TUCoPS :: General Information :: stuff.txt

Someone's hacking stuff


Alright, here's what you do.

   1. Get a laptop or other computer that you have access to, and get that computer 
on the same network as the person you want to listen in on.
   2. Install WireShark (formerly Etheral, my bad earlier) on that machine, and set
 it to listen in PROMISCUOUS MODE (important part!!) on the device that's connected
to the network. If you get the device wrong, you won't see anything at all, so 
you'll know.
   3. Set Wireshark to filter out all non-TCP traffic and all non-AIM traffic. 
Its easy to figure out how to do that, but if you're a hopeless nubcake, I can 
make a gimp tutorial for you.
   4. Now, you'll start seeing (assuming people on the network are using AIM)
 traffic coming up on your screen (there's an option you have to set to get 
that instead of the annoying progress bar type things, its called "Update 
packets in real-time", make sure thats checked) from certain IPs. Look around
in the packets that you've just caught for your girlfriends screen name. Once
 you've found that, filter traffic to just TCP AIM traffic from that IP.
   5. Now, you'll be able to see (well, her password hash, for one) all 
the messages she sends and receives. Once she signs off, save the capture, 
and you can reload it later to reconstruct her conversations.

This should also demonstrate the ease of eavesdropping, because this can be done 
on other levels of network, just harder. THIS IS WHY YOU SHOULD ENCRYPT YOUR AIMS,

Is that sufficient?

beige boxing...free calls from someone elses line

STEP 1. Locate TNI Box

STEP 2. There should be a screw holding the swinging front door of the box in. Using 
your Flat Head Screwdriver (from your field kit.) Remove it, and place it off to the 
side. (Try not to drop it, I dropped one into the grass, and around here the grass roots 
go deep and it was never seen again.)

STEP 3. Open the front panel. You should see on your right some wiring, and a phone 
cord going into a modular jack. Ignore this, and look to your left. You should see
another door, but this one is held in by a strange nut like thing. (Pardon my 
inexperienced tool talk) Using your 3/8" Ratchet bit and Ratchet, remove it.

STEP 4. Take a deep breath there killer, your almost done.

STEP 5. You should see 4 screw like things towards the top (See Picture: Beige 
Boxing In Action4) locate the screw that has the red wire going to it, and the
screw with the green wire going to it. Now this is probably the easiest part.
 Take your modified phone cord locate and locate the two alligator clips. 
Now take the alligator clip connected to the red wire and clip it to the 
screw with the red wire going to it. Now take the alligator clip with 
the green wire hooked to it and clip it onto the screw with the green wire going to it.

STEP 6. Take your phone (either the one in your field kit, or the one 
you brought along) and hook the end of your modified phone cable with the modular
 plug on it, into the phone.

STEP 7. Pickup/Turn On your phone. If you hear a dial tone, then you have 
successfully beige boxed and you are hooked into your targets phone line.

STEP 9.(optional) Take the Sharpie out of your field kit and draw your 
local Phreak group's (if you have one) logo on it. You gotta tag your territory :P

feild kit....

    * Standard 5ft Modular Phone Cord
    * Pliers
    * Wire Cutters
    * Wire Strippers
    * Flat Head/Phillips Screw Driver
    * Small Mag Light
    * Small Mini Phone (I and Cardiacarrest recommend This Phone
    * Electrical Tape
    * 1 or 2 Modular Couplers
    * 1 or 2 Modular Splitters
    * Your modified beige boxing phone cord
    * Alligator Clips (at least 3 or 4 pairs)
    * 1 or 2 Nine Volt Batteries (or more they can be fun)
    * Sharpie (to mark up your victim if you've got a local phreaking group)
    * 3/8" Ratchet bit, and Ratchet (for opening up the Telco side of the TNI box.)
    * Busy Box (If you're feeling mean)
    * Don't forget your gloves. (latex or gardening gloves are fine though latex 
is kind of conspicuous if some one sees you) 

DiTTo boy....mute phone ...eavsdropping

Definition: A special device for eavesdropping / recording phone conversations

Most people at one time or another want to listen in on phone
conversations... but, they often get caught if they pick up an extension
phone, or if they tap into a line with a beige box and a phone without a
mute button (God forbid!) Anyway, there are a few tricks you can pull so
as not to be detected while eavesdropping. The big thing is, you need a
phone which will NOT send ANY noise out through the line. Most modern
phones have mute buttons, but they are a pain, cause you have to hold them
in the whole time you're listening, and, they often cause "line noise" to
be passed over the phone. Also, the way a lot of "1 piece" phones are
designed, it's impossible to hold in the mute button as you pick up or hang
up the phone, which ALWAYS makes some kind of noise. So, here's a quick
and dirty way to "adjust" a phone, so it has a mute SWITCH, not button. A
switch is much nicer, because you can flip it off, and not have to hold it
the whole time you're listening. Also, a switch doesn't put out the line
noise like a push-and-hold mute button does, because there is no friction
which causes the contacts to rub.
Any phone can be modified in a matter of minutes, to have a mute
switch. All it takes is an SPST (single pole single throw) switch, and a
bit of wire. A soldering iron also comes in handy. Here's what to do:

1) Open the phone, and find the microphone (mouthpiece). On newer phones
this might be tough, since they are often 1 piece of molded plastic. On older
phones, the mouthpiece cover can usually be unscrewed, allowing easy
modification. It all depends on the phone, however. Anyway, open it up,
and find the wires leading to the mic.

2) Cut ONE of the microphone wires, and strip back the insulation a bit.
If there isn't a lot of extra wire running to the mic, you might want to
solder an additional 3" on to the wire you cut, to give yourself some working

3) Find a convenient place on the phone to mount the SPST switch, and then
solder the wire you cut to the switch. This way, you'll be able to switch
the mic on and off whenever you want. Put the phone back together (TEST
your work first, though!) and you have a muteable phone. So, what do you
do with it?

Well, eavesdrop from an extension in your home, a beige box, or
wherever. The phone is silent, so you're pretty safe. Of course, you MAY
want to take it just a bit farther...

Since you have a special phone for eavesdropping, it would really
be nice to spice it up a bit. After all, it's hardly worth modifying a
phone just to add a mute switch. And it would seem pretty lame if that was
all I was gonna tell you in this file. Any moron with 3 brain cells could
figure out how to make a muteable phone. So, on to the INTERESTING stuff...

This is something I rigged up at home, and don't know if it's got an
official "box" color, or name, or whatever. I'm sure somebody somewhere
has done it, but since I never saw a file on it, I thought I'd write one.
Egotistical person I am, I'll call it a "DiTTo Box" - but for good reason.
See, it allows you to tape record any phone conversation, and also to
listen in at the same time, over a stereo or boom box. And, it uses the
muteable phone, above. Here's how it works:

All phones have a speaker in them, through which you hear the
person talking to you. What the DiTTo Box does is allow you to run the
signals through a stereo, and out the stereo speakers, instead of through
the phone speaker. To do this, you are going to need a phone dedicated to
DiTTo Boxing. Any phone will do, and you can modify it in 2 different ways
- you can make it a true DiTTo box, and it won't serve it's purpose as a
phone that you can converse on any longer, or you can make a "lower
quality" DiTTo Box, which you will still be able to use as a phone, but the
boxing quality will be slightly weakened.

The difference lies in whether or not you keep the speaker in the phone.
You can keep the speaker in the phone, and run wires from the speaker
terminals to the input lines of your stereo, and it WILL work, but the
sound quality over the stereo won't be as good. OR, you can remove the
phone speaker entirely, and in it's place connect 2 alligator clips, one to
each speaker output wire. This is a dedicated DiTTo Box. I chose to go
with the lower quality box, simply because I don't do a whole lot of
eavesdropping, and I only had 1 phone I could modify, which I also use for
beige boxing. Still, it serves my purpose both ways.

To get the box working, solder leads from the 2 speaker terminals
to alligator clips. Give yourself about 6-8 inches of wire at least! The
best length would be about 18 inches, if you plan on connecting to a home
stereo. Once the leads are soldered, you can connect them to the INPUT
jacks on your home stereo, or boom box. You can even hook them up in your car,
if your car has LINE IN or CD INPUT capability. Anyway, most stereos use
the RCA plug for connections. So, get an RCA plug off an old speaker or
something, and clip the alligator clips to it. Plug it into the stereo,
and set the selector on the reciever to accept input from the phone. Take
the phone off the hook, and you will hear a dialtone over your stereo
speakers. (yes, you MUST plug the phone into the phoneline for this to
work) Now, try dialing... you will hear the tones over the stereo. If you
have a tape deck on the stereo, you can record your phone conversations.
If you have a phone rigged up like this, and call someone, you can tape the
entire conversation, and they'll never know! Incoming calls are a bit
trickier, but they can be recorded too. The toughest part is trying to get
the stereo turned on and everything quiet before answering the phone, to
waylay any suspicion. Also, keep the stereo on LOW volume, to avoid
squealing from feedback.

There are lots of uses for a DiTTo box, and I've told only one or
two. You can use the box to record dialing tones on cassette, then carry
them with you, to be used in a cassette player at a payphone, whatever.
Plenty of possibilities exist, that's for sure. Just remember, phone
tapping and eavesdropping are classified as a FEDERAL OFFENSE, so it's best
not to get caught. Have phun, and party on!

Section 2: Cracking Member Accounts
Well what you need here is of course a password cracker. Brutus is an excellent 
choice for this, which you can find at the below link...
Now, once you have Brutus downloaded and open, you will see several options that
 are available to you. The "Target:" of course is the remote server (in this case,
 a web server) that you are targeting, and "Type:" is the type of service that the server is running that you are wanting to break through. "HTTP(Basic Auth)" should already be selected, and that's the service that you will be cracking. So everything is set as far as that is concerned. So what you will do is first select your target. First you will go to the site that you are wanting to crack, and then go to the icon that brings you to the members section login. You will right click this icon, and select "Properties". You will within Properties see the "Address" listed. This is the address for the login that we will want to crack, so you will copy and paste this address into the "Target:" bar on Brutus. There, now we have the target selected. We will now want to check the "Use Proxy" box, and click "Define" to use a p roxy server with our cracker. In this case, we have to options of using different types of socks servers, which are basically servers set up to forward traffic to it's final destination (which is the member login we are wanting to crack). That way, the crack attempt will
 only reach as far as the socks server, and you will be able to safely crack
accounts on the site. You can find a list of active socks server at the link below...
So all you do then is just simply copy the ip address into the "Proxy Address" bar, 
copy the port number into the "Proxy Port" (which by default is 1080), and select 
what type of socks server it is. Now we can make our final configurations. On the 
bottom you will see a user list and a word list. You can use the word list that 
comes with the cracker if you like, or change it for another word list that you 
feel is better, but the user list will have to be changed. To make it simple for
 you, simply define the user file as the word list. Considering I can almost
 guarantee you, on every porn site, there is at least one moron who chooses
 his password as his user name. Otherwise, if you want to take the time, 
then you can also define the combination file based on words within the 
user list, with parameters that are usually found on such sites. There
 are basically two types of redundant password schemes that you
 will want to look for when breaking into a member account on a porn 
site. As I mentioned, there of course is the accounts that have the
 password the same as the user name. For example, john:john. There are 
also variations of this like john1:john, and such. There are also 
different types of accounts that have the password correlate with 
the user name in a rather obvious fashion. For example, cookie:monster,
 or stoney:stoneman. Therefore, you can try and put together such 
redundant possibilities of password schemes within your combo file, 
and take a go at it. Otherwise, if that doesn't work, then you can just
 do a regular crack, defining the word list as both the user list and the
 word list. Well now we should have everything set, and you can just click on 
"Start" and let her rip. If you have the patience, and time, then you will get results.

Section 3: Figuring out the Directory Scheme
This section will be short and sweet, considering the method for which is rather 
obvious. There is a way you can view material from within the site itself, without
 breaking into an existing member account. This is possible because a lot of sites
 have a fairly standard directory scheme for storing their material. So let's
 discuss how such a standardized directory scheme can be exploited to our 
advantage. There are sites on the internet like www.thehun.net that offer free
 previews to different porn sites. Different sites contribute preview pages to
 the site, to give potential members a preview of the material within. However,
 these preview pages are set up within the internal database of the site. This
 allows us to get a preview of much more than the administrator wants us to, 
like a look into the directory scheme utilized within the porn site. Now, most 
administrators will be smart enough to randomize their directory scheme, so 
that the only way to really traverse through the directories, is to go through 
the member section. However, many other sites however use a incremential 
directory scheme, which allow for one to very easily traverse through the 
internal database. For example, say the address is something like porn.site.
address/some_other_directory_paths/34/ when you click the preview page. Well, 
we can very simply increment or decrement the numbered directory, to transverse 
through the internal database (i.e. /33/, /32/, etc.). We can try this 
with any numerical directory scheme that is in place to potentially tranverse 
through the internal database. You just have to use your brain.

Section 4: Conclusion
Well that covers it for this tutorial. Once again, I hope you enjoyed 
reading this as much as I enjoyed writing this. By now you should know
 enough to start breaking into different porn sites of choice, and maybe get 
into the whole xxx-cracker scene and start submitting passwords up on xxx-cracker 
forums. But that's all up to you. Anyways, until next time.... 

Supplies Required

Airport or wireless net connection card
Laptop with wireless compatibility
Various passwords to the school [Usually ADMIN, SHARE, PASSWORD, or SCHOOL]
Various programs used at the school, usually PowerGrade V 2.0 [Easily obtainable]

Get within range of the school [If running wireless connection]
Start up a net connection and go into the "Share HD."
Load up the class and file of your choice; E.G. "Share\Moore\Period 1\Grades.pwg"
Copy it to your computer, edit with PowerGrade, and rewrite the file in the school's share network.

ALT. Procedure
Go into class and open up several browsers so that you look inconspicuous. Connect to the Share directory and look for PowerGrade, normally accessible with Sherlock 2. Open up the file and change the point values of your assignments and save to the SHARE DIRECTORY ONLY!! I cannot stress this enough, because all too much, people save to the HD and get caught within the day. Then open up tons of programs until PowerGrade is no longer a "Recent Application".

Therefore, just as
easily as they can access files on their computer, so can the rest
of the world. The way that you, the intruder, would go about exploiting
this example of user ignorance is by first getting a port scanner if
you don't already have one. If you are a Windows user, probably your
best bet is to get IPEye. Though nmap is probably the best port scanner
out, it's Windows port is a tad unstable, and is not very reliable to
use. IPEye on the other hand has all the scan types of nmap, yet is
more robust and dependable than the nmap windows port. Anyways, upon
port scanning this computer you will be looking for port 139. There
is a scanner called XSharez Scanner that will scan a range of IP
addresses for the presense of this port. This is good to use if you
want to gain access into just anybody's information. Anyways, once you
find the presense of port 139 then you will go into command prompt
(Start/Run/type in "command" an d press Enter) and type in "nbtstat
-A ip.address.here" and press Enter. A list will show up with shared
resource names, and the MAC address will be listed at the bottom. If
you see a shared name with <20> beside it,then you know that file
sharing is enabled. You will then go to c:\windows(or winnt)\ and go to
lmhosts and open it with notepad. Then go to the bottom of the file and
type in the victim's ip address, and save. Then go to
Start\Find\Computer and type in the ip address and click "Find Now".
Once the computer shows up you just double click it and you're in.
There are a few other ways to do this same task, but of course, there
are countless "netbios hacking" tutorials out there you can read to
find out about other methods for this task. So this concludes it for
this section, now onto other points of entry that are not quite so
commonly discussed.

How to get it all moving
An MS-DOS prompt is the best way to do stuff, because most admins don't think 
its possible to get them and, if they do, they just can't do anything much about it.
First, open a notepad file (if your school blocks notepad, open a webpage, right
 click and go to view source. hey presto, notepad!). Now, write
and save the file as batch.bat, or anything with the extension .bat . Open this 
file and it will give you a command prompt:) (for more information on why this works, look 
to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the
 admins see it, they will kill you;)
Bypassing that pesky web filtering
Well, now you've got a command prompt, it's time to visit whatever site you want.
Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going
 to take it for granted that your school has stopped these. This one, as far as 
I know, will never be stopped.
in your command prompt, type
ping hackthissite.org
or anything else you wanna visit. Now you should have a load of info, including
 delay times and, most importantly, an IP address for the website. Simply type 
this IP address into the address bar, preceded by http://, and you'll be able 
to access the page!
For example: etc.
Now, I've noticed a lot of people have been saying that there are other ways 
to bypass web filtering, and there are. I am only mentioning the best method 
I know. Others you might want to try are:
1) Using a translator, like Altavista's Babel fish, to translate the page 
from japanese of something to english. This will bypass the filtering and 
won't translate the page, since it's already in English.
2) When you search up the site on Google, there will be a link saying 
'Cache'. Click that and you should be on.
3) Use a proxy. I recommend Proxify.com. If your school has blocked it, 
search it up on Google and do the above. Then you can search to your heart's content:)

Sending messages out over the network
Okay, here's how to send crazy messages to everyone in your school on a 
computer. In your command prompt, type
Net Send <domain> * "The server is h4x0r3d"
*Note: <domain> may not be necessary, depending on how many your school 
has access too. If it's just one, you can leave it out*
Where <domain> is, replace it with the domain name of your school. For 
instance, when you log on to the network, you should have a choice of
 where to log on, either to your school, or to just the local machine. 
It tends to be called the same as your school, or something like it. So, 
at my school, I use
Net Send Varndean * "The server is h4x0r3d"
The asterisk denotes wildcard sending, or sending to every computer in 
the domain. You can swap this for people's accounts, for example
NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"
use commas to divide the names and NO SPACES between them.

Adding/modifying user accounts
Now that you have a command prompt, you can add a new user (ie yourself) like so
C:>net user username /ADD
where username is the name of your new account. And remember, try and make it 
look inconspicuous, then they'll just think its a student who really is at school,
 when really, the person doesn't EXIST! IF you wanna have a password, use this instead:
C:>net user username password /ADD
where password is the password you want to have. So for instance the above would
 create an account called 'username', with the password being 'password'. The below 
would have a username of 'JohnSmith' and a password of 'fruity'
C:>net user JohnSmith fruity /ADD
Right then, now that we can create accounts, let's delete them:)
C:>net user JohnSmith /DELETE
This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P 
no only joking becuase they could have important work... well okay only if you 
REALLY hate them:)
Let's give you admin priveleges:)
C:>net localgroup administrator JohnSmith /ADD
This will make JohnSmith an admin. Remember that some schools may not call
 their admins 'adminstrator' and so you need to find out the name of the local
 group they belong to.
You can list all the localgroups by typing
C:>net localgroup

Running .exe files you can't usually run
In the command prompt, use cd (change directory) to go to where the file is,
 use DIR to get the name of it, and put a shortcut of it on to a floppy. Run 
the program off the floppy disk.
Well, I hope this article helped a bit. Please vote for me if you liked it:) 
Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.
I will add more as I learn more and remember stuff (I think I've left some
stuff out - this article could get very long...)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH