Jump to content
xisto Community

Spurious

Members
  • Content Count

    16
  • Joined

  • Last visited

2 Followers

About Spurious

  • Rank
    Newbie [Level 1]

Profile Information

  • Gender
    Male
  • Location
    United Kingdom
  1. I actually prefer the default Invision Power Board themes. They are quick, fast and secure. I was actually a member of T17 in those days. God knows where my account has gone must of been lost in time and space
  2. Wow, I never knew some of those could design so good!I vote for Tramposch, I like the design and color he has put into itI like the way the 2 colors come in to the center like that :lol:Well done Kyle!Spurious
  3. finally. a new one, even with a tight budget. OS - Windows 7 and upgraded memory to 3GB. Was planning for Intel processor but it only comes with a 64MB graphics, so I have chosen this because it has 512. Of course I wont use it for gaming I will use my PC instead
  4. I've recently started playing Wofenstein, the game seems good so far it almost has the quality feel like COD4/5 with a little bit of Medal of Honor type feel.I have yet to complete the game but once I've done so I will update this post and let you know what I think of the game overall.If you are playing the game or have finished the game please let me know what you think about it and what rating would you give it from 1-10 (1 being really bad and 10 being super awesome)Thanks y'all!
  5. Hello all at Xisto! I thought I best stay out of the way from the moderator's after learning my lesson. Today I was reading the news about Chelsea, Before you say no I don't support them I support the Gunners! Oh yes the one and only Gunners. Here is where I read this from. Fifa who gave the ban. After reading it, Yes I do read also . I saw that Manchester United could be next if they dont buck up there way of buying a player. Now, Chelsea are appealing against this decision strongly. Personally I think they deserved it. But I didn't think it should come on that player. What do you think? // Gunners = Arsenal
  6. I prefer to use Gmail simply because its fast and secure. I don't tend to use Operating System Software to check me emails or even add email accounts. Although over the past few weeks it has been having alot of downtime, Im not sure you have experienced this yourself. Here is a Link to why and how long it went down. Gmail said it went down for a couple of hours but I think more like 5! Same, Yahoo does take some time care and attention to set it up to your standards. I just don't have time to do that. Spurious
  7. I have a PayPal account like many of us. I am not verified on PayPal but you can still receive and send money. No it does not have to be enabled. There are two different ways. Requesting an Electronic Funds Transfer Withdrawing Funds by Check Each of these methods require that you have a bank account associated with your PayPal account. All others you dont. I have a source here from PayPal to explain a bit more.
  8. Notice from rvalkass: http://forums.xisto.com/no_longer_exists/ click
  9. Thats a good question! Well most of the company's I have owned on the forums I have used Invision Power Board. Now in most ways that is better. If I was for you I would go for Invision Power Board for the following reasons: 1. Security 2. Look & Feel 3. Modifications 4. Skins 5. Ease I would also suggets downloading a 8 hour IPB demo of their site. Below is a a about Invision Power Board.
  10. Below is some more news about how to stop hacking. Im also going to create a tutorial based on this one aswell as my other topic. Souce | With permission
  11. Hi Xisto. I found this information on the net I have actually found it very useful. Please leave your comments below I will also be creating my own tutorial about this soon (This one isnt really a tutorial) Now, "Proto(col)" simply means what kind of data transmission is taking place (TCP or UDP), "Local address" is your computer (and the number next to it tells you what port you're connected on), "Foreign Address" is the machine that is connected to you (and what port they're using), and finally "State" is simply whether or not a connection is actually established, or whether the machine in question is waiting for a transmission, or timing out etc. Now, you need to know all of Netstat's various commands, so type: netstat ? You will get something like this: Have a play around with the various options, but the most important use of these methods is when you combine them. The best command to use is netstat -an because this will list all connections in Numerical Form, which makes it a lot easier to trace malicious users....Hostnames can be a little confusing if you don't know what you're doing (although they're easily understandable, as we shall see later). Also, by doing this, you can also find out what your own IP address is, which is always useful. Also, netstat -b will tell you what ports are open and what programs are connecting to the internet. ## Types of Port ## It would be impossible to find out who was attacking you if computers could just access any old port to perform an important function; how could you tell a mail transfer from a Trojan Attack? Well, good news, because your regular, normal connections are assigned to low, commonly used ports, and in general, the higher the number used, the more you should be suspicious. Here are the three main types of port: # Well Known PortsThese run from 0 to 1023, and are bound to the common services that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp (Simple Mail Transfer Protocol) so if you find one of these ports open (and you usually will), it's usually because of an essential function. # Registered Ports These run on 1024 to 49151. Although not bound to a particular service, these are normally used by networking utilities like FTP software, Email client and so on, and they do this by opening on a random port within this range before communicating with the remote server, so don't panic (just be wary, perhaps) if you see any of these open, because they usually close automatically when the system that's running on them terminates (for example, type in a common website name in your browser with netstat open, and watch as it opens up a port at random to act as a buffer for the remote servers). Services like MSN Messenger and ICQ usually run on these Ports. # Dynamic/Private PortsRanging from 49152 to 65535, these things are rarely used except with certain programs, and even then not very often. This is indeed the usual range of the Trojan, so if you find any of these open, be very suspicious. So, just to recap: ## The hunt is on ## Now, it is essential that you know what you're looking for, and the most common way someone will attack your machine is with a Trojan. This is a program that is sent to you in an email, or attempts to bind itself to one of your ports, and when activated, it can give the user your passwords, access to your hard drive...they can even make your CD Tray pop open and shut. At the end of this Document, you will find a list of the most commonly used Trojans and the ports they operate on. For now, let's take another look at that first example of Netstat.... Now, straight away, this should make more sense to you. Your computer is connected on two ports, 80 and 27374. Port 80 is used for http/www transmissions (ie for all intents and purposes, its how you connect to the net, although of course it's a lot more complicated than that). Port 27374, however, is distinctly suspicious; first of all, it is in the registered port range, and although other services (like MSN) use these, let's assume that you have nothing at all running like instant messengers, webpages etc....you're simply connected to the net through proxy. So, now this connection is looking even more troublesome, and when you realise that 27374 is a common port for Netbus (a potentially destructive Trojan), you can see that something is untoward here. So, what you would do is: ## Tracerouting ## Having the attacker's IP is all well and good, but what can you do with it? The answer is, a lot more! It's not enough to have the address, you also need to know where the attacker's connections are coming from. You may have used automated tracerouting tools before, but do you jknow how they work? Go back to MSDOS and type Now, what happens is, the Traceroute will show you all the computers inbetween you and the target machine, including blockages, firewalls etc. More often than not, the hostname address listed before the final one will belong to the Hacker's ISP Company. It'll either say who the ISP is somewhere in there, or else you run a second trace on the new IP/hostname address to see who the ISP Company in question is. If the Hostname that you get back doesn't actually seem to mention an actual geographical location within its text, you may think all is lost. But fear not! Suppose you get a hostname such as http://haha.com/ Well, that tells us nothing, right? Wrong....simply enter the hostname in your browser, and though many times you will get nothing back, sometimes it will resolve to an ISP, and from there you can easily find out its location and in what areas they operate. This at least gives you a firm geographical location to carry out your investigations in. If you STILL have nothing, as a last resort you COULD try connecting to your target's ISP's port 13 by Telnet, which will tell you how many hours ahead or behind this ISP is of GMT, thus giving you a geographical trace based on the time mentioned (although bear in mind, the ISP may be doing something stupid like not having their clocks set correctly, giving you a misleading trace. Similarly, a common tactic of Hackers is to deliberately have their computer's clock set to a totally wrong time, so as to throw you off the scent). Also, unless you know what you're doing, I wouldn't advise using Telnet (which is outside the parameters of this tutorial). ## Reverse DNS Query ## This is probably the most effective way of running a trace on somebody. If ever you're in a chatroom and you see someone saying that they've "hacked into a satellite orbiting the Earth, and are taking pictures of your house right now", ignore them because that's just bad movie nonsense. THIS method is the way to go, with regard to finding out what country (even maybe what State/City etc) someone resides, although it's actually almost impossible to find an EXACT geographical location without actually breaking into your ISP's Head Office and running off with the safe. To run an rDNS query, simply go back to MS-DOS and type netstat and hit return. Any active connections will resolve to hostnames rather than a numerical format. # DNS DNS stands for Domain Name Server. These are machines connected to the Internet whose job it is to keep track of the IP Addresses and Domain Names of other machines. When called upon, they take the ASCII Domain Name and convert it to the relevant numeric IP Address. A DNS search translates a hostname into an IP address....which is why we can enter "https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033; and get the website to come up, instead of having to actually remember Hotmail's IP address and enter that instead. Well, Reverse DNS, of course, translates the IP Address into a Hostname (ie - in letters and words instead of numbers, because sometimes the Hacker will employ various methods to stop Netstat from picking up a correct Hostname). So, for example, 298.12.87.32 is NOT a Hostname. mail6.bol.net.au IS a Hostname. Anyway, see the section at the end? (au) means the target lives in Australia. Most (if not all) hostnames end in a specific Country Code, thus narrowing down your search even further. If you know your target's Email Address (ie they foolishly sent you a hate mail, but were silly enough to use a valid email address) but nothing else, then you can use the Country codes to deduce where they're from as well. You can also deduce the IP address of the sender by looking at the emails header (a "hidden" line of code which contains information on the sender)...on Hotmail for example, go to Preferences, and select the "Full Header's Visible" option. Alternatively, you can run a "Finger" Trace on the email address, at: http://www.samspade.org/ Plus, some ISP's include their name in your Email Address with them too (ie Wanadoo, Supanet etc), and your Hacker may be using an email account that's been provided by a Website hosting company, meaning this would probably have the website host's name in the email address (ie Webspawners). So, you could use the information gleaned to maybe even hunt down their website (then you could run a website check as mentioned previously) or report abuse of that Website Provider's Email account (and thus, the Website that it goes with) to abuse@companynamegoeshere.com If your Hacker happens to reside in the USA, go to: https://www.usps.com/ for a complete list of US State abbreviatons. ## List of Ports commonly used by Trojans ## Please note that this isn't a complete list by any means, but it will give you an idea of what to look out for in Netstat. Be aware that some of the lower Ports may well be running valid services. UDP: 1349 Back Ofrice DLL 31337 BackOfrice 1.20 31338 DeepBO 54321 BackOfrice 2000 TCP: 21 Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash 23 Tiny Telnet Server 25 Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator, WinPC, WinSpy, Kuang2 0.17A-0.30 31 Hackers Paradise 80 Executor 456 Hackers Paradise 555 Ini-Killer, Phase Zero, Stealth Spy 666 Satanz Backdoor 1001 Silencer, WebEx 1011 Doly Trojan 1170 Psyber Stream Server, Voice 1234 Ultors Trojan 1243 SubSeven 1.0 - 1.8 1245 VooDoo Doll 1492 FTP99CMP 1600 Shivka-Burka 1807 SpySender 1981 Shockrave 1999 BackDoor 1.00-1.03 2001 Trojan Cow 2023 Ripper 2115 Bugs 2140 Deep Throat, The Invasor 2801 Phineas Phucker 3024 WinCrash 3129 Masters Paradise 3150 Deep Throat, The Invasor 3700 Portal of Doom 4092 WinCrash 4567 File Nail 1 4590 ICQTrojan 5000 Bubbel 5000 Sockets de Troie 5001 Sockets de Troie 5321 Firehotcker 5400 Blade Runner 0.80 Alpha 5401 Blade Runner 0.80 Alpha 5402 Blade Runner 0.80 Alpha 5400 Blade Runner 5401 Blade Runner 5402 Blade Runner 5569 Robo-Hack 5742 WinCrash 6670 DeepThroat 6771 DeepThroat 6969 GateCrasher, Priority 7000 Remote Grab 7300 NetMonitor 7301 NetMonitor 7306 NetMonitor 7307 NetMonitor 7308 NetMonitor 7789 ICKiller 8787 BackOfrice 2000 9872 Portal of Doom 9873 Portal of Doom 9874 Portal of Doom 9875 Portal of Doom 9989 iNi-Killer 10067 Portal of Doom 10167 Portal of Doom 10607 Coma 1.0.9 11000 Senna Spy 11223 Progenic trojan 12223 HackĀ“99 KeyLogger 12345 GabanBus, NetBus 12346 GabanBus, NetBus 12361 Whack-a-mole 12362 Whack-a-mole 16969 Priority 20001 Millennium 20034 NetBus 2.0, Beta-NetBus 2.01 21544 GirlFriend 1.0, Beta-1.35 22222 Prosiak 23456 Evil FTP, Ugly FTP 26274 Delta 30100 NetSphere 1.27a 30101 NetSphere 1.27a 30102 NetSphere 1.27a 31337 Back Orifice 31338 Back Orifice, DeepBO 31339 NetSpy DK 31666 BOWhack 33333 Prosiak 34324 BigGluck, TN 40412 The Spy 40421 Masters Paradise 40422 Masters Paradise 40423 Masters Paradise 40426 Masters Paradise 47262 Delta 50505 Sockets de Troie 50766 Fore 53001 Remote Windows Shutdown 54321 SchoolBus .69-1.11 61466 Telecommando 65000 Devil ## Summary ## I hope this tutorial is useful in showing you both how to secure yourself against unwanted connections, and also how to determine an attacker's identity. The Internet is by no means as anonymous as some people think it is, and although this is to the detriment of people's security online, this also works both ways....it IS possible to find and stop even the most determined of attackers, you just have to be patient and keep hunting for clues which will help you put an end to their exploits. > Tracing a hacker > Written by: Paperghost [paperghost@vitalsecurity.org] > http://sunbeltblog.blogspot.de/ > Loyalty and Protection for All our Families > 24/02/2005 Source BeepingComputer | With permission from owner. Spurious
  12. Congratulations, galexcd to the moderation team! I dont know you, So I cant really comment about you I respect and like moderators that say that because you can always garuntee they will play a good role in the moderation team.
  13. Ive been looking for a non-Javascript code but still not found one. When I first looked at it, it didn't look like js but it does now.
  14. Thank-you for the tutorial much appreciated! There is an easy way to get around .bat without an RM error. I will post a tutorial soon. When we was at school we called them technicians. But things have changed .
  15. Hello Xisto members!I recently signed up today after being referred by OpaQue.I hope I am welcomed here.
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.