TECKPOINT

These are some tools that are extremely useful, But remember i am providing the knowledge and how you use them is up to you. Also if you don't know how to you these you should decently do some research, There is no tool that will just Hack for you, find exploits on your own is half the fun. these tools if not used properly can get you n a lot of trouble.

› Tools of the trade.

DeCSS 1.2b is used as a cracking tool, is highly engineered software that has been designed in order to modify the other software with an intention to remove the usage restriction. A worth mentioning instance is a "patch generator", which replaces bytes at specific location of a file, giving it a licensed version. The DeCSS 1.2b was originated in the year 1999, October and requires storage of minimum 253 KB. Coldlife 4.0is another tool for website hacking that falls in the category of flooder. This is a program that has been designed to overload the connection by certain mechanisms like a fast pinging that causes a sudden DoS attack.

Cain and Able The top password recovery tool for Windows UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Wireshark : Sniffing the glue that holds the Internet together
Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

Aircrack : The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

Metasploit Framework : Hack the Planet
Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.

NMAP THIS IS PROBABLY THE MOST IMPORTANTOF ALL This is a Port scanner, a very good one, it will do too many things to list i suggest you check it out.

What is cracking? Cracking is how i like to say a art a xpression.Everyone can handle it.But not everyone can do the best of it.If you like to crack you`ll see that it isnt easy to understand at first but after recieving some experience and knowledge it is incredible.If you have learned the real cracking you arent only a cracker.You are more then a cracker.With the art of cracking you`ll gain more knowledge about your PC the programms you running on it and how they work.You`ll understand how a programm works and how to manipulate it that it can be usefull for you.And it dont mean that it`s illegal. Offcourse it`s not 100% legal but it can be usefull for you in your later life.You have experience about the ASM-Code understand the function of programms and other applications and maybe it bring you up to a programmer?Who knows.But at first you`ve to learn it step by step.I`ll help you with my tutorials and i hope you understand the way how i explain it.Excuse my english i know its not the best but i`ll do my best.

Step one: What do we need to crack?May i need some knowledge about assembler or anything else? No.I made this tutorial for all the beginners in the net who dont understand anything about ASM-Code or the internal function of applications.Like you and everyone else i also started with cracking some time ago.And it tooks much of my life time to what i know today about cracking. I think there are many tutorials which are good and i dont wanna say anything against them. But i think the most tutorials are quick written memory killer with which you cant do anything. I always had the problem that i dont understand what they mean.Like what is a nop or what mean the je,eax,jump signs.What they mean with jump to badboy and replace the jump if not equal with the jump if equal command.All these things and many more makes me sometimes worry about what i want to learn.I thought that i`ll gave up and forget the thing with cracking.But everytime if i do that some time later i cant and have to learn the way of cracking.Yes sometimes you`ll think oh man what do you mean it doesnt work!But dont give up.Everyone passed this point of time and you`re not the first and will not be the last one.You have to learn again and again.And then at any time you`ll see that it was good what you`re doing all the time and you`ll be proud about it.

The software we`ll need: At first the only thing we`ll need is W32Dasm8.9 (a Windows disassembler) and HIEW (its a good Hex-Editor i think it`ll be the best for you at first).Thats all.In the following tutorials (i hope there`ll be any of me) i`ll explain how to work with soft-ice and how to handle the asm-code.But at first you need as a beginning cracker only the two things.

Some knowledge at first: As you know its not very easy to handle all the asm-codes and i think you dont know much about them.So i`ll explain the most needed commands. There we have to know that every two numbers in asm-code are representing one byte. Like the number 75564345 = 4bytes.The 75 is one byte the 56 is one byte the 43 is one and the 45 is one byte.So we have 4 bytes leading the command at this point.If we want to replace them later we now know that we have to replace always two numbers with two other numbers.Like the 75 (in hexadezimal it stand for jne.Jne means jump if not equal) we can change to 74 (in hexadezimal it stand for je.Je means jump if equal).This in most of times is enough to crack a game or to register a programm so it`ll not say "sorry invalid password" or something else (please dont think its so easy i take it as a very simply protection).Cause if we change the value of 75 (jump if not equal [means that the application is checking something like if there is a cd present in drive or is it the same password like saved in the programm and if it isnt right like there is no cd in drive or the password you entered is not valid it will jump to "BadBoy" and the programm pop up you the error message] by the way "BadBoy" is in cracker language something like the one dude who call the error message) to 74 (jump if equal so the programm think there is a cd in drive or the password is valid and will jump to "GoodBoy".GoodBoy is the one who makes the way clear).You`ve to manipulate the application so it think there is a cd present or password is valid and it continious with the programm.Remember that the exe runs up to down.So the commands which call the error messages are placed before the error messages.The only thing i mean is that if you found the error message (i`ll explain later how to do it) you have always look up in the asm-code not down.Its like you.If you read a book or a text you start on line one and read your way down.The programm do the same.It checks from line one of the asm-code to the end of the code if there is all correct.And if it found at line 9 a error it jumps down to the "BadBoy".It cant jumps up cause there he checked everything and there arent complications.So if you found the error message look up (before it) and you`ll find the command which call the error message on the screen.Ok now some things about the numbers and things you`ll see if you disassemble a exe (here are only the needfullest things you`ve to know at this point of time): je (hexadezimal is 74) = Jump if equal jne (hexadezimal is 75) = Jump if not equal nop (hexadezimal is 90) = No operation call (no random hexadezimal) = call a operation jmp (no random hexadezimal) = jump to string/operation This are the five basics we`ll need at first.The other i`ll explain in later tutorials when you gain more experience in asm-code. Ok now we`ll take a look what does they do in a asm-code string. Je (Jump if equal) jumps to a operation if he found what he check.

Example: The game need a cd to start the main game.So the "jump if equal" je command check if there is a cd in drive.If there is a cd in drive he`ll continous and give a information away to the commands after him.Thats a equal operation.The cd was found (equal) and it continous in asm-code (jump if equal). Jne (Jump if not equal) jumps to a operation (most times BadBoys that mean,to the error message you`ll recieve on your screen) if he dont found what he check. Example: The game need a cd to start the main game.So the "jump if not equal"jne command check if there is a cd present in drive.If not he`ll jump to a "BadBoy" and you`ll recieve the error message on screen like "Cannot find CD in drive.Please insert CD and click on OK." Thats a "jump if not equal"operation.The check failed (cause he dont find a CD in drive) and he jump to the "BadBoy" and the "BadBoy" end the load process and let the error message be shown on your screen. Nop (no operation) a nop command kill the current operation like checking after CD in drive or checking if password valid.

Example: The game need a cd to start the main game.Its like before cause you set the nop command. You can replace the jne/je/call/jmp commands with a nop command.The nop will then disable the jne/je/call/jmp command this mean that the programm dont check if a cd is present in drive and continous in asm-code.The game run (you can do that but its also a style for simply cd protections). Call (Call a operation) a call command do what his name say.He call a command what can be a error message,a nag screen...This you can disable with a nop command. Example: I dont know what i can say more. Jmp (Jump to a string/operation) a jmp command is like a call (not the same but...you can say it is) he dont call commands but jump to them.

Example: The jmp jumps to a string/operation which will call a error message or to a BadBoy...The jmp you can also disable with a nop command. I think thats all you`ve to know for now about the commands in asm-code.In this tutorial we`ll handle only with these few commands.Thats enough for you at first to crack simply protections (no matter if cd or password). About protection shemes: There are enough protection styles you`ve to learn about and to learn how to disable them. We have "normal" cd protections (a game is looking if there is a cd present if not it`ll not start the game),password protections (you`ve to enter a valid password [most times you find them in trial versions] if you dont enter a valid password you cant register or start the application), time locks (most times in trial versions.You have some time to test a programm like three weeks and after the time it wont start/show a error message/you`ve to enter a password to unlock it),and in unusually times you`ve to get a unlock software from the programmer (the programm wont work without the +software of the distruber.This kind of protection is hard to find).Thats are the most usual protection shemes you`ll find on your way to a real cracker. The easyest protections for us to crack are windows error message boxes (i think so). Its a windows message box which will be shown on your screen with any text if you havent got a cd present or a valid password.This kind of protections you can see in EA applications like NFS/Fifa Soccer/NHL....Its very easy to crack cause the only thing you`ve to do is to kill the window (most times with a nop command or change je to jne /jne to je).Also we can find this kind of protections at password locked applications.If you enter a invalid password you`ll recieve a windows message box too which include a text like "invalid password" or something else.Then we`ve ingame error messages which are harder to crack.Cause W32Dasm show you only the windows box messages and not the ingame messages.For this kind of protection we need soft-ice debugger (i`ll explain in later tutorials how to use soft-ice).This kind of protection you can see in games like Commandos/Grand TheftAuto/Descent Freespace.And the timelock protections can be shown to you as a windows box and as a "ingame" error message(i`ll call them NAG screens).Those kind of protection you can see in Paint Shop Pro. In this tutorial i`ll show you how to disable the windows message boxes with W32Dasm version 8.9 and with Hiew.We`ll crack WinRAR and WinRAR95 (may be a game too like Anno1602 or anything else i dont know how much time i`ll get and if the tutorial wont be too long). Beginning with cracking: Now lets start with the main thing you want to learn.Cracking.I`ll show you now how to handle the basic commands of W32Dasm89 and Hiew.We`ll crack now WinRAR95.exe (we`ll make a full registered version of the trial).

At first we start the programm.We`re in. What can we see?At first we can see on top of the window "WinRAR (unregistered version)" Thats very good for us cause the "unregistered version" status behind the "WinRAR" tell us that it is unregistered and that it`ll be not shown if it registered.Now we click on "Options" and then on "Register".Now you can see a windows box (these kind of boxes i mean which are easy to crack for us).Now enter in the text boxes what you want like as a name "Test" and as a number "12345" and click on ok.You`ll hear a sound and another windows box pops up which tell you "Registration Failed".Thats all we want to know.Close WinRAR95 and go to your Ms-Dos box.Now in Norton Commander (you can use windows commander too) make from your WinRAR95.exe two copies.One of them named WinRAR95.w32 (for W32Dasm89) and one named WinRAR95.exx (a saved copy if you change wrong bytes). Now i`ll exlpain why we do these copies.Its very easy.If you disassemble a exe like WinRAR95 and you`re working in W32Dasm89 you cant run the WinRAR95.exe as the same time in Hiew or in Windows Explorer.You make a second copy named WinRAR95.w32 (you can call it like you want no matter but its good that you see its for W32Dasm89).This copy you`ll disassemble with W32Dasm89 and you can everytime start the original exe in Windows or change the bytes in Hiew.The second copy WinRAR95.exx is only a save recovery copy.If you change wrong bytes in Hiew or anything else so that it wont run you can rename the WinRAR95.exe with WinRAR95.exx.And try it again (remember its always "try and error" technique).Ok if you make the two copies start W32Dasm89.Now click on the first button on the top (or click on Disassembler and then on "Open file to disassemble".A window pops up and you can chose the file you want to be disassembled. Change your directory to your WinRAR directory and click on WinRAR95.w32. Now W32Dasm starting the disassembling process (if you have low system memory or low HD memory it`ll take some time).You can always click on the button in the midle of the screen called "Cancel Disassembly" which will abort the disassembling process.If the exe is disassembled it may be that you see no "normal" signs but WinDings written lines. Dont worry you can change your font.Click on "Disassembler" then on "Font" and at least on "Select Font".Now you can chose the font you`ll use in W32Dasm89.I think the best one is Arial.Change the font.Now you have your selected font present in W32Dasm89.Click a second time on "Disassembler" "Font" and then on "Save default Font" (if you dont do that at your next disassembling file you`ve to change the font a second time).Now you see the asm-code.It will not tell you much cause you dont know what all the commands mean.Now click on the button next to the "Print" button called "Strn Ref" (String Data References).A window pops up.Now you can see all the error messages you can recieve from the exe.Do you remember what does WinRAR said if you entered the wrong code?It said "Registration Failed".Now look at the text and search for the message.Got it?Double click on it.In W32Dasm you`ll be warped to the position in the asm-code where it let pops up the error message you`ll recieve on your screen when you entered the wrong code. If you make it right you`ve to look at a screen like this:

:00413A8F 6A6A push 0000006A
:00413A91 E863640000 call 00419EF9
:00413A96 59 pop ecx
:00413A97 50 push eax
:00413A98 FF7508 push [ebp+08]