Copy Link
Add to Bookmark
Report
Antidote Vol. 01 Issue 04
ÜÜÜ ÜÜÜ Ü ÜÜÜÜÜÜ ÜÜÜÜ ÜÜÜÜ ÜÜÜ ÜÜÜÜÜÜ ÜÜÜÜÜÜ
ÛÛ ÛÛ Û ÛÜ Û Û ÛÛ Û ÛÛ Û ÛÛ ÛÛ ÛÛ Û ÛÛ Û ÛÛ
ÜÛÛÜÛÛÜ Û ÛÜÛ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ ÛÛ ÛÛÜÜ
ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ
ÛÛ ÛÛ Û Û ÛÛ ÛÛÛÛ ÛÛÛÛ ÛÛÛ ÛÛ ÛÛÛÛÛÛ
-[ Antidote ]-
----------------------------------------------------
Contents:
Introduction
News:
Melissa Virus? - Lord Oak
Submittings:
Hackers Poem - Scorchen
Front Page - Redemption
Installing Linux - Lord Oak
NT glitch - Lord Oak
Confusing Viruses - Lord Oak
Getting Caught - Lord Oak|PBBSER
News Sites - Lord Oak
----------------------------------
/* Introduction */
-----------------
Here is one more issue released of Antidote. This is #4. We have over 265 subcribers to our magazine.
But once again, knowone submitted anything.
We have been recieving e-mails about how the content is good in our magazine, but folks, we can't
keep the content good if you don't submit anything. You can submit anything that has to do with computer
security. I can't believe that none of you have ANYTHING to write about. This leaves articals open for
hacking, virus, programs, news, exploits, and more. Now your telling me that there is nothing for you
all to write about? I am having trouble comming up with things to write about, this means that if you
don't start sending in your articals that we will have to shut Antidote down due to lack of content. And
trust me, i don't want to do that.
I have been working on some really important things for Antidote, such as trying to get it printed as a
offline e-zine. This is going to cost a lot of money so i am going to try to get a job to pay for the
printing. Also, i am going to set up a voting both on how much you would pay for Antidote to have it
shipped directly to your house or wherever you want. I mean, for like each magazine, not a whole
subscription.
We really need articals and submissions so please send them in... You can send them to lordoak@thepoison.org
or duece@thepoison.org either one is fine.
-Lord Oak
lordoak@thepoison.org
----------------------------------
/* News: Melissa Virus? */
-------------------------
As many people have heard, there is a new virus going around called "Melissa". What happens is when you
download this 'virus', it will automatically take the first 50 people that are on your Address Book for
e-mailing people and it will e-mail them the virus. The subject of the mail will be something like this:
Important message from <Senders Name>
This was clever of the writer to do, to take the person's name that should be in their e-mail settings
and have them send an e-mail with the subject containing their name. Now there will be an attachment
connected to the e-mail and when you download it, it lists a bunch of porno sites, what you don't know
is that it is sending the first 50 people on your address book the same e-mail. It is just a repeating
pattern. Though, this virus doesn't do anything harmful to your computer, it could be harmful to the
mail servers because if you could imagine having 50 people downloading this, then at the same time
sending 50 more people the e-mail. It could easily crash a mail server.
The other day, the Australian government was forced to shut down their e-mail server so they wouldn't
get infected by Melissa, along with the Marine Corp's mail server.
Also, as many people have heard, the person who made this virus was a 30 year old male that had a stolen
AOL account. He was finally caught and hasn't admitted to making the virus, wich could make the trial
even harder to convict him of it. Mainly because since his AOL account was stolen, there really is no
way of proving him unless catching him in the act of being on the AOL account.
/* Hackers Poem */
-----------------
Word games and silly names
everyone thinks the're a comedian
law suit blames and some ones framed
Each law broken is a new Meridian.
If your head you keep, the better you sleep
the more you have to show
Don't get into deep, and utter not a peep
And the further you will get to go.
Blending together, always and forever
Staying true to repuations, they obliterate
No one survives the weather, CDs, disks, and tight leather
Fighting to stay in the game, they meditate and immitate.
When the price is steep, the thrill they keep
Fame is the games main objective
Buisnesses weep when a hacker has reeped
If you can't keep up, immediately intercepted.
So to remain a friend to the bitter end
One promise you are expected to keep
Always you bend and into data you'll blend
Remaining secretive, you were just a computer bleep.
Never Suspected
Never Connected
Always Expected
Always Repected
-Written by Play, Submitted by Scorchen
scorchen@cyberarmy.com
----------------------------------
/* Front Page */
---------------
Well, first of all I want to say, that this is the lamest type hack out there, but it works.
Ok, i'm going to start with explaining FrontPage, and its password file.
Frontpage takes the users passwd and puts it into a passwd file called 'service.pwd'
Why does frontpage take the users passwd and put it in service.pwd? Because frontpage ftp's
to a user's account and logs them in automatically.
Now, how to use this information for educational purposes.......
The passwd file is called service.pwd (which you already know) and is located in a directory
called '_vti_pvt'. To be sure you have access to the directory, you will have to root the server
in some sort of way, so you have access to all the folders. All you have to do is go into one
of the dir's and then to '_vti_pvt' and download service.pwd. Or, you can simply type in your
webbrowser http://www.whateveryouwant.com/_vti_pvt/service.pwd (only works with older systems).
The passwd is encrypted and will need to be cracked with a cracker. John The Ripper works good
in this case, and you will need a wordlist (I recommend 100megs or bigger). Just simply run
your cracker and there you go! Log in to the account and you have total access to the website.
Now, to make sure you know what website you are hacking, simply highlight '.htacccess' and hit
'view' from your FTP client. The purpose of '.htaccess' is to control passwords for logging
into Web servers, and it displays domain name in the file.
THIS INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY! USE AT YOUR OWN RISK!!
Yea this text was alittle patchy, and a very stupid topic, but, i promised TheDuce, that I
would do another text, so here it is.
-Redemption
redemption@sekurity-net.com
----------------------------------
/* Installing Linux */
---------------------
I have been recieving a lot of e-mails asking questions about how to set up linux on their computer.
So, i just decided to write a little text about it.
\System Requirements/
-------------------
IBM Compatible PC
8 MB of memory or "ram"
CD-Rom Drive
One or more disk Drives (40 MB or more)
3.5" Floppy disk Drive (A: drive)
These are the minimum requirements, if you run a computer with this, you might want to upgrade for
a better performance. If windows is currently on your computer, then your chances are great that
you can install linux on there too. Most of them require the same requirements.
For a typical desktop theme, you might to have ATLEAST 35MB of ram and about a 500MB hard drive.
Your processor doesn't have to be from Intel, but it does need to be a compatable PC. You'll need
a video card as well, any video card will do.
\Getting Started/
---------------
We are going to use X-Windows on the system of your choice. In order to do this, your monitor will
have to be ATLEAST 14 inches. Video adapters are are measured in the resolution, and the number of
colors it can display. You will want to set your resolution to 800x600 or more along with atleast
256 colors.
Installing Red Hat 5.2 is pretty easy. You only have 2 things or questions that you have to fill in
that might even be remotely tricky or confusing. Here are the 2 questions:
1) What kind of video hardware you have
2) What decisions how to use your disk drives
3) Wich packages you want to install
I would reccomend finding out the answers to questions 1 and 2. We will go over number 3 in this
guide. It is always/also good to know the manufacturer of who made that product and also the
model you are using. The list of things you want to know about the product will include the
fallowing question you might want to answer before installing:
The number of serial ports
What type of modem (optional), and what serial port it is connected to (ex: COM1, 2, 3)
Network Adapter
Video Card (ammount of video memory that your card can hold)
Sound Card
Monitor
Disk Drives
You should also know the fallowing about your disk drives:
IDE or SCSI interface
Wich interface your drives use
Number of drives and their storage capacity
All of these questions can be answered easily if you are currently running Windows 95, 98 or NT.
The easiest way to find out this information is to go into a icon that should be on your desktop
called "My Computer" then double click on it. A window should pop-up with a list of things that
you can click on. On the menu bar go to "View" then drag down to "Details". Now it should give
you a list of all the information you need to install Linux or Red Hat 5.2. On some computers, it
doesn't give or gather any information on your video card.
So now you will have to go back into "My Computer", and then double click on the icon that says
"Control Panel". Now, double click on "Display". Select the "Settings" tab, and then select the
"Display type" button. This should give you the information on your video card or also known as
the "Adapter" and how much memory the "Adpater" has on it.
Information about or on your modem can also be found in the control panel, except select the
icon called "Modems". Please be sure to write down the modem manufacturer, the model, and wich
port it is attached to.
If for some reason you can't drag up this information, i wouldn't worry about it to much. The
installation will probably find or figure out most of this information anyways. But it is always
good to know incase it doesn't.
\Introduction to Partitioning/
----------------------------
If you know what a disk partition is then you don't really need to read this section. But if you
don't, I would recommend reading this cause it is a big part in the instalation process.
Think of partitions like folders (well, it kinda is), on your hard drive. You have your hard drive
then you have lets say, 2 folders. You can put whatever you want in those 2 folders and organize
them any way you want to. You can put something in one folder, and have it not bother any of the
contents in the second folder. It is just a way of organizing (kinda).
A question I commonly get is that "Why can't I just make my Linux box all one partition?". Well,
there are a bunch of reasons. One reason is that you might want to make a back-up tape. The
usual or the easiest way to make a back-up tape is just to copy everything from a single partition
and not go through and copy everything you want to save. This obviously saves time and you don't
have to sit at your computer and wait for it to finish so you can select the next file. You can
just select a partion to back-up then go somewhere else.
\Setting your Partitions/
-----------------------
While you are installing Linux, it will ask you to specify the partitions that you want. Linux
requires that you make atleast 2 partitions and Red Hat requires atleast 4. You can just about
have any number over the requirement you want.
Obviously you want to set up the partitions to use up all your space on your hard drive. So,
begin making some partitions and set the size to whatever just as long as all of your partitions
equal the size of your HD. Here is an example:
If your HD is 200 MB then, you would make a partition called HDA1 and set the size to 100 MB.
Then you would want to make a HDA2 and set the partition to 100 MB. Add them both up and you get
200 MB, wich is how big your HD is.
Red Hat requires that you have 2 partitions named "Swap" and "Root".
Swap- twice the size of your computer memory, not more then 127 MB, but not less than the
ammount of memory that your computer can hold
Root- Anywhere from 50 MB to 100 MB. This is where the configuration files are stored. This
partition often contains such things as mail, news, and other misc damaens.
If for some reason the instalation proccess will not accept your software and you have it all
set right. Then go to www.redhat.org and they have a list of programs/hardware that you can use
or run to find it.
-Lord Oak
lordoak@thepoison.org
----------------------------------
/* NT Glitch */
--------------
All NT admins should be aware of this glitch considering that if you get a "hacker" in your
system comming in through this glitch, that it is NOT illegal... So someone could hack you
illegally.
This glitch doesn't work on any desktop workstation units or any NT system, in works on any
Windows 95 laptop that supports the PCMCIA manager.
Take a typical office situation to show how quickly a hacker could become and authenticated
user on a network. A sales person is writting up his latest report on a Windows 95 Laptop,
wich is logged on to the network via a networkinterface card (NIC) in the PCMCIA slot. The
user has a NT Domain user account with Systems Management Server (SMS), and has saved his
network passwords to the .PWL file. Before he wants to go out to lunch, he activates his
password-protected screensaver.
Any hacker can now gain access to the user's Domain NT account without having to hack or
even crack a passwd file. All the hacker has to do is hit ALT+CTRL+DEL two times wich will
reboot the computer then quickly turn it off while it is still trying to boot it up. But the
hacker also has to remove the PCMCIA NIC, then turn the power back on. He will then get a
message from ScanDisk that he should completely ignore telling him how he shut his computer
down wrong. Then it will tell him that the laptop has no NIC in it, and boots up a standalone
laptop.
When it's finished booting up, the hacker does a hot insert of the NIC back into the PCMCIA
slot. The PCMCIA detects the the NIC has been replaced into the computer and automatically
loads the network protocols. It also uses the .PWL file and attempts to login to the network
and starts SMS. If the network passwords were saved, the laptop is logged into the network as
that laptop's owner without any intervention or dialogs. The hacker is now that user. By using
a program such as Revelation, the hacker can quickly discover passwords stored for other resources
and programs to use in the future.
-Lord Oak
lordoak@thepoison.org
----------------------------------
/* Confusing Viruses */
----------------------
Some viruses send malicious commands to the autoexec.bat file, in wich windows executes on a
start up. A way to avoid this "virus attack" is to rename autoexec.bat to another name but
there are a couple of steps you will need to fallow in order for it to work.
-Rename autoexec.bat to another name such as autoxxx.bat
-Use a low level disk editor such as Hex Workshop (www.bpsoft.com). To open up your command.com
file-- the one in the Windows folder-- and search for the word autoxxx.bat
-Change the C in autoexec.bat to xxx so it now reads autoxxx.bat, and save the file.
This will confuse many viruses and protect your system a lot.
-Lord Oak
lordoak@thepoison.org
----------------------------------
/* Getting Caught */
-------------------
Please take note that this artical was not written by me (Lord Oak), but it was taken from
PBBSER in www.legionoot.cc, i have FULL permission to post this artical and if you don't believe
me then e-mail him yourself.
The reason why i am telling you this and not just posting his name as a submitter is because
this was already in a ezine and it is a policy that there has to be this "disclaimer" or
warning if something has already been published.
When hacking/cracking a server everyone worries about getting caught.
In this article I will discuss some things that people use to not get caught
and how they aren't as great as they are made out to be.
First off: wingates. If you setup your own somewhere or if you can
get one of a dynamic IP somewhere else they are good help in covering your
track but then again how many times can you do that. Likely you find your
wingates by having someone on irc send you a list OR you go to a site like
cyberarmy.com that has a list. Most of the ones you get don't work or won't
let you even connect so you come to rely on the ones that do. HOWEVER you
probably don't know how safe it is. Maybe the wingate is logging you. Maybe
if doesn't really hide your IP like it is supposed to. There are many
possibilities. Ask the people you trust for wingates that they trust if you
want to be safe. Also go through a couple of them even before you go into a
shell to be extra safe. Thats all I have to say about wingates.
Second: proxies. People think that if you connect with a proxie you
are definately safe, but don't even check to see if it hides anything. Some
proxies still let your IP slip through if the server asks for specific info.
Sometimes the proxie doesn't hide anything at all. If you want to be sure
that the proxie is working well try it on your own linux box and play around
with logging cgi scripts. If you, a talented hacker (h0h0), can't find your
own IP... well, ask someone who IS good to look for it. Thats all for them.
Third: phf ect... Lots of people are smart enough to not run remote
exploits from there own box and go through a few shells first (and wingates)
but how many people go through shells before trying phf and other cgi related
exploits that can be "exploited" within a webbrowser. Now say you phf a site
and get the unshadowed passwd. By the time you run a password cracker on the
passwd (or more time if you download it and a wordlist after) and go through
a few wingates and shells before you telnet into it with your cracked root
password (or other) any competant sysadmin with a decent "alarm" system will
have "heard" you exploit phf. Now, if he pulls a finger or a who, he'll see
YOU running root. Now of course he knows this isn't right so he boots you
off and checks the logs which you didn't have time to erase. At first he
sees a wingated/shelled/spoofed ip BUT then a little far up the file he sees
that someone phf'd him 20 minutes before the login. 1+1=2 and he's got you
kicked of your ip and possibly in worse trouble. Now I know that seems kinda
far out, but you get the idea that you should use phf ONLY through shells.
Fourth: thinking a dynamic IP will save you. Okay your retarded if
you think that because your IP changes everytime you log on to your isp they
can't find out who you are... I don't need to say anymore because you'll
already be in jail if you think that.
Fifth: /var/log is all you need to erase. Well on many systems, like
my redhat 5.0 if you cleared those logs you probably would erase your traces
BUT on many systems the logs are in a different directory and possible have
doubles in other places, like a bogus user account. Thats all for that.
Sixth: Calling them. Don't call a server and say "you have a
security problem, I just hacked it" cause chances are they won't trust your
"whitehattedness" and will be quick to the *69. Emailing isn't a great idea
either unless you haven't exploited the hole OR you do it from a user account.
Seventh: Leaving your handle. Fame hacks are dumb unless its a server
that needs to be taken down for a good reason (i.e. kiddie porn & warez).
Eighth: Bragging. This kinda goes hand & hand with #7 but bragging
on irc about your hacks is not always safe. Most people on irc don't spoof
there hostname/ip or go through wingates and shells first because of the
major lag problems. Well any sysadmin who monitors #***** and sees you
bragging could pull a /dns or /whois and have a GOOD lead on the intruder.
Those are some bonafied ways to get your ass in jail. Now follow my
advice and stay safe or feel the wrath of observant or even semi-competant
sysadmins. Goodbye all from PBBSER.
::Posted by Lord Oak::
Written by: PBBSER
http://www.legionoot.cc
----------------------------------
/* News Sites */
---------------
As many people may have been noticing, there has been a lot of underground or computer
security news sites opening up. Ever since 100% Bikkel went down, i have noticed that
they have been poping up everywhere. This includes www.403-security.com and
www.net-security.com are some of the newer ones. More and more are opening up in wich
I cannot keep up with them. I really only go to 3 of the news sites with good information.
I go to www.hackernews.com to find out about the latest NEWS such as the Mitnick trial and
other news. I go to www.net-security.com just to get an overveiw of what happened with
some things. Then i also go to www.403-security.com to find out about the latest domain
hacks. He seems to post a lot of them on there and recieves a lot of them too. Most of
the time he has a mirriored site of the hack wich is always fun to look at, along with
a good quanity of programs to use for various things. Here is just a note if you are
thinking about opening up a news site: I wouldn't recommened it, unless you KNOW you can
drive a lot traffic to your site. Most people only go to www.hackernews.com and thats
about it. So just think about it... Whats the point in opening one if your going to have
almost the same information as the others?
Lord Oak
lordoak@thepoison.org
----------------------------------
