Quick IP-changer

If you are using multiple connections (like to get internet. networks..etc) you may find it boring that each time you have to change settings using GUI, MS "netsh" has the answers(not advertising for it!)..see the following examples (change the "Local Area Connection" to your connection name, and substitute the xxx with the ip number accordingly!):

netsh int ip set address name="Local Area Connection" source=static addr=xxx.xxx.xxx.xxx mask=xxx.xxx.xxx.xxx gateway=xxx.xxx.xxx.xxx gwmetric=1

And if you want to change the dns ip address:

netsh int ip set dnsserver name="Local Area Connection" static xxx.xxx.xxx.xxx primary

Just put the command lines you are willing to use in a ".bat" file and run it each time you going to change connection (Note: Vista users should run the script with Admin privilege on)

Smilar pages

hunted..yet the hunter :D

Long time ago i posted about Pro-Rat, and how bad guys(!?) use it to hack into others pcs!!
Now what about retrieving information about those evil people :D

according to the rat server i got (1.9 FIX-18):
This Registry :

HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings

Inside it resides the info u need, all the info are encrypted by xor!!! in this occasion xored by 01h
You can retrieve sensitive info about the attacker (his email,ip,report victim site..etc).
Then i got one more thing ,if u get to the cgi site(if the attacker setuped one) then replace that cgi file with log.dat and u can get all the victims ips!!
(or you just run the server and monitor its activities it with ethereal)
Enjoy the hunt!

Smilar pages

Ettercap For windows

Etttercap is a powerful Metworking tool and for Man In the Middle Attacks, It is widely installed on Linux systems.
Lately I found links to Ettercap Windows binaries :
SourceForge.net Win32 Binary list(Unofficial)
Pandora-Security Forum Link
Or just Search Google.com for "ettercap-NG-0.7.3-win32"

And you need To Download WinPCap in order to run ettercap on windows
WinPCap Download Page

I tested Ettercap in windows environment using WinPCap 3.1 in combination with ethereal under WinXP and on Vista and to tell the truth nothing better than Linux in that field .

Smilar pages

Worm Hunting!!

I use YMSGR rarily ..cause I hate it , but once I recieved this message from a friend ,it was a link to Miss world something picture donno, I knew from the first glance(smart me) it was a stupid yahoo messenger now adays worms :)
The funny thing the attacker used a registered domain with .info .And again used a .jpg contained html to redirect the page to the index,where a series of decrypting and script constructing is done which was a javascript then the result will be in VB script to be executed using Microsoft.XMLHTTP vulnerability (not sure about it ,since it a scripting thing) to download and execute "YMworm.exe" and "worm2007.exe" files , well I adownloaded these files from that apparently doomed site :) lately ,and used :
http://virusscan.jotti.org/
to scan for these files resulted in some kind of this:


well after googling W32/Sohand.A I found a description on pspl.com , which seemd that the one I caught was some sort of another variant of it ,for me I regard it as a stupid worm cause it was obviousily programmed useing VB ... although I shouldnt call any worm that was able to reach me through spreading as stupid ,maybe the ppl were stupid clicked on that link I dont know about that too.
I put it in OllyDbg,but hey..I am having mid-year exams these days ,and another thing seriously debugging VB coded stuff is just a pian in the ass thingie :(

To remove the worm ,this link might help Click .

Smilar pages