Hacking net

DOBRODOŠLI,

Nemam nameru da Vas ohrabrujem u izvršavanju ilegalnih aktivnost, već da Vam ukažem kako da budete konstruktivni u hakovanju; Za početak, hajde da proverimo da li je Vaš racunar zaštićen:
Ukoliko vidite sadržaj sa Vašeg hard diska, znači da ga mogu videti i drugi po čijim sajtovima surfujete. Zapitajte se onda, šta uopste trazite na internetu (viruse, trojance, crve, dialere, bho's ili malicioyne skripte možda?!) Savet: instalirajte firewall obavezno! Ako je polje blanko nemojte se sekirati, ali znajte da je 100% portovska zašticenost samo na hardwerskim firewallovima. Rupe se u softwerskim iznalaze svaki dan. Zbog toga stalno treba updateovati tj. osvežavati antivirusne programe, firewall (zaštitni zid), spy blokere... Da pređemo na stvar:

Uvod
Ovim želim da opišem metode i strategije koje se koriste da bi se pristopilo raznim *NIX sistemima širom interneta bez ovlašćenja za tako nešto. Ovo neće da vas nauči kako da hakujete niti treba da budete haker da bi ste koristili ovo sto ovde procitate, hakovanje podrazumeva mnogo siri spektar tj. da bi ste bili haker morate pronaci svoje metode i nacine, ali nikako da to radite iz destruktivnih povoda. Lako je biti destruktivan, ali je mnogo teze biti kreativan i stvoriti nesto vredno. Ako vam padne na pamet recimo da obrisete ovaj sajt na kome ste sada zapitajte se samo zasto bi ste to uradili ? Koliko je meni vremena trebalo da sve to stvorim i zasto sam to radio ? Ja ovo radim samo zbog drugig i nemam nista od ovoga. Zapitajte se i za mnogo druge sajtove zasto bi ste nesto obrisali ili defaceovali ? Destruktivnost vodi u anarhiju i propast. Jedno je slobodan pristup podacima i informacijama a drugo cisto destruktivni povodi i potraga za nekom "slavom" koju mozete steci brisanjem necega. Autor ovog teksta nikada u zivoti nije obrisao neku masinu niti bilo koji fajl na njoj. Priznajem radio sam neke lose stvari nekoliko puta ali sve je to bilo iz nekih "patriotskih" razloga i nemogucnosti da bilo sta drugo uradim protiv onih koji su meni licno i mojoj zemlji naneli zlo. Sada se gorko kajem zbog toga, i mislim da nije bilo u redu na silu uzvracati silom. To je tek krajnje resenje. No vratimo se temi, sada cu vam opisati neke od metoda kako "hakovati". Pre toga samo josh jedna stvar.
Svakako morate imati neki *NIX instaliran kod kuce. WINDOWS NIKAKO NE DOLAZI U OBZIR. Ne zelim da zalazim u detalje, ali u svakom slucaju uzmite neku Linux distribuciju ili Net/Open/FreeBSD jer su oni POSIX kompatibilni, odgovaraju kucnim PCima, i vecinu mreznih alatki ce te moci kompajlirati na njima. U kolko koristite Linux nemojte koristiti RedHat, SuSE ili Mandrake osim ako znate kako da ih zastitite.

Osnovna znanja
Steknite iskustvo u radi sa nekim od komandi, koristite "man" komandu (jedan moj prijatelj je izjavio da se u man stranicama nalazi svo znanje ovog sveta }:D ), i radite sa njima dok ih ne budete savladali u potpunosti. Predlazem da za pocetak naucite sve o sledecim komandama:
awk cat chmod dd grep gzip kill ln finger ls mail mknod more mount ping ps sed who sort tar ifconfig ipchains last head tail gcc cut find ftp less vim nc (netcat) iptablesrcp xhost xterm syslogd inetd telnet ssh finger ... cat
Morate biti sigurni da niko nemoze kompromitovati vas komp. Za pocetak pogledajte security sajtove da bi ste bili sigurni da daemoni (servisi) koji su vam otvoreni nisu exploitable. Moj predlog je da sve sto vam netreba ili neznate sta je i ne podizete. inetd po mom misljenju mozete odmah iskljuciti, rpc servisi vam nisu svakao potrebni ako ste pocetnik, sshd vam netreba jer je moj predlog da nikako ne otvarate naloge drugima na svojoj masini, a sve sto ostane otvoreno stavite pod firewall i razmislite dobro odakle ce moci sve da se pristupi njima. Idealno bi bilo da nema nikakvih servisa otvorenih ako vam nisu potrebni. Dok "napadate" druge hostove bilo bi dobro da su svi servisi zatvoreni (moj predlog je da to NIKAKO ne radite sa svoje masine, ali ma koliko ja to pricao drugima, ljudi i dalje prave gluposti sa svojih kucnih racunara i ne zele da me poslusaju (nadjite se u ovome ko ste };> )). Razmislite takodje o enkripciji nekih direktorijuma ili celih particija, i kriptujte mailove i fajlove koje prebacujete PGPom.

Nalog
Za vase "aktivnosti" naravno potreban vam je nalog kod nekog od lokalnih provajdera. Kao sto rekoh, razmislite o tome da nikakve nelegalne radnje ne radite od svoje kuce, i u tom slucaju vam je potreban neki brz Linux ili bsd shell i za to nemojte koristiti shell accounte kod vaseg provajdera niti neke eggdrop, bnc, shellove koje ce te otvoriti na svoje ime. U koliko koristite vas akademski nalog pogledajte prvo da li administrator proverava vase aktivnosti (Autor ovoga je na "pocetku svoje karijere" imao problema sa administratorom koji je proveravao svaku komandu koju kucam i konstantno sniffao svoje korisnike). U koliko koristite svoju masinu, bilo bi dobro da nalog koji koristite ne glasi na vase ime, a takodje da kod vaseg provajdera ne ostaje vas broj telefona. U koliko ste na nekoj prastaroj centrali (Autor ovoga je bio godinama na centrali koju su nemci zaboravili da ponesu tokom povlacenja u drugom svetskom ratu i na takvim centralama ni teoretski nije moguce pronaci broj sa koga ste zvali, jedino se moze doci do vase centrale) nemate za sta da brinete, a u koliko ste digitalizovani (gle, gle i to se desava u danasnje vreme ? Izgleda da sada samo nekih 50 godina zaostajemo za svetom ? }:D ) raspitajte se o vasoj lokalnoj centrali i nacinu da zovete anonymousli. NIKADA nemojte da ostavljate vas broj telefona kod vaseg provajdera u koliko ste sa tog naloga radili nesto nelegalno. Ako koristite dialup nalog nemojte koristiti neke provajdere koji koriste transparentne proxyje ili network monitore (squid etc etc). Pogledajte traceroute vaseg provajdera i proverite njihove rutere da li koriste NIDS (Intrusion Detection), network monitore, proxyje ili bilo sta sta vam se ucini neobicnim. U slucaju da neznate to da uradite pustite nekoga sa vishe iskustva da to uradi za vas.

Scaning
U koliko ste procitali sve gore navedeno i pridrzavate se toga mozemo poceti sa vasim "obrazovanjem". Pre svega da bi ste dosli do neke masine, morate skenirati internet i naci neke pogodne. Odakle ce te skenirati je na vama. Moj predlog je da nikako to ne radite od svoje kuce. U koliko to radite koristite tudje naloge (nikako na svoje ime) i nemojte ostavljati vas telefon provajderu. U koliko to uradite mozete ocekivati telefonski poziv nekog operatera ISP-a i gomilu optuzbi i pitanja. Razmislite jeste li spremni na tako nesto i zelite li da to dozivite ? Moze doci cak i do neke tuzbe pa zato, bolje poslusajte moj savet i nikako to od kuce ne radite. Ako to radite predlazem da koristite SOCKS, WinGate... servere, ali oni vam cesto mogu pruzati lazan osecaj sigurnosti. NIKADA nemojte koristiti javne servere. Cesto su takvi javni Proxy serveri cij spisak mozete pronaci na internetu podignuti namerno i loguju svaku vasu aktivnost i vas IP. Idealno bi bilo da koristite neku masinu na kojoj imate root access i punu kontrolu i na kojoj ste iskljucili svo logovanje. Najbolje bi bilo da koristite makar josh jednu masinu izmedju vas i nje kako bi ostavili sto manje tragova. Na krajnjoj masini postavite bnc, datapipe, ssl, Proxy, SOCKS/WinGate i sve ostalo preko cega ce te ici i nemojte zaboraviti da iskljucite logovanje. Sve ovo je zbog vase sigurnosti. Sada predjimo na samo skeniranje. Potrazite neki skener koji vam odgovara (ima ih zaista mnogo publishovanih na netu). Moj predlog je da ne koristitite polu-otvorene (SYN) skenere ako skenirate samo jednu masinu. Cesto daemoni pri SYN skeniranju javljaju poruke tipa "warning: can't get client address: Connection reset by peer" i onda je neko verovatno podigao sniffer, tcplogd, ili nesto slicno i vidi ko ih je skenirao. Ako ste se pridrzavali gore navedenog i ne radite to sa svog IP-a onda ne bi trebalo da bude problema. Moze doci do zalbe na IP sa koga ste skenirali i povecane kontrole nad tom masinom. Moj savet je da posle svakog skeniranja promenite lokaciju i sledeci put to radite sa druge masine. Dakle SYN scan nije bash najbezbedniji, ali pri masovnom skeniranju ga preporucujum. Moj predlog je da koristite synscan (by psychoid+[dor]) jer je definitivno najbrzi i jednu A klasu mozete preskenirati za nekih 40 minuta u proseku (to se odnosi na verzije >1.9). Posle takvog skeniranja, nemojte vishe koristiti tu masinu jer ce sigurno biti prituzbi i admin ce obratiti paznju. Josh nesto, pazite kako koristite synscan jer masine sa slabim linkovima moze ubiti. Zato postavite veci time pa smanjujte dok ne vidite da je u redu i da je masina ziva. U koliko skenirate odredjenu masinu a ne celu A klasu predlazem da SYN skeniranje zaboravite i koristite NUL (tcp paketi bez ikakvih flagova), XMAS (ack/rst/syn probe) ili Maimon skenove. U koliko koristite connect() skenere predlazem da uzmete lscan, i njime uzmete version info. Pa toliko o nacinu skeniranja, vi odaberite pravi, a sada da kazem nesto o samom toku skeniranja. U toku skeniranja predlazem da ubijete sve servise koji rade na masini sa koje skenirate, i postavite firewall tako da se filtriraju svi ulazni paketi. Ovo ce naterati skenirane hostove da pomisle da je scan bio spoofan i da nemaju sta da traze na vasem IP-u. Verujte mi cesto su admini paranoicni i reaguju na svaki scan, pa odmah proveravaju ko ih to skenira. Jednostavno zatvorite sve i resili ste jedan deo problema. Predlazem da u toku skeniranja zatvorite inetd (identd, finger, ftp, telnet...), sav dolazni TCP connection request (man iptables, man ipchains, man ipfwadm (zavisno od distribucije)), ICMP (timestamping, echo reply, query) (ICMP tipovi 8/13/15/17) i UDP traceroute zahteve (portovi u rasponu 33400-33500). Takodje znajte da je DENY bolji od REJECT koji ce poslati ICMP unreach packet nazad umesto da totalno ignorise. Josh nesto sto je veoma vazno a zaboravio sam da kazem je da koristite non-sequential skeniranje da bi ste izbegli IDS ili NIDS koji su cesto instalirani na ruterima i gatewayima i proveravaju sav neobican saobracaj na odredjenim portovima. U koliko skenirate recimo 1.1.1.1, 1.1.1.2 .. 1.1.1.255, 1.1.2.1 itd. IDS ce detektovati da skenirate 1.1 B klasu i prijaviti to. Umesto toga je najbolje da skenirate recimo 1.1.1.1, 1.1.2.1 .. 1.1.255.1, 1.1.1.2. Nadam se da ste shvatili poentu }:D. Sada dolazimo do pitanja sta da skeniram ? Mnogi cesto prave gresku i odmah krenu da skeniraju masine tipa cnn.com whitehouse.com, nasa.gov army.mil navi.gov i slicne sajtove. Nemojte pravite takve greske jer se te masine veoma dobro nadgledaju i na pocetku krenite sa nekim manje poznatim i sigurnim klasama. Ako ste pocetnik (a takvima je ovaj tekst i namenjen) odmah ce te se razocarati jer niste uspeli. Najbolje skenirajte neke A ili B klase koje nisu tako mnogo obezbedjene. Mozete recimo dobiti neke osnovne informacije pomocu whois komande. Recimo ako zelite da skenirate 192.168.*.* i zelite da znate ko poseduje taj IP blok uradite whois -h whois.arin.net 192.168.0.0 ili whois 192.168.0.0@whois.arin.net i dobicete neke osnovne podatke o tom IP bloku. Ako vam arin.net ne vrati nikakve informacije onda nemojte skenirati taj blok, jer joh nije nikome dodeljen. Evo nekih primera koje arin.net moze vratiti:
Maintained by RIPE.NET = European (no, uk, ch, at, de, se, dk, etc.)
Maintained by APNIC.NET = Asian (id, kr, za, ee, tr, li, kh, etc.)
Maintained by NIC.xxx = Belonging to country xxx
Moj savet je da posle skeniranja NIKADA ne brisete logove. U koliko mislite da ste ste zavrsli sa tom klasom i da vam netrebaju vishe ti logovi, prevarili ste se. Novi security problemi sa tim daemonom ce se pojaviti pre ili kasnije i onda ce te morati opet da skenirate. To ce vam oduzeti previse vremena i zato sacuvajte sve te logove. Tacno je da se masine cesto reinstaliraju i da posle godinu dana recimo pola iz tog loga nece biti vishe tacno, ali ipak, moj savet je da sacuvate logove. Lepo ih gzipujte i kriptujte pa sacuvajte logove. Moje iskustvo je da su specijalizovani serveri koji proveravaju ranjivost nekog daemona prava glupost i jednostavno vam netrebaju. Jednostavno koristite vas omiljeni skener pa nakon toga koristite grep i awk komandu da bi ste dobili zeljene informacije. Recimo da log vaseg skenera izgleda "(IP) (Verzija daemona)", a skenirali ste za verziju ftpd-a, uradite samo: "grep wu-2.6.2 1.0.0.0.21.log | awk '{print $1}' > IPZ" i u fajlu IPZ ce se nalaziti IPovi ftpd-a cija je verzija wu-2.6.2 i koje mozete busiti. U nekim slucajevima ipak, morate koristiti specijalizovane skenere za daemone. Recimo u wu-ftpdu morate imati anonymous access i morate nakon gore opisanog probati imate li ga. Takodje nekada morate koristiti i rpcinfo komandu (man rpcinfo).

Rootovanje
Posto je ovo tekst koji je namenjen scrip-kidysima nemam namere da objasnjavam kako napraviti exploit za neki daemon za koji je pronadjen vulnerabiliti. Mozete na netu pronaci mnogo public exploita i koristiti ih. Jednostavno use the google luck }:D (make the google be with you sto bi rekao jedan moj prijatelj). U slucaju da ste pronasli odgovarajuci exploit i da ste obavili skeniranje za tu rupu mozemo preci na stvar. Cesto me pitaju kako se ovo koristi ? Cemu ovo sluzi ? i slicna pitanja (nadjite se u tome };> ) i molim vas, idite igrajte counter strike bolje nego da gubim vreme sa vama. Razumem da je neko poceo da pise neki exploit i da mu treba moja pomoc, to je sasvim u redu i mozete mi se uvek obratiti oko toga, sa zadovoljstvom cu vam pomoci, ali ako ste dobili od nekoga vec sve gotovo, nemojte me pitati kako se to koristi. U glavnom u headeru sourcea pise kako se koristi pa pogledajte. Ako slucajno ne pise pogledajte malo source i sami dodjite do toga. Posto smo naucili sve o skeniranju i obavili ste to, nasli ste neki remote exploit i uspesno ste usli na neki *NIX pitate se sigurno a sta sada da radim ?

Šta sad
Recimo usli ste na sistem. Dobili ste root shell. Sta ce te raditi? Moj predlog je da prodjete kroz 4 osnovna koraka.
1. Uklonite sve tragove da ste uopste bili na sistemu,
Prvo i osnovno je da uradite "unset HISTFILE". Mnogi pocetnici prave gresku i zaborave da to urade. Cesto ostaju fajlovi tipa .bash_history (u koliko dobijete bash shell), zato obavezno neka vam prva komanda bude "unset HISTFILE". Sledeca je da vidite aktivne procese na masini. Druga komanda neka vam bude "ps -ax" ili "ps -edf" (na solarisu) ili kako god. Ovaj put cu pricati o linuxu i njegovim pathovima i komandama, a male su razlike na ostalim *NIX sistemima. Pogledajte procese koji su aktivni na masini i uverite se da nije dignut neki sniffer, tcpdump ili nesto slicno. U koliko je podignut obavezno obrisite vase logove koje je on ostavio. Treca stvar je da pogledate koga ima na masini i da li je aktivan, takodje sta radi (w, who, finger ...). U koliko je root ulogovan i idle mu je mali bolje je da pozurite i sto pre ocistite logove, postavite backdoor i kasnije se vratite. Nakon toga pogledajte kako je /etc/syslogd.conf podesen, i da li logovi ostaju na toj masini ili se vrsi logovanje na nekoj drugoj (man syslog.conf). Ako je na drugoj imate mali problem sa logovima koji su ostali iza vas, pa se nadam da mozete uci i na tu drugu masinu }:D. Nakon toga predjite u /var/log (sve zavisi od sistema) i obrisite jednostavno logove o vasem upadu. NIKADA nemojte jednostavno kopirati recimo messages.1 u messages niti obrisati ceo fajl. Ako je administrator masine obazriv videce da su to stari logovi ili da nema log fajla. Editujte messages, secure i ostale fajlove i izbrisite tragove upada. Ako ste na masinu usli kao nobody, apache ili neki drugi user i u localu uzeli root access onda proverite da nije ostalo nekih tragova u lastlogu. Uradite last -10 recimo i pogledajte da nije nesto ostalo. Ako jeste koristite neki wtmp, utmp, lastlog editor i sredite djubre za vama }:D.
2. Dodjite do nekih osnovnih informacijama o masini na kojoj ste
Kada udjete uradite "uname -a", w, last -50, less /etc/passwd, less /etc/inetd.conf ... i informisite se o masini na kojoj ste. Pogledajte koliko ima usera, koliko se cesto loguju, pogledajte recimo /root/.bash_history i informisite se o komandama koje root najcesce koristi, pogledajte i .bash_history usera koji administrira masinu, njegove mailove mozete pogledati (nemojte NIKADA citati licne mailove, samo pogledajte da li prati recimo bugtraq, vuln-dev i ostale mailing liste, koliko je informisan o securityu i ostalo ali nije moralno citati privatne mailove). Dakle osnovno je videti koliko usera ima na masini (/etc/passwd), koliko se cesto koristi ta masina i za sta se koristi, koliko je root obazriv, a pogledajte i da li je masina vec backdoorovana (cesto se desava da je neko vec na masini) pa ocistite njegove backdoorove...
3. Ostavite vas backdoor da se mozete vratiti opet,
Osnovna stvar je da NE DIRATE KONFIGURACIONE FAJLOVE. Nemojte ostavljati neke backdoorove tipa user u passwd fajlu sa UID 0 ili nesto slicno. I najgluplji administrator (video sam mnogo bisera od administratora i prosto se divim stupidnosti takvih ljudi }:D, cesto su to administratori nekih vecih sistema (narocito u nasoj zemlji) i covek se zapita kako su oni uopste dobili posao?) ce to videti i provaliti da je neko na masini. Takodje nemojte da pravite gluposti time sto ce te otvoriti root shell na nekom portu. Nemojte se igrati sa inetd.conf i otvarati rootshell tako. Previshe je glupo sa vase strane ako ostavite masinu sa otvorenim rootshellom na nekom portu. Mnogi skeniraju masine, i uci ce na "vasu teritoriju" bez ikakvih problema i zahvaljujuci vasoj stupidnosti. Takodje moram vam reci da prva stvar koju ce neki srednje ozbiljan administrator da uradi, je da pogleda /bin/login za trojancima, pa nemojte praviti gluposti i ostavljati takve backdoorove. Najbolje je da svoj backdoor, ako vec tako ostavljate ostavite umesto nekog daemona koji niko ne koristi. Pogledajte inetd.conf i vidite koji se daemoni startuju preko njega. Recimo ako je startovan talkd (retko ko ga koristi) mozete ubaciti vas backdoor umesti in.talkd i restartovati inetd (Ne zaboravite da obrisete iz logova podatke o restartovanju inetd-a). Nakon toga kada zelite da se konektujete na vash backdoor jednostavno uradite talk root@0wned.host.com i inetd ce podici vash backdoor. To je jedan od nacina, ali je dosta lame. Postoji dosta backdoorova po netu (a najbolje je da napravite nesto svoje), koje mozete koristiti. Recimo mozete staviti vas sopstveni icmp backdoor, i na osnovu icmp pakea otvorice vam se backdoor ili ne. Ako koristite TCP backdoor obavezno koristite portove >10000. Bolje je koristiti ICMP, UDP ili neke neobicne backdoorove tipa raw IP.U svakom slucaju sve zavisi od administratora masine, sto je on stupidniji to stupidniji backdoor mozete koristiti. Najbolje je imati vishe backdoorova i u slucaju da jedan bude pronadjen uvek imate keca iz rukava }:D. Moj predlog je takodje da editujete malo daemone koji se koriste na masini i tako ostavite sebi backdoor. Na primer mozete editovati source od pop3 daemona i sa veoma malo promene to ce funkcionisati. Nesto tipa if user=blockout daj mi rootshell else nastavi sa normalnim radom. Nakon toga samo zamenite binari pop3d i eto vaseg backdoora }:D. Naravno na svakom backdooru koristite password. Nikada nemojte praviti backdoor bez ikakvog passworda, i uvek password neka bude veci od 8 karaktera. Takodje mozete dodati u vash backdoor i neke komande koje ce te prvo kucati tipa unset HISTFILE;w;uname -a... Naravno sve zavisi od admina do admina, neki su obazrivi i pridaju paznju securityu a neki se osecaju bezbedno i ne gledaju sta se desava na njihovoj masini. Vecina njih je stupidna (po mom misljenju) i cak ne vide da je neki file menjan u skorije vreme. Eh da, svaki fajl koji ostaje za vama neka bude time stamped, tj. promenite mu vreme kreiranja (man touch). Recimo mozete uraditi touch -acmr /bin/bash /putanja/do/vaseg/fajla. Ako je obazriv admin onda prepravite md5sum binary i ostalo tako da nemoze pronaci vase stvari na osnovu chksum. Medjutim sve je na vama, i tu dolazi do izrazaja vasa kreativnost i masta }:D
4. Disableujte ranjivi daemon, ili ga patchujte
Ako ste usli na neku masinu, onda moze i bilo ko drugi, zato je najbolje da disableujete taj deamon (ako se ne koristi) ili ga patchujete. Moj savet je da nakon patchovanja (u slucaju da mora da se promeni verzija i nema drugog nacina da se patchuje) prepravite binari i napisete u njemu verziju koja je bila umesto prave verzije. Nemojte patchovati stvari i stavljati nove a vidi se da mu je promenjena verzija. U slucaju da patchujete sshd recimo postoje stvari na koje morate obracati paznju, recimo host_key i ostalo i bice ocigledno da je neko nesto brljao. Ako se daemon ne koristi jednostavno da ugasite ili napunite nulama. Takodje mozete ga staviti pod firewall i time ce te resiti problem (naravno pod uslovom da neki firewall vec postoji i da se nalazi u rc skriptama). Moj savet je da kada imate neku masinu ostavite neki nacin da je redovno patchujete za nove rupe. Vremenom imacete sve vishe i vishe masina i jako je teko svaku posebno stititi. Najbolje je da su sve medjusobno povezane i sve same sebe patchuju preko jedne jedine komande koju ce te uraditi na hubu. Ali rekoh, masta je cudo i sami smislite sta ce te raditi i kako, ali potrudite se da sebi olaksate zivot i sve sto moze automatizujete.

Šta raditi sa mašinama
Sta ce te raditi sa masinama koje imate, to je na vama. Moj savet je da NIKADA ne radite deface. To je najgluplje sto mozete uraditi. Potrudite se da uvek ostanete "nevidljivi" za admina i da nikada ne primeti vase prisustvo. Nemojte NIKADA ozbiljno ostetiti sistem ako ne morate to da uradite (a verujte mi nikada to nije potrebno), nemojte menjati binarije fajlova koji se cesto koriste, daemone, nemojte brisati vitalne sistemske fajlove niti ih menjati i nemojte NIKADA brisati neke dokumente na kojima neko radi. Sve to je tako debilno sa vase strane, ako uradite, i pokazuje vasu (ne)inteligenciju. Obrisati neciji projekat na kome je radio mesecima (mozda i godinama) je za svaku kritiku. Nemojte ni raditi stvari tipa ping -s 1024 =f moj.neprijatelj.com, jer je samo pitanje vremena kada ce vas administrator videti. Sigurno ce se neko zaliti u koliko budete uporni sa vasim (ne)delima. U koliko izgubite masinu, veoma je malo verovatnoce da ce te se opet vratiti jer ce administrator postaviti extremnu sigurnost i podici gomilu snifera, staviti tripwire i ko zna sta sve ne. Zato bolje nemojte ni pokusavati da povratite jednom izgubljenu masinu jer je tada oprez administratora ogroman, i on postaje jako paranoican. Vremenom imacete toliko masina da necete znati sta da radite sa njima i izgubicete se po vasim spiskovima. Kao sto rekoh, budite kreativni i linkujte ih medjusobno. Moj savet je da pogledate source od stacheldrahta i napravite nesto slicno kako bi imali kontrolu nad svim masinama sa jednog jedinog HUBa. Pricao sam o patchovanju masina, i to je veoma pametno da uradite da bi sa huba jednom komandom mogli da patchujete hiljade masina i time osigurate da budu samo vase (i mozda od legalnog admina ?). Preko huba mozete reci odredjenoj masini da skenira neku novu klasu i salje vam logove na neki anonymous mail, da recimo po jedna masina skenira odredjenu A klasu i od jednom za sat vremena imate log sa celog interneta ? Moj predlog je da to ne radite preko eggdropa i slicnih stvari. Vas problem je sto niko neku takvu stvar nece nikada pustiti public tako da morate sesti i napraviti sami sve to. Nemojte da me pitate kako, ili nedaj boze da vam ja to uradim, ne pada mi na pamet }:D Eh da, nemojte da taj HUB ima u sebi nesto kao stacheldraht, nemojte praviti DOSnete, ali ako ih ipak napravite nemojte ih koristiti ako zaista ne morate. Glupo je napraviti dosnet od 1000 masina i njime gadjati recimo www.fbi.com jer ce te time samo dobiti neprijatelje (jako mocne) i pitanje je vremena kada ce te zavrsiti na nekom sajtu tipa www.free-tvoje-ime.org. Verujte necu potpisati peticiju za vase oslobadjanje iz zatvora }:D Eh da, kada sam rekao skeniranje interneta mozda bi mogli da sa huba kazete da skeniraju ISP blockove u potrazi za NETBus, backorifice sub7 i slicnim glupostima, ulaze na njih i salju vam podatke o takvim ljudima ? Mozda da provere mail takvih windows masina i provere da nisu slucajno teroristicke ? Hmmm a onda posalju kompletan sadrzaj hard diska vama ? Cek, cek zar to nije posao vlade sjedinjenih drzava ???

Nemoj
Znam, previshe sam nabrojao stvari koje ne trebate da uradite, ali bolje je da saslusate moje predloge. Eh da, nemojte da ste kreten i ulazite u neke IRC ratove, uzimate kanale, pokusavate da se dokazete ko ste i sta ste. Sta ce vam takvi problemi ? Ubiti celog provajdera da bi ste uzeli neki kanal ? Zar to nije malo nemoralno ? Ehhh, spomenuo sam teroriste, mozete tako upasti na neki spisak "teroristickih organizacija" ? }:DDDD Znam, znam, reci ce te nesto tipa "Ali, on me je kikovao sa kanala ?" Pa zar je to razlog da nastrada pored toga ko vas je kikovao josh hiljade ljudi koji koriste taj link ? Verujte, bio sam i ja "mlad i naivan" sto bi neki rekli i radio sam takve stvari pa vam ovo pricam iz iskustva. Nemojte sebi praviti problema bez nekih potreba. Kada sam vec kod IRC-a moram reci da njega trebate shvatiti kao nesto gde mozete pricati sa drugim ljudima slicnim sebi, ma gde se oni nalazili i razmenjivati iskustva i znanje sa njima. To nije nesto gde se trebate dokazivati, dokazujte se kroz nesto kreativno a ne kroz destruktivne stvari. Niko vas nece prihvatiti samo zbog toga sto ste u stanju da ostavite citavu jednu drzavu bez interneta, to moze svaki script-kidy koji ulozi dovoljno vremena u to. Takvima je ovaj tekst i namenjen, jer ovde nema puno podataka o tome kako nesto napraviti. Dakle nemojte trositi vase vreme i znanje na stvari tipa IRC ratovi, to vas moze samo dovesti u situaciju da omirisete zatvorsku celiju. Dalje, nemojte ici na kanale tipa #warez, #creditcards ... Takodje nemojte se prikljucivati nekim warez grupama. Ja sam za opensource, i bolje sedite i napravite to isto u opensourceu sa nekim istomisljenicima nego praviti warez. Skoro sve sto se tice security/hackinga je besplatno i radite na takvim stvarima. Prikljucenje nekoj warez grupi donosi samo nevolje i a) Gomilu hostiva tipa ja.sam.najbolji.haker.na.celom.sve.tu i slicno, b) Gomilu stupidnih "prijatelja", c) Dospecete u krajnjem slucaju na FBI blacklist. - Sve u svemu nista specijalno. IRC grupe su dobre NIZASTA. Zasto zeleti da postanete clan neke frupe koja ce se "boriti" sa nekom slicnom grupom za prevlast na nekom kanalu ? To je slicno mafiji i ne vidim korist od toga. Tako sigurno necete postati ni slavni ni bogati. Gubicete vase dragoceno vreme na stvari od kojih nemate NISTA. Ako mislite da morate da trazite pomoc od neke war grupe i da im se prikljucite, da bi oteli neki kanal vi ste sigurno idiot. Ako vec zelite neki kanal, onda to shvatite kao neki izazov i uradite to sami. Mislite o tome. Moj savet je da se prikljucite nekoj "hacking oriented" grupi, i informisete se preko njih sta se desava u "globalnom paklu". Ovakve grupe rade suprotno od onoga sto sam rekao da NE RADITE. U slucaju da dobijete ponudu od neke grupe tipa: TESO, GOBBLES, ADM, l0pht, cDc, MOD, thc obavezno im se prikljucite jer ce te od njih nauciti mnogo stvari i necete gubiti vase vreme uzalud. Moj savet je da ne ulazite u druge grupe jer je to uglavnom gubljenje vremena. Eh da, josh nesto sta NEMOJTE da radite. Nemojte sebi postavljati velike izazove tipa whitehouse, cnn, fbi, cia i tako te stvari. U kostac sa tim se bacite tek kada budete DOVOLJNO pripremljeni i voljni. Nikako pre toga. Treba li da kazem da ne DOSujete takve hostove ? Necete nista time postici sem par sati prekida njihovog linka. Ali ipak ... mozda je to izazov ???

Informacije
Sto vishe budete napredovali u "hakovanju" i programiranju sve ce te manje posecivati web. Ja ga iskreno retko gledam i u mojim favorites ima svega par sajtova koje posecujem. Posecujte odabrane "security related" sajtove, budite informisani o novim security stvarima i programima, o novim public exploitima, promenama u metodama "hakovanja" i administriranja. Moj savet je da se prijavite na bugtraq i vuln-dev mailing liste i pratite ih.

Ovde možete saznati jedan od načina za ulazak u udaljeni 
računar pomoću telneta i netcat-a. Engleska verzija teksta;

How to Break into a Windows Computers from the Internet

******************************************************
In this Guide you will learn how to: 
* Use telnet from Windows 
* Download web pages via telnet 
* Get finger information via telnet 
* Telnet from the DOS command-line 
* Use netcat 
* Break into Windows Computers from the Internet 
        Protecting Yourself 
        What can they do 
        The command-line approach 
        The GUI approach 
        Final Words 
******************************************************
How to Use Telnet on a Windows Computer
Telnet is great little program for doing a couple of interesting things. In fact, if you want to call 
yourself a hacker, you absolutely MUST be able to telnet!  In this lesson you will find out a few of 
the cool things a hacker can do with telnet.
If you are using Win95, you can find telnet in the c:\windows directory, and on NT, in the 
c:\winnt\system32 directory.  There isn't a lot of online help concerning the usage of the program, 
so my goal is to provide some information for new users.
First off, telnet isn't so much an application as it is a protocol.  Telnet is protocol that runs over 
TCP/IP, and was used for connecting to remote computers.  It provides a login interface, and you 
can run command-line programs by typing the commands on your keyboard, and the programs use 
the resources of the remote machine.  The results are displayed in the terminal window on your 
machine, but the memory and CPU cycles consumed by the program are located on the remote 
machine.  Therefore, telnet functions as a terminal emulation program, emulating a terminal on 
the remote machine.
Now, telnet runs on your Win95 box as a GUI application...that is to say that you can type "telnet" 
at the command prompt (in Windows 95 this is the MS-DOS prompt), and assuming that your PATH 
is set correctly, a window titled "telnet" will open.  This differs from your ftp program in that all 
commands are entered in the DOS window.
Let's begin by opening telnet.  Simply open a DOS window by clicking "start", then "programs", then 
"MS-DOS", and at the command prompt, type:
c:\telnet
The window for telnet will open, and you can browse the features of the program from the menu 
bar.
***************************************************
NEWBIE NOTE:  In this text file, I am referring only to the telnet 
program that ships with Win95/NT.  If you type "telnet" at the 
command prompt and you don't get the telnet window, make sure 
that the program is on your hard drive using the Start -> Find -> 
Files or Folders command.  Also make sure that your path statement includes the Windows 
directory.  There are many other programs available that provide similar functionality, with a lot of 
other bells and whistles, from any number of software sites. 
*************************************************
To learn a bit more about telnet, choose Help -> Contents, or 
Help -> Search for help on...  from the menu bar.  Read through 
the files in order to find more detailed explanations of things 
you may wish to do.  For example, in this explanation, I will 
primarily be covering how to use the application and what it can 
be used for, but now how to customize the colors for the application.
Now, if you choose Connect -> Remote System, you will be presented with a dialog window that will 
ask you for the remote host, the port and the terminal type.
****************************************************
NEWBIE NOTE: For most purposes, you can leave the terminal type on 
VT100. 
****************************************************
In the Connect dialog box, you can enter in the host to which 
you wish to connect, and there is a list box of several ports 
you can connect to:
daytime:  May give you the current time on the server. 
echo:  May echo back whatever you type in, and will tell you that the computer you have connected 
to is alive nd running on the Internet. qotd:  May provide you with a quote of the day. 
chargen:  May display a continuous stream of characters, useful for spotting network problems, but 
may crash your telnet program. 
telnet:  May present you with a login screen.
These will only work if the server to which you are trying to connect is running these services.  
However, you are not limited to just those ports...you can type in any port number you wish.  (For 
more on fun ports, see the GTMHH, "Port Surf's Up.") You will only successfully connect to the port if 
the service in question is available.  What occurs after you connect depends upon the protocol for 
that particular service.
When you are using telnet to connect to the telnet service on a server, you will (in most cases) be 
presented with a banner and a login prompt.
[Note from Carolyn Meinel:  Many people have written saying their telnet program fails to connect 
no matter what host they try to reach.  Here's a way to fix your problem.  First -- make sure you are 
already connected to the Internet.  If your telnet program still cannot connect to anything, here's 
how to fix your problem.  Click "start" then "settings" then "control panel."  Then click "Internet" 
then "connection."  This screen will have two boxes that may or may not be checked.  The top one 
says "connect to the Internet as needed."  If that box is checked, uncheck it -- but only uncheck it 
if you already have been having problems connecting.  The bottom box says "connect through a 
proxy server."  If that box is checked, you probably are on a local area network and your systems 
administrator doesn't allow you to use telnet.]
*********************************************
NEWBIE NOTE:  It's not a good idea to connect to a host on which you don't have a valid account.  
In your attempts to guess a username and password, all you will do is fill the log files on that host. 
From there, you can very easily be traced, and your online service provider will probably cancel your 
account. 
**********************************************
Now, you can also use telnet to connect to other ports, such as 
ftp (21), smtp (25), pop3 (110), and even http (80).  When you 
connect to ftp, smtp, and pop3, you will be presented with a 
banner, or a line of text that displays some information about the 
service.  This will give you a clue as to the operating system 
running on the host computer, or it may come right out and tell 
you what the operating system is...for instance, AIX, Linux, 
Solaris, or NT.  If you successfully connect to port 80, you will 
see a blank screen.  This indicates, again, that you have successfully completed the TCP 
negotiation and you have a connection.
Now, what you do from there is up to you.  You can simply disconnect with the knowledge that, yes, 
there is a service running on port 80, or you can use your knowledge of the HTTP protocol to 
retrieve the HTML source for web pages on the server.
How to Download Web Pages Via Telnet
To retrieve a web page for a server using telnet, you need to connect to that server on port 80, 
generally.  Some servers may use a different port number, such as 8080, but most web servers run 
on port 80.  The first thing you need to do is click on Terminal -> Preferences and make sure that 
there is a check in the Local Echo box.  Then, since most web pages will generally take up more 
than a single screen, enable logging by clicking Terminal -> Start Logging... and select a location 
and filename.  Keep in mind that as long as logging is on, and the same file is being logged to, all 
new information will be appended to the file, rather than overwriting the 
original file.  This is useful if you want to record several sessions, and edit out the extraneous 
information using Notepad.
Now, connect the remote host, and if your connection is successful, type in:
GET / HTTP/1.0
and hit enter twice.
**************************************************
NEWBIE NOTE:  Make sure that you hit enter twice...this is part 
of the HTTP protocol.  The single / after GET tells the server 
to return the default index file, which is generally "index.html". 
However, you can enter other filenames, as well. 
*************************************************
You should have seen a bunch of text scroll by on the screen.  Now you can open the log file in 
Notepad, and you will see the HTML 
code for the page, just as though you had chosen the View Source 
option from your web browser.  You will also get some additional 
information...the headers for the file will contain some information 
about the server.  For example:
        HTTP/1.0 200 Document follows 
        Date: Thu, 04 Jun 1998 14:46:46 GMT 
        Server: NCSA/1.5.2 
        Last-modified: Thu, 19 Feb 1998 17:44:13 GMT 
        Content-type: text/html 
        Content-length: 3196
One particularly interesting piece of information is the server 
name.  This refers to the web server software that is running 
and serving web pages.  You may see other names in this field, 
such as versions of Microsoft IIS, Purveyor, WebSite, etc. 
This will give you a clue as to the underlying operating system 
running on the server.
*************************************************
SYSADMIN NOTE:  This technique, used in conjunction with a 
database of exploits on web servers, can be particularly annoying. 
Make sure you keep up on exploits and the appropriate security 
patches from your web server and operating system vendors. 
*************************************************
*************************************************
NEWBIE NOTE:  This technique of gathering web pages is perfectly legal.  You aren't attempting to 
compromise the target system, you are simply doing by hand what your web browser does for you 
automatically.  Of course, this technique will not load images and Java applets for you. 
************************************************
Getting Finger Information Via Telnet
By now, you've probably heard or read a lot about finger.  It doesn't seem like a very useful 
service, and many sysadmins disable the service because it provides information on a particular 
user, information an evil hacker can take advantage of.  Win95 doesn't ship with a finger client, but 
NT does.  You can download finger clients for Win95 from any number of software sites.  But why do 
that when you have a readily available client in telnet?
The finger daemon or server runs on port 79, so connect to a remote host on that port.  If the 
service is running, you will be presented with a blank screen.
****************************************************
NEWBIE NOTE:  NT doesn't ship with a finger daemon (A daemon is a program on the remote 
computer which waits for people like you to connect to it), so generally speaking, and server that 
you find running finger will be a Unix box.  I say "generally" because there are third-party finger 
daemons available and someone may want to run one on their NT computer. 
****************************************************
The blank screen indicates that the finger daemon is waiting for input.  If you have a particular user 
that you are interested in, type in the username and hit enter.  A response will be provided, and 
the daemon will disconnect the client.  If you don't know a particular username, you can start by 
simply hitting enter.  In some cases, you may get a response such as "No one logged on." Or you 
may get information of all currently logged on users.  It all depends on whether or not the 
sysadmin has chosen to enable certain features of the daemon.  You can also try other names, 
such as "root", "daemon", "ftp", "bin", etc.
Another neat trick to try out is something that I have seen referred to as "finger forwarding".  To try 
this out, you need two hosts that run finger.  Connect to the first host, host1.com, and enter the 
username that you are interested in.  Then go to the second host, and enter:
user@host1.com
You should see the same information!  Again, this all depends upon 
the configuration of the finger daemon.
Using Telnet from the Command Line
Now, if you want to show your friends that you a "real man" because "real men don't need no 
stinkin' GUIs", well just open up a DOS window and type:
c:\>telnet <host> <port>
and the program will automatically attempt to connect to the host 
on the designated port for you.
Using Netcat
Let me start by giving a mighty big thanks to Weld Pond from L0pht for producing the netcat 
program for Windows NT.  To get a copy of this program, which comes with source code, simply go 
to:
http://www.l0pht.com/~weld
NOTE:  The first character of "l0pht: is the letter "l".  The second character is a zero, not an "o".
I know that the program is supposed to run on NT, but I have 
seen it run on Win95.  It's a great little program that can be used 
to do some of the same things as telnet.  However, there are 
advantages to using netcat...for one, it's a command-line program, 
and it can be included in a batch file.  In fact, you can automate 
multiple calls to netcat in a batch file, saving the results to 
a text file.
**************************************************
NEWBIE NOTE:  For more information on batch files, see previous versions of the Guide To (mostly) 
Harmless Hacking, Getting Serious with Windows series ...one of them dealt with basic batch file 
programming. 
**************************************************
Before using netcat, take a look at the readme.txt file provided in 
the zipped archive you downloaded.  It goes over the instructions 
on how to download web pages using netcat, similar to what I 
described earlier using telnet.
There are two ways to go about getting finger information using 
netcat.  The first is in interactive mode.  Simply type:
c:\>nc <host> 79
If the daemon is running, you won't get a command prompt back.  If this is the case, type in the 
username and hit enter. Or use the automatic mode by first creating a text file containing the 
username of interest.  For example, I typed:
c:\>edit root
and entered the username "root", without the quotes.  Then from 
the command prompt, type:
c:\>nc <host> 79 < root
and the response will appear on your screen.  You can save the 
output to a file by adding the appropriate redirection operator 
to the end of the file:
c:\>nc <host> 79 < root > nc.log
to create the file nc.log, or:
c:\>nc <host> 79 < root >> nc.log
to append the response to the end of nc.log.  NOTE:  Make sure 
that you use spaces between the redirection operators. 
 
How to Break into a Windows 95 machine Connected to the Internet
Disclaimer
The intent of this file is NOT to provide a step-by-step guide to accessing a Win95 computer while it 
is connected to the Internet.  The intent is show you how to protect yourself.
There are no special tools needed to access a remote Win95 machine...everything you need is right 
there on your Win95 system!  Two methods will be described...the command-line approach and the 
GUI approach.
Protecting Yourself
First, the method of protecting yourself needs to be made perfectly clear.  DON'T SHARE FILES!!  I 
can't stress that enough. If you are a home user, and you are connecting a Win95 computer to the 
Internet via some dial-up method, disable sharing.  If you must share, use a strong password...8 
characters minimum, a mix of upper and lower case letters and numbers, change the password 
every now and again.  If you need to transmit the
password to someone, do so over the phone or by written letter. To disable sharing, click on My 
Computer -> Control Panel -> Network -> File and Print Sharing.  In the dialog box that appears, 
uncheck both boxes.  It's that easy.
What Can They Do?
What can someone do?  Well, lots of stuff, but it largely depends on what shares are available.  If 
someone is able to share a printer from your machine, they can send you annoying letters and 
messages.  This consumes time, your printer ink/toner, and your paper.  If they are able to share 
a disk share, what they can do largely depends upon what's in that share.  The share appears as 
another directory on the attacker's machine, so any programs they run will be consuming their own 
resources...memory, cpu cycles, etc. But if the attacker has read and write access to those disk 
shares, then you're in trouble.  If you take work home, your files may be vulnerable.  Initialization 
and configuration files can be searched for passwords.  Files can be modified and deleted. A 
particularly nasty thing to do is adding a line to your autoexec.bat file so that the next time your 
computer is booted, the hard drive is formatted without any prompting from the user. Bad ju-ju, 
indeed.
** The command-line approach **
Okay, now for the part that should probably be titled "How they do it".  All that is needed is the IP 
address of the remote machine. Now open up a DOS window, and at the command prompt, type:
c:\>nbtstat -A [ip_addr]
If the remote machine is connected to the Internet and the ports used for sharing are not blocked, 
you should see something like:
       NetBIOS Remote Machine Name Table
   Name               Type         Status 
--------------------------------------------- 
NAME           <00>  UNIQUE      Registered 
DOMAIN         <00>  GROUP       Registered 
NAME           <03>  UNIQUE      Registered 
USERNAME       <03>  UNIQUE      Registered
MAC Address = 00-00-00-00-00-00
This machine name table shows the machine and domain names, a logged-on username, and the 
address of the Ethernet adapter (the information has been obfuscated for instructional purposes).
**Note:  This machine, if unpatched and not protected with a firewall or packet-filter router, may be 
vulnerable to a range of denial of service attacks, which seem to be fairly popular, largely because 
they require no skill or knowledge to perpetrate.
The key piece of information that you are looking for is in the Type column.  A machine that has 
sharing enabled will have a hex code of "<20>".
**Note:  With the right tools, it is fairly simple for a sysadmin to write a batch file that combs a 
subnet or her entire network, looking for client machines with sharing enabled.  This batch file can 
then be run at specific times...every day at 2:00 am, only on Friday evenings or weekends, etc.
If you find a machine with sharing enabled, the next thing to do is type the following command:
c:\>net view \\[ip_addr]
Now, your response may be varied.  You may find that there are no shares on the list, or that there 
are several shares available. Choose which share you would like to connect to, and type the 
command:
c:\>net use g: \\[ip_addr]\[share_name]
You will likely get a response that the command was completed successfully.  If that is the case, 
type:
c:\>cd g:
or which ever device name you decided to use.  You can now view what exists on that share using 
the dir commands, etc.
Now, you may be presented with a password prompt when you ssue the above command.  If that is 
the case, typical "hacker" (I shudder at that term) methods may be used.
** The GUI approach **
After issuing the nbtstat command, you can opt for the GUI approach to accessing the shares on 
that machine.  To do so, make sure that you leave the DOS window open, or minimized...don't 
close it.  Now, use Notepad to open this file:
c:\windows\lmhosts.sam
Read over the file, and then open create another file in Notepad, called simply "Lmhosts", without 
an extension.  The file should contain the IP address of the host, the NetBIOS name of the host 
(from the nbtstat command), and #PRE, separated by tabs.  Once you have added this 
information, save it, and minimize the window.  In the DOS command window, type:
c:\>nbtstat -R
This command reloads the cache from the Lmhosts file you just created.
Now, click on Start -> Find -> Computer, and type in the NetBIOS name of the computer...the same 
one you added to the lmhosts file. If your attempt to connect to the machine is successful, you 
should be presented with a window containing the available shares.  You may be presented with a 
password prompt window, but again, typical "hacker" (again, that term grates on me like fingernails 
on a chalk board, but today, it seems that it's all folks understand) techniques may be used to 
break the password.
************************************************
Note from Carolyn Meinel: Want to try this stuff without winding up in jail or getting expelled from 
school? Get a friend to give you permission to try to break in.
First, you will need his or her IP address.  Usually this will be different every time your friend logs 
on.  You friend can learn his or her IP address by going to the DOS prompt while online and giving 
the command "netstat -r". Something like this should show up:
C:\WINDOWS>netstat -r
Route Table
Active Routes:
  Network Address          Netmask  Gateway Address        Interface  Metric 
          0.0.0.0          0.0.0.0    198.999.176.84    198.999.176.84     1 
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1       1 
     198.999.176.0    255.255.255.0    198.999.176.84    198.999.176.84    1 
    198.999.176.84  255.255.255.255        127.0.0.1        127.0.0.1      1 
   198.999.176.255  255.255.255.255    198.999.176.84    198.999.176.84    1 
        224.0.0.0        224.0.0.0    198.999.176.84    198.999.176.84     1 
  255.255.255.255  255.255.255.255    198.999.176.84          0.0.0.0      1
Your friend's IP address should be under "Gateway Address."  Ignore the 127.0.0.1 as this will show 
up for everyone and simply means "locahost" or "my own computer."  If in doubt, break the 
Internet connection and then get online again.  The number that changes is the IP address of your 
friend's computer. 
***************************************************
************************************************** 
Evil Genius tip: Here is something really scary.  In your shell account give the "netstat" command.  
If your ISP allows you to use it, you might be able to get the dynamically assigned IP addresses of 
people from all over the world -- everyone who is browsing a Web site hosted by your ISP, everyone 
using ftp, spammers you might catch red-handed in the act of forging email on your ISP, guys up 
at 2AM playing on multiuser dungeons, IRC users, in fact you will see everyone who is connected to 
your ISP! 
****************************************************
*************************************************** 
YOU CAN GO TO JAIL WARNING: If you find a Windows 95 box on the Internet with file sharing 
enabled and no password protection, you can still get in big trouble for exploiting it.  It's just like 
finding a house whose owner forgot to lock the door -- you still are in trouble if someone catches 
you inside.  Tell temptation to take a hike! 
************************************************
Final Words
Please remember that this Guide is for instructional purposes only and is meant to educate the 
sysadmin and user alike.  If someone uses this information to gain access to a system which they 
have no permission or business messing with, I (keydet) cannot be responsible for the outcome.  If 
you are intending to try this information out, do so with the consent and permission of a friend.

LINK BR.1
NA OVOM LINKU MOZETE SAZNATI SVE O NETCAT-U I CRYPTCAT-U, UJEDNO I DA VIDITE KOJE SU NAJNOVIJE VERZIJE ZA DOWNLOAD

LINK BR.2
NA OVOM LINKU MOZETE PREUZETI UPUTSTVO NA SRPSKOM JEZIKU O CRYPTCATU I NETCATU KOJI SLUZE ZA SKENIRANJE MREZA NA INTERNETU. DOWNLOAD ~220KB.

LINK BR.3
NA OVOM LINKU MOZETE SAZNATI SVE STO VAS INTERESUJE U VEZI NMAP-A KOJI TAKOĐE SLUŽI ZA SKENIRANJE PORTOVA. FUNKCIONALAN JE I SASTAVNI DEO VEĆINE UNIX PAKETA

LINK BR.4
NOVINA - GRAFIČKA VERZIJA ZA WINDOWS. DOWNLOAD TAKOĐE.