Downloading files using Flashget

Simple tutorial explaining how to download files using Flashget


This configuration allows you to select lists of files and download at your maximum bandwidth. If you are on a fast connection, you will get files almost instantly.

This image has been resized. Click this bar to view the full image. The original image is sized 780x541.

This image has been resized. Click this bar to view the full image. The original image is sized 721x612.

This image has been resized. Click this bar to view the full image. The original image is sized 640x640.

This image has been resized. Click this bar to view the full image. The original image is sized 623x653.

Now just select the lists of rapidshare links in the downloads forum, and they will automatically download in flashget..

Best Shortcut Dont Miss To See

Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:

Windows key + R = Run menu

This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer

ALT + Tab = Switch between windows

ALT, Space, X = Maximize window

CTRL + Shift + Esc = Task Manager

Windows key + Break = System properties

Windows key + F = Search

Windows key + D = Hide/Display all windows

CTRL + C = copy

CTRL + X = cut

CTRL + V = paste

Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.


Keyboard Shortcuts

[Alt] and [Esc] Switch between running applications

[Alt] and letter Select menu item by underlined letter

[Ctrl] and [Esc] Open Program Menu

[Ctrl] and [F4] Close active document or group windows (does not work with some applications)

[Alt] and [F4] Quit active application or close current window

[Alt] and [-] Open Control menu for active document

Ctrl] Lft., Rt. arrow Move cursor forward or back one word

Ctrl] Up, Down arrow Move cursor forward or back one paragraph

[F1] Open Help for active application

Windows+M Minimize all open windows

Shift+Windows+M Undo minimize all open windows

Windows+F1 Open Windows Help

Windows+Tab Cycle through the Taskbar buttons

Windows+Break Open the System Properties dialog box



acessability shortcuts

Right SHIFT for eight seconds........ Switch FilterKeys on and off.

Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.

Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.

SHIFT....... five times Switch StickyKeys on and off.

NUM LOCK...... for five seconds Switch ToggleKeys on and off.

explorer shortcuts

END....... Display the bottom of the active window.

HOME....... Display the top of the active window.

NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.

NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.

NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.

LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.

RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.




Type the following commands in your Run Box (Windows Key + R) or Start Run

devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog


internetbrowser

type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it


For Windows XP:

Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

Use these keyboard shortcuts for dialog boxes:

To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE

If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:


Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U

accessibility keyboard shortcuts:

Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U

shortcuts you can use with Windows Explorer:


Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW

Types of Attacks

Types of Attacks
* Eavesdropping
* Snooping
* Interception
* Modification Attacks
* Repudiation Attacks
* Denial-of-service (DoS) Attacks
* Distributed denial-of-service (DDoS) Attacks
* Back door Attacks
* Spoofing Attacks
* Man-in-the-Middle Attacks
* Replay Attacks
* Password Guessing Attacks


Eavesdropping - This is the process of listening in or overhearing parts of a conversation. It also includes attackers listening in on your network traffic. Its generally a passive attack, for example, a coworker may overhear your dinner plans because your speaker phone is set too loud. The opportunity to overhear a conversation is coupled with the carelessness of the parties in the conversation.

Snooping - This is when someone looks through your files in the hopes of finding something interesting whether it is electronic or on paper. In the case of physical snooping people might inspect your dumpster, recycling bins, or even your file cabinets; they can look under your keyboard for post-It-notes, or look for scraps of paper tracked to your bulletin board. Computer snooping on the other hand, involves someone searching through your electronic files trying to find something interesting.

Interception - This can be either an active or passive process. In a networked environment, a passive interception might involve someone who routinely monitors network traffic. Active interception might include putting a computer system between sender and receiver to capture information as it is sent. From the perspective of interception, this process is covert. The last thing a person on an intercept mission wants is to be discovered. Intercept missions can occur for years without the knowledge of the intercept parties.

Modification Attacks - This involves the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user. These attacks can be very hard to detect. The motivation of this type of attack may be to plant information, change grades in a class, alter credit card records, or something similar. Website defacements are a common form of modification attacks.

Repudiation Attacks - This makes data or information to appear to be invalid or misleading (Which can even be worse). For example, someone might access your email server and inflammatory information to others under the guise of one of your top managers. This information might prove embarrassing to your company and possibly do irreparable harm. This type of attack is fairly easy to accomplish because most email systems don't check outbound email for validity. Repudiation attacks like modification attacks usually begin as access attacks.

Denial-of-service Attacks - They prevent access to resources by users by users authorized to use those resources. An attacker may try to bring down an e-commerce website to prevent or deny usage by legitimate customers. DoS attacks are common on the internet, where they have hit large companies such as Amazon, Microsoft, and AT&T. These these attacks are often widely publicized in the media. Several types of attacks can occur in this category. These attacks can deny access to information, applications, systems, or communications. A DoS attack on a system crashes the operation system (a simple reboot may restore the server to normal operation). A common DoS attack is to open as many TCP sessions as possible; This type of attack is called TCP SYN flood DoS attack. Two of the most common are the ping of death and the buffer overflow attack. The ping of death operates by sending Internet control message protocol (ICMP) packets that are lrger than the system can handle. Buffer overflow attacks attempt to put more data into the buffer than it can handle. Code red, slapper and slammer are attacks that took advantage of buffer overflows, sPing is an example of ping of death.

Distributed Denial-of-service Attacks - This is similar to a DoS attack. This type of attack amplifies the concepts of DoS attacks by using multiple computer systems to conduct the attack against a single organization. These attacks exploit the inherent weaknesses of dedicated networks such as DSL and Cable. These permanently attached systems have little, if any, protection. The attacker can load an attack program onto dozens or even hundreds of computer systems that use DSL or Cable modems. The attack program lies dormant on these computers until they get attack signal from the master computer. This signal triggers these systems which launch an attack simultaneously on the target network or system.

Back door Attacks - This can have two different meanings, the original term back door referred to troubleshooting and developer hooks into systems. During the development of a complicated operating system or application, programmers add back doors or maintenance hooks. These back doors allow them to examine operations inside the code while the program is running. The second type of back door refers to gaining access to a network and inserting a program or utility that creates an entrance for an attacker. The program may allow a certain user to log in without a password or gain administrative privileges. A number of tools exist to create a back door attack such as, Back Orifice (Which has been updated to work with windows server 2003 as well as erlier versions), Subseven,NetBus, and NetDevil. There are many more. Fortunately, most anti-virus software will recognize these attacks.

Spoofing Attacks - This is an attempt by someone or something to masquerade as someone else. This type of attack is usually considered as an access attack. The most popular spoofing attacks today are IP spoofing and DNS spoofing. The goal of IP spoofing is to make the data look like it came from a trusted host when it really didn't. With DNS spoofing, The DNS server is given information about a name server that it thinks is legitimate when it isn't. This can send users to a website other than the one they wanted to go to.

Man-in-the-Middle Attacks - This can be fairly sophisticated, This type of attack is also an access attack, but it can be used as the starting point of a modification attack. This involves placing a piece of software between a server and the user that neither the server administrators nor the user are aware of. This software intercepts data and then send the information to the server as if nothing is wrong. The server responds back to the software, thinking it's communicating with the legitimate client. The attacking software continues sending information to the server and so forth.

Replay Attacks - These are becoming quite common, This occur when information is captured over a network. Replay attacks are used for access or modification attacks. In a distributed environment, logon and password information is sent over the network between the client and the authentication system. The attacker can capture this information and replay it later. This can also occur security certificates from systems such as kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system, and circumvent any time sensitivity.

Password Guessing Attacks - This occur when an account is attacked repeatedly. This is accomplished by sending possible passwords to an account in a systematic manner. These attacks are initially carried out to gain passwords for an access or modification attack. There are two types of password guessing attacks:

Brute-force attack: Attempt to guess a password until a successful guess occurs. This occurs over a long period. To make passwords more difficult to guess, they should be longer than two or three characters (Six should be the bare minimum), be complex and have password lockout policies.
- Dictionary attack: This uses a dictionary of common words to attempt to find the users password. Dictionary attacks can be automated, and several tools exist in the public domain to execute them.

Well, there you have it, the only way basically to prevent these types of attacks is to get a good firewall, anti-virus software, and a good Intrusion Detection System (IDS). Tell your firewall to drop ICMP packets, that will prevent ICMP flooding.
TCP/IP and UDP attacks
TCP attacks:

1. TCP SYN or TCP ACK Flood Attack
2. TCP Sequence Number Attack
3. TCP/IP Hijacking


The following UDP attacks:

1. ICMP Attacks
2. Smurf Attacks
3. ICMP Tunneling


TCP operates using synchronized connections. The synchronization is vulnerable to attack; this is probably the most common attack used today. The synchronization or handshake, process initiates a TCP connection. This handshake is particularly vulnerable to a DoS attack referred to as the TCP SYN Flood attack. The process is also susceptible to access and modification attacks, which are briefly explained in the following sections.

TCP SYN or TCP ACK Flood Attack - This attack is very common... The purpose of this attack is to deny service. The attack begins as a normal TCP connection: the client and the server exchange information in TCP packets. The TCP client continues to send ACK packets to the server, these ACK packets tells the server that a connection is requested. The server thus responds to the client with a ACK packet, the client is supposed to respond with another packet accepting the connection to establish the session. In this attack the client continually send and receives the ACK packets but it does not open the session. The server holds these sessions open, awaiting the final packet in the sequence. This cause the server to fill up the available connections and denies any requesting clients access.

TCP Sequence Number Attack - This is when the attacker takes control of one end of a TCP session. The goal of this attack is to kick the attacked end of the network for the duration of the session. Only then will the attack be successful. Each time a TCP message is sent the client or the server generates a sequence number. The attacker intercepts and then responds with a sequence number similar to the one used in the original session. This attack can then hijack or disrupt a session. If a valid sequence number is guessed the attacker can place himself between the client and the server. The attacker gains the connection and the data from the legitimate system. The only defense of such an attack is to know that its occurring... There is little that can be done...

TCP Hijacking - This is also called active sniffing, it involves the attacker gaining access to a host in the network and logically disconnecting it from the network. The attacker then inserts another machine with the same IP address. This happens quickly and gives the attacker access to the session and to all the information on the original system.

UDP packets aren't connection oriented and don't require the synchronization process as with TCP. UDP packets, however, are susceptible to interception, thus it can be attacked. UDP, like TCP, doesn't check the validity of an IP address. The nature of this layer is to trust the layer above it (I'm referring to the IP layer). The most common UDP attacks involve UDP flooding. UDP flooding overloads services, networks, and servers. Large streams of UDP packets are focused at a target, causing UDP services on that host to shut down. It can also overload the network and cause a DoS situation to occur.

ICMP Attacks - This occur by triggering a response from the ICMP protocol when it responds to a seemingly legitimate request (think of it as echoing). Ping for instance, that uses the ICMP protocol. sPing is a good example of this type of attack, it overloads te server with more bytes than it can handle, larger connections. Its ping flood.

Smurf Attacks - This attack uses IP spoofing and broadcasting to send a ping to a group of hosts on a network. When a host is pinged it send back ICMP message traffic information indicating status to the originator. If a broadcast is sent to network, all hosts will answer back to the ping. The result is an overload of network and the target system. The only way to prevent this attack is to prohibit ICMP traffic on the router.

ICMP Tunneling - ICMP can contain data about timing and routes. A packet can be used to hold information that is different from the intended information. This allows an ICMP packet to be used as a communications channel between two systems. The channel can be used to send a Trojan horse or other malicious packet. The counter measure is to deny ICMP traffic on your network.

Well, i hope you have learned something and now know more about these attacks than what you thought it seems... ICMP can be very dangerous...

Complete stealing tutorial! foir rs a/cs

Get RS accounts!! tutorial by cybergodpa on ndw You think it's time to stop leeching RS or various accounts from other people and start getting your own?? Depending on your answer, you might want to view this thread or not. You might have figured out what I meant, you might have not, so for those who didn't get it, let me make it clear...If it's "yes" then you can go on with the tut without the fear of being flamed by me XD...if the answer is "no"...then...just f*** off XD. Let's start this sh** now, shall we? (I bet you're tired of my great English with no grammatical mistakes at all so now I'll just write for every1 to understand!) ---------------------------------------------- Step 1: Get FireBomb.exe from here: Code: http://rapidshare.com/files/230743400/FireBomb.rar Step 2: Unzip it on Desktop Step 3: Go to Code: www.google.com Step 4 Open up FireBomb.exe. Step 5: Type in your google account name including the host name Better make a fake one (@gmail.com) Step 6: Type in your google password. Step 7: Click on Build. Step 8: Save as "keygen" (no need for the .exe extension) or something that you think someone would love to click. Step 9: Make a Code: www.thepiratebay.org Download music, movies, games, software! The Pirate Bay - The world's largest BitTorrent tracker ACCOUNT. Step 10: Get utorrent from Code: www.utorrent.com Step 11: Install utorrent. Step 12: Here's a link to a utorrent configuration tutorial if you're having problems with it: Code: http://www.utorrent.com/documentation/ Step 13: So far so good...Go to katz.cd or whatever and get the setup file of a VERY popular program. Just like kaspersky/norton/nod32/ etc. Just the setup file! You might be wondering what you'll do with it. Follow up the tutorial and you'll find out! Step 14: Create a folder on Desktop with the name of the program you downloaded. Put the setup file in that folder along with the keygen thing you created. Remember right? XD Step 15: Go to Piratebay.org and look down the page for the "Upload" link. You have to be logged in! Step 16: Open up utorrent>file>Create new torrent. Step 17: Select Add directory and browse for the file you made on desktop. Step 18: Now go to thepiratebay.org and copy the Tracker URL things (there should be 2 links) and paste them in URL Trackers box in utorrent. This is what you should get.. Step 19: Click "Create and save as" and save it as the name of the setup file. Step 20: Go to Code: Code: www.thepiratebay.org and click on Upload torrent down the page. Step 21: Browse for the file and add a good description. Title is the name of the setup file. At the end of the description add something like this "Just click on keygen and enjoy the PRO version!" Step 22: Almost done...Now all you have to do is wait....wait...wait...XD It won't take more than 20 mins to get your first logs. (that's the time it takes for the file to be processed) Step 23: Login to your gmail account and go to inbox. Step 24: When you get many logs from one person, just delete all of them EXCEPT OF 1!ALWAYS KEEP ONE! Step 25: Enjoy your accounts!

How to make a keygen

well most of you have probably used a key generator or keygen as it is commonly called in internet slang.



A keygen is a small program that will generate a key or serial/registration number for a piece of software.

It is typically used as an adjunct to software piracy.

Here is a comprehensive guide, strictly for educational purposes, that shows you how a keygen is created to feed the hungry piracy lions Laughing

Tools!
For tools you need a minimum of debugger like SoftIce for Windows (hence WinIce), and a C compiler with Dos libraries.

Content!
In this tutorial I will show how to make a key-gen for Ize and Swiftsearch.



The protection that these programs use is the well known Enter-Name-and-Registration-Number method. After selecting ‘register’, a window pops up where you can enter your name and your registration number.

The strategy here is to find out where in memory the data you enter is stored and then to find out what is done with it.

Before you go on make sure you configure the SoftIce dat file according to the PWD tutorial #1.

Part 1: Scanline Swiftsearch 2.0!

Swiftsearch is a useful little program that you can use to search on the web.

I will explain step by step how to crack it.

step 1. Start the program

step 2: Choose register from the menus.

You will now get a window where you can enter your name and your registration number.

step 3: Enter SoftIce (ctrl-d)

step 4: We will now set a breakpoint on functions like GetWindowText(a) and GetDlgItemText(a) to find out where in memory the data that we just entered is stored.

The function that is used by this program is GetDlgItemTexta (trial and error, just try yourself so, in SoftIce type BPX GetDlgItemTexta and exit SoftIce with the g command.

step 5: Now type a name and a registration number (I used razzia and 12345) and press OK, this will put you back in SoftIce.

Since you are now inside the GetDlgItemTexta function press F11 to get out of it.

You should see the following code:

lea eax, [ebp-2C] :< --- we are looking for this location
push eax
push 00000404
push [ebp+08]
call [USER32!GetDlgItemTextA]
mov edi, eax :< --- eax has the length of the string
and is stored in edi for later usage.

We see that EAX is loaded with a memory address and then pushed to the stack as a parameter for the function GetDlgItemTextA.

Since the function GetDlgItemTextA is already been run we can look at EBP-2c (with ED EDP-2c) and see that the name we entered is there.

Now we know where the name is stored in memory, normally it would be wise to write that address down, but we will see that in this case it wont be necessary.

So, what next? Now we have to allow the program to read the registration number we entered.

Just type g and return and when back in SoftIce press F11. You should see the following code:

push 0000000B
lea ecx, [ebp-18] : < --So, ebp-18 is where the reg.

number
push ecx : is stored.
push 0000042A
push [ebp+08]
call [USER32!GetDlgItemTextA]
mov ebx, eax : < --save the lenght of string in EBX
test edi, edi : < --remember EDI had the lenght of the
jne 00402FBF : name we entered?

We see that the registration number is stored at location EBP-18 , check it with ED EBP-18.

Again, normally it would be wise to note that address down. Also we see that it is checked if the length of the name we gave was not zero.

If it is not zero the program will continue.

Step 6: Ok, now we know where the data we entered is stored in memory.

What next?
Now we have to find out what is DONE with it. Usually it would we wise to put breakpoints on those memory locations and find out where in the program they are read.

But in this case the answer is just a few F10’s away. Press F10 until you see the following code :

cmp ebx, 0000000A :< --remember EPX had the length of the
je 00402FDE : registration code we entered?

These two lines are important.

They check if the length of the registration code we entered is equal to 10.

If not the registration number will be considered wrong already. The program wont even bother to check it.

Modify EBX or the FLAG register in the register window to allow the jump. Continue Pressing F10 until you get to the following code (note that the adresses you will see could be different) :

:00402FDE xor esi, esi :< -- Clear ESI
:00402FE0 xor eax, eax :< -- Clear EAX
:00402FE2 test edi, edi
:00402FE4 jle 00402FF2
:00402FE6 movsx byte ptr ecx, [ebp + eax - 2C] :< -- ECX is loaded with a letter of the name we entered.
:00402FEB add esi, ecx :< -- Add the letter to ESI
:00402FED inc eax :< -- Increment EAX to get next letter
:00402FEE cmp eax, edi :< -- Did we reach the end of the string?
:00402FF0 jl 00402FE6 :< -- If not, go get the next letter.

Well, we see that the program adds together all the letters of the name we entered.

Knowing that ESI contains the sum of the letters, lets continue and find out what the program does with that value :

:00402FF2 push 0000000A
:00402FF4 lea eax, [ebp-18] :< -- Load EAX with the address of the reg.

number we entered
:00402FF7 push 00000000
:00402FF9 push eax :< -- Push EAX (as a parameter for the following function)
:00402FFA call 00403870 :< -- Well, what do you think this function does?
:00402FFF add esp, 0000000C
:00403002 cmp eax, esi :< -- Hey!
:00403004 je 00403020

We see that a function is called and when RETurned ESI is compared with EAX.

Hmm, lets look at what’s in EAX. A ‘? EAX’ reveals :

00003039 0000012345 “09″

Bingo. That’s what we entered as the registration number.

It should have been what’s inside ESI. And we know what’s inside ESI, the sum of the letters of the name we entered!

Step 7: Now we know how the program computes the registration code we can make a key-gen.
But we should not forget that the program checks also that the registration number has 10
digits.
A simple C code that will compute the registration number for this program could look like this:

#include
#include
main()
{
char Name[100];
int NameLength,Offset;
long int Reg = 0, Dummy2 = 10;
int Dummy = 0;
int LengtDummy = 1;
int Lengt , Teller;
printf(”Scanline SwiftSearch 2.0 crack by raZZia.\n”);
printf(”Enter your name: “);
gets(Name);
NameLength=strlen(Name);

/* the for lus calculates the sum of the letters in Name */
/* and places that value in Reg */
for (Offset=0;Offset {
Reg=Reg+Name[Offset];
}
/* the while lus calculates the lenght of the figure in */
/* Reg and places it in Lengt */
while (Dummy != 1)
{
if ( Reg < Dummy2 )
{ Lengt = LengtDummy ; Dummy =1;
}
else
{ LengtDummy=LengtDummy + 1; Dummy2=Dummy2*10;
}
};
printf(”\nYour registration number is : ” );
/* First print 10-Lengt times a 0 */
Lengt=10-Lengt;
for (Teller=1;Teller< =Lengt;Teller=Teller+1) printf("0");
/* Then print the registration number */
printf(”%lu\n”,Reg);
}

Case 2 Ize 2.04 from Gadgetware

Ize from Gadgetware is a cute little program that will put a pair of eyes on your screen which will
follow your mousepointer.

It has a register function where you can enter your name and a registration
number. The strategy in this case is still the same : Find out where in memory the entered information
is stored and then find out what is done with that information.

Step 1: Start Ize.

Chose register and enter a name and a number. I used ‘razzia’ and ‘12345′.

Sterp 2: Enter (CTRL-D) Softice and set a breakpoint on GetDlgItemTextA.

Step 3: Leave SoftIce and press OK.

This will put you back in Softice. You will be inside the GetDlgItemTextA
function. To get out of it press F11.

You should see the following code :

mov esi, [esp + 0C]
push 00000064
push 0040C3A0 :< --On this memory location the NAME we entered will be stored.
mov edi, [USER32!GetDlgItemTextA] :< --Load edi with adress of GetDlgItemTextA
push 00004EE9
push esi
call edi :< -- Call GetDlgItemTextA
push 00000064 :< -- (you should be here now)
push 0040C210 :< --On this memory location the NUMBER we entered will be stored
push 00004EEA
push esi
call edi :< -- Call GetDlgItemTextA

We see that the function GetDlgItemTextA is called twice in this code fragment.

The first call has
already happened. With ED 40C3A0 we can check that the name we entered is stored on that location.
To allow the program to read in the number we entered we type G and enter.

Now we are inside the Get-
DlgItemTextA function again and we press f11 to get out of it.

We check memory location 40C210 and
we see the number we entered is stored there.
Now we know the locations were the name and the number are stored,we note those down!

Step 4: Ok, what next? We now know where in memory the name and the number are stored.

We need to find out
what the program does with those values. In order to do that we could set breakpoints on those memory
locations to see where they are read.

But in this case it wont be necessary. The answer is right after the
above code :

push 0040C210 :< --save the location of the number we entered (as a parameter for the next call)
call 00404490 :< -- call this unknown function
add esp, 00000004
mov edi, eax :< -- save EAX (hmmmm)

We see a function being called with the number-location as a parameter.

We could trace into the function and see what it does, but that is not needed.

With your experience of the Swiftsearch
example you should be able to guess what this function does.

It calculates the numerical value of the registration number and puts it in EAX. To be sure we step further using F10 untill we are past the call and check the contents of EAX (with ? EAX).

In my case it showed : 00003039 0000012345 “09″.

Knowing that EDI contains our registration number we proceed:

push 0040C3A0 :< -- save the location of the name we entered (as a parameter for the next call)
push 00409080 :< -- save an unknown memory-location (as a parameter for the next call)
call 004043B0 :< --call to an unknown function
add esp, 00000008
cmp edi, eax :< --compare EDI (reg # we entered) with EAX (unknown, since the previous call changed it)
jne 004018A1 :< --jump if not equal

We see that a function is called with two parameters.

One of the parameters is the location of the name
we entered. The other we dont know, but we can find out with ED 409080.

We see the text ‘Ize’.
This function calculates the right registration number using those two parameters.

If you just want to
crack this program, you can place a breakpoint right after the call and check the contents of EAX.

It will
contain the right registration number. But since we want to know HOW the reg.

# is calculated we will trace inside the function (using T). We will then try to find out HOW the contents of EAX got in there.

Step 5: Once inside the interesting function you will see that we are dealing with a rather long function.

It wont be necessary for me to include the complete listing of this function, because we wont need all of it to make our key-gen.
But in order find out which part of the code is essential for the computation of the right registration number, you have to trace STEP by STEP and figure out what EXACTLY is going on!

Afther doing this i found out that the first part of the function computes some kind of “key”.

Then this
“key” is stored in memory and in that way passed on to the second part of the function.
The second part of the function then computes the right registration number, based on this “key” AND
the name we entered.

The code that is essential and that we need for our key-gen is the following:

( Note that before the following code starts, the registers that are used will have the following values:
EBX will point to the first letter of the name we entered,
EDX will be zero,
EBP will be zero,
The “key” that we talked about earlier is stored in memory location 0040B828 and will
have 0xA4CC as its initial value.

)

:00404425 movsx byte ptr edi, [ebx + edx] :< -- Put first letter of the name in EDI
:00404429 lea esi, [edx+01] :< -- ESI gets the "letter-number"
:0040442C call 00404470 :< -- Call function
:00404431 imul edi, eax :< -- EDI=EDI*EAX (eax is the return value of the the previous call)
:00404434 call 00404470 :< -- Call function
:00404439 mov edx, esi
:0040443B mov ecx, FFFFFFFF
:00404440 imul edi, eax :< -- EDI=EDI*EAX (eax is the return value of the previous call)
:00404443 imul edi, esi :< -- EDI=EDI*ESI ( esi is the number of the letter position)
:00404446 add ebp, edi :< -- EBP=EBP+EDI (beware that EBP will finally contain the right reg#)
:00404448 mov edi, ebx :< --these lines compute the lenght of the name we entered
:0040444A sub eax, eax :< --these lines compute the lenght of the name we entered
:0040444C repnz :< --these lines compute the lenght of the name we entered
:0040444D scasb :< --these lines compute the lenght of the name we entered
:0040444E not ecx :< --these lines compute the lenght of the name we entered
:00404450 dec ecx :< -- ECX now contains the lenght of the name
:00404451 cmp ecx, esi
:00404453 ja 00404425 :< -- If its not the end of the name , go do the same with the next letter
:00404455 mov eax, ebp :< -- SAVE EBP TO EAX !!!!
:00404457 pop ebp
:00404458 pop edi
:00404459 pop esi
:0040445A pop ebx
:0040445B ret
_____

:00404470 mov eax, [0040B828] :< -- Put "key" in EAX
:00404475 mul eax, eax, 015A4E35 :< -- EAX=EAX * 15A4E35
:0040447B inc eax :< -- EAX=EAX + 1
:0040447C mov [0040B828], eax :< -- Replace the "key" with the new value of EAX
:00404481 and eax, 7FFF0000 :< -- EAX=EAX && 7FFF0000
:00404486 shr eax, 10 :< -- EAX=EAX >>10
:00404489 ret

The above code consists of a loop that goes trough all the letters of the name we entered.

With each
letter some value is calculated, all these values are added up together (in EBP).

Then this value is stored
in EAX and the function RETurns. And that was what we were looking for, we wanted to know how EAX got its value!

Step 6: Now to make a key-gen we have to translate the above method of calculating the right reg# into a
c program.

It could be done in the following way :
(Note : I am a bad c programmer

#include
#include
main()
{
char Name[100];
int NameLength,Offset;
unsigned long Letter,DummyA;
unsigned long Key = 0xa4cc;
unsigned long Number = 0;
printf(”Ize 2.04 crack by razzia\n”);
printf(”Enter your name: “);
gets(Name);
NameLength=strlen(Name);
for (Offset=0;Offset {
Letter=Name[Offset];
DummyA=Key;
DummyA=DummyA*0ª15a4e35;
DummyA=DummyA+1;
Key=DummyA;
DummyA=DummyA & 0ª7fff0000;
DummyA=DummyA >> 0ª10;
Letter=Letter*DummyA;
DummyA=Key;
DummyA=DummyA*0ª15a4e35;
DummyA=DummyA+1;
Key=DummyA;
DummyA=DummyA & 0ª7fff0000;
DummyA=DummyA >> 0ª10;
Letter=Letter*DummyA;
Letter=Letter*(Offset+1);
Number=Number+Letter;
}
printf(”\nYour registration number is : %lu\n”,Number);
}

A Basic KeyGenMe Tutorial

--------------------------------------------------------------------------Materials: OllyDbg -

Code:

http://www.ollydbg.de/

KeyGenMe -

Code:

http://crackmes.de/users/hexic/crack_me/download/

An actual desire to learn Alright. In this paper, I'm going to guide you in learning the serial algorithm for the crackmes.de challenge by HEXiC. Although a real-world application may not use such a simple process, this is excellent for beginners in the reverse engineering field. I will not code a key generator ("keygen") for you, but you should hopefully be able to with the information learned by the end of this tutorial. First, let's open the application up in OllyDbg. There are other programs available, but this is the most popular. Press F9 to run the executable until a window prompts us for a name and serial key. I will be using the name 'sToRm' for this example. Fill the serial field with some zeros just as a placeholder. Now, I have done some prior analysis of the assembly in this application and have determined that the validity of the serial is checked through the CALL KeyGenMe.00401262 at address 0040116F. Place a breakpoint here, and when you click 'Check,' it will pause on that line. Now, press F7 to step into the call. Just a side note, let's search the binary for all text strings and record a few select ones, as this will become important soon. Right-click in OllyDbg, and select 'All referenced text strings' from the 'Search for' submenu. You should see our inputted serial and name (twice, actually). Take note of the addresses: 004010C1 004010D7 004010F9 PUSH KeyGenMe.00403254 PUSH KeyGenMe.004032A4 PUSH KeyGenMe.00403254 ASCII "sToRm" ASCII "00000000000000" ASCII "sToRm"

Step down the code until you reach: 0040126F |. A0 54324000 MOV AL,BYTE PTR DS:[403254]

In this line, the binary is taking the value of the byte at address 00403254 (hey, look familiar?) and storing it to AL. If you look in your 'Hex dump' window and hop to that address, you can clearly see the inputted name. So, 00403254 is the first character of the name (73 or 's'). The next line divides our value by 10, leaving the 3 after the decimal point to be stored in AH. EDX also picks up 00000003 on the following line. The next line uses the EDX value of 3 to add to the address 00403235, essentially pulling a value from the charset of the serial number. 00403235 holds 34, which is converted to ASCII '4' and stored to AL. Therefore, the first character of our serial is 4. 00401278 0040127E 00401284 00401286 |. |. |. |. 8A82 35324000 8A15 A4324000 38D0 0F85 E8000000 MOV MOV CMP JNZ AL,BYTE PTR DS:[EDX+403235] DL,BYTE PTR DS:[4032A4] AL,DL KeyGenMe.00401374

The next line does the same as the previous, but it is hard-coded to pull

the first character of our inputted serial at 004032A4 and assign to DL. Comparing AL (4) to DL (0), we JMP to the end of the CALL to return to the badboy. Restart the execution using Ctrl+F2, and follow the same steps as before, only starting the serial with 4 this time. Now, we safely pass by the check of the first character of the serial and move onto the second. This is exactly like before, but notice how the commands now grab their values but one byte ahead: 0040128E 00401293 00401295 00401297 0040129D |. |. |. |. |. A0 55324000 F6F1 8AD4 8A82 35324000 8A15 A5324000 MOV DIV MOV MOV MOV AL,BYTE PTR DS:[403255] CL DL,AH AL,BYTE PTR DS:[EDX+403235] DL,BYTE PTR DS:[4032A5]

See the logic here? If you don't, I suggest you reread the explanation of the first part or just go outside and make friends (lol). Anyways, we see that the 2nd character of the valid serial for name 'sToRm' is 'T'. 004012AB 004012B0 |. |. A0 A6324000 2C 2D MOV AL,BYTE PTR DS:[4032A6] SUB AL,2D

These two lines are incredibly simple. 2D in hex is a hyphen ('-'), so we now have the third character of our serial and the completion of the first section of it. On to the next part! 004012B8 004012BA 004012BC 004012BE 004012C4 004012C6 004012C8 004012CA 004012CB |. 33D2 |. 33C0 |> /33C9 |. |8A8A 54324000 |. |0AC9 |. |74 05 |. |03C1 |. |42 |.^\EB EF XOR EDX,EDX XOR EAX,EAX /XOR ECX,ECX |MOV CL,BYTE PTR DS:[EDX+403254] |OR CL,CL |JE SHORT KeyGenMe.004012CD |ADD EAX,ECX |INC EDX \JMP SHORT KeyGenMe.004012BC

You may pass over this loop at first, thinking "oh, it's just doing something with the name" and skip over it, but this loop is also important. It's actually going to give us the next eight characters of our serial! After resetting EAX and EDX (which will be the counter for this loop), we enter it. And now we see this damn 00403254 address coming up again! EDX equals 0 at this moment, so it will store the value of 00403254 to CL (and soon ECX; watch the registers on the right). We skip the JMP out of the loop until we run out of characters in our name to load. The hex of the 's' in 'sToRm' is added to the empty EAX, EDX is incremented by 1, ECX is reset, and we start the loop over again, this time pulling the second value of our name. If you're lazy, you'll see that the value of EAX (our full name) at the end of the loop is 1F5. This could have also been easily calculated with a calculator set to hex (hey, calc.exe!). 000001F5 is pushed onto the stack, some formatting is done, and then we are quickly thrusted into another loop. 004012E2 004012E4 004012EA 004012F0 004012F2 004012F4 004012F5 004012F8 |. /EB 11 |> |8A81 C0324000 |. |8A91 A7324000 |. |38D0 |. |75 06 |. |41 |> \83F9 08 |.^ 75 EA JMP SHORT KeyGenMe.004012F5 /MOV AL,BYTE PTR DS:[ECX+4032C0] |MOV DL,BYTE PTR DS:[ECX+4032A7] |CMP AL,DL |JNZ SHORT KeyGenMe.004012FA |INC ECX CMP ECX,8 \JNZ SHORT KeyGenMe.004012E4

ECX is now the counter, and the inputted serial is being checked against the hex value of our name we just determined. Don't see it? You may need to squint a little. The first five digits of our name value are zeros, because 1F5 in hex is really 000001F5 (eight characters). The ECX counter will increment until it equals 8, where it will then JMP out of the loop to avoid pulling and comparing values that aren't part of the hexidecimal portion of the serial. Therefore, our serial is now '4T-000001F5'. We're getting closer. :) Reset the execution, and return past this loop with our newly-found piece. Once again, the next lines call for a hyphen, or else we will be JMP'd to the badboy. Add it to the serial, and proceed once again. 0040130A 0040130C 00401311 00401317 0040131D 0040131F 00401321 00401327 0040132D 0040132F |. |. |. |. |. |. |. |. |. |. 33C0 B9 10000000 8B1D B8324000 8A83 52324000 F6F1 8AD4 8A82 35324000 8A15 B0324000 38D0 75 43 XOR MOV MOV MOV DIV MOV MOV MOV CMP JNZ EAX,EAX ECX,10 EBX,DWORD PTR DS:[4032B8] AL,BYTE PTR DS:[EBX+403252] CL DL,AH AL,BYTE PTR DS:[EDX+403235] DL,BYTE PTR DS:[4032B0] AL,DL SHORT KeyGenMe.00401374

Look somewhat familiar? These lines are near-identical to the ones that determined the first character of our serial. Follow in the 'Hex dump' to the addresses that are requested, and you will find that it is now sending the 1st-tolast character of our name through the division algorithm. For instance, EBX equals 5, so the value of 00403257 is ASCII 'R' (or 52 in hex). Can you figure out why EBX equals 5 in the first place? Anyways, divide the value by 10, and we are found with the fact that our next character in the serial must be a 'G', because it produces a hex value of 47. Follow this procedure again for the next (and last character) in the inputted name, and a 9 is produced. Now, we have a serial of '4T-000001F5-G9' for name 'sToRm'. Reset the execution (as if you haven't done it enough), and then run it with our credentials. Voila! You've just reverse engineered this algorithm. If you really want to make sure you understand the concepts behind this crackme, then try the entire process over again with a different name. If you wish to master it, then code a keygen with the information you've learned about it. ;) Cheers! sToRm

Backdoor possibility by DDos attack

Well I figure out this when I did read it from wikipedia.

Anywayes, take a close look to this, and tell me what kind of possibility it could have to sneak a backdoor on the Ddos attack.


First of all here we have something you should know about the denail of service (DOS), well the Denail of service has a very good access point for all us who wants to create a remote connection by use this shell .

if you are doing this and you got a Ddos program, then you can just place a keylogger + backdoor, so you can alwayes connect to the victim & see what's the victim are typing. Before you are make a attack, you will altso have to ping the victim, to see if his host computer is online, and if you see its online, then you have a good choise to get him owned !



This is how the dos attack looks like, and you can easily bypass the firewall since you are use denail of service, but anywayes you can read more about it down under this text.



Firewalls
Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Some DoS attacks are too complex for today's firewalls, e.g. if there is an attack on port 80 (web service), firewalls cannot prevent that attack because they cannot distinguish good traffic from DoS attack traffic. Additionally, firewalls are too deep in the network hierarchy. Routers may be affected even before the firewall gets the traffic. Nonetheless, firewalls can effectively prevent users from launching simple flooding type attacks from machines behind the firewall.
Modern stateful firewalls like Check Point FW1 NGX and Cisco PIX have a built-in capability to differentiate good traffic from DoS attack traffic. This capability is known as a "Defender", as it confirms TCP connections are valid before proxying TCP packets to service networks (including border routers). A similar ability is present in OpenBSD's pF, which is available for other BSDs as well. In that context, it is called "synproxy".


Alright, here you get a complete view of how the denail of service attack bypass the firewall




Well if you wanna know more, or even like my post I could write more about this for sure .

But for now I'm just waiting for response and to look what people are think about my new thread,

I'm out