Hacking tutorial
- Other techniques
===============================================================================
3 - Other Techniques.
===============================================================================
Here in the "Other Techniques" I will explain some small tricks you can do,
and some other stuff, since we just talked about spoofing I'll start
with how to do mail spoofing:
-------------------------------------------------------------------------------
To spoof mails in a UNIX enviorment.
It's so easy it's sad, so here we go.
-------------------------------------------------------------------------------
telnet 25 | connect to a host that's running sendmail
helo | identify with the server.
mail from: | name the sender of the mail (any mail address)
rcpt to: | name the receiver of the mail.
data | start command for mail's body
. | sends mail
quit | logs you out correctly
example:
telnet 127.0.0.1 25
helo microsoft.com
mail from:
root@microsoft.comrcpt to:root@localhost
data
Yes we know we cant write any programs that's stable,
and yes, we also know that windows sucks ...
.
quit
-------------------------------------------------------------------------------
Here's what the spoofed mail headers will read if your IP is "212.151.231.70":
From
root@microsoft.com Fri Dec 3 00:59:00 1999
Return-Path:
Received: from microsoft.com (d212-151-231-70.swipnet.se [212.151.231.70])
by localhost.localdomain (8.9.3/8.9.3) with SMTP id AAA11459
for root@localhost; Fri, 3 Dec 1999 00:58:06 +0100
Date: Fri, 3 Dec 1999 00:58:06 +0100
From:
root@anus.comMessage-Id: <199912022358.AAA11459@localhost.localdomain>
Status: RO
Yes we know we cant write any programs that's stable,
and yes, we also know that windows sucks ...
-------------------------------------------------------------------------------
Here I sent the mail to localhost (my own computer and made up a reseolveble
IP for it), anyway look at the 3'd line:
Received: from microsoft.com (d212-151-231-70.swipnet.se [212.151.231.70])
Here it clearly says who really sent the mail, which is a bad idea if you
don't want to get caught.
Note: this should read:
Received: from microsoft.com (microsoft.com [207.46.130.149])
(or some IP that microsoft.com can resolve to)
Get the point ?
-------------------------------------------------------------------------------
So what we want to do is to bounce of a wingate to make this change:
If we now say that the wingates IP is "202.53.247.103" the mail
headers will look like this:
From
root@microsoft.com Fri Dec 3 01:09:50 1999
Return-Path:
Received: from microsoft.com (dial247-103.cabi.net.id [202.53.247.103])
by localhost.localdomain (8.9.3/8.9.3) with SMTP id BAA11612
for root@localhost; Fri, 3 Dec 1999 01:09:12 +0100
Date: Fri, 3 Dec 1999 01:09:12 +0100
From:
root@microsoft.comMessage-Id: <199912030009.BAA11612@localhost.localdomain>
Status: RO
Yes we know we cant write any programs that's stable,
and yes, we also know that windows sucks ...
-------------------------------------------------------------------------------
Note: how to use a wingate -
telnet wingate.com (no 'wingate.com' is not a real wingate host)
WinGate> <<=== here you type the IP of the computer with a
sendmail daemon open, and add 25 after it.
It should look something like this when you press enter:
telnet wingate.com
WinGate>212.151.231.70 25
Then wait some seconds and it will display:
Connecting to host 212.151.231.70...Connected
220 localhost.localdomain ESMTP Sendmail 8.9.3/8.9.3; Fri, 3 Dec 1999 01:08:22 +0100
And here start with the 'helo' and all the rest.
-------------------------------------------------------------------------------
Now the mail will only get traced to the wingate instead of your computer.
..... this is all IF someone traces the mail at all, usually the mail
clients doesn't show any of this info, they are simply hidden data, that
are saved with the mail...
So someone can intact see that the mail is not authentic unless you
spoof your IP/host with some blind-spoofing application or by doing
a real spoof....
-------------------------------------------------------------------------------
Next up I'll explain how to bounce to IRC with a WinGate so that your hostname
will be that of the wingate.
-------------------------------------------------------------------------------
Start your Linux/UNIX IRC client, ircii or BitchX will do just fine.
Once it's started it tries to connect to a server, let it do that,
when it's connected and you can type, you type the following:
/server some-wingate.com 23
And let it connect to that, then you do the following command:
/quote irc.some-ircserver.com 6667
Here it might say something about ping and msg register, then you can do
like this:
/sping
And:
/msg foo
Then it should connect as normal, if the network allows WinGates, UnderNet
doesn't allow any proxy connections as far as I know.
A note is that:
some-wingate.com
irc.some-ircserver.com
Are faked servers. find a real wingate to replace "some-wingate.com" with, and
a real IRC server to replace "irc.some-ircserver.com" with.
-------------------------------------------------------------------------------
By now you just got to be asking your self, how on earth do I find a WinGate ?
Most wingate scanners Iv tried works very porley. So I wrote a small one
that follows here:
-------------------------------------------------------------------------------
#!/bin/bash
echo > .log.tmp.$$
echo > .log2.tmp.$$
echo "sleep 7" > wg.config
echo "killall -2 telnet" >> wg.config
scan="$1"
count="0"
max="255"
clear
if whoami | grep root >> /dev/null ; then
echo "please use this as user and not root, since it would kill all users"
echo "telnet sessions"
else
clear
fi
if [ "$1" = "" ]; then
echo " usage is: $0 "
echo " examples:"
echo " $0 127.0.0"
echo " That will scan from 127.0.0.0 to 127.0.0.255"
echo
echo "Be aware though, while it scan ns it also kills any other telnet"
echo "sessions you might have ...."
exit 0
fi
while [ $count != $max ]; do count=`expr $count + 1`
echo "Attempting connection to $1.$count "
echo > .log2.tmp
./wg.config &
telnet $scan.$count >> .log.tmp
cat .log.tmp | grep -v refused | grep -v closed | grep -v Connected | grep -v Escape | grep -v login >> .log2.tmp
echo " " >> .log.tmp
done
echo "Done !"
rm -f .log.tmp.$$ .log2.tmp.$$ wg.config
exit 0
-------------------------------------------------------------------------------
To make it work just cut away what comes before "#!/bin/bash", and what comes
after "exit 0" ... or you might want to cut'n'paste it to a new file, call it
"wg-scan" or something like that.
Then do:
[user@localhost user]$ chmod a+x wg-scan
[user@localhost user]$ ./wg-scan
Here it clears your screen and says:
usage is: ./wg-scan
examples:
./wg-scan 127.0.0
That will scan from 127.0.0.0 to 127.0.0.255
be aware though, while it scans it also kills any other telnet
sessions you might have .... yeah I'm working on it ...
And so you do just that, you think of a C class subnet and you scan it.
Also know that it may take ALOT of time to scan after a WinGate.
-------------------------------------------------------------------------------
And that's about it !
===============================================================================
-------------------------------------------------------------------------------
===============================================================================
Now that you know how to operate these programs, even if you were go around and
hack 100 computers, you are still NOT a real hacker.
You would still be just a lame script kiddie, to be a real hacker takes ALOT
of time and ALOT of determination.
Say now, if you learn UNIX on administration level, then you learn bash (UNIX
shell scripting language) really well, and after that you learn C programming
well, and asm (assambley language).
And after that start to find and make your own exploits and find exploitable
bugs in programs and so, THEN you can start to call yourself a hacker.
You are not a hacker just because you can execute an exploit or a program
that someone else have programmed, that is just as stupid as if you called
yourself a webmaster just cause you know how to start Internet Explorer or
Netscape .... Or trying to call yourself a programmer just because you
can compile a program....
It says it self, it just doesn't work that way.
So now let's all find some good music by Prodigy and let's hack the planet...
ummmm, like NOT
===============================================================================
-------------------------------------------------------------------------------
===============================================================================