ÜÜÜ ÜÜÜ Ü ÜÜÜÜÜÜ ÜÜÜÜ ÜÜÜÜ ÜÜÜ ÜÜÜÜÜÜ ÜÜÜÜÜÜ ÛÛ ÛÛ Û ÛÜ Û Û ÛÛ Û ÛÛ Û ÛÛ ÛÛ ÛÛ Û ÛÛ Û ÛÛ ÜÛÛÜÛÛÜ Û ÛÜÛ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ ÛÛ ÛÛÜÜ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ Û Û ÛÛ ÛÛÛÛ ÛÛÛÛ ÛÛÛ ÛÛ ÛÛÛÛÛÛ -[ Antidote ]- ---------------------------------------------------- Contents: Introduction News: Melissa Virus? - Lord Oak Submittings: Hackers Poem - Scorchen Front Page - Redemption Installing Linux - Lord Oak NT glitch - Lord Oak Confusing Viruses - Lord Oak Getting Caught - Lord Oak|PBBSER News Sites - Lord Oak ---------------------------------- /* Introduction */ ----------------- Here is one more issue released of Antidote. This is #4. We have over 265 subcribers to our magazine. But once again, knowone submitted anything. We have been recieving e-mails about how the content is good in our magazine, but folks, we can't keep the content good if you don't submit anything. You can submit anything that has to do with computer security. I can't believe that none of you have ANYTHING to write about. This leaves articals open for hacking, virus, programs, news, exploits, and more. Now your telling me that there is nothing for you all to write about? I am having trouble comming up with things to write about, this means that if you don't start sending in your articals that we will have to shut Antidote down due to lack of content. And trust me, i don't want to do that. I have been working on some really important things for Antidote, such as trying to get it printed as a offline e-zine. This is going to cost a lot of money so i am going to try to get a job to pay for the printing. Also, i am going to set up a voting both on how much you would pay for Antidote to have it shipped directly to your house or wherever you want. I mean, for like each magazine, not a whole subscription. We really need articals and submissions so please send them in... You can send them to lordoak@thepoison.org or duece@thepoison.org either one is fine. -Lord Oak lordoak@thepoison.org ---------------------------------- /* News: Melissa Virus? */ ------------------------- As many people have heard, there is a new virus going around called "Melissa". What happens is when you download this 'virus', it will automatically take the first 50 people that are on your Address Book for e-mailing people and it will e-mail them the virus. The subject of the mail will be something like this: Important message from This was clever of the writer to do, to take the person's name that should be in their e-mail settings and have them send an e-mail with the subject containing their name. Now there will be an attachment connected to the e-mail and when you download it, it lists a bunch of porno sites, what you don't know is that it is sending the first 50 people on your address book the same e-mail. It is just a repeating pattern. Though, this virus doesn't do anything harmful to your computer, it could be harmful to the mail servers because if you could imagine having 50 people downloading this, then at the same time sending 50 more people the e-mail. It could easily crash a mail server. The other day, the Australian government was forced to shut down their e-mail server so they wouldn't get infected by Melissa, along with the Marine Corp's mail server. Also, as many people have heard, the person who made this virus was a 30 year old male that had a stolen AOL account. He was finally caught and hasn't admitted to making the virus, wich could make the trial even harder to convict him of it. Mainly because since his AOL account was stolen, there really is no way of proving him unless catching him in the act of being on the AOL account. /* Hackers Poem */ ----------------- Word games and silly names everyone thinks the're a comedian law suit blames and some ones framed Each law broken is a new Meridian. If your head you keep, the better you sleep the more you have to show Don't get into deep, and utter not a peep And the further you will get to go. Blending together, always and forever Staying true to repuations, they obliterate No one survives the weather, CDs, disks, and tight leather Fighting to stay in the game, they meditate and immitate. When the price is steep, the thrill they keep Fame is the games main objective Buisnesses weep when a hacker has reeped If you can't keep up, immediately intercepted. So to remain a friend to the bitter end One promise you are expected to keep Always you bend and into data you'll blend Remaining secretive, you were just a computer bleep. Never Suspected Never Connected Always Expected Always Repected -Written by Play, Submitted by Scorchen scorchen@cyberarmy.com ---------------------------------- /* Front Page */ --------------- Well, first of all I want to say, that this is the lamest type hack out there, but it works. Ok, i'm going to start with explaining FrontPage, and its password file. Frontpage takes the users passwd and puts it into a passwd file called 'service.pwd' Why does frontpage take the users passwd and put it in service.pwd? Because frontpage ftp's to a user's account and logs them in automatically. Now, how to use this information for educational purposes....... The passwd file is called service.pwd (which you already know) and is located in a directory called '_vti_pvt'. To be sure you have access to the directory, you will have to root the server in some sort of way, so you have access to all the folders. All you have to do is go into one of the dir's and then to '_vti_pvt' and download service.pwd. Or, you can simply type in your webbrowser http://www.whateveryouwant.com/_vti_pvt/service.pwd (only works with older systems). The passwd is encrypted and will need to be cracked with a cracker. John The Ripper works good in this case, and you will need a wordlist (I recommend 100megs or bigger). Just simply run your cracker and there you go! Log in to the account and you have total access to the website. Now, to make sure you know what website you are hacking, simply highlight '.htacccess' and hit 'view' from your FTP client. The purpose of '.htaccess' is to control passwords for logging into Web servers, and it displays domain name in the file. THIS INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY! USE AT YOUR OWN RISK!! Yea this text was alittle patchy, and a very stupid topic, but, i promised TheDuce, that I would do another text, so here it is. -Redemption redemption@sekurity-net.com ---------------------------------- /* Installing Linux */ --------------------- I have been recieving a lot of e-mails asking questions about how to set up linux on their computer. So, i just decided to write a little text about it. \System Requirements/ ------------------- IBM Compatible PC 8 MB of memory or "ram" CD-Rom Drive One or more disk Drives (40 MB or more) 3.5" Floppy disk Drive (A: drive) These are the minimum requirements, if you run a computer with this, you might want to upgrade for a better performance. If windows is currently on your computer, then your chances are great that you can install linux on there too. Most of them require the same requirements. For a typical desktop theme, you might to have ATLEAST 35MB of ram and about a 500MB hard drive. Your processor doesn't have to be from Intel, but it does need to be a compatable PC. You'll need a video card as well, any video card will do. \Getting Started/ --------------- We are going to use X-Windows on the system of your choice. In order to do this, your monitor will have to be ATLEAST 14 inches. Video adapters are are measured in the resolution, and the number of colors it can display. You will want to set your resolution to 800x600 or more along with atleast 256 colors. Installing Red Hat 5.2 is pretty easy. You only have 2 things or questions that you have to fill in that might even be remotely tricky or confusing. Here are the 2 questions: 1) What kind of video hardware you have 2) What decisions how to use your disk drives 3) Wich packages you want to install I would reccomend finding out the answers to questions 1 and 2. We will go over number 3 in this guide. It is always/also good to know the manufacturer of who made that product and also the model you are using. The list of things you want to know about the product will include the fallowing question you might want to answer before installing: The number of serial ports What type of modem (optional), and what serial port it is connected to (ex: COM1, 2, 3) Network Adapter Video Card (ammount of video memory that your card can hold) Sound Card Monitor Disk Drives You should also know the fallowing about your disk drives: IDE or SCSI interface Wich interface your drives use Number of drives and their storage capacity All of these questions can be answered easily if you are currently running Windows 95, 98 or NT. The easiest way to find out this information is to go into a icon that should be on your desktop called "My Computer" then double click on it. A window should pop-up with a list of things that you can click on. On the menu bar go to "View" then drag down to "Details". Now it should give you a list of all the information you need to install Linux or Red Hat 5.2. On some computers, it doesn't give or gather any information on your video card. So now you will have to go back into "My Computer", and then double click on the icon that says "Control Panel". Now, double click on "Display". Select the "Settings" tab, and then select the "Display type" button. This should give you the information on your video card or also known as the "Adapter" and how much memory the "Adpater" has on it. Information about or on your modem can also be found in the control panel, except select the icon called "Modems". Please be sure to write down the modem manufacturer, the model, and wich port it is attached to. If for some reason you can't drag up this information, i wouldn't worry about it to much. The installation will probably find or figure out most of this information anyways. But it is always good to know incase it doesn't. \Introduction to Partitioning/ ---------------------------- If you know what a disk partition is then you don't really need to read this section. But if you don't, I would recommend reading this cause it is a big part in the instalation process. Think of partitions like folders (well, it kinda is), on your hard drive. You have your hard drive then you have lets say, 2 folders. You can put whatever you want in those 2 folders and organize them any way you want to. You can put something in one folder, and have it not bother any of the contents in the second folder. It is just a way of organizing (kinda). A question I commonly get is that "Why can't I just make my Linux box all one partition?". Well, there are a bunch of reasons. One reason is that you might want to make a back-up tape. The usual or the easiest way to make a back-up tape is just to copy everything from a single partition and not go through and copy everything you want to save. This obviously saves time and you don't have to sit at your computer and wait for it to finish so you can select the next file. You can just select a partion to back-up then go somewhere else. \Setting your Partitions/ ----------------------- While you are installing Linux, it will ask you to specify the partitions that you want. Linux requires that you make atleast 2 partitions and Red Hat requires atleast 4. You can just about have any number over the requirement you want. Obviously you want to set up the partitions to use up all your space on your hard drive. So, begin making some partitions and set the size to whatever just as long as all of your partitions equal the size of your HD. Here is an example: If your HD is 200 MB then, you would make a partition called HDA1 and set the size to 100 MB. Then you would want to make a HDA2 and set the partition to 100 MB. Add them both up and you get 200 MB, wich is how big your HD is. Red Hat requires that you have 2 partitions named "Swap" and "Root". Swap- twice the size of your computer memory, not more then 127 MB, but not less than the ammount of memory that your computer can hold Root- Anywhere from 50 MB to 100 MB. This is where the configuration files are stored. This partition often contains such things as mail, news, and other misc damaens. If for some reason the instalation proccess will not accept your software and you have it all set right. Then go to www.redhat.org and they have a list of programs/hardware that you can use or run to find it. -Lord Oak lordoak@thepoison.org ---------------------------------- /* NT Glitch */ -------------- All NT admins should be aware of this glitch considering that if you get a "hacker" in your system comming in through this glitch, that it is NOT illegal... So someone could hack you illegally. This glitch doesn't work on any desktop workstation units or any NT system, in works on any Windows 95 laptop that supports the PCMCIA manager. Take a typical office situation to show how quickly a hacker could become and authenticated user on a network. A sales person is writting up his latest report on a Windows 95 Laptop, wich is logged on to the network via a networkinterface card (NIC) in the PCMCIA slot. The user has a NT Domain user account with Systems Management Server (SMS), and has saved his network passwords to the .PWL file. Before he wants to go out to lunch, he activates his password-protected screensaver. Any hacker can now gain access to the user's Domain NT account without having to hack or even crack a passwd file. All the hacker has to do is hit ALT+CTRL+DEL two times wich will reboot the computer then quickly turn it off while it is still trying to boot it up. But the hacker also has to remove the PCMCIA NIC, then turn the power back on. He will then get a message from ScanDisk that he should completely ignore telling him how he shut his computer down wrong. Then it will tell him that the laptop has no NIC in it, and boots up a standalone laptop. When it's finished booting up, the hacker does a hot insert of the NIC back into the PCMCIA slot. The PCMCIA detects the the NIC has been replaced into the computer and automatically loads the network protocols. It also uses the .PWL file and attempts to login to the network and starts SMS. If the network passwords were saved, the laptop is logged into the network as that laptop's owner without any intervention or dialogs. The hacker is now that user. By using a program such as Revelation, the hacker can quickly discover passwords stored for other resources and programs to use in the future. -Lord Oak lordoak@thepoison.org ---------------------------------- /* Confusing Viruses */ ---------------------- Some viruses send malicious commands to the autoexec.bat file, in wich windows executes on a start up. A way to avoid this "virus attack" is to rename autoexec.bat to another name but there are a couple of steps you will need to fallow in order for it to work. -Rename autoexec.bat to another name such as autoxxx.bat -Use a low level disk editor such as Hex Workshop (www.bpsoft.com). To open up your command.com file-- the one in the Windows folder-- and search for the word autoxxx.bat -Change the C in autoexec.bat to xxx so it now reads autoxxx.bat, and save the file. This will confuse many viruses and protect your system a lot. -Lord Oak lordoak@thepoison.org ---------------------------------- /* Getting Caught */ ------------------- Please take note that this artical was not written by me (Lord Oak), but it was taken from PBBSER in www.legionoot.cc, i have FULL permission to post this artical and if you don't believe me then e-mail him yourself. The reason why i am telling you this and not just posting his name as a submitter is because this was already in a ezine and it is a policy that there has to be this "disclaimer" or warning if something has already been published. When hacking/cracking a server everyone worries about getting caught. In this article I will discuss some things that people use to not get caught and how they aren't as great as they are made out to be. First off: wingates. If you setup your own somewhere or if you can get one of a dynamic IP somewhere else they are good help in covering your track but then again how many times can you do that. Likely you find your wingates by having someone on irc send you a list OR you go to a site like cyberarmy.com that has a list. Most of the ones you get don't work or won't let you even connect so you come to rely on the ones that do. HOWEVER you probably don't know how safe it is. Maybe the wingate is logging you. Maybe if doesn't really hide your IP like it is supposed to. There are many possibilities. Ask the people you trust for wingates that they trust if you want to be safe. Also go through a couple of them even before you go into a shell to be extra safe. Thats all I have to say about wingates. Second: proxies. People think that if you connect with a proxie you are definately safe, but don't even check to see if it hides anything. Some proxies still let your IP slip through if the server asks for specific info. Sometimes the proxie doesn't hide anything at all. If you want to be sure that the proxie is working well try it on your own linux box and play around with logging cgi scripts. If you, a talented hacker (h0h0), can't find your own IP... well, ask someone who IS good to look for it. Thats all for them. Third: phf ect... Lots of people are smart enough to not run remote exploits from there own box and go through a few shells first (and wingates) but how many people go through shells before trying phf and other cgi related exploits that can be "exploited" within a webbrowser. Now say you phf a site and get the unshadowed passwd. By the time you run a password cracker on the passwd (or more time if you download it and a wordlist after) and go through a few wingates and shells before you telnet into it with your cracked root password (or other) any competant sysadmin with a decent "alarm" system will have "heard" you exploit phf. Now, if he pulls a finger or a who, he'll see YOU running root. Now of course he knows this isn't right so he boots you off and checks the logs which you didn't have time to erase. At first he sees a wingated/shelled/spoofed ip BUT then a little far up the file he sees that someone phf'd him 20 minutes before the login. 1+1=2 and he's got you kicked of your ip and possibly in worse trouble. Now I know that seems kinda far out, but you get the idea that you should use phf ONLY through shells. Fourth: thinking a dynamic IP will save you. Okay your retarded if you think that because your IP changes everytime you log on to your isp they can't find out who you are... I don't need to say anymore because you'll already be in jail if you think that. Fifth: /var/log is all you need to erase. Well on many systems, like my redhat 5.0 if you cleared those logs you probably would erase your traces BUT on many systems the logs are in a different directory and possible have doubles in other places, like a bogus user account. Thats all for that. Sixth: Calling them. Don't call a server and say "you have a security problem, I just hacked it" cause chances are they won't trust your "whitehattedness" and will be quick to the *69. Emailing isn't a great idea either unless you haven't exploited the hole OR you do it from a user account. Seventh: Leaving your handle. Fame hacks are dumb unless its a server that needs to be taken down for a good reason (i.e. kiddie porn & warez). Eighth: Bragging. This kinda goes hand & hand with #7 but bragging on irc about your hacks is not always safe. Most people on irc don't spoof there hostname/ip or go through wingates and shells first because of the major lag problems. Well any sysadmin who monitors #***** and sees you bragging could pull a /dns or /whois and have a GOOD lead on the intruder. Those are some bonafied ways to get your ass in jail. Now follow my advice and stay safe or feel the wrath of observant or even semi-competant sysadmins. Goodbye all from PBBSER. ::Posted by Lord Oak:: Written by: PBBSER http://www.legionoot.cc ---------------------------------- /* News Sites */ --------------- As many people may have been noticing, there has been a lot of underground or computer security news sites opening up. Ever since 100% Bikkel went down, i have noticed that they have been poping up everywhere. This includes www.403-security.com and www.net-security.com are some of the newer ones. More and more are opening up in wich I cannot keep up with them. I really only go to 3 of the news sites with good information. I go to www.hackernews.com to find out about the latest NEWS such as the Mitnick trial and other news. I go to www.net-security.com just to get an overveiw of what happened with some things. Then i also go to www.403-security.com to find out about the latest domain hacks. He seems to post a lot of them on there and recieves a lot of them too. Most of the time he has a mirriored site of the hack wich is always fun to look at, along with a good quanity of programs to use for various things. Here is just a note if you are thinking about opening up a news site: I wouldn't recommened it, unless you KNOW you can drive a lot traffic to your site. Most people only go to www.hackernews.com and thats about it. So just think about it... Whats the point in opening one if your going to have almost the same information as the others? Lord Oak lordoak@thepoison.org ----------------------------------