L6(ELL6) n SECURITY n ! HACKING

SECURITY AND SOME HACKING TOOLS.

2006-10-28T14:32:00.000-07:00

Hello friends. I belive TO be a true security anylst/expert u need to think as a hacker thinks!
So i have included some books and some tools which hackers learn from. Books contain how to be a hacker which reveals how they think... so we can defeat them in their ways. And about the tools these are openly available... tools as privacy protectors, ip hiders and like which they use. U can crack these tools to know how these work so i have uploaded them for the downloads.

WARNING : THESE R NOT MY WORKS. USING OF THESE IS FOR EDUCATIONAL OR WITHIN HOME NETWORK IS ADVISABLE. I AM NOT RESPONSIBLE FOR THE DESTRUCTION CAUSED OR THE ILL-EFFECTS, whatsoever. THESE ARE ONLY PROVIDED FOR EDUCATIONAL PURPOSES.

....Links ....

BOOKS

http://rapidshare.com/files/1074575/Addison.Wesley.Defend.I.T.Security.by.Example.May.2004.eBook-DDU.chm

http://rapidshare.com/files/1074567/sec1.rar

http://rapidshare.com/files/1074568/sec2.rar

http://rapidshare.com/files/1074569/sec3.rar

HIDDEN GOOGLE QUERRIES...

This can be called google hacker nice tool.

http://rapidshare.com/files/1074570/Alt-Google.rar

KEY LOGGERS...

Well parents are concerned about their childerns. So to moniter what they do use this. U can even use these to get to know if some1 is breaking in2 your system, how? because these tools moniter the keystrokes... u will come to know how just install them and ----> readme....

http://rapidshare.com/files/1074571/KeyLoggerS2.rar

Dos tester: (dont use this untill u know what u are doing)

dont use this:: warning: dont use these: GOOGLE FOR Dos first and know what is dos and use them afterwards if u want. THESE ARE FOR PENETRATION TESTING AND NETWORK TESTING ONLY. I am not responsible for the adverse effects caused.

http://rapidshare.com/files/1074572/FlooD_DoS.rar

WEBSITE CRACKER TESTER:

u have a own web site. well use this to test if its secure... break in with this and u will know....

http://rapidshare.com/files/1074573/WebCrackv4.0.zip

MESSENGER TOOLS

Some of the messenger tools....

http://rapidshare.com/files/1074574/messenger_tools.rar

SOME BASIC TOOLS

http://rapidshare.com/files/1074576/tools1.rar

Setting up ur own home server

2006-10-26T19:32:00.000-07:00

Hey everyone....

Overview: What we are going to do is set up a webserver, that, will run php, mysql, perl and cgi scripts. First and foremost you want the webserver, the one i used and that i recommend is Apache HTTP Web Server http://www.apache.org/ - I downloaded the win32 MSI package When you goto install the server youll be asked for some info Network Domain: Server Name: l Admin Email: Enter as follows: localhost 127.0.0.1 your e-mail address Once installed, open the Apache Monitor and make sure its running (run it as a service during install) goto start->Apache HTTP Server-> Configure Apache Web Server->Edit Configuration File this opens notepad and your config file Find DocumentRoot and enter in the dir that you will be keeping your files in like this E:/dir (use the backlash) scroll down and Find http://localhost or http://127.0.0.1/ in your web-browser if you see your index page good its working -------now to install CGI/PERL----------- Get ActivePERL from http://www.activestate.com/ Install ActivePERL to a directory named e:\usr (it dont HAVE to be that name but its recommended) have the "add Perl to the PATH environment variable" checked and "Create Perl file extension association" checked open your Apache Config File like above Find Options Indexes FollowSymLinks add ExecCGI to the end of it so it looks like Options Indexes FollowSymLinks ExecCGI Next, Find ScriptAlias /cgi-bin/ "E:/Apache2/cgi-bin/" hash it out by adding a # in front of that line Next, Find #AddHandler cgi-script .cgi Remove the hash and .pl to the end like this : AddHandler cgi-script .cgi .pl Test CGI/PERL: open a new notepad document and paste in #!e:/usr/bin/perl print "Content-type:text/html\n\n"; print "hello world"; where the top line is where perl.exe is installed save as either test.cgi or test.pl put into your DocumentRoot Directory goto Apache Monitor and restart goto http://127.0.0.1/test.cgi or http://localhost/test.pl whichever you named the filetype If you see the words Hello world, good its working --------installing PHP------------------ goto http://www.php.net/ and get the zipped version of PHP that is Win32/Apache compliant unzip and goto the directory you unzipped it to and rename php.ini-dist it to php.ini open php.ini Find doc_root = "e:\public_html" and change it to whatever your DocumentRoot is Find extension_dir = "./" change it to the ext folder that unzipped with php kinda like E:/php/ext Now open you Apache Config File again and paste LoadModule php5_module "e:/php/php5apache2.dll" AddType application/x-httpd-php .php PHPIniDir "e:/php" in the beginning or end of the config file, make sure to change the paths to the relevant ones where you unzipped php save and goto Apache Monitor and reset open up a new notepad put in save as test.php in your DocumentRoot goto it in your webbrowser if you see a bunch of stuff, its working ---------Installing MySQL -------- goto http://dev.mysql.com/downloads/mysql/4.1.html and download the version for Windows install the MSI and choose these Typical Setup Skip Sign-Up make sure "Configure the MySQL Server now" is checked Detailed Configuration" Developer Machine" Multifunctional Database" InnoDB Tablespace Settings" - leave the same Decision Support (DSS)/OLAP" make sure "Enable TCP/IP Networking" is checked and leave the port number at 3306 Standard Character Set check "Install As Windows Service" "Include Bin Directory in Windows PATH" checked enter root password dont let remote access hit "execute" and it'll install and set up. Copy the libmysql.dll from your php directory to your system folder(usually system or system32) open your php.ini file Find ;extension=php_mysql.dll and remove the semi-colon goto Apache Monitor and restart to test yor MySQL by php make a new notepad file and paste save it as sqltest.php in yor documentroot folder load it in your browser if you see it you know its working later on when ive had some rest ill tell you how to set phpMyAdmin so you can better have control over your MySQL databases till then

NEWS

2006-10-26T17:50:00.000-07:00

In NEWS...

"SECURITY SECTION"

· nst-28.txt[N]eo [S]ecurity [T]eam [NST] - Advisory 28 - 2006-10-25: PHP-Nuke 7.9 and prior Search module author SQL Injection vulnerability.

· dsa-1199-1.txtDebian Security Advisory 1199-1: Several vulnerabilities have been identified in webmin, a web-based administration toolkit.

· safebreaker.tarSafebreaker is a demonstration next-generation packet-sniffing backdoor, that doesn't require libpcap. It offers a full terminal support, comes with a tls encryption for the connection, and the authentication parameters are configurable.

· DSL-G624T.txtThe D-Link DSL-G624T ADSL Router is vulnerable to several security issues including directory traversal, and cross site scripting.

· fbf.tgzFBF - FTP Brute Forcer: This is a ftp brute force dictionary attacker that can read a list of users or specified user and run a password list attack against them. The brute forcer has a delay option which makes it not clog up the server with to many connections the option is defaulted to 10 seconds but can be changed for longer iterations. Inside the tar is a the fbf.pl, and user and password list.

· cPanel10.9.0R50.txtWHM 10.8.0 and cPanel 10.9.0 R50 suffer from multiple cross site scripting vulnerabilities.

· RMSOFT-xss.txtRMSOFT suffers from a cross site scripting vulnerability in images.pgp

· VirtualLawOffice.txtVirtual Law Office suffers from a remote file inclusion vulnerability in phpc_root_path.

Flaw found in new Microsoft browser(IE7)

2006-10-26T17:47:00.000-07:00

"SECURITY SECTION NEWS"

SOURCE- The Age (Australia)

beware ie7 users .....

An Internet Explorer 7 flaw, found just hours after the browser's launch, could result in sensitive data such as your internet banking details falling into the hands of criminals, says Danish security firm Secunia. "A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information," says an advisory published on the Secunia website. "The vulnerability is caused due to an error in the handling of redirections for URLs ... This can be exploited to access documents served from another web site," the advisory reads. The flaw enables attackers to steal user information that's being entered on a separate website, just as long as the user is visiting a site exploiting the flaw in another window.

Virtual File System - /proc

2006-10-26T17:42:00.000-07:00

By: Danny "Dr. T" edited by evileye...

"SECURITY SECTION"

This article gives a brief overview on the /proc file system. It explains how to gather information using /proc and how to change system information (shortly explained). The article mostly focuses on important parts of /proc and less on others. Even though it is a short article, it provides good information for any UNIX-based operating system user.
The /proc file system is sort of mechanism that is used for the kernel and kernel modules to send information to processes (hence the name). This pseudo file structure allows you to interface with the internal data in the kernel, and to obtain information about the system/processes and to change settings. The /proc file system does not occupy space on hard drive; therefore it (and its files and sub- directories) is referred as â€œvirtual file systemâ€, but yet looks and acts like disk-based file system.
In order to use the /proc file system, two settings must be enabled in the kernel:CONFIG_PROC_FS â€“ access/view/edit the /proc file system, and CONFIG_SYSCTL â€“ modification without requiring a reboot. On most Linux distributions, those two settings are enabled by default. However, if you build your own kernel, make sure that you enabled them.
How does it work?
As mentioned above, neither the /proc directory nor its sub-directories and its files actually exits (virtual), so how one can access, read and edit those files? They are created dynamically in memory form raw kernel data only on demand when you access them.
Getting System Information
This /proc directory contains sub-directories in it, which contain information about the system. All the sub-directories are read-only, since they are used to gather system information. The first class of sub-directories is â€œProcess Specificâ€. As the name implies, they are used to gather information on specific processes. Each running process has a sub-directory under /proc, which is named after the PID (Process ID). For example:
$ ps â€“aux grep â€œsyslogâ€
root 660 0.0 0.4 1428 588 ? S Nov18 0:00 syslogd â€“m 0
Syslogdâ€™s PID is 660, so in order to find more information about Syslogd, one should look at the sub-directory /proc/660. Each process sub-directory has various files under it. Few of them are given below:
/proc/PID/cmdline â€“ prints command line arguments
/proc/PID/cwd â€“ link to the current working directory
/proc/PID/environ â€“ values of environment variables
/proc/PID/mem â€“ memory held by the process
/proc/PID/status - process status
/proc/PID/statm â€“ process memory status information
For example, to get the status of a running process, all you have to do is to read the file /proc/PID/status. The â€˜psâ€™ command uses the /proc file system to obtain information about running processes on the system. Indeed, most of the information is available to use through UNIX commands.
Not only information about running processes can be gathered, but also information about the running kernel. Note that not all of the kernel files will be present in your system. It depends on the running kernel, kernel configuration and loaded modules. Important files are given below:
/proc/cpuinfo â€“ information about the CPU (model, cpu family etc.)
/proc/devices â€“ available devices
/proc/interrupts â€“ interrupt usage
/proc/iomem â€“ memory map (version 2.4)
/proc/ioports â€“ I/O (Input/Output) port usage
/proc/kmsg â€“ kernel messages
/proc/meminfo â€“ memory info
/proc/modules â€“ list of loaded modules
/proc/mounts â€“ list of mounted file systems
/proc/net â€“ network information (see below)
/proc/sys â€“ change the parameters within the kernel
/proc/version â€“ kernel and system version
As mentioned above, you can use the command lsmod to view the list of loaded modules, which is equal to cat /proc/modules.
/proc/net
A variety of network information and data is available in the /proc/net directory. The more useful files available in the /proc/net sub-directory (short explanation how to use them) are given below:
/proc/net/dev â€“ information about the configured network interfaces. This file can be used by network administrators to view the status of the network. /proc/net/[tcp,udp,raw] â€“ those three files shows information about open network sockets. The information is exported by the kernel. Note that those files are relevant for IPv4 only. /proc/net/route â€“ routing table; available using the command route.
Modifying System Information
In the previous part, I discussed about the various information than can be gathered using the /proc file system. In this part Iâ€™ll briefly discuss about the interesting part of the /proc file system - /proc/sys.
The /proc/sys allows you to change the parameters within the kernel, contrary to the previously mentioned files, which are just source of information. Note that you must know what you doing/changing when attempting to change anything; it might optimize your system or make the system crash. Therefore it is recommended to use a test machine to test your new configuration. Information change is done using the UNIX echo command (see below).
I will continue in the same pattern I used above â€“ few examples for /proc/sys and a bit explanation
/proc/sys/kernel
This directory contains information which reflects general kernel behaviors.
/proc/sys/kernel/domainname â€“ holds the NIS name for the machine. Use echo command to change: # echo â€œmydomain.comâ€ > /proc/sys/kernel/domainname
/proc/sys/kernel/hostname â€“ holds the name of the machine. Use echo command to change: # echo â€œfrogâ€ > /proc/sys/kernel/hostname. You can run as root the command # hostname frog and have the same results.
/proc/sys/kernel/{osrelease, ostype, version} â€“ the names indicate what the files contain. Those files can be tuned only when you build a new kernel.
/proc/sys/vm
This sub-directory contains files, which can be used to tune information about the virtual memory (VM) subsystem. I will not explain about this sub-directory, due to its complexity.
/proc/sys/net
This sub-directory is the gate to the networking parts in the kernel. I will dead with sub-directories and files concerning IP networking and security.
/proc/sys/net/ipv4 â€“ IPv4 is the most used protocol in UNIX networking. This sub-directory controls the behavior of the IPv4 sub-system of the kernel. This sub-directory is playing a major role on securing a UNIX system, even though it is neglected by network administrators.
This sub-directory contains many files for ICMP configuration, IP configuration, TCP configuration, interface configuration and more. To understand better the meaning of each file, I recommend reading the documentation of the Linux Kernel.

HIDING FILES

2006-10-26T17:36:00.000-07:00

By: [evil]eye

"SECTION SECURITY"

I'm writing this assuming you know the basics of using Terminal. This paper is for those who have nosey brothers, sisters, parents and or if you can't trust what your friend is going to do on your computer when you go to use the restroom. What are we going to do? Choosing a good place for the hidden folder, creating it, and opening it.
How To:
We are going to create a folder that you cannot see unless your in terminal and you type ls -a. But first we need to find a good place to put just incase someone is actually knows what there doing. I would probably put it somewhere in the home directory like the Movies, Music, Sites, or Documents folder. Once you pick one of these we move on the to the next step.
Now that you have selected the folder, we need to create a hidden folder. You can do this with a simple mkdir command in Terminal. I'll put making my hidden folder in Sites:
[My-Computer:~] inviz% mkdir ~/Sites/.hidden
Now you would probably want to call it something less obvious than ".hidden" like downloads, or something uninteresting. Now you may have noticed that little "." infront of the word hidden. These kind of folders can not be seen by a normal ls command without certain arguments and can not be seen by someone browsing through your folders.
Now that you have your hidden folder created, do an ls -a in the directory where you made your folder just to make sure it's named right.
[My-Computer:~] inviz% cd ~/Sites [My-Computer:~/Sites] inviz% ls -a .hiddenN3KMy site Index.htmlmain.htmlcontact.html
All your looking for is the ".hidden" folder just to make sure it's there. Now we need to open it.
[My-Computer:~/Sites] inviz% open .hidden
Now a window in the Finder should open. And you can put all your pr0n in there and whatever else you don't want your nosey friends to see.
For future reference:
If you want to open it again "open .hidden" will not always work unless your in the same directory. Since my ".hidden" folder was in directory "~/Sites" I have to type:
[My-Computer:~] inviz% open ~/Sites/.hidden"
Now if you want to delete the folder along with the contents just type:
[My-Computer:~] inviz% rm -rf ~/Sites/.hidden
Be VERY CAREFUL while using the rm command. If you do it wrong you might delete something that you really need and you wont be able to get it back.

ARP SPOOFING EXPLAINED...

2006-10-26T17:32:00.000-07:00

Article written by barfbag mail id barfbag@theblankpages.com edited by evileye...

"SECTION SECURITY"

ARP spoofing is an effective way to intercept, sniff, hijack and DoS connections. It is a more effective way of hijacking sessions, because it allows attackers to see incoming and outgoing communications, as if they were a proxy, as opposed to "blind" TCP/IP spoofing.
Background on ARP
ARP stands for Address Resolution Protocol. Basicaly it translates IP addresses into ethernet or MAC addresses. ARP is completely separate from TCP/IP, since it uses only the ethernet frame in its packets. ARP is very similar to DNS, except instead of converting host names to IP addresses, ARP converts IPs to MAC addresses.
MAC addresses A MAC address, or Media Access Control, is the address hard coded into the ethernet card. Changing it is possible but irrelevant to this article. MAC addresses consist of six hex numbers separated by colons or dashes ie. 00:3E:41:D2:53:21 or 00-3E-41-D2-53-21. Routers use these addresses along with IPs to route packets for example:
Machine A wants to open a connection on server B
1) A sends ARP to subnet asking "who has B's IP address? tell Machine A"
2) All Machines on the subnet recieve the query, if their their IP matches that of the query then they send back a response in this case:
3)Server B sends an ARP response of "My IP is at ethernet address 00:3E:41:D2:53:21" or whatever.
An insteresting thing about ARP, is that to improve efficientcy, it caches entries. This is so that every packet doesn't need to have a corresponding ARP query and response. Instead, the machine remembers what IP corresponds to what MAC. This cache is called an ARP table, and is flushed about every minuet or so depending on the operating system.
ARP Spoofing
Alright, enough of the boring stuff. On to the fun part: ARP spoofing. Here is the vulnerablility in the ARP protocol: to improve efficiency, most systems update their tables every time they get a response, even if they didn't ask for it. This means that an attacker can send a message out to computer B, saying "Computer C is at my MAC". Packets sent from B, to C's IP will instead be routed to The attackers computer. Below is A diagram:
A simple ARP Hijack
Note: for clarity, MAC addresses will be represented by Shapes.
A:Attacker:Square:192.168.0.2
B:Box:Triangle:192.168.0.3
C:Server:Circle:192.168.0.4
1)A--->B "192.168.0.4(Server) is at MAC address Square"
2)A--->C "192.168.0.3(Box) is at MAC address Square"
Now any communication from Box to server or Server to Box, is routed to the attacker, who can now decide what to do.
ARP Spoofing as DoS
One sneeky way of launching a Denial of Service attack is similar to DNS poisoning. Basicaly, the attacker tells the box he is DoSing that either his, or some other computer's MAC attaches to that of the routers. Basicaly what happens here is all of the DoSed box's packets go to some other computer instead of the router, making it impossible to access addresses outside the subnet.
...As Sniffing
Sniffing or passive hijacking is when the attacker lets the to machines talk to each other but monitors or "sniffs" the communications for information like logins or passwords. This can be extreamly devistating because the attacker can then gain authenticated access into the system.
...As Hijacking
Ah yes, if the attacker happend to decide to, he may cut off the user form the server and inject his own commands. Lets look at this example: Andrew, the attacker has set up a ARP hijack between server Sam and client Clay. Andrew watches as Clay telnets into sam and logs in. As soon as this happens Andrew stops forwarding Clay's packets to Sam. He then injects his own packets to Sam, pretending to be Clay that instruct Sam to create a new user account (using Clay's privleges). Andrew then starts forwarding packets from Clay back to Sam and Clay dismisses the lag to his bad connection. That is basicaly how ARP hijacking works, it can get a bit more complicated, but the purpose of this guide was to give a general understanding. Hope it helped.
Questions and Comments >> barfbag@theblankpages.com

New downloads UPDATED on 26.10.2006

2006-10-24T14:52:00.000-07:00

These are few of the modding tools used to modifiy the look or internally edit the settings of L6.

WARNING: MODDING THE CELL PHONE MAY VOID UR WARRANTY A WORD OF CAUTION...

This is the total L6 FLEX backup of the l6 phone. This is used when u ruin all the settings of ur phone. Just flash it with p2ktools to get back ur settings!!!

L6 FLEX backup

http://rapidshare.com/files/546611/L6_orin_flex_flex_tools.rar

P2k EASY and all p2k drivers

http://rapidshare.com/files/546610/p2keasy_all_p2k_drivers.rar

This is used to coustomize ur seems all the seems with lot of functions........

http://rapidshare.com/files/546609/P2KAE_5515.rar

This is used to edit ur menu files(.mnu or .mmc or whatso ever), check it....and it also has p2k manager...

http://rapidshare.com/files/546608/p2k_manager_style_mnu_editor.rar

All versions of P2K commander .............

http://rapidshare.com/files/546607/p2k_commander.zip

Moto explorer new, mp3 2 midi and a tool

http://rapidshare.com/files/546606/moto_xplorer_tool_mp3_2_midi.rar

DRIVERS: These are all the drivers... Many people requested so found many, i have zipped hem and grouped so that u all can easily download.

http://rapidshare.com/files/546605/Complete_l6_drivers.rar

P2k tools ALL VERSIONS .......

http://rapidshare.com/files/546604/all_p2k_tools.rar

NEW SKINS UPDATED!!!

2006-10-23T17:56:00.000-07:00

new skins updated wit moto skinner software or something similar,i mean the name of the software i don't remember it now.... for time bein lets call it moto skinner.... Well moto skinner is a software used to upload the skin files to ur mobile. To be very simple it serves as interface between ur mobile(l6) and the operating system....

moto skin download link is.......

http://rapidshare.com/files/430919/Skins_Manager_0.40.03A.rar

Skins : New good skins with lots of features included....!

Some of the skins uploaded can be downloaded with(i mean using) the link below ....

http://rapidshare.com/files/430918/skins6.rar (skins archive set1)

http://rapidshare.com/files/430917/skins5.rar ( set 2 )

http://rapidshare.com/files/430916/skins4.rar (set 3)

http://rapidshare.com/files/430915/skins2.rar (set 4 and so on...

http://rapidshare.com/files/430914/skins1.rar

http://rapidshare.com/files/430913/skins.rar )

a midas tool

http://rapidshare.com/files/426662/midas.zip

WELCOME

2006-10-23T17:37:00.000-07:00

Here v go gain.... boo.. with my new F*** sit3??? ha? well <> They really do! BELIVE ME !!! Well it is my site to giveya the ans....butt a temp cite..

WELL START TO REQUEST HERE..........................