commit 92ece5a6979051de98a554cbce4fbb1a15b7bc41 Author: jdg Date: Sun Sep 12 22:56:07 2021 +0200 First commit 20/05/2001 diff --git a/Cracking/App/Mailers/BOMB.EXE b/Cracking/App/Mailers/BOMB.EXE new file mode 100644 index 0000000..9f779cb Binary files /dev/null and b/Cracking/App/Mailers/BOMB.EXE differ diff --git a/Cracking/App/Mailers/KABOOM/KABOOM!3.GID b/Cracking/App/Mailers/KABOOM/KABOOM!3.GID new file mode 100644 index 0000000..fabb361 Binary files /dev/null and b/Cracking/App/Mailers/KABOOM/KABOOM!3.GID differ diff --git a/Cracking/App/Mailers/KABOOM/KABOOM!3.HLP b/Cracking/App/Mailers/KABOOM/KABOOM!3.HLP new file mode 100644 index 0000000..efb6d12 Binary files /dev/null and b/Cracking/App/Mailers/KABOOM/KABOOM!3.HLP differ diff --git a/Cracking/App/Mailers/KABOOM/README.1ST b/Cracking/App/Mailers/KABOOM/README.1ST new file mode 100644 index 0000000..06df4b5 --- /dev/null +++ b/Cracking/App/Mailers/KABOOM/README.1ST @@ -0,0 +1,20 @@ ++-------------------------------------------------+ +| | +| Downloading Message 1 of 100,000,000... | +| __________________________________ | +| |__________________________________| | +| | ++-------------------------------------------------+ + + +Well, this is KaBoom! v3.0, *the* mail bomber for Windows 3.x and Win95. Mail me if you have winsock problems/ideas/advice/gripes/et al. I'm at messiah@dcalcoda.com, messiah@pancreas.com, or dover@pestweb.com. + +What's New: +* perpetual send +* counters +* 62 different anonymous servers (thanks Frogg) +* customizationalability +* cool "about" stuff +Various bugs fixed. + +Long live The Alliance! Huzah! Huzah! \ No newline at end of file diff --git a/Cracking/App/Mailers/KABOOM/WSERR.DLL b/Cracking/App/Mailers/KABOOM/WSERR.DLL new file mode 100644 index 0000000..85796eb Binary files /dev/null and b/Cracking/App/Mailers/KABOOM/WSERR.DLL differ diff --git a/Cracking/App/PswdHack/Bios/!BIOS310.ZIP b/Cracking/App/PswdHack/Bios/!BIOS310.ZIP new file mode 100644 index 0000000..7ec6f2b Binary files /dev/null and b/Cracking/App/PswdHack/Bios/!BIOS310.ZIP differ diff --git a/Cracking/App/PswdHack/Bios/A86.ZIP b/Cracking/App/PswdHack/Bios/A86.ZIP new file mode 100644 index 0000000..a39cbc9 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/A86.ZIP differ diff --git a/Cracking/App/PswdHack/Bios/BIO.zip b/Cracking/App/PswdHack/Bios/BIO.zip new file mode 100644 index 0000000..7346f03 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/BIO.zip differ diff --git a/Cracking/App/PswdHack/Bios/BIOS.zip.pgp b/Cracking/App/PswdHack/Bios/BIOS.zip.pgp new file mode 100644 index 0000000..cec23a6 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/BIOS.zip.pgp differ diff --git a/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/BIOS310.EXE b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/BIOS310.EXE new file mode 100644 index 0000000..d1a3f2e Binary files /dev/null and b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/BIOS310.EXE differ diff --git a/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/BIOSLOGO.SCX b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/BIOSLOGO.SCX new file mode 100644 index 0000000..789a706 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/BIOSLOGO.SCX differ diff --git a/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/FILE_ID.11A b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/FILE_ID.11A new file mode 100644 index 0000000..09d3b85 --- /dev/null +++ b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/FILE_ID.11A @@ -0,0 +1,3 @@ +These files were downloaded from the Eleventh Alliance site +http://home1.swipnet.se/~w-12707/11A/ +http://11a.home.ml.org \ No newline at end of file diff --git a/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/FILE_ID.DIZ b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/FILE_ID.DIZ new file mode 100644 index 0000000..4799851 --- /dev/null +++ b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/FILE_ID.DIZ @@ -0,0 +1,17 @@ +- Eleventh Alliance's !Bios v 3.10b - +[==[*]=={ 11a.home.ml.org }==[*]==] +%-> released february -98 <-% +[===] The Ultimate Bios Utility [===] + +-> Bios/Setup Passwords crackers +-> AMI crackers (three of them) +-> IBM (PS2, Aptiva etc) cracker +-> Award 4.5x cracker (user/admin) ++> Award 4.5x masterpwd cracker +-> Four CMOS wipe/reset procedures +-> Save or Restore CMOS ++> Dump PC-ROM to disk +-> Source: ASM, C, PAS, Debug +-> How to wipe/reset using Copy +-> How to wipe/reset using Debug +-> Tips, tricks and passwords! diff --git a/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/LASTNOTE.TXT b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/LASTNOTE.TXT new file mode 100644 index 0000000..a9f7799 --- /dev/null +++ b/Cracking/App/PswdHack/Bios/IBM-Awd-Ami/LASTNOTE.TXT @@ -0,0 +1,2 @@ +Keep BIOSLOGO.SCX in the same directory as !BIOS if you like to see +the logo. Otherwise delete, move or rename the file. diff --git a/Cracking/App/PswdHack/Bios/killcmos.zip b/Cracking/App/PswdHack/Bios/killcmos.zip new file mode 100644 index 0000000..c79f157 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/killcmos.zip differ diff --git a/Cracking/App/PswdHack/Bios/passAmi/FILE_ID.DIZ b/Cracking/App/PswdHack/Bios/passAmi/FILE_ID.DIZ new file mode 100644 index 0000000..56913d2 --- /dev/null +++ b/Cracking/App/PswdHack/Bios/passAmi/FILE_ID.DIZ @@ -0,0 +1 @@ +Shows BIOS password diff --git a/Cracking/App/PswdHack/Bios/passAmi/PASS.ASM b/Cracking/App/PswdHack/Bios/passAmi/PASS.ASM new file mode 100644 index 0000000..9bcbb33 --- /dev/null +++ b/Cracking/App/PswdHack/Bios/passAmi/PASS.ASM @@ -0,0 +1,59 @@ +; PASS.COM +; Compile tasm pass.asm +; tlink /t pass.obj + +.286 +CODE SEGMENT +ASSUME CS:CODE +ORG 100H +MAIN: + MOV AL,37H + XOR DI,DI + MOV DX,71H +E1: + OUT 70H,AL + INSB + INC AL + CMP AL,3EH + JB E1 + AND BYTE PTR DS:[0000H],0F0H + XOR DI,DI + + +E0: + XOR CX,CX + MOV AL,DS:[DI] + MOV AH,DS:[DI+1] + + CMP AH,0 + JE KONIEC + +DECOD: + TEST AL,0C3H + JP DALEJ + STC +DALEJ: RCR AL,1 + INC CX + CMP AL,AH + JNE DECOD + CALL WRITE + + INC DI + CMP DI,6 + JB E0 + + +KONIEC: MOV AX,4C00H + INT 21H + + +WRITE PROC + MOV AH,0EH + MOV AL,CL + MOV BX,0007H + INT 10H +RET +ENDP + +CODE ENDS +END MAIN diff --git a/Cracking/App/PswdHack/Bios/passAmi/PASS.COM b/Cracking/App/PswdHack/Bios/passAmi/PASS.COM new file mode 100644 index 0000000..db14bff Binary files /dev/null and b/Cracking/App/PswdHack/Bios/passAmi/PASS.COM differ diff --git a/Cracking/App/PswdHack/Bios/passAmi/ami.zip b/Cracking/App/PswdHack/Bios/passAmi/ami.zip new file mode 100644 index 0000000..f17aad5 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/passAmi/ami.zip differ diff --git a/Cracking/App/PswdHack/Bios/passAmi/amidecod.zip b/Cracking/App/PswdHack/Bios/passAmi/amidecod.zip new file mode 100644 index 0000000..44e291e Binary files /dev/null and b/Cracking/App/PswdHack/Bios/passAmi/amidecod.zip differ diff --git a/Cracking/App/PswdHack/Bios/passAmi/amipswd.com b/Cracking/App/PswdHack/Bios/passAmi/amipswd.com new file mode 100644 index 0000000..4f422d8 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/passAmi/amipswd.com differ diff --git a/Cracking/App/PswdHack/Bios/passAward/aw.zip b/Cracking/App/PswdHack/Bios/passAward/aw.zip new file mode 100644 index 0000000..7eba059 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/passAward/aw.zip differ diff --git a/Cracking/App/PswdHack/Bios/rpass26.zip b/Cracking/App/PswdHack/Bios/rpass26.zip new file mode 100644 index 0000000..1311997 Binary files /dev/null and b/Cracking/App/PswdHack/Bios/rpass26.zip differ diff --git a/Cracking/App/PswdHack/KeyLog's/keycopy.zip b/Cracking/App/PswdHack/KeyLog's/keycopy.zip new file mode 100644 index 0000000..cd7a69b Binary files /dev/null and b/Cracking/App/PswdHack/KeyLog's/keycopy.zip differ diff --git a/Cracking/App/PswdHack/KeyLog's/keylog2.zip b/Cracking/App/PswdHack/KeyLog's/keylog2.zip new file mode 100644 index 0000000..acef28c Binary files /dev/null and b/Cracking/App/PswdHack/KeyLog's/keylog2.zip differ diff --git a/Cracking/App/PswdHack/KeyLog's/keylog95.zip b/Cracking/App/PswdHack/KeyLog's/keylog95.zip new file mode 100644 index 0000000..a290250 Binary files /dev/null and b/Cracking/App/PswdHack/KeyLog's/keylog95.zip differ diff --git a/Cracking/App/PswdHack/KeyLog's/winlogon.zip b/Cracking/App/PswdHack/KeyLog's/winlogon.zip new file mode 100644 index 0000000..8c978e2 Binary files /dev/null and b/Cracking/App/PswdHack/KeyLog's/winlogon.zip differ diff --git a/Cracking/App/PswdHack/Qb32setup (QuickBook-QuickKen).exe b/Cracking/App/PswdHack/Qb32setup (QuickBook-QuickKen).exe new file mode 100644 index 0000000..8d32001 Binary files /dev/null and b/Cracking/App/PswdHack/Qb32setup (QuickBook-QuickKen).exe differ diff --git a/Cracking/App/PswdHack/WD32setup (MS Word).exe b/Cracking/App/PswdHack/WD32setup (MS Word).exe new file mode 100644 index 0000000..b900229 Binary files /dev/null and b/Cracking/App/PswdHack/WD32setup (MS Word).exe differ diff --git a/Cracking/App/PswdHack/Win95/keygen.zip b/Cracking/App/PswdHack/Win95/keygen.zip new file mode 100644 index 0000000..34e7e46 Binary files /dev/null and b/Cracking/App/PswdHack/Win95/keygen.zip differ diff --git a/Cracking/App/PswdHack/Win95/pwltool.zip b/Cracking/App/PswdHack/Win95/pwltool.zip new file mode 100644 index 0000000..bc4dc32 Binary files /dev/null and b/Cracking/App/PswdHack/Win95/pwltool.zip differ diff --git a/Cracking/App/PswdHack/Win95/pwlview.zip b/Cracking/App/PswdHack/Win95/pwlview.zip new file mode 100644 index 0000000..f39e9e1 Binary files /dev/null and b/Cracking/App/PswdHack/Win95/pwlview.zip differ diff --git a/Cracking/App/PswdHack/Win95/win95.zip b/Cracking/App/PswdHack/Win95/win95.zip new file mode 100644 index 0000000..33f3634 Binary files /dev/null and b/Cracking/App/PswdHack/Win95/win95.zip differ diff --git a/Cracking/App/PswdHack/Win95/winpass.zip b/Cracking/App/PswdHack/Win95/winpass.zip new file mode 100644 index 0000000..365e1ef Binary files /dev/null and b/Cracking/App/PswdHack/Win95/winpass.zip differ diff --git a/Cracking/App/PswdHack/acsetup (Access).exe b/Cracking/App/PswdHack/acsetup (Access).exe new file mode 100644 index 0000000..58d63e5 Binary files /dev/null and b/Cracking/App/PswdHack/acsetup (Access).exe differ diff --git a/Cracking/App/PswdHack/crakcr (CrackSure).exe b/Cracking/App/PswdHack/crakcr (CrackSure).exe new file mode 100644 index 0000000..40b899e Binary files /dev/null and b/Cracking/App/PswdHack/crakcr (CrackSure).exe differ diff --git a/Cracking/App/PswdHack/craksr (Login PCrack).exe b/Cracking/App/PswdHack/craksr (Login PCrack).exe new file mode 100644 index 0000000..57821ee Binary files /dev/null and b/Cracking/App/PswdHack/craksr (Login PCrack).exe differ diff --git a/Cracking/App/PswdHack/desencriptador.exe b/Cracking/App/PswdHack/desencriptador.exe new file mode 100644 index 0000000..f74efbf Binary files /dev/null and b/Cracking/App/PswdHack/desencriptador.exe differ diff --git a/Cracking/App/PswdHack/e32setup.exe.htm b/Cracking/App/PswdHack/e32setup.exe.htm new file mode 100644 index 0000000..ff4d0a3 --- /dev/null +++ b/Cracking/App/PswdHack/e32setup.exe.htm @@ -0,0 +1,3 @@ +Socket Error +

Socket Error

Connection to Remote Host timed out + diff --git a/Cracking/App/PswdHack/lo3setup (Lotus 123).exe b/Cracking/App/PswdHack/lo3setup (Lotus 123).exe new file mode 100644 index 0000000..1b78550 Binary files /dev/null and b/Cracking/App/PswdHack/lo3setup (Lotus 123).exe differ diff --git a/Cracking/App/PswdHack/msopswdm.exe b/Cracking/App/PswdHack/msopswdm.exe new file mode 100644 index 0000000..5c9c493 Binary files /dev/null and b/Cracking/App/PswdHack/msopswdm.exe differ diff --git a/Cracking/App/PswdHack/mysetup (MS Money).exe b/Cracking/App/PswdHack/mysetup (MS Money).exe new file mode 100644 index 0000000..82630f0 Binary files /dev/null and b/Cracking/App/PswdHack/mysetup (MS Money).exe differ diff --git a/Cracking/App/PswdHack/qb3setup.exe b/Cracking/App/PswdHack/qb3setup.exe new file mode 100644 index 0000000..4891031 Binary files /dev/null and b/Cracking/App/PswdHack/qb3setup.exe differ diff --git a/Cracking/App/PswdHack/qp3setup.exe b/Cracking/App/PswdHack/qp3setup.exe new file mode 100644 index 0000000..2eb9823 Binary files /dev/null and b/Cracking/App/PswdHack/qp3setup.exe differ diff --git a/Cracking/App/PswdHack/wd3setup (Ms Word).exe b/Cracking/App/PswdHack/wd3setup (Ms Word).exe new file mode 100644 index 0000000..82ffe11 Binary files /dev/null and b/Cracking/App/PswdHack/wd3setup (Ms Word).exe differ diff --git a/Cracking/App/PswdHack/wpcrak.zip b/Cracking/App/PswdHack/wpcrak.zip new file mode 100644 index 0000000..8757ecb Binary files /dev/null and b/Cracking/App/PswdHack/wpcrak.zip differ diff --git a/Desktop.ini b/Desktop.ini new file mode 100644 index 0000000..0680e61 --- /dev/null +++ b/Desktop.ini @@ -0,0 +1,14 @@ +[ExtShellFolderViews] +{5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262} +{BE098140-A513-11D0-A3A4-00C04FD706EC}={BE098140-A513-11D0-A3A4-00C04FD706EC} + +[{5984FFE0-28D4-11CF-AE66-08002B2E1262}] +PersistMoniker=file://Folder.htt + +[.ShellClassInfo] +ConfirmFileOp=0 + +[{BE098140-A513-11D0-A3A4-00C04FD706EC}] +IconArea_Text=0x0000FFFF +Attributes=1 +IconArea_Image=E:\JDnet\menuHTML\images\negro.bmp diff --git a/Folder.htt b/Folder.htt new file mode 100644 index 0000000..8a7e51a --- /dev/null +++ b/Folder.htt @@ -0,0 +1,347 @@ + + + + + + + + + + + + + + + + + + + + + + + +

+ + + +
+ +

+ + + +

+ + %THISDIRNAME% + + +

+ + +

+ + + + + + +

+ + + + +

+ +

+ +

+
+ +
+ + + + + + + + + + diff --git a/Hacking/App/Troyanos/NetBus/Hosts.txt b/Hacking/App/Troyanos/NetBus/Hosts.txt new file mode 100644 index 0000000..ae5128c --- /dev/null +++ b/Hacking/App/Troyanos/NetBus/Hosts.txt @@ -0,0 +1,4 @@ +212.79.129.88 +62.82.144.208 +62.82.82.6 +localhost diff --git a/Hacking/App/Troyanos/NetBus/NetBus.rtf b/Hacking/App/Troyanos/NetBus/NetBus.rtf new file mode 100644 index 0000000..936e701 --- /dev/null +++ b/Hacking/App/Troyanos/NetBus/NetBus.rtf @@ -0,0 +1,173 @@ +{\rtf1\ansi\ansicpg1252\uc1 \deff0\deflang1033\deflangfe1053{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f3\froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;} +{\f14\fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f16\froman\fcharset238\fprq2 Times New Roman CE;}{\f17\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f19\froman\fcharset161\fprq2 Times New Roman Greek;} +{\f20\froman\fcharset162\fprq2 Times New Roman Tur;}{\f21\froman\fcharset186\fprq2 Times New Roman Baltic;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0; +\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{ +\nowidctlpar\widctlpar\adjustright \fs20\lang1053\cgrid \snext0 Normal;}{\s1\sl240\slmult0\keepn\nowidctlpar\outlinelevel0\adjustright \b\ul\lang1053\cgrid \sbasedon0 \snext0 heading 1;}{\s2\qc\sl240\slmult0\keepn\nowidctlpar\outlinelevel1\adjustright +\b\lang1053\cgrid \sbasedon0 \snext0 heading 2;}{\s3\qc\sl240\slmult0\keepn\nowidctlpar\outlinelevel2\adjustright \lang1053\cgrid \sbasedon0 \snext0 heading 3;}{\*\cs10 \additive Default Paragraph Font;}{\s15\nowidctlpar\widctlpar\adjustright +\lang1053\cgrid \sbasedon0 \snext15 Body Text;}}{\*\listtable{\list\listtemplateid-1\listsimple{\listlevel\levelnfc0\leveljc0\levelfollow0\levelstartat0\levelspace0\levelindent0{\leveltext\'01*;}{\levelnumbers;}}{\listname ;}\listid-2} +{\list\listtemplateid-1\listsimple{\listlevel\levelnfc23\leveljc0\levelfollow0\levelstartat1\levelold\levelspace0\levelindent283{\leveltext\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-283\li283 }{\listname ;}\listid233204519}{\list\listtemplateid69009409 +\listsimple{\listlevel\levelnfc23\leveljc0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li360\jclisttab\tx360 }{\listname ;}\listid591279186}{\list\listtemplateid69009423\listsimple +{\listlevel\levelnfc0\leveljc0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'02\'00.;}{\levelnumbers\'01;}\fi-360\li360\jclisttab\tx360 }{\listname ;}\listid1383754442}{\list\listtemplateid69009409\listsimple{\listlevel\levelnfc23 +\leveljc0\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li360\jclisttab\tx360 }{\listname ;}\listid1431774541}{\list\listtemplateid69009409\listsimple{\listlevel\levelnfc23\leveljc0 +\levelfollow0\levelstartat1\levelspace0\levelindent0{\leveltext\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li360\jclisttab\tx360 }{\listname ;}\listid1496267634}{\list\listtemplateid69009409\listsimple{\listlevel\levelnfc23\leveljc0\levelfollow0 +\levelstartat1\levelspace0\levelindent0{\leveltext\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-360\li360\jclisttab\tx360 }{\listname ;}\listid1549881512}{\list\listtemplateid1031170500\listsimple{\listlevel\levelnfc0\leveljc0\levelfollow0\levelstartat1 +\levelold\levelspace0\levelindent283{\leveltext\'02\'00.;}{\levelnumbers\'01;}\fi-283\li283 }{\listname ;}\listid2034379552}}{\*\listoverridetable{\listoverride\listid-2\listoverridecount1{\lfolevel\listoverrideformat{\listlevel\levelnfc23\leveljc0 +\levelfollow0\levelstartat1\levelold\levelspace0\levelindent283{\leveltext\'01\u-3913 ?;}{\levelnumbers;}\f3\fbias0 \fi-283\li283 }}\ls1}{\listoverride\listid2034379552\listoverridecount0\ls2}{\listoverride\listid2034379552\listoverridecount1{\lfolevel +\listoverrideformat{\listlevel\levelnfc0\leveljc0\levelfollow0\levelstartat1\levelold\levelspace0\levelindent283{\leveltext\'02\'00.;}{\levelnumbers\'01;}\fi-283\li283 }}\ls3}{\listoverride\listid2034379552\listoverridecount1{\lfolevel\listoverrideformat +{\listlevel\levelnfc0\leveljc0\levelfollow0\levelstartat1\levelold\levelspace0\levelindent283{\leveltext\'02\'00.;}{\levelnumbers\'01;}\fi-283\li283 }}\ls4}{\listoverride\listid2034379552\listoverridecount1{\lfolevel\listoverrideformat{\listlevel +\levelnfc0\leveljc0\levelfollow0\levelstartat1\levelold\levelspace0\levelindent283{\leveltext\'02\'00.;}{\levelnumbers\'01;}\fi-283\li283 }}\ls5}{\listoverride\listid1383754442\listoverridecount0\ls6}{\listoverride\listid1549881512\listoverridecount0\ls7} +{\listoverride\listid591279186\listoverridecount0\ls8}{\listoverride\listid1496267634\listoverridecount0\ls9}{\listoverride\listid1431774541\listoverridecount0\ls10}{\listoverride\listid233204519\listoverridecount0\ls11}}{\info{\title NetBus v} +{\author Carl-Fredrik Neikter}{\operator Carl-Fredrik Neikter}{\creatim\yr1998\mo4\dy7\hr19\min19}{\revtim\yr1998\mo8\dy23\hr1\min8}{\version320}{\edmins178}{\nofpages3}{\nofwords1014}{\nofchars5785}{\*\company }{\nofcharsws0}{\vern73}} +\paperw11906\paperh16838\margl1417\margr1417\margt1417\margb1417 \deftab1304\widowctrl\ftnbj\aenddoc\hyphhotz425\lytprtmet\hyphcaps0\formshade\viewkind4\viewscale100\pgbrdrhead\pgbrdrfoot \fet0\sectd +\linex0\headery709\footery709\colsx709\endnhere\sectdefaultcl {\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl4 +\pnlcltr\pnstart1\pnindent720\pnhang{\pntxta )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (} +{\pntxta )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}\pard\plain \sl240\slmult0\nowidctlpar\adjustright \fs20\lang1053\cgrid {\ul +\par }{ +\par +\par +\par }\pard \qc\sl240\slmult0\nowidctlpar\adjustright {\fs28 NetBus v.1.60}{\fs24 +\par Copyright 1998 \'a9 Carl-Fredrik Neikter +\par }\pard\plain \s3\qc\sl240\slmult0\keepn\nowidctlpar\outlinelevel2\adjustright \lang1053\cgrid {All Rights Reserved +\par }\pard\plain \sl240\slmult0\nowidctlpar\adjustright \fs20\lang1053\cgrid { +\par +\par +\par +\par }{\b\fs24\ul Description}{\b\fs24 +\par }\pard \nowidctlpar\widctlpar\adjustright {\fs24 The program can be used as an remote administration tool +, or more likely, just to have some fun with your friends on your local network, or even over the global internet (should not be used to systematic irritate people). +\par +\par }{\b\fs24\ul Installation}{\fs24 +\par NetBus consists of a server and a client-part. The server-part is the program which must exists on the person\rquote s computer that you want to have fun with. The client-part is your little, nice program that \'94controls\'94 the target computer! +\par +\par {\pntext\pard\plain\cgrid \hich\af0\dbch\af0\loch\f0 1.\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlbody\ilvl0\ls2\pnrnot0\pndec\pnstart1\pnindent283\pnhang{\pntxta .}}\ls2\adjustright {\fs24 +Put the NetBus server, Patch.exe (which can be renamed), anywhere on the target computer and run it. By default it installs itself in the system, so it starts automatically every time Windows starts. +\par {\pntext\pard\plain\cgrid \hich\af0\dbch\af0\loch\f0 2.\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlbody\ilvl0\ls4\pnrnot0\pndec\pnstart1\pnindent283\pnhang{\pntxta .}}\ls4\adjustright {\fs24 +Put the NetBus client, NetBus.exe, on your computer. +\par {\pntext\pard\plain\cgrid \hich\af0\dbch\af0\loch\f0 3.\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlbody\ilvl0\ls5\pnrnot0\pndec\pnstart1\pnindent283\pnhang{\pntxta .}}\ls5\adjustright {\fs24 +Start NetBus and choose which hostname (or IP-number) you wish to connect to! If Patch is running on the target computer you will able to connect. }{\i\fs24 Let\rquote s have fun!}{\fs24 +\par }\pard \nowidctlpar\widctlpar\adjustright {\fs24 +\par }{\i\fs24 Note}{\fs24 that you don\rquote t see Patch when it\rquote s running \endash it\rquote s hiding itself automatically at start-up! +\par +\par }\pard\plain \s15\nowidctlpar\widctlpar\adjustright \lang1053\cgrid {TCP/IP is the protocol that NetBus and Patch is using. That is, you address someone with host-names or IP-numbers. NetBus will connect you to someone with the Connect button. +\par +\par }{\b\ul Advanced issues +\par }\pard\plain \nowidctlpar\widctlpar\adjustright \fs20\lang1053\cgrid {\fs24 There are some command-line parameters you can use with Patch: +\par +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls10\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls10\adjustright {\fs24 +Patch /noadd means that you don\rquote t want Patch to start every Windows-session, probably most used for testing purposes. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls10\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls10\adjustright {\fs24 +Patch /remove removes itself from memory and registry. +\par }\pard \nowidctlpar\widctlpar\adjustright {\fs24 +\par }\pard\plain \s15\nowidctlpar\widctlpar\adjustright \lang1053\cgrid {If you feel that you want a more sophisticated NetBus-server package that integrates Patch with another softwar +e/game you can just execute Patch from that software, and the NetBus server will be installed without any notice. +\par }\pard\plain \nowidctlpar\widctlpar\adjustright \fs20\lang1053\cgrid {\fs24 +\par }{\i\fs24 Note}{\fs24 that Patch.exe can be (re-)named to whatever you want. +\par +\par }\pard\plain \s1\keepn\nowidctlpar\widctlpar\outlinelevel0\adjustright \b\ul\lang1053\cgrid {Expert issues +\par }\pard\plain \nowidctlpar\widctlpar\adjustright \fs20\lang1053\cgrid {\fs24 Of course the NetBus-server is always needed to be run before any client can connect to it. But how do you get it to run on the \'94victim\rquote s\'94 computer if you don\rquote +t have physical access to it or can \'94persuade\'94 the user to run it himself? +\par +\par Actually, it is possible, but to manage this you need to be a skilled programmer. Basically, you will need to find and exploit bugs in Microsoft\rquote +s Internet-programs. You may have heard of that recently Microsoft wanted all their customers to download a patch for their e-mail clients. +\par +\par Any unpatched program can give a good hacker the opportunity to execute arbitrary code in the system if the user opens/reads an e-mail that exploits the common \'94buffer overflow\'94 + bug. The filename of the attachment can be long enough to cause an overflow of the stack. This could then cause an jump to some code that lies in the \'94filename string\'94 + which can do anything, for example download programs from Internet and execute it!}{\fs24\ul +\par +\par }\pard\plain \s1\keepn\nowidctlpar\widctlpar\outlinelevel0\adjustright \b\ul\lang1053\cgrid {What\rquote s new? +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard\plain \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls8\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls8\adjustright \fs20\lang1053\cgrid { +\fs24 The NetBus server doesn\rquote t log incoming connections any more. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +SysEdit is renamed to Patch and installs itself automatically on the system, without need of the old /add parameter. Because of that, the parameter /noadd was added. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +From now on, Patch removes any old instance of itself from memory if you start it twice or more. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +Patch now contains KeyHook.dll as a resource, which is extracted at startup! +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 Patch doesn\rquote +t show up in the task list (Win95/98). +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +Deletion of files (added on users request, should not be abused). +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +Uploaded files can now be placed in any directory. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +Keys on the keyboard can be disabled. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 Pressing F12 (\'94boss-key +\'94) will minimize NetBus quick and easy into the traybar. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +Easier password-protection management. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 Message dialog manager. + +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-360\li360\nowidctlpar\widctlpar\jclisttab\tx360{\*\pn \pnlvlblt\ilvl0\ls7\pnrnot0\pnf3\pnstart1\pnindent360\pnhang{\pntxtb \'b7}}\ls7\adjustright {\fs24 +Show, kill and focus windows. +\par }\pard \nowidctlpar\widctlpar\adjustright {\fs24 +\par }\pard\plain \s1\sl240\slmult0\keepn\nowidctlpar\outlinelevel0\adjustright \b\ul\lang1053\cgrid {Author\rquote s comments +\par }\pard\plain \sl240\slmult0\nowidctlpar\adjustright \fs20\lang1053\cgrid {\fs24 The first public NetBus-version was released in the middle of march \endash +98. Back then, the user-interface was in swedish and I thought it could be nice to share this program with others. Wow, what reactions and comments it got! +\par +\par Some months later it appeared natural to translate the program to english. Thanks to this, now NetBus seems to be used and loved (mostly }{\fs24\lang1024 {\field{\*\fldinst SYMBOL 74 \\f "Wingdings" \\s 12}{\fldrslt\f14\fs24}}}{\fs24 +) everywhere! And since then many people have asked me to do newer versions of this software. This version includes the most requested features, like easier installation. +\par +\par You contact me by sending an e-mail to cf@bonsa.se. You\rquote re encouraged telling me how fun you have had! +\par }\pard \nowidctlpar\widctlpar\adjustright {\fs24 +\par }{\b\fs24\ul Functions}{\fs24 +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 Open/close the }{\fs22 CD-ROM}{\fs24 + once or in intervals (specified in seconds). +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Show optional image. If no full path of the image is given it will look for it in the Patch-directory. The supported image-formats is }{\fs22 BMP}{\fs24 and }{\fs22 JPG}{\fs24 . +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 Swap mouse buttons \endash + the right mouse button gets the left mouse button\rquote s functions and vice versa. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 Start optional application. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Play optional sound-file. If no full path of the sound-file is given it will look for it in the Patch-directory. The supported sound-format is }{\fs22 WAV}{\fs24 . +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Point the mouse to optional coordinates. You can even navigate the mouse on the target computer with your own! +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Show a message dialog on the screen. The answer is always sent back to you! +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 Shutdown the system, logoff the user etc. + +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Go to an optional URL within the default web-browser. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Send keystrokes to the active application on the target computer! The text in the field \'94Message/text\'94 will be inserted in the application that has focus. (\'94|\'94 represents enter). +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 Listen fo +r keystrokes and send them back to you! +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Get a screendump! (should not be used over slow connections) +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Return information about the target computer. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Upload any file from you to the target computer! With this feature it will be possible to remotely update Patch with a new version. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 Increase and decrease the sound-volume. + +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Record sounds that the microphone catch. The sound is sent back to you! +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Make click sounds every time a key is pressed! +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Download and deletion of any file from the target. You choose which file you wish to download/delete in a nice view that represents the harddisks on the target! +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 +Keys (letters) on the keyboard can be disabled. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls1\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls1\adjustright {\fs24 Password-protection management. +\par {\pntext\pard\plain\f3\cgrid \loch\af3\dbch\af0\hich\f3 \'b7\tab}}\pard \fi-283\li283\nowidctlpar\widctlpar{\*\pn \pnlvlblt\ilvl0\ls11\pnrnot0\pnf3\pnstart1\pnindent283\pnhang{\pntxtb \'b7}}\ls11\adjustright {\fs24 Show, +kill and focus windows on the system. +\par }\pard \nowidctlpar\widctlpar\adjustright {\fs24 +\par }\pard\plain \s15\nowidctlpar\widctlpar\adjustright \lang1053\cgrid {The functions above (there are some logical exceptions) can be delayed an optional number of seconds before they are executing. +\par +\par }{\b\ul Connecting +\par }{The connect button has one very nice feature. It can scan IP-numbers for a NetBus computer. As soon as it connect to someone it will stop. The syntax for IP-scanning is xx.xx.xx.xx+xx, e.g. 127}{\fs22 .0.0.1+15}{ will scan all IP-numbers in the range }{ +\fs22 127.0.0.1}{ to }{\fs22 127.0.0.16}{. +\par +\par }{\b\ul Password protection +\par }\pard\plain \nowidctlpar\widctlpar\adjustright \fs20\lang1053\cgrid {\fs24 If you just want to have fun with your friend\rquote s computer yourself, and don\rquote +t want someone else to connect to it you can password protect it. To accomplish this you start SysEdit with the parameter /pass:thepassword, or use the administration functions in NetBus. +\par +\par Now everybody who hasn\rquote t the correct password will fail when trying to connect or sending commands to that computer. +\par +\par }{\b\fs24\ul Hint}{\fs24 +\par You should perhaps test the functions in NetBus against yourself before you start fooling with your friends, so you know what\rquote s happening (send text will, however, not work on yourself)! Your own machine can be addressed via \'94localhost\'94. + +\par +\par }\pard \sl240\slmult0\nowidctlpar\adjustright {\b\fs24\ul Systemdemands}{\fs24 +\par }\pard \fi-1701\li1701\sl240\slmult0\nowidctlpar\adjustright {\fs24 Windows 95, Windows NT or later versions of Windows. +\par }\pard \nowidctlpar\widctlpar\adjustright {\fs24 +\par }} \ No newline at end of file diff --git a/Hacking/App/Troyanos/NetBus/patch.zip b/Hacking/App/Troyanos/NetBus/patch.zip new file mode 100644 index 0000000..4c65e6b Binary files /dev/null and b/Hacking/App/Troyanos/NetBus/patch.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/Sub7Show.reg b/Hacking/App/Troyanos/SubSeven/Sub7Show.reg new file mode 100644 index 0000000..5e7058f --- /dev/null +++ b/Hacking/App/Troyanos/SubSeven/Sub7Show.reg @@ -0,0 +1,6 @@ +REGEDIT4 + +[HKEY_LOCAL_MACHINE\Software\SubSeven] +"7_x"="1" +"7_y"="1" + diff --git a/Hacking/App/Troyanos/SubSeven/skins/60's.zip b/Hacking/App/Troyanos/SubSeven/skins/60's.zip new file mode 100644 index 0000000..67d77e0 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/60's.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Alien.zip b/Hacking/App/Troyanos/SubSeven/skins/Alien.zip new file mode 100644 index 0000000..fb418ce Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Alien.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/B9.zip b/Hacking/App/Troyanos/SubSeven/skins/B9.zip new file mode 100644 index 0000000..19a5b1c Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/B9.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Black and White.zip b/Hacking/App/Troyanos/SubSeven/skins/Black and White.zip new file mode 100644 index 0000000..eb791c5 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Black and White.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/BnW.zip b/Hacking/App/Troyanos/SubSeven/skins/BnW.zip new file mode 100644 index 0000000..cf293c5 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/BnW.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Energy.zip b/Hacking/App/Troyanos/SubSeven/skins/Energy.zip new file mode 100644 index 0000000..e9df519 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Energy.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Evil.zip b/Hacking/App/Troyanos/SubSeven/skins/Evil.zip new file mode 100644 index 0000000..8f19329 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Evil.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/FroZen.zip b/Hacking/App/Troyanos/SubSeven/skins/FroZen.zip new file mode 100644 index 0000000..be2bb6b Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/FroZen.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Hacker.zip b/Hacking/App/Troyanos/SubSeven/skins/Hacker.zip new file mode 100644 index 0000000..df8a2ec Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Hacker.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/ICP.zip b/Hacking/App/Troyanos/SubSeven/skins/ICP.zip new file mode 100644 index 0000000..ff4d0a3 --- /dev/null +++ b/Hacking/App/Troyanos/SubSeven/skins/ICP.zip @@ -0,0 +1,3 @@ +Socket Error +

Socket Error

Connection to Remote Host timed out + diff --git a/Hacking/App/Troyanos/SubSeven/skins/Ice.zip b/Hacking/App/Troyanos/SubSeven/skins/Ice.zip new file mode 100644 index 0000000..2fe3910 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Ice.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/IceSkin.zip b/Hacking/App/Troyanos/SubSeven/skins/IceSkin.zip new file mode 100644 index 0000000..596f7fd Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/IceSkin.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Matrix.zip b/Hacking/App/Troyanos/SubSeven/skins/Matrix.zip new file mode 100644 index 0000000..4b9178c Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Matrix.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/MetL.zip b/Hacking/App/Troyanos/SubSeven/skins/MetL.zip new file mode 100644 index 0000000..3c28375 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/MetL.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Neozum.zip b/Hacking/App/Troyanos/SubSeven/skins/Neozum.zip new file mode 100644 index 0000000..97a97da Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Neozum.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Nokia.zip b/Hacking/App/Troyanos/SubSeven/skins/Nokia.zip new file mode 100644 index 0000000..733c11b Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Nokia.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Paranoid.zip b/Hacking/App/Troyanos/SubSeven/skins/Paranoid.zip new file mode 100644 index 0000000..4f8cdd5 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Paranoid.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/PlumCrazy.zip b/Hacking/App/Troyanos/SubSeven/skins/PlumCrazy.zip new file mode 100644 index 0000000..3ff62cc Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/PlumCrazy.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/RED.zip b/Hacking/App/Troyanos/SubSeven/skins/RED.zip new file mode 100644 index 0000000..a02c43b Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/RED.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Relik.zip b/Hacking/App/Troyanos/SubSeven/skins/Relik.zip new file mode 100644 index 0000000..43f9d72 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Relik.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/RogueSpear.zip b/Hacking/App/Troyanos/SubSeven/skins/RogueSpear.zip new file mode 100644 index 0000000..1ba1c50 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/RogueSpear.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Submarine.zip b/Hacking/App/Troyanos/SubSeven/skins/Submarine.zip new file mode 100644 index 0000000..218bbb1 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Submarine.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/UnrealTournament.zip b/Hacking/App/Troyanos/SubSeven/skins/UnrealTournament.zip new file mode 100644 index 0000000..5bb2a1c Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/UnrealTournament.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/Xavier.zip b/Hacking/App/Troyanos/SubSeven/skins/Xavier.zip new file mode 100644 index 0000000..3ffaece Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/Xavier.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/blueskin.zip b/Hacking/App/Troyanos/SubSeven/skins/blueskin.zip new file mode 100644 index 0000000..90dc57f Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/blueskin.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/chiller.zip b/Hacking/App/Troyanos/SubSeven/skins/chiller.zip new file mode 100644 index 0000000..da0061e Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/chiller.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/fire.zip b/Hacking/App/Troyanos/SubSeven/skins/fire.zip new file mode 100644 index 0000000..72eefad Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/fire.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/forest.zip b/Hacking/App/Troyanos/SubSeven/skins/forest.zip new file mode 100644 index 0000000..74cd273 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/forest.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/lava.zip b/Hacking/App/Troyanos/SubSeven/skins/lava.zip new file mode 100644 index 0000000..f8e5eae Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/lava.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/smooth.zip b/Hacking/App/Troyanos/SubSeven/skins/smooth.zip new file mode 100644 index 0000000..bc02e1f Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/smooth.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/skins/weedskin.zip b/Hacking/App/Troyanos/SubSeven/skins/weedskin.zip new file mode 100644 index 0000000..156df02 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/skins/weedskin.zip differ diff --git a/Hacking/App/Troyanos/SubSeven/sub7213.exe b/Hacking/App/Troyanos/SubSeven/sub7213.exe new file mode 100644 index 0000000..9915341 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/sub7213.exe differ diff --git a/Hacking/App/Troyanos/SubSeven/sub7213unpacked.zip b/Hacking/App/Troyanos/SubSeven/sub7213unpacked.zip new file mode 100644 index 0000000..6fb58c1 Binary files /dev/null and b/Hacking/App/Troyanos/SubSeven/sub7213unpacked.zip differ diff --git a/Hacking/App/Troyanos/bladerunner-2.zip b/Hacking/App/Troyanos/bladerunner-2.zip new file mode 100644 index 0000000..8997d4e Binary files /dev/null and b/Hacking/App/Troyanos/bladerunner-2.zip differ diff --git a/Hacking/App/Troyanos/cdc/bo120.zip b/Hacking/App/Troyanos/cdc/bo120.zip new file mode 100644 index 0000000..1525d64 Binary files /dev/null and b/Hacking/App/Troyanos/cdc/bo120.zip differ diff --git a/Hacking/App/Troyanos/cdc/bo2k_1.0.zip b/Hacking/App/Troyanos/cdc/bo2k_1.0.zip new file mode 100644 index 0000000..eb6aa4c Binary files /dev/null and b/Hacking/App/Troyanos/cdc/bo2k_1.0.zip differ diff --git a/Hacking/App/Troyanos/cdc/bo2ksrc.zip b/Hacking/App/Troyanos/cdc/bo2ksrc.zip new file mode 100644 index 0000000..2ec1fc3 Binary files /dev/null and b/Hacking/App/Troyanos/cdc/bo2ksrc.zip differ diff --git a/Hacking/App/Troyanos/saranwrap.zip b/Hacking/App/Troyanos/saranwrap.zip new file mode 100644 index 0000000..0902b33 Binary files /dev/null and b/Hacking/App/Troyanos/saranwrap.zip differ diff --git a/Hacking/Doc/CheckList.txt b/Hacking/Doc/CheckList.txt new file mode 100644 index 0000000..8e1baed --- /dev/null +++ b/Hacking/Doc/CheckList.txt @@ -0,0 +1,1814 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================== +UNIX Computer Security Checklist (Version 1.1) Last Update 19-Dec-1995 +============================================================================== +The Australian Computer Emergency Response Team has developed a checklist which +assists in removing common and known security vulnerabilities under the UNIX +Operating System. It is based around recently discovered security +vulnerabilities and other checklists which are readily available (see +references in Appendix C). + +This document can be retrieved via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist + +For information about detecting or recovering from an intrusion, see the +CERT security information document which can be retrieved via anonymous ftp +from: + ftp://ftp.auscert.org.au/pub/cert/tech_tips/security_info + +It is AUSCERT's intention to continue to update this checklist. Any +comments should be directed via email to auscert@auscert.org.au. Before +using this document, ensure you have the latest version. New versions of this +checklist will be placed in the same area on the ftp server and should be +checked for periodically. + +In order to make effective use of this checklist, readers will need to have +a good grasp of basic UNIX system administration concepts. Refer to C.9 and +C.10 for books on UNIX system administration. + +If possible, apply this checklist to a system before attaching it to a network. + +In addition, we recommend that you use the checklist on a regular basis as well +as after you install any patches or new versions of the operating system, with +consideration given to the appropriateness of each action to your particular +situation. + +Command examples have been supplied for BSD-like and SVR4-like systems (see +Appendix F for operating system details and Appendix G for command details). +Full directory paths and program options may vary for different flavours of +UNIX. If in doubt, consult your vendor documentation. + +For ease of use, the checklist has been organised into separate, logically +cohesive sections. All sections are important. An abbreviated version of +this checklist can be found in Appendix D. + +CHECKLIST INDEX: 1.0 Patches + 2.0 Network security + 3.0 ftpd and anonymous ftp + 4.0 Password and account security + 5.0 File system security + 6.0 Vendor operating system specific security + 7.0 Security and the X Window System + +APPENDICES: Appendix A Other AUSCERT information sources + Appendix B Useful security tools + Appendix C References + Appendix D Abbreviated Checklist + Appendix E Shell Scripts + Appendix F Table of operating systems by flavour + Appendix G List of commands by flavour + +Any trademarks which appear in this document are registered to their +respective owners. + +============================================================================== +1.0 Patches +============================================================================== + * Retrieve the latest patch list from your vendor and install any + patches not yet installed that are recommended for your system. + Some patches may re-enable default configurations. For this + reason, it is important to go through this checklist AFTER + installing ANY new patches or packages. + * Details on obtaining patches may be found in Section 6. + * Verify the digital signature of any signed files. Tools like PGP may + be used to sign files and to verify those signatures. + (Refer to B.15 for PGP access information). + * If no digital signature is supplied but an md5(1) checksum is supplied, + then verify the checksum information to confirm that you have retrieved + a valid copy. + (Refer to B.10 for MD5 access information). + * If only a generic sum(1) checksum is provided, then check that. Be + aware that the sum(1) checksum should not be considered secure. + +============================================================================== +2.0 Network security +============================================================================== + The following is a list of features that can be used to help + prevent attacks from external sources. + + 2.1 Filtering + * ENSURE that ONLY those services which are required from outside your + domain are allowed through your router filters. + In particular, if the following are not required outside your + domain, then filter them out at the router. + + NAME PORT PROTOCOL NAME PORT PROTOCOL + + echo 7 TCP/UDP login 513 TCP + systat 11 TCP shell 514 TCP + netstat 15 TCP printer 515 TCP + bootp 67 UDP biff 512 UDP + tftp 69 UDP who 513 UDP + link 87 TCP syslog 514 UDP + supdup 95 TCP uucp 540 TCP + sunrpc 111 TCP/UDP route 520 UDP + NeWS 144 TCP openwin 2000 TCP + snmp 161 UDP NFS 2049 UDP/TCP + xdmcp 177 UDP X11 6000 to 6000+n TCP + exec 512 TCP (where n is the maximum number + of X servers you will have) + + Note: Any UDP service that replies to an incoming packet may be + subject to a denial of service attack. + + See CERT advisory CA-95.01 (C.8) for more details. + + Filtering is difficult to implement correctly. For information on + packet filtering, please see Firewalls and Internet Security (C.6) + and Building Internet Firewalls (C.7). + + 2.2 "r" commands + + 2.2.1 If you don't NEED to use the "r" commands... + * DO disable all "r" commands (rlogin, rsh etc.) unless specifically + required. + This may increase your risk of password exposure in network + sniffer attacks, but "r" commands have been a regular source of + insecurities and attacks. Disabling them is by far the lesser of + the two evils (see 2.9.1). + + 2.2.2 If you must run the "r" commands... + * DO use more secure versions of the "r" commands for cases where + there is a specific need. + Wietse Venema's logdaemon package contains a more secure version + of the "r" command daemons. These versions can be configured to + consult only /etc/hosts.equiv and not $HOME/.rhosts. There is + also an option to disable the use of wildcards ('+'). + Refer to B.13 for access information for the logdaemon package + * DO filter ports 512,513 and 514 (TCP) at the router if you do use any + of the "r" commands. + This will stop people outside your domain from exploiting these + commands but will not stop people inside your domain. + To do this you will need to disable these commands (see 2.2.1). + * DO use tcp_wrappers to provide greater access and logging on these + network services (see 2.12). + + 2.3 /etc/hosts.equiv + + 2.3.1 It is recommended that the following action be taken whether or not + the "r" commands are in use on your system. + * CHECK if the file /etc/hosts.equiv is required. + If you are running "r" commands, this file allows other hosts to + be trusted by your system. Programs such as rlogin can then be + used to log on to the same account name on your machine from a + trusted machine without supplying a password. + If you are not running "r" commands or you do not wish to + explicitly trust other systems, you should have no use for + this file and it should be removed. If it does not exist, it + cannot cause you any problems if any of the "r" commands are + accidentally re-enabled. + + 2.3.2 If you must have a /etc/hosts.equiv file + * ENSURE that you keep only a small number of TRUSTED hosts listed. + * DO use netgroups for easier management if you run NIS (also known + as YP) or NIS+. + * DO only trust hosts within your domain or under your management. + * ENSURE that you use fully qualified hostnames, + i.e., hostname.domainname.au + * ENSURE that you do NOT have a '+' entry by itself anywhere in the + file as this may allow any user access to the system. + * ENSURE that you do not use '!' or '#' in this file. + There is no comment character for this file. + * ENSURE that the first character of the file is not '-'. + Refer to the CERT advisory CA-91:12 (C.8). + * ENSURE that the permissions are set to 600. + * ENSURE that the owner is set to root. + * CHECK it again after each patch or operating system installation. + + 2.4 /etc/netgroup + * If you are using NIS (YP) or NIS+, DO define each netgroup to contain + only usernames or only hostnames. + All utilities parse /etc/netgroup for either hosts or + usernames, but never both. Using separate netgroups makes it + easier to remember the function of each netgroup. The added + time required to administer these extra netgroups is a small + cost in ensuring that strange permission combinations have not + left your machine in an insecure state. + Refer to the manual pages for more information. + + 2.5 $HOME/.rhosts + + 2.5.1 It is recommended that the following action be taken whether or not + the "r" commands are in use on your system. + * ENSURE that no user has a .rhosts file in their home directory. + They pose a greater security risk than /etc/hosts.equiv, as one + can be created by each user. There are some genuine needs for + these files, so hear each one on a case-by-case basis; e.g., + running backups over a network unattended. + * DO use cron to periodically check for, report the contents of + and delete $HOME/.rhosts files. Users should be made aware that + you regularly perform this type of audit, as directed by policy. + + 2.5.2 If you must have such a file + * ENSURE the first character of the file is not '-'. + Refer to the CERT advisory CA-91:12 (C.8). + * ENSURE that the permissions are set to 600. + * ENSURE that the owner of the file is the account's owner. + * ENSURE that the file does NOT contain the symbol "+" on any line as + this may allow any user access to this account. + * ENSURE that usage of netgroups within .rhosts does not allow + unintended access to this account. + * ENSURE that you do not use '!' or '#' in this file. + There is no comment character for this file. + * REMEMBER that you can also use logdaemon to restrict the use of + $HOME/.rhosts (see 2.2.2). + + 2.6 NFS + When using NFS, you implicitly trust the security of the NFS server + to maintain the integrity of the mounted files. + * DO filter NFS traffic at the router. + Filter TCP/UDP on port 111 + TCP/UDP on port 2049 + This will prevent machines not on your subnet from accessing + file systems exported by your machines. + * DO apply all available patches. + NFS has had a number of security vulnerabilities. + * DO disable NFS if you do not need it. + See your vendor supplied documentation for detailed instructions. + * DO enable NFS port monitoring. + Calls to mount a file system will then be accepted from ports < 1024 + only. This will provide added security in some circumstances. + See your vendor's documentation to determine whether this is an + option for your version of UNIX (see also 6.1.8 and 6.2.4). + * DO use /etc/exports or /etc/dfs/dfstab to export ONLY the file systems + you need to export. + If you aren't certain that a file system needs to be exported, + then it probably shouldn't be exported. + * DO NOT self-reference an NFS server in its own exports file. + i.e., The exports file should not export the NFS server to + itself in part or in total. In particular, ensure the NFS server + is not contained in any netgroups listed in its exports file. + * DO NOT allow the exports file to contain a 'localhost' entry. + * DO export to fully qualified hostnames only. + i.e., Use the full machine address 'machinename.domainname.au' and + do not abbreviate it to 'machinename'. + * ENSURE that export lists do not exceed 256 characters. + If you have access lists of hosts within /etc/exports, the list + should not exceed 256 characters AFTER any host name aliases have + been expanded. + Refer to the CERT Advisory CA-94:02 (C.8). + * DO run fsirand for all your file systems and rerun it periodically. + Firstly, ensure that you have installed any patches for fsirand. + Then ensure the file system is unmounted and run fsirand. + Predictable file handles assist crackers in abusing NFS. + * ENSURE that you never export file systems unintentionally to the world. + Use a -access=host.domainname.au option or equivalent in + /etc/exports. + See the manual page for "exports" or "dfstab" for further examples. + * DO export file systems read-only (-ro) whenever possible. + See the manual page for "exports" or "dfstab" for more information. + * If NIS is required in your situation, then DO use the secure option in + the exports file and mount requests (if the secure option is available). + * DO use showmount -e to see what you currently have exported. + * ENSURE that the permissions of /etc/exports are set to 644. + * ENSURE that /etc/exports is owned by root. + * ENSURE that you run a portmapper or rpcbind that does not forward + mount requests from clients. + A malicious NFS client can ask the server's portmapper daemon + to forward requests to the mount daemon. The mount daemon + processes the request as if it came directly from the portmapper. + If the file system is self-mounted this gives the client + unauthorised permissions to the file system. + Refer to section B.14 for how to obtain an alternate portmapper or + rpcbind that disallow proxy access. + Refer to the CERT Advisory 94:15 (C.8). + * REMEMBER that changes in /etc/exports will take effect only after + you run /usr/etc/exportfs or equivalent. + + Note: A "web of trust" is created between hosts connected to each other via + NFS. That is, you are trusting the security of any NFS server you use. + + 2.7 /etc/hosts.lpd + * ENSURE that the first character of the file is not '-'. + (Refer to the CERT advisory CA-91:12 (see C.8)). + * ENSURE that the permissions on this file are set to 600. + * ENSURE that the owner is set to root. + * ENSURE that you do not use '!' or '#' in this file. + There is no comment character for this file. + + 2.8 Secure terminals + * This file may be called /etc/ttys, /etc/default/login or + /etc/security. See the manual pages for file format and usage + information. + * ENSURE that the secure option is removed from all entries that + don't need root login capabilities. + The secure option should be removed from console if you do not + want users to be able to reboot in single user mode. + Note: This does not affect usability of the su(1) command. + * ENSURE that this file is owned by root. + * ENSURE that the permissions on this file are 644. + + 2.9 Network services + + 2.9.1 /etc/inetd.conf + * ENSURE that the permissions on this file are set to 600. + * ENSURE that the owner is root. + * DO disable any services which you do not require. + - To do this we suggest that you comment out ALL services by + placing a "#" at the beginning of each line. Then enable + the ones you NEED by removing the "#" from the beginning + of the line. In particular, it is best to avoid "r" commands + and tftp, as they have been major sources of insecurities. + - For changes to take effect, you need to restart the inetd + process. Do this by issuing the commands in G.1. For some + systems (including AIX), these commands are not sufficient. + Refer to vendor documentation for more information. + + 2.9.2 Portmapper + * DO disable any non-required services that are started up in the system + startup procedures and register with the portmapper. See G.2 for a + command to help check for registered services. + + 2.10 Trivial ftp (tftp) + * If tftp is not needed, comment it out from the file + /etc/inetd.conf and restart the inetd process (as above). + * If required, read the AUSCERT Advisory SA-93:05 (see A.1) and follow + the recommendations. + + 2.11 /etc/services + * ENSURE that the permissions on this file are set to 644. + * ENSURE that the owner is root. + + 2.12 tcp_wrapper (also known as log_tcp) + * ENSURE that you are using this package. + - Customise and install it for your system. + - Enable PARANOID mode + - Consider running with the RFC931 option + - Deny all hosts by putting "all:all" in /etc/hosts.deny and + explicitly list trusted hosts who are allowed access to your + machine in /etc/hosts.allow. + - See the documentation supplied with this package for details + about how to do the above. + * DO wrap all TCP services that you have enabled in /etc/inetd.conf + * DO consider wrapping any udp services you have enabled. If you + wrap them, then you will have to use the nowait option in the + /etc/inetd.conf file. + * See section B.4 for instructions to obtain tcp_wrapper. + + 2.13 /etc/aliases + * Comment out the "decode" alias by placing a "#" at the beginning + of the line. For this change to take effect you will need to run + /usr/bin/newaliases. If you run NIS (YP), you will then need to + rebuild your maps (see G.3). + * ENSURE that all programs executable by an alias are owned by root, + have permissions 755 and are stored in a systems directory + e.g., /usr/local/bin. If smrsh is in use, program execution may be + further restricted. Refer to the smrsh documentation for more details + (see B.9). + + 2.14 Sendmail + * DO use the latest version of Eric Allman's sendmail 8.x (currently + 8.7.3), as it currently contains no KNOWN vulnerabilities. + The latest version is available via anonymous FTP from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.cs.berkeley.edu + /ucb/sendmail + NOTE: If you don't already run Eric Allman's sendmail.8.7.*, + then it may take you some time to build, install, and + configure the system to your needs. Other sendmail(8) + configuration files may not be compatible with + sendmail(8) 8.7.x. There is some help available for + converting from SUN's sendmail: bundled with the distribution + of sendmail(8) v8.7.x is a document on converting standard + SUN configuration files to sendmail(8) v8.*. This is located + in the distribution, in the file: + contrib/converting.sun.configs + * If you use a vendor version of sendmail, ENSURE that you have + installed the latest patches as sendmail(8) has been a source of a + number of security vulnerabilities. + Refer to AUSCERT Advisories SA-93:10, AA-95.08 and AA-95.09b (A.1) + and CERT Advisories CA-94:12, CA-95:05 and CA-95:08 (C.8). + * If you require progmailer functionality then DO use smrsh (see B.9). + * If you do not require progmailer functionality then DO disable mail to + programs by setting this field to /bin/false in the sendmail + configuration file. + * ENSURE that your version of sendmail does not have the wizard + password enabled (see G.4). ENSURE that if you have a line starting + with "OW" in /etc/sendmail.cf, it only has a "*" next to it. + * DO increase sendmail(8) logging to a minimum log level of 9. + This will help detect attempted exploitation of the sendmail(8) + vulnerabilities. See G.5 for example commands. + * DO increase the level of logging provided by syslog. + Enable a minimum level of "info" for mail messages to be + logged to the console and/or the syslog file. See G.6 for + example code and instructions. + * REMEMBER that you will need to restart sendmail for any changes to take + effect. If you are running a frozen configuration file (sendmail.fc), + you will need to rebuild it before restarting sendmail(8) (see G.7). + + 2.15 majordomo + * ENSURE that your version is greater than 1.91. + See AUSCERT Advisory SA-94.03 (see A.1) for more details. + + 2.16 fingerd + * If your version of fingerd is older than than 5 November 1988, DO + replace it with a newer version. + * Finger can provide a would-be intruder with a lot of information + about your host. CONSIDER the finger information you provide and + think about reducing the content by disabling finger or by + replacing it with a version that only offers restricted information. + NOTE: other services such as rusers and netstat may give out similar + information. + * DO NOT use GNU finger v1.37 as it may allow intruders to read any file. + + 2.17 UUCP + * DO disable the uucp account, including the shell that it executes + for logging in, if it is not used at your site. + uucp may be shipped in a dangerous state. + * REMOVE any .rhosts file at the uucp home directory. + * ENSURE that the file L.cmds is owned by root. + * ENSURE that no uucp owned files or directories are world writable. + * ENSURE that you have assigned a different uucp login for each site + that needs uucp access to your machine. + * ENSURE that you have limited the number of commands that each uucp + login can execute to a bare minimum. + * DO consider deleting the whole uucp subsystem if it is not required. + * ENSURE there are no vendor-supplied uucp or root crontab entries. + + 2.18 REXD + * DO disable this service. + Comment this out in the inetd.conf file. See section 2.9.1 for + details on how to do this. rexd servers have little or no + security in their design or implementation. Intruders can exploit + this service to execute commands as any user. + + 2.19 World Wide Web (WWW) - httpd + * ENSURE that you are using the most recent version of the http daemon + of your choice. + * DO run the server daemon httpd as a specially created nonprivileged + user such as 'httpd'. + This way, if an intruder finds a vulnerability in the server + they will only have access privileges for this unprivileged user. + * DO NOT run the server daemon as root. + * DO NOT run the client processes as root. + * DO run httpd in a chroot(1) environment. + This sets up an alternate root directory that severely limits + access of http clients to the rest of the disk. + * For systems which do not have a chroot(1) command, use of chrootuid + (see B.16) may be of assistance. + * DO carefully go through the configuration options for your server. + * DO use the configuration options to give extra protection to + sensitive directories by turning off the 'include files' feature. + This will disallow files from these directories from being + included in HTML documents. + * DO use CGIWRAP. (See B.17) + * DO NOT run CGI (Common Gateway Interface) scripts if they are not + required. + * DO be very careful in constructing CGI programs. + These programs compute information to be returned to clients + and are often driven by input from the remote user who may be + hostile. If these programs are not carefully constructed, it may + be possible for remote users to subvert them to execute arbitrary + commands on the server system. Almost all vulnerabilities arise + from these issues. + * DO provide CGIs as statically linked binaries rather than as interpreted + scripts. + This will remove the need for a command interpreter to be + available inside the chrooted environment. + * ENSURE that the contents, permissions and ownership of files in the + cgi-bin directory are what you expect them to be (see your site security + policy document for more details). + * AVOID passing user input directly to command interpreters + such as Perl, AWK, UNIX shells or programs that allow commands + to be embedded in outgoing messages such as /usr/ucb/mail + * FILTER user input for potentially dangerous characters before + it is passed to any command interpreters. + Possibly dangerous characters include \n \r (.,/;~!)>|^&$`< . + (Refer to the CERT Advisory CA-95:04 (see C.8)). + +============================================================================== +3.0 ftpd and anonymous ftp +============================================================================== + 3.1 Versions + * ENSURE that you are using the most recent version of the ftp daemon + of your choice. + * DO consider installing the Washington University ftpd if you don't + already have it (see B.19). + * For BSDI systems, patch 005 should be applied to version 1.1 of the + BSD/386 software (see B.20). + + 3.2 Configuration + * CHECK all default configuration options on your ftp server. + * ENSURE that your ftp server does not have the SITE EXEC command + (see G.8 for command details). + * ENSURE that you have set up a file /etc/ftpusers which specifies + those users that are NOT allowed to connect to your ftpd. + This should include, as a MINIMUM, the entries: root, bin, + uucp, ingres, daemon, news, nobody and ALL vendor supplied + accounts. + + 3.3 Anonymous ftp only + * To ascertain whether you are running anonymous ftp, try to connect + to the localhost using anonymous ftp. Be sure to give an RFC822 + compliant username as the password (see G.9). + * To disable anonymous ftp, move or delete all files in ~ftp/ and then + remove the user ftp from your password file. + * If you are running distributed passwords (e.g., NIS, NIS+) then you + will need to check the password entries served to your machine as + well as those in your local password file. + + 3.3.1 Configuration of your ftp server + * CHECK all default configuration options on your ftp server. + Not all versions of ftp are configurable. If you have a + configurable version of ftp (e.g., wu-ftp) then make sure that + all delete, overwrite, rename, chmod and umask options (there + may be others) are NOT allowed for guests and anonymous users. + In general, anonymous users should not have any unnecessary + privileges. + * ENSURE that you DO NOT include a command interpreter (such as a shell + or tools like perl) in ~ftp/bin, ~ftp/usr/bin, ~ftp/sbin or similar + directory configurations that can be executed by SITE EXEC + (Refer to AUSCERT advisory SA-94.01 (see A.1)). + * DO NOT keep system commands in ~ftp/bin, ~ftp/usr/bin, ~ftp/sbin + or similar directory configurations that can be executed by SITE EXEC. + It may be necessary to keep some commands, such as uncompress, in + these locations. Consider the inclusion of each command on a case + by case basis and be aware that the presence of such commands may + make it possible for local users to gain unauthorised access. + Be wary of including commands that can execute arbitrary commands. + For example, some versions of tar may allow you to execute an + arbitrary file. + (Refer to AUSCERT advisory SA-94.01 (see A.1)). + * ENSURE that you use an invalid password and user shell for the ftp + entry in the system password file and the shadow password file (if + you have one). It should look something like: + ftp:*:400:400:Anonymous FTP:/home/ftp:/bin/false + where /home/ftp is the anonymous ftp area. + * ENSURE that the permissions of the ftp home directory (~ftp/) are set + to 555 (read nowrite execute), owner set to root (NOT ftp). + * ENSURE that you DO NOT have a copy of your real /etc/passwd file + as ~ftp/etc/passwd. + Create one from scratch with permissions 444, owned by root. It + should not contain the names of any accounts in your real + password file. It should contain only root and ftp. These + should be dummy entries with disabled passwords eg: + root:*:0:0:Ftp maintainer:: + ftp:*:400:400:Anonymous ftp:: + The password file is used only to provide uid to username mapping for + ls(1) listings. + * ENSURE that you DO NOT have a copy of your real /etc/group file as + ~ftp/etc/group. + Create one from scratch with permissions 444, owned by root. + * ENSURE the files ~ftp/.rhosts and ~ftp/.forward do not exist. + * DO set the login shell of the ftp account to a non-functional shell + such as /bin/false. + + 3.3.2 Permissions + * ENSURE NO files or directories are owned by the ftp account or have + the same group as the ftp account. + If they are, it may be possible for an intruder to replace them + with a trojan version. + * ENSURE that the anonymous ftp user cannot create files or directories + in ANY directory unless required (see Section 3.3.3). + * ENSURE that the anonymous ftp user can only read information in public + areas. + * ENSURE that the permissions of the ftp home directory (~ftp/) are set + to 555 (read nowrite execute), owner set to root (NOT ftp). + * ENSURE that the system subdirectories ~ftp/etc and ~ftp/bin + have the permissions 111 only, owner set to root. + * ENSURE that the permissions of files in ~ftp/bin/* have the + permissions 111 only, owner set to root. + * ENSURE that the permissions of files in ~ftp/etc/* are set to + 444, owner set to root. + * ENSURE that there is a mail alias for ftp to avoid mail bounces. + * ENSURE /usr/spool/mail/ftp is owned by root with permissions 400. + + 3.3.3 Writable directories + * ENSURE that you don't have any writable directories. + It is safest not to have any writable directories. If you do + have any, we recommend that you limit the number to one. + * ENSURE that writable directories are not also readable. + Directories that are both writable and readable may be used + in an unauthorised manner. + * ENSURE that any writable directories are owned by root and have + permissions 1733. + * DO put writable directories on a separate partition if possible. + This will help to prevent denial of service attacks. + * DO read Anonymous FTP Configuration Guidelines (see B.21). + + 3.3.4 Disk mounting + * NEVER mount disks from other machines to the ~ftp hierarchy + unless they are set read-only in the mount command. + +============================================================================== +4.0 Password and account security +============================================================================== + This section of the checklist can be incorporated as part of a + password and account usage policy. + + 4.1 Policy + * ENSURE that you have a password policy for your site. + See the AUSCERT Advisory SA-93.04 (see A.1). + * ENSURE you have a User Registration Form for each user on each + system. Make sure that this form includes a section that the + intending applicant signs, stating that they have read your account + usage policy and what the consequences are if they misuse their + account. + + 4.2 Proactive Checking + * DO use anlpasswd to proactively screen passwords as they are entered. + This program runs a series of checks on passwords when they are + set, which assists in avoiding poor passwords. It works with + normal, shadow and NIS (or yp) password systems. + (Refer to section B.3 for how to obtain it). + * DO check passwords periodically with Crack. + (Refer to section B.1 for how to obtain Crack). + * DO apply password ageing (if possible). + + 4.3 NIS, NIS+ and /etc/passwd entries + * DO NOT run NIS or NIS+ if you don't really need it. + * If NIS functionality is required, DO use NIS+ if possible. + * ENSURE that the only machines that have a '+' entry in the /etc/passwd + files are NIS (YP) clients; i.e., NOT the NIS master server! + There appears to be conflicting documentation and + implementations regarding the '+' entry format and so a + generic solution is not available here. It would be best to + consult your vendor's documentation. + Some of the available documentation suggests placing a '*' in + the password field, which is NOT consistent across all + implementations of NIS. We recommend testing your systems on a + case-by-case basis to see if they correctly implement the '*' + in the password field. + See G.10 for instructions. + * ENSURE that /etc/rc.local or the equivalent startup procedure is set up + to start ypbind with the -s option. + This may not be applicable on all systems. Check your + documentation. + * DO use secure RPC. + + 4.4 Password shadowing + * DO enable vendor supplied password shadowing or a third party + product. + Password shadowing restricts access to users' encrypted passwords. + * DO periodically audit your password and shadow password files + for unauthorised additions or inconsistencies. + + 4.5 Administration + * ENSURE that you regularly audit your system for dormant accounts + and disable any that have not been used for a specified period, + say 3 months. Send out account renewal notices by post and delete + any accounts of users that do not reply. + [NOTE: Do not email renewal notices because any accounts being used + illegitimately will reply as expected and hence will not be discovered] + * ENSURE that all accounts have passwords. Check shadow or NIS passwords + too, if you have them. + i.e., the password field is not empty. + * ENSURE that any user area is adequately backed up and archived. + * DO regularly monitor logs for successful and unsuccessful su(1) + attempts. + * DO regularly check for repeated login failures. + * DO regularly check for LOGIN REFUSED messages. + * Consider quotas on user accounts if you do not have them. + * Consider requiring that users physically identify themselves before + granting any requests regarding accounts (e.g., before creating a + user account). + + 4.6 Special accounts + * ENSURE that there are no shared accounts other than root in accordance + with site security policy. + i.e., more than one person should not know the password to an + account. + * Disable guest accounts. + Better yet, do not create guest accounts! + [NOTE: Some systems come preconfigured with guest accounts] + * DO use special groups (such as the "wheel" group under SunOS) to + restrict which users can use su to become root. + * DISABLE ALL default vendor accounts shipped with the Operating System. + This should be checked after each upgrade or installation. + * DO Disable accounts that have no password which execute a command, for + example "sync". + Delete or change ownership of any files owned by these + accounts. Ensure that these accounts do not have any cron or + at jobs. It is best to remove these accounts entirely. + * DO assign non-functional shells (such as /bin/false) to system + accounts such as bin and daemon and to the sync account if it is + not needed. + * DO put system accounts in the /etc/ftpusers file so they cannot use + ftp. + This should include, as a MINIMUM, the entries: root, bin, + uucp, ingres, daemon, news, nobody and ALL vendor supplied + accounts. + + 4.7 Root account + * DO restrict the number of people who know the root password. + These should be the same users registered with groupid 0 + (e.g., wheel group on SunOS). Typically this is limited to at most + 3 or 4 people. + * DO NOT log in as root over the network, in accordance with site + security policy. + * DO su from user accounts rather than logging in as root. + This provides greater accountability. + * ENSURE root does not have a ~/.rhosts file. + * ENSURE "." is not in root's search path. + * ENSURE root's login files do not source any other files not + owned by root or which are group or world writable. + * ENSURE root cron job files do not source any other files not + owned by root or which are group or world writable. + * DO use absolute path names when root. + e.g., /bin/su, /bin/find, /bin/passwd. This is to stop the + possibility of root accidentally executing a trojan horse. To + execute commands in the current directory, root should prefix + the command with "./", e.g., ./command. + + 4.8 .netrc files + * DO NOT use .netrc files unless it is absolutely necessary. + * If .netrc files must be used, DO NOT store password information in + them. + + 4.9 GCOS field + * DO include information in the GCOS field of the password file which + can be used to identify your site if the password file is stolen. + e.g., joe:*:10:10:Joe Bloggs, Organisation X:/home/joe:/bin/sh + +============================================================================== +5.0 File system security +============================================================================== + 5.1 General + * ENSURE that there are no .exrc files on your system that have + no legitimate purpose. + * DO consider using the EXINIT environment variable to disable .exrc + file functionality. + These files may inadvertently perform commands that may compromise + the security of your system if you happen to start either vi(1) or + ex(1) in a directory which contains such a file. + See G.11 for example commands to find .exrc files. + * ENSURE that any .forward files in user home directories do not + execute an unauthorised command or program. + The mailer may be fooled into allowing a normal user privileged + access. Authorised programs may be restricted through use of + smrsh (see B.9). + See G.12 for example commands to find .forward files. + (Refer to AUSCERT Advisory SA-93.10 (see A.1)). + + 5.2 Startup and shutdown scripts + * ENSURE startup and shutdown scripts do not chmod 666 motd. + This allows users to change system message for the day. + * ENSURE that the line "rm -f /tmp/t1" (or similar) exists in a startup + script to clean up the temporary file used to create /etc/motd. This + should occur BEFORE the code to startup the local daemons. + + 5.3 /usr/lib/expreserve + * DO replace versions of /usr/lib/expreserve prior to July 1993 + with a recommended patch from your vendor. + If this is not possible, then remove execute permission on + /usr/lib/expreserve (see G.13). + This will mean that users who edit their files with either vi(1) + or ex(1) and have their sessions interrupted, will not be able to + recover their lost work. If you implement the above + workaround, please advise your users to regularly save their + editing sessions. + (Refer to the CERT advisory CA-93:09 for advice on fixing this + problem for the SunOS and Solaris environments). + + 5.4 External file systems/devices + * DO mount file systems non-setuid and read-only where practical. + (Refer to section 2.6) + + 5.5 File Permissions + * ENSURE that the permissions of /etc/utmp are set to 644. + * ENSURE that the permissions of /etc/sm and /etc/sm.bak are set to 2755. + * ENSURE that the permissions of /etc/state are set to 644. + * ENSURE that the permissions of /etc/motd and /etc/mtab are set to 644. + * ENSURE that the permissions of /etc/syslog.pid are set to 644. + [NOTE: this may be reset each time you restart syslog.] + * DO consider removing read access to files that users do not need to + access. + * ENSURE that the kernel (e.g., /vmunix) is owned by root, has group set + to 0 (wheel on SunOS) and permissions set to 644. + * ENSURE that /etc, /usr/etc, /bin, /usr/bin, /sbin, /usr/sbin, /tmp and + /var/tmp are owned by root and that the sticky-bit is set on /tmp and on + /var/tmp (see G.14). Refer to the AUSCERT Advisory AA-95:05 (see A.1). + * ENSURE that there are no unexpected world writable files or + directories on your system. + See G.15 for example commands to find group and world writable files + and directories. + * CHECK that files which have the SUID or SGID bit enabled, should have + it enabled (see G.16). + * ENSURE the umask value for each user is set to something sensible + like 027 or 077. + (Refer to section E.1 for a shell script to check this). + * ENSURE all files in /dev are special files. + Special files are identified with a letter in the first position of + the permissions bits. See G.17 for a command to find files in + /dev which are not special files or directories. + Note: Some systems have directories and a shell script in /dev which + may be legitimate. Please check the manual pages for more + information. + * ENSURE that there are no unexpected special files outside /dev. + See G.18 for a command to find any block special or character + special files. + + 5.6 Files run by root + AUSCERT recommends that anything run by root should be owned by + root, should not be world or group writable and should be located + in a directory where every directory in the path is owned by root + and is not group or world writable. + * CHECK the contents of the following files for the root account. + Any programs or scripts referenced in these files should meet + the above requirements: + - ~/.login, ~/.profile and similar login initialisation files + - ~/.exrc and similar program initialisation files + - ~/.logout and similar session cleanup files + - crontab and at entries + - files on NFS partitions + - /etc/rc* and similar system startup and shutdown files + * If any programs or scripts referenced in these files source further + programs or scripts they also need to be verified. + + 5.7 Bin ownership + Many systems ship files and directories owned by bin (or sys). This + varies from system to system and may have serious security implications. + * CHANGE all non-setuid files and all non-setgid files and directories + that are world readable but not world or group writable and that are + owned by bin to ownership of root, with group id 0 (wheel group under + SunOS 4.1.x). + - Please note that under Solaris 2.x changing ownership of system + files can cause warning messages during installation of patches + and system packages. + - Anything else should be verified with the vendor. + + 5.8 Tiger/COPS + * Do run one or both of these. + Many of the checks in this section can be automated by using + these programs. + * To obtain these programs, see B.2. + + 5.9 Tripwire + * DO run statically linked binary + * DO store the binary, the database and the configuration file on + hardware write-protected media. + * To obtain this program, see B.5. + +============================================================================== +6.0 Vendor operating system specific security +============================================================================== + The following is a list of security issues that relate to specific + UNIX operating systems. This is not necessarily a complete list + of available UNIX types or of problems for those that are listed. + + 6.1 SunOS 4.1.x + + 6.1.1 Patches + * DO regularly ask your vendor for a complete list of patches. Sun + regularly updates a list of recommended and security patches, which + is available from: + ftp://ftp.auscert.org.au/pub/mirrors/sunsolve1.sun.com/* + or + ftp://sunsolve1.sun.com/pub/patches/* + + 6.1.2 IP forwarding and source routing + This is particularly relevant if you are using your SUN box as a bastion + host or duel homed system. + * ENSURE IP forwarding is disabled. + You will need the following line in the kernel configuration + file: + options "IPFORWARDING=-1" + For information on how to customise a kernel, see the file: + /usr/sys/`arch`/conf/README + * DO also consider disabling source routing. + Leaving source routing enabled may allow unauthorised traffic + through. Unfortunately there is no official method or patch + for turning source routing off. There is however an + unsupported patch. It is available via anonymous ftp from + ftp://ftp.auscert.org.au/pub/mirrors/ftp.greatcircle.com/v03.n153.Z + + 6.1.3 Framebuffers /dev/fb + If somebody can log in to your Sun workstation from a remote source, they + can read the contents of your Framebuffer, which is /dev/fb. Sun provides + a mechanism which allows the user logging in on the console to have + exclusive access to the Framebuffer, by using the file /etc/fbtab. + A sample /etc/fbtab file: + # + # File: /etc/fbtab + # Purpose: Specifies that upon login to /dev/console, the + # owner, group and permissions of all supported + # devices, including the framebuffer, will be set to + # the user's username, the user's group and 0600. + # Comments: SunOS specific. + # Note: You cannot use \ to continue a line. + # + # Format: + # Device Permission Colon separated device list. + # + /dev/console 0600 /dev/fb + /dev/console 0600 /dev/bwone0:/dev/bwtwo0 + /dev/console 0600 /dev/cgone0:/dev/cgtwo0:/dev/cgthree0 + /dev/console 0600 /dev/cgfour0:/dev/cgsix0:/dev/cgeight0 + /dev/console 0600 /dev/cgnine0:/dev/cgtwelve0 + # + /dev/console 0600 /dev/kb:/dev/mouse + /dev/console 0600 /dev/fd0c:/dev/rfd0c + After the above file has been created, reboot your machine, or log out + fully, then log back in again. + Read the man page for fbtab(5) for more information. + * The login replacement from Wietse Venema's logdaemon package + supports a similar feature. + (Refer to B.13 for information on how to retrieve the logdaemon + package) + + 6.1.4 /usr/kvm/sys/* + * ENSURE all files and directories under /usr/kvm/sys/ are not + writable by group. + In SunOS 4.1.4 the default mode is 2775 with group staff, + allowing users in group staff to trojan the kernel. + + 6.1.5 /usr/kvm/crash + * REMOVE setgid privileges on /usr/kvm/crash with the command: + # /bin/chmod g-s /usr/kvm/crash + A group of kmem allows users to read the virtual memory of a + running system. + + 6.1.6 /dev/nit (Network Interface Tap) + * DO run the CERT tool cpm to check if your system is running in + promiscuous mode. + For access details for cpm see B.6. + * DO disable the /dev/nit interface if you do not need to run in + promiscuous mode. + - For SunOS 4.x and Solbourne systems, the promiscuous interface + to the network can be eliminated by removing the /dev/nit + capability from the kernel. Once the procedure is complete, you + may remove the device file /dev/nit since it is no longer + functional. + - Apply "method 1" as outlined in the System and Network + Administration manual, in the section, "Sun System + Administration Procedures," Chapter 9, "Reconfiguring the + System Kernel." Excerpts from the method are reproduced below: + # cd /usr/kvm/sys/sun[3,3x,4,4c]/conf + # cp CONFIG_FILE SYS_NAME + [NOTE: that at this step, you should replace the CONFIG_FILE + with your system specific configuration file if one exists.] + + # chmod +w SYS_NAME + # vi SYS_NAME + # + # The following are for streams NIT support. NIT is used by + # etherfind, traffic, rarpd, and ndbootd. As a rule of thumb, + # NIT is almost always needed on a server and almost never + # needed on a diskless client. + # + pseudo-device snit # streams NIT + pseudo-device pf # packet filter + pseudo-device nbuf # NIT buffering module + + [Comment out the 3 "pseudo-device" lines; save and exit the + editor before proceeding.] + + # config SYS_NAME + # cd ../SYS_NAME + # make + # mv /vmunix /vmunix.old + # cp vmunix /vmunix + # /etc/halt + > b + + [This step will reboot the system with the new kernel.] + [NOTE: that even after the new kernel is installed, you need to + take care to ensure that the previous vmunix.old , or other + kernel, is not used to reboot the system.] + See CERT Advisory CA_94.01 (see C.8) + + 6.1.7 Loadable drivers option + * DO remove the option for loadable modules from the kernel. + This will mean that a rebuild of the kernel and a reboot will be + necessary in order to load any additional kernel modules and + intruders will be prevented from being able to load extra kernel + modules dynamically. To remove this option, comment out the line + options VDDRV # loadable modules + from the kernel configuration file and re-compile the kernel. + NOTE: Some software may expect to be able to load additional modules + such as device drivers. + NOTE: Even after the new kernel is installed, you need to take care + to ensure that the previous vmunix.old , or other kernel, is + not used to reboot the system. + + 6.1.8 NFS port monitoring + * DO enable NFS port monitoring (see also section 2.6). + Add the following commands to /etc/rc.local: + /bin/echo "nfs_portmon/W1" | /bin/adb -w /vmunix /dev/kmem > \ + /dev/null 2>&1 + rpc.mountd + + 6.2 Solaris 2.x + + 6.2.1 Patches + * DO regularly ask your vendor for a complete list of patches. Sun + regularly updates a list of recommended and security patches, which + is available from: + ftp://ftp.auscert.org.au/pub/mirrors/sunsolve1.sun.com/* + or + ftp://sunsolve1.sun.com/pub/patches/* + + 6.2.2 IP forwarding and source routing + This is particularly relevant if you are using your SUN box as a bastion + host or duel homed system. + * DO disable IP forwarding and source routing. + To do this you will need to edit the file /etc/rc.2.d/S69.inet + and set the options ip_forwarding and ip_ip_forward_src_routed + to zero as illustrated below: + ndd -set /dev/ip ip_forwarding 0 + ndd -set /dev/ip ip_ip_forward_src_routed 0 + For the changes to take effect you will then need to reboot. + + 6.2.3 Framebuffers /dev/fbs + * Solaris versions 2.3 and above have a protection facility for + framebuffers which is a superset of the functionality provided + by /etc/fbtab in SunOS 4.1.x. + * Under Solaris, /dev/fbs is a directory that contains links to + the framebuffer devices. The /etc/logindevperm file contains + information that is used by login(1) and ttymon(1M) to change + the owner, group, and permissions of devices upon logging into + or out of a console device. By default, this file contains + lines for the keyboard, mouse, audio, and frame buffer devices. + + A sample /etc/logindevperm file: + # + # File: /etc/logindevperm + # Purpose: Specifies that upon login to /dev/console, the + # owner, group and permissions of all supported + # devices, including the framebuffer, will be set to + # the user's username, the user's group and 0600. + # Comments: SunOS specific. + # Note: You cannot use \ to continue a line. + # + # Format: + # Device Permission Colon separated device list. + # + /dev/console 0600 /dev/kbd:/dev/mouse + /dev/console 0600 /dev/sound/* # audio devices + /dev/console 0600 /dev/fbs/* # frame buffers + + Read the man page for logindevperm(4) for more information. + + 6.2.4 NFS port monitoring + * DO enable NFS port monitoring. + To do this add the following lines to /etc/system: + set nfs:nfs_portmon = 1 + or in Solaris version 2.5 + set nfssrv:nfs_portmon = 1 + * See also section 2.6. + + 6.3 IRIX + * DO regularly ask your vendor for a complete list of patches. + * Some IRIX patches are available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.sgi.com/security/* + or + ftp://ftp.auscert.org.au/pub/mirrors/sgigate.sgi.com/* + * DO read the FAQ on IRIX security. + A copy can be obtained via anonymous ftp from + ftp://ftp.auscert.org.au/pub/mirrors/ftp.uu.net/sgi/security.Z + * For systems which do not have the chroot(1) command, use of + chrootuid (see B.16) may be of assistance. + * DO use the software tool rscan. + It checks for many common IRIX-specific security vulnerabilities + and problems. (Refer to B.11 for information on where to + get a copy of rscan) + + 6.4 AIX + * DO regularly ask your vendor for a complete list of patches. + * Some AIX patches are available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/mirrors/software.watson.ibm.com + /aix-patches + + 6.5 HP/UX + * DO regularly ask your vendor for a complete list of patches. + HP has set up an automatic server to allow patches and other security + information to be retrieved via email. Email should be sent to the + address + support@support.mayfield.hp.com. + The subject line of the message will be ignored. The body (text) of + the message should be of the format + + send XXXX + + where XXXX is the identifier for the information you want retrieved. + For example, to retrieve the patch PHSS_4834, the message would be + send PHSS_4834. + To receive the HP SupportLine mail service user's guide + send guide.txt + To receive the readme file for a patch + send doc PHSS_4834 + To receive the original HP bulletin + send doc HPSBUX9410-018. + + HP also has a World Wide Web server to browse and retrieve bulletins + and patches. The URL is: + http://support.mayfield.hp.com/ + + 6.6 OSF + * DO regularly ask your vendor for a complete list of patches. + Some patches are available from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.service.digital.com + /osf//ssrt* + or + ftp://ftp.service.digital.com/pub/osf//ssrt* + where is the version of the operating system that you run. + + 6.7 ULTRIX + * DO regularly ask your vendor for a complete list of patches. + Some patches are available from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.service.digital.com + /ultrix/

//ssrt* + or + ftp://ftp.service.digital.com/pub/ultrix/

//ssrt* + where

is either mips or vax; and + where is the version of the operating system that you run. + +============================================================================== +7.0 Security and the X Window System +============================================================================== + Access to your X server may be controlled through either a host- + based or user-based method. The former is left to the discretion + of the Systems Administrator at your site and is useful as long as + all hosts registered in the /etc/Xn.hosts file have users that can be + trusted, where "n" represents your X server's number. + + This may not be possible at every site, so a better method is + to educate each and every user about the security implications + (see references below). Better still, when setting up a user, give + them a set of X security related template files, such as .xserverrc + and .xinitrc. These are located in the users home directory. + + You are strongly advised to read the section on X window system + security referred to in the X Window System Administrators Guide (C.4). + + 7.1 Problems with xdm + Note: Release 6 of X11 is now available and solves many problems + associated with X security which were present in previous releases. + If possible, obtain the source for R6 and compile and install it on + your system. See B.18 for how to retrieve the source for X11R6. + * xdm bypasses the normal getty and login functions, which means that + quotas for the user, ownership of /dev/console and possibly other + preventive measures put in place by you may be ignored. + * You should consult your vendor and ask about potential security holes + in xdm and what fixes are available. + * If you are running a version of xdm earlier than October 1995 then + you should update to a newer version. + (Refer to CERT Vendor-Initiated Bulletin VB-95:08, see C.8) + + 7.2 X security - General + * DO Read the man pages for xauth and Xsecurity. + Use this information to set up the security level you require. + * ENSURE that the permissions on /tmp are set to 1777 (or drwxrwxrwt). + i.e., the sticky bit should be set. The owner MUST always be + root and group ownership should be set to group-id 0, which is + "wheel" or "system". + - If the sticky bit is set, no one other than the owner can + delete the file /tmp/.X11-unix/X0, which is a socket for your + X server. Once this file is deleted, your X server will no + longer be accessible. + - See G.14 for example commands to set the correct permissions + and ownership for /tmp. + * DO use the X magic cookie mechanism MIT-MAGIC-COOKIE-1 or better. + With logins under the control of xdm (see 7.1), you can turn on + authentication by editing the xdm-config file and setting the + DisplayManager*authorize attribute to true. + When granting access to the screen from another machine, use + the xauth command in preference to the xhost command. + * DO not permit access from arbitrary hosts. + Remove all instances of the 'xhost +' command from the + system-wide Xsession file, from user .xsession files, and from + any application programs or shell scripts that use the X window + system. + +============================================================================== +Appendix A: Other AUSCERT information sources + +A.1 AUSCERT advisories and alerts + Past AUSCERT advisories and alerts can be retrieved via anonymous + ftp from + ftp://ftp.auscert.org.au/pub/auscert/advisory/ + +A.2 AUSCERT's World Wide Web server + AUSCERT maintains a World Wide Web server. Its URL is + http://www.auscert.org.au + +A.3 AUSCERT's ftp server + AUSCERT maintains an ftp server with an extensive range of + tools and documents. Please browse through it. Its URL is + ftp://ftp.auscert.org.au/pub/ + +============================================================================== +Appendix B: Useful security tools + + There are many good tools available for checking your system. + The list below is not a complete list, and you should NOT rely on + these to do ALL of your work for you. They are intended to be only + a guide. It is envisaged that you may write some site specific tools + to supplement these. It is also envisaged that you may look around + on ftp servers for other useful tools. + + AUSCERT has not formally reviewed, evaluated or endorsed the tools + described. The decision to use the tools described is the + responsibility of each user or organisation. + +B.1 Crack + Crack is a fast password cracking program designed to assist site + administrators in ensuring that users use effective passwords. + Available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/cert/tools/crack/* + +B.2 COPS and Tiger + These packages identify common security and configuration + problems. They also check for common signs of intrusion. + Though there is some overlap between these two packages, they + are different enough that it may be useful to run both. Both + are available via anonymous ftp. + COPS: + ftp://ftp.auscert.org.au/pub/cert/tools/cops/1.04 + tiger: + ftp://ftp.auscert.org.au/pub/mirrors/net.tamu.edu/tiger* + +B.3 anlpasswd + This program is a proactive password checker. It runs a + series of checks on passwords at the time users set them and + refuses password that fail the tests. It is designed to work + with shadow password systems. It is available via anonymous ftp + from: + ftp://ftp.auscert.org.au/pub/mirror/info.mcs.anl.gov/* + +B.4 tcp_wrapper + This software gives logging and access control to most network + services. It is available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl + /tcp_wrappers_7.2.tar.gz + +B.5 Tripwire + This package maintains a checksum database of important system + files. It can serve as an early intrusion detection system. It + is available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/coast/COAST/Tripwire/* + +B.6 cpm + cpm checks to see if your network interfaces are running in + promiscuous mode. If you do not normally run in this state then + it may be an indication that an intruder is running a network + sniffer on your system. This program was designed to run on + SunOS 4.1.x and may also work on many BSD systems. It is available + via anonymous ftp from: + ftp://ftp.auscert.edu.au/pub/cert/tools/cpm/* + +B.8 Vendor supplied security auditing packages + Sun provides an additional security package called SUNshield. + Please direct enquiries about similar products to your vendor. + +B.9 smrsh + The smrsh(8) program is intended as a replacement for /bin/sh + in the program mailer definition of sendmail(8). smrsh is a + restricted shell utility that provides the ability to specify, + through a configuration, an explicit list of executable + programs. When used in conjunction with sendmail, smrsh + effectively limits sendmail's scope of program execution to + only those programs specified in smrsh's configuration. + It is available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/cert/tools/smrsh + + Note: smrsh comes bundled with Eric Allman's sendmail 8.7.1 and + higher. + +B.10 MD5 + MD5 is a message digest algorithm. An implementation of this is + available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/cert/tools/md5/* + +B.11 rscan + This tool checks for a number of common IRIX-specific security + bugs and problems. It is available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.vis.colostate.edu + /rscan/* + +B.12 SATAN + SATAN (Security Administrator Tool for Analysing Networks) is + a testing and reporting tool that collects information about + networked hosts. It can also be run to check for a number + of vulnerabilities accessible via the network. It is available + via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl/satan* + +B.13 logdaemon + Written by Wietse Venema, this package includes replacements + for rsh and rlogin daemons. By default these versions do not + accept wild cards in host.equiv or .rhost files. They also + have an option to disable user .rhost files. logdaemon is + available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl/logdaemon* + +B.14 portmapper/rpcbind + These are portmapper/rpcbind replacements written by Wietse + Venema that disallow proxy access to the mount daemon via the + portmapper. Choose the one suitable for your system. They are + available via anonymous ftp from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl + /portmap_3.shar.Z + ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl + /rpcbind_1.1.tar.Z + +B.15 PGP Pretty Good Privacy implements encryption and authentication. + It is available from: + ftp://ftp.ox.ac.uk/pub/pgp/unix/ + + +B.16 chrootuid + Allows chroot functionality. The current version is 1.2 (at + time of writing). Please check for later versions. + It is available from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl + /chrooduid1.2 + A digital signature is available from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl + /chrooduid1.2.asc + +B.17 CGIWRAP + It is available from: + ftp://ftp.cc.umr.edu/pub/cgi/cgiwrap + +B.18 X11R6 + It is available from: + ftp://archie.au/X11/R6/* + ftp://archie.au/X11/contrib/* + or + ftp://ftp.x.org/pub/R6/* + +B.19 Washington University ftpd (wu-ftpd) + This can log all events and provide users with a login banner + and provide writable directory support in a more secure manner. + It is available from: + ftp://ftp.auscert.org.au/pub/mirrors/wuarchive.wustl.edu + /packages/wuarchive-ftpd/* + + NOTE: Do not install any versions prior to wu-ftp 2.4 as these are + extremely insecure and in some cases have been trojaned. + Refer to the CERT advisory CA-94:07 (C.8). + +B.20 Patch 005 for BSD/386 v1.1. + It is available from: + ftp://ftp.auscert.org.au/pub/mirrors/ftp.bsdi.com + /bsdi/patches/README + ftp://ftp.auscert.org.au/pub/mirrors/ftp.bsdi.com + /bsdi/patches/?U110-005 + or + ftp://ftp.bsdi.com/bsdi/patches/README + ftp://ftp.bsdi.com/bsdi/patches/?U110-005 + (where ? is B or S for the Binary or Source version) + +B.21 Anonymous FTP Configuration Guidelines + The CERT document which addresses the many problems associated + with writable anonymous ftp directories. It is available from: + ftp://ftp.auscert.org.au/pub/cert/tech_tips/anonymous_ftp + +============================================================================== +Appendix C: References + +C.1 Practical UNIX Security + Simson Garfinkel and Gene Spafford + (C) 1991 O'Reilly & Associates, Inc. + +C.2 UNIX Systems Security + Patrick Wood and Stephen Kochan + (C) 1986 Hayden Books + +C.3 UNIX system security: A Guide for Users and System Administrators + David A. Curry + Addison-Wesley Professional Computing Series + May 1992. + +C.4 X Window System Administrators Guide + Chapter 4 + (C) 1992 O'Reilly & Associates, Inc. + +C.5 Information Security Handbook + William Caelli, Dennis Longley and Michael Shain + (C) 1991 MacMillan Publishers Ltd. + +C.6 Firewalls and Internet Security + William R. Cheswick & Steven M. Bellovin + (C) 1994 AT&T Bell Laboratories + Addison-Wesley Publishing Company + +C.7 Building Internet Firewalls + Brent Chapman and Elizabeth Zwicky + (C) 1995 O'Reilly & Associates, Inc. + +C.8 CERT advisories are available via anonymous FTP from + ftp://ftp.auscert.org.au/pub/cert/cert_advisories/* + CERT vendor-initiated bulletins are available via anonymous FTP from + ftp://ftp.auscert.org.au/pub/cert/cert_bulletins/* + +C.9 UNIX System Administration Handbook (second edition) + Evi Nemeth, Garth Snyder, Trent R. Hein and Scott Seebas + Prentice-Hall, Englewood Cliffs (NJ), 1995 + +C.10 Essential System Administration + Aeleen Frisch + O'Reilly & Associates, Inc. + +C.11 Managing Internet Information Services + Cricket Liu, Jerry Peek, Russ Jones, Bryan Buus, Adrian Nye + O'Reilly & Associates, Inc. + +C.12 Managing NFS and NIS + Hal Stern, O'Reilly and Associates, Inc., 1991 + +============================================================================== +Appendix D: Abbreviated Checklist + + It is intended that this short version of the checklist be used in + conjunction with the full checklist as a progress guide (mark off the + sections as you go so that you remember what you have done so far). + +1.0 Patches + [ ] Installed latest patches? + +2.0 Network security + [ ] Filtering + [ ] "r" commands + [ ] /etc/hosts.equiv + [ ] /etc/netgroup + [ ] $HOME/.rhosts + [ ] NFS + [ ] /etc/hosts.lpd + [ ] Secure terminals + [ ] Network services + [ ] Trivial ftp (tftp) + [ ] /etc/services + [ ] tcp_wrapper (also known as log_tcp) + [ ] /etc/aliases + [ ] Sendmail + [ ] majordomo + [ ] fingerd + [ ] UUCP + [ ] REXD + [ ] World Wide Web (WWW) - httpd + +3.0 ftpd and anonymous ftp + [ ] Versions + [ ] Configuration + [ ] Anonymous ftp only + [ ] Configuration of your ftp server + [ ] Permissions + [ ] Writable directories + [ ] Disk mounting + +4.0 Password and account security + [ ] Policy + [ ] Proactive Checking + [ ] NIS, NIS+ and /etc/passwd entries + [ ] Password shadowing + [ ] Administration + [ ] Special accounts + [ ] Root account + [ ] .netrc files + [ ] GCOS field + +5.0 File system security + [ ] General + [ ] Startup and shutdown scripts + [ ] /usr/lib/expreserve + [ ] External file systems/devices + [ ] File Permissions + [ ] Files run by root + [ ] Bin ownership + [ ] Tiger/COPS + [ ] Tripwire + +6.0 Vendor operating system specific security + [ ] SunOS 4.1.x + [ ] Patches + [ ] IP forwarding and source routing + [ ] Framebuffers /dev/fb + [ ] /usr/kvm/sys/* + [ ] /usr/kvm/crash + [ ] /dev/nit (Network Interface Tap) + [ ] Loadable drivers option + [ ] Solaris 2.x + [ ] Patches + [ ] IP forwarding and source routing + [ ] Framebuffers /dev/fbs + [ ] IRIX + [ ] Patches + [ ] AIX + [ ] Patches + [ ] HPUX + [ ] Patches + [ ] OSF + [ ] Patches + [ ] ULTRIX + [ ] Patches + +7.0 Security and the X Window System + [ ] Problems with xdm + [ ] X security - General + +============================================================================== +Appendix E: Shell Scripts + +E.1 Script for printing the umask value for each user. + +#!/bin/sh +PATH=/bin:/usr/bin:/usr/etc:/usr/ucb + +HOMEDIRS=`cat /etc/passwd | awk -F":" 'length($6) > 0 {print $6}' | sort -u` +FILES=".cshrc .login .profile" + +for dir in $HOMEDIRS +do + for file in $FILES + do + grep -s umask /dev/null $dir/$file + done +done + +============================================================================== +Appendix F: Table of operating systems by flavour + + Operating System SVR4-like BSD-like Other + ------------------------------------------------------------------- + | | + | SunOS 4.1.x * | + | | + | Solaris 2.x * | + | | + | Solaris intel86 x.x * | + | | + | Irix x.x * | + | | + | HP/UX x.x * | + | | + | Ultrix x.x * | + | | + | OSF x.x * | + | | + | *BSD* x.x * | + | | + | Linux x.x * | + | | + | AIX x.x * | + | | + | SCO x.x * | + | | + ------------------------------------------------------------------- + +============================================================================== +Appendix G: List of commands by flavour + +Notes: + 1. The commands given here are examples only. Please consult the manual + pages for your system if you are unsure of the consequence of any + command. + 2. BSD-style commands are marked as BSD commands, similarly for SVR4. + 3. Commands which are not labelled are expected to work for both. + 4. Full directory paths and program options may vary for different flavours + of UNIX. If in doubt, consult your vendor documentation. + +G.1 Restart inetd + +BSD commands + # /bin/ps -aux | /bin/grep inetd | /bin/grep -v grep + # /bin/kill -HUP + +SVR4 commands + # /bin/ps -ef | /bin/grep inetd | /bin/grep -v grep + # /bin/kill -HUP + +G.2 Ascertain which services are registered with the portmapper + + # /usr/bin/rpcinfo -p + +G.3 Rebuild alias maps + + # /usr/bin/newaliases + + If you run NIS (YP), you will then need to rebuild your maps to have the + change take effect over all clients: + # (cd /var/yp; /usr/bin/make aliases) + +G.4 Test whether sendmail wizard password is enabled + + % telnet hostname 25 + wiz + debug + kill + quit + % + + You should see the response "5nn error return" (e.g., "500 Command + unrecognized") after each of the commands 'wiz', 'debug' and 'kill'. + Otherwise, your version of sendmail may be vulnerable. If you are unsure + whether your version is vulnerable, update it. + +G.5 Set sendmail log level to 9 + + Include lines describing the log level (similar to the following two) in + the options part of the general configuration information section of the + sendmail configuration file: + # log level + OL9 + + The log level syntax changed in sendmail 8.7 to: + # log level + O LogLevel=9 + +G.6 Set syslog log level for mail messages + + Include lines describing the logging required (similar to the following + two) in the syslog.conf file: + mail.info /dev/console + mail.info /var/adm/messages + + For the change to take effect, you must then instruct syslog to reread + the configuration file. + +BSD commands + Get the current PID of syslog: + # /bin/ps -aux | /bin/grep syslogd | /bin/grep -v grep + Then tell syslog to reread its configuration file: + # /bin/kill -HUP + +SVR4 commands: + Get the current PID of syslog: + # /bin/ps -ef | /bin/grep syslogd | /bin/grep -v grep + Then tell syslog to reread its configuration file: + # /bin/kill -HUP + + NOTE: In the logs, look for error messages like: + - mail to or from a single pipe ("|") + - mail to or from an obviously invalid user (e.g., bounce or blah) + +G.7 (Rebuilding and) restarting sendmail(8) + + To rebuild the frozen configuration file, firstly do: + # /usr/lib/sendmail -bz + + NOTE: The above process does not apply to sendmail v8.x which does not + support frozen configuration files. + + To restart sendmail(8), you should kill *all* existing sendmail(8) + processes by sending them a TERM signal using kill, then restart + sendmail(8). + +BSD commands + Get the pid of every running sendmail process: + # /bin/ps -aux | /bin/grep sendmail | /bin/grep -v grep + Kill every running sendmail process and restart sendmail: + # /bin/kill #pid of every running sendmail process + # /usr/lib/sendmail -bd -q1h + +SVR4 commands + Get the pid of every running sendmail process: + # /bin/ps -ef | /bin/grep sendmail | /bin/grep -v grep + Kill every running sendmail process and restart sendmail: + # /bin/kill #pid of every running sendmail process + # /usr/lib/sendmail -bd -q1h + +G.8 Test whether ftpd supports SITE EXEC + + For normal users: + + % telnet localhost 21 + USER username + PASS password + SITE EXEC + + For anonymous users: + + % telnet localhost 21 + USER ftp + PASS username@domainname.au + SITE EXEC + + You should see the response "5nn error return" (e.g., "500 'SITE + EXEC' command not understood"). If your ftp daemon has SITE EXEC + enabled, make sure you have the most recent version of the daemon (e.g., + wu-ftp 2.4). Older versions of ftpd allow any user to gain shell access + using the SITE EXEC command. Use QUIT to end the telnet session. + +G.9 Ascertain whether anonymous ftp is enabled + + % ftp localhost + Connected to localhost + 220 hostname FTP server ready + Name (localhost:username): anonymous + 331 Guest login ok, send username as password + Password: user@domain.au + 230 Guest login ok, access restrictions apply. + Remote system type is UNIX. + Using binary mode to transfer files. + ftp> + +G.10 Ensure that * in the password field is correctly implemented + + 1. Try using NIS with the '*' in the password field for example: + +:*:0:0::: + If NIS users cannot log in to that machine, remove the '*' and try + the next test. + + 2. With the '*' removed, try logging in again. If NIS users can log in + AND you can also log in unauthenticated as the user '+', then your + implementation is vulnerable. Contact the vendor for more information. + If NIS users can log in AND you cannot log in as the user '+', your + implementation should not be vulnerable to this problem. + +G.11 Find .exrc files + + # /bin/find / -name '.exrc' -exec /bin/cat {} \; -print + + See also G.19. + +G.12 Locate and print .forward files + + # /bin/find / -name '.forward' -exec /bin/cat {} \; -print + + See also G.19. + +G.13 Remove execute permission on /usr/lib/expreserve + + # /bin/chmod 400 /usr/lib/expreserve + +G.14 Set ownership and permissions for /tmp correctly + + # /bin/chown root /tmp + # /bin/chgrp 0 /tmp + # /bin/chmod 1777 /tmp + + NOTE: This will NOT recursively set the sticky bit on sub-directories + below /tmp, such as /tmp/.X11-unix and /tmp/.NeWS-unix; you may + have to set these manually or through the system startup files. + +G.15 Find group and world writable files and directories + + # /bin/find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; + + # /bin/find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; + + See also G.19. + +G.16 Find files with the SUID or SGID bit enabled + + # /bin/find / -type f \( -perm -004000 -o -perm -002000 \) \ + -exec ls -lg {} \; + + See also G.19. + +G.17 Find normal files in /dev + + # /bin/find /dev -type f -exec ls -l {} \; + + See also G.19. + +G.18 Find block or character special files + + # /bin/find / \( -type b -o -type c \) -print | grep -v '^/dev/' + + See also G.19. + +G.19 Avoid NFS mounted file systems when using /bin/find + + # /bin/find / \( \! -fstype nfs -o -prune \) + + As an example, could be + -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; + + +============================================================================== +The AUSCERT team have made every effort to ensure that the information +contained in this checklist is accurate. However, the decision to use the +tools and techniques described is the responsibility of each user or +organisation. The appropriateness of each item for an organisation or +individual system should be considered before application in conjunction with +local policies and procedures. AUSCERT takes no responsibility for the +consequences of applying the contents of this document. + +AUSCERT acknowledges technical input and review of this document by CERT +Coordination Center and DFN-CERT and comments from users of this document. + +Permission is granted to copy and distribute this document provided that The +University of Queensland copyright is acknowledged. + +(C) Copyright 1995 The University of Queensland +============================================================================== + +If you believe that your system has been compromised, contact AUSCERT or your +representative in FIRST (Forum of Incident Response and Security Teams). + +Internet Email: auscert@auscert.org.au +AUSCERT Hotline: (07) 3365 4417 (International: + 61 7 3365 4417) + Facsimile: (07) 3365 4477 + AUSCERT personnel answer during business hours (AEST - GMT+10:00), + on call after hours for emergencies. + + +Australian Computer Emergency Response Team +c/- Prentice Centre +The University of Queensland +Brisbane, Queensland 4072. +Australia + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2i +Comment: Finger pgp@ftp.auscert.org.au to retrieve AUSCERT's public key + +iQCVAwUBMNdrTih9+71yA2DNAQH9sQP/aWGDwRG80e4oz6pgeRRkzB25tm0D12ew +8zXBldNrbGC1s0h4U//G/WPNvWeF4Llr7GAAevTxwc8RMeDS9N3Aw5YTpPXaOE+x +WSqHDEQfCwRgiOJc4sw3GA9r7/HYcwi81E06gNwmFTDU+IMmAiKCBisw/vNCnHS9 +RztMITIV7is= +=wZf1 +-----END PGP SIGNATURE----- diff --git a/Hacking/Doc/Redes.zip b/Hacking/Doc/Redes.zip new file mode 100644 index 0000000..939d370 Binary files /dev/null and b/Hacking/Doc/Redes.zip differ diff --git a/Hacking/Doc/hackerLayer.zip b/Hacking/Doc/hackerLayer.zip new file mode 100644 index 0000000..6536549 Binary files /dev/null and b/Hacking/Doc/hackerLayer.zip differ diff --git a/Hacking/Doc/raven2.txt b/Hacking/Doc/raven2.txt new file mode 100644 index 0000000..c171946 --- /dev/null +++ b/Hacking/Doc/raven2.txt @@ -0,0 +1,83 @@ +EXPLICACION DE LOS FICHEROS PASSWD DE UNIX +By Raven Spirit + +En este documento explicar‚ la estructura de los ficheros passwd de UNIX. +La mayor¡a de la informaci¢n est  tomada de alt.2600/#hack FAQ, yo me he +limitado a traducirla, ordenarla y ampliarla un poco. Al grano. + +Como habreis podido observar, el fichero de passwd tiene varias lineas, +parecidas a esta: + +Pepe:1qwP95nmh6:1845:14:Pepe P‚rez:/home/users:/bin/bash + +Esta linea contiene 7 campos separados por ":", donde encontramos: +Login : Pepe +Password encryptado: 1qwP95nmh6 +N£mero de usuario:1845 +N£mero de grupo:14 +Informaci¢n Gecos: Pepe P‚rez +Directorio HOME: /home/users +Shell:/bin/bash + + +Pero no todo es tan f cil ricos, PORQUE si por casualidad en el campo del +password encryptado haya un "*" o una "x", o cualguier otro s¡mbolo ,es decir: + +Pepe:*:1845:14:Pepe P‚rez:/home/users:/bin/bash o algo como : +Pepe:x:1845:14:Pepe P‚rez:/home/users:/bin/bash + +quiere decir que el password est  "shadowed". +El shadowing es una medida de seguridad, que consiste en meter los passwords +en otro fichero aparte. Aqu¡ est  una lista de su localizaci¢n ( La mayor¡a +de las veces ) Lo podeis encontrar en los siguientes directorios: + + +Clase de Unix Path +------------------------------------------------------ +AIX 3 /etc/security/passwd + /tcb/auth/files// +A/UX 3.0s /tcb/files/auth/?/* +BSD4.3-Reno /etc/master.passwd +ConvexOS 10 /etc/shadpw +ConvexOS 11 /etc/shadow +DG/UX /etc/tcb/aa/user/ +EP/IX /etc/shadow +HP-UX /.secure/etc/passwd +IRIX 5 /etc/shadow +Linux 1.1 /etc/shadow +OSF/1 /etc/passwd[.dir|.pag] +SCO Unix #.2.x /tcb/auth/files// +SunOS4.1+c2 /etc/security/passwd.adjunct +SunOS 5.0 /etc/shadow + +System V Release 4.0 /etc/shadow +System V Release 4.2 /etc/security/* database +Ultrix 4 /etc/auth[.dir|.pag] +UNICOS /etc/udb + + +Ahora bien, por ahora parece facil ¨ Eh ?. Bueno, pues en algunos sistemas en +los que hay mucha seguridad, este fichero es ilegible para la mayor¡a de los +usuarios del sistema, y por supuesto para nosotros. +En el caso de que no se pueda leer haremos un programa de este tipo: + +#include +main() +{ +struct passwd *p; +while(p=getpwent()) +printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd, +p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell); +} + +Este programa hace varias llamadas a getpwent() para que el fichero passwd +sea enviado directamenta a vuestro ordenador, con lo que de Shadowing ni +flores. + +Espero que os haya servido de ayuda, si teneis algun tipo de duda o comentario +no dudeis en escribirme : +Ravenspirit@hotmail.com +Y recordad, el Gran Hermano os vigila. +RAVEN SPIRIT diff --git a/Hacking/manifiestos/EDISON2.TXT b/Hacking/manifiestos/EDISON2.TXT new file mode 100644 index 0000000..51666b3 --- /dev/null +++ b/Hacking/manifiestos/EDISON2.TXT @@ -0,0 +1,25 @@ + + Este fichero ha sido sacado de Edison ][ BBS, pasando todos los test + Antivirus conocidos para su plena seguridad. Ultimas novedades en + SoftWare Shareware: programaci¢n, juegos, im genes y utilidades. + + Especializaci¢n en programaci¢n + de todo tipo , llama para comprobarlo + Calculadoras Programables HP + Letras de canciones, demos... + + ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ== The *PRO*grammer'S Source ==ÄÄÄÄÄÄÄÄÄÄÄÄÄÄ + ÛßßßßßßßßßßßßßßßßßßßßßßßßßßßÛ°°°°° EDiSoN ][ BBS + ÝÞÛÛßÛÛÛÛÛÛßÛÛ ÛÛßÛÛÛÛÛÛßÛÛ Þ°ÛÞÛ° + 34-1 55-100-65 + Ý ßßßßßÛ ÛÛÛÛßß UniÞ°ÛÛÞ° Ä ÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ + ÝÛÛÛÛÛÞÛÛÜÞ ÜÛÛÜÞÛÛÛÞÛ ÞÛÞ°°°°° ³ FIDONET / SUBNET ³ + ÝÛ ÛÛ Û ÛÜ Û ßÞÛßÛÞÛÜ ÞÛÞ°ÜÛÛ° ³ Puntos Admitidos ³ + ÝÛ ÜÝÛÞ Û Û ÛÜ ÜÛÜÞÛÛÛÜÛÞ°ÛÞÞ° ³ 28800 Bps/V34/V42bis/Fax ³ + ÝÛÛ ÛÝÛÞÝÛ Û ßÛÛÛ Û ÛÞÛ ßÛÛÞ°ÛÞÞ° ³ Ä ÄÄÄ ÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄ ³ + ÝÛ ßÝÛÞÝÛ Û Û Û ÛÞÛ ßÛÞ°ÛÛÛ° ³ [ 12PM - 03AM ] ³ + ÝÛ ÛÛ Û ÜÛ Û ÛÜÜÛ Û ÛÞÛ ÞÛÞ°°°°° Ä Ä ÄÄÄ ÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ + ÝÛÛÛÛÛÞÛÛÛÛ Û ßÛÛß ßÛßÞÛ ÞÛÞ°ÜÛÛ° Sysop : Jose Luis Benitez + Ý ÜÜÜÜÜÜ ÛÜÜÛÜÜ Þ°ÛÞÞ° CoSysop:Ricardo Pinelas + Ý ÛÛÜÛÛÛÛÛÛÜÛÛ ÛÛÜÛÛÛÛÛÛÜÛÛ Þ°ÛÛÛ° CoSysop: Jorge Arce + ÛÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛ°°°°° Ä Ä ÄÄÄ ÄÄÄÄ ÄÄÄÄÄ + ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ== The *PRO*grammer'S Source ==ÄÄÄÄÄÄÄÄÄÄÄÄÄÄ diff --git a/Hacking/manifiestos/WENDIGO.TXT b/Hacking/manifiestos/WENDIGO.TXT new file mode 100644 index 0000000..1d095ae --- /dev/null +++ b/Hacking/manifiestos/WENDIGO.TXT @@ -0,0 +1,912 @@ + +Ä Los documentos de IBERHACK ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ +ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ http://www.geocities.com/SiliconValley/Park/7574ÄÄÄ + Fecha: 13 Sep 96 + De: Wendigo + Para: Todos + Tema: Introduccion al hacking. +ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ + + +Aqui os dejo las famosas Hack Intros de Wendigo!!! + +--------------------------------Cut Here------------------------------------- + +Bueno, pues eso, que como alguien me ha pedido que expliquemos un poco de +qu‚ va el hacking pues yo me lanzo. Voy a empezar a explicarlo a nivel MUY +elemental y desde un punto de vista pr ctico, si alguien quiere m s detalles +te¢ricos que lo diga, el cliente siempre tiene la raz¢n. :-)))))) + +Otra cosa, si alguien cree que este tipo de mensajes son un co¤azo, que me +lo diga sin rodeos. :-) + +Muy bien, para empezar cuando se habla de hackear EN GENERAL se habla de +hackear m quinas con sistema operativo Unix. Aparte del Unix tambi‚n existen +otros sistemas operativos para mainframes y miniordenadores como el VMS +para ordenadores VAX (de la marca DEC --> Digital Equipment Corporation), +el VM/CMS, VM/ESA, etc para ordenadores IBM, y otros sistemas operativos de +menor profileraci¢n. + +Incluso los sistemas Unix se pueden clasificar en varios tipos, como el BSD, +el SYSTEM V y el POSIX, as¡ como varios sistemas desarrollados por las +diferentes compa¤¡as inform ticas: + +AIX --> Unix de IBM +SunOS --> Unix de Sun +Solaris --> Unix de Sun (m s avanzado que el SunOS) +HP-UX --> Unix de Hewlett Packard +Ultrix --> Unix de DEC para plataformas VAX +OSF/1 --> Unix de DEC para plataformas ALPHA +ConvexOS --> Unix de Convex +Unicos --> Unix de Cray +Linux --> Sin comentarios. :-) + +Esta subdivisi¢n de los sistemas Unix tiene m s importancia de la que parece +a primera vista, porque un bug o fallo de seguridad que funcione en uno de +los sistemas puede que no funcione en los dem s, por lo que es importante +saber en todo momento cual es el sistema en el que nos estamos moviendo. + +De la misma forma, Internet no es la £nica red en la cual se puede hackear, +tambi‚n hay varias redes de X.25 que cuentan con gran n£mero de ordenadores +como Sprintnet (la antigua Telenet), Tymnet o la misma Iberpac. + +Aqu¡ cuando hablemos de hackear estaremos hablando de hackear sistemas Unix +en Internet preferentemente, ya que Internet est  basada en los protocolos +TCP/IP los cuales est n mejor estudiados en cuanto a seguridad y por tanto +existen m s fuentes de informaci¢n de donde se pueden conocer sus fallos de +seguridad de las que existen para las redes X.25. + +A la hora de hackear un sistema se pueden distinguir varios pasos +diferenciados. + +1 - Introducirse en el sistema que tengamos como objetivo. + +2 - Una vez conseguido el acceso, conseguir privilegios de root (administrador + del sistema). + +3 - Borrar nuestras huellas. + +4 - Poner un sniffer (programa que monitoriza la red consiguiendo logins y + passwords) para tener acceso a otros sistemas. + +NOTA: Voy a hacer un peque¤o resumen de cada paso, lo que voy a decir est  + basado en la generalidad pero no hay que tomarlo como dogma. + + + +PASO UNO: Introducirse en el sistema. + +Los fallos de seguridad que se aprovechan para conseguir introducirse en el +sistema est n basados casi siempre en los protocolos TCP/IP, en servicios +de red como el NFS o NIS o en los comandos "r" de Unix. + +TCP/IP --> TCP = Transport Control Protocol + IP = Internet Protocol + + Los protocolos basados en TCP/IP que se suelen aprovechar son + Telnet, FTP, TFTP, SMTP, HTTP, etc. Cada uno de ellos tiene sus + propios agujeros de seguridad que se van parcheando con nuevas + versiones de estos protocolos, pero siempre aparecen nuevos bugs. + Explicar cada uno de los protocolos TCP/IP puede llevarnos mucho + tiempo, as¡ que paso a otra cosa. + +Servicios de red --> NFS = Network File System, es un servicio de red por el + cual varias m quinas llamadas clientes comparten uno o + varios directorios que se encuentran fisicamente en una + m quina llamada servidor. Una m quina cliente, a pesar + de no poseer fisicamente dichos directorios, puede + montarlos de tal forma que puede acceder a ellos como + si los poseyera. Otra cosa muy distinta es lo que se + pueda hacer con los ficheros incluidos en dichos + directorios (si se pueden borrar, modificar, alterar los + permisos, etc), lo cual depende de la configuraci¢n del + NFS. + En la mala configuraci¢n del NFS es donde estriban + siempre sus fallos de seguridad. + + NIS = Network Information Service, es un servicio + por el cual varias m quinas comparten varios "mapas". + Los mapas son ficheros como passwd, hosts, etc. + Por ejemplo, un usuario puede entrar con la misma + cuenta en todas las m quinas que compartan un mismo + mapa de passwords. Los mapas son consultados por las + m quinas clientes a las m quinas que contengan los + mapas, que son los servidores. + Existe un programa llamado YPX que sirve para extraer + estos mapas (inclu¡do el fichero passwd, donde est n + inclu¡das todas las passwords de los usuarios) de un + servidor de NIS aunque la m quina en la que estemos no + sea una m quina cliente. + +Comandos "r" --> Son comandos exclusivos del sistema operativo Unix. La "r" + es de remote. En el sistema hay un fichero llamado host.equiv + y cada usuario suele tener en su directorio home (el + directorio reservado a cada usuario para su propio uso + del sistema) un fichero llamado .rhosts. Dependiendo de la + configuraci¢n de estos dos ficheros se podr  o no acceder + a dicho ordenador desde otro sistema unix sin necesidad de + password con los comandos rlogin o rsh. + +Aparte de estas formas b sicas, existen otras formas m s avanzadas de acceder +a un sistema como el IP Spoofing, fallos de seguridad en el Web y el Java, +recompilando librer¡as del telnet, UUCP, etc. + +Hay dos formas b sicas de introducirse en el sistema: + +1 - Entrar directamente sin necesidad de poseer una cuenta en el sistema + objetivo. + Por ejemplo por comandos "r" o por alg£n bug (alterar el fichero passwd + del ordenador objetivo por rsh, alterar el fichero .rhosts de alg£n + usuario por NFS, etc...desde luego hay formas m s avanzadas de conseguir + esto). + +2 - Conseguir el fichero passwd del sistema objetivo y crackearlo. + El fichero passwd contiene los logins de los usuarios y su correspondiente + password encriptadas (entre otras cosas). Para averiguar el password de + cada usuario se utiliza un programa crackeador (existen varios, para + unix el m s famoso es el Crack, para MS-DOS est n el JackCrack, Hades, + Crack, etc) que encripta cada palabra de un diccionario y las compara + con la cadena encriptada del fichero passwd, cuando las cadenas + encriptadas coinciden entonces la palabra del diccionario que el programa + ha encriptado en ese momento es el password buscado. + + + PASO DOS: Conseguir privilegios de root una vez conseguido el acceso. + + En este caso, los fallos de seguridad que explotaremos ser n los del + propio sistema operativo Unix, a diferencia de cuando ten¡amos que + introducirnos en el sistema, que explot bamos los agujeros de seguridad + de los protocolos o servicios de red. + + NOTA: De todas formas, hay que tener en cuenta que aunque explotemos los + bugs de los protocolos TCP/IP, esto no significa que estos bugs nos + vayan a funcionar con cualquier sistema operativo. M s bien al + contrario, estos bugs funcionan casi exclusivamente en el sistema + operativo Unix pero en otros sistemas operativos como VMS o VM no + funcionar n. Estos sistemas operativos tendr n sus propios bugs + respecto a los protocolos TCP/IP (de los cuales existe muy poca + informaci¢n por no decir ninguna). + + Una vez introducidos en el sistema, habr  que conseguir dos cosas: + + 1 - Conseguir privilegios de root. + + Esto se puede conseguir mediante varios bugs dependiendo del tipo de + unix en el que nos estemos moviendo (aix, sun, solaris, hp-ux, etc...) + y de c¢mo est‚ configurado dicho sistema. + + Existen varias fuentes de informaci¢n en Internet para conocer bugs, + algunas de esas fuentes se limitan a indicar la existencia del bug + se¤alando el tipo de unix en el que funciona y otras incluso publican en + la red programas para explotarlos. Entre dichas fuentes de informaci¢n + (mailing lists la mayor¡a) est n el CERT, BUGTRAQ, BoS, + comp.security.unix, alt.2600 y un largo etc. + + En general los bugs se pueden clasificar en varias categor¡as, pero + eso en todo caso lo mencionar‚ m s adelante, por ahora esto es un + peque¤o resumen. + + 2 - Mantener los privilegios de root. + + Existen diversas formas de mantener los privilegios de root, es decir, + asegurarnos de que la pr¢xima vez que entremos al sistema con la cuenta + de un usuario que posea privilegios normales, podamos conseguir + privilegios de root de forma f cil y sin complicaciones. + + Quiz  la forma m s utilizada de conseguir esto sea el sushi (set-uid- + shell) o tambi‚n llamado "huevo". + Consiste en que una vez alcanzados los privilegios de root, copiamos + un shell (el fichero /bin/sh) a un directorio p£blico (en el que un + usuario normal pueda ejecutar los ficheros) y le cambiamos el nombre + al que nosotros queramos. Nos aseguramos de que el shell copiado tenga + como owner (propietario del fichero) al root y cambiamos los permisos + del fichero con las cifras 4755. Por ahora no os preocupeis de lo que + significan dichas cifras, pero la primera cifra, el 4, significa que + CUALQUIER usuario que ejecute dicho fichero lo estar  ejecutando con + los privilegios del owner. Como en este caso el owner es el root y el + fichero en cuesti¢n es una shell, el sistema nos abrir  un shell con + privilegios de root. + + De esta forma, la pr¢xima vez que accedamos al sistema con la cuenta + de un usuario normal, s¢lo tendremos que cambiarnos al directorio donde + hayamos copiado el shell, ejecutarlo y ya seremos root sin las + complicaciones de tener que explotar un bug. + + Los sushis tambi‚n tienen sus inconvenientes, ya que pueden ser + f cilmente localizados por los administradores (mediante el comando + find, por ejemplo) revelando nuestra presencia en el sistema. Para + evitar esto hay otras formas de mantener los privilegios en el + sistema o de modificar ligeramente los sushis para que no puedan ser + detectados tan f cilmente. + + + PASO TRES: Borrar nuestras huellas. + + Este paso es importante, ya que de nada nos habr  servido habernos + introducido en el sistema y haber conseguido el nivel de root si al d¡a + siguiente nos han cortado el acceso debido a que hemos dejado huellas por + todas partes. + + El sistema operativo Unix guarda varios registros (logs) de las conexiones + de los usuarios al sistema. Existen varios ficheros y comandos que ayudan + al administrador a conocer todos los detalles acerca de las conexiones de + los usuarios. Aparte de estos ficheros y comandos, existen diversas + facilidades y aplicaciones que realizan un registro continuado y exhaustivo + acerca de las actividades del usuario dentro del sistema. + + Ficheros: (Cuando pongo dos directorios significa que el fichero puede estar + en cualquiera de esos dos directorios). + + utmp --> Guarda un registro (log) de los usuarios que est n utilizando el + sistema mientras est n conectados a ‚l. + + Directorios: /var/adm/utmp + /etc/utmp + + wtmp --> Guarda un log cada vez que un usuario se introduce en el sistema + o sale del sistema. + + Directorios: /var/adm/wtmp + /etc/wtmp + + lastlog --> Guarda un log del momento exacto en que un usuario entr¢ por + £ltima vez. + + Directorio: /var/adm/lastlog + + acct --> Registra todos los comandos ejecutados por cada usuario (aunque no + registra los argumentos con que dichos comandos fueron ejecutados). + + Directorio: /var/adm/acct + + En algunos sistemas el fichero acct se puede llamar pacct + Comandos: + + who --> Permite saber qui‚n est  conectado al sistema en el momento en que + ejecutamos el comando. + + finger --> Lo mismo que el comando who, con el a¤adido de que se puede + aplicar a otras m quinas. Es decir, podemos saber qu‚ usuarios + est n conectados a una determinada m quina en el momento en que + ejecutamos el comando. + + users --> Igual que el who + + rusers --> Igual que finger, pero la m quina remota debe utilizar el sistema + operativo Unix. + + Los comandos who, finger, users y rusers toman la informaci¢n que sacan en + pantalla del fichero utmp. + + last --> Permite saber cuando fu‚ la £ltima vez que se conect¢ un + usuario. + + El comando last toma la informaci¢n que saca en pantalla del fichero wtmp. + + ps --> Permite saber qu‚ procesos est n siendo ejecutados por el sistema y + que usuarios los ejecutan. + + El comando ps ofrece una informaci¢n mucho m s completa de qui‚n est  + utilizando el sistema puesto que un usuario que no aparezca en los ficheros + utmp o wtmp puede tener procesos ejecut ndose, por lo que el comando ps + ofrecer  la informaci¢n de qui‚n est  ejecutando dichos procesos. En + contrapartida, la informaci¢n que ofrece el comando ps es m s complicada de + interpretar que la informaci¢n ofrecida por el resto de comandos. + + accton --> Activa un proceso llamado accounting, que es el que proporciona + informaci¢n al fichero acct. + + lastcomm --> Permite saber qu‚ comandos han ejecutado los usuarios. + + acctcom --> Igual que lastcomm pero exclusivamente para Unix del tipo + SYSTEM V. + + Los comandos lastcomm y acctcom toman la informaci¢n que sacan por pantalla + del fichero acct (pacct en algunos sistemas) + + Por lo tanto, si queremos borrar nuestras huellas del sistema, bastar  con + borrar cualquier log relativo a nuestro usuario de los ficheros utmp, wtmp y + acct. Esto se puede hacer de dos formas: + + Ficheros utmp y wtmp: + + 1 - No borramos los ficheros pero los dejamos con cero bytes. S¢lo se + utiliza como £ltimo recurso por suscitar muchas sospechas por parte + de los administradores. Hay hackers que opinan que esto es incluso + peor que no borrar los logs. + + 2 - Los ficheros utmp y wtmp no son ficheros de texto, es decir, no se + pueden editar con un editor de textos. Sin embargo, existen programas + llamados zappers (debido a que el programa m s famoso de este tipo se + llama zap) que pueden borrar los datos relativos a un usuario en + particular de estos ficheros dejando el resto de los datos relativo a + los dem s usuarios intacto. + + Fichero acct: + + Cuando el accounting est  activado (es decir, cuando el sistema recoge + informaci¢n acerca de los comandos ejecutados en el fichero acct) es + bastante complicado borrar nuestras huellas, de hecho no se pueden borrar + del todo, aunque s¡ se pueden reducir a una m¡nima informaci¢n de nuestra + presencia en el sistema. + + 1 - LO PRIMERO que hacemos nada m s entrar en el sistema es copiar el + fichero acct a otro fichero y LO ULTIMO que hacemos antes de abandonar + el sistema es copiar dicho fichero de nuevo al acct, de modo que los + comandos que hemos ejecutado durante la sesi¢n no aparecen en el + fichero acct. + + Problema: Nuestra entrada en el sistema queda registrada, as¡ como las + dos copias. + + 2 - Dejamos el fichero acct a cero bytes. Como antes, esto es bastante + sospechoso para un administrador, adem s, algunos sistemas reaccionan + mal y paran el proceso de accounting, para no levantar sospechas habr¡a + que reactivarlo con el comando accton. + + Problema: Bastante sospechoso. El propio comando accton quedar¡a + registrado como ejecutado por nuestro usuario. + + 3 - Hacerse un editor para el fichero acct que borrara los datos + correspondientes a nuestro usuario y dejara intactos los datos relativos + al resto de los usuarios. Existen unos pocos programas que hacen esto. + + Problema: La ejecuci¢n del programa editor que borra nuestras huellas + quedar¡a registrado como ejecutado por nuestro usuario. + + Afortunadamente, no hay muchos sistemas que tengan activado el accounting + debido a la cantidad de capacidad que es necesaria para guardar los + comandos ejecutados por cada usuario. + + + Aparte de los ficheros utmp, wtmp, acct y lastlog, hay que tener en cuenta + otras facilidades y aplicaciones que posee el sistema operativo Unix que + permiten al administrador vigilar ciertos aspectos cr¡ticos relativos a la + seguridad y al mantenimiento del sistema. + + 1 - Syslog + + Syslog es una aplicaci¢n que viene con el sistema operativo Unix. + El sistema operativo Unix se puede configurar de tal forma que + determinados programas, procesos o aplicaciones generen mensajes que son + enviados a determinados ficheros donde quedan registrados dichos + mensajes. Estos mensajes son generados cuando se dan unas determinadas + condiciones, ya sean condiciones relativas a seguridad, mantenimiento + o simplemente de tipo puramente informativo. + + Para conseguir esto hay que configurar varias cosas. + + A - Decidir qu‚ programas, procesos y aplicaciones pueden generar + mensajes. (Pongo los principales) + + kern --> mensajes relativos al kernel + user --> mensajes relativos a procesos ejecutados por usuarios + normales. + mail --> mensajes relativos al sistema de correo. + lpr --> mensajes relativos a impresoras. + auth --> mensajes relativos a programas y procesos de autentificaci¢n + (aquellos en los que est‚n involucrados nombres de usuarios + y passwords, por ejemplo login, su, getty, etc) + daemon --> mensajes relativos a otros demonios del sistema. + + etc... + + B - Decidir qu‚ tipos de mensajes pueden generar cada uno de esos + programas, procesos o aplicaciones. + + emerg --> emergencias graves. + alert --> problemas que deben ser solucionados con urgencia. + crit --> errores cr¡ticos. + err --> errores ordinarios. + warning --> avisos. + notice --> cuando se da una condici¢n que no constituye un error pero + a la que se le debe dar una cierta atenci¢n. + info --> mensajes informativos. + + etc... + + C - Decidir a qu‚ ficheros van a para dichos mensajes dependiendo del + tipo al que pertenezca el mensaje correspondiente. + + + Syslog cumple su funci¢n mediante el syslogd (syslog daemon o en + castellano el demonio syslog). + + NOTA: un demonio (o daemon) es un proceso que no tiene propietario (es + decir, no es ejecutado por ning£n usuario en particular) y que + se est  ejecutando permanentemente. + + El syslogd lee su configuraci¢n del fichero /etc/syslog.conf + Dicho fichero contiene la configuraci¢n relativa a qu‚ eventos del + sistema son registrados y en qu‚ ficheros son registrados. Los + ficheros a los cuales se mandan los registros (logs) pueden estar + situados en la misma m quina en la que estamos trabajando o en otra + m quina de la red. + + + C¢mo borrar las huellas relativas al syslog: + + Bien, nuestras andanzas por el sistema cuando hemos accedido a ‚l y + cuando nos hemos convertido en root, pueden generar diversos mensajes + registrados por el syslogd y guardados en los ficheros indicados en el + /etc/syslog.conf + + A diferencia de los ficheros utmp, wtmp, acct y lastlog, los ficheros + en los que se guardan los registros del syslog s¡ se pueden editar con + un editor de textos. + + Para poder borrar estas huellas necesitamos tener privilegios de root, + naturalmente. Bastar  con examinar el fichero /etc/syslog.conf para + saber los ficheros que guardan los registros del syslog. Despu‚s + miraremos cada uno de esos ficheros comprobando que no hay ning£n mensaje + relativo a nuestra intrusi¢n en el sistema (los mensajes del estilo + "login: Root LOGIN REFUSED on ttya" a ciertas horas de la noche son + bastante sospechosos :-) ). En caso de que lo haya, lo borramos y + CAMBIAMOS LA FECHA del fichero con el comando touch de forma que + coincida la fecha del £ltimo mensaje (despu‚s de haber borrado nuestras + huellas) con la fecha del fichero. Si no lo hacemos as¡, alg£n + administrador demasiado suspicaz puede comprobar que las fechas no + coinciden y deducir que alguien ha modificado el fichero (esta es una + precauci¢n extrema pero la recomiendo por experiencia). Si es necesario, + y SOLO si es necesario, habr¡a que cambiar la fecha de los directorios + en los que est‚n inclu¡dos los ficheros que guardan los logs. + + Si en el fichero /etc/syslog.conf hay mensajes que se destinan a + /dev/console eso significa que los mensajes (ya sean de error, alerta + o emergencia) salen directamente en la pantalla del root (o sea, en la + consola). En este caso no se puede hacer nada (que yo sepa), pero + mensajes de este tipo suelen estar generados por alertas bastante + graves como por ejemplo intentar acceder con la cuenta de root + directamente o utilizar el comando su para intentar convertirse en root, + etc. Es decir, cuanto m s sigilosos seamos a la hora de hacernos root + y menos ruido armemos m s posibilidades tendremos de no aparecer en este + tipo de logs. + + 2 - TCP-Wrapper + + Se trata de una aplicaci¢n que proporciona una serie de mecanismos + para el registro (logging) y filtro (filtering) de aquellos servicios + invocados o llamados a trav‚s del inetd (internet daemon). Con esta + herramienta el administrador posee un control absoluto de las + conexiones hacia y desde su m quina. + + Puede, entre otras muchas cosas, filtrar un servicio de internet como + por ejemplo el telnet, ftp, etc de forma que nadie pueda conectarse + al sistema desde otra m quina o puede especificar una lista de m quinas + que s¡ pueden conectarse (y las dem s no podr n). Adem s, el + administrador es informado en todo momento y con todo lujo de detalles + de las conexiones que se han hecho desde su m quina y hacia su m quina + con cualquiera de los diferentes servicios de internet (telnet, ftp, + finger, etc...) + + Como en el syslog, para borrar nuestras huellas del tcp-wrapper, tendremos + que buscar posibles huellas mirando el archivo de configuraci¢n (alojado + NORMALMENTE en el directorio /etc), borrar dichas huellas y cambiar las + fechas de los ficheros correspondientes. + + Bien, hasta aqu¡ un resumen sobre c¢mo borrar las huellas. Como vereis me + he extendido un poco m s porque me parece importante que la gente adquiera + conciencia de que tan importante o m s que controlar el sistema (convertirse + en root) es saber ocultarse en ‚l (aunque es una opini¢n personal). + + Puede parecer bastante pesado el borrar todas las posibles huellas que + hayamos dejado, pero en ALGUNAS ocasiones, una vez que hayamos visto los + ficheros de configuraci¢n es posible preparar un shell script (el equivalente + a los ficheros batch en MS-DOS, aunque la programaci¢n en shell es + infinitamente m s potente :-) ) que haga todo el trabajo por nosotros en + cuesti¢n de borrar las huellas. Dicho script lo podemos dejar bien camuflado + en el sistema para que la pr¢xima vez que entremos lo podamos ejecutar + (utilizando como par metros el usuario con el que hayamos entrado, el + terminal por el que hayamos entrado, la hora a la que hayamos entrado, etc..) + ahorr ndonos todo el trabajo pesado. + + Para terminar con lo de borrar las huellas, s¢lo advertir que aunque seamos + perfectamente invisibles en el sistema, cualquier usuario que est‚ conectado + al mismo tiempo que nosotros podr¡a detectarnos viendo el terminal por el + que hemos entrado (el fichero /dev/ correspondiente a nuestro terminal + tendr¡a como propietario (owner) al usuario con el que hemos entrado en el + sistema, y la fecha del fichero /dev/ correspondiente al terminal tambi‚n + nos delatar¡a). Para evitar esto tendr¡amos que cambiar de owner el fichero + correspondiente al terminal (teniendo privilegios de root naturalmente) + al owner que tengan los otros terminales a los cuales no hay nadie + conectado (es decir, al owner de los terminales por defecto que NORMALMENTE + es el root). + + De todas formas, esto £ltimo, junto con lo de cambiar de fecha ciertos + ficheros de logs, son medidas quiz  extremas, pero vuelvo a insistir que + son muy recomendables. + + Por £ltimo, la cuesti¢n de ocultar o camuflar procesos mientras los estamos + ejecutando es otra cuesti¢n que se tratar  en otro mensaje si teneis la + paciencia de seguir. :-) + + + Ya hemos visto de forma resumida y sin detallar algunas t‚cnicas sobre c¢mo + conseguir acceso, conseguir privilegios y borrar nuestras huellas. Vamos a + ver el £ltimo paso, c¢mo conseguir acceso a otros ordenadores una vez + controlado el host que hayamos hackeado (es decir, despu‚s de asegurarnos + que hemos borrado absolutamente todas nuestras huellas y de implantar + alg£n sushi u otro m‚todo an logo para conseguir privilegios de root). + + Una vez controlado el host que ten¡amos como objetivo, podemos hacer todo + lo que queramos en el sistema, aunque hay que tener en cuenta que nuestras + acciones pueden ser registradas por el syslog, tcp-wrapper u otra utilidad + que genere logs, por lo que cuando vayamos a irnos del sistema siempre + tendremos que comprobar antes que no hemos dejado registros (logs). + + Es en este punto donde adquiere importancia la "filosof¡a" del hacker. La + diferencia entre un hacker y un cracker (no me estoy refiriendo a alguien + que rompe las protecciones de software), consiste en que un cracker accede al + sistema para da¤arlo o corromperlo y un hacker accede al sistema simplemente + para conseguir informaci¢n o por pura curiosidad, pero nunca corromper  ni + borrar  ning£n fichero del sistema, sigue el lema (aunque tampoco de forma + radical, es decir, sin tom rselo al pie de la letra) de "se ve pero no se + toca". A esto £ltimo hay que hacer una excepci¢n , naturalmente. Los £nicos + ficheros que el hacker modificar  o borrar  ser n los ficheros relativos a + los logs que haya podido dejar en el sistema. Por supuesto que esto es una + situaci¢n ideal y no realista, en la pr ctica un hacker puede que realize + otras acciones en el sistema que puedan modificar ficheros ya existentes, + pero siempre procurar  que los cambios sean m¡nimos. + + + PASO CUATRO: + + Bien, para conseguir acceso a otros sistemas desde el host que hemos hackeado + existen varias t‚cnicas. La m s sencilla y la primera que se suele probar es + consultando los ficheros .rhosts de los usuarios e intentando acceder a los + sistemas inclu¡dos en dichos ficheros mediante rlogin o rsh. Tambi‚n se + puede intentar acceder a otros sistemas de la red con los comandos "r" + aunque no est‚n inclu¡dos en los ficheros .rhosts o en el fichero host.equiv. + + Hay varias formas m s o menos sofisticadas que nos permitan conseguir + informaci¢n desde el sistema en el que nos encontramos y que nos permita + acceder a otros sistemas de la red. Quiz  el m‚todo m s famoso y m s + eficiente sea la colocaci¢n de un sniffer. + Un sniffer es un programa que "monitoriza" la red consultando los diferentes + paquetes de informaci¢n que circulan por ella. Cuando alguno de esos paquetes + cumple ciertos requisitos (por ejemplo que sea un paquete correspondiente a + un proceso de login), guarda dicho paquete en un fichero (es decir, guarda + un log). Cada cierto tiempo el hacker puede consultar dicho fichero que le + proporciona informaci¢n sobre qu‚ usuario se conect¢ a una determinada + m quina, a qu‚ m quina se conect¢ y que password utiliz¢, adem s de otros + datos. + + C¢mo funciona un sniffer: + + La red Internet es un conjunto de subredes comunicadas entre s¡ mediante + m quinas llamadas gateways, bridges o routers. Cada subred, a su vez, puede + estar dividida en varias subredes y sucesivamente. Lo m s usual es que las + m quinas est‚n organizadas en una red de tipo ethernet, y que dicha red est‚ + conectada a Internet (o a una subred de Internet) mediante sus + corrrespondientes routers o gateways (no tiene porqu‚ ser s¢lo un router + o gateway, una misma red puede tener varios para comunicarse con el + exterior), que ser n las m quinas que mantengan a dicha red ethernet en + contacto con el resto de la red. + + Las redes ethernet trabajan mandando los paquetes de informaci¢n por un + mismo canal compartido por todas las m quinas. En la cabecera de cada + paquete de informaci¢n est  inclu¡da la direcci¢n de la m quina a la cual va + destinado el paquete de informaci¢n. Se supone que el paquete de informaci¢n + s¢lo lo recibe la m quina a la cual va destinado. Las m quinas que reciben + cualquier paquete de informaci¢n aunque no est‚n destinados a ella, se dice + que est n en modo promiscuo. + + De esta forma, un hacker puede poner en modo promiscuo la m quina (si es que + no lo est  ya en el momento de hackearla) y capturar TODOS los paquetes que + circulan por la red, aunque no provengan de su m quina y aunque no est‚n + destinados a su m quina. Normalmente se suelen capturar paquetes que cumplan + alg£n requisito como aquellos que incluyan el momento de acceso de un usuario + a una m quina. Teniendo en cuenta que el login y el password del usuario se + mandan en modo texto, el hacker puede leer con toda comodidad en el fichero + registro que genera el sniffer qu‚ password utiliza el usuario y en qu‚ + m quina lo utiliza. + + Tambi‚n se puede sniffar informaci¢n aunque el sistema no est‚ en modo + promiscuo, pero entonces la m quina s¢lo aceptar  informaci¢n que est‚ + destinada a ella, y los £nicos paquetes de informaci¢n que monitorizar  el + sistema ser n los paquetes destinados a ‚l, y los paquetes que provengan del + propio sistema. + + Existen varios programas sniffers por la red, incluso algunos comerciales. + Los m s conocidos y distribuidos en circulos underground son sniffers para + SunOS, Solaris y Linux. Por otra parte, programas bien conocidos como + Etherfind o Tcpdump se pueden utilizar estupendamente como sniffers, aunque + no hayan sido concebidos para esos fines. + + Para comprobar si un sistema est  en modo promiscuo se utiliza el comando + ifconfig -a, aunque en algunos sistemas como el OSF/1 o el IRIX (el Unix + de Silicon Graphics) hay que especificar el interface (dispositivo mediante + el cual el sistema intercambia informaci¢n con la red ethernet). Para + ver los interfaces se puede utilizar el comando netstat -r. + + Para terminar, s¢lo advertir que los logs, es decir, los ficheros que utiliza + el sniffer para guardar la informaci¢n, suelen crecer muy deprisa por lo que + si no se tiene cuidado pueden hacerse excesivamente granden y alertar al + administrador del sistema que al examinar los ficheros se dar  cuenta de que + existe un hacker en su sistema. Por eso es recomendable consultar los logs + cada POCO tiempo y dejar los ficheros a cero. + + +Bien, ante todo quiero advertir que el tema que voy a tratar a continuaci¢n +est  tratado desde un punto de vista personal. En hacking, como en casi +cualquier actividad, cada maestrillo tiene su librillo. S¢lo pretendo dar +unos consejos pr cticos y desde luego NO recomiendo que se sigan al pie de +la letra. Cada uno puede tener en cuenta estos consejos como base pero lo +mejor es que cada uno desarrolle su propio m‚todo y su propia forma de hacer +las cosas. + +Puede que muchos hackers (la gran mayor¡a mucho mejores que yo) que lean esto +no est‚n de acuerdo con estos consejos o incluso los consideren nocivos para +la pr ctica del hacking. S¢lo puedo repetir que se trata de MI punto de vista +y de MI opini¢n, y repetir que nadie se tome estas t‚cnicas como dogma, sino +que cada uno las ponga en pr ctica y despu‚s juzgue por s¡ mismo si vale la +pena utilizarlas o no. + + +RECOPILACION DE INFORMACION: + +Bien, antes de intentar lanzarnos a hackear alg£n ordenador de la red conviene +hacer algunos preparativos. Estos preparativos a los que me refiero constan +simplemente de una peque¤a recopilaci¢n de informaci¢n, tanto informaci¢n +general como informaci¢n del ordenador que nos hayamos marcado como objetivo. + + +1 - Informaci¢n general: + + Cuando menciono informaci¢n general me estoy refiriendo a la recopilaci¢n + de bugs y programas que nos ayuden a hackear. + + Los bugs o fallos de seguridad y los programas que nos ayudan a + explotarlos (aprovechar dichos fallos de seguridad) pueden conseguirse + de varias formas: + + I - Mailing-lists de Internet: + + BoS --> Best of Security + Bugtraq + Comp.Security.Unix + Alt.2600 + Linux.Security.Alert + + etc..... + + + II - FTPs o WEBs "oficiales": + + El m s famoso es ftp.cert.org, pero existen una infinidad + de ellos, basta con buscar mediante cualquier Search + Engine del WWW cualquier materia relacionada con la + seguridad. + + En los mensajes del CERT o de las distintas listas de correo los bugs no + se describen de manera directa. Es decir, no os dir n los pasos que teneis + que dar para aprovechar los fallos de seguridad, sino que lo £nico que + mencionar n ser  el sistema operativo al cual afecta el bug (SunOS, AIX, + Solaris, HP-UX, Ultrix, OSF/1, Irix, etc...), cual es el resultado de + aprovechar el bug (convertirse en root, poner los permisos que queramos + a un determinado fichero, estrellar el ordenador....) y los parches que + hay que aplicar al sistema para que dicho bug no pueda ser aprovechado en + el futuro. + + Existen unas cuantas excepciones, los llamados EXPLOITS. Son mensajes + "oficiales" que muestran los pasos que hay que dar para aprovechar un + determinado fallo de seguridad, e incluyen los programas necesarios + para hacerlo. + + III - FTPs, FSPs o WEBs "no oficiales": + + Hay varios repartidos por Internet. Descubrirlos forma + parte de las labores del hacker. En los que son + demasiado conocidos habr  cosas muy antiguas o que ya no + funcionan. + + Es en estos sites (se llama site o host a un ordenador + cualquiera de Internet) donde se consiguen las mejores + utilidades y programas que nos permitan explotar varios + bugs as¡ como varias t‚cnicas b sicas de hacking. + + Un buen hacker debe ser organizado. Organizar los bugs seg£n un cierto + criterio es fundamental a la hora de hackear un ordenador. He visto + gente que clasifica los bugs en distintos directorios seg£n varios + criterios. Algunos los clasifican seg£n la fecha. Es decir, almacenan en + un directorio los del 93, en otro los bugs aparecidos en el 94, en otro + los del 95, etc. Otras personas, entre las que me incluyo, los organizan + en distintos directorios seg£n los sistemas operativos a los que afecten + o los protocolos de Internet a los que afecten. Es decir, yo tengo + recopilados en un directorio todos los bugs que funcionan en SunOS (todos + los que tengo yo, se entiende, no todos los que existen :-) ), en otro + todos los que funcionan en Solaris, en otro los que funcionan en HP-UX, + en otro los que se aprovechan fallos del sendmail, en otro los bugs + generales que puedan funcionar en varios sistemas, en otro directorio + los programas que me permitan borrar mis huellas, etc. + + A la hora de hackear un ordenador lo primero ser  averiguar el sistema + operativo que utiliza, su versi¢n de sendmail, y otras cosas que explicar‚ + despu‚s. El tener organizados los bugs o los EXPLOITS as¡ como otros + programas de utilidad (zappers para borrar las huellas o sniffers para + conseguir cuentas) en directorios bien diferenciados nos permitir  ahorrar + mucho tiempo a la hora de hackear y lo m s importante (lo digo por + experiencia), nos evitar  hacernos lios y nos ayudar  a decidirnos sobre + qu‚ bugs intentar explotar en dicho sistema. + + + IV - Zines o revistas electr¢nicas: + + Las revistas o documentos electr¢nicos son llamados + zines. En algunas de estas revistas o documentos est n + explicadas varias t‚cnicas b sicas de hacking as¡ como + lecciones de Unix orientadas a los hackers. Hay muchas + revistas de este estilo y muy buenas: + + FAQ de 2600 + Phrack + LOD Technical Journal + Cotno + Infohax + + etc.... + +2 - Informaci¢n del ordenador objetivo: + + Antes de intentar hackear un ordenador normalmente se recopilan una + serie de datos que nos ayuden a decidirnos sobre qu‚ t‚cnica de hacking + podemos utilizar. + + Se puede conseguir informaci¢n muy variada de un determinado host + (ordenador), pero quiz  lo fundamental sea intentar hallar los + siguientes datos: + + - Su direcci¢n IP y su direcci¢n de dominio. + + C¢mo se consigue --> Si tenemos el host marcado como objetivo se + suponen conocidas. Si s¢lo conocemos la direcci¢n + de dominio para hallar la direcci¢n IP basta + utilizar el comando "nslookup " + + - Tipo de sistema operativo Unix que utiliza -->**MUY IMPORTANTE**<-- + + C¢mo se consigue --> Haciendo telnet + + - Versi¢n de Sendmail que utiliza + + C¢mo se consigue --> Haciendo telnet 25 + Es decir, hacemos un telnet a la m quina pero al + puerto 25. Una vez conectados para salir basta + utilizar QUIT o para obtener ayuda HELP. + + - Si soporta RPC y en caso afirmativo averiguar qu‚ servicios RPC tiene. + + C¢mo se consigue --> Utilizando el comando "rpcinfo -p " + + - Si exporta directorios. Es decir, si tiene NFS, y en caso afirmativo, + averiguar qu‚ directorios exporta y a qui‚n los exporta. + + C¢mo se consigue --> Utilizando el comando "showmount -e " + + - Averiguar qu‚ otras m quinas hay en ese mismo dominio, y que sistema + operativo utilizan esas otras m quinas. + + C¢mo se consigue --> Utilizando el comando "nslookup". Cuando salga el + prompt del nslookup (un s¡mbolo > ) se utiliza + el comando "ls -d " para obtener + informaci¢n del dominio. + + Con estos datos ya podemos intentar algunas t‚cnicas de hacking, en las + cuales profundizaremos en pr¢ximos mensajes. :-) + +Por £ltimo algunos consejos importantes (repito: son consejos basados +en mi experiencia, que cada uno desarrolle sus propios recursos): + +1 - En el caso de que consigais alguna cuenta para acceder al ordenador quiz  + una vez hayais entrado no sepais muy bien c¢mo reaccionar, es decir, no + sepais qu‚ hacer a continuaci¢n. Es en este momento donde toma importancia + la organizaci¢n que mencion‚ antes. + + En ning£n momento os pongais nerviosos o intenteis cosas a loco. Si veis + que perdeis la calma lo mejor es apartarse de la pantalla diez o quince + minutos, relajarse, y despu‚s intentar hallar un camino para conseguir + privilegios. + + Para intentar conseguir privilegios de root es fundamental ante todo que + hagais una distinci¢n de los bugs que podeis intentar explotar y aquellos + que no debeis intentar explotar (debido a que si son bugs de otro sistema + operativo Unix distinto al que estamos hackeando no servir n de nada), + por eso os aconsej‚ la distribuci¢n en directorios de los bugs seg£n el + sistema o protocolo al que afecten. Esa organizaci¢n os evitar  p‚rdidas + de tiempo (con lo que aumenta la impaciencia del hacker :-) ) y os + ayudar  a decidir las t‚cnicas de hacking que debeis intentar de las que + no debeis intentar. + + A la hora de intentar explotar alg£n bug relativo al sistema que estemos + hackeando tambi‚n es importante tener los exploits bien organizados y + convenientemente editados (muchas veces los exploits vienen mezclados + en mensajes de texto) para que lo £nico que tengamos que hacer sea + subirlos por FTP al sistema y ejecutarlos (y compilarlos si no fueran + shell scripts). + +2 - En caso de que no os funcione ning£n bug en el sistema de los que teneis, + ante todo mucha calma. :-) + + Importante: En este caso lo que debemos buscar es dejar las menos huellas + posibles en el sistema. Las huellas que habeis dejado hasta + el momento no podreis borrarlas as¡ que por mucho que os + preocupeis por ellas no podreis hacer nada, s¢lo esperar que + el administrador no se d‚ cuenta de vuestras intrusiones + (tanto en el utmp, wtmp o los logs del syslog). No intenteis + cosas a lo loco como explotar bugs que funcionan en otros + sistemas porque lo £nico que conseguireis ser  dejar m s + huellas y perder el tiempo. + + Lo que s¡ podeis hacer es intentar explotar bugs que afecten a los + sistemas Unix en general (hay algunos) o bugs que afecten a alguno de + los protocolos TCP/IP. Si siguen sin funcionar ninguno dedicaos a + explorar el sistema (hasta donde os permitan vuestros privilegios) + para tener una visi¢n general de c¢mo est  protegido el sistema (por + ejemplo viendo si los usuarios tienen ficheros .rhosts, si determinados + ficheros tienen permisos set-uid, que propietario tienen determinados + ficheros, etc...), y a partir de ah¡ teneis dos opciones PRINCIPALES (es + decir, que puede haber m s opciones pero yo siempre utilizo una de estas + dos): + + I - Olvidarse durante un par de d¡as del sistema que intentamos hackear + y aprender todo lo que podamos sobre el sistema operativo Unix que + utiliza esa m quina, ya sea buscando bugs m s modernos que sirvan + para la versi¢n del sistema que intentamos hackear como examinando + FAQs, documentos o p ginas html que traten sobre dicho sistema en + general y su seguridad en particular, etc... + + II - Hackear otra m quina del mismo dominio y que sea m s f cil de + hackear, es decir, que sea mucho m s insegura (hay sistemas m s + "f ciles" o "inseguros" que otros debido a que se conocen m s bugs + sobre ellos. Seguramente el SunOS 4.1.x sea el sistema del que se + conocen m s bugs). Este m‚todo suele ser el m s utilizado cuando + una m quina se nos resiste debido a que existen m s recursos + al hackear una m quina (con t‚cnicas que permiten conseguir + privilegios de root A LA VEZ que conseguimos entrar en dicha + m quina) desde una m quina de su mismo dominio que desde una m quina + que no pertenezca a su dominio. + +3 - Cuando no conseguimos acceder a un ordenador que pretendemos hackear el + recurso que m s se suele utilizar es el que hemos comentado antes. Se + trata de hackear otra m quina del mismo domino que sea m s insegura y + desde esa m quina hackear la m quina que nos hemos puesto por objetivo. + + I - La forma m s sencilla es poner un sniffer en la m quina insegura + que hemos hackeado esperando conseguir una cuenta de la m quina + objetivo que pretendemos hackear. + + II - Como he dicho antes, existen muchos m s recursos para hackear una + m quina desde otra m quina de su mismo dominio de los que se pueden + utilizar al tratar de hackearla desde una m quina que no es de su + dominio. Por ejemplo aprovechando los ficheros .rhosts mediante + los comandos rlogin o rsh, comprobando si la m quina objetivo + exporta directorios a la m quina que hemos hackeado, etc... + +Para terminar un par de consejos para determinadas situaciones que se aprende +a resolverlas a base de pr ctica, pr ctica y m s pr ctica. Podeis leer un +mont¢n de documentos sobre hacking como este pero si quereis aprender a +hackear de verdad lo mejor es la pr ctica y ponerse manos a la obra cuanto +antes, y que vosotros seais vuestros propios profesores. + +4 - Nunca os de miedo de intentar hacer cosas dentro del sistema (mientras + tengan alg£n sentido claro, como he dicho antes, no hay que hacer las + cosas a lo loco). No penseis que os van a pillar y que os van a cerrar el + acceso. Si os pillan y os cierran el acceso mala suerte, eso forma parte + del aprendizaje del hacker, os vais a hackear otro sistema y se acab¢ + (incluso puede ser otro sistema del mismo dominio), pero siempre teneis + que experimentar, intentar las cosas por vosotros mismos, no os limiteis + a leerlas en un papel. Os descubrir n muchas veces y os cerrar n el acceso + otras tantas veces, pero cada vez ireis espabilando y lo ireis haciendo + mejor. Errores que cometisteis una o dos veces, m s adelante no los + volvereis a cometer. En definitiva: aunque os d‚ angustia el que os + cierren el acceso a alg£n ordenador al que ya habiais conseguido entrar, + no os d‚ miedo explorar el sistema y experimentar. + +5 - Muchas veces intentareis compilar un programa para explotar alg£n bug y + os dar  errores cuando se supone que deb¡a compilar correctamente. + Debuggar los programas tambi‚n forma parte de las labores del hacker. + Con la pr ctica aprendereis a reconocer porqu‚ tal o cual c¢digo fuente + no compila correctamente. + + +--------------------------------Cut Here------------------------------------- diff --git a/README.md b/README.md new file mode 100644 index 0000000..b66650e --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +#JD_VBeta + + +*20/05/2001* + +ToDo: wwtcf? + + +![screenshot](/JD_VBeta.png "Screenshot") diff --git a/default.htm b/default.htm new file mode 100644 index 0000000..c043bcb --- /dev/null +++ b/default.htm @@ -0,0 +1,18 @@ + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/default.htm.lnk b/default.htm.lnk new file mode 100644 index 0000000..91a51e3 Binary files /dev/null and b/default.htm.lnk differ diff --git a/menuHTML/WebFinMenu.htm b/menuHTML/WebFinMenu.htm new file mode 100644 index 0000000..976d24e --- /dev/null +++ b/menuHTML/WebFinMenu.htm @@ -0,0 +1,16 @@ + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + diff --git a/menuHTML/WebHlp.htm b/menuHTML/WebHlp.htm new file mode 100644 index 0000000..8524254 --- /dev/null +++ b/menuHTML/WebHlp.htm @@ -0,0 +1,44 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + + + + + + +
 
+ + + + + +
 
+ + diff --git a/menuHTML/WebLogo.htm b/menuHTML/WebLogo.htm new file mode 100644 index 0000000..8304aa1 --- /dev/null +++ b/menuHTML/WebLogo.htm @@ -0,0 +1,27 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + +

+
+ + diff --git a/menuHTML/WebMHome.htm b/menuHTML/WebMHome.htm new file mode 100644 index 0000000..ca22d92 --- /dev/null +++ b/menuHTML/WebMHome.htm @@ -0,0 +1,19 @@ + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/menuHTML/WebMenu.htm b/menuHTML/WebMenu.htm new file mode 100644 index 0000000..750979a --- /dev/null +++ b/menuHTML/WebMenu.htm @@ -0,0 +1,207 @@ + + + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Home
Paginas
Cfg
 
Hack
Crack
Warez
C.I.
 
Enlaces
Contacto
+ +

 

+ + + + \ No newline at end of file diff --git a/menuHTML/cfg.htm b/menuHTML/cfg.htm new file mode 100644 index 0000000..2fa07b2 --- /dev/null +++ b/menuHTML/cfg.htm @@ -0,0 +1,35 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + + + + diff --git a/menuHTML/class.css b/menuHTML/class.css new file mode 100644 index 0000000..c3e132a --- /dev/null +++ b/menuHTML/class.css @@ -0,0 +1,20 @@ +A:link {text-decoration: none; + font-weight: bold; + text-decoration: none + color: #9EB9E9 } +A:visited {text-decoration: none; + font-weight: bold; + text-decoration: none + color: #9EB9E9 } +A:active {text-decoration: none; + font-weight: bold; + text-decoration: none + color: #F7BF00 } +A:hover {text-decoration: none; + font-weight: bold; + text-decoration: none ; + color: #F7BF00 } +.plain {font-family: Verdana,Arial; + font-size: 10pt; + color: black } +b { font-weight: bold;} diff --git a/menuHTML/contacto.htm b/menuHTML/contacto.htm new file mode 100644 index 0000000..9de1d6b --- /dev/null +++ b/menuHTML/contacto.htm @@ -0,0 +1,16 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + + + diff --git a/menuHTML/crack.htm b/menuHTML/crack.htm new file mode 100644 index 0000000..e5440aa --- /dev/null +++ b/menuHTML/crack.htm @@ -0,0 +1,169 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + +

Tutoriales

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
hackerLayer.zip07/05/99542 + KbenIntgfdhonamiengfdhncionamiento/aprovechamiento, + de los fallo de seguridad de estos.
checkList.txt15/11/9988 + KbenLifggfhdddistintos + sistemas Unix.
     
+
+ +

Ataques DoS (Nukes)
+(Aunque algunos opinen, que esto debería entrar dentro de la +sección de hacking, hay que decir que estas son erramientas de +'destrucción', contrarias a todo lo que significa la palabra +hacker, es por eso por lo que estan catalogadas como 'cracks' +-simbolo de los dañino y peligroso-).

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
·[mailers--/--/---- + Kb--Programas para + mandar desde una carta anónima, hasta una carta + Bomba.
·[PswHack]·--/--/---- + Kb--¿Se te ha + perdido algún Password? ¿o mas bien pretendes + conseguirlo?
+ Pues si no lo cosiges/revientas con estas + herramientas, lo tienes dificil...
raven2.txt17/03/974 + KbesListado de + directorio, donde se guardan los psw, de los + distintos sistemas Unix.
     
+
+ + diff --git a/menuHTML/default.htm b/menuHTML/default.htm new file mode 100644 index 0000000..b9ac991 --- /dev/null +++ b/menuHTML/default.htm @@ -0,0 +1,18 @@ + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/menuHTML/electro.htm b/menuHTML/electro.htm new file mode 100644 index 0000000..542c2b3 --- /dev/null +++ b/menuHTML/electro.htm @@ -0,0 +1,286 @@ + + + + + + JD Soft.1990-1998 (c) + + + + +

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
hackerLayer.zip07/05/99542 + KbenIntroducción + al funcionamiento de los protocolos/proxy's y + funcionamiento/aprovechamiento, de los fallo de + seguridad de estos.
checkList.txt15/11/9988 + KbenLista básica, + de cosas a tener en cuenta para la protección de + un sistema. (También pueden ser puntos de + entradas para un sistema pesimamente montado)
raven2.txt17/03/974 + KbesListado de + directorio, donde se guardan los psw, de los + distintos sistemas Unix.
redes.zip19/04/0055'4 + KbesMagnifico + tutorial, explicando el funcionamiento de una red + TCP/IP y RDSI
+
+ +

Manifiestos (retratos)

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
edison2.txt19/01/962 + KbesRetratro + típico de un Hacker.
Wendigo.txt12/09/9647 + Kbes¿De que va eso + del Hacking?
     
     
+
+ +

Troyanos

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
·[ver directorio19/01/96- + Kb--CDC
+ BackOrifice 2K
+ · Cliente / Servidor
+ · Fuentes
·[ver directorio--/--/--47 + KbukNetBus 1.6
+ · Cliente / Servidor
·[ver directorio2.1  SubSeven 2.1
+ · Cliente / Servidor
+ · Skins
     
     
     
     
saranwrap.zip25/12/9817 + Kb--Saran + Wrap
+ Utilidad para la propagación de cualquier + troyano.
+
+ + diff --git a/menuHTML/enlaces.htm b/menuHTML/enlaces.htm new file mode 100644 index 0000000..a80acb8 --- /dev/null +++ b/menuHTML/enlaces.htm @@ -0,0 +1,240 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Programación
+
Hack/Crack/Warez
+
Emuladores
+
Actualizaciones
+
Gratis + en iNet
+

+
HomePage
+
 
+

-

+ 		+ + + + +
Programación
+ + + + + + + + + +
Torry's PageEsta es una de mis + favoritas, para C++ Builder. De hecho + tengo un mirror en mi disco duro. Tiene + cientos, de VCL's, lo que te imagines + para no tener que programar ni una linea.
  
+


+
+

+

.

+

Hack/Crack/Warez

+ + + + + + + + + +
AstaLaVistaSi estabas buscando un + crack/serial, este es tu sitio, tiene una + base de datos estupenda. (Espero que siga + siendo tan buena durante muuucho tiempo).
CrackStoreExcelente recopilacion de crack's + para los juegos. Lo tutoriales de + Cracking, tan poco estan nada mal y al + menos tienen una buena recopilación de + herramientas para esta labor, que es lo + que le faltan a otras Web.
+


+
+

+

.

+

Emuladores

+


+
+
+
+
+
+

+

.

+

Actualizaciones

+


+
+
+
+
+
+
+

+

.

+

Gratis en iNet

+


+
+
+
+
+
+
+
+
+
+
+
+

+
+
 

+
+
+ 		 
+ + diff --git a/menuHTML/hack.htm b/menuHTML/hack.htm new file mode 100644 index 0000000..d97666f --- /dev/null +++ b/menuHTML/hack.htm @@ -0,0 +1,286 @@ + + + + + + JD Soft.1990-1998 (c) + + + + +

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
hackerLayer.zip07/05/99542 + KbenIntroducción + al funcionamiento de los protocolos/proxy's y + funcionamiento/aprovechamiento, de los fallo de + seguridad de estos.
checkList.txt15/11/9988 + KbenLista básica, + de cosas a tener en cuenta para la protección de + un sistema. (También pueden ser puntos de + entradas para un sistema pesimamente montado)
raven2.txt17/03/974 + KbesListado de + directorio, donde se guardan los psw, de los + distintos sistemas Unix.
redes.zip19/04/0055'4 + KbesMagnifico + tutorial, explicando el funcionamiento de una red + TCP/IP y RDSI
+
+ +

Manifiestos (retratos)

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
edison2.txt19/01/962 + KbesRetratro + típico de un Hacker.
Wendigo.txt12/09/9647 + Kbes¿De que va eso + del Hacking?
     
     
+
+ +

Troyanos

+ + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NombreFechaTamañoLangDescripción
·[ver directorio19/01/96- + Kb--CDC
+ BackOrifice 2K
+ · Cliente / Servidor
+ · Fuentes
·[ver directorio--/--/--47 + KbukNetBus 1.6
+ · Cliente / Servidor
·[ver directorio2.1  SubSeven 2.1
+ · Cliente / Servidor
+ · Skins
     
     
     
     
saranwrap.zip25/12/9817 + Kb--Saran + Wrap
+ Utilidad para la propagación de cualquier + troyano.
+
+ + diff --git a/menuHTML/home.htm b/menuHTML/home.htm new file mode 100644 index 0000000..759fe46 --- /dev/null +++ b/menuHTML/home.htm @@ -0,0 +1,20 @@ + + + + + + JD Soft.1990-1998 (c) + + + + +

 

+ +

Quiyo si ves esto, abre el netmeeting...

+ +

miercoles 19 mayo 1999

+ + diff --git a/menuHTML/images/NavLefts.GIF b/menuHTML/images/NavLefts.GIF new file mode 100644 index 0000000..67e50b7 Binary files /dev/null and b/menuHTML/images/NavLefts.GIF differ diff --git a/menuHTML/images/NavMidL.GIF b/menuHTML/images/NavMidL.GIF new file mode 100644 index 0000000..627c0b8 Binary files /dev/null and b/menuHTML/images/NavMidL.GIF differ diff --git a/menuHTML/images/NavTopG2.gif b/menuHTML/images/NavTopG2.gif new file mode 100644 index 0000000..b8608af Binary files /dev/null and b/menuHTML/images/NavTopG2.gif differ diff --git a/menuHTML/images/NavTopL.GIF b/menuHTML/images/NavTopL.GIF new file mode 100644 index 0000000..dff95bc Binary files /dev/null and b/menuHTML/images/NavTopL.GIF differ diff --git a/menuHTML/images/NavTopR.gif b/menuHTML/images/NavTopR.gif new file mode 100644 index 0000000..187444d Binary files /dev/null and b/menuHTML/images/NavTopR.gif differ diff --git a/menuHTML/images/back4.gif b/menuHTML/images/back4.gif new file mode 100644 index 0000000..a694ae1 Binary files /dev/null and b/menuHTML/images/back4.gif differ diff --git a/menuHTML/images/blank.gif b/menuHTML/images/blank.gif new file mode 100644 index 0000000..292c3ce Binary files /dev/null and b/menuHTML/images/blank.gif differ diff --git a/menuHTML/images/jdsoft.gif b/menuHTML/images/jdsoft.gif new file mode 100644 index 0000000..b648284 Binary files /dev/null and b/menuHTML/images/jdsoft.gif differ diff --git a/menuHTML/images/line.gif b/menuHTML/images/line.gif new file mode 100644 index 0000000..b05a6f3 Binary files /dev/null and b/menuHTML/images/line.gif differ diff --git a/menuHTML/images/negro.bmp b/menuHTML/images/negro.bmp new file mode 100644 index 0000000..ca3763e Binary files /dev/null and b/menuHTML/images/negro.bmp differ diff --git a/menuHTML/images/pamar.gif b/menuHTML/images/pamar.gif new file mode 100644 index 0000000..2cd5348 Binary files /dev/null and b/menuHTML/images/pamar.gif differ diff --git a/menuHTML/images/pazul.gif b/menuHTML/images/pazul.gif new file mode 100644 index 0000000..b967147 Binary files /dev/null and b/menuHTML/images/pazul.gif differ diff --git a/menuHTML/images/pirata.gif b/menuHTML/images/pirata.gif new file mode 100644 index 0000000..2ce6a19 Binary files /dev/null and b/menuHTML/images/pirata.gif differ diff --git a/menuHTML/images/planeta.gif b/menuHTML/images/planeta.gif new file mode 100644 index 0000000..abab848 Binary files /dev/null and b/menuHTML/images/planeta.gif differ diff --git a/menuHTML/images/projo.gif b/menuHTML/images/projo.gif new file mode 100644 index 0000000..69f2aa1 Binary files /dev/null and b/menuHTML/images/projo.gif differ diff --git a/menuHTML/images/punto3.gif b/menuHTML/images/punto3.gif new file mode 100644 index 0000000..294d220 Binary files /dev/null and b/menuHTML/images/punto3.gif differ diff --git a/menuHTML/paginas.htm b/menuHTML/paginas.htm new file mode 100644 index 0000000..50da762 --- /dev/null +++ b/menuHTML/paginas.htm @@ -0,0 +1,159 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Online 
JuegoWebTrucos + de juegos y creditos ocultos. Para que llegar al final, + ya no sea un problema...
JDwebMi + webSite original ( JD Soft. ), esta un poco dejada...
Informática DJListas + de precios e información diversa sobre la empresa...
InfoMundoSite/Web + oficial de "InfoMundo". ( Totalmente inactivo + desde 1997 ).
  
  
Offline + ( Mirrors ) 
Torry's Delphi PagesCientos + de VCL's para Delphi/C++ Builder, es genial, si programar + ya era facil en estos lenguajes, cuando descubras la + pontecia de estos VCL's, no volveras a escribir una linea + de código.
PSEmu Home PageJuega + a la PSX en un PC!!!
+ webSite donde se concentran los plug in's, (y el + emulador), para eso: uno de los mejores emuladores de + PlayStation..
CrackStore¿Necesitas + crackear un Juego? ¿Eliminar la protección del CD?
+ Pues ya estas tardando en entrar.
  
  
  
  
  
  
+ +

 

+ +

Nota: Los mirrors, solo +son imagenes parciales de las pagínas, que puedes encontrar +completas en iNet.

+ +

 

+ +

 

+ + diff --git a/menuHTML/warez.htm b/menuHTML/warez.htm new file mode 100644 index 0000000..6653fa3 --- /dev/null +++ b/menuHTML/warez.htm @@ -0,0 +1,32 @@ + + + + + + JD Soft.1990-1998 (c) + + + + + + + + + + + +