Friday, 29 April 2005

Micro$oft ph34r-dowz and it's hidden shares

Try this: open a folder on your desktop and in the address bar, type in the ip address of another machine you have, like so:


It will ask you for a username and password. Type in the username and password for that machine.

Bang! Instant access to that machines root directory. So, if you do a brute force attack you can probably get root on most PCs this way in a relatively short space of time for most machines. Or maybe you'll just lock up their account, preventing them from using it until the administrator unlocks it - either way,you don't want this to happen to your PC!

This 'handy' little feature is deliberately installed by M$ by default and on their wonderfully helpfull website they state:

"Hidden administrative shares that are created by the computer (such as ADMIN$ and C$) can be deleted, but the computer re-creates them after you stop and restart the Server"

So how do you get rid of these blatantly dangerous shares?

A regedit hack seems like the only option.[*1]

But that only gets rid of all but one of your standard shares. IPC$ stays. IPC$ is used for 'Interprocess Communication' (used for server to server comms). See here, here and here why this is bad - most of these article talk about NT, but 2000 and XP were built on top of that and when in doubt - assume the worst.

How do we get rid of this ****ing thing? Goto services and dissable the server service. Also, follow the hints and tips in this article [*2] to dissable netbios over ip (and various other good practices).

Well, hopefully that's made my PC a little more secure until next week when I find another gaping hole in window's so-called security.

You suck Bill.

[*1] There may be certain bits of software that rely on these shares, so it's possible you might one day need to re-insate them temporarily. My advice: if the software relys on that crap, ditch it and get some decent alternative!

[*] Many thanks to John Cesta of server automation tools for providing this list.

Thursday, 28 April 2005

Telemarketers P0Wn3D!

Amercians have the 'do not call list'. In the UK we now have the TPS (Telephone Preferancing Service). What this means:

"Under Government legislation introduced on 1st May 1999 and replaced on 11th December 2003 by the Privacy and Electronic Communications (EC Directive) Regulations 2003, it is unlawful to make unsolicited direct marketing calls to individuals who have indicated that they do not want to receive such calls."

The other day I got yet another call from an 'independant orange headset retailer' - I told them I don't even have an Orange phone anymore and I'm allredy registered with the TPS - so what they're doing is illegal. The guy tuts and goes 'whatever' and the f***er hangs up on me! So, naturally I complained to the TPS and now they're could be facing a 5k fine. Suck on that 'independant Orange phone sepcialists'! How do you like them apples?

They're also providing a similar service for mail, although I don't think there's any laws passed about junkmail just yet - but it could be on the cards. Think of all the trees and CDs that could be saved if AOL was unable to send unsolicited coffee coasters (signup CDs) to everyone by post.

How can these credit card companies keep a straight face when they show those 'identity theft' adverts when they mass-mail pre-approved credit card application forms to random addresses? S***, half the time it's for someone who no longer lives a that address. Personally, I allways shred the application then post it using the business reply envelope, taped to a brick and all the other junk mail I've recieved and then post it back to them.

If no idiots actually replied to this s***, then companies wouldn't stoop to these crappy tactics.

Thursday, 21 April 2005

Network Security Tools

Pretty extensive list full of some very usefull tools:

Top 75 Network Security Tools

Wednesday, 13 April 2005

War driving with a difference

Wireless keyboard security issues.

I wonder how long it will be before someone captures somebody's password this way? How hard can it be - just open a text editor, rig a wireless keyboard reciever up to your laptop and sit within 100 meters of someones PC for a while?

Think I'll stick with my boring old wired keyboard (that doesn't broadcast my internet banking password), thanks!

Friday, 8 April 2005

What your IP address or domain name tells people about you

Be aware that you're not completely anonymous on the Internet. A good rule of thumb is, never do anything on the net that you wouldn't have the balls to do in real life.

You (or rather your ISP) get addresses from an RIR. You can find a list of them here. These sites always provide a 'who is' link somewhere which allows you to search for an ip address and gives you registration information.

For instance, go here and type in ''. You'll see that this range ( - is goggle's but look what else you've got, their address and what looks like their telephone number for technical support. This sort of information is very useful to social engineers because it often gives the company web site, administrator name and email and telephone number.

If someone does a portscan on my network, my firewall will tell me. I can get their IP address, from my firewall logs or via DOS's netstat command (which shows who's connected to the PC). Odds are it won't list your phone number and address in the 'who is' search results, unless you're a large business but it will tell me who your ISP is. The IP address, together with your ISP gives me some clues about your location.

It might be possible to social engineer your name and/or address from an ISP by just ringing them up but it might be easier just to attempt to break into one of your machines, either the IP address you spotted, or one in the range given to you by your ISP (which I expect are almost always contiguous). I can also do a trace-route to that IP address to find out the IP of your router/firewall and begin foot-printing that to see if I can break in. Once I'm in to your network, I'd be looking for documents with your address on them. This is definitely not legal and I don't suggest anyone tries it - I wouldn't!

Incidentally, you shouldn't really ring up to report any old script kiddy attack though, use email if you're sure its worth it and not just background traffic or some AOL user's viruses looking for other vulnerable machines. If you know for sure that someone's trying to hack you and it's ongoing, ring up their ISP and get them to give them a smacking instead.

Sometimes people conceal their IP address with proxies and/or fake it when port-scanning to one of the reserved ip addresses (so they can't even be followed back to the proxy) but this is something for another article.

Web site name registrations (domain name registrations) tend to offer even more information. These registrations tell the DNS servers (Domain name servers) all over the world what IP address to map to what web site.

It's always best to register your domain privately especially if it might offend people (so your domain registration company keeps your details hidden - except from Big Brother of course). Certain domain hosting companies will do this for you, while others don't seem to care and list your full details for any 'who is' search! Type in a few web sites to the search box on say, this domain registration site and click on the 'who is' bit and you'll see.

Queue Jay and Silent Bob to print the authors details out, come around to their house and get medieval on their a$$!

Try here for more 'who is' search tools.

Tuesday, 5 April 2005

Party policies summary

There's a useful page on the BBC news site to summarise party polices.

I've read through this and it's helped me make my decision about who to vote for in the next UK election. Some of the things here made me laugh though:

"Stand by Iraq war - even if weapons intelligence was wrong, Saddam flouted UN resolutions"
"university top-up fees up to £3,000, with grants for poorest students"

Ha! Flouting UN resolutions is an excuse for war is it? Then we'd better invade America because all Bush ever does is flout resolutions! Idiots. Good luck getting the student vote Tony, telling them that they need to pay 3k a year.

Why the hell do the conservatives want to 'oppose postal voting'? - w**kers. I hope that those fascist bastards don't get in. I'd vote Labour if I thought they weren't just a more efficient version of the Conservative party instead of actually being socialists like they claimed to be. Besides, I don't want that grinning git Tony to get in again and let us be ruled by proxy from America for the next 5 years.

I'm quite impressed by some of the ideas that the Lib Dems have come up with though:
"Replace council tax with a local income tax"
"Raise stamp duty threshold to £150,000 to help first-time buyers."
"50% tax rate on earnings over £100,000 a year"
"Replace fuel tax/VED with national road user charging"
"no GM crops without strict controls"
"written Constitution"
"want only judges to imprison terror suspects"

I especially like the idea of scrapping council tax and replacing it with local income tax. When you run the rat race all your life, surely after you retire and stop earning money you shouldn't have to pay tax on your home - that's just plain f***ing wrong.

The biggest (and most convincing) argument against the Lib Dems I've heard to date is that it will simply cost us too much but I think the 50% tax on the rich should sort that out. What's the alternative? Labour and Conservative parties have been f***ing us over for the past three decades and like typical British people, we keep on taking it.

Monday, 4 April 2005

Anti-spam email account

Will Hack For Food! - Free Temporary Email Accounts

Handy tool for when you need to hand out an email address that you only want to work for a short while (until you've recieved a website account activation email, for instance). Later on the account just vanishes, so you don't have to worry about spam.

Provided by StankDawg at BinRev.