Prepared By:- Kishor M. Thnath Std: - S.Y.B.C.A. Roll No.:-166 Guided By: - Mr. Ankit Patel (Faculty-S.V.C.C.S.

Hacking

Introduction
Although this book cannot teach you everything you need to know, the references contained within this book can. Therefore, if you know very little about Internet security, you will want to maximize the value of this book by adhering to the following procedure Those readers who want only a casual education in Internet security may read the book without ever retrieving a single document from the Internet. But if you are searching for something more, something deeper, you can obtain it by adhering to this procedure.

Why, I choose this Topic?

Hacking and cracking are activities that generate intense public interest. Stories of hacked servers and downed Internet providers appear regularly in national news. Today, thousands of institutions, businesses, and individuals are going online. For companies, education is an economical way to achieve at least minimal security

Difference between hacker and Cracker

Hacker
The term hacker refers to programmers and not to those who unlawfully breach the security of systems. A hacker is any person who investigates the integrity and security of an operating system. Most commonly, these individuals are programmers. They usually have advanced knowledge of both hardware and software and are capable of rigging (or hacking) systems in innovative ways. Often, hackers determine new ways to utilize or implement a network,

2.

Prepared By: - Kishor M. Thanth

Hacking
ways that software manufacturers had not expressly intended A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never, ever intentionally damage data Modern Hackers write programs to check the integrity of other programs. In other technical fields, hacker is extended to mean a person who makes things work beyond perceived limits through their own technical skill, such as a hardware hacker, or reality hacker.

Cracker
A cracker is any individual who uses advanced knowledge of the Internet (or networks) to compromise network security. Historically, this activity involved cracking encrypted password files, but today, crackers employ a wide range of techniques. Hackers also sometimes test the security of networks, often with the identical tools and techniques used by crackers. To differentiate between these two groups on a trivial level, simply remember this: Crackers engage in such activities without authorization. As such, most cracking activity is unlawful, illegal, and therefore punishable by a term of imprisonment. A cracker is a person who breaks into or otherwise violates the system integrity of remote machines, with malicious intent. Crackers, having gained unauthorized access, destroy vital data, deny legitimate users service, or basically cause problems for their targets. Crackers can easily be identified because their actions are malicious.

3.

Prepared By: - Kishor M. Thanth

Hacking

Crackers rarely write their own programs. Instead, they beg, borrow, or steal tools from others. They use these tools not to improve Internet security, but to subvert it. They have technique, perhaps, but seldom possess programming skills or imagination. They learn all the holes and may be exceptionally talented at practicing their dark arts, but they remain limited. A true cracker creates nothing and destroys much. His chief pleasure comes from disrupting or otherwise adversely effecting the computer services of others.

What damage can a Hacker do?

This depends upon what backdoor program(s) are hiding on your PC. Different programs can do different amounts of damage. However, most allow a hacker to smuggle another program onto your PC. This means that if a hacker can't do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information

Why Do Crackers Exist?

Crackers exist because they must. Because human nature is just so, frequently driven by a desire to destroy instead of create. No more complex explanation need be given. The only issue here is what type of cracker we are talking about.

4.

Prepared By: - Kishor M. Thanth

Hacking
Some crackers crack for profit. These may land on the battlefield, squarely between two competing companies. Perhaps Company A wants to disable the site of Company B. There are crackers for hire. They will break into almost any type of system you like, for a price. Some of these crackers get involved with criminal schemes, such as retrieving lists of TRW profiles. These are then used to apply for credit cards under the names of those on the list. Other common pursuits are cell-phone cloning, piracy schemes, and garden-variety fraud. Other crackers are kids who demonstrate an extraordinary ability to assimilate highly technical computer knowledge. They may just be getting their kicks at the expense of their targets.

What Is Meant by the Term Cracked?

For our purposes, cracked refers to that condition in which the victim network has suffered an unauthorized intrusion. There are various degrees of this condition, each of which is discussed at length within this book. Here, I offer a few examples of this cracked condition: The intruder gains access and nothing more (access being defined as simple entry; entry that is unauthorized on a network that requires--at a minimum--a login and password). The intruder gains access and destroys, corrupts, or otherwise alters data.

The intruder gains access and seizes control of a compartmentalized portion of the system or the whole system, perhaps denying access even to privileged users.

5.

Prepared By: - Kishor M. Thanth

Hacking
The intruder does NOT gain access, but instead implements malicious procedures that cause that network to fail, reboot, hang, or otherwise manifest an inoperable condition, either permanently or temporarily.

To be fair, modern security techniques have made cracking more difficult. However, the gorge between the word difficult and the word impossible is wide indeed. Today, crackers have access to (and often study religiously) a wealth of security information, much of which is freely available on the Internet. The balance of knowledge between these individuals and bona-fide security specialists is not greatly disproportionate. In fact, that gap is closing each day. The purpose of this chapter is to show you that cracking is a common activity: so common that assurances from anyone that the Internet is secure should be viewed with extreme suspicion. To drive that point home, I will begin with governmental entities. After all, defense and intelligence agencies form the basis of our national security infrastructure. They, more than any other group, must be secure.

Categories of hacker

Here I list out few types of Hacker. The hacker community, the set of people who would describe themselves as hackers or described by others as hackers, falls into at least four partially overlapping categories.

Hacker: Highly skilled programmer

The positive usage of hacker is one who knows a (sometimes specified) set of programming interfaces well enough to program rapidly and expertly. This type of hacker is well-respected (although the term still carries

6.

Prepared By: - Kishor M. Thanth

Hacking
some of the meaning of hack), and is capable of developing programs without adequate planning or where pre-planning is difficult or impossible to achieve. This zugzwang gives freedom and the ability to be creative against methodical careful progress. At their best, hackers can be very productive. The technical downside of hacker productivity is often in maintainability, documentation, and completion. Very talented hackers may become bored with a project once they have figured out all of the hard parts, and be unwilling to finish off the "details". This attitude can cause friction in environments where other programmers are expected to pick up the half finished work, decipher the structures and ideas, and bullet-proof the code. In other cases, where a hacker is willing to maintain their own code, a company may be unable to find anyone else who is capable or willing to dig through code to maintain the program if the original programmer moves on to a new job. Additionally, there is sometimes a social downside associated with hacking. The stereotype of a hacker as having gained technical ability at a cost in social ability has historical basis in an uncomfortable amount of factual foundation in many individuals. While not universal, nor even restricted to hackers, the difficulty in relating to others and the often abrasive personalities of some hackers makes some of them difficult to work with or to organize into teams. On the other hand, it is not uncommon for hackers to thrive on social interaction

Hacker: Computer and network security expert

In the networking sense, a hacker is one who specializes in work with the access control mechanisms for computer and network systems. This includes individuals who work toward maintaining and improving the integrity of such mechanisms. However, the most common usage of hacker

7.

Prepared By: - Kishor M. Thanth

Hacking
in this respect refers to someone who exploits systems or gains unauthorized access by means of clever tactics and detailed knowledge, while taking advantage of any carelessness or ignorance on the part of system operators. This use of hacker as intruder (frequent in the media) generally has a strong negative connotation, and is disparaged and discouraged within the computer community, resulting in the modern Hacker definition controversy.

For such hackers specializing in intrusion, the highly derogatory term script kiddies is often used to indicate those who either claim to have far more skill than they actually have, or who exclusively use programs developed by others to achieve a successful security exploit.

Hacker: Hardware modifier

Another type of hacker is one who creates novel hardware modifications. At the most basic end of this spectrum are those who make frequent changes to the hardware in their computers using standard components, or make semicosmetic themed modifications to the appearance of the machine. This type of Hacker modifies his/her computer for performance needs and/or aesthetics. These changes often include adding memory, storage or leds and cold cathode tubes for light effects. These people often show off their talents in contests, and many enjoy LAN parties. At the more advanced end of the hardware hackers are those who modify hardware (not limited to computers) to expand capabilities; this group blurs into the culture of hobbyist inventors and professional electronics engineering. An example of such modification includes the addition of TCP/IP Internet capabilities to a number of vending

8.

Prepared By: - Kishor M. Thanth

Hacking
machines and coffee makers during the late 1980s and early 1990s.

Hackers who have the ability to write circuit-level code, device drivers, firmware, low-level networking, (and even more impressively, using these techniques to make devices do things outside of their spec sheets), are typically in very high regard among hacker communities. This is primarily due to the enormous difficulty, complexity and specialized domain knowledge required for this type of work, as well as the electrical engineering expertise that plays a large role. Such hackers are rare, and almost always considered to be wizards or gurus of a very high degree.

9.

Prepared By: - Kishor M. Thanth

Hacking Biohacker
Biohacker is a term used to describe an individual who experiments with DNA and other aspects of genetics, both within and outside an academic, governmental or corporate laboratory. Biohackers are similar to computer hackers who are hobbyists and like to tinker with DNA and other aspects of genetics. The exponential advances in biological technology typified by the approximate doubling of DNA sequencing and synthesis efficiencies on an annual basis without cost increases is likely to create a subculture of Biohackers who will increasingly tinker with available genes and even create completely new genes with novel functions.

How do Hackers hack?

There are many ways in which a hacker can hack. Some are as follows : netbios ICMP Ping FTP rpc.statd HTTP

Netbios

Netbios hacks are the worst kind, since they don't require you to have any hidden backdoor program running on your computer. This kind of hack exploits a bug in Windows 9x. Netbios is meant to be used on local area networks, so machines on that network can share information. Unfortunately, the bug is that netbios can also be used

10.

Prepared By: - Kishor M. Thanth

Hacking
across the Internet - so a hacker can access your machine remotely.

11.

Prepared By: - Kishor M. Thanth

Hacking ICMP Ping (Internet Control Message Protocol)

ICMP is one of the main protocols that make the Internet work. It standards for Internet Control Message Protocol. 'Ping' is one of the commands that can be sent to a computer using ICMP. Ordinarily, a computer would respond to this ping, telling the sender that the computer does exist. This is all pings are meant to do. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service attack, which overloads a computer. Also, hackers can use pings to see if a computer exists and does not have a firewall (firewalls can block pings). If a computer responds to a ping, then the hacker could then launch a more serious form of attack against a computer.

FTP (File Transfer Protocol)

FTP is a standard Internet protocol, standing for File Transfer Protocol. You may use it for file downloads from some websites. If you have a web page of your own, you may use FTP to upload it from your home computer to the web server. However, FTP can also be used by some hackers... FTP normally requires some form of authentication for access to private files, or for writing to files

Rpc.statd
This is a problem specific to Linux and Unix. The problem is the infamous unchecked buffer overflow problem. This is where a fixed amount of memory is set aside for storage of data. If data is received that is larger than this buffer, the program should truncate the data or send back an error, or at least do something other than ignore the problem. Unfortunately, the data overflows the memory that has

12.

Prepared By: - Kishor M. Thanth

Hacking
been allocated to it, and the data is written into parts of memory it shouldn't be in. This can cause crashes of various different kinds. However, a skilled hacker could write bits of program code into memory that may be executed to perform the hacker's evil deeds.

HTTP

HTTP stands for Hyper Text Transfer Protocol.. HTTP hacks can only be harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an 'unchecked buffer overflow'. If a user makes a request for a file on the web server with a very long name, part of the request gets written into parts of memory that contain active program code. A malicious user could use this to run any program they want on the server.

What Is a Password Cracker?

A password cracker is any program that can decrypt passwords or otherwise disable password protection. A password cracker need not decrypt anything. In fact, most of them don't. Real encrypted passwords Many so-called password crackers are nothing but bruteforce engines--programs that try word after word, often at high speeds. These rely on the theory that eventually, you will encounter the right word or phrase. This theory has been proven to be sound, primarily due to the factor of human laziness. Humans simply do not take care to create strong passwords. However, this is not always the user's fault:

How Do Password Crackers Work?

To understand how password crackers work, you need only understand how password generators work. Most password

13.

Prepared By: - Kishor M. Thanth

Hacking
generators use some form of cryptography. Cryptography is the practice of writing in some form of code.

Cryptography
This definition is wide, and I want to narrow it. The etymological root of the word cryptography can help in this regard. Crypto stems from the Greek word kryptos. Kryptos was used to describe anything that was hidden, obscured, veiled, secret, or mysterious. Graph is derived from graphia, which means writing. Thus, cryptography is the art of secret writing. An excellent and concise description of cryptography is given by Yaman Akdeniz in his paper Cryptography & Encryption: Cryptography defined as "the science and study of secret writing," concerns the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception, using codes, ciphers, and other methods, so that only certain people can see the real message Most passwords are subjected to some form of cryptography. That is, passwords are encrypted. To illustrate this process, let me reduce it to its most fundamental. Imagine that you created your own code, where each letter of the alphabet corresponded to a number

14.

Prepared By: - Kishor M. Thanth

Hacking

TCP ports and scanning

First of all, you should know some things about the internet. It's based on the TPC/IP protocol,(and others) It works like this: every box has 65k connection PORTS. Some of them are opened and waiting for your data to be sent. So you can open a connection and send data to any these ports. Those ports are associated with a service: Every service is hosted by a DAEMON. Commonly, a daemon or a server is a program that runs on the box, opens its port and offers their damn service. Here are some common ports and their usual services (there are a lot more): Port number 21 23 25 80 110 Example: Common service FTP Telnet SMTP HTTP POP3 Example daemon (d stands for daemon) Ftpd Telnet Sendmail Apache GPOP

15.

Prepared By: - Kishor M. Thanth

Hacking
When you visit the website http://www.host.com/luser/index.html, your browser does this:

It connects to the TCP port 80

It sends the string: "GET /HTTP/1.1 /luser/index.html" plus two 'intro' (it really sends a lot of things more, but that is the essential)

The host sends the html file

The cool thing of daemons is they have really serious security bugs. That's why we want to know what daemons are running there, so...We need to know what ports are opened in the box we want to hack.

How could we get that information?

We got a use a scanner. A scanner is a program that tries to connect to every port on the box and tells which of them are opened. The best scanner i can think of is nmap, created by Fyodor.

How to Change IP Address ?

The following is a guide on how to change your IP in 30 seconds or less. This can be used if your IP has been banned from a game server, or on gunbound if your IP get's blocked. I've tried this on both Windows XP and Windows 2000, and it has worked: 1. Click on "Start" than

16.

Prepared By: - Kishor M. Thanth

Hacking
2. Click on "Run" 3. Type in "command" and hit ok You should now be at an MSDOS prompt screen. 4. Type "ipconfig /release" and hit "enter" 5. Type "exit" and leave the prompt 6. Right-click on "Network Places" or "My Network Places" on your desktop. 7. Click on "properties" You should now be on a screen with something titled "Local Area Connection", or something close to that, and, if you have a network hooked up, all of your other networks. 8. Right click on "Local Area Connection" and click "properties" 9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab 10. Click on "Use the following IP address" under the "General" tab 11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the area up). 12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers. 13. Hit the "Ok" button here 14. Hit the "Ok" button again You should now be back to the "Local Area Connection" screen. 15. Right-click back on "Local Area Connection" and go to properties again. 16. Go back to the "TCP/IP" settings 17. This time, select "Obtain an IP address automatically"

17.

Prepared By: - Kishor M. Thanth

Hacking
18. Hit "Ok" 19. Hit "Ok" again 20. You now have a new IP address.

Scanners
What Is a Scanner?
A scanner is a program that automatically detects security weaknesses in a remote or local host. By deploying a scanner, a user in Los Angeles can uncover security weaknesses on a server in Japan without ever leaving his or her living room.

How Do Scanners Work?

True scanners are TCP port scanners, which are programs that attack TCP/IP ports and services (Telnet or FTP, for example) and record the response from the target. In this way, they glean valuable information about the target host (for instance, can an anonymous user log in?). Other so-called scanners are merely UNIX network utilities. These are commonly used to discern whether certain services are working correctly on a remote machine. These are not true scanners, but might also be used to collect information about a target host. (Good examples of such utilities are the rusers and host commands, common to UNIX platforms.)

Sniffers
A sniffer is any device, whether software or hardware, that grabs information traveling along a network. That network could be running any protocol: Ethernet, TCP/IP, IPX, or others (or any combination of these). The purpose of the sniffer to place the network interface--in this case, the

18.

Prepared By: - Kishor M. Thanth

Hacking
Ethernet adapter--into promiscuous mode and by doing so, to capture all network traffic. When one discusses sniffers, one is not discussing key capture utilities, which grab keystrokes and nothing more. Essentially, a key capture utility is the software equivalent of peering over someone's shoulder. This peering might or might not reveal important information. True, it might capture passwords typed into the console of the local terminal, but what about other terminals? In contrast, sniffers capture network traffic. This network traffic (irrespective of what protocol is running) is composed of packets (these might be IP datagrams or Ethernet packets). These are exchanged between machines at a very low level of the operating-system network interface. However, these also carry vital data, sometimes very sensitive data. Sniffers are designed to capture and archive that data for later inspection. A sniffer is nothing more than hardware or software that hears (and does not ignore) all packets sent across the wire. In this respect, every machine and every router is a sniffer (or at least, each of these devices could be a sniffer). This information is then stored on some media and archived for later viewing. A sniffer can be (and usually is) a combination of both hardware and software. The software might be a general network analyzer enabled with heavy debugging options, or it might be a real sniffer. A sniffer must be located within the same network block (or net of trust) as the network it is intended to sniff. With relatively few exceptions, that sniffer could be placed anywhere within that block

19.

Prepared By: - Kishor M. Thanth

Hacking

What Information Is Most Commonly Gotten from a Sniffer?

A sniffer attack is not as easy as you might think. It requires some knowledge of networking before a cracker can effectively launch one. Simply setting up a sniffer and leaving it will lead to problems because even a five-station network transmits thousands of packets an hour. Within a short time, the outfile of a sniffer could easily fill a hard disk drive to capacity (if you logged every packet). To circumvent this problem, crackers typically sniff only the first 200-300 bytes of each packet. Contained within this portion is the username and password, which is really all most crackers want. However, it is true that you could sniff all the packets on a given interface; if you have the storage media to handle that kind of volume, you would probably find some interesting things.

Trojan
What Is a Trojan?
The unauthorized functions that the trojan performs may sometimes qualify it as another type of malicious device as well. For example, certain viruses fit into this category. Such a virus can be concealed within an otherwise useful program. When this occurs, the program can be correctly referred to as both a trojan and a virus. The file that harbors such a trojan/virus has effectively been trojaned.

20.

Prepared By: - Kishor M. Thanth

Hacking
Thus, the term trojan is sometimes used as a verb, as in "He is about to trojan that file." An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user. A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.

Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and probably unwanted) by the user.

What Level of Risk Do Trojans Represent?

Trojans represent a very high level of risk, mainly for reasons already stated: Trojans are difficult to detect. In most cases, Trojans are found in binaries, which remain largely in non-human-readable form.

Trojans can affect many machines.

Let me elaborate. Trojans are a perfect example of the type of attack that is fatal to the system administrator who has only a very fleeting knowledge of security. In such a climate, a Trojan can lead to total compromise of the system. The Trojan may be in place for weeks or even months before it is discovered. In that time, a cracker with root privileges could alter the entire system to suit his or her needs. Thus, even when the Trojan is discovered, new holes may exist of which the system administrator is completely unaware.

21.

Prepared By: - Kishor M. Thanth

Hacking

How Does One Detect a Trojan?

Detecting trojans is less difficult than it initially seems. But strong knowledge of your operating system is needed; also, some knowledge of encryption can help. If your environment is such that sensitive data resides on your server (which is never a good idea), you will want to take advanced measures. Conversely, if no such information exists on your server, you might feel comfortable employing less stringent methods Another way to check the integrity of a file is by examining its size. However, this method is extremely unreliable because of how easily this value can be manipulated. When editing plain text files, it is simple to start out with a size of, say, 1,024KB and end up with that same size. It takes cutting a bit here and adding a bit there. But the situation changes radically when you want to alter a binary file. Binary files usually involve the inclusion of special function libraries and other modules without which the program will not work. Thus, to alter a binary file (and still have the program function) is a more complicated process. The programmer must preserve all the indispensable parts of the program and still find room for his or her own code. Therefore, size is probably a slightly more reliable index than time. Briefly, before I continue, let me explain the process by which a file becomes trojaned.

How hackers Trace IP Address?

Getting the Internet Protocol or the IP Address of a remote system is said to the most important step in hacking of

22.

Prepared By: - Kishor M. Thanth

Hacking
asystem. Sometimes, however we get an IP in order to get more information on someone or some host. But, how can an IP Address be used to get more information on the location Like in the real world, everyone has got an individual Home Address or telephone number so that, that particular individual can be contacted on that number or address, similarly all computers connected to the Internet are given a unique Internet Protocol or IP address which can be used to contact that particular computer. Actually, the IP address (Actually the entire TCP/IP Protocol) is structured or designed such that one cannot tell as to in which country a system having the given IP is situated, by simply looking at it. An IP Address has no fields, which tell you the country in which the computer using it resides in. So, all myths like The Second or the third field of an IP stands for the country in which the system using it resides are definitely false and untrue. However, yes sometimes one can guess or deduce as to in which country and even in which city the system using an IP resides in, by simply looking at the first three fields of the IP. Let us take an example to understand what I mean to say by this. Now, before I move on the example, let us understand how exactly IP Addresses are awarded to you. Let take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 202 is the Network number or the Network Prefix. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host

23.

Prepared By: - Kishor M. Thanth

Hacking
Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, Here are different classes of IP addresses: Address Class Dotted Decimal Notation Ranges Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix. In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's". A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as "24's" and is commonly used by most ISP's. Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in. Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that

24.

Prepared By: - Kishor M. Thanth

Hacking
whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes: Xxx.xxx.zzz.yyy Where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. Yyy is variable. For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?

So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses. The popular and wonderful Unix utility nslookup can be used for performing Reverse DNS lookups. So, if you using a *nix box or if you have access to a shell account, then the first this to do is to locate where the nslookup command is hidden by issuing the following command: ' whereis nslookup ' We can use nslookup to perform a reverse DNS lookup by mentioning the IP of the host at the prompt. For Example, $>nslookup IP Address

25.

Prepared By: - Kishor M. Thanth

Hacking
Note: The below IPs and corresponding hostnames have been made up. They may not actually exist. Let us say, that above, instead of IP Address, we type 203.94.12.01 (which would be the IP I want to trace.). $>nslookup 203.94.12.01 Then, you would receive a response similar to: mail2.bol.net.in Now, if you carefully look at the hostname that the Reverse DNS lookup, gave us, then the last part reveals the country in which system resides in. You see, the .in part signifies that the system is located in India. All countries This method can also be used to figure out as to which country a person lives in, if you know his email address. For Example, if a person has an email address ending in .ph then he probably lives in Philippines Here are Few Country Codes Australia .au Indonesia .id India .in Japan .jp Israel .il Britain .uk

Other Way to locate some ones IP

WHOIS
Another method of getting the exact geographical location of a system on the globe is by making use of the WHOIS database. The WHOIS database is basically the main database, which contains a variety of information like

26.

Prepared By: - Kishor M. Thanth

Hacking
contact details, name etc on the person who owns a particular domain name. So, basically what one does in a WHOIS query You could also directly enter the following in the location bar of your Browser and perform a WHOIS enquiry. Enter the following in the location bar of your browser: Example: Http://205.177.25.9/cgi-bin/whois?Abc.com Note: Replace abc.com with the domain name on which you want to perform a WHOIS query. This method cannot be used to get the contact address of a person, if the IP that you use to trace him, belongs to his ISP. So, either you need to know the domain name (which is registered on his name) or have to remain satisfied knowing only the city (and ISP) used by the person The WHOIS service by default runs on Port 43 of a system.

Traceroute / tracert
Yet another and probably the second most efficient method (after Reverse DNS queries) of tracing an IP to its exact geographical location, is to carry out a traceroute on it. The tracert or traceroute commands give you the names or IPs of the routers through which it passes, before reaching the destination. Windows users can perform a trace of an IP, by typing the following at the command line prompt: Example: C:\windows>tracert IP or Hostname

WINDOWS XP HACKING

27.

Prepared By: - Kishor M. Thanth

Hacking
Windows XP Hacks here tips, tools, and know-how to bend Windows XP to your will. The book delves into XP topics such as controlling the control panel, changing unchangeable icons, removing uninstallable XP components, stopping pop-up ads, taking a bite out of cookies, speeding up file downloads, protecting yourself with firewalls and proxy servers, and more. Users of both Windows XP Home Edition and Windows XP Pro Edition will find smart, timesaving, fun, and useful hacks for virtually every feature in their operating system. Even if you're not a power user yet, this topic will have you well on your way.

Miscellaneous Startup and Shutdown Hacks

Create One-Click Shutdown and Reboot Shortcuts
Turning off or rebooting XP involves a several-step process:

Click the Start menu, choose Shut Down, and then select Shut Down or Restart. If you want, displaying a specific message or automatically shutting down any programs that are running. First, create a shortcut on your desktop by right-clicking on the desktop, choosing New, and then choosing Shortcut. The Create Shortcut Wizard appears. In the box asking for the location of the shortcut, type shutdown. After you create the shortcut, double-clicking on it will shut down your PC.

But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:
Shutdown -r -t 01 -c "Rebooting your PC"

28.

Prepared By: - Kishor M. Thanth

Hacking

Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message "Rebooting your PC." The shutdown command includes a variety of switches you can use to customize it. Table 1-3 lists all of them and describes their use.

I use this technique to create two shutdown shortcuts on my desktopone for turning off my PC, and one for rebooting. Here are the ones I use:
Shutdown -s -t 03 -c "See you later!" Shutdown -r -t 03 -c "You can't get rid of me that quickly!"

Switches you can use with shutdown

Switch
-s -l -t nn

What it does

Shuts down the PC. Logs off the current user. Indicates the duration of delay, in seconds, before performing the action. Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks. Forces any running applications to shut down. Reboots the PC.

-c "messagetext"

-f -r

Control User Logins by Hacking the Registry

Make better use of the XP login screen.

If there is more than one user account on your system, or if you've set up XP to require logins, you'll have to log in to XP before you can begin to use it. But you needn't stay

29.

Prepared By: - Kishor M. Thanth

Hacking
with the default XP login rules; you can use a single Registry key to customize how you log in. For example, you can display custom text before login, and you can remind anyone with an account on the PC to change their password a certain number of days prior to the password's expiration.

To control logon options, run the Registry Editor and go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\currentversion\Winlogon subkey, which contains a variety of logon settings (as well as some settings not having to do directly with logons). Following are the most important values you can edit to customize logons.

Dontdisplaylastusername

This setting lets you control how the system logon dialog box is used. If this String value is present and set to 1, all users will have to enter both their username and password in order to log on. If the value is 0, the name of the last user to log on will be displayed in the system logon dialog box.
Defaultusername

This String value contains the name of the last user who logged on. It will be displayed only if the dontdisplaylastusername value is not present or is set to 0.
Legalnoticecaption

This String value, used in concert with the legalnoticetext value, displays a dialog box prior to logon that contains any text you want to display. (The text doesn't have to be a legal notice, but this value is often used for that purpose.) The box has a title and text. The legalnoticecaption value will be the dialog box's title.

30.

Prepared By: - Kishor M. Thanth

Hacking
Legalnoticetext This String value, used in concert with legalnoticecaption, contains the text that you want to be displayed inside a dialog box displayed prior to logon.

31.

Prepared By: - Kishor M. Thanth

Hacking
Passwordexpirywarning This DWORD value lets you display a warning message to users a certain number of days before their passwords are set to expire. It lets you determine how many days ahead of time the warning should be issued. To edit the value, click on the decimal button and enter the number of days. Shutdownwithoutlogon This String value enables or disables a button on the XP logon dialog box that lets the system be shutdown. A value of 1 enables the button (so that it is shown); a value of 0 disables the button (so that it is not shown). Shell This String value really doesn't have to do with logons, but it's one you should know about. It determines the shellthe user interfacethat will be used by XP. The default is Explorer.exe, but it can be another shell as wellfor example, the Program Manager from older Windows versions. Type in the name of the programfor example, Progman.exe for Program Manager, or Taskman.exe for the Task Manager. Autorestartshell This DWORD value doesn't have to do with logons either, but it's another good one to know. It sets whether to automatically restart the Windows shell if the shell crashes. A value of 1 automatically restarts the shell. A value of 0 tells XP not to restart the shell, forcing you to log off and then back on again to restart it.

32.

Prepared By: - Kishor M. Thanth

Hacking

Hacking Your Way Through the Interface

Hide All Icons in the Notification Area
The System Tray, also called the Notification Area, is the small area on the far-right side of the Taskbar, in which utilities and programs that run in the background, such as antivirus software, show their icons. I don't find it a particularly intelligent use of screen real estate, so I'd prefer not to see the icons there. To hide them, run the Registry Editor and go to
HKEY_CURRENT_USER/Software/Microsoft/Windows/currentver sion/Policies/Explorer.

Among other things, this key controls the display of objects throughout XP. Create a new DWORD called notrayitemsdisplay . Assign it a value of 1. (A value of 0 will keep the icons displayed.) Exit the Registry and reboot. While you're at the
HKEY_CURRENT_USER/Software/Microsoft/Windows/currentver sion/Policies/Explorer key,

You can also delete the My Recent Documents icon on the Start menu. Create a new DWORD called norecentdocsmenu. Assign it a value of 1. (A value of 0 will keep the icon displayed.) Exit the Registry and reboot.

Hack the Registry

33.

Prepared By: - Kishor M. Thanth

Hacking
If you haven't spent much time in the Registry, you can easily be cowed by it. At first glance, it's a maze of apparently incomprehensible settings. In fact, though, there's a method to the madness. The Registry is a hierarchical database of information that defines exactly how your system works, including virtually every part of XP and its applications. Editing the Registry database is often the best way to hack XP. In fact, there are many changes to the operating system that you can make in no other way. The way to edit the Registry is by using the Registry Editor , also called regedit, To run it, type regedit at the Run box or command line and press Enter.

The Five Logical Registry Hives

The Registry has many thousands of settings; in fact, it often has tens of thousands of them. They are organized into five main Registry sections, called Registry hives. Think of each hive as a root directory. Each of the hives has a different purpose. When you start to delve into the Registry, you may notice that many of the settings seem to be exact duplicates of one anotherin other words, settings in one hive mirror the settings in another hive. In fact, frequently one set of settings is merely an alias (called a symbolic link) of another, so that when you change those settings in one place, the changes are made in both hives.

34.

Prepared By: - Kishor M. Thanth

Hacking

Following are the five hives and what each does: HKEY_CLASSES_ROOT This hive contains information about file types, filename extensions, and similar information. It instructs XP how to handle every different file type and controls basic user interface options, such as double-clicking and context menus. This hive also includes class definitions (hence the word "CLASSES" in its name) of unique objects, such as file types or OLE objects. Frequently, classes associated with file types contain the Shell subkey, which defines actions, such as opening and printing, that can be taken with that file type.

35.

Prepared By: - Kishor M. Thanth

Hacking
HKEY_CURRENT_USER This hive contains configuration information about the system setup of the user that is currently logged into XP. It controls the current user's Desktop, as well as XP's specific appearance and behavior for the current user. This hive also manages network connections and connections to devices such as printers, personal preferences such as screen colors, as well as security rights. Also included in this hive are Security Identifiers (sids), which uniquely identify users of the PC and which have information about each user's rights, settings, and preferences. HKEY_LOCAL_MACHINE This hive contains information about the computer itself, as well as about the operating system. It includes specific details about all hardware, including keyboard, printer ports, storagethe entire hardware setup. In addition, it has information about security, installed software, system startup, drivers, services, and the machine's specific XP configuration. HKEY_USERS This hive contains information about every user profile on the system. HKEY_CURRENT_CONFIG This hive contains information about the current hardware configuration of the system, in the same way that HKEY_CURRENT_USER contains information about the current user of the system.

Using Keys and Values

36.

Prepared By: - Kishor M. Thanth

Hacking
Each hive is at the top of the hierarchy, and underneath each hive are keys, which can in turn contain subkeys, and those subkeys can contain subkeys, and so on, organized in folder-like fashion, much like a hard drive. Keys and subkeys contain a value, which controls a particular setting.

A key can contain one or more values. Following are the five primary data types of values in the Registry: REG_SZ (String value) This data type is easy to understand and edit because it is made up of plain text and numbers. It is one of the most common data types in the Registry. The value for doubleclickspeed, mentioned earlier in this hack, is of this type. REG_MULTI_SZ (String array value) This data type contains several strings of plain text and numbers. The Registry Editor will let you edit these values, but it won't let you create them. REG_EXPAND_SZ (Expanded string value) This data type contains variables that Windows uses to point to the location of files. For example, to point to the location of the Luna theme file, the expanded string value in the Registry is %systemroot%\resources\Themes\Luna.theme. REG_BINARY (Binary values) This data type is made up of binary data: 0s and 1s. Typical example of a binary value. As a general rule, you won't edit

37.

Prepared By: - Kishor M. Thanth

Hacking
binary valuesinstead you'll edit string values because they're made up of text and numbers,

REG_DWORD (DWORD values) This data type is represented as a number. Sometimes a 0 turns on the key or 1 turns off the key, though it can use other numbers as well. While you see and edit the value as a number, such as 456, the Registry itself views the number as a hexadecimal number, 1C8.

38.

Prepared By: - Kishor M. Thanth

Hacking

Values you'll encounter in the Registry Value name String value Binary value DWORD value String array value Expanded string value
Registry data type
REG_SZ REG_BINARY REG_DWORD REG_MULTI_SZ REG_EXPAND_SZ

Network Hacks.
Close Down Open Ports and Block Protocols
You don't need a firewall to protect your PC; you can manually close down ports and block certain protocols. Firewalls can protect your PC and your network from intruders. But if you don't want to install a firewall and you still want protection, you can manually close down ports and block protocols. Some of these ports and protocols are more dangerous than others. For example, leaving open the port commonly used by Telnet (port 23) means that someone could use that service to take control of your PC. And the infamous Back Orifice Trojan, which also can give malicious users complete control of your PC, uses a variety of ports, including 31337 and 31338 among others. To close down ports and protocols manually, right-click on My Network Places and choose Properties to open the Network Connections folder. Right-click on the connection for which you want to close ports and choose Properties. Highlight the Internet Protocol (TCP/IP) listing and choose Properties. On the General tab, click the Advanced button. From the Advanced TCP/IP

39.

Prepared By: - Kishor M. Thanth

Hacking
Settings dialog box that appears, choose Options, highlight TCP/IP filtering, and choose Properties. The TCP/IP filtering dialog box appears. To block TCP ports, UDP ports, and IP protocols, choose the Permit Only option for each. Doing this will effectively block all TCP ports, UDP ports, and IP protocols. You don't want to block all ports, though, so you have to add the ports that you want to allow to passsuch as port 80 for web access. You need to keep port 80 open if you want to browse the web. Click Add to add the ports or protocols that you will allow to be used, Keep adding as many ports and protocols as you wish to be enabled, and click OK when you're done. Only the ports and protocols that are listed will be allowed to be used.

Speed up your network browsing by tweaking your registry.

When you use My Network Places to browse for other machines on your network, it usually takes a long time to display the list of shared resources for the target machine. This is because Windows XP first checks for the scheduled tasks on the target machine before listing the shared resources present on the computer. This unnecessary checking can easily add 30 seconds of delay. You can decrease the time browsing takes by modifying the Registry to turn off this checking: 1. Invoke the Registry Editor by typing regedit at the command line. 2. Open the Registry key:
3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\currentversion\Explorer \ Remote Computer\namespace

4. Delete the following key (the value for it is the Scheduled Tasks):

40.

Prepared By: - Kishor M. Thanth

Hacking
{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

5. Close the Registry and reboot.

Hacking Away at the Registry

You'll find many dozens of Registry hacks sprinkled throughout this topic, but to give you a sense of the breadth of the kinds of hacks that you can accomplish using the Registry, i've put a wide-ranging sample of Registry hacks here as well. Seven great hacks that use the Registry to do their magic.

Automatically Close Programs at Shutdown

When you shut down Windows, if you have any programs running you'll get a message box warning you that a program is still running. You then have to close the program and tell XP again to shut down. It's a fairly pointless warningbetter yet would be if XP automatically killed the programs without issuing the warning. That way, you wouldn't get error messages and wouldn't have to

41.

Prepared By: - Kishor M. Thanth

Hacking
close each individual application before shutting down your computer. To have XP automatically close programs at shutdown, run the Registry Editor and go to HKEY_CURRENT_USER\Control Panel\Desktop. Edit the autoendtasks key so that is has a value of 1. If the key doesn't exist, create it as a DWORD value and give it the value of 1. To disable it, either delete the key, or set the value to 0.

Disable XP Shutdown
There may be times when you want to make sure that XP can't be inadvertently shut down. You can use a Registry hack to disable the normal Shut Down. Run the Registry Editor and go to
HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\Policies\Explorer.

Create a new DWORD value named noclose with a data value of 1. Exit

the Registry and reboot in order for the change to take effect. You won't be able to shut down Windows in the normal manner from now on; you'll have to run Task Manager by pressing CtrlAlt-Delete or right-clicking on the Toolbar, choosing Task Manager, and then using the Task Manager's Shut Down menu to

42.

Prepared By: - Kishor M. Thanth

Hacking
close Windows. If you want to reenable normal shutdowns, delete the noclose value.

Change the Names of the Registered User and Company

When you install XP or when it comes factory-fresh on a PC, a username and company name are entered as the owner of the system. And that's the way it stays, like it or not. But a Registry hack will let you change both. Run the Registry Editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\currentversion, and look for the values registeredowner and registeredorganization. Edit their value data to whatever username and company name you want.

43.

Prepared By: - Kishor M. Thanth

Hacking

Disable the Disk Cleanup Warning

If your hard disk has what XP decides is too little space left on it, the operating system will pop up a warning and recommend that you run Disk Cleanup. But you may be like me and not want a virtual nanny nagging you to clean up your mess. You can turn off the warning with a Registry hack. Run the Registry Editor and go to
HKEY_CURRENT_USER\Software\Microsoft\Windows\currentversion\Policies\Explorer.

Create a DWORD value called nolowdiskspacechecks and give it a value of 1. Exit the Registry and reboot.

44.

Prepared By: - Kishor M. Thanth

Hacking

Change the Default Location for Installing Programs

XP uses the C:\Program directory into which new can change the default using a Registry hack. Files directory as the default base programs are installed. However, you installation drive and/or directory by Run the Registry Editor and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\currentversion. Look for the value named programfilesdir. By default, the value will be C:\Program Files. Edit the value to any valid drive or folder; XP will use that new location as the default installation directory for new programs.

45.

Prepared By: - Kishor M. Thanth

Hacking

Change the Size of Your Mouse and Keyboard Buffer

You sometimes may get an error message telling you that you have an overflow in your mouse buffer or keyboard buffer. When that happens, it means the buffer isn't large enough and you need to increase its size. To increase your mouse buffer, run the Registry Editor, go to
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\Mouclass\Parameters,

and find the mousedataqueuesize subkey. The default setting is 100 (64

hex). Increase the decimal number to increase the size of the buffer; then exit the Registry and reboot. You may need to try several different settings until you find the right one. To increase the keyboard buffer, look for the
subkey
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\Kbdclass\Parameters. keyboarddataqueuesize

in

The default setting is 100 (64 hex). Increase the number to increase the size of the buffer; then exit the Registry and reboot.

46.

Prepared By: - Kishor M. Thanth

Hacking
Again, you may need to try several different settings until you find the right one.

Place Windows Kernel into RAM

It's a given that anything that runs in RAM will be faster than an item that has to access the hard drive and virtual memory. Rather than have the kernel that is the foundation of XP using the slower Paging Executive functions, use this hack to create and set the disablepagingexecutive DWORD to a value of 1. Edit the Registry key
Manager\Memory

HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Control\Session Management\disablepagingexecutive

to 1 to disable paging and have the kernel run in RAM (set the value to 0 to undo this hack). Exit the Registry and reboot. Note: Perform this hack only if the system has 256 MB or more of installed RAM!

47.

Prepared By: - Kishor M. Thanth

Hacking

48.

Prepared By: - Kishor M. Thanth

Hacking Bibliography

www.en.wikipedia.org/ www.pcword.com www.realityhacking.com/ hacking Book (E-Book) ankit Fadia How to learn Hack (e-book)

49.

Prepared By: - Kishor M. Thanth