Firefox 3.0 Beta 5
The award-winning Web browser is better than ever. Browse the Web with confidence. Firefox protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy. It's easy to import your favorites and settings and get started. The latest version delivers easier navigation for everyone, including those who are visually or motor-impaired. Firefox is the first browser to support DHTML accessibility, which, when enabled by Web authors, allows rich Web applications to be read aloud. Users may navigate with keystrokes rather than mouse clicks, reducing the tabbing required to navigate documents such as spreadsheets. Firefox 1.5 (Windows version) is also the first browser to meet US federal government requirements that software be easily accessible to users with physical impairments. Link Download Windows: Link Download Mac Os: Source: www.filehippo.com & www.mozilla.comFirefox 3.0 Beta 5 Size 7.20 Mb
Web Browser Apple Safari for Windows
Web Browser Apple Safari for Windows jauh lebih cepat dari Internet Explorer 7 dan Mozila FireFox The fastest web browser on any platform, Safari loads pages up to 1.9 times faster than Internet Explorer 7 and up to 1.7 times faster than Firefox 2. And it executes JavaScript up to 6 times faster than Internet Explorer 7 and up to 4 times faster than Firefox 2. What does all that mean for you? Less time loading pages and more time enjoying them. HTML Performance JavaScript Performance Performance measured in seconds. Testing conducted by Apple in March 2008 on a 2.4GHz Intel Core 2 Duo-based iMac system running Windows XP Professional SP2, configured with 1GB of RAM and an ATI Radeon HD 2600 with 256MB of VRAM. HTML and JavaScript benchmarks based on VeriTest’s iBench Version 5.0 using default settings. Testing conducted with a beta version of Safari; all other browsers were shipping versions. Performance will vary based on system configuration, network connection, and other factors. URL Download : http://www.apple.com/safari/download/ Source: www.apple.com
Blazing performance.
Orkut Tool Pack 2.0
Orkut Tool Pack 2.0
Contents:
scrap flooder
fake account maker
contest voter
friend adder
friend acceptor/rejector
fake account password vhanger
mass deleter
topic flooder
mass community joiner/unjoiner
community spammer
fan flooder
scrap all
marketting tool
profile backup
community creator
scrap deleter
mass profile visitor
collection of working and essential javascripts
Link Download:
Computer-Security
Computer-Security
Closing Open Holes By Sharp Soft __sharp__@hackermail.com.in Netstat,
Firewalls, open Ports, scanning,port
Closing Open Holes By Sharp Soft __sharp__@hackermail.com
_______________________________________________________________
With the spread of Hackers and Hacking incidents, the time has come, when not only system administrators of servers of big companies, but also people who connect to the Internet by dialing up into their ISP, have to worry about securing their system. It really does not make much difference whether you have a static IP or a dynamic one, if your system is connected to the Internet, then there is every chance of it being attacked.
This manual is aimed at discussing methods of system security analysis and will shed light on as to how to secure your standalone (also a system
connected to a LAN) system.
Open Ports: A Threat to Security?
In the Netstat Tutorial we had discussed how the netstat -a command showed the list of open ports on your system. Well, anyhow, before I move on, I would like to quickly recap the important part. So here goes, straight from the netstat tutorial:
Now, the ??a? option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system.
For Example,
C:\windows>netstat –a
Active Connections
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
TCP ankit:1036 dwarf.box.sk:ftp-data TIME_WAIT
TCP ankit:104 banners.egroups.com:80 FIN_WAIT_2
TCP ankit:1045 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP ankit:1052 zztop.boxnetwork.net:80 ESTABLISHED
TCP ankit:1053 mail2.mtnl.net.in:pop3 TIME_WAIT
UDP ankit:1025 *:*
UDP ankit:nbdatagram *:*
Now, let us take a single line from the above output and see what it stands for:
Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED
Now, the above can be arranged as below:
Protocol: TCP (This can be Transmission Control Protocol or TCP, User
Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)
Local System Name Sharp (This is the name of the local system that you set during the Windows setup.)
Remote System: dwarf.box.sk (This is the non-numerical form of the system to which we are connected.)
Remote Port: ftp (This is the port number of the remote system dwarf.box.sk to which we are connected.)
?Netstat? with the ??a? argument is normally used, to get a list of open ports on your own system i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect the presence of Trojans, but, we are hackers, and need to software to tell us, whether we are infected or not. Besides, it is more fun to do something manually than to simply click on the ?Scan? button and let some software do it.
The following is a list of Trojans and the port numbers which they use, if you Netstat yourself and find any of the following open, then you can be pretty sure, that you are infected.
Port 12345(TCP) Netbus
Port 31337(UDP) Back Orifice
For complete list, refer to the Tutorial on Trojans at:
hackingtruths.box.sk/trojans.txt
Now, the above tutorial resulted in a number of people raising questions like: If the 'netstat -a' command shows open ports on my system, does this mean that anyone can connect to them? Or, How can I close these open ports? How do I know if an open port is a threat to my system's security of not? Well, the answer to all these question would be clear, once you read the below paragraph:
Now, the thing to understand here is that, Port numbers are divided into three ranges:
The Well Known Ports are those from 0 through 1023. This range or ports is bound to the services running on them. By this what I mean is that each port usually has a specific service running on it. You see there is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, then it usually means that that particular system uses the FTP Protocol to transfer files. However, please note that some smart system administrators delibrately i.e. to fool lamers run fake services on popular ports. For Example, a system might be running a fake FTP daemon on Port 21.
Although you get the same interface like the FTP daemon banner, response numbers etc, however, it actually might be a software logging your prescence and sometimes even tracing you!!!
The Registered Ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, Networking utlites like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with the remote server. A port number within this range is the reason why you are able to surf the net or check your email etc.
If you find that when you give the netstat -a command, then a number of ports within this range are open, then you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transfering packets (data) received to the application and vis-a-versa. Once you close the application, then you find that these ports are closed automatically. For Example, when you type www.hotmail.com in your browser, then your browser randomly chooses a Registered Port and uses it as a buffer to communicate with the various remote servers involved.
The Dynamic and/or Private Ports are those from 49152 through 65535. This range is rarely used, and is mostly used by trojans, however some application do tend to use such high range port numbers. For Example,Sun starts their RPC ports at 32768.
So this basically brings us to what to do if you find that Netstat gives you a couple of open ports on your system:
1. Check the Trojan Port List and check if the open port matches with any of the popular ones. If it does then get a trojan Removal and remove the trojan.
2. If it doesn't or if the Trojan Remover says: No trojan found, then see if the open port lies in the registered Ports range. If yes, then you have nothing to worry, so forget about it.
***********************
HACKING TRUTH: A common technique employed by a number of system administrators, is remapping ports. For example, normally the default port for HTTP is 80.
However, the system administrator could also remap it to Port 8080. Now, if that is the case, then the homepage hosted at that server would be at:
http://domain.com:8080 instead of http://domain.com:80
The idea behind Port Remapping is that instead of running a service on a well known port, where it can easily be exploited, it would be better to run it on a not so well known port, as the hacker, would find it more difficult to find that service. He would have to port scan high range of numbers to discover port remapping.
The ports used for remapping are usually pretty easy to remember. They are choosen keeping in mind the default port number at which the service being remapped should be running. For Example, POP by default runs on Port 110.
However, if you were to remap it, you would choose any of the following: 1010, 11000, 1111 etc etc
Some sysadmins also like to choose Port numbers in the following manner:
1234,2345,3456,4567 and so on... Yet another reason as to why Port Remapping is done, is that on a Unix System to be able to listen to a port under 1024, you must have root previledges.
************************
Firewalls
Use of Firewalls is no longer confined to servers or websites or commerical companies. Even if you simply dial up into your ISP or use PPP (Point to Point Protocol) to surf the net, you simply cannot do without a firewall. So what exactly is a firewall?
Well, in non-geek language, a firewall is basically a shield which protects your system from the untrusted non-reliable systems connected to the Internet. It is a software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, then it reacts according to the predefined set of rules. So basically, a firewall is something that protects the network(or systen) from the Internet. It is derived from the concept of firewalls used in vehicles which is a barrier made of fire resistant material protecting the vehicle in case of fire.
Now, for a better 'according to the bible' defination of a firewall: A firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from the untrusted network (The Internet.)
NOTE: This was a very brief desciption of what a firewall is, I would not be going into the details of their working in this manual.
Anyway,the term 'Firewalls', (which were generally used by companies for commerical purposes) has evolved into a new term called 'Personal Firewalls'. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in other words a personal firewall is a firewall used for personal use.
Now that you have a basic desciption as to what a firewall is, let us move on to why exactly you need to install a Firewall? Or, how can not installing a firewall pose a threat to the security of your system?
You see, when you are connected to the Internet, then you have millions of other untrusted systems connected to it as well. If somehow someone found out your IP address, then they could do probably anything to your system. They could exploit any vulnerability existing in your system, damage your data, and even use your system to hack into other computers.
Finding out someone'e IP Address is not very difficult. Anybody can find out your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), through a common ISP and numerous other ways. Infact finding out the IP Address of a specific person is not always the priority of some hackers.
What I mean to say by that is that there are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharing Enabled or a system running an OS which is vulnerable to the Ping of Death attack etc etc As soon as a vulnerable system is found, then they use the IP to carry out the attacks.
The most common scanners look for systems with RAT's or Remote Administration Tools installed. They send a packet to common Trojan ports and display whether the victim's system has that Trojan installed or not. The 'Scan Range of IP Addresses' that these programs accept are quite wide and one can easily find a vulnerable system in the matter of minutes or even seconds.
Trojan Horses like Back Orifice provide remote access to your system and can set up a password sniffer. The combination of a back door and a sniffer is a dangerous one: The back door provides future remote access, while the sniffer may reveal important information about you like your other Passwords, Bank Details, Credit Card Numbers, Social Security Number etc If your home system is connected to a local LAN and the attacker manages to install a backdoor on it, then you probably have given the attacker the same access level to your internal network, as you have. This wouls also mean that you will have created a back door into your network that bypasses any firewall that may be guarding the front door.
You may argue with me that as you are using a dial up link to your ISP via PPP, the attacker would be able to access your machine only when you are online. Well, yes that is true, however, not completely true. Yes, it does make access to your system when you reconnect, difficult, as you have a dynamic Internet Protocol Address. But, although this provides a faint hope of protection, routine scanning of the range of IP's in which your IP lies, will more often than not reveal your current Dynamic IP and the back door will provide access to your system.
*******************
HACKING TRUTH: Microsoft Says: War Dialer programs automatically scan for modems by trying every phone number within an exchange. If the modem can only be used for dial-out connections, a War Dialer won't discover it. However, PPP changes the equation, as it provides bidirectional transportmaking any connected system visible to scanners?and attackers.
*******************
So how do I protect myself from such Scans and unsolicited attacks? Well, this is where Personal Firewalls come in. They just like their name suggests, protect you from unsolicited connection probes, scans, attacks.
They listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warning asking you what to do or whether to allow the connection to initiate or not. This warning message also contains the IP which is trying to initiate the connection and also the Port Number to which it is trying to connect i.e. the Port to which the packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with the untrusted systems directly.
Most Personal Firewalls have extensive logging facilities which allows you to track down the attackers. Some popular firewalls are:
1.BlackICE Defender : An IDS for PC's. It's available at http://www.networkice.com.
2. ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com
Once you have installed a firewall on your system, you will often get a number of Warnings which might seem to be as if someone is trying to break into your system, however, they are actually bogus messages, which are caused by either your OS itself or due to the process called Allocation of Dynamic IP's. For a details description of these two, read on.
Many people complain that as soon as they dial into their ISP, their firewall says that such and such IP is probing Port X. What causes them? Well, this is quite common. The cause is that somebody hung up just before you dialed in and your ISP assigned you the same IP address. You are now seeing the remains of communication with the previous person. This is most common when the person to which the IP was assigned earlier was using ICQ or chat programs, was connected to a Game Server or simply turned off his modem before his communication with remote servers was complete.
You might even get a message like: Such and Such IP is trying to initiate a Netbios Session on Port X. This again is extremely common. The following is an explanation as to why it happens, which I picked up a couple of days ago: NetBIOS requests to UDP port 137 are the most common item you will see in your firewall reject logs. This comes about from a feature in Microsoft's Windows: when a program resolves an IP address into a name, it may send a NetBIOS query to IP address. This is part of the background radiation of the Internet, and is nothing to be concerned about.
What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs call the function 'gethostbyaddr()' with the desired address. This function will then do the appropriate lookup, and return the name. This function is part of the sockets API. The key thing to remember about gethostbyaddr() is that it is virtual. It doesn't specify how it resolves an address into a name. In practice, it will use all available mechanisms. If we look at UNIX, Windows, and Macintosh systems, we see the following techniques:
DNS in-addr.arpa PTR queries sent to the DNS server NetBIOS NodeStatus queries sent to the IP address lookups in the /etc/hosts file AppleTalk over IP name query sent to the IP address RPC query sent to the UNIX NIS server NetBIOS lookup sent to the WINS server Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques. In more excruciating detail, Microsoft has a generic system component called a naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can perform. Some RPC products will likewise register an NIS naming service. When a program requests to resolve an address, this address gets passed onto the generic naming service. Windows will try each registered name resolution subsystem sequentially until it gets an answer.
(Side note: User's sometimes complained that accessing Windows servers is slow.
This is caused by installing unneeded protocol stacks that must timeout first before the real protocol stack is queried for the server name.).
The order in which it performs these resolution steps for IP addresses can be configured under the Windows registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ ServiceProvider.
Breaking Through Firewalls
Although Firewalls are meant to provide your complete protection from Port Scan probes etc there are several holes existing in popular firewalls, waiting to be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10 to 2.0.26, which allows the attacker to port scan the target system (Although normally it should stop such scans.)
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the packet through and will not notify the user. This means, that one can TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port 67 as the source port on the packets.
Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88 (Notice the -g67 which specifies source port).
TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88 (Notice the -g67 which specifies source port).
Well, that is all for this manual, which is by no means finished. I would be updating it at regular intervals, so kindly hang on. Bye...
Sharp Soft
sharp.soft@hotmail.com
http://hackingtruths.box.sk
To receive tutorials written by Ankit Fadia on everything you ever dreamt of in
your Inbox, join his mailing list by sending a blank email to:
programmingforhackers-subscribe@egroups.com
Wanna ask a question? Got a comment to make? Criticize, Comment and more?..by sending me an Instant Message on MSN Messenger. The ID that I use is: sharp.soft@hotmail.com
Wanna learn Hacking? Wanna attend monthly lectures and discussions on various Networking/Hacking topics? Lectures, Debates and Discussions, get it all by simply joining The Hacking Truths club by clicking Here Take the HTCH examination to give recognition to your Hacking Skills. Click Here
__________
Source: www.sharp-soft.net
Sharp Hackers Book
Sharp Hackers Book
(Tutorials)
Sharp Soft
Www.Sharp-Hack.Com
Sharp.Hack @ Yahoo.Com
Get more Tutorials like this at www.Hackers-Black-Book.com
Use these tutorials just to open your mind and broaden your horizons ?
Do not use these tutorials to hurt nobody ?
Be careful with them. Thank you ?
All of these tutorials are untouched originals from back in the days
Classic Tutorials
Novice_Guide_2_Hackin by The_Mentor
Tutorials
Ultimate-Beginners
Guide-to-Hacking
Beginners-Guide-to
Hacking-and-Phreaking
Hacking Tutorials
Bypass - Black Ice Defender and ZoneAlarm
Complete guide for newbies to spoof one's identity on IRC
Beginners "Step By Step" SecurityGuide v0.1.32
Hacking CGI - security and exploitation
How To Easily Restart Windows XP
Windows 9x/ME Security And System Restrictions
Unrevealed Windows Tips and Secrets
Web Hacking
Web Hacking
Your objective today is to crack this application. However, please try to avoid causing real damage to the site, as many people need to use it
First steps
There are several users set up for this application with user names from aa to zz (with passwords the same as user names). There is a further user whose identity you may discover in the course of your investigations. You should use a user name that relates to your workstation ID, so if your workstation is CS206a, your user name will be aa
Try the application. See what it is supposed to do. Are there any exploits which immediately spring to mind? See what happens if you enter
instead of an email address into the optional email input box
In itself the result of doing this is mildly irritating but not especially harmful. What might a malicious user be able to do to make it more dangerous? e.g. hints
- JavaSpt can be used to load a new page to replace the existing one
- Bad HTML (especially in tables) can wreck a page
You may spot one or two other flaws- a good trick is to try to enter unlikely data into form fields. My personal favourite characters are the following
? ' > < % \ | #
Note that in this application only a couple of these will cause surprising effects
Most of the application's flaws will only become obvious with a bit more probing
Looking at the HTML
Now save the form to a local directory (save it with a .html extension, then it will be easier to use
Look at the source code. Try to work out how to give yourself a very good mark in the test
Some starting points
Your first task will probably be to modify the action of the form to point to the absolute URL of the receiving pageTry to work out how the application allocates marks. If you think that the method used seems silly, I have seen real applications which allocated real test scores for real students which do this
Are there any hidden fields that you might modify
It would be a bit easier to hack if you could see the information sent from the form to the receiving page. Modify the form to use GET instead of POST. This will then allow you to play with the data sent to the page directly, rather than via the form.
More advanced
It would be a lot easier to hack if you had access to the database file. It may be possible to find out what this is called if you send some data that will cause an error. Try to work out how to do this. If you find the name of the database, download it
Phishing
Phishing
What is Phishing?
Phishing, also known as "brand spoofing" or "carding", is a form of fraudulent attack using email messages and replica websites to trick users into submitting personal information. Hijackers pose as well-known financial institutions, online retailers or other trusted companies in an attempt to acquire credit card numbers, social security numbers, and other sensitive account information
According to the Anti-Phishing Working Group, up to 5% of users respond to phishing attempts.
What can businesses do to protect their users from a phishing attack? SurfControl solutions can detect the phishing emails and block the bogus websites:
- SurfControl Web Filter
- Web Filter allows organizations to manage access to sites based on category type. The "Criminal Skills" category contains the hoax sites that are created by phishing attempts.
- SurfControl E-mail Filter
- E-mail Filter helps organizations manage unwanted email content such as spam and viruses. Not only does its filtering database contain the digital signatures of known phishing emails, but also it can check email content for fraudulent web links.
- --------------------------------------------------------------------------------------
Web Filter
SurfControl Web Filter®
Raising the level of protection from web-based threats
SurfControl Web Filter enables companies to cost-effectively monitor network use and abuse anywhere in the organization, no matter how or where users connect to the Internet, across the full spectrum of Web-based content: IM, P2P, streaming media, file downloads, and Web-based e-mail. Best-of-breed protection against Web-based threats including viruses, spyware, malicious URLs, and blended threats is combined with a high level of visibility and control to reduce risk, enable business compliance, and ensure business continuity.
Unrivalled protection - wherever you are
SurfControl Threat Expertise
SurfControl and its Global Threat Experts monitor and analyze emerging Internet threats from Web, e-mail, spyware, and other malicious applications around-the-clock to deliver up-to-date protection and "cross pollination" against today's blended threats.
Web Security
SurfControl Web Filter extends security beyond URL filtering by allowing you to regulate what users can do over the Internet-to enable full control of business assets, enable business and regulatory compliance, and reduce risk.
SurfControl Mobile Filter
SurfControl Mobile Filter integrates seamlessly with SurfControl Web Filter to deploy content security and protection to all your users, regardless of where they are or how they connect to the Internet-via wireless hot-spot, broadband connection or dial-up.
Define, enforce and manage
Flexible Policy Management
An intuitive, drag-and-drop rules engine allows you to set up highly granular policies in a number of minutes. Integration with your existing directory structure streamlines policy enforcement for all users-including mobile users.
Flexible Content
By allowing you to create your own categories and threat definitions, Web Filter lets you enforce policies tailored to the unique business needs, user profiles, and industry-specific risks of your own organization.
Visibility through Reporting
Market-leading SurfControl Report Central provides unmatched visibility into internal and mobile Web usage and related threats, so technical staff and business managers alike can take control of Internet usage.
A partnership you can trust
Enterprise Protection Suite
SurfControl Web Filter belongs to a suite of best-of-breed products and on-demand services that raise the level of protection against Web, e-mail and malicious application threats, enable full control of business assets, and reduce total cost of ownership.
Options for Every Environment
SurfControl Web Filter can be delivered as integrated or standalone gateway software, as a gateway appliance, or as a managed service so you can choose the platform that best fits your own environment and technology strategy.
Return on Investment
A single base subscription to the Internet Threat Database covers millions of blended threats in areas that have traditionally existed only in separate e-mail or desktop protection, such as spam URLs and spyware-as well as tools for on-the-fly categorization-with no hidden costs
---------------------------------------------------------------------------------
E-mail Filter
SurfControl E-mail Filter
Powerful Protection Against Inbound and Outbound E-mail Threats
As the most comprehensive e-mail content filtering solution available, SurfControl E-mail Filter provides 360° protection against spam, viruses, worms, phishing, blended threats, and other Internet threats. Easy to install, use and administer, the solution draws on the industry's best e-mail filtering technologies to deliver comprehensive Internet protection, including:
- Day zero protection against blended threats - through digital fingerprints, heuristics, and Boolean language analysis that provide reliable protection against new spam and phishing attacks as they emerge
- E-mail system protection - using closed relay, sender policy framework (SPF), reverse DNS lookup, and other connection management techniques to protect your e-mail systems against denial-of-service attacks, spoofing, and other illicit e-mails
- Customized risk protection - with whitelists, blacklists, a virtual image agent, and an HTML stripper that give you granular control over who and what to allow into your e-mail system
- Data security compliance - with e-mail encryption through Transport Layer Security (TLS) and Secure SMTP (SMTPS) support; customized content filtering; pre-defined compliance dictionaries and rules; and a Virtual Leaning Agent that uses artificial intelligence to filter for your organization's most sensitive data
SurfControl E-mail Filter is powered by SurfControl's Adaptive Threat Intelligence Service-drawing on real-time threat detection technologies and the industry's most accurate dynamic threat databases to provide continuous protection.
SurfControl E-mail Filter is available to fit any network environment:
- SurfControl E-mail Filter for SMTP is a platform-independent solution that can be deployed with any e-mail gateway being used to protect any size network in any configuration
- SurfControl E-mail Filter for Exchange 2000 and 2003 are platform-specific solutions that filter internal, inbound, and outbound e-mail on any network using Microsoft Exchange 2000 or 2003
Install the SurfControl E-mail Filter solution that's right for your organization, and put the industry's best e-mail protection technology to work for your organization.
Computer Hacking
Computer Hacking
Written by David M, Sharp Soft, University Laboratory High School, Urbana, IL
--------------------------------------------------------------------------------
Introduction
Unlike most computer crime / misuse areas which are clear cut in terms of actions and legalities (e.g. software piracy), computer hacking is more difficult to define. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to illegal. There is an aura of mystery that surrounds hacking, and a prestige that accompanies being part of a relatively "elite" group of individuals who possess technological savvy and are willing to take the risks required to become a true "hacker". An interesting alternative view of how hackers positively impact areas such as software development and hacker ideology is presented in Technology and Pleasure: Considering Hacking Constructive
Even attempting to define the term "hacker" is difficult. Perhaps the premiere WWW resource in introducing individuals to hacking is the The New Hacker's Dictionary (http://www.logophilia.com/jargon/jargon_toc.html), a resource which encompasses everything from hacker slang, jargon, hacker folklore, writing style and speech to general appearance, dress, education and personality characteristics. According to The New Hacker's Dictionary, a hacker can be defined as
A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming
A person capable of appreciating hack value
A person who is good at programming quickly
An expert at a particular program, or one who frequently does work using it or on it
An expert or enthusiast of any kind. One might be an astronomy hacker, for example
One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence 'password hacker', 'network hacker'. The correct term for this sense is cracker. Even within hacker society, the definitions range from societal very positive (dare I say characteristic of gifted and talented individuals) to criminal. In his book, "Fighting Computer Crime: A New Framework for Protecting Information" (1998), Donn B. Parker lists two basic principles hacker live by
The belief that information sharing is a powerful good and that it is the ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources whenever possible
The belief that system cracking for fun and exploitation is ethically OK as long as the cracker commits no theft, vandalism or breach of confidentiality. Parker differentiates between benign and malicious hackers based on whether damage is performed, though in reality all hacking involves intrusion and a disregard for the efforts, works and property of others
--------------------------------------------------------------------------------
Issues
A number of issues arise in considering hacking from the educator perspective. First, we need to consider the fact that the public perception of hackers is mixed, and that "hacking" and "being considered a hacker" can be quite appealing to students who are going through developmental periods in which they are defining themselves, as well as challenging authority and rules. There is often a Robin Hood mentality to early actions, though it is unclear exactly who "the poor" are, and how they are "being compensated". Second, the anonymity of actions which hackers perform against others often enhances the severity of actions. For example, an adolescent who would never consider picking someone's pocket or physically damaging someone else's property or home, might be quite willing to steal people's credit card numbers or destroy poorly protected business or government files, since files and credit card numbers are not tangible entities, and the damage is done anonymously
The media often presents these individuals in a glamorous light. Adolescents may fantasize about their degree of technological skills and, lacking the social skills required to be accepted well by others, move online in search of those who profess to have technological skills the students desire. A simple search using the term "hacker" with any search engine results in hundreds of links to illegal serial numbers, ways to download and pirate commercial software, etc
Showing this information off to others may result in the students being considered a "hacker" by their less technologically savvy friends, further reinforcing antisocial behavior. In some cases, individuals move on to programming and destruction of other individuals programs through the writing of computer viruses and Trojan horses, programs which include computer instructions to execute a hacker's attack. If individuals can successfully enter computers via a network, they may be able to impersonate an individual with high level security clearance access to files, modifying or deleting them or introducing computer viruses or Trojan horses. As hackers become more sophisticated, they may begin using snuffers to steal large amounts of confidential information, become involved in burglary of technical manuals, larceny or espionage
--------------------------------------------------------------------------------
Ways to Minimize Potential for Hacking
There are a number of ways for schools to minimize potential for hacking
Schools need to clearly establish acceptable use policies and delineate appropriate and inappropriate actions to both students and staff. Students and staff need to instructed regarding hacking, the mentality associated with it, the consequences of various hacking actions and possible consequences of interacting and forming online relationships with anonymous individuals who claim to be proficient in invading others' privacy. The use of filters may be considered in reducing access to unauthorized software serial numbers and hacking-related materials, newsgroups, chartrooms and hacking organizations
Teachers need to be aware of student activities in the computer labs and pay special attention to things they hear in terms of hacking behavior. Many schools have taken initiative in having teachers work with technology-oriented students who exhibit many of the characteristics which may eventually lead to hacking-type behaviors. Recent web-based activities and competitions, including Think Quest, Web to the Edge and ExploraVision, are outstanding opportunities for these and other technologically oriented students to utilize their interests, energies and abilities in a positive way
----------------------------------------------------------------
Annotated Web Sites
The New Hacker's Dictionary http://www.logophilia.com/jargon/jargon_toc.html
A resource which introduces the reader to everything from hacker slang, jargon, hacker folklore, writing style and speech style to general appearance, dress, education and personality characteristics. If you are going to examine a single resource regarding hacking, this should be it
Technology and Pleasure: Considering Hacking Constructive http://firstmonday.org/issues/issue4_2/gisle
Fascinating VERY ALTERNATIVE discussion of history of the hacker community and hacker ideology
Concerning Hackers Who Break into Computer Systems
http://www-swiss.ai.mit.edu/6095/articles/denning_defense_hackers.txt
Interesting discussion of hackers, hacker ethics and how hacking relates to issues and practices of an information society
Active Matrix's Hideaway http://www.hideaway.net
Written by a "true hacker", one who seeks knowledge rather than robbery and destruction, this alternative site presents a view of hacking as an art and science
Hacking Documents http://www.houghton.demon.co.uk/hacking/document/index.htm
This is the source many use for initial ventures into hacking. It consists of 1) The Guide to Mostly Harmless Hacking, 2) Beginner's Documents, and 3) Other Various Documents. There is also a link called Hacking Archives. Quite user friendly, it becomes clear how kids could easily be lured into this site and its activities
Defcon 7 http://www.thecodex.com
Voted one of the top hackers sites by PC Magazine (is it any wonder our kids have little difficulty finding these sites?), this site consists of hundreds of links which walk individuals step-by-step through the myriad of different hackers activities
AstaLaVista H/C Search Engine http://astalavista.box.sk
Here's something new - a search engine designed for hackers. Includes links to all types of software, serial numbers, sniffers, etc
__________
Source: www.sharp-soft.net
How To Become A Hacker
Hacking
How To Become A Hacker
What Is a Hacker
The Jargon File contains a bunch of definitions of the term `hacker', most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant. There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest Arpanet experiments. The members of this culture originated the term `hacker'. Hackers built the Internet
Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker. The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music -- actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them "hackers" too -- and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term `hacker'.There is another group of people who loudly call themselves hackers, but aren't
These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people `crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word hacker' to describe crackers; this irritates real hackers no end.The basic difference is this: hackers build things, crackers break them.If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers
--------------------------------------------------
The Hacker Attitude
Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you -- for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters -- not just intellectually but emotionally as well.Or, as the following modern Zen poem has it
To follow the path
Look to the master
Follow the master
Walk with the master
See through the master
Become the master
So, if you want to be a hacker, repeat the following things until you believe them
------------------------------------------------
1- The world is full of fascinating problems waiting to be solved
Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.(You also have to develop a kind of faith in your own learning capacity -- a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece -- and so on, until you're done
------------------------------------------------
2- No problem should ever have to be solved twice
Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.To behave like a hacker, you have to believe that the thinking time of other hackers is precious -- so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it
------------------------------------------------
3- Boredom and drudgery are evil
Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do -- solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice -- nobody who can think should ever be forced into a situation that bores them
------------------------------------------------
4- Freedom is good
Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by -- and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing -- they only like `cooperation' that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible
adults. And you have to be willing to act on that belief
------------------------------------------------
5- Attitude is no substitute for competence
To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence -- especially competence at hacking, but competence at anything is good. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.If you revere competence, you'll enjoy developing it in yourself -- the hard work and dedication will become a kind of intense play rather than drudgery. And that's vital to becoming a hacker
------------------------------------------------
Basic Hacking Skills
The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following
------------------------------------------------
1- Learn how to program
This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.Java is also a good language for learning to program in. It is more difficult than Python, but produces faster code than Python
I think it makes an excellent second language.But be aware that you won't reach the skill level of a hacker or even merely a programmer if you only know one or two languages -- you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be
C is very efficient, & very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff -- it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.Other languages of particular importance to hackers include and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it
Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.LISP is worth learning for a different reason - the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot.It's best, actually, to learn all five of these (Python, Java, C/C++, Perl, and LISP). Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways
I can't give complete instructions on how to learn to program here -- it's a complex skill. But I can tell you that books and courses won't do it (many, maybe most of the best hackers are self-taught). You can learn language features -- bits of knowledge -- from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.Learning to program is like learning to write good natural language
The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic
------------------------------------------------
2- Get one of the open-source Unixes and learn to use and run it
I'm assuming you have a personal computer or can get access to one (these kids today have it so easy :-)). The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes, install it on a personal machine, and run it.Yes, there are other operating systems in the world besides Unix. But they're distributed in binary -- you can't read the code, and you can't modify it. Trying to learn to hack on a DOS or Windows machine or under MacOS is like trying to learn to dance while wearing a body cast.Besides, Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix
For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to
seriously dent it.)So, bring up a Unix -- I like Linux myself but there are other ways (and yes, you can run both Linux and DOS/Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker
For more about learning Unix, The Loginataka
To get your hands on a Linux, see the Where can I get Linux
You can find BSD Unix help and resources at http://www.bsd.org
I have written a primer on the basics of Unix and the Internet
Note: I don't really recommend installing either Linux or BSD as a solo project if you're a newbie. For Linux, find a local Linux user's group and ask for help; or contact the Open Projects Network. LISC maintains IRC channels where you can get help
-------------------------------------------------
3- Learn how to use the World Wide Web and write HTML
Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit is changing the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language
If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. (There are good beginner tutorials on the Web; here's one.)But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge -- very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).To be worthwhile, your page must have
content -- it must be interesting and/or useful to other hackers. And that brings us to the next topic
-------------------------------------------------
4- If you don't have functional English, learn it
As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.This is very true. Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue
it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide
community of developers for Linux. It's an example worth following
-------------------------------------------------
Status in the Hacker Culture
Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why you aren't really a hacker until other hackers consistently call you one
This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (now gradually decaying but still potent) against admitting that ego or external validation are involved in one's motivation at all.Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity and the results of your skill.There are basically five kinds of things you can do to be respected by hackers
-------------------------------------------------
1- Write open-source software
The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.(We used to call these works ``free software'', but this confused too many people who weren't sure exactly what ``free'' was supposed to mean. Most of us, by at least a 2:1 ratio according to web content analysis, now prefer the term ``open-source'' software).Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them
-------------------------------------------------
2- Help test and debug open-source software
They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.
-------------------------------------------------
3- Publish useful information
Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.Maintainers of major technical FAQs get almost as much respect as open-source authors
-------------------------------------------------
4- Help keep the infrastructure working
The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going -- administering mailing lists, moderating newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication
-------------------------------------------------
5- Serve the hacker culture itself
Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker :-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status
-------------------------------------------------
The Hacker/Nerd Connection
Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being a social outcast helps you stay concentrated on the really important things, like thinking and hacking.For this reason, many hackers have adopted the label `nerd' and even use the harsher term `geek' as a badge of pride -- it's a way of declaring their independence from normal social expectations. See The Geek Page for extensive discussion
If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.If you're attracted to hacking because you don't have a life, that's OK too -- at least you won't have trouble concenttrating. Maybe you'll get a life later on
-------------------------------------------------
Points For Style
Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the best ones I know of) are able writers.Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers). Study Zen, and/or take up martial arts
The mental discipline seems similar in important ways.) Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.Develop your appreciation of puns and wordplay.The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important (hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice
Finally, a few things not to do
Don't use a silly, grandiose user ID or screen name
Don't get in flame wars on Usenet or anywhere else
Don't call yourself a `cyberpunk', and don't waste your time on anybody who does
Don't post or email writing that's full of spelling errors and bad grammar
The only reputation you'll make doing any of these things is as a twit. Hackers have long memories -- it could take you years to live your early blunders down enough to be accepted. The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser
__________
Source: www.sharp-soft.net
E-Mail Hacking
E-Mail Hacking
Hacking is not much difficult task .Many people say that we hack Hotmail but only some people are able to do that
Various Method to Hack hotmail Account
By: Sharp Soft Sharp.Soft@hotmail.com
In this tutorial I am going to discuss the various ways of getting past the hotmail security systems
1) Brute Forcing
This method is extremely tedious, time consuming and useless. A Brute Forcing software tries to gain acsess to an account by the "hit and try" method. It has a dictionary list of (supposedly all) possible passwords and it tries all those passwords for that one username. A good Brute Forcer is the Munga Bunga's HTTP Brute Forcer
2) Fake Login screen
The victim can be fooled into typing his password into a fake login screen which looks similar to that of the actual hotmail login screen. Once he types in his login & password and clicks on sign-in, his details are mailed to your specified email address
3) Java Scripting & Cookies
Web Programmers tend to use relatively easy webbased languages at the expence of security (cross-scripting). These can be exploited
4) Keyloggers & Similar Trojans
Send him a keylogger which notes down all his keystrokes and then mails them to you. If he ever signs in into his hotmail account, his username and password will be sent to you
5) Hotmail Message Scanner
Some bright empiricist from Root-Core has discovered that anyone can log into their Hotmail account and then call messages from any other Hotmail account by crafting a URL with the second account's username and a valid message number
6) Verfication Auto Bot
This method is probably the lamest, least known but also the most sucessful method of hacking hotmail. For this i created a email address verificationautobot@hotmail.com
---------------------------------
Hotmail Hacking
This article directly aims at exploiting a security vulnerability in msn messenger which lets a hacker to steal out hotmail password of a victim just by using some system registry information and making a simple keylogger program in any language like C or Visual basic Before continuing I want you to think twice for execution of this method since it is direct hacking so you may be in trouble if caught
But as we people follow the principle of "NEVER GET CAUGHT" so what to think if you are a hacker J J Please note that hacking hotmail according to this article involves the need of a executable (.exe) file which is available along with this file
Hacking hotmail through msn messenger using the trick file is the easiest one.It does not involves any complecated stuff of entering deep into the scripts or downloading the password file and then going for decryption using cracker programs All you need to do is to send victim the trick file through msn messenger.When the victim executes the file its will show a fake out of memory error.Then just type in the following command
" ^ ^ " without quotation sign.. only ^ ^
"space^space^space" (hope u got it) without quotation mark
This command will log out the victim from msn messenger.When the victim logs back in just type anything and send to the victim through messenger and you will get the username and password of the victim
AINT IT COOL.. This method is particularly intended for newbies Guys experienced to hacking wont be busted by this method.I guess they wont run the file. If the victim doesn't run the file then this method wont work
__________
Source: www.sharp-soft.net
Dos Attack
Dos Attack
A- INTRODUCTION
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A-1. WHAT IS A DENIAL OF SERVICE ATTACK
---------------------------------------------------------
Denial of service is about without permission knocking off services, for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved
A-2. WHY WOULD SOMEONE CRASH A SYSTEM
-----------------------------------------------------------
A-2.1. INTRODUCTION
----------------------------
Why would someone crash a system? I can think of several reasons that I have personated more precisely in a section for each reason, but for short
Sub-cultural status
To gain access
Revenge
Political reasons
Economical reasons
Nastiness
I think that number one and six are the more common today, but that number four and five will be the more common ones in the future
A-2-2- SUB-CULTURAL STATUS
---------------------------
After all information about syn flooding a bunch of such attacks were launched around Sweden. The very most of these attacks were not a part of a IP-spoof attack, it was "only" a denial of service attack. Why? I think that hackers attack systems as a sub-cultural pseudo career and I think that many denial of service attacks, and here in the example syn flooding, were performed for these reasons. I also think that many hackers begin their carrer with denial of service attacks
A-2-3- TO GAIN ACCESS
------------------------------
Sometimes could a denial of service attack be a part of an attack to gain access at a system. At the moment I can think of these reasons and specific holes Some older X-lock versions could be crashed with a method from the denial of service family leaving the system open. Physical access was needed to use the workspace after Syn flooding could be a part of a IP-spoof attack method
Some program systems could have holes under the startup, that could be used to gain root, for ( example SSH secure shell )
Under an attack it could be usable to crash other machines in the network or to deny certain persons the ability to access the system Also could a system being booted sometimes be subverted, especially rarp-boots. If we know which port the machine listen to (69 could be a good guess) under the boot we can send false packets to it and almost totally control the boot
A-2-4- REVENGE
-------------------
A denial of service attack could be a part of a revenge against a user or an administrator
A-2-5. POLITICAL REASONS
-----------------------------------
Sooner or later will new or old organizations understand the potential of destroying computer systems and find tools to do it. For example imaginative the Bank A loaning company B money to build a factory threading the environment. The organization C therefore crash A:s computer system, maybe with help from an employee. The attack could cost A a great deal of money if the timing is right
A-2-6. ECONOMICAL REASONS
---------------------------------------
Imaginative the small company A moving into a business totally dominated by company B. A and B customers make the orders by computers and depends heavily on that the order is done in a specific time (A and B could be stock trading companies). If A and B can't perform the order the customers lose money and change company. As a part of a business strategy A pays a computer expert a sum of money to get him to crash B:s computer systems a number of times. A year later A is the dominating company
A-2-7. NASTINESS
----------------------
I know a person that found a workstation where the user had forgotten to logout. He sat down and wrote a program that made a kill -9 -1 at a random time at least 30 minutes after the login time and placed a call to the program from the profile file. That is nastiness
A-3. ARE SOME OPERATING SYSTEMS MORE SECURE
----------------------------------------------------------
This is a hard question to answer and I don't think that it will give anything to compare different Unix platforms. You can't say that one Unix is more secure against denial of service; it is all up to the administrator. A comparison between Windows 95 and NT on one side and Unix on the other could however be interesting. Unix systems are much more complex and have hundreds of built in programs, services... This always opens up many ways to crash the system from the inside. In the normal Windows NT and 95 networks is few ways to crash the system. Although were methods that always will work. That gives us that no big different between Microsoft and Unix can be seen regarding the inside attacks. But there is a couple of points left
- Unix has much more tools and programs to discover an attack and monitoring the users. To watch what another user is up to under windows is very hard.- The average Unix administrator probably also have much more experience than the average Microsoft administrator The two last p ints gives that Unix is more secure against inside denial of service attacks. A comparison between Microsoft and Unix regarding outside attacks are much more difficult. However I would like to say that the average Microsoft systems on the Internet are more secure against outside attacks, because they normally have much less services
B- SOME BASIC TARGETS FOR AN ATTACK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
B-1. SWAP SPACE
----------------------
Most systems have several hundred Mbytes of swap space to service client requests. The swap space is typical used for forked child processes, which have a short lifetime. The swap space will therefore almost never in a normal cause be used heavily. A denial of service could be based on a method that tries to fill up the swap space
B-2. BANDWIDTH
-----------------------
If the bandwidth is to high the network will be useless. Most denial of service attack influences the bandwidth in some way
B-3. KERNEL TABLES
---------------------------
It is trivial to overflow the kernel tables, which will cause serious problems on the system. Systems with write through caches and small write buffers are especially sensitive. Kernel memory allocation is also a target that is sensitive. The kernel have a kernel map limit, if the system reach this limit it can not allocate more kernel memory and must be rebooted. The kernel memory is not only used for RAM, CPU:s, screens and so on, it it also used for ordinaries processes. Meaning that any system can be crashed and with a mean (or in some sense good) algorithm pretty fast. For Solaris 2.X it is measured and reported with the SAR command how much kernel memory the system is using, but for SunOS 4.X there is no such command. Meaning that under SunOS 4.X you don't even can get a warning. If you do use Solaris you should write SAR -k 1 to get the information. Netstat -k can also be used and shows how much memory the kernel has allocated in the sub paging
B-4. RAM
----------------
A denial of service attack that allocates a large amount of RAM can make a great deal of problems. NFS and mail servers are actually extremely sensitive because they do not need much RAM and therefore often don't have much RAM. An attack at a NFS server is trivial. The normal NFS client will do a great deal of caching, but a NFS client can be anything including the program you wrote yourself
B.5. DISKS
-----------
A classic attack is to fill up the hard disk, but an attack at the disks can be so much more. For example can an overloaded disk be misused in many ways
B-6. CACHES
-------------------
A denial of service attack involving caches can be based on a method to block the cache or to avoid the cache. These caches are found on Solaris 2.X: Directory name lookup cache: Associates the name of a file with a vnode. Inode cache: Cache information read from disk in case it is needed again. Node cache: Holds information about the NFS files system. Buffer cache: Cache anode indirect blocks and cylinders to reeled disk I/O
B-7. INETD
----------------
Well once intend crashed all other services running through intend no longer will work
C- ATTACKING FROM THE OUTSIDE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C.1. TAKING ADVANTAGE OF FINGER
------------------------------------------------
Most fingered installations support redirections to an other host
Ex: $finger @system.two.com@system.one.com
finger will in the example go through system.one.com and on to system.two.com. As far as system.two.com knows it is system.one.com who is fingering. So this method can be used for hiding, but also for a very dirty denial of service attack. Lock at this
$ finger @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@host.we.attack
All those @ signs will get finger to finger host.we.attack again and again and again... The effect on host.we.attack is powerful and the result is high bandwidth, short free memory and a hard disk with less free space, due to all child processes (compare with .D.5.). The solution is to install a fingerd, which don't support redirections, for example GNU finger. You could also turn the finger service off, but I think that is just a bit too much
C-2. UDP AND SUNOS 4.1
----------------------------------
SunOS 4.1.3. is known to boot if a packet with incorrect information in the header is sent to it. This is the cause if the ip_options indicate a wrong size of the packet. The solution is to install the proper patch
C-3. FREEZING UP X-WINDOWS
----------------------------------------
If a host accepts a telnet session to the X-Windows port (generally somewhere between 6000 and 6025. In most cases 6000) could that be used to freeze up the X-Windows system. This can be made with multiple telnet connections to the port or with a program, which sends multiple XOpenDisplay () to the port. The same thing can happen to Motif or Open Windows. The solution is to deny connections to the X-Windows port
C.4. MALICIOUS USE OF UDP SERVICES
---------------------------------------------------
It is simple to get UDP services (echo, time, daytime, chargen) to loop, due to trivial IP-spoofing. The effect can be high bandwidth that causes the network to become useless. In the example the header claim that the packet came from 127.0.0.1 (loopback) and the target is the echo port at system.we.attack. As far as system.we.attack knows is 127.0.0.1 system.we.attack and the loop has been establish
Ex
from-IP=127.0.0.1
to-IP=system.we.attack
Packet type: UDP
from UDP port 7
to UDP port 7
Note that the name system.we.attack looks like a DNS-name, but the target should always be represented by the IP-number. Quoted from proberts@clark.net (Paul D. Robertson) comment on comp.security.firewalls on matter of "Introduction to denial of service " A great deal of systems don't put loop back on the wire, and simply emulate it. Therefore, this attack will only affect that machine in some cases. It's much better to use the address of a different machine on the same network. Again, the default services should be disabled in inetd.conf. Other than some hacks for mainframe IP stacks that don't support ICMP, the echo service isn't used by many legitimate programs, and TCP echo should be used instead of UDP where it is necessary
C-5. ATTACKING WITH LYNX CLIENTS
---------------------------------
A World Wide Web server will fork an httpd process as a respond to a request from a client, typical Netscape or Mosaic. The process lasts for less than one second and the load will therefore never show up if someone uses ps. In most causes it is therefore very safe to launch a denial of service attack that makes use of multiple W3 clients, typical lynx clients. But note that the netstat command could be used to detect the attack (thanks to Paul D. Robertson). Some httpd: (for example http-gw) will have problems besides the normal high bandwidth, low memory... And the attack can in those causes get the server to loop compare with .C.6
C-6. MALICIOUS USE OF telnet
----------------------------------------
Study this little script
Ex
while: ; do
telnet system.we.attack & done
An attack using this script might eat some bandwidth, but it is nothing compared to the finger method or most other methods. Well the point is that some pretty common firewalls and httpd:s thinks that the attack is a loop and turn them self down, until the administrator sends kill -HUP. This is a simple high-risk vulnerability that should be checked and if present fixed
C-7. MALICIOUS USE OF telnet UNDER SOLARIS 2.4
---------------------------------------------------------------
If the attacker makes a telnet connections to the Solaris 2.4 host and quits using
Ex
Control-}
quit
then will inetd keep going "forever". Well a couple of hundred
The solution is to install the proper patch
C-8. HOW TO DISABLE ACCOUNTS
-----------------------------
Some systems disable an account after N number of bad logins, or waits N seconds. You can use this feature to lock out specific users from the system
C-9. LINUX AND TCP TIME, DAYTIME
-----------------------------------------------
Inetd under Linux is known to crash if to many SYN packets sends to daytime (port 13) and/or time (port 37). The solution is to install the proper patch
C-10. HOW TO DISABLE SERVICES
--------------------------------------------
Most Unix systems disable a service after N sessions have been open in a given time. Well most systems have a reasonable default (lets say 800 - 1000), but not some SunOS systems that have the default set to 48...The solutions is to set the number to something reasonable
C-11. PARAGON OS BETA R1.4
--------------------------------------
If someone redirects an ICMP (Internet Control Message Protocol) packet to a paragon OS beta R1.4 will the machine freeze up and must be rebooted. An ICMP redirect tells the system to override routing tables. Routers use this to tell the host that it is sending to the wrong router. The solution is to install the proper patch
C-12. NOVELLS NETWARE FTP
---------------------------------------
Novells Netware FTP server is known to get short of memory if multiple ftp sessions connects to it
C-13. ICMP REDIRECT ATTACKS
----------------------------------------
Gateways uses ICMP redirect to tell the system to override routing tables, that is telling the system to take a better way. To be able to misuse ICMP redirection we must know an existing connection (well we could make one for ourself, but there is not much use for that). If we have found a connection we can send a route that loses it connectivity or we could send false messages to the host if the connection we have found don't use cryptation
Ex: false messages to send
DESTINATION UNREACHABLE
TIME TO LIVE EXCEEDED
PARAMETER PROBLEM
PACKET TOO BIG
The effect of such messages is a reset of the connection. The solution could be to turn ICMP edirects off, not much proper use of the service
C-14. BROADCAST STORMS
-------------------------------------
This is a very popular method in networks there all of the hosts are acting as gateways. There are many versions of the attack, but the basic method is to send a lot of packets to all hosts in the network with a destination that don't exist. Each host will try to forward each packet so the packets will bounce around for a long time. And if new packets keep coming the network will soon be in trouble.Services that can be misused as tools in this kind of attack is for example ping, finger and sendmail. But most services can be misused in some way or another
C-15. EMAIL BOMBING AND SPAMMING
---------------------------------------------------
In a email bombing attack the attacker will repeatedly send identical email messages to an address. The effect on the target is high bandwidth, a hard disk with less space and so on... Email spamming is about sending mail to all (or rather many) of the users of a system. The point of using spamming instead of bombing is that some users will try to send a replay and if the address is false will the mail bounce back. In that cause have one mail transformed to three mails. The effect on the bandwidth is obvious.There is no way to prevent email bombing or spamming. However have a look at CERT:s paper "Email bombing and spamming
C-16. TIME AND KERBEROS
-------------------------------------
If not the the source and target machine is closely aligned will the ticket be rejected, that means that if not the protocol that set the time is protected it will be possible to set a kerberos server of function
C-17. THE DOT DOT BUG
-------------------------------
Windows NT file sharing system is vulnerable to the under Windows 95 famous dot dot bug (dot dot like ..). Meaning that anyone can crash the system. If someone sends a "DIR ..\" to the workstation will a STOP messages appear on the screen on the Windows NT computer. Note that it applies to version 3.50 and 3.51 for both workstation and server version. The solution is to install the proper patch
C-18. SUNOS KERNEL PANIC
------------------------------------
Some SunOS systems (running TIS?) will get a kernel panic if a getsockopt() is done after that a connection has been reset. The solution could be to install Sun patch 100804
C-19. HOSTILE APPLETS
-------------------------------
A hostile applet is any applet that attempts to use your system in an inappropriate manner. The problems in the java language could be sorted in two main groups
Problems due to bugs
Problems due to features in the language *
* In-group one we have for example the java byte code verifier bug, which makes is possible for an applet to execute any command that the user can execute. Meaning that all the attack methods described in. D.X. could be executed through an applet. The java byte code verifier bug was discovered in late March 1996 and no patch has yet been available (correct me if I’m wrong!!!) Note that two other bugs could be found in group one, but they are both fixed in Netscape 2.01 and JDK 1.0.1 Group two are more interesting and one large problem found is the fact that java can connect to the ports. Meaning that all the methods described in. C.X. can be performed by an applet. More information and examples could be found at address
http://www.math.gatech.edu/~mladue/HostileArticle.html
If you need a high level of security you should use some sort of firewall for protection against java. As a user you could have java disable
C-20. VIRUS
------------------
Computer virus is written for the purpose of spreading and destroying systems. Virus is still the most common and famous denial of service attack method.It is a misunderstanding that virus writing is hard. If you know assembly language and have source code for a couple of virus it is easy. Several automatic toolkits for virus construction could also be found, for example
Genvir
VCS Virus Construction Set)
VCL Virus Construction Laboratory)
PS-MPC Phalcon/Skism - Mass Produced Code Generator)
IVP Instant Virus Production Kit)
G2 G Squared)
PS-MPC and VCL is known to be the best and can help the novice programmer to learn how to write virus..An automatic tool called MtE could also be found. MtE will transform virus to a polymorphic virus. The polymorphic engine of MtE is well known and should easily be catch by any scanner
C.21. ANONYMOUS FTP ABUSE
----------------------------------------
If an anonymous FTP archive have a writable area it could be misused for a denial of service attack similar with with .D.3. That is we can fill up the hard disk.Also can a host get temporarily unusable by massive numbers of FTP requests.For more information on how to protect an anonymous FTP site could CERT:s "Anonymous FTP Abuses" be a good start
C-22. SYN FLOODING
--------------------------------
Both 2600 and Phrack have posted information about the syn flooding attack. 2600 have also posted exploit code for the attack. As we know the syn packet is used in the 3-way handshake. The syn flooding attack is based on an incomplete handshake. That is the attacker host will send a flood of syn packet but will not respond with an ACK packet. The TCP/IP stack will wait a certain amount of time before dropping the connection, a syn flooding attack will therefore keep the syn_received connection queue of the target machine filled..The syn flooding attack is very hot and it is easy to find more information about it, for example
http://www.eecs.nwu.edu/~jmyers/bugtraq/1354.html Article by Christopher Klaus, including a "solution"
http://jya.com/floodd.txt 2600, Summer, 1996, pp. 6-11. FLOOD WARNING by Jason Fairlane
http://www.fc.net/phrack/files/p48/p48-14.html IP-spoofing Demystified by daemon9 / route / infinity for Phrack Magazine
C-23. PING FLOODING
------------------------------
I haven't tested how big the impact of a ping flooding attack is, but it might be quite big. Under Unix we could try something like: ping -s host to send 64 bytes packets. If you have Windows 95, click the start button, select RUN, then type in: PING -T -L 256 xxx.xxx.xxx.xx. Start about 15 sessions
C-24. CRASHING SYSTEMS WITH PING FROM WINDOWS 95 MACHINES
----------------------------------------------------------
If someone can ping your machine from a Windows 95 machine he or she might reboot or freeze your machine. The attacker simply writes
ping -l 65510 address.to.the.machine and the machine will freeze or reboot
Works for kernel 2.0.7 up to version 2.0.20. And 2.1.1. For Linux crash)
AIX4, OSF, HPUX 10.1, DUnix 4.0 crash)
OSF/1, 3.2C, Solaris 2.4 x86 reboot)
C-25. MALICIOUS USE OF SUBNET MASK REPLY MESSAGE
------------------------------------------------------------------------
The subnet mask reply message is used under the reboot, but some hosts are known to accept the message any time without any check. If so all communication to or from the host us turned off, it's dead.The host should not accept the message any time but under the reboot
C.26. FLEXlm
-----------------
Any host running FLEXlm can get the FLEXlm license manager daemon on any network to shutdown using the FLEXlm lmdown command
lmdown -c /etc/licence.dat #
lmdown - Copyright (C) 1989, 1991 Highland Software, Inc
Shutting down FLEXlm on nodes: xxx
Are you sure? [y/n]: y
Shut down node xxx
#
C-27. BOOTING WITH TRIVIAL FTP
--------------------------------------------
To boot diskless workstations one often use trivial ftp with rarp or bootp. If not protected an attacker can use tftp to boot the host
D- ATTACKING FROM THE INSIDE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
D-1. KERNEL PANIC UNDER SOLARIS 2.3
------------------------------------
Solaris 2.3 will get a kernel panic if this is executed
EX
$ndd /dev/udp udp_status
The solution is to install the proper patch
D-2. CRASHING THE X-SERVER
---------------------------
If stickybit is not set in /tmp then can the file /tmp/.x11-unix/x0 be removed and the x-server will crash
Ex
$ rm /tmp/.x11-unix/x0
D-3. FILLING UP THE HARD DISK
-----------------------------
If your hard disk space is not limited by a quota or if you can use /tmp then it`s possible for you to fill up the file system
Ex
while
mkdir .xxx
cd .xxx
done
D-4. MALICIOUS USE OF eval
---------------------------
Some older systems will crash if eval '\!\!' is executed in the C-shell
Ex
% eval '\!\!'
D-5. MALICIOUS USE OF fork
-----------------------------
If someone executes this C++ program the result will result in a crash on most systems
Ex
#include
#include
#include
main()
{
int x
while(x=0;x<1000000;x++)>
D-6. CREATING FILES THAT IS HARD TO REMOVE
-------------------------------------------
Well all files can be removed, but here is some ideas
Ex.I
$ cat > -xxx
^C
$ ls
-xxx
$ rm -xxx
rm: illegal option -- x
rm: illegal option -- x
rm: illegal option -- x
usage: rm [-fiRr] file
$
Ex.II
$ touch xxx!
$ rm xxx!
rm: remove xxx! (yes/no)? y
$ touch xxxxxxxxx!
$ rm xxxxxxxxx!
bash: !": event not found
$
(You see the size do count)
Other well know methods is files with odd characters or spaces in the name. These methods could be used in combination with ".D.3 FILLING UP THE HARDDISK". If you do want to remove these files you must use some sort of script or a graphical interface like OpenWindow:s File Manager. You can also try to use: rm ./ . It should work for the first example if you have a shell
D-7. DIRECTORY NAME LOOKUPCACHE
--------------------------------
Directory name lookupcache (DNLC) is used whenever a file is opened. DNLC associates the name of the file to a vnode. But DNLC can only operate on files with names that has less than N characters (for SunOS 4.x up to 14 character, for Solaris 2.x up 30 characters). This means that it's dead easy to launch a pretty discreet denial of service attack.Create lets say 20 directories (for a start) and put 10 empty files in every directory. Let every name have over 30 characters and execute a script that makes a lot of ls -al on the directories. If the impact is not big enough you should create more files or launch more processes
D-8. CSH ATTACK
----------------
Just start this under /bin/csh (after proper modification) and the load level will get very high (that is 100% of the cpu time) in a very short time
Ex
|I /bin/csh
nodename : **************b
D-9. CREATING FILES IN /tmp
----------------------------
Many programs creates files in /tmp, but are unable to deal with the problem if the file already exist. In some cases this could be used for a denial of service attack
D-10. USING RESOLV_HOST_CONF
-----------------------------
Some systems have a little security hole in the way they use the RESOLV_HOST_CONF variable. That is we can put things in it and through ping access confidential data like /etc/shadow or crash the system. Most systems will crash if /proc/kcore is read in the variable and access through ping
Ex
$ export RESOLV_HOST_CONF="/proc/kcore" ; ping asdf
D-11. SUN 4.X AND BACKGROUND JOBS
----------------------------------
Thanks to Mr David Honig <honig@amada.net> for the following
" Put the string "a&" in a file called "a" and perform "chmod +x a". Running "a" will quickly disable a Sun 4.x machine, even disallowing (counter to specs) root login as the kernel process table fills " The cute thing is the size of the script, and how few keystrokes it takes to bring down "a Sun as regular user
D-12. CRASHING DG/UX WITH ULIMIT
---------------------------------
ulimit is used to set a limit on the system resources available to the shell. If ulimit 0 is called before /etc/passwd, under DG/UX, will the passwd file be set to zero
D-13. NETTUNE AND HP-UX
------------------------
/usr/contrib/bin/nettune is SETUID root on HP-UX meaning that any user can reset all ICMP, IP and TCP kernel parameters, for example the following parameters
arp_killcomplete -
arp_killincomplete -
arp_unicast -
arp_rebroadcast -
icmp_mask_agent -
ip_defaultttl -
ip_forwarding -
ip_intrqmax -
pmtu_defaulttime -
tcp_localsubnets -
tcp_receive -
tcp_send -
tcp_defaultttl -
tcp_keepstart -
tcp_keepfreq -
tcp_keepstop -
tcp_maxretrans -
tcp_urgent_data_ptr -
udp_cksum -
udp_defaultttl -
udp_newbcastenable -
udp_pmtu -
tcp_pmtu -
tcp_random_seq -
The solution could be to set the proper permission on /sbin/mount_union
chmod u-s /sbin/mount_union #
D-14. SOLARIS 2.X AND NFS
--------------------------
If a process is writing over NFS and the user goes over the disk quota will the process go into an infinite loop
D-15. SYSTEM STABILITY COMPROMISE VIA MOUNT_UNION
--------------------------------------------------
By executing a sequence of mount_union commands any user can cause a system reload on all FreeBSD version 2.X before 1996-05-18
mkdir a $
mkdir b $
mount_union ~/a ~/b $
mount_union -b ~/a ~/b $
The solution could be to set the proper permission on
/sbin/mount_union
chmod u-s /sbin/mount_union #
D-16. trap_mon CAUSES KERNEL PANIC UNDER SUNOS 4.1.X
----------------------------------------------------
Executing the trap_mon instruction from user mode can cause a kernel panic or a window underflow watchdog reset under SunOS 4.1.x, sun4c architecture
E- DUMPING CORE
~~~~~~~~~~~~~~~~
E-1. SHORT COMMENT
-------------------
The core dumps things don't really belongs in this paper but I have put them here anyway
E-2. MALICIOUS USE OF NETSCAPE
-------------------------------
Under Netscape 1.1N this link will result in a segmentation fault and a core dump
Ex
http://xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx
xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx
< ... xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx
E-3. CORE DUMPED UNDER WUFTPD
------------------------------
A core dumped could be created under wuftp with two different methods
Then pasv is given (user not logged in (ftp -n)). Almost all versions of BSD:s ftpd -
More than 100 arguments is given with any executable command. Presents in all versions of BSD:sd ftpd
E-4. ld UNDER SOLARIS/X86
--------------------------
Under Solaris 2.4/X86 ld dumps core if given with the -s option
F- HOW DO I PROTECT A SYSTEM AGAINST DENIAL OF SERVICE ATTACKS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
F-1. BASIC SECURITY PROTECTION
-------------------------------
F-1.1. INTRODUCTION
--------------------
You can not make your system totally secured against denial of service attacks but for attacks from the outside you can do a lot. I put this work list together and hope that it can be of some use
F-1.2. SECURITY PATCHES
------------------------
Always install the proper security patches. As for patch numbers I don't want to put them out, but that doesn't matter because you anyway want to check that you have all security patches installed, so get a list and check! Also note that patches change over time and that a solution suggested in security bulletins (i.e. CERT) often is somewhat temporary
F-1.3. PORT SCANNING
---------------------
Check which services you have. Don't check with the manual or some configuration file, instead scan the ports with sprobe or some other port scanner. Actual you should do this regualy to see that anyone don't have installed a service that you don't want on the system (could for example be service used for a pirate site).Disable every service that you don't need, could for example be rexd, fingerd, systat, netstat, rusersd, sprayd, pop3, uucpd, echo, chargen, tftp, exec, ufs, daytime, time... Any combination of echo, time, daytime and chargen is possible to get to loop. There is however no need to turn discard off. The discard service will just read a packet and discard it, so if you turn off it you will get more sensitive to denial of service and not the opposite.Actual can services be found on many systems that can be used for denial of service and brute force hacking without any logging. For example Stock rexec never logs anything. Most popd:s also don't log anything
F-1.4. CHECK THE OUTSIDE ATTACKS DESCRIBED IN THIS PAPER
---------------------------------------------------------
Check that attacks described in this paper and look at the solution. Some attacks you should perform yourself to see if they apply to your system, for example
Freezing up X-Windows -
Malicious use of telnet -
How to disable services -
SunOS kernel panic -
Attacking with lynx clients -
Crashing systems with ping from Windows 95 machines -
That is stress test your system with several services and look at the effect
Note that Solaris 2.4 and later have a limit on the number of ICMP error messages (1 per 500 ms I think) that can cause problems then you test your system for some of the holes described in this paper. But you can easy solve this problem by executing this line
/usr/sbin/ndd -set /dev/ip ip_icmp_err_interval 0 $
F-1.5. CHECK THE INSIDE ATTACKS DESCRIBED IN THIS PAPER
--------------------------------------------------------
Check the inside attacks, although it is always possibly to crash the system from the inside you don't want it to be to easy. Also have several of the attacks applications besides denial of service, for example
Crashing the X-Server: If stickybit is not set in /tmp a number of attacks to gain access can be performed
Using resolv_host_conf: Could be used to expose confidential data like /etc/shadow -
Core dumped under wuftpd: Could be used to extract password-strings -
If I don't have put out a solution I might have recommended son other paper. If not I don't know of a paper with a solution I feel that I can recommend. You should in these causes check with your company
F-1.6. EXTRA SECURITY SYSTEMS
------------------------------
Also think about if you should install some extra security systems. The basic that you always should install is a logdaemon and a wrapper. A firewall could also be very good, but expensive. Free tools that can be found on the Internet is for example
TYPE: NAME: URL
LOGDAEMON NETLOG ftp://net.tamu.edu/pub/security/TAMU
WRAPPER TCP WRAPPERS ftp://cert.org/pub/tools/tcp_wrappers
FIREWALL TIS ftp://ftp.tis.com/pub/firewalls/toolkit
Note that you should be very careful if building your own firewall with TIS or you might open up new and very bad security holes, but it is a very good security packer if you have some basic knowledge. It is also very good to replace services that you need, for example telnet, rlogin, rsh or whatever, with a tool like ssh. Ssh is free and can be found at URL
ftp://ftp.cs.hut.fi/pub/ssh
The addresses I have put out are the central sites for distributing and I don't think that you should use any other except for CERT
For a long list on free general security tools I recommend: "FAQ: Computer Security Frequently Asked Questions
F-1.7. MONITORING SECURITY
---------------------------
Also monitor security regular, for example through examining system log files, history files... Even in a system without any extra security systems could several tools be found for monitoring, for example
uptime -
showmount -
ps -
netstat -
finger -
(see the man text for more information)
F-1.8. KEEPING UP TO DATE
--------------------------
It is very important to keep up to date with security problems. Also understand that then, for example CERT, warns for something it has often been dark-side public for sometime, so don't wait. The following resources that helps you keeping up to date can for example be found on the Internet
CERT mailing list. Send an e-mail to cert@cert.org to be placed on the list -
Bugtraq mailing list. Send an e-mail to bugtraq-request@fc.net -
WWW-security mailing list. Send an e-mail to Sharp.Soft@yahoo.com
F-1.9. READ SOMETHING BIGGER AND BETTER
----------------------------------------
Let's start with papers on the Internet. I am sorry to say that it is not very many good free papers that can be found, but here is a small collection and I am sorry if have have over looked a paper
The Rainbow books is a long series of free books on computer security. US citizens can get the books from
INFOSEC AWARENESS OFFICE
National Computer Security Center
9800 Savage Road
Fort George G. Meader, MD 20755-600
We other just have to read the papers on the World Wide Web. Every paper can not however be found on the Internet
"Improving the security of your Unix system" by Curry is also very nice if you need the very basic things. If you don't now anything about computer security you can't find a better start
"The WWW security FAQ" by Stein is although it deal with W3-security the very best better on the Internet about computer security
CERT has also published several good papers, for example
Anonymous FTP Abuses -
Email Bombing and Spamming -
Spoofed/Forged Email -
Protecting you from password file attacks -
I think however that the last paper has overlooked several things
For a long list on papers I can recommend: "FAQ: Computer Security Frequently Asked Questions"
Also see section ".G. SUGGESTED READING"
You should also get some big good commercial book, but I don't want to recommend any
F-2. MONITORING PERFORMANCE
----------------------------
F-2.1. INTRODUCTION
--------------------
There is several commands and services that can be used for monitoring performance. And at least two good free programs can be found on Internet
F-2.2. COMMANDS AND SERVICES
-----------------------------
For more information read the man text
Netstat Show network status
Nfsstat Show NFS statistics
Sar System activity reporter. Vmstat Report virtual memory statistics. Timex Time a command, report process data and system activity. Time a simple command. Truss Trace system calls and signals. Uptime Show how long the system has been up. Note that if a public netstat server can be found you might be able to use netstat from the outside. Netstat can also give information like tcp sequence numbers and much more
F-2.3. PROGRAMS
----------------
Proctool: Proctool is a freely available tool for Solaris that monitors and controls process. ftp://opcom.sun.ca/pub/binaries/
Top: Top might be a simpler program than Proctool, but is good enough
F-2.4. ACCOUNTING
------------------
To monitor performance you have to collect information over a long period of time. All Unix systems have some sort of accounting logs to identify how much CPU time, memory each program uses. You should check your manual to see how to set this up. You could also invent your own account system by using crontab and a script with the commands you want to run. Let crontab run the script every day and compare the information once a week. You could for example let the script run the following commands
netstat -
iostat -D -
vmstat -
G- SUGGESTED READING
~~~~~~~~~~~~~~~~~~~~~
F-1. INFORMATION FOR DEEPER KNOWLEDGE
-------------------------------------
Hedrick, C. Routing Information Protocol. RFC 1058, 1988 -
Mills, D.L. Exterior Gateway Protocol Formal Specification. RFC 904, 1984 -
Postel, J. Internet Control Message Protocol. RFC 792, 1981 -
Harrenstien, K. NAME/FINGER Protocol, RFC 742, 1977 -
Sollins, K.R. The TFTP Protocol, RFC 783, 1981 -
Croft, W.J. Bootstrap Protocol, RFC 951, 1985 -
Many of the papers in this category was RFC-papers. A RFC-paper is a paper that describes a protocol. The letters RCS stands for Request For Comment. Hosts on the Internet are expected to understand at least the common ones. If you want to learn more about a protocol it is always good to read the proper RFC. You can find a nice sRFC index search form at URL
http://pubweb.nexor.co.uk/public/rfc/index/rfc.html
F-2. KEEPING UP TO DATE INFORMATION
------------------------------------
CERT mailing list. Send an e-mail to cert@cert.org to be placed on the list
Bugtraq mailinglist. Send an e-mail to bugtraq-request@fc.net 3- WWW-security mailinglist. Send an e-mail to www-security@ns2.rutgers.edu
Sun Microsystems Security Bulletins
Various articles from: - comp.security.announce
comp.security.unix -
comp.security.firewalls -
Varius 40Hex Issues
F-3. BASIC INFORMATION
-----------------------
* Husman, H. INTRODUKTION TILL DATASÄKERHET UNDER X-WINDOWS, 1995
* Husman, H. INTRODUKTION TILL IP-SPOOFING, 1995
* The following rainbow books: - Teal Green Book Glossary of Computer Security Terms)
* Bright Orange Book A Guide to Understanding Security Testing and Test Documentation in Trusted Systems
* C1 Technical Report-001 (Computer Viruses: Preventation, Detection, and Treatment)
Ranum, Marcus. Firewalls, 1993
* Sun Microsystems, OpenWindows V3.0.1. User Commands, 1992
* Husman, H. ATT SPÅRA ODOKUMENTERADE SÄKERHETSLUCKOR, 1996
* Dark OverLord, Unix Cracking Tips, 1989
* Shooting Shark, Unix Nasties, 1988
* LaDue, Mark.D. Hostile Applets on the Horizone, 1996
* Curry, D.A. Improving the security of your Unix system, 1990
* Stein, L.D. The World Wide Web security FAQ, 1995
* Bellovin, S.M. Security Problems in the TCP/IP Protocol, 1989
__________
Source: www.sharp-soft.net
OBK/Yahoo Bandwith Measurer
OBK/Yahoo Bandwith Measurer
I started experimenting (as you do when you're a bored programmer) last version of OBK annoyed me in the sense that if you started booting someone regardless of connection it shows you how much data (if you had an extremely unrealistic connection)
What i did to test this was i created my own server on 5085 (simulated a yahoo server) and i was managing to peak my transfer rate over a single socket at >400k/s without any optimization. Reason for trying this was simply because at the moment my up and download speed is 64kbit with a max of 8k/s... so i emulated the server to see what it could do in theory and in theory if you have a good upload speed you too can blast someone at 400k/s across the yahoo network.
Now then, this version is totally accurate if you have a slow upload speed this will look like it's crawling, this shows how many packets what you CAN upload as supposed to most (including my own) what you really are getting.
in programming terms if you send "Hello" what you're actually doing (if it's a none blocking socket) is you send "Hello" and it returns instantly, if you send a 10k string of "hello hello hello" under async it returns back instantly even though there's no way on this planet it was sent that quickly, internally what happens is your string gets sent to winsock and winsock will buffer your string and then send it piece by piece, now while this is happening your timer which happens every 1 - 10ms gets called and again it tries to send 10k again, this time the routine sends back -1 meaning "no no you gave me data, wait...." and every 5 ms you'll get -1 until 8 seconds or so later on a slow connection you'll get back 80222 or whatever to say yes we just took the data, now you'll get -1 again lol
Winsock handles a nice large buffer to send, you could send 100k's worth and just sit there for 30 seconds not sending anything again it's left control of the program and programmer and windows deals with it internally, so i explored this and wrote a nice little 1 second timer resolution bandwidth calculator to watch it properly
Link Download:
__________
Source: www.viprasys.com - cjdelphi
VBS WG
VBS WG
Welcome to Vbswg 2 beta Help.
First of all, Thanx for downlading Vbswg 2 beta.
This version doesn't have all that it would have, because i've rewrite all the code because of the vbswg 1.50b source lost.
That's why there hasn't been updates since now, because i've lost all the code when my hd died.
Well, i think that that's all.
Link Download
Wargames (1983)
Wargames (1983)
A teenaged computer genius taps into NORAD's defense computers and almost starts World War III.
Production Status: Released
Logline: A young hacker must help the government stop a program he's set into motion from starting a thermo-nuclear war.
Genres: Action/Adventure, Comedy, Drama and Thriller
Running Time: 1 hr. 53 min.
MPAA Rating: PG
Production Co.:
Sherwood Productions
Studios:
Metro-Goldwyn-Mayer Studios Inc. (MGM)
Filming Locations:
Newhalem, Mount Vernon, Seattle, and Steilacoom, Washington
Produced in: United States
Production Status: Released
Logline: A young hacker must help the government stop a program he's set into motion from starting a thermo-nuclear war.
Genres: Action/Adventure, Comedy, Drama and Thriller
Running Time: 1 hr. 53 min.
MPAA Rating: PG
Production Co.:
Sherwood Productions
Studios:
Metro-Goldwyn-Mayer Studios Inc. (MGM)
Filming Locations:
Newhalem, Mount Vernon, Seattle, and Steilacoom, Washington
Produced in: United States
Download
http://films.0x7.net/www.web-hack.ru...WarGames_1.avi
http://films.0x7.net/www.web-hack.ru...WarGames_2.avi
Source: www.viprasys.com
Antitrust
Antitrust
Milo is an idealistic young computer genius with an artist girlfriend and a golden future. He's about to launch a start-up company with his friend Teddy, when he's recruited by NURV, a multi-billion dollar corporation, run by his professional hero, Gary Winston. When Winston takes a personal interest in Milo, he soon caught up in the exciting challenge of realizing Winston's vision. Winston is an inspired mentor and no problem remains unsolved for long, but new developments are brought to Milo with such speed and frequency, he begins to doubt their source. Tragedy strikes and Milo's doubts become suspicions. It looks as if the company will stop at nothing to win. He investigates and the consequences become more and more unnerving, until there is no one left to trust and this twenty-first century David stands alone against Goliath.
Also Known As:
Anti-Trust
Production Status: Released
Logline: A company puts a hit on a computer hacker.
Genres: Drama and Thriller
Running Time: 1 hr. 50 min.
Release Date: January 12, 2001 Nationwide
MPAA Rating: PG-13 for some violence and brief language.
Distributors:
MGM Distribution Company
Production Co.:
Cub Two Productions, Industry Entertainment, Hyde Park Entertainment
Studios:
Metro-Goldwyn-Mayer Studios Inc. (MGM)
U.S. Box Office: $10,965,209
Filming Locations:
Vancouver, British Columbia, Canada
California, USA
Produced in: United States
DOWNLOAD
http://films.0x7.net/www.web-hack.ru/AntiTrust.avi
Source: www.viprasys.com
Hacker 2 Operation Takedown
Hacker 2 Operation Takedown
Kevin Mitnick is quite possibly the best hacker in the world. Hunting for more and more information, seeking more and morecybertrophies every day, he constantly looks for bigger challenges. When he breaks into the computer of a security expert and an ex-hacker.
Source: www.viprasys.com
The Code Linux
The Code Linux
" Linux is more than just an alternative operating system. It's also aculture with its own ethics, gods, myths and heroes."
" Through this film, Linux is traced from its early days as a hobby projectof Linus Torvalds's, through its rapid rise in popularity and number ofusers, to the dot-com boom and bust, and beyond. The differing ideologies ofRichard "GNU" Stallman and Eric "Open Source" Raymond are also explored.
Anybody who has been following Linux for very long, reading websites like Slashdot and Eric Raymond's "Cathedral and the Bazaar" essay will probably already know most this. However, for those people, the film does offer a chance to see and hear these Linux icons talk--putting faces and voices to people who might otherwise have been just words on a screen.
Despite its Finnish origin, most of this documentary is in English--either the naturally-spoken English of most of the Linux personalities, or a heavily-accented voiceover narrator--with Finnish subtitles. Only a few of the interviewees (Linus Torvalds's parents, employees of Chinese Linux corporations) are untranslated (since, after all, the show was originally aimed at Finns)."
" The film, explores the human side of the open source and free software movements, telling the inside story of the hackers and programmers rebelling against the corporate machine."
DOWNLOAD
Source: www.viprasys.com
TRON
TRON
A video game designer trying to prove a big time executive stole his idea is sucked into a corporation's mainframe where
programs are personified counterparts of their writers and "users" are subjects of religious faith. A well-crafted and
scripted metaphor, TRON benefits from breakthrough computer animation.
Production Status: Released
Logline: A video game designer enters a computer and battles the games he helped create.
Genres: Science Fiction/Fantasy
Running Time: 1 hr. 36 min.
MPAA Rating: PG
Distributors:
Buena Vista Pictures Distribution, Buena Vista Worldwide Home Entertainment
Studios:
Walt Disney Pictures
Produced in: United States
DOWNLOAD
The Net 2
The Net 2
A computer systems analyst from Los Angeles arrives in Istanbul to start a new job only to have her identity stolen, her
credit cards invalid, and her bank accound emptied. The analyst finds herself on the run from authorities after they accuse
her of murdering a cop and stealing $14 million dollars.
Production Status: In Production/Awaiting Release
Genres: Thriller
Production Co.:
Winkler Films
Studios:
Columbia TriStar Motion Picture Group
Filming Locations:
Istanbul
Produced in: United States
DOWNLOAD
THE NET
THE NET
As a favor to her colleague, Dale Hessman, freelance computer analyst Angela Bennett conducts a preliminary analysis of a
puzzling "beta" prototype of a new Internet program that peculiarly allows the user access to such highly sensitive databases
as the Federal Reserve Board, the IRS, and the Atomic Energy Commission. After Dale is mysteriously killed in a plane crash,
Angela travels to Mexico for a long-delayed vacation. She meets Jack Devlin, a charming young businessman who seems to share
her outlook on the world. But shortly thereafter, Angela is nearly killed and her keys, passport, and all identification
papers are lost. She soon learns that using the Internet, someone has altered every record of her life and given her a new
name, identity, and a falsified police record. With little money, no identification and no credibility, Angela must summon
the strength and resources to fight the seemingly unbeatable forces determined to silence her.
Production Status: Released
Genres: Drama, Romance and Thriller
Running Time: 1 hr. 54 min.
Release Date: July 28, 1995
MPAA Rating: PG-13
Distributors:
Sony Pictures Releasing
Production Co.:
Winkler Films
Studios:
Columbia TriStar Motion Picture Group
U.S. Box Office: $49,447,493
Filming Locations:
Los Angeles, California, USA
San Francisco, California, USA
Washington, DC, USA
Produced in: United States
DOWNLOAD
SWORD FISH
SWORD FISH
Cyberspace is a world protected by firewalls, passwords and the most advanced security systems. In this world we hide our
deepest secrets, our most incriminating information, and of course, a whole lot of money. This is the world of Swordfish.
Gabriel Shear, a charismatic and dangerous spy, needs to get inside this world. If he can get in, billions in illegal
government funds wait for the taking. To actually steal the money, however, he'll need the help of Stanley Jobson, a former
superhacker who's now desperate and penniless. Stanley has been forbidden to get within 50 yards of the nearest electronics
store after doing time for wreaking havoc on the FBI's controversial high-tech cyber surveillance operations. Gabriel and his
beautiful partner Ginger lure Stanley into their clandestine world, baiting him with the things he can't have - a chance to
reunite with Holly, the daughter he lost during a bitter divorce battle and the opportunity to start a new life.
Also Known As:
Operation Espadon
Production Status: Released
Logline: The CIA hires a spy to get a recently parolled computer hacker to help embezzle government funds.
Genres: Action/Adventure, Drama, Thriller and Crime/Gangster
Running Time: 1 hr. 39 min.
Release Date: June 8, 2001 Nationwide
MPAA Rating: R for violence, language and some sexuality/nudity.
Distributors:
Warner Bros. Pictures Distribution
Production Co.:
Silver Pictures
Village Roadshow Pictures Entertainment
NPV Entertainment
Studios:
(USA): Warner Bros. Pictures
U.S. Box Office: $69,772,969
Filming Locations:
Oregon, USA
Produced in: United States
Ju-On 2
Ju-On
Cast
(Cast overview, first billed only)
Yûrei Yanagi ... Shunsuke Kobayashi, Toshio's Schoolteacher
Chiaki Kuriyama ... Mizuho Tamura
Hitomi Miwa ... Yuki
Asumi Miwa ... Kanna Murakami
Yoriko Douguchi ... Nakamura (as Yoriko Dôguchi)
Taro Suwa ... Kamio (as Tarô Suwa)
Yuue ... Manami Kobayashi
Takako Fuji ... Kayako Saeki, Takeo's Wife / Toshio's Mother / The Ghost
Takashi Matsuyama ... Takeo Saeki / Kayako's Husband / Toshio's Father
Yumi Yoshiyuki ... Noriko Murakami
Language: Japanese
Subtitles: English
- http://rapidshare.com/files/88678365/Ju-On.part1.rar
- http://rapidshare.com/files/88682551/Ju-On.part2.rar
- http://rapidshare.com/files/88687287/Ju-On.part3.rar
- http://rapidshare.com/files/88692369/Ju-On.part4.rar
- http://rapidshare.com/files/88696346/Ju-On.part5.rar
- http://rapidshare.com/files/88700145/Ju-On.part6.rar
- http://rapidshare.com/files/88704144/Ju-On.part7.rar
- http://rapidshare.com/files/88704954/Ju-On.part8.rar
Passwd: VNV
Gothic (1986)
Gothic (1986)
The year is 1816. A sprawling villa in Switzerland is the setting for a stormy night of madness. On this night of the "Haunted Summer," five famous friends gather around an ancient skull to conjure up their darkest fears. Poets Lord Byron and Percy Shelley, Shelley's fiancée Mary Godwin, Mary's stepsister Claire Clairemont and Byron's friend John Polidori spend a hallucinogenic evening confronting their fears in a frenzy of shocking lunacy. Horrifying visions invade the castle - realizations of Byron's fear of leeches, Shelley's fear of premature burial, Mary's fear of birthing a stillborn child - all brought forth in a bizarre dreamscape. They share the terrifying fantasies that chase them through the castle that night. The events of that night later inspired Mary Shelley to write the classic "Frankenstein" and Dr. Polidori to pen "The Vampyre," which became the basis for the creation of Dracula.
User Rating: 5.3/10 (1,722 votes)
Gabriel Byrne ... Byron
Julian Sands ... Shelley
Natasha Richardson ... Mary Shelley
Myriam Cyr ... Claire Clairmont
Timothy Spall ... Dr. Polidori
- http://rapidshare.com/files/35405424/GoTc.part1.rar
- http://rapidshare.com/files/35411968/GoTc.part2.rar
- http://rapidshare.com/files/35418742/GoTc.part3.rar
- http://rapidshare.com/files/35425758/GoTc.part4.rar
- http://rapidshare.com/files/35432427/GoTc.part5.rar
- http://rapidshare.com/files/35439196/GoTc.part6.rar
- http://rapidshare.com/files/35445931/GoTc.part7.rar
- http://rapidshare.com/files/35448027/GoTc.part8.rar
The Exorcist III (1990)
The Exorcist III (1990)
On the 15th anniversary of the exorcism that claimed the life of a young priest, a nightmarish series of bizarre, religious murders haunts a local police lieutenant.
IMDB Rating: 5.7/10 (4,423 votes)
George C. Scott ... Lt. William 'Bill' Kinderman
Ed Flanders ... Father Joseph Kevin Dyer
Brad Dourif ... The Gemini Killer/James Venamun
Jason Miller ... Patient X (Father Damien Karras)
Nicol Williamson ... Father Paul Morning
- http://rapidshare.com/files/13628484...part1.rar.html
- http://rapidshare.com/files/13628999...part2.rar.html
- http://rapidshare.com/files/13629446...part3.rar.html
- http://rapidshare.com/files/13629979...part4.rar.html
- http://rapidshare.com/files/13630491...part5.rar.html
- http://rapidshare.com/files/13631007...part6.rar.html
- http://rapidshare.com/files/13631505...part7.rar.html
- http://rapidshare.com/files/13631512...part8.rar.html
password: www.forumw.org
Hacking Democracy
Hacking Democracy
Hacking Democracy is the 2006 documentary film by Russell Michaels, Simon Ardizzone, Robert Carrillo Cohen and producer Sarah Teale of Teale-Edwards Productions, shown on HBO. Filmed over three years it documents anomalies and irregularities ith 'e-voting' (electronic voting) systems that occurred during merica's 2000 and 2004 elections, especially in Volusia County, Florida. The film investigates the flawed integrity of electronic voting machines and culminates dramatically in the on camera hacking of the in-use / working election system in Leon County, Florida.
Download
- http://rapidshare.com/files/23815192...hdem.part1.rar
- http://rapidshare.com/files/23818185...hdem.part2.rar
- http://rapidshare.com/files/23823373...hdem.part3.rar
- http://rapidshare.com/files/23825868...hdem.part4.rar
- http://rapidshare.com/files/23829197...hdem.part5.rar
- http://rapidshare.com/files/23831979...hdem.part6.rar
- http://rapidshare.com/files/23834615...hdem.part7.rar
- http://rapidshare.com/files/23835168...hdem.part8.rar
Password: warezdonkey.com
Friday the 13th 1980
Friday the 13th 1980
Download:
Friday.the.13th.1980.DVDRip.XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x95.222KB + SFV
- http://rapidshare.com/files/67410753...1st.part01.rar
- http://rapidshare.com/files/67438181...1st.part02.rar
- http://rapidshare.com/files/67459017...1st.part03.rar
- http://rapidshare.com/files/67475623...1st.part04.rar
- http://rapidshare.com/files/67496851...1st.part05.rar
- http://rapidshare.com/files/67514956...1st.part06.rar
- http://rapidshare.com/files/67526609...1st.part07.rar
- http://rapidshare.com/files/67532374...1st.part08.rar
- http://rapidshare.com/files/67541428...1st.part09.rar
- http://rapidshare.com/files/67560958...1st.part10.rar
- http://rapidshare.com/files/67574059...1st.part11.rar
- http://rapidshare.com/files/67598664...1st.part12.rar
- http://rapidshare.com/files/67623466...1st.part13.rar
- http://rapidshare.com/files/67645237...1st.part14.rar
- http://rapidshare.com/files/67662894...1st.part15.rar
- http://rapidshare.com/files/68299304...cumagh.1st.sfv
Friday the 13th Part II 1981
Friday the 13th Part II 1981
Download:
Friday.the.13th Part.II.1981.DVDRip.XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.43GB
Rar Sizes: 14x102.400KB + 1x76.443KB + SFV
- http://rapidshare.com/files/67102094...2nd.part01.rar
- http://rapidshare.com/files/67107043...2nd.part02.rar
- http://rapidshare.com/files/67113071...2nd.part03.rar
- http://rapidshare.com/files/67119685...2nd.part04.rar
- http://rapidshare.com/files/67125310...2nd.part05.rar
- http://rapidshare.com/files/67137154...2nd.part06.rar
- http://rapidshare.com/files/67250033...2nd.part07.rar
- http://rapidshare.com/files/67307739...2nd.part08.rar
- http://rapidshare.com/files/67314709...2nd.part09.rar
- http://rapidshare.com/files/67324390...2nd.part10.rar
- http://rapidshare.com/files/67332004...2nd.part11.rar
- http://rapidshare.com/files/67340774...2nd.part12.rar
- http://rapidshare.com/files/67352550...2nd.part13.rar
- http://rapidshare.com/files/67369780...2nd.part14.rar
- http://rapidshare.com/files/67382498...2nd.part15.rar
- http://rapidshare.com/files/68299329...cumagh.2nd.sfv
Friday the 13th Part III 1982
Friday the 13th Part III 1982
Download:
Friday.the.13th.Part.III.1982.DVDRip.XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x95.234KB + SFV
- http://rapidshare.com/files/67986636...3rd.part01.rar
- http://rapidshare.com/files/68473959...3rd.part02.rar
- http://rapidshare.com/files/68493050...3rd.part03.rar
- http://rapidshare.com/files/68517550...3rd.part04.rar
- http://rapidshare.com/files/68544462...3rd.part05.rar
- http://rapidshare.com/files/68568505...3rd.part06.rar
- http://rapidshare.com/files/68581949...3rd.part07.rar
- http://rapidshare.com/files/68591895...3rd.part08.rar
- http://rapidshare.com/files/68601247...3rd.part09.rar
- http://rapidshare.com/files/68608849...3rd.part10.rar
- http://rapidshare.com/files/68615473...3rd.part11.rar
- http://rapidshare.com/files/68621952...3rd.part12.rar
- http://rapidshare.com/files/68628205...3rd.part13.rar
- http://rapidshare.com/files/68634333...3rd.part14.rar
- http://rapidshare.com/files/68638981...3rd.part15.rar
- http://rapidshare.com/files/68299338...cumagh.3rd.sfv
Friday the 13th Part IV 1984
Friday the 13th Part IV 1984
Download:
Friday.the.13th.Part.IV.1984.DVDRip.XviD-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.36GB
Rar Sizes: 13x102.400KB + 1x97.162KB + SFV
- http://rapidshare.com/files/68642973...4th.part01.rar
- http://rapidshare.com/files/68647470...4th.part02.rar
- http://rapidshare.com/files/68652355...4th.part03.rar
- http://rapidshare.com/files/68657189...4th.part04.rar
- http://rapidshare.com/files/68661678...4th.part05.rar
- http://rapidshare.com/files/68665751...4th.part06.rar
- http://rapidshare.com/files/68671020...4th.part07.rar
- http://rapidshare.com/files/68675337...4th.part08.rar
- http://rapidshare.com/files/68680373...4th.part09.rar
- http://rapidshare.com/files/68685502...4th.part10.rar
- http://rapidshare.com/files/68690928...4th.part11.rar
- http://rapidshare.com/files/68698626...4th.part12.rar
- http://rapidshare.com/files/68705927...4th.part13.rar
- http://rapidshare.com/files/68712680...4th.part14.rar
- http://rapidshare.com/files/68299355...cumagh.4th.sfv
Friday the 13th Part V A New Beginning 1985
Friday the 13th Part V A New Beginning 1985
Download:
Friday.the.13th.Part.V.A.New.Beginning.1985.DVDRip .XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45 GB
Rar Sizes: 14x102.400KB + 1x95.237KB + SFV
- http://rapidshare.com/files/68842311...5th.part01.rar
- http://rapidshare.com/files/68854010...5th.part02.rar
- http://rapidshare.com/files/68863802...5th.part03.rar
- http://rapidshare.com/files/68872201...5th.part04.rar
- http://rapidshare.com/files/68880730...5th.part05.rar
- http://rapidshare.com/files/68887373...5th.part06.rar
- http://rapidshare.com/files/68891122...5th.part07.rar
- http://rapidshare.com/files/68894383...5th.part08.rar
- http://rapidshare.com/files/68897156...5th.part09.rar
- http://rapidshare.com/files/68900649...5th.part10.rar
- http://rapidshare.com/files/68904471...5th.part11.rar
- http://rapidshare.com/files/68909017...5th.part12.rar
- http://rapidshare.com/files/68913367...5th.part13.rar
- http://rapidshare.com/files/68918497...5th.part14.rar
- http://rapidshare.com/files/68925254...5th.part15.rar
- http://rapidshare.com/files/68299364...cumagh.5th.sfv
Friday the 13th Part VI Jason Lives 1986
Friday the 13th Part VI Jason Lives 1986
Download:
Friday.the.13th.Part.VI.Jason.Lives.1986.DVDRip.Xv iD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x95.191KB + SFV
- http://rapidshare.com/files/68931780...6th.part01.rar
- http://rapidshare.com/files/68939759...6th.part02.rar
- http://rapidshare.com/files/68961240...6th.part03.rar
- http://rapidshare.com/files/68973871...6th.part04.rar
- http://rapidshare.com/files/68985163...6th.part05.rar
- http://rapidshare.com/files/68991793...6th.part06.rar
- http://rapidshare.com/files/68999082...6th.part07.rar
- http://rapidshare.com/files/69007717...6th.part08.rar
- http://rapidshare.com/files/69015209...6th.part09.rar
- http://rapidshare.com/files/69023303...6th.part10.rar
- http://rapidshare.com/files/69031952...6th.part11.rar
- http://rapidshare.com/files/69040448...6th.part12.rar
- http://rapidshare.com/files/69049051...6th.part13.rar
- http://rapidshare.com/files/69057368...6th.part14.rar
- http://rapidshare.com/files/69065244...6th.part15.rar
- http://rapidshare.com/files/68299289/13.cumagh.6th.sfv
Friday the 13th Part VII The New Blood 1988
Friday the 13th Part VII The New Blood 1988
Download:
Code:
Friday.the.13th.Part.VII.The.New.Blood.1988.DVDRip .XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x92.160KB + SFV
- http://rapidshare.com/files/69071947...7th.part01.rar
- http://rapidshare.com/files/69077750...7th.part02.rar
- http://rapidshare.com/files/69083340...7th.part03.rar
- http://rapidshare.com/files/69088948...7th.part04.rar
- http://rapidshare.com/files/69093613...7th.part05.rar
- http://rapidshare.com/files/69099059...7th.part06.rar
- http://rapidshare.com/files/69103944...7th.part07.rar
- http://rapidshare.com/files/69109027...7th.part08.rar
- http://rapidshare.com/files/69113232...7th.part09.rar
- http://rapidshare.com/files/69117094...7th.part10.rar
- http://rapidshare.com/files/69120616...7th.part11.rar
- http://rapidshare.com/files/69124601...7th.part12.rar
- http://rapidshare.com/files/69129288...7th.part13.rar
- http://rapidshare.com/files/69134136...7th.part14.rar
- http://rapidshare.com/files/69138639...7th.part15.rar
- http://rapidshare.com/files/68299384...cumagh.7th.sfv
Friday the 13th Part VIII Jason Takes Manhattan 1989
Friday the 13th Part VIII Jason Takes Manhattan 1989
Download:
Friday.the.13th.Part.VIII.Jason.Takes.Manhattan.19 89.DVDRip.XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x92.127KB + SFV
- http://rapidshare.com/files/69144765...8th.part01.rar
- http://rapidshare.com/files/69149851...8th.part02.rar
- http://rapidshare.com/files/69155608...8th.part03.rar
- http://rapidshare.com/files/69161485...8th.part04.rar
- http://rapidshare.com/files/69167406...8th.part05.rar
- http://rapidshare.com/files/69174090...8th.part06.rar
- http://rapidshare.com/files/69180083...8th.part07.rar
- http://rapidshare.com/files/69186534...8th.part08.rar
- http://rapidshare.com/files/69193899...8th.part09.rar
- http://rapidshare.com/files/69201207...8th.part10.rar
- http://rapidshare.com/files/69209533...8th.part11.rar
- http://rapidshare.com/files/69217576...8th.part12.rar
- http://rapidshare.com/files/69224568...8th.part13.rar
- http://rapidshare.com/files/69234169...8th.part14.rar
- http://rapidshare.com/files/69242079...8th.part15.rar
- http://rapidshare.com/files/68299408...cumagh.8th.sfv
Friday the 13th Part IX Jason Goes Hell 1993
Friday the 13th Part IX Jason Goes Hell 1993
Download:
Friday.the.13th.Part.IX.Jason.Goes.Hell.1993.DVDRi p.XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x96.005KB + SFV
- http://rapidshare.com/files/68720135...9th.part01.rar
- http://rapidshare.com/files/68727963...9th.part02.rar
- http://rapidshare.com/files/68736010...9th.part03.rar
- http://rapidshare.com/files/68744854...9th.part04.rar
- http://rapidshare.com/files/68751923...9th.part05.rar
- http://rapidshare.com/files/68761531...9th.part06.rar
- http://rapidshare.com/files/68770137...9th.part07.rar
- http://rapidshare.com/files/68778089...9th.part08.rar
- http://rapidshare.com/files/68785208...9th.part09.rar
- http://rapidshare.com/files/68792196...9th.part10.rar
- http://rapidshare.com/files/68800309...9th.part11.rar
- http://rapidshare.com/files/68807761...9th.part12.rar
- http://rapidshare.com/files/68815355...9th.part13.rar
- http://rapidshare.com/files/68823714...9th.part14.rar
- http://rapidshare.com/files/68831989...9th.part15.rar
- http://rapidshare.com/files/68299428...cumagh.9th.sfv
Jason X 2001
Jason X 2001
Download:
Jason.X.2001.DVDRip.XviD.AC3-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x92.197KB + SFV
- http://rapidshare.com/files/69250919...n.x.part01.rar
- http://rapidshare.com/files/69259464...n.x.part02.rar
- http://rapidshare.com/files/69267942...n.x.part03.rar
- http://rapidshare.com/files/69275964...n.x.part04.rar
- http://rapidshare.com/files/69283845...n.x.part05.rar
- http://rapidshare.com/files/69291995...n.x.part06.rar
- http://rapidshare.com/files/69299475...n.x.part07.rar
- http://rapidshare.com/files/69306585...n.x.part08.rar
- http://rapidshare.com/files/69313692...n.x.part09.rar
- http://rapidshare.com/files/69320165...n.x.part10.rar
- http://rapidshare.com/files/69326331...n.x.part11.rar
- http://rapidshare.com/files/69331564...n.x.part12.rar
- http://rapidshare.com/files/69359166...n.x.part13.rar
- http://rapidshare.com/files/69354547...n.x.part14.rar
- http://rapidshare.com/files/69363145...n.x.part15.rar
- http://rapidshare.com/files/68299452...rs-jason.x.sfv
Freddy vs Jason 2003
Freddy vs Jason 2003
Uploader: razor_tr
File Type: avi
Size: 1.45GB
Rar Sizes: 14x102.400KB + 1x92.192KB + SFV
- http://rapidshare.com/files/66862803...ddyvsjason.sfv
- http://rapidshare.com/files/66259423...son.part01.rar
- http://rapidshare.com/files/66632234...son.part02.rar
- http://rapidshare.com/files/66638361...son.part03.rar
- http://rapidshare.com/files/66644439...son.part04.rar
- http://rapidshare.com/files/66658983...son.part05.rar
- http://rapidshare.com/files/66674205...son.part06.rar
- http://rapidshare.com/files/66694461...son.part07.rar
- http://rapidshare.com/files/66717122...son.part08.rar
- http://rapidshare.com/files/66739181...son.part09.rar
- http://rapidshare.com/files/66800304...son.part10.rar
- http://rapidshare.com/files/66815018...son.part11.rar
- http://rapidshare.com/files/66831946...son.part12.rar
- http://rapidshare.com/files/66844435...son.part13.rar
- http://rapidshare.com/files/66854029...son.part14.rar
- http://rapidshare.com/files/66862795...son.part15.rar
Friday the 13th From Crystal Lake To Manhattan
Friday the 13th From Crystal Lake To Manhattan
Download:
Friday.the.13th.From.Crystal.Lake.To.Manhattan.DVD Rip.XviD-Sh*tbusters
Uploader: razor_tr
File Type: avi
Size: 1.43GB
Rar Sizes: 14x102.400KB + 1x76.443KB + SFV
- http://rapidshare.com/files/67692612...ras.part01.rar
- http://rapidshare.com/files/67718743...ras.part02.rar
- http://rapidshare.com/files/67735432...ras.part03.rar
- http://rapidshare.com/files/67754954...ras.part04.rar
- http://rapidshare.com/files/67770532...ras.part05.rar
- http://rapidshare.com/files/67791629...ras.part06.rar
- http://rapidshare.com/files/67809122...ras.part07.rar
- http://rapidshare.com/files/67827815...ras.part08.rar
- http://rapidshare.com/files/67852786...ras.part09.rar
- http://rapidshare.com/files/67875073...ras.part10.rar
- http://rapidshare.com/files/67899939...ras.part11.rar
- http://rapidshare.com/files/67923027...ras.part12.rar
- http://rapidshare.com/files/67939841...ras.part13.rar
- http://rapidshare.com/files/67950638...ras.part14.rar
- http://rapidshare.com/files/67970981...ras.part15.rar
A Nightmare on Elm Street (1984)
A Nightmare on Elm Street (1984)
Nancy is having nightmares about a frightening, badly-scarred figure who wears a glove with razor-sharp "finger knives". She soon discovers that her friends are having similar dreams. When the kids begin to die, Nancy realizes that she must stay awake to survive. Uncovering the secret identity of the dream killer and his connection with the children of Elm Street, the girl plots to draw him out into the real world.
User Rating: *******___ 7.2/10 (19,484 votes)
Cast overview, first billed only:
John Saxon .... Lt. Thompson
Ronee Blakley .... Marge Thompson
Heather Langenkamp .... Nancy Thompson
Amanda Wyss .... Tina Gray
Jsu Garcia .... Rod Lane (as Nick Corri)
Johnny Depp .... Glen Lantz
Charles Fleischer .... Dr. King
- http://rapidshare.com/files/983047/N...part1.rar.html
- http://rapidshare.com/files/985305/N...part2.rar.html
- http://rapidshare.com/files/988445/N...part3.rar.html
- http://rapidshare.com/files/992493/N...part4.rar.html
- http://rapidshare.com/files/995751/N...part5.rar.html
- http://rapidshare.com/files/999978/N...part6.rar.html
- http://rapidshare.com/files/1002566/...part7.rar.html
Pass: spazcreations
A Nightmare on Elm Street Part - 3 : Dream Warriors (1987)
A Nightmare on Elm Street Part - 3 : Dream Warriors (1987)
Picking up where the original Nightmare left off, Nancy has grown up and become a psychiatrist specializing in dream therapy. She meets a group of children at a local hospital facing Freddy Krueger, the same demon she once encountered in her sleep. One of them is Kristen, who has the power to draw other people into her dreams. Working with a male doctor assigned to the case, Nancy helps the kids realize their special abilities within the nightmare world. When Freddy captures one of her charges, she leads a rescue attempt into Krueger's domain, in hopes of putting his spirit to rest once and for all.
User Rating: ******____ 5.9/10 (7,563 votes)
Cast overview, first billed only:
Heather Langenkamp .... Nancy Thompson
Craig Wasson .... Dr. Neil Gordon
Patricia Arquette .... Kristen Parker
Robert Englund .... Freddy Krueger
Ken Sagoes .... Roland Kincaid
Rodney Eastman .... Joseph 'Joey' Crusel
Jennifer Rubin .... Taryn White
- http://rapidshare.com/files/1034367/...part1.rar.html
- http://rapidshare.com/files/1039983/...part2.rar.html
- http://rapidshare.com/files/1045015/...part3.rar.html
- http://rapidshare.com/files/1048975/...part4.rar.html
- http://rapidshare.com/files/1053274/...part5.rar.html
- http://rapidshare.com/files/1058874/...part6.rar.html
- http://rapidshare.com/files/1062139/...part7.rar.html
Pass: spazcreations
A Nightmare on elm street Part - IV : The Dream Master (1988)
A Nightmare on elm street Part - IV : The Dream Master (1988)
Following up the previous Nightmare film, dream demon Freddy Krueger is resurrected from his apparent demise, and rapidly tracks down and kills the remainder of the Elm Street kids. However, Kristen (who can draw others into her dreams) wills her special ability to her friend Alice. Alice soon realizes that Freddy is taking advantage of that unknown power to pull a new group of children into his foul domain.
User Rating: 4.9/10
Tuesday Knight ... Kristen Parker
Ken Sagoes ... Roland Kincaid
Rodney Eastman ... Joey Crusel
Lisa Wilcox ... Alice Johnson
Andras Jones ... Rick Johnso
- http://rapidshare.com/files/4973427/...art01.rar.html
- http://rapidshare.com/files/4973445/...art02.rar.html
- http://rapidshare.com/files/4973463/...art03.rar.html
- http://rapidshare.com/files/4973428/...art04.rar.html
- http://rapidshare.com/files/4973447/...art05.rar.html
- http://rapidshare.com/files/4973462/...art06.rar.html
- http://rapidshare.com/files/4973468/...art07.rar.html
- http://rapidshare.com/files/4973407/...art08.rar.html
- http://rapidshare.com/files/4973148/...art09.rar.html
Password: www.djmasr.com
A Nightmare on elm street Part - V : The Dream Child (1989)
A Nightmare on elm street Part - V : The Dream Child (1989)
Alice, having survived the previous installment of the Nightmare series, finds the deadly dreams of Freddy Krueger starting once again. This time, the taunting murderer is striking through the sleeping mind of Alice's unborn child. His intention is to be "born again" into the real world. The only one who can stop Freddy is his dead mother, but can Alice free her spirit in time to save her own son?
User Rating: 4.4/10
Robert Englund ... Freddy Krueger/ Maniac
Lisa Wilcox ... Alice Johnson
Erika Anderson ... Greta Gibson
Valorie Armstrong ... Mrs. Jordan
Michael Ashton ... Gurney Orderly
Beatrice Boepple ... Amanda Kreuger
- http://rapidshare.com/files/15164871...part1.rar.html
- http://rapidshare.com/files/15165327...part2.rar.html
- http://rapidshare.com/files/15165384...part3.rar.html
- http://rapidshare.com/files/15165702...part4.rar.html
- http://rapidshare.com/files/15165773...part5.rar.html
- http://rapidshare.com/files/15166088...part6.rar.html
- http://rapidshare.com/files/15166154...part7.rar.html
- http://rapidshare.com/files/15166145...part8.rar.html
Freddy's Dead Part - VI : The Final nightmare (1991)
Freddy's Dead Part - VI : The Final nightmare (1991)
In part six of the Nightmare on Elm Street series, dream monster Freddy Krueger has finally killed all the children of his hometown, and seeks to escape its confines to hunt fresh prey. To this end, he recruits the aid of his (previously unmentioned) daughter. However, she discovers the demonic origin of her father's powers and meets Dad head-on in a final showdown (originally presented in 3-D).
User Rating: 4.2/10 (6,177 votes)
Cast(Cast overview, first billed only)
Robert Englund ... Freddy Krueger
Lisa Zane ... Maggie Burroughs
Shon Greenblatt ... John Doe
Lezlie Deane ... Tracy
Ricky Dean Logan ... Carlos
Breckin Meyer ... Spencer
Yaphet Kotto ... Doc
Robert Englund ... Freddy Krueger
Lisa Zane ... Maggie Burroughs
Shon Greenblatt ... John Doe
Lezlie Deane ... Tracy
Ricky Dean Logan ... Carlos
Breckin Meyer ... Spencer
Yaphet Kotto ... Doc
Link Download
New Nightmare (1994) Part - VII
New Nightmare (1994) Part - VII
Freddy Krueger, upset that he was killed off in the last "Nightmare on Elm Street" movie, attempts to murder his creators and actors from his previous films.
IMDB Rating: 6.1/10 (6,923 votes)
Heather Langenkamp ... Herself/Nancy Thompson
Robert Englund ... Freddy Krueger/Himself
Miko Hughes ... Dylan Porter
Wes Craven ... Himself
John Saxon ... Himself/Lt. Donald Thompson
Link Download
