hackers.blackbook_1.pdf

Hacker's Black book

Hacker's Black Book

This report is helpful in two different regard. It is to give the possibility to humans, who

lost their password, of back-getting and for owners of Websites possible with protected

contents of making it by application of simple techniques without long waiting periods to

protect these contents.

Web masters, which know the techniques described in this report, have substantially

better prospects to protect your Website surely from intruders.

Under the URL:

Hacker’s Blackbook

HTTP://speedometer.de/banner/secure/ the member range is to this report. There

you find to utilities and Tools, in order to do the techniques over again described in

this report.

Their Login: januar2000

Their password: xxx2345

Hacker’s Blackbook

Table of contents

Topic

Side

Javascript password protection systems

HTACCESS Passwortschutzsysteme

Weak passwords

Direct chopping of the password file

The din Tools

Phreaken

Pictures not in protected listings

Pack Sniffing

Trojan horses - NetBus and BackOrifice

Tip of the author

Legal aspects

The career profile of the hacker

Anonymous working

My working environment

Iportant one left

Hacker’s Blackbook

Javascript password protection systems

The simplest kind of password protection systems is the so-called JavaSeript

protection. To enter requested the user when entering a side or when clicking a

certain left in addition a password. This kind of protection is very simple and offers

only a Minumum at protection. When regarding the HTML source code of the side

then often a Javascript code is similar to the following:

<head><title> Website-Titel </title> <script><P>

function jproto() {

pass=prompt("Enter your password","password");

if (pass = "nasenbaer") {

document.location.href=http://protectedserver.com/index.html;

}

else {

alert( "Password incorrect!" );

}

</script>

</head><P>

As one sees, the entered password is compared and with correctness to indicated

URL jumps. Now one sees, how the password was called and it can enter simply or

select directly the goal URL.

Often also the password is used, in order to generate goal URL. For example the secret

goal URL HTTP could: members. more protectedserver. com/members/hu8621s. htm,

which Passwort"hu862ls "coded as part of the URL. The appropriate protective function

in the HTML code of the side would look then as follows:

fucnction jprot () {

pass=prompt ("Enter your password", "passwords");

Hacker’s Blackbook

document. location. href="http. members. Proteetedserver. com/members /

"+pass+". HTML ";

}

Here more protection than in exists the first variant, however the listings are by

means of the HTTP server against bad would often not list the listing estimated. One

selects the URL by means of the Browsers

http://members.protectedserver.com/members/ hu8621.shtm directly into the

Browser, then one receives often a listing of all HTML sides in this listing, thus also

the side, which is started over the Javascript password protection.

fucnction jprot () {<P>

pass=prompt ("Enter your password","password");

document.location.href="http.//members.Proteetedserver. com/members/

"+pass+".html";

}<P>

HTACCESS Passwortschutzsysteme

Nearly all Web servers used today control the so-called HTACCESS password

protection. First it from the Apache Web server begun, meanwhile are however

many other Web servers to the HTACCESS standard compatible. Therefore it is

used also very frequently by so-called Paysites. Z. B. the Websites www. playgal.

com or www. hotsex. com use this protective mechanism.

A Website, which uses HTACCESS, is to be recognized by the fact that with enter

the member range a Popup dialogue appears (not Javascript-generated), which

measured following looks:

PICTURE MISSING

In order to understand the function of this protection, one should know some

Gmndlagen of the Unix operating system. Under Unix (and/or Linux, BSD etc.. and

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: