• Codeby web-security - Курс "Тестирование Веб-Приложений на проникновение с нуля" от команды codeby. Общая теория, подготовка рабочего окружения, пассивный фаззинг и фингерпринт, Активный фаззинг, Уязвимости, Пост-эксплуатация, Инструментальные средства, Social Engeneering и многое другое. Подробнее ...

  • Мобильный клиент нашего форума для Android гаджетов доступен в Google Play Market по этой ссылке. Клиент можно скачать с нашего форума по этой ссылке. Последняя версия МК в нашем телеграм канале вот здесь. Мобильный клиент для IOS находится в itunes по этой ссылке

What shall we start with? Without bigotry

AnnaDavydova

Перевожу для codeby
06.08.2016
88
490
#1
We should think about things differently, without bigotry, open our eyes. We must realize our targets. If we come back in that era, 90% of people were engaged in the subject by the love to knowledge, and not as nowadays answering the questions:

HOW CAN I USE BOTNET ATTACK AND HACK THE BANK? HOW CAN I GET DUMP? No, at that time it was not so vivid. The first thing why people came was the wish to get Internet, it was the necessity. Then more, knowledge came into the mind, brains accepted it eagerly, then the action started.


The first serious forum was web-hack.ru. It was serious for me. I was quickly answered there and was helped to solve problems. There were some others - oszone.ru, SEclub – informational resource, bugtrack, PacketStorm – it was the full set of that time. We can mention void rst, a lot of magazines, such as Codepimps and 2600.


So, web-hack – is a very popular resource. There were many newbies. They were given help, that’s why they stayed there. Serious people didn’t respect that project so much, they called it POP. But nevertheless it worked and it was good. Here is the link to time machine


Для просмотра контента необходимо: Войти или зарегистрироваться


Pay attention to such subjects as hacking and security =) now they seem naïve and childish. But at that time they were the main items.



Who remembers?


КАХТ, no КАНТ! NO, КАХТ! =) It was strong utility at that time.


Here is a brief summary from one of the mega hack portal


KaHt2 we take what we want

So, let’s start: KaHt2

This exploit uses well known RPC DCOM in Windows 2000 and ХP.

RPC DCOM is very old and there are a lot of corrections. But it is still urgent (at least at my provider I can find many people on this subject). We can use it till net uses Windows 2000 and ХP.

What do we need? Practically nothing but KaHt2 itself, PassViev (only PRO version, otherwise we cannot do anything), by all means, FTP server named pablos_ftp_server (I used version 1_52). So, that’s it. Well, let’s search all this stuff in the Internet. Found? Let’s continue.
For easy using we deploy software on hard disc in a definite order. FTPServer, kaHt2.exe and EXPORT.BAT should be installed in C:/ directory., А PassViev must be placed in C:/TEMP (if you don’t have it, create it) and rename into PassViev.exe в 6.exe or any other at your choice. It’s for not to have a problem in writing it in command line.


EXPORT.BAT must be in one file with КаХT; if you didn’t find, we create EXPORT.BAT file with our hands in our favourite .txt extension with texts (
Для просмотра контента необходимо: Войти или зарегистрироваться
)

RPC DCOM 2

There appeared new wave of hacker’s attacks. The most gifted started to develop their terminals with compromised machines for post exploitation. But it was really a hard task – 90% of your internet time you spend via modem, that’s why you were online not very often. It was a great luck if you had a machine in some company and you were always online.

Why I drew attention to it? These two utilities gave new possibility to touch EXPLOIT. Having played with it, people started to find exploits and discovered that they were a lot! There was only one thing – they were in .txt extension and didn’t hack anything. There immediately came another wave of Spiders (from the word Spider – scanner of xSpider). It was a huge wave, and forums were full of the following topics:

Guys! I hack provider! Spider hacked me here! What port should I enter?

Here is the port with logs and screenshots

1520968618684.png


1520968633922.png




There were 30-40 such topics during a day!!!

Scanner was nice and fine, I searched something there. It was rather interesting than use Google on uploader.php. It’s not a secret, I also used it, rst, uploaded and learned to use some UNIX system, I made def, screen on the forum and chat etc. It was very necessary and important at that time. If you do all these things, you will get useful information.

Spider +
Shadow Sec Scaner



1520968649572.png



Languard Sec Scaner


1520969116130.png




Beautiful trace to play hacker.


1520968775722.png


That was the set. Everything was good, but the word EXPLOIT disturbs. Scanning some resource, you found out that you need it. Digging deeper, I realized one more thing – when you compromise the system, what should you do next? You wanted more. I wanted to know what was there in the other system, what it consisted of, what was the world of IRC which was available through console panel.
I spent 4 months for learning LINUX.

  • Bought in the shop RеdHаrd 7.0 with a book, couldn’t get modem.
  • FreeBSD could do nothing.
  • Mandriva – rescue =) operated at once!
I ordered all discs of 9.2 Fivestar version and it was done!!


Even Mandriva was difficult for me. I don’t write the facts not concerning information. My second life and work started due to this subject. At that time I had very top hardware – I waited for CPU and video card more than a month – they were just been released, computer body arrived from abroad and its price was equal to second-hand national car, LCD monitor 20 inches. Sound system was great. I fell in love with digital world. Despite the fact that I had life, friends, good job in real world, the best part of my life was spent in digital world. I’d like to note, without any boasting, I saved money, borrowed it for hardware, i.e. I was fully obsessed with the idea of having such a system. It was the great motivation for me to study new subjects. The first thing one should understand that something extraordinary like LINUX launched on a good hardware was equal to cyberpunk of the future.

Secondly, I was aware of the fact that if I deal with information security, it will be necessary to recollect passwords what you can managed to do only on top hardware. I started to learn C++ because some exploits did not work (protection from lamer) – so, I had to correct them. And they really worked perfectly! Especially I can remember with pleasure Ptrace, IIS, apache root, ftp root, using ssh – evading authorization. I didn’t make defaces anymore, it became too boring. The main interest for me was to understand how it was made inside.

The first time I thought that if I entered another system, it would look like this:

1520968812044.png


Having played with LINUX, I understood how it works =)



At that time admins had very simple passwords, if you managed to get passwd or shadow, John Ripper did it quickly. That was the new era in my life. The other name was era of 3 days without sleeping; and eating and drinking at the computer. The reason of it was dialing up, exploit that was compromising IIS (Internet Information Services). And so you had only 5 seconds to bind the shell. And if you didn’t manage to succeed, you must sit and wait. Also it was very interesting to get access to some documents – either technical documentation, or some other reports, and books concerning UNIX =) I started to learn Perl, I wrote a script that combined 2 exploits. I ordered a lot of books from OZON.RU which I read with a great pleasure. The feeling that you are on the wave with technologies gave me a lot of energy.



to be continued...


Taken from C чего начать свой путь? Без фанатизма
 
Последнее редактирование:
Вверх Снизу