Tuesday, February 26, 2008

Goolag buzz

is all over the place, and i have no idea why. All this thing does is scan using dorks, WOW! The person that made it even put all that fancy crap in it cuz they knew it was nothing to get worked up about, but like everything that cDc puts out ppl had high expectations for this release so that had to make up with the pretty iface and some talking bitch. Dont get me wrong i have lots of love for cDc and the ground breaking work that have done in the past but im just not feeling them on this one. I have seen dork scanners that run faster and use less resources then Goolag, but because this is a cDc release it got top story on many sites. I am sure however that cDc's next release will make up for this.

Saturday, February 23, 2008

Mythbuntu, Linksys NAS200 hack

Well ok its not really a hack but more of a work around. I just got a Linksys NAS200 with 2 500gb sata hdds, and i wanted to mount one of the HDDs to my mythbuntu box but for some odd reason you cant mount shares that have spaces in the names. So you make a new folder in PUBLIC DISK # called public. Make sure all the stuff you want to mount is in that share, then make a new share dir using the NAS Admin web interface called disk# and point it to /Disk 1/public make sure you set the access privs you want for the share. I used the PUBLIC DISK dir in this example because its the one i use to share all files to all clients on the network with and you dont need a p/w to access. If you dont have the Linksys NAS200 im sure you have no idea what im talking about but if you do then i hope this can help you out if your trying to mount the NAS200 shares

Thursday, February 21, 2008

So easy even winblows can do it

One way to make your windows box a little more hacker friendly is to have it run perl, many good hacker programs are coded in perl and im sure at one point or another you have come a across a program or two you wanted but thought perl = linux, and this just isnt true. Goto Activestate and find the Downloads section or something close to it and find the package called Activeperl. Active perl is %100 free and a easy setup, even a kid could do this one, just let it install using the defaults that pick for you. I know some of you dont like hearing that but to make sure path environment variable is set correctly i suggest you do it that way. Now once you have Activeperl installed and you have a perl program "lets call it run.pl" you want to run just open a command prompt goto the dir of the perl program and type "perl run.pl" and poof you running perl programs just like in linux, just like a hacker LOL. it should look something like

c:\download>perl run.pl

Tuesday, February 19, 2008

AHG2 hit 200!!!

A Hackers Gadget 2.0 reached 200 downloaded the other day!!! Im happy to see so many people are getting a use of my hard work, now i just need you guys to start clicking the ads in it, vote for me and maybe donate a few pennies via paypal. Thank you all for you support.

Sunday, February 10, 2008

A Hackers Gadget 2

A Hackers Gadget 2 is done and ready for download. AHG2 comes packed with many new functions which include a Mail bomber called Mail p00per, local WiFi info button that displays all your wifi/ipv4/ipv6 information. You can keep up on the latest hacker news around the world with the hacker news button scripting provided by Pen and NewToolkit.com. Another new function is the random password generator to give you fast strong reliable passwords with just a few clicks and one key stroke. AHG's most popular function, the HTTP forager, now has Tor network support!!! Main gadget graphix done by ming5 of mingming5.com. Be sure to open the settings window.


Friday, February 8, 2008

Useful Linux commands

This is in no way a complete list of Linux commands, but beginners should find this list very helpful, I would recommend doing a info or man on any of the commands from this list that you use to get a better understanding of what it can do. If you have anything you think should be in this list feel free to email me.

ls :: list files in dir

ls -a :: list all files + hidden in dir

df :: shows free disk space

pwd :: tells you what dir you are in

find [FILE]:: Search for file

ps :: lists running programs and PID

cat [FILE] :: Read a text file

kill [PID] :: Kill the program with what ever PID you input

[FILE] | grep [WORD]:: Searches a file for a string or word

less [FILE] :: to read files that have more then one or two pages.

pico [FILE] :: text editor

rm -rf [DIR] :: deletes dir and all contents

tail [FILE] :: allows you to see the last few lines of a file w/o opening any programs like pico or cat

tar -zxvf [FILE].tar.gz :: untars a .tar.gz file

ifconfig :: shows network info like IP and such

ncftp :: nice FTP client

wget :: Use this to download files over protocols other then FTP

last :: shows a list of last logged in users

shutdown now :: puts the box in maintenance mode

shutdown -r now :: restarts the box

uptime :: shows you how long the system has been running

chmod [MOD] [FILE] :: change file privs

/usr/bin/gpasswd -a [USER] [GROUP] :: assigns USER to GROUP

chown [USER]:[GROUP] [FILE] :: change owner ship of file by user or group

groups [USER] :: shows what groups USER belongs to

su :: become root until exit

su- :: become root till exit and read root's environment settings

usermod -G [GROUP1],[GROUP2] [USER] :: Assign groups to a user

Sunday, February 3, 2008

p@$sw0rd Crack1n6

Cracking passwords is one attack vector that can work %100 with time being the only restraint. If trying to crack a pw on a well prepared system/app you may very well die before you ever see even one success, still it can be done. We will look at two kinds of password cracking, they are very vague so this is in no way will cover all there is to know about cracking passwords. I encourage you to ask google about cracking passwords, password crackers and brute force. In fact I suggest you use google to expand your knowledge of all the other topics that are covered here and ones to come. Ok anyway, so the “two kinds” of cracking we are going to look at are cracking of some kind of encryption protected key that we have access to. Such as liunx's passwd file or winblows SAM file. The other is cracking some kind of network service, device, or web cracking such as a forum login. The first is the kind of cracking I would call the easiest and fastest of the two. Something they both have in common is they both involve the same basic method or idea. They both use a word list known as a dictionary attack or brute force attack. Cracking something like the linux passwd file that isnt shadowed “ask google” you would use a program like Jack The Ripper that takes a word from your word list or string from the BF function “that comes as part of most crackers” encrypts it and see if it matches the encrypted key it does this until it finds a match. So now you would then have to make up your mind, to use word lists or to brute force. The main advantage of using word lists is that most ppl use human readable password making words lists more practical over using a brute force that may break the same password but could take days to finely get to that right combo of letters where as a word list could do it in just a few hours if you get really luck even after using just a few word lists. You can find word lists that cover every subject you could think of from words in Moby Dick to first and last names most common to the US or where ever. A good brute force program will have a built in function that generates the keys on demand some rip offs have you make a list that has stings with every possible combo of letters and what not then run it with the cracker. While it works kinda like a brute force it really is a dictionary attack. Now to attack a network service, device, or web cracking such as a forum login you will still be using a word list or a BF method but the encryption step is replaced with a connection to the server trying the user name and password the cracker program gets from the word list or BF function. Now that we are trying to “crack” a password from a remote location it can get really tricky, most places have all kinds of countermeasures to password crackers. Some places only allow so many attempts per some length of time for each account or IP. Others use CAPTCHAs after so many failed attempts then lock the accounts for a length of time. Thats the two main cracking types and the two basic methods used by both. Hope this helps.