**REDHAT LINUX TREE**: 2011

Tuesday 13 September 2011

How to hack facebook accounts or passwords (Step by Step) for educational purpose only (Awareness purpose- digital world now happen anything)

How to Hack Facebook Passwords or Accounts ?

1. First of all download the Facebook Phisher.

2. Extract the rar file now you will get three files as given below:

index.html
passes.txt
write.php

3. Upload all the Three files to any of the free Web hosting server. Remember while creating the account on these servers try the username as nearer as possible to the original URL like faccbook or facobook etc.. As its the most crucial step. Some Free Web hosting servers are given below you can also find few more for yourself.

4. Once you have uploaded all the three files to web hosting server now you have to send these to your victim. This is the most important step regarding smart phishing technique.
Below are some sample mails that will help you to understand how to TRAP victim effectively.

Now You have to edit this mail. Open this email and click on forward now you will see this email in editable mode now remove the forwarded headers etc and forward from Header.
Remember your Name in Gmail must be Facebook and email account should be like noreplyfacebook@gmail.com etc... Now you have to put the Fake link of index.html file that u have got after uploading on the Web hosting server in place of Two exploit points. Remember always put link in href and original text should be as such. And also try to keep the link as much as closer to facebook original link.

5. Now After sending phisher to victim, once the user logs in to his Facebook account using your Phisher, his user ID and password are ours..And these are stored in passes.txt What you have to do is just refresh your Web hosting account files.

6. The Log.txt file will contain the passwords and look like this:

Thats all Now you have hacked the password of victim... Happy Hacking

HOW to Protect Your Facebook Account?

1. Never Follow any link from the any website or email. Always open manually www.facebook.com and then enter credentials. i.e open it in new url bar...

2. Always check the URL in the address bar while joining any Group.

********************ALL THE BEST ***************************by cnuvasan@gmail.com

password expired mail alert script:

#!/bin/sh
#
# Goran Cvetanoski - 19/12/2006
#
# pwage
#
# This script works out the time left before a password expires
#
# It will send a reminder email 10 days and 3 days before the password
# will expire. The email will go to unix.admin@mydomain.com.au unless an
# alternate email address is specified. An email will also be sent if a
# password has expired.
#
# The following command will send results to unix.admin@mydomain.com.au
# pwage oracle
#
# Specify an alternate email address if you would like the results to be
# sent to a different email address.
# ie:
# pwage oracle oracledba@mydomain.com.au
#
#
# CHANGE LOG
# =========================================================================
# 19/12/2006 - Goran Base script created
# 05/08/2009 - Ricky Smith added code to check each user
#

LOG=/tmp/pwage.log

DASHES="-----------------------------"

show()
{
    echo "$DASHES $1 $DASHES" >> $LOG
    shift
    eval "$@" >> $LOG
    echo "" >> $LOG
}

SendMail()
{
    cat $LOG | mailx -s "$1" "$2"
}

reminder ()
{

echo "Date: `date`"
echo ""
echo "Please change your password within the next $EXPIRE days"
}

expired ()
{
echo "Date: `date`"
echo ""
echo "The password for $USER has expired"
echo "$USER last changed their password on $LSTCNG"
echo "The maximum age for the password is $MAX days"
echo "and it has expired $EXPIRE days ago"
}

CheckUser()
{
 USER=$1
 EMAIL=$2

 CURRENT_EPOCH=`grep $USER /etc/shadow | cut -d: -f3`
 if [ "$CURRENT_EPOCH" = "" ]; then
  return
 fi

 # Find the epoch time since the user's password was last changed
 EPOCH=`perl -e 'print int(time/(60*60*24))'`

 # Compute the age of the user's password
 AGE=`echo $EPOCH - $CURRENT_EPOCH | bc`

 # Compute and display the number of days until password expiration
 MAX=`grep $USER /etc/shadow | cut -d: -f5`
 if [ "$MAX" = "" ]; then
  return
 fi
 
 EXPIRE=`echo $MAX - $AGE | bc`

 CHANGE=`echo $CURRENT_EPOCH + 1 | bc`
 LSTCNG="`perl -e 'print scalar localtime('$CHANGE' * 24 *3600);'`"

 WARN=`grep $USER /etc/shadow | cut -d: -f6`
 if [ "$WARN" = "" ]; then
  WARN=0
 fi
 
 if [ "$EXPIRE" -le "$WARN" ]; then
     show "R E M I N D E R" reminder
     SendMail "$USER Password Info On `uname -n`" "$EMAIL"
 elif [ "$EXPIRE" -lt 0 ]; then
     show "E X P I R E D" expired
     SendMail "WARNING: $USER Password Expired On `uname -n`" "$EMAIL"
 fi
}

# Main Code
domain=$1
if [ "$domain" = "" ]; then
 domain=$(dnsdomainname)
fi

minuid=$2
if [ "$minuid" = "" ]; then
 minuid=500
fi

IFS=':'
while read user pass uid gid full home shell
do
 if [ $uid -ge $minuid ]; then
  cat /dev/null > $LOG
  CheckUser $user "\"$full\" <$user@$domain>"
 fi
done </etc/passwd

Friday 9 September 2011

Webmin Setup Howto fot redhat

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. This article will show you how to install Webmin.

1. Go to www.webmin.com and download the Webmin RPM package.

2. Double click the downloaded file to install Webmin.

3. After installing Webmin, configure the firewall to allow traffic on the TCP port 10000. Learn how to configure the firewall.

4. Start the httpd service. Learn how to start and stop services here.

5. From a web browser, connect to https://localhost:10000 and login using root.

6. That’s it. It’s working.

Thursday 8 September 2011

Best Way To Change Sim without code

Way to change sim without code.

1 - put your new sim card inside the phone, but not totaly plugged (the phone don't see the sim and boot without)
2 - put the batterie on but leave a little space to push forward the sim at the end
3 - boot the phone, it will say 'no sim'
4 - push the sim with something slim (a knife ie)
5 - reset the phone with the hard reset code *2767*3855#

additional step apply to the instructions above: when the phone prompt for a code, type 0000 first, optionally after that one the code of the simcard.

that's it.
Don't let the phone turn off, or you will need to re-do the same task again.

Tuesday 6 September 2011

Real Hacking Steps (Remote Hacking):)) For Educational Purposes Only

Real Hacking Steps consists of following:::

1. Information Gathering / Foot printing
2. Port Scanning
3. OS Fingerprinting
4. Banner Grabbing
5. Vulnerability Assessment
6. Search & Build Exploit
7. Attack
8. Maintain Access with help of Root kits and Trojans.

1. Information Gathering / Foot printing

Information gathering is the process to get maximum details of target host. It is a very important

part of remote hacking because the more information about target system we have, more the number of

attacks we can launch.

2. Port Scanning

What is port?

Port is medium for communication between 2 computers. Every service on a host is identified by

a unique 16-bit number called a port.

Some default ports:

Port number Service::

7 Ping

21 FTP(File transfer protocol)

22 SSH (Secure shell)

23 Telnet

25 SMTP (Mail)

43 WHOIS

53 DNS

80 HTTP

110 POP3 (Mail Access)

513 Rlogin

8080 Proxy

What is port scanner?

A port scanner is a piece of software designed to search a network host for open ports. This is often used
by administrators to check the security of their networks and by hackers to identify running services on a
host with the view to compromising it. To portscan a host is to scan for listening ports on a single target
host. To portsweep is to scan multiple hosts for a specific listening port.
Best port scanners: nmap, Hping2, Superscan.
Download link:

3. OS Fingerprinting

OS (Operating System) Fingerprinting is a process to find out victim's Operating
System(Windows, Linux, UNIX)

Introduction:

When exploring a network for security auditing or inventory/administration, you usually want to
know more than the bare IP addresses of identified machines. Your reaction to discovering a
printer may be very different than to finding a router, wireless access point, telephone PBX,
game console, Windows desktop, or Unix server. Finer grained detection (such as distinguishing
Mac OS X 10.4 from 10.3) is useful for determining vulnerability to specific flaws and for
tailoring effective exploits for those vulnerabilities.
Tools: nmap, NetScanTools Pro, P0f.

4. Banner Grabbing

Banner grabbing
or application. Mean after port scanning we found open port 80 (apache) and target os is Linux,
but we don’t know what is version of apache for remote hacking. Like apache 2.0, 2.2, or 2.6 .

5. Vulnerability Assessment

What is Vulnerability Assessment?

The word "
misconfiguration) that allows a system to be attacked or broken into.
vulnerability" describes a problem (such as a programming bug or common
A vulnerability assessment
ranking) the vulnerabilities in a system.
Vulnerability assessments can be conducted for small businesses to large regional infrastructures.
Vulnerability from the perspective of Disaster Management means assessing the threats from
potential hazards to the population and to the infrastructure developed in that particular region. It can be
done in political, social, economic and in environmental fields.

is the process of identifying, quantifying, and prioritizing (orAutomated Tools:

6. Search & Build Exploit

Manual Method: We can find vulnerability manually with help of vulnerability archive sites like
www.milw0rm.com
and http://www.packetstormsecurity.org/
For exploit and final attack, open the websites say Microsoft, adobe or mozilla which provides
you the source code format. You need to download the code and compile them for preparing
exploit for final attack
.
7. Attack
Launch attack on remote system and get reverse shell
.
8. Maintain Access
After getting remote access we place a root kit or Trojan virus for future remote access, without
any password.

9. Covering Tracks

Covering Tracks is a process to delete all logs on the remote system. If target system is linux or
UNIX, delete all entries of /var folder and if it is windows os delete all events and logs.

Friday 2 September 2011

Nokia orginality checking:

Guys Is your Nokia Cell Phone Original or not??????

Nokia is one of the largest selling phones across the World and Globe. Most of us use Nokia phone but are not aware of it’ originality. Are you keen to know whether your Nokia mobile phone is original or not? Your phones IMEI (International Mobile Equipment Identity) number confirms your phone’s originality.
Press the following on your mobile *#06# to see your Phone’s IMEI number(serial number).

Then check the 7th and 8th numbers.
Phone serial no. x x x x x x ? ? x x x x x x x

IF the Seventh & Eighth digits of your cell phone are 02 or 20 this means your cell phone was assembled in Emirates which is very Bad quality.

IF the Seventh & Eighth digits of your cell phone are 08 or 80 this means your cell phone was manufactured in Germany which is fair quality.

IF the Seventh & Eighth digits of your cell phone are 01 or 10 this means your cell phone was manufactured in Finland which is very Good.

IF the Seventh & Eighth digits of your cell phone are 00 this means your cell phone was manufactured in original factory which is the best Mobile Quality.

IF the Seventh & Eighth digits of your cell phone are 13 this means your cell phone was assembled in Azerbaijan which is very Bad quality and also dangerous for your health.

Thursday 1 September 2011

Thursday 25 August 2011

Troubleshoot: linux WHM error correction [Site error: the file /home/account-name/public_html/index.php requires the ionCube PHP Loader ioncube_loader_lin_5.2.so to be installed by the site administrator]

in this issue called " IonCube loaders extension is not enabled for PHP"

solutions

login with WHN Server:

root@y2kserver [~]# php -v
PHP 5.2.17 (cli) (built: Jul 22 2011 13:31:21)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
root@y2kserver [~]#
---

Please note you may enable them by running EasyApache from WHM >> Software. The option to enable them is located under 'Step 6(Exhaustive Options List)'. Once enabled, you simply need to rebuild Apache. If you run into any trouble or require assistance,

steps:
whm>>software>>easyappachy>>choose option follow 5 steps>>6 th step "Exhaustive Options" here choose "IonCube loader"

rebuild appachy server

that's all

bye

Monday 8 August 2011

Mail Server Internet Deployment Checklist

Before deploying your new mail server on the internet, make sure you have checked the list below. This will ensure that your mail server will have a good sending reputation (trusted) and will not be ignored and treated as a spammer.

Your IP addresses are not blacklisted

Even a newly setup mail server could already be blacklisted. Some of the reasons are:

For those using a dedicated server, the IP address given to you might have been used by a spammer in the past
For those using a shared server, a fellow user might have sent a spam mail.
For those using NAT to share internet connection, one of your users might have sent a spam mail due to virus infection

To check if your IP address is blacklisted, use
http://www.mxtoolbox.com/blacklists.aspx

Your mail server has an MX record

An MX record or Mail exchanger record is a type of record in the Domain Name System (DNS) specifying how Internet e-mail should be routed using the Simple Mail Transfer Protocol (SMTP). Contact your DNS provider to add an MX record for your new mail server. To check if your mail server has an MX record, use http://www.dnscolos.com.

Your mail server greeting matches your hostname

To test your mail server greeting, use http://www.dnscolos.com. If your mail server has multiple IP addresses, see Postfix Multiple IP Addresses Individual SMTP Greeting for a guide on how to fix this issue.

Your mail server is not open relay

An open relay mail server allows anyone to send mail outside your network. This means any Tom, Dick and Harry can use your mail server to send spam. To perform an open relay test, use http://www.dnscolos.com. If it fails, double check your Postfix Dovecot SASL configuration.

Your mail server has a reverse DNS

A reverse DNS returns the hostname given the IP address. Most mail servers will check if you have a valid reverse DNS, otherwise your sending reputation will be downgraded. Contact your internet service provider to add reverse DNS entries for your mail server IP addresses. To check if your mail server has a reverse DNS, use http://www.dnscolos.com.

Create a SPF DNS record if possible

Sender Policy Framework (SPF) allows software to identify messages that are or are not authorized to use the domain name based on information published in a sender policy of the domain owner. Not all DNS provider supports SPF so choosing a DNS provider that can do this is a plus. To check if your mail server has an SPF record, use http://www.dnscolos.com.

Sunday 10 July 2011

Postfix Quota for redhat mail user

Postfix does not support mailbox quota. But thanks to Anderson Nadal’s Postfix Virtual Delivery Agent (VDA) patches, it can. To use the Postfix VDA requires two things, first Postfix must be built with the VDA patches and second, virtual user accounts must be used. You can get the Postfix RPM with VDA patches here.

Here are some configuration you can use for your virtual accounts.

Configure Postfix VDA

1. Edit the postfix configuration file /etc/postfix/main.cf and add the lines below

virtual_mailbox_limit_override = yes
virtual_overquota_bounce = yes
virtual_mailbox_limit_maps = hash:/etc/postfix/vquota

2. Create the file /etc/postfix/vquota containing the mapping from an email address to the maximum mailbox quota in bytes. If you wish to be exact, 1KB equals 1024 bytes while 1MB equals 1024KB or 1048576 bytes.

johndoe@acme.local 10485760
janedoe@acme.local 2097152

John Doe got a 10MB quota while Jane Doe got 2MB.
After creating this file, execute postmap /etc/postfix/vquota. This will generate /etc/postfix/vquota.db, the actual file that will be used for the lookup.
Note

If you use Active Directory as your Postfix virtual user accounts source, you can use the maxStorage attribute instead to store the quota. Just copy your ldap-users.cf configuration and save it as ldap-quota.cf. Next change samaccountname to maxstorage in the result_attribute line and remove the result_format line. In your main.cf, use ldap:/etc/postfix/ldap-quota.cf as your virtual_mailbox_limit_maps. In Windows, you can use ADSI Edit to access and modify the value of maxStorage.

3. Restart the Postfix or MailScanner service if you have installed MailScanner. Learn how to start and stop services here.

4. Test Postfix using Telnet. Try using a very small quota limit so you can test the quota feature.

Saturday 9 July 2011

Postfix Aliases and Mailing List for redhat 6

You can create a text file in Postfix containing an alias email and several destination emails. There are two ways to implement aliasing and mailing list in Postfix depending on how it is configured.

For System Accounts

Your Postfix is configured to use system accounts if your configuration file has something like

mydestination = $mydomain

or sending to a non-existent account gives the error message

Recipient address rejected: User unknown in local recipient table

1. Edit the file /etc/aliases. The file has the form

alias: address1,address2

If address has the same domain as yours, you can leave it out. Thus you can use the /etc/aliases file to alias an email address or to build a mailing list.

2. Type in the command newaliases in a terminal window. This will rebuild the aliases database file.

For Virtual Accounts

Your Postfix is configured to use virtual accounts if your configuration file has something like

virtual_mailbox_domains = $mydomain

or sending to a non-existent account gives the error message

Recipient address rejected: User unknown in virtual mailbox table

1. Edit the file /etc/aliases. The file has the form

alias address1,address2

2. Generate the database file for valias using the command

postmap /etc/postfix/valias

3. Test your database file using the command

postmap -q group@acme.local /etc/postfix/valias

Replace group@acme.local with a valid alias entry. You should see the destination emails.

4. Edit the file /etc/postfix/main.cf and add the line below to your virtual settings section

virtual_alias_maps = hash:/etc/postfix/valias

If you are using virtual accounts, instead of maintaining a text file containing the aliases and mailing list, it would be better if you can work with your virtual accounts source. See the links below for examples

To Test Postfix

1. Restart the Postfix service. But if you installed MailScanner, then restart MailScanner instead. This will immediately reload the aliases database file instead of after a few minutes.

2. You should now be able to send email to addresses found in your aliases file. See Test Postfix using Telnet and try using the alias email addresses

Friday 8 July 2011

Firewall Configuration Howto for RHEL/CentOS 6 for mail server configuration

Red Hat Enterprise Linux 6 and its derivative CentOS 6 includes a graphical tool called Firewall Configuration for configuring the firewall options. This article describes how to use the Firewall Configuration tool to open up the ports necessary for providing an email server.

Firewall Configuration (GUI)

This section describes how to use the Firewall Configuration tool to configure the firewall.

1. Click System, select Administration and click Firewall. This will launch the Firewall Configuration window.

2. Click Close in the Firewall Configuration Startup window.

3. Type in the root password and click Authenticate.

If the Firewall Configuration Startup window does not disappear after clicking Close, click the window behind it to bring the Authenticate window into the foreground.