Security Issues by Nirmal

Being Anonymous on the web

01. Changing Your IP Addresses

About
This tutorial will teach teach you how to change your ip address to any other one on your ip range instead of having your DHCP Server pick one for you. This is very useful because you can change your ip when you are getting DDoS'ed or if you wish to piss off someone running a web server (or other service) on your ip range, it is also useful to get around a bans as long as the ban only covered your ip not your whole ip range.

As usually anything illegal you do while reading this tutorial or after reading this tutorial is not my fault, your actions are your own so don't blame me. I do not claim that the things I teach are legal, so consider that everything I mention here is illegal if you are not sure your self.

Needed Information
Before you can change your ip you need some information. This information includes your ip range, subnet mask, default gateway, dhcp server, and dns servers.

Getting your IP range -

Getting information about your ip range is not difficult, I recommend using Neo Trace on your own ip. But for our test just look at your ip address, say it's 24.193.110.13 you can definitely use the ip's found between 24.193.110.1 < [new ip] < 24.193.110.255, don't use x.x.x.1 or x.x.x.255. To find your ip simply open a dos/command prompt window and type ipconfig at the prompt, look for "IP Address. . . . . . . . . . . . : x.x.x.x".

Subnet Mask, Default Gateway, DHCP Server -

These are very easy to find, just open a dos/command prompt window and type 'ipconfig /all' without the ' '. You should see something like this:
Windows IP Configuration

Host Name . . . . . . . . . . . . : My Computer Name Here
Primary Dns Suffix . . . . . . . .:
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . .: xxxx.xx.x
Description . . . . . . . . . . . : NETGEAR FA310TX Fast Ethernet Adapter (NGRPCI)
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . : Yes
Auto configuration Enabled . . . .: Yes
IP Address. . . . . . . . . . . . : ...24.xxx.xxx.xx
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :24.xxx.xxx.x
DHCP Server . . . . . . . . . . . : 24.xx.xxx.xx
DNS Servers . . . . . . . . . . . : .24.xx.xxx.xxx
24.xx.xxx.xx
24.xx.xxx.xxx
Lease Obtained. . . . . . . . . . : Monday, January 20, 2003 4:44:08 PM
Lease Expires . . . . . . . . . . : Tuesday, January 21, 2003 3:43:16 AM

This is all the information you will need for now, I suggest you either keep your dos/command prompt window open or copy & paste the information somewhere, to copy right click the window and select text and click once.

Changing your IP Address

To change your ip address first pick any ip you like out of your ip range and remember it or write it down. It is usually a good idea to make sure the ip is dead (except for what we are going to do later on) so just ping it via "ping x.x.x.x" and if it times out then you can use it. Now go to My Computer, then Control Panel. In Control Panel select Network Connections and pick your active connection, probably Local Area Connection or your ISP name. Open that connection by double clicking on the icon in Network Connections, then select Properties under the General Tab. In the new window that pops up select Internet Protocol (TCP/IP) and click properties, it's under the general tab. In this new window select the General tab and choose "Use the following IP address" and for the IP address enter the ip you would like to use (the one you picked from your subnet earlier) and for the Subnet Mask enter the subnet mask you got when your ran ipconfig /all, same goes for the Default Gateway. Now select "Use the following DNS server addresses" and enter the information you got earlier. Now just click OK. Test that it worked, try to refresh a website and if it works you know everything is okay and you are connected. To make sure the change worked type ipconfig again and the ip address should have changed to your new one.

IV. DDoS & DoS Protection

If your firewall shows that you are being ddosed, this is usually when you are constantly getting attempted UDP connections several times a second from either the same ip address or multiple ip addresses (dos), you can protect your self by changing your ip address via the method I described above.

V. Web servers & Other Services

If you know someone on your ip range is running a web server and he or she has pissed you off or you just like messing around you can "steal" their ip address so any dns going to that ip will show your site instead because you would be running a web server your self.

To "steal" an ip is to basically use the changing ip address method above and picking an ip that someone that is running a web server has in use. Often you will be able to keep that ip at least for some time, other times you wont be able to use it so just keep trying until it works. You your self will need to have a web server on the same port with your message. You can do this with other services too. You can also DoS or DDoS the ip address you are trying to steal to kick him off the net, but I don't recommend as its pretty illegal, your isp will get pissed and feds may go ape-shit

What is Telnet?

Telnet is a TCP/IP application that allows you to access and run programs on other computers on the Internet. When you open a session with telnet, you are actually logging in to a remote computer. You must have an account on the remote computer to access it. The only way to access a remote computer without an account is to telnet to a “public” site. If you telnet to a remote site with public access, you must enter a public use rid. Publicly accessed sites provide you with the correct use rid and do not require a password.

Bypassing Blocked Websites

This is very simple and old. This is pointed to newbie's out there! You may give it away as long as this section (Within the lines) is untouched and if you change it you must put notes in where you change it!

Bypassing block websites at schools, jobs, tech centers, etc are fairly easy! This trick is old and I didn't see it here so I decide to add it. First go to Start then on to Run. Type in command or if you have newer versions of windows type in cod. It should bring you up to a black screen with something like this:

C:\WINDOWS>

You then get the site that is block says WWW.Blocksite.C0M was the site. You then will Ping it for the IP address. Like this

C:\WINDOWS>Ping WWW.BlockSite.C0M

It should say Pinging www.blocksite.c0m [127.0.0.1](Note: this is not the real ip address but a EGG just use the real one instead.)

Get the ip Write it down or tell your buddy besides you to remember. Then go to your Ie explore or the way you get on to the "Internet". Type HTTP://IP ADDRESS/ press enter next it should go to the site! 90% of the time this trick works!

Short version:

Get the ip of the site that block then type it in your browser with http:// in front of it.

What is a “Cookie”?

A “cookie” is a small piece of information sent by a web server to be stored on a web browser so that it can later be read back from that browser. This becomes useful for having the browser remember specific information about a visitor to a particular website. The cookie is a text file that is saved in the browser’s directory and is stored in RAM while the browser is running. The cookie may also be stored on the computer’s hard drive once a user logs off from that website or web server. Cookies are a very important method for maintaining ‘state’ on the Web. What does that mean? ‘State’ refers to the application ability to work interactively with the user. For example, when you book yourself for a train/bus you get a ticket. On the date of journey, when you show this ticket, you will be allowed to enter the train/bus else the ticket collector will not know if you are the right person or a new customer. Here ticket is critical to maintain state between you and ticket collector. HTTP is a ‘stateless’ protocol. This means that each visit to a site (or clicks within a site) is seen by the server as the first visit by the user. That means the server forgets everything after each request, unless it can somehow mark a visitor ( i.e ‘Yes he is the right traveler’) to help it remember. Cookies do this job.

Cookies can only tell a web server if you have been there before and can pass short bits of information (such as a user number) from the web server back to itself the next time you visit. Most cookies last only until you quit your browser and then are destroyed. A second type of cookie known as a persistent cookie has an expiration date and is stored on your disk until that date. A persistent cookie can be used to track a user's browsing habits by identifying him whenever he returns to a site. Information about where you come from and what web pages you visit already exists in a web server's log files and could also be used to track users browsing habits, cookies just make it easier.

How do I examine Persistent Cookies already my own System?
Persistent cookies are stored in different places on your system depending on which web browser and browser version you are using. Netscape stores all its persistent cookies in a single file named cookies.txt on the PC . Both files are in the Netscape directory. You can open and edit this file with a text editor and delete any cookies that you don't want to keep or delete the file itself to get rid of all of your cookies. Internet Explorer stores persistent cookies in separate files named with the user's name and the domain name of the site that sent the cookie. For example: [email protected]. The cookie files are stored in /Windows/cookies or in /Windows/profiles/cookies directories, where ‘yourname’ is replaced with the user's login name. If your operating system directory is not named Windows (such as Winnt for Windows NT) then look in that directory instead of the Windows directory. You can delete any of these files you do not want to keep. You can open these files to see where they came from and what information they contain. For example, the following are the contents of an Internet Explorer cookie file.
WEBTRENDS_ID

61.1.129.58-1041789995.121030

www.bazee.com/

1024

3872737152

30271763

3731731632

29537508

*

This particular cookie file was named [email protected] (abhishek is my user name, I logged in). Cookie may contain different information; it depends on cookie to cookie. Here my IP address is stored(61.1.129.58) . We will not go into details now.

What Are Cookies Used For?
One use of cookies is for storing passwords and user ID’s for specific websites. Also, they are used to store preferences of start pages. On sites with personalized viewing, your web browser will be requested to utilize a small amount of space on your computer’s hard drive to store these preferences. That way, each time you log on to that website, your browser will check to see if you have any pre-defined preferences (a cookie) for that unique server. If you do, the browser will send the cookie to the server along with your request for a web page. Microsoft and Netscape use cookies to create personal start pages on their websites. Common uses for which companies utilize cookies include: on-line ordering systems, site personalization, and website tracking.

Cookies have some beneficial things. Site personalization is one of the most beneficial uses for cookies. For example, a person comes to the CNN or even Yahoo!(My Yahoo) site, but does not want to see any business news. The site allows the person to select this choice as an option. >From then on (or until the cookie expires), the person would not see business news when they access the CNN web pages. You must have also seen in some websites that when you log in (using a User ID & Password), there is an option for ‘remember me when I visit next time’; that’s possible because it stored your password and id on your machine in a cookie.

Some visitors feel it is an invasion of privacy for a website to track their progress on a site. It helps to get you the information or services you seek as quickly as possible and allow you to get back to work without delay. Site navigation statistics are critical to the continuing redesign of the site. Site administrator might need to know if 100 different people visited his site or if one person (or robot) continuously hit the reload button 100 times.
Cookies also have some demerits. Let me give you a example real life). The Double-Click Network is a system created by the Double-Click Corporation to create profiles of individuals using the World Wide Web and to present them with advertising banners customized to their interests. Double Click's primary customers are Web sites looking to advertise their services. Each member of the Double-Click Network becomes a host for the advertising of other members of the network. When a Web site joins Double-Click it creates advertisements for its services and submits them to Double Click's server. The Web site then modifies its HTML pages to include an <IMG> graphic that points to Double-Click. When a user goes to view one of these modified HTML pages, her browser makes a call to Double Click's server to retrieve the graphic. The server chooses one of its member's advertisements and returns it to the browser. If the user reloads the page, a different advertisement appears. If the user clicks on the graphic, her browser jumps to the advertised site. Currently many hundreds of sites belong to Double-Click.
>From the user's point of view Double Click's graphics appear no different from any other Web advertisement, and there's no visible indication of anything special about the graphic. However, there is an important difference. When a user first connects to the Double-Click server to retrieve a graphic, the server assigns the browser a cookie that contains a unique identification number. From that time forward whenever the user connects to any Web site that subscribes to the Double-Click Network, her browser returns the identification number to Double Click's server, allowing the server to recognize her. Over a period of time Double-Click compiles a list of which member sites the user has visited and revisited, using this information to create a profile of the user's tastes and interests. With this profile in hand the Double-Click server can select advertising that is likely to be of interest to the user. It can also use this information to compile valuable feedback for its member Web sites, such as providing them with audience profiles and rating the effectiveness of the advertisements.
So how do I know that I have been tracked by Double-Click ? Well to find out whether you have been tracked by Double-Click, examine your browser's cookies file in cookies directory . There will be something like this
ad.doubleclick.net FALSE / FALSE 942195440 IAA d2bbd5

How Do These Cookies Work?
A command line in the HTML code of a document tells the browser to set a cookie of a certain name or value. The following is a general example of a script used to set a cookie.

Set-Cookie: name = VALUE;
expires = DATE;
path = PATH;
domain = DOMAIN_NAME; secure

Lets go a bit detail of all these attributes….
name=VALUE
This string is a sequence of characters excluding semi-colon, comma and white space. If there is a need to place such data in the name or value, some encoding method such as URL style %XX encoding is recommended, though no encoding is defined or required.
This is the only required attribute on the Set-Cookie header.

expires = DATE
The expires attribute specifies a date string that defines the valid life time of that cookie. Once the expiration date has been reached, the cookie will no longer be stored or given out.
The date string is formatted as:
Wdy, DD-Mon-YYYY HH:MM:SS GMT
expires is an optional attribute. If not specified, the cookie will expire when the user's session ends.

domain = DOMAIN_NAME
When searching the cookie list for valid cookies, a comparison of the domain attributes of the cookie is made with the Internet domain name of the host from which the URL will be fetched. If there is a tail match, then the cookie will go through path matching to see if it should be sent. "Tail matching" means that domain attribute is matched against the tail of the fully qualified domain name of the host. A domain attribute of "internet. COM" would match host names "people.internet.com" as well as "shipping.computer.internet.com".

Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "lu.in". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
The default value of domain is the host name of the server which generated the cookie response.

Path = PATH

The path attribute is used to specify the subset of URLs in a domain for which the cookie is valid. If a cookie has already passed domain matching, then the pathname component of the URL is compared with the path attribute, and if there is a match, the cookie is considered valid and is sent along with the URL request. The path "/foo" would match "/foobar" and "/foo/bar.html". The path "/" is the most general path.
If the path is not specified, it as assumed to be the same path as the document being described by the header which contains the cookie.

secure

If a cookie is marked secure, it will only be transmitted if the communications channel with the host is a secure one. Currently this means that secure cookies will only be sent to HTTPS (HTTP over SSL) servers.
If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.

An HTTP Cookie cannot be used to retrieve personal data from your hard drive, install a virus, get your email address, or steal sensitive information about who you are; however, an HTTP Cookie may be used to track where you travel over a particular site. Site tracking cannot easily be done without the use of cookies as you have seen in the above example.

As with everything else about the Internet, you are only as anonymous as you wish to be. No website knows who you are until you reveal to it who you are. In the meantime, a cookie is simply a means of tracking site statistics in order to better understand usage patterns and to improve visitor productivity. A cookie is the way of remembering that information. If a website designer desires to make web pages become more interactive with visitors, or if the designer plans on letting visitors customize the appearance of the site, then they will need cookies. Also, if you want your site visits to change appearances under certain circumstances, cookies provide a quick and easy way to let your HTML pages change as required. The newest servers use cookies to help with database interactivity, which can improve the overall interactivity of the website.

I hope now you understand the pros and cons of Cookies. This is not over yet. In my next article I’ll be explaining more details about cookies, how to hack those, cookie hijacking , using those how to spoof, & countermeasures.

Wanna Make some money?
If you have access to your own email account, you can get paid.