ExTrEmEDwarf's Content - Page 550 - MaxCheaters.com | Lineage 2 Development Marketplace Bots and Cheats

Problem pls help!

ExTrEmEDwarf replied to ikerakos's question in Request Server Development Help [Greek]

den ginetai afto pou les. to mono pou mporeis na kaneis einai na valeis to html mesa sto admin menu

yao

ExTrEmEDwarf replied to Nitr0s's topic in Newbies Introduce Urself

yao

[Guide]Make your computer amazingly faster!

ExTrEmEDwarf posted a topic in Guides & Tutorials

DISABLE INDEXING SERVICES Indexing Services is a small little program that uses large amounts of RAM and can often make a computer endlessly loud and noisy. This system process indexes and updates lists of all the files that are on your computer. It does this so that when you do a search for something on your computer, it will search faster by scanning the index lists. If you don't search your computer often, or even if you do search often, this system service is completely unnecessary. To disable do the following: 1. Go to Start 2. Click Settings 3. Click Control Panel 4. Double-click Add/Remove Programs 5. Click the Add/Remove Window Components 6. Uncheck the Indexing services 7. Click Next OPTIMISE DISPLAY SETTINGS Windows XP can look sexy but displaying all the visual items can waste system resources. To optimise: 1.Go to Start 2. Click Settings 3. Click Control Panel 4. Click System 5. Click Advanced tab 6. In the Performance tab click Settings 7. Leave only the following ticked: - Show shadows under menus - Show shadows under mouse pointer - Show translucent selection rectangle - Use drop shadows for icons labels on the desktop - Use visual styles on windows and buttons DISABLE PERFORMANCE COUNTERS Windows XP has a performance monitor utility which monitors several areas of your PC's performance. These utilities take up system resources so disabling is a good idea. To disable: 1. download and install the Extensible Performance Counter List(http://www.Mcft.com/windows2000/remove404.mspx) 2.Then select each counter in turn in the 'Extensible performance counters' window and clear the 'performance counters enabled' checkbox at the bottom.button below. SPEEDUP FOLDER BROWSING You may have noticed that everytime you open my computer to browse folders that there is a slight delay. This is because Windows XP automatically searches for network files and printers everytime you open Windows Explorer. To fix this and to increase browsing significantly: 1. Open My Computer 2. Click on Tools menu 3. Click on Folder Options 4. Click on the View tab. 5. Uncheck the Automatically search for network folders and printers check box 6. Click Apply 7. Click Ok 8. Reboot your computer IMPROVE MEMORY USAGE Cacheman Improves the performance of your computer by optimizing the disk cache, memory and a number of other settings. Once Installed: 1.Go to Show Wizard and select All 2.Run all the wizards by selecting Next or Finished until you are back to the main menu. Use the defaults unless you know exactly what you are doing. 3.Exit and Save Cacheman 4.Restart Windows OPTIMISE YOUR INTERNET CONNECTION There are lots of ways to do this but by far the easiest is to run TCP/IP Optimizer. 1. Download(www.speedguide.net/files/tcpoptimizer.exe) and install 2. Click the General Settings tab and select your Connection Speed (Kbps) 3. Click Network Adapter and choose the interface you use to connect to the Internet 4. Check Optimal Settings then Apply 5. Reboot OPTIMISE YOUR PAGEFILE If you give your pagefile a fixed size it saves the operating system from needing to resize the page file. 1. Right click on My Computer and select Properties 2. Select the Advanced tab 3. Under Performance choose the Settings button 4. Select the Advanced tab again and under Virtual Memory select Change 5. Highlight the drive containing your page file and make the initial Size of the file the same as the Maximum Size of the file. Windows XP sizes the page file to about 1.5X the amount of actual physical memory by default. While this is good for systems with smaller amounts of memory (under 512MB) it is unlikely that a typical XP desktop system will ever need 1.5 X 512MB or more of virtual memory. If you have less than 512MB of memory, leave the page file at its default size. If you have 512MB or more, change the ratio to 1:1 page file size to physical memory size. RUN BOOTVIS - IMPROVE BOOT TIMES download from(www.majorgeeks.com) BootVis will significantly improve boot times 1. Download and Run 2. Select Trace 3. Select Next Boot and Driver Trace 4. A Trace Repetitions screen will appear, select Ok and Reboot 5. Upon reboot, BootVis will automatically start, analyze and log your system's boot process. When it's done, in the menu go to Trace and select Optimize System 6. Reboot. 7. When your machine has rebooted wait until you see the Optimizing System box appear. Be patient and wait for the process to complete REMOVE THE DESKTOP PICTURE Your desktop background consumes a fair amount of memory and can slow the loading time of your system. Removing it will improve performance. 1. Right click on Desktop and select Properties 2. Select the Desktop tab 3. In the Background window select None 4. Click Ok REMOVE FONTS FOR SPEED Fonts, especially TrueType fonts, use quite a bit of system resources. For optimal performance, trim your fonts down to just those that you need to use on a daily basis and fonts that applications may require. 1. Open Control Panel 2. Open Fonts folder 3. Move fonts you don't need to a temporary directory (e.g. C:\FONTBKUP?) just in case you need or want to bring a few of them back. The more fonts you uninstall, the more system resources you will gain. DISABLE UNNECESSARY SERVICES Because Windows XP has to be all things to all people it has many services running that take up system resources that you will never need. Below is a list of services that can be disabled on most machines: Alerter Clipbook Computer Browser Distributed Link Tracking Client Fast User Switching Help and Support - (If you use Windows Help and Support leave this enabled) Human Interface Access Devices Indexing Service IPSEC Services Messenger Netmeeting Remote Desktop Sharing (disabled for extra security) Portable Media Serial Number Remote Desktop Help Session Manager (disabled for extra security) Remote Procedure Call Locator Remote Registry (disabled for extra security) Remote Registry Service Secondary Logon Routing & Remote Access (disabled for extra security) Server SSDP Discovery Service - (Unplug n' Pray will disable this) Telnet TCP/IP NetBIOS Helper Upload Manager Universal Plug and Play Device Host Windows Time Wireless Zero Configuration (Do not disable if you use a wireless network) Workstation To disable these services: Go to Start and then Run and type "services.msc" Doubleclick on the service you want to change Change the startup type to 'Disable" TURN OFF SYSTEM RESTORE System Restore can be a useful if your computer is having problems, however storing all the restore points can literally take up Gigabytes of space on your hard drive. To turn off System Restore: Open Control Panel Click on Performance and Maintenance Click on System Click on the System Restore tab Tick 'Turn off System Restore on All Drives' Click 'Ok' DEFRAGMENT YOUR PAGEFILE Keeping your pagefile defragmented can provide a major performance boost. One of the best ways of doing this is to creat a separate partition on your hard drive just for your page file, so that it doesn't get impacted by normal disk usage. Another way of keeping your pagefile defragmented is to run PageDefrag. This cool little app can be used to defrag your pagefile, and can also be set to defrag the pagefile everytime your PC starts. To install: Download(www.sysinternals.com) and Run PageDefrag Tick "Defrag at next Reboot", Click "Ok" Reboot SPEEDUP FOLDER ACCESS - DISABLE LAST ACCESS UPDATE If you have a lot of folders and subdirectories on your computer, when you access a directory XP wastes a lot of time updating the time stamp showing the last access time for that directory and for ALL sub directories. To stop XP doing this you need to edit the registry. If you are uncomfortable doing this then please do not attempt. Go to Start and then Run and type "regedit" Click through the file system until you get to "HKEY_LOCAL_MACHINE\System\Cur rentControlSet\Control\FileSys tem" Right-click in a blank area of the window on the right and select 'DWORD Value' Create a new DWORD Value called 'NtfsDisableLastAccessUpdate' Then Right click on the new value and select 'Modify' Change the Value Data to '1' Click 'OK' DISABLE SYSTEM SOUNDS Surprisingly, the beeps that your computer makes for various system sounds can slow it down, particularly at startup and shut-down. To fix this turn off the system sounds: Open Control Panel Click Sounds and Audio Devices Check Place volume icon in taskbar Click Sounds Tab Choose "No Sounds" for the Sound Scheme Click "No" Click "Apply" Click "OK" IMPROVE BOOT TIMES A great new feature in Mcft Windows XP is the ability to do a boot defragment. This places all boot files next to each other on the disk to allow for faster booting. By default this option in enables but on some builds it is not so below is how to turn it on. Go to Start Menu and Click Run Type in "Regedit" then click ok Find "HKEY_LOCAL_MACHINE\SOFTWARE\M icrosoft\Dfrg\BootOpt imizeFunction" Select "Enable" from the list on the right Right on it and select "Modify" Change the value to "Y to enable" Reboot IMPROVE SWAPFILE PERFORMANCE If you have more than 256MB of RAM this tweak will considerably improve your performance. It basically makes sure that your PC uses every last drop of memory (faster than swap file) before it starts using the swap file. Go to Start then Run Type "msconfig.exe" then ok Click on the System.ini tab Expand the 386enh tab by clicking on the plus sign Click on new then in the blank box type"ConservativeSwapfileUsage =1" Click OK Restart PC MAKE YOUR MENUS LOAD FASTER This is one of my favourite tweaks as it makes a huge difference to how fast your machine will 'feel'. What this tweak does is remove the slight delay between clicking on a menu and XP displaying the menu. Go to Start then Run Type 'Regedit' then click 'Ok' Find "HKEY_CURRENT_USER\Control Panel\Desktop\" Select "MenuShowDelay" Right click and select "Modify' Reduce the number to around "100" This is the delay time before a menu is opened. You can set it to "0" but it can make windows really hard to use as menus will open if you just look at them - well move your mouse over them anyway. I tend to go for anywhere between 50-150 depending on my mood MAKE PROGRAMS LOAD FASTER This little tweak tends to work for most programs. If your program doesn't load properly just undo the change. For any program: Right-click on the icon/shortcut you use to launch the program Select properties In the 'target' box, add ' /prefetch:1' at the end of the line. Click "Ok" Voila - your programs will now load faster. IMPROVE XP SHUTDOWN SPEED This tweak reduces the time XP waits before automatically closing any running programs when you give it the command to shutdown. Go to Start then select Run Type 'Regedit' and click ok Find 'HKEY_CURRENT_USER\Control Panel\Desktop\' Select 'WaitToKillAppTimeout' Right click and select 'Modify' Change the value to '1000' Click 'OK' Now select 'HungAppTimeout' Right click and select 'Modify' Change the value to '1000' Click 'OK' Now find 'HKEY_USERS\.DEFAULT\Control Panel\Desktop' Select 'WaitToKillAppTimeout' Right click and select 'Modify' Change the value to '1000' Click 'OK' Now find 'HKEY_LOCAL_MACHINE\System\Cur rentControlSet\Control\' Select 'WaitToKillServiceTimeout' Right click and select 'Modify' Change the value to '1000' Click 'OK' SPEED UP BOOT TIMES I This tweak works by creating a batch file to clear the temp and history folders everytime you shutdown so that your PC doesn't waste time checking these folders the next time it boots. It's quite simple to implement: 1. Open Notepad and create a new file with the following entries: RD /S /q "C:\Documents and Settings\"UserName without quotes"\Local Settings\History" RD /S /q "C:\Documents and Settings\Default User\Local Settings\History" RD /S /q "D:\Temp\" <ÃƒÆ’Ã‚Â¢ÃƒÂ¢Ã¢â‚¬Å¡Ã‚Â¬ÃƒÂ¢Ã¢â€šÂ¬Ã…â€œ"Deletes temp folder, type in the location of your temp folder" 2. Save the new as anything you like but it has to be a '.bat' file e.g. fastboot.bat or deltemp.bat 3. Click 'Start' then 'Run' 4. Type in 'gpedit.msc' and hit 'ok' 5. Click on 'Computer Configuration' then 'Windows Settings' 6. Double-click on 'Scripts' and then on 'Shutdown' 7. Click 'Add' and find the batch file that you created and then press 'Ok' SPEED UP BOOT TIMES II When your PC starts it usually looks for any bootable media in any floppy or cd-rom drives you have installed before it gets around to loading the Operating System from the HDD. This can waste valuable time. To fix this we need to make some changes to the Bios. 1. To enter the bios you usually press 'F2' or 'delete' when your PC starts 2. Navigate to the 'Boot' menu 3. Select 'Boot Sequence' 4. Then either move your Hard drive to the top position or set it as the 'First Device' 5. Press the 'Escape' key to leave the bios. Don't forget to save your settings before exiting Note: Once this change has been made, you won't be able to boot from a floppy disc or a CD-rom. If for some strange reason you need to do this in the future, just go back into your bios, repeat the steps above and put your floppy or CD-rom back as the 'First Device' SPEED UP BOOT TIMES III When your computer boots up it usually has to check with the network to see what IP addresses are free and then it grabs one of these. By configuring a manually assigned IP address your boot time will improve. To do this do the following: 1. Click on 'Start' and then ''Connect To/Show All Connections' 2. Right-click your network adapter card and click 'Properties'. 3. On the 'General' tab, select 'TCP/IP' in the list of services and click 'Properties' 4.I n the TCP/IP properties, click 'Use the following address' and enter an IP address for your PC. If you are using a router this is usually 192.168.0.xx or 192.168.1.xx. If you are not sure what address you could check with your ISP or go to 'Start/run' and type 'cmd' and then 'ipconfig/all'. This will show your current IP settings which you will need to copy. 5. Enter the correct details for 'Subnet mask', 'Default gateway' and 'DNS Server'. Again if you are not sure what figures to enter use 'ipconfig/all' as in stage 4. FREE UP MEMORY I found this useful app via FixMyXP. ClearMem Is an Excellent Tool for speeding up your XP Computer (especially if your system has been on for awhile and you have a lot of applications open). What it does, is it Forces pages out of physical memory and reduces the size of running processes if working sets to a minimum. When you run this tool, the system pauses because of excessive high-priority activity associated with trimming the working sets. To run this tool, your paging file must be at least as large as physical memory. To Check your Paging File: 1. Go to your control panel, then click on 'System', then go to the 'Advanced' Tab, and Under 'Performance' click 'Settings' then the 'Advanced' Tab 2. On the Bottom you should see 'Virtual Memory' and a value. This is the value that must be at least as large as how much memory is in your system. 3. If the Virtual Memory Value is smaller than your system memory, click Change and change the Min Virtual Memory to a number that is greater than your total system memory, then click 'Set' and Reboot. 4. Once you have rebooted install ClearMem ENSURE XP IS USING DMA MODE XP enables DMA for Hard-Drives and CD-Roms by default on most ATA or ATAPI (IDE) devices. However, sometimes computers switch to PIO mode which is slower for data transfer - a typical reason is because of a virus. To ensure that your machine is using DMA: 1. Open 'Device Manager' 2. Double-click 'IDE ATA/ATAPI Controllers' 3. Right-click 'Primary Channel' and select 'Properties' and then 'Advanced Settings' 4. In the 'Current Transfer Mode' drop-down box, select 'DMA if Available' if the current setting is 'PIO Only' ADD CORRECT NETWORK CARD SETTINGS Some machines suffer from jerky graphics or high CPU usage even when a machine is idle. A possible solution for this, which, can also can help network performance is to: 1. RightClick 'My Computer' 2. Select 'Manage' 3. Click on 'Device Manager' 4. DoubleClick your network adaptor under 'Network Adapters' 5. In the new window, select the 'Advanced' tab 6. Select 'Connection Type' and select the correct type for your card and then Reboot REMOVE ANNOYING DELETE CONFIRMATION MESSAGES Although not strictly a performance tweak I love this fix as it makes my machine 'feel' faster. I hate the annoying 'are you sure?' messages that XP displays, especially if I have to use a laptop touchpad to close them. To remove these messages: 1. Right-click on the 'Recycle Bin' on the desktop and then click 'Properties' 2. Clear the 'Display Delete Confirmation Dialog' check box and click 'Ok' If you do accidently delete a file don't worry as all is not lost. Just go to your Recycle Bin and 'Restore' the file. DISABLE PREFETCH ON LOW MEMORY SYSTEMS Prefetch is designed to speed up program launching by preloading programs into memory - not a good idea is memory is in short supply, as it can make programs hang. To disable prefetch: 1. Click 'Start' then 'Run' 2. Type in 'Regedit' then click 'Ok' 3. Navigate to 'HKEY_LOCAL_MACHINE\SYSTEM\Cur rentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\ ' 4. Right-click on "EnablePrefetcher" and set the value to '0' 5. Reboot. Enjoy. Credits: Crazycoder

[EN] Official Spam Töpic. ಠ_ಠ

ExTrEmEDwarf replied to GrisoM's topic in Spam Topics

U both raped the word It is considers.

[Request]Walker for L2Dismay

ExTrEmEDwarf replied to ExTrEmEDwarf's topic in Request Botting [English]

eh, i wont pay anyone for a walker lulz -.-" I think the server is going from good to the best, the server is opened at 1th of the month and it already have 300+ ppl online. Im currently playing without walker =/

PvP Videos

ExTrEmEDwarf replied to Stάzy's topic in General Discussion [English]

&feature=channel Not mine, its a friend's creation

[EN] Official Spam Töpic. ಠ_ಠ

ExTrEmEDwarf replied to GrisoM's topic in Spam Topics

lol video and lol @ 644,782 favorites

[Tutorial]Tracing A Hacker

ExTrEmEDwarf replied to ExTrEmEDwarf's topic in Guides & Tutorials

# Dynamic/Private Ports Ranging from 49152 to 65535, these things are rarely used except with certain programs, and even then not very often. This is indeed the usual range of the Trojan, so if you find any of these open, be very suspicious. So, just to recap: Well Known Ports 0 to 1023 Commonly used, little danger. Registered Ports 1024 to 49151 Not as common, just be careful. Dynamic/Private Ports 49152 to 65535 Be extremely suspicious. ## The hunt is on ## Now, it is essential that you know what you're looking for, and the most common way someone will attack your machine is with a Trojan. This is a program that is sent to you in an email, or attempts to bind itself to one of your ports, and when activated, it can give the user your passwords, access to your hard drive...they can even make your CD Tray pop open and shut. At the end of this Document, you will find a list of the most commonly used Trojans and the ports they operate on. For now, let's take another look at that first example of Netstat.... Active Connections Proto Local Address Foreign Address State TCP macintosh: 27374 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT TCP macintosh MACINTOSH: 0 LISTENING TCP macintosh MACINTOSH: 0 LISTENING TCP macintosh MACINTOSH: 0 LISTENING Now, straight away, this should make more sense to you. Your computer is connected on two ports, 80 and 27374. Port 80 is used for http/www transmissions (ie for all intents and purposes, its how you connect to the net, although of course it's a lot more complicated than that). Port 27374, however, is distinctly suspicious; first of all, it is in the registered port range, and although other services (like MSN) use these, let's assume that you have nothing at all running like instant messengers, webpages etc....you're simply connected to the net through proxy. So, now this connection is looking even more troublesome, and when you realise that 27374 is a common port for Netbus (a potentially destructive Trojan), you can see that something is untoward here. So, what you would do is: 1) run Netstat , and use: Netstat -a then Netstat -an So you have both Hostnames AND IP addresses. ## Tracerouting ## Having the attacker's IP is all well and good, but what can you do with it? The answer is, a lot more! It's not enough to have the address, you also need to know where the attacker's connections are coming from. You may have used automated tracerouting tools before, but do you jknow how they work? Go back to MSDOS and type tracert *type IP address/Hostname here* Now, what happens is, the Traceroute will show you all the computers inbetween you and the target machine, including blockages, firewalls etc. More often than not, the hostname address listed before the final one will belong to the Hacker's ISP Company. It'll either say who the ISP is somewhere in there, or else you run a second trace on the new IP/hostname address to see who the ISP Company in question is. If the Hostname that you get back doesn't actually seem to mention an actual geographical location within its text, you may think all is lost. But fear not! Suppose you get a hostname such as http://www.haha.com Well, that tells us nothing, right? Wrong....simply enter the hostname in your browser, and though many times you will get nothing back, sometimes it will resolve to an ISP, and from there you can easily find out its location and in what areas they operate. This at least gives you a firm geographical location to carry out your investigations in. If you STILL have nothing, as a last resort you COULD try connecting to your target's ISP's port 13 by Telnet, which will tell you how many hours ahead or behind this ISP is of GMT, thus giving you a geographical trace based on the time mentioned (although bear in mind, the ISP may be doing something stupid like not having their clocks set correctly, giving you a misleading trace. Similarly, a common tactic of Hackers is to deliberately have their computer's clock set to a totally wrong time, so as to throw you off the scent). Also, unless you know what you're doing, I wouldn't advise using Telnet (which is outside the parameters of this tutorial). ## Reverse DNS Query ## This is probably the most effective way of running a trace on somebody. If ever you're in a chatroom and you see someone saying that they've "hacked into a satellite orbiting the Earth, and are taking pictures of your house right now", ignore them because that's just bad movie nonsense. THIS method is the way to go, with regard to finding out what country (even maybe what State/City etc) someone resides, although it's actually almost impossible to find an EXACT geographical location without actually breaking into your ISP's Head Office and running off with the safe. To run an rDNS query, simply go back to MS-DOS and type netstat and hit return. Any active connections will resolve to hostnames rather than a numerical format. # DNS DNS stands for Domain Name Server. These are machines connected to the Internet whose job it is to keep track of the IP Addresses and Domain Names of other machines. When called upon, they take the ASCII Domain Name and convert it to the relevant numeric IP Address. A DNS search translates a hostname into an IP address....which is why we can enter "www.Hotmail.com" and get the website to come up, instead of having to actually remember Hotmail's IP address and enter that instead. Well, Reverse DNS, of course, translates the IP Address into a Hostname (ie - in letters and words instead of numbers, because sometimes the Hacker will employ various methods to stop Netstat from picking up a correct Hostname). So, for example, 298.12.87.32 is NOT a Hostname. mail6.bol.net.au IS a Hostname. Anyway, see the section at the end? (au) means the target lives in Australia. Most (if not all) hostnames end in a specific Country Code, thus narrowing down your search even further. If you know your target's Email Address (ie they foolishly sent you a hate mail, but were silly enough to use a valid email address) but nothing else, then you can use the Country codes to deduce where they're from as well. You can also deduce the IP address of the sender by looking at the emails header (a "hidden" line of code which contains information on the sender)...on Hotmail for example, go to Preferences, and select the "Full Header's Visible" option. Alternatively, you can run a "Finger" Trace on the email address, at: www.samspade.org Plus, some ISP's include their name in your Email Address with them too (ie Wanadoo, Supanet etc), and your Hacker may be using an email account that's been provided by a Website hosting company, meaning this would probably have the website host's name in the email address (ie Webspawners). So, you could use the information gleaned to maybe even hunt down their website (then you could run a website check as mentioned previously) or report abuse of that Website Provider's Email account (and thus, the Website that it goes with) to abuse@companynamegoeshere.com If your Hacker happens to reside in the USA, go to: www.usps.gov/ncsc/lookups/abbr_state.txt for a complete list of US State abbreviatons. ## List of Ports commonly used by Trojans ## Please note that this isn't a complete list by any means, but it will give you an idea of what to look out for in Netstat. Be aware that some of the lower Ports may well be running valid services. UDP: 1349 Back Ofrice DLL 31337 BackOfrice 1.20 31338 DeepBO 54321 BackOfrice 2000 TCP: 21 Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash 23 Tiny Telnet Server 25 Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, Terminator, WinPC, WinSpy, Kuang2 0.17A-0.30 31 Hackers Paradise 80 Executor 456 Hackers Paradise 555 Ini-Killer, Phase Zero, Stealth Spy 666 Satanz Backdoor 1001 Silencer, WebEx 1011 Doly Trojan 1170 Psyber Stream Server, Voice 1234 Ultors Trojan 1243 SubSeven 1.0 - 1.8 1245 VooDoo Doll 1492 FTP99CMP 1600 Shivka-Burka 1807 SpySender 1981 Shockrave 1999 BackDoor 1.00-1.03 2001 Trojan Cow 2023 Ripper 2115 Bugs 2140 Deep Throat, The Invasor 2801 Phineas Phucker 3024 WinCrash 3129 Masters Paradise 3150 Deep Throat, The Invasor 3700 Portal of Doom 4092 WinCrash 4567 File Nail 1 4590 ICQTrojan 5000 Bubbel 5000 Sockets de Troie 5001 Sockets de Troie 5321 Firehotcker 5400 Blade Runner 0.80 Alpha 5401 Blade Runner 0.80 Alpha 5402 Blade Runner 0.80 Alpha 5400 Blade Runner 5401 Blade Runner 5402 Blade Runner 5569 Robo-Hack 5742 WinCrash 6670 DeepThroat 6771 DeepThroat 6969 GateCrasher, Priority 7000 Remote Grab 7300 NetMonitor 7301 NetMonitor 7306 NetMonitor 7307 NetMonitor 7308 NetMonitor 7789 ICKiller 8787 BackOfrice 2000 9872 Portal of Doom 9873 Portal of Doom 9874 Portal of Doom 9875 Portal of Doom 9989 iNi-Killer 10067 Portal of Doom 10167 Portal of Doom 10607 Coma 1.0.9 11000 Senna Spy 11223 Progenic trojan 12223 Hack?99 KeyLogger 12345 GabanBus, NetBus 12346 GabanBus, NetBus 12361 Whack-a-mole 12362 Whack-a-mole 16969 Priority 20001 Millennium 20034 NetBus 2.0, Beta-NetBus 2.01 21544 GirlFriend 1.0, Beta-1.35 22222 Prosiak 23456 Evil FTP, Ugly FTP 26274 Delta 30100 NetSphere 1.27a 30101 NetSphere 1.27a 30102 NetSphere 1.27a 31337 Back Orifice 31338 Back Orifice, DeepBO 31339 NetSpy DK 31666 BOWhack 33333 Prosiak 34324 BigGluck, TN 40412 The Spy 40421 Masters Paradise 40422 Masters Paradise 40423 Masters Paradise 40426 Masters Paradise 47262 Delta 50505 Sockets de Troie 50766 Fore 53001 Remote Windows Shutdown 54321 SchoolBus .69-1.11 61466 Telecommando 65000 Devil ## Summary ## I hope this tutorial is useful in showing you both how to secure yourself against unwanted connections, and also how to determine an attacker's identity. The Internet is by no means as anonymous as some people think it is, and although this is to the detriment of people's security online, this also works both ways....it IS possible to find and stop even the most determined of attackers, you just have to be patient and keep hunting for clues which will help you put an end to their exploits. Added on 2 posts, cuz there are more than 20000 characters credits to crazycoder.

[Tutorial]Tracing A Hacker

ExTrEmEDwarf posted a topic in Guides & Tutorials

Sometimes, it's just not enough to simply know that there's a Trojan or Virus onboard. Sometimes you need to know exactly why that file is onboard, how it got there - but most importantly, who put it there. By enumerating the attacker in the same way that they have enumerated the victim, you will be able to see the bigger picture and establish what you're up against. But how can you do this? Read on... ## Connections make the world go round ## The computer world, at any rate. Every single time you open up a website, send an email or upload your webpages into cyberspace, you are connecting to another machine in order to get the job done. This, of course, presents a major problem, because this simple act is what allows malicious users to target a machine in the first place. # How do these people find their victim? Well, first of all, they need to get hold of the victim's IP Address. Your IP (Internet Protocol) address reveals your point of entry to the Internet and can be used in many ways to cause your online activities many, many problems. It may not reveal you by name, but it may be uniquely identifiable and it represents your digital ID while you are online (especially so if you're on a fixed IP / DSL etc). With an IP address, a Hacker can find out all sorts of weird and wonderful things about their victim (as well as causing all kinds of other trouble, the biggest two being Portnukes/Trojans and the dreaded DoS ((Denial of Service)) attack). Some Hackers like to collect IP Addresses like badges, and like to go back to old targets, messing them around every so often. An IP address is incredibly easy to obtain - until recently, many realtime chat applications (such as MSN) were goldmines of information. Your IP Address is contained as part of the Header Code on all emails that you send and webpages that you visit can store all kinds of information about you. A common trick is for the Hacker to go into a Chatroom, paste his supposed website address all over the place, and when the unsuspecting victim visits, everything about your computer from the operating system to the screen resolution can be logged...and, of course, the all important IP address. In addition, a simple network-wide port scan will reveal vulnerable target machines, and a war-dialler will scan thousands of lines for exposed modems that the hacker can exploit. So now that you know some of the basic dangers, you're probably wondering how these people connect to a victim's machine? ## Virtual and Physical Ports ## Everything that you recieve over the Internet comes as a result of other machines connecting to your computer's ports. You have two types; Physical are the holes in the back of your machine, but the important ones are Virtual. These allow transfer of data between your computer and the outside world, some with allocated functions, some without, but knowing how these work is the first step to discovering who is attacking you; you simply MUST have a basic knowledge of this, or you won't get much further. # What the phrases TCP/UDP actually mean TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP packet is a block of data which is compressed, then a header is put on it and it is sent to another computer (UDP stands for User Datagram Protocol). This is how ALL internet transfers occur, by sending packets. The header in a packet contains the IP address of the one who originally sent you it. Now, your computer comes with an excellent (and free) tool that allows you to see anything that is connected (or is attempting to connect) to you, although bear in mind that it offers no blocking protection; it simply tells you what is going on, and that tool is NETSTAT. ## Netstat: Your first line of defence ## Netstat is a very fast and reliable method of seeing exactly who or what is connected (or connecting) to your computer. Open up DOS (Start/Programs/MS-DOS Prompt on most systems), and in the MSDOS Prompt, type: netstat -a (make sure you include the space inbetween the "t" and the "a"). If you're connected to the Internet when you do this, you should see something like: Active Connections Proto Local Address Foreign Address State TCP macintosh: 20034 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT TCP macintosh MACINTOSH: 0 LISTENING TCP macintosh MACINTOSH: 0 LISTENING TCP macintosh MACINTOSH: 0 LISTENING Now, "Proto(col)" simply means what kind of data transmission is taking place (TCP or UDP), "Local address" is your computer (and the number next to it tells you what port you're connected on), "Foreign Address" is the machine that is connected to you (and what port they're using), and finally "State" is simply whether or not a connection is actually established, or whether the machine in question is waiting for a transmission, or timing out etc. Now, you need to know all of Netstat's various commands, so type: netstat ? You will get something like this: Displays protocol statistics and current TCP/IP network connections. NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] -a Displays all connections and listening ports. -e Displays Ethernet statistics. This may be combined with the -s option. -n Displays addresses and port numbers in numerical form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. Have a play around with the various options, but the most important use of these methods is when you combine them. The best command to use is netstat -an because this will list all connections in Numerical Form, which makes it a lot easier to trace malicious users....Hostnames can be a little confusing if you don't know what you're doing (although they're easily understandable, as we shall see later). Also, by doing this, you can also find out what your own IP address is, which is always useful. Also, netstat -b will tell you what ports are open and what programs are connecting to the internet. ## Types of Port ## It would be impossible to find out who was attacking you if computers could just access any old port to perform an important function; how could you tell a mail transfer from a Trojan Attack? Well, good news, because your regular, normal connections are assigned to low, commonly used ports, and in general, the higher the number used, the more you should be suspicious. Here are the three main types of port: # Well Known Ports These run from 0 to 1023, and are bound to the common services that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp (Simple Mail Transfer Protocol) so if you find one of these ports open (and you usually will), it's usually because of an essential function. # Registered Ports These run on 1024 to 49151. Although not bound to a particular service, these are normally used by networking utilities like FTP software, Email client and so on, and they do this by opening on a random port within this range before communicating with the remote server, so don't panic (just be wary, perhaps) if you see any of these open, because they usually close automatically when the system that's running on them terminates (for example, type in a common website name in your browser with netstat open, and watch as it opens up a port at random to act as a buffer for the remote servers). Services like MSN Messenger and ICQ usually run on these Ports.