Learning Becoming Hacker

Hacker can see with the expertise & fix software on the computer, and then usually in openly publish on the Internet for the system to be better. Unfortunate, few people take the bad information to evil - they are usually called cracker. Basically the hacker & cracker does not vary with the art world, here we are talking art Internet security network. I hope the science of network security in this paper is used for things that either - not the Hacker cracker. Do not until you hit for using science to damage the property of others. Moreover, the current needs of hacker will growing in Indonesian and many more who want to dotcommers IPO shares in the various exchanges. Name & good value a dotcom can not fall to be valuable even if the dotcom collapse. In this case, the hackers can be expected in the security consultant for the dotcommers it - because the police HR & Indonesian security apparatus is very sad & very weak in the field of Information Technology & Internet. What could make cybersquad, cyberpatrol private budayakan perhaps necessary for survival in dotcommers Indonesian on the Internet. Various security techniques in the Internet network can be obtained easily on the Internet, among others, in http://www.sans.org, http://www.rootshell.com, http://www.linuxfirewall.org/, http:// www.linuxdoc.org, http://www.cerias.purdue.edu/coast/firewalls/, http://www.redhat.com/mirrors/LDP/HOWTO/. Some of the techniques in the form of books that the number of its several hundred pages that can be taken for free (free). Some Frequently Asked Questions (FAQ) about the security of the network can be obtained in http://www.iss.net/vd/mail.html, http://www.v-one.com/documents/fw-faq.htm. And for the experimenter some script / program that is so can be obtained, among others, in http://bastille-linux.sourceforge.net/, http://www.redhat.com/support/docs/tips/firewall/firewallservice.html . For readers who want to gain knowledge about the network can be downloaded for free from http://pandu.dhs.org, http://www.bogor.net/idkf/, http://louis.idaman.com/idkf. Some books softcopy form that can be taken free of charge can be taken from http://pandu.dhs.org/Buku-Online/. We must be especially grateful to the team that by I Made Wiryana for this. At this time, I do not know the place of a discussion on the techniques of hacking this - but it may be in part discussed in the mailing list information such as the kursus-linux@yahoogroups.com & linux-admin@linux.or.id operated by the Linux User Group Indonesian http://www.kpli.or.id. The simplest way to see the weakness of the system is to explore how information from various vendors such as http://www.sans.org/newlook/publications/roadmap.htm # 3b on the weakness of the system that they own. In addition, monitoring the various mailing lists on the Internet related to network security such as in the list
http://www.sans.org/newlook/publications/roadmap.htm # 3e.

AVI Beat up Worm Shortcut

What you find your computer suddenly heavy and a lot of trash found a shortcut with names such as Mocrosoft.lnk, SuratQ.lnk, New Harry Potter and .lnk other? If the answer is yes, it means that your computer has been infected with worms vbs / Yuyun.A or worm, also known as shortcut.

Worm that call themselves vbs / Yuyun.A this is one of the malware that are actively spreading and has been widespread in Indonesia. Vbs / Yuyun.A akan menginfeksi computer itself with the way in each drive, the media is inserted, and in each directory for the use (shared directory). This worm will also create a user's computer hard drives filled with shortcuts and the message payload in each drive and subdirectories.

Infection technique used is quite unique and not worm-like worm vbs another local in general. Vbs / Yuyun.A canny disguise the vbs file with the file name resembles a thumbnail image cache to its Windows' Thumb.db 'so it does not appear suspicious. However, the disguise does not mean this with no consequences, because this causes the vbs file can not be executed directly so that it will complicate the process of infection and spreading.

Then how vxer-creator of the virus for a / worm-this is the case?

Expediently vxer create a shortcut trigger that will execute each line of code in the worm 'Thumb.db'. Shortcut will call wscript.exe which is the application to run the application file with the vbs program memparse or mengintepretasi line per line commands vbs. When we observe the direction of the goal shortcut, we will know the tricks behind the evil Yuyun sweet!. Example shortcut towards the goal that I take a sample from one of vbs / Yuyun.A is:


C:-WINDOWS-system32-wscript.exe / / E: VBScript thumb.db "Microsoft"


To make the analysis, this worm hides malicious code with the original encryption. Encryption algorithms used are home made bit XOR cipher. Because this worm is created using the vbs, then we can easily see the source code using the editor program such as notepad.

We can see the decryptor from encrypt

For v = 1 To Len (isiQ)
t = asc (Mid (isiQ, v, 1))
hsl = hsl + Chr (t Xor 7)
Next

Sample data is encrypted:

:::::::::::::::::::::::::::::::::::::::::::::::::::::::
'J~'ifjb'='^r~ri'Qbu'6)7
'N'mrts'pfiif'tbb'bqbu~'`nuk'khhlt'indb+'ebssbu+'lnict'btwbdnfkk~'f'jhtkbj'`nuk'
e~='Fihi~jhrtb'ni'Mfsnj+'Ihqbjebu'577?
'Pobi'N'ahric'ihsoni`'ebfrs~'bktb)))'fic'sobi'N'puhsb'sont'tdunws'ahu'fkk
:::::::::::::::::::::::::::::::::::::::::::::::::::::::

And after description to be:

'=======================================================
' My name : Yuyun Ver 1.0
' I just wanna see every girl looks nice, better, kinds especially a moslem girl
' by: Anonymouse in Jatim, November 2008
' When I found nothing beauty else... and then I wrote this script for all
'=======================================================

This worm will create a payload with a message showing how to use notepad contains poems on the 1st of each month other than March. When up to date, vbs / Yuyun.A akan create garbage files en masse in the drive and each subdirectory contains messages poems with the name 'AQ.rtf Read' and 'My name is yuyun.rtf'.

This step will also trigger the shortcut on each drive with the names of the following:

"New Harry Potter and...", "New Folder", "SuratQ", "Rahasia", "Game", "Zvnita",
"Download", "DataQ","DataQ"

So what solution? Easy course. Use AVI (AntiVirus InfoKomputer) to clean up this worm. Get AVI InfoKomputer latest edition in April 2009 or download in here

Contend MBR (Master Boot Record) Damage

In the hard disk, there is a file called the MBR (Master Boot Record). This file is in the first byte and the first hard disk; in essence truly first. Know, this is the MBR which is the existence of a hard disk. If analogize, MBR this map as a guide to find the BIOS hard disk.

However, many things can cause the MBR is damaged, such as virus infected, or accidentally supplied preformatted. If that happens, the operating system also lost a road marked with the emergence of the message Operating System not found or missing operating system on the screen.

Solution of this problem is to restore the MBR to a file. Most general way the process is done from the recovery CD Windows. How, booting to the Windows CD, select Repair (by pressing the R button) and enter the Recovery Console. After that, type the command fixmbr to restore the MBR to a file.

For Windows Vista, even though the concept is slightly different procedures. First, booting to the Windows Vista DVD, select Repair Your Computer. When the System Recovery Options appears, select Command Prompt. After the Command Prompt window appears, type bootrec.exe and press Enter.

If the Windows CD is missing somewhere to go, you can use the application's Rescue Kit 9.0 Express artificial Paragon. This is a free application that has a variety of functions, including restore MBR. This application is bootable, meaning that can be burn to a CD and a source of booting process. When the system shows the symptoms of loss of MBR, you should do is booting to the CD containing this Rescue Kit. After that, select the menu Boot Corrector, follow the procedures that have been determined, and the loss of MBR case should have been resolved.

Rescue Kit 9.0 Express can be free downloaded in here