record(In windows this is a tab in the same window) remove the defaults, and add your two Name servers that you just setup. We will come back to the SOA record later, but for now we need to do some more stuff.

If you want a website, then your going to want the WWW. setting up. We will set it up as an "A" record, which means it is a separate top level record and will be populated separately from other entries. So add an "A" to your forward lookup zone and put the entry as "WWW", and set the IP address to wherever you want the website to be. This will be where the domain always goes, and it could be anywhere. Just make sure there is a web server waiting there for it. If you want FTP, then setup the same thing but with "FTP" in the entry. You will now also have to setup "A" records for the NS0 and NS1 name servers that you added previously, just make them the same as WWW and FTP, but make sure the IP addresses match the ones used for setting up the "NS" records. Also add a blank "A" record, this will make sure that "domainname.com" works as well as "www.domainname.com".

Now you should decide whether or not you want to have mail on this domain. It is Hegel advisable that you set one up, even if it just to catch domain mail about abuse or potential problems that might occur. You can find plenty of high quality free mail servers out there, but I would recommend "Mail Enable", its free and provides everything you would want, but if you want webmail you do have to pay something extra for it. We will now configure the MX records. Add an "A" name for your mail server, you can add 2 if you want, but for simplicity I would advise staying with 1. We will call ours "Mail.domainname.com", and point it to one of our IP addresses. Now add an "MX" record in the Forward Lookup zone, giving it the full "A" record you just entered "Mail.domainname.com", and do not setup a host or child domain, just leave it blank.

This next step isn't needed, but is again highly recommended.

Now to finish the SOA you need to add two more records. A "RP" entry, which is a Responsible Person, and they will be the contact point for domain complaints and a "MB" entry, which is a mailbox entry. The "MB" should just be pointed to the mail server domain name "Mail.domainname.com", and the "RP" should have the host or domain set to the name of your mail box. So for this server it will be "Tony.Domainname.com", and the mailbox will be set to the "MB" record you just made. Don't worry about the RP address having no "@" in it, this is the expected format for an "RP" entry. You will now have to go back into the SOA and change the responsible person to the new "RP" record you just made.

And thats it, your done! You can add as many "A" records as you like to point to other web servers, or a multitude of FTP sites. And you can add "CNAME" records to basically point to another name, usually an "A" record, like an alias.

Now before you switch your domain on, you need to check that the server is performing properly. So go to www.dnsreport.com, and run the report on your domain "domainname.com", and it will give you a very detailed report of any problems, and even a short description of how to fix the problems. If all is OK, then you are ready to go live. If your domain name is new, or not currently hosted anywhere then the first thing you should do is re-point the domain at your new server. You will typically do this with the provider who owns the domain, and it will be different with all hosts. But the basic settings are the same. You will be asked for at least 2 name servers and ip addresses to go with them. Just put in "NS0.domainname.com" and "NS1.domainname.com" and put in the correct IP addresses. Make sure you do not mess this up, as changes to your main NS servers could potentially take several days to straighten themselves out. Update these settings, and then sit back and wait. You can do a whois on the main DNS server of your domain provider to check if the settings have worked, but again this doesn't always work. For the big 3 domains(.com .net .org) you can do a whois on the network associates site to see the changes instantly. You can also track the progress of the domain changes by doing an NSLookup in dos, like this...

c:\nslookup ns0.domainname.com NS0.yourprovidersdns.com

That will give you the entries your domain provider has

c:\nslookup www.domainname.com ns0.domainname.com

And this will tell you if the changes for your domain have gone through to your ISPs DNS yet. It should give you back the IP address of your new DNS server.

You should always make sure your server is backed up, and that you refresh or update the DNS when you are making changes.

How to Remove the Default Admin$ Shares

By default Windows 2000, Windows XP and WinNT automatically setup hidden admin shares (admin$, c$ and d$), this registry key will disable these hidden shares.

System Key: [HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ LanmanServer\ Parameters]
Value Name: AutoShareWks
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable shares, 1 = enable)

This registry key actually stops the recreation of the shares, therefore it may be necessary to delete the shares through the drive properties also or you can also remove the shares through the Computer Management Console.

1. In Control Panel, double-click Administrative Tools, and then double-click Computer Management.

2. Click to expand Shared Folders, and then click Shares.

3. In the Shared Folder column, right-click the share you want to delete, click Stop sharing, and then click OK.

Note : To remove the admin share for only the current session use the second method (Computer Management console), if you want a permanent removal, add the AutoShareWks registry.

How to modify *.exe files

Learn how to change *.exe files, in 5 easy steps:

1) Don't try to modify a prog by editing his source in a dissasembler.Why?
Cause that's for programmers and assembly experts only.

try to view it in hex you'll only get tons of crap you don't understand.
First off, you need Resource Hacker(last version). It's a resource editor-
very easy to use, You can download it at h**p://www.users.on.net/johnson/resourcehacker/

2) Unzip the archive, and run ResHacker.exe. You can check out the help file too


3) You will see that the interface is simple and clean. Go to the menu FileOpen or press Ctrl+O to open a file. Browse your way to the file you would like to edit. You can edit *.exe, *.dll, *.ocx, *.scr and *.cpl files, but this tutorial is to teach you how to edit *.exe files, so open one.

4) In the left side of the screen a list of sections will appear.
The most common sections are
-String table;
-RCData;
-Dialog;
-Cursor group;
-Bitmap;
-WAV.
*Icon: You can wiew and change the icon(s) of the program by double-clicking the icon section,chossing the icon, right-clicking on it an pressing "replace resource". After that you can choose the icon you want to replace the original with.
*String table: a bunch of crap, useful sometimes, basic programming knowladge needed.
*RCData: Here the real hacking begins. Modify window titles, buttons, text, and lots more!
*Dialog:Here you can modify the messages or dialogs that appear in a program. Don't forget to press "Compile" when you're done!
*Cursor group: Change the mouse cursors used in the program just like you would change the icon.
*Bitmap: View or change images in the programs easy!
*WAV:Change the sounds in the prog. with your own.


5) In the RCData,Dialog,Menu and String table sections you can do a lot of changes. You can modify or translate the text change links, change buttons, etc.


TIP: To change a window title, search for something like: CAPTION "edit this".
TIP: After all operations press the "Compile Script" button, and when you're done editing save, your work @ FileSave(Save as).
TIP: When you save a file,the original file will be backed up by default and renamed to Name_original and the saved file will have the normal name of the changed prog.
TIP: Sometimes you may get a message like: "This program has a non-standard resource layout... it has probably been compressed with an .EXE compressor." That means that Resource Hacker can't modify it because of it's structure.

How to Get any Windows Password

This works whether its windows 2000 or windows xp or windows xp SP1 or SP2 or windows server 2003....

this works even if syskey encryption is employed...

if it is FAT filesystem...

just copy the sam file like stated in the first post to an empty floppy disk and take it home. I'll tell u what to do with it later... DON'T DELETE THE ORIGINAL SAM FILE. just remove its attributes. the sam file is a file called SAM with no extension. YOU MUST ALSO GET.... a file called SYSTEM which is in the same folder as SAM. both files have no extensions...

if it is NTFS....

u have to download a program called NTFSPro.... it allows u to read from ntfs drives... the demo version allows read only. the full version is read-write.... you use the program to create an unbootable disk (so u will still need another bootable disk and an empty disk) that has the required files to access NTFS.

use the boot disk to get into dos, then use the disks created with ntfspro to be able to access the filesystem, then copy the SAM and SYSTEM files to another empty disk to take home....

AT HOME: u have to get a program called SAMInside. it doesn't matter if it is demo version. SAMInside will open the SAM file and extract all the user account information and their passwords, including administrator. SAMInside will ask for the SYSTEM file too if the computer you took the SAM file from has syskey enabled. syskey encrypts the SAM file. SAMInside uses SYSTEM file to decrypt the SAM file. After SAMInside finishes, u still see user accounts and hashes beside them. the hashes are the encoded passwords. Use SAMInside to export the accounts and their hashes as a pwdump file into another program, called LophtCrack. it is currently in version 5, it is named LC5. the previous version, LC4 is just as good. u need the full or cracked version of the program. LC5 uses a brute force method by trying all possible combinations of letters numbers, and unprintable characters to find the correct password from the hashes in the pwdump file imported into it from SAMInside. This process of trying all passwords might take 5 minutes if the password is easy, up to a year if the password is long and hard (really really hard). LC5 howver, unlike LC4, is almost 100 times faster. both can be configured to try dictionary and common words before using all possible combinations of everything. Once the correct password is found, it will display the passwords in clear beside each account, including administrator.

Programs needed: SAMInside (doesn't matter which version or if demo)
LC4 or LC5 (lophtcrack)( must be full version)
NTFSPro (doesn't matter if demo)
any bootdisk maker
Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security