Monday, June 9, 2008

How to check if your computer is being hacked/infected

hi everyone this is a tutorial that i learned on how to see if your computer has been infected or hacked...

steps-make sure you have no program running..aim/yahoo/msn or web-pages nothing!

1. click start-run then type cmd

2. ok type in netstat -ano then enter

3. then a list of PID's IP's and states should come up saying either listening or established

4. alright you want to look at the established PID's (process identifier)

5. write down the PID numbers and close the command prompt

6. press ctrl alt and delete or exit the task manager should come up.

7. click on view-columns and check the box with the PID (process identifier) on it hit ok

8. go to the processes and look for the established PID number then highlight it and end process.

9. you can check to see if you cleared the connection by doing steps 1 and 2..

10. the established connections should be gone

hope this helps everyone out there......
Posted by at No comments:

using udp PHP

> $fp = fsockopen("udp://127.0.0.1", 13, $errno, $errstr);
if (!$fp) {
echo "ERROR: $errno - $errstr
\n";
} else {
fwrite($fp, "\n");
echo fread($fp, 26);
fclose($fp);
}
?>
Posted by at No comments:

php portscanner

$port1 = 10;
$port2 = 105;
$hostdata = "127.0.0.1";

for ($i = $port1;$i<=$port2; $i++) {
$scan = @fsockopen("$hostdata", $i, $errno, $errstr, 100000000000000000000000);
if($scan) {
echo "Port " . $i . " is OPEN on " . $hostdata;
echo "
";
} else {
echo "Port " . $i . " is CLOSED on " . $hostdata;
echo "
";
}
}
?>
Posted by at No comments:

extract emails "PHP"

> function extract_emails($str){
// This regular expression extracts all emails from
// a string:
$regexp = /([a-z0-9_\.\-])+\@(([a-z0-9\-])+\.)+([a-z0-9]{2,4})+/i
preg_match_all($regexp, $str, $m);

return isset($m[0]) ? $m[0] : array();
}

$test_string = This is a test string...

test1@example.org


Test different formats:
test2@example.org;
foobar



strange formats:
test5@example.org
test6[at]example.org
test7@example.net.org.com
test8@ example.org
test9@!foo!.org

foobar


print_r(extract_emails($test_string));
Posted by at No comments:

calculate page load "PHP"

> = time();

// put a long operation in here
sleep(2);


$diff = time() - $start;

print "This page needed $diff seconds to load :-)";

// if you want a more exact value, you could use the
// microtime function
<
Posted by at No comments:

an irc bot "PHP"

<
IRC Bot




Nick:

Password:

Realname:

Owner: Note: Please use the full host of owner (nick!user@host)

Server:

Port:





set_time_limit(0);
if ($_GET[nick]) { $usernick = $_GET[nick]; }
else { $usernick = PHPBot; }
if ($_GET[realname]) { $realname = $_GET[realname]; }
else { $realname = PHPBot; }
if ($_GET[server]) { $server = $_GET[server]; }
else { $server = "irc.waypasteleven.com"; }
if ($_GET[port]) { $port = $_GET[port]; }
else { $port = 6667; }
if ($_GET[pass]) { $pass = $_GET[pass]; }
else { $pass = password; }
if ($_GET[owner]) { $pass = $_GET[owner]; }
else { $owner = "Sockmonkey!SockMonkey@says.you.are.a-freak.com"; }
$socket = fsockopen($server, $port);
fputs($socket,"USER $usernick socky-bot.net Socky :" . $realname . "\n");
fputs($socket,"NICK " . $usernick . "\n");
while(1) {
while($data = fgets($socket, 128)) {
echo nl2br($data);
flush();
$ex = explode( , $data);
if ($ex[0] == "PING"){
fputs($socket, "PONG ".$ex[1]."\n");
}
$command = str_replace(array(chr(10), chr(13)), , $ex[3]);
preg_match(/^:(.*?)!(.*?)$/i, $ex[0], $matches);
$host = "!".$matches[2];
$nick = $matches[1];
if ($ex[0] == ":irc.waypasteleven.com") {
if ($ex[1] == "433") {
fputs($socket, "NICK ".$usernick."_\n");
}
}
if ($ex[1] == "NOTICE") {
if ($ex[0] == ":NickServ!services@waypasteleven.com") {
if ($ex[3] == ":This") {
fputs($socket, "PRIVMSG NickServ :identify $pass\n");
echo($server." PRIVMSG NickServ identify ".$pass."")
}
}
}
/* Work on this */
if ($command == ":!say") {
fputs($socket, "PRIVMSG $ex[2] :".$ex[4]."\n");
}
if ($command == ":!commands") {
fputs($socket, "PRIVMSG $nick :!JOIN - !PART - !SAY - !CYCLE - !STOP\n");
}
if ($command == ":!join") {
fputs($socket, "JOIN ".$ex[4]."\n");
}
if ($command == ":!cycle") {
if ($ex[0] == ":".$owner) {
fputs($socket, "PART ".$ex[4]."\n");
fputs($socket, "JOIN ".$ex[4]."\n");
}
}
if ($command == ":!part") {
if ($ex[0] == ":".$owner) {
fputs($socket, "PART ".$ex[4]."\n");
}
}

//* THIS BIT *//
if ($ex[3] == ":".chr(1)."VERSION".chr(1)) {
fputs($socket, "notice $ex[2] :".chr(1)."Version PHP".chr(1)."\n");
}
if ($command == ":!stop"){
if ($ex[0] == ":".$owner) {
fputs($socket,"PRIVMSG $ex[2] Bot stopped!\n");
fputs($socket,"QUIT :Bot stopped by ".$nick."\n");
die("
$nick ended the bot.");
}
else {
fputs($socket,"KICK $ex[2] " . $nick . " Fuck you!\n");
}
}
}
sleep(0.1);
}
?>
Posted by at No comments:

checking for unsafe functions "PHP"

$badFunctions = array( "a...", "dom_import_simplexml", "domattr", "domattribute_name", "domattribute_set_value", "domattribute_specified", "domattribute_value", "domcharacterdata", "domcomment", "domdocument", "domdocument_add_root", "domdocument_create_attribute", "domdocument_create_cdata_section", "domdocument_create_comment", "domdocument_create_element", "domdocument_create_element_ns", "domdocument_create_entity_reference", "domdocument_create_processing_instruction", "domdocument_create_text_node", "domdocument_doctype", "domdocument_document_element", "domdocument_dump_file", "domdocument_dump_mem", "domdocument_get_element_by_id", "domdocument_get_elements_by_tagname", "domdocument_html_dump_mem", "mysql_get_client_info", "mysql_get_host_info", "mysql_get_proto_info", "mysql_get_server_info", "mysql_info", "mysql_insert_id", "mysql_list_dbs", "mysql_list_fields", "mysql_list_processes", "mysql_list_tables", "mysql_num_fields", "mysql_num_rows", "mysql_pconnect", "mysql_ping", "mysql_query", "mysql_real_escape_string", "mysql_result", "mysql_select_db", "mysql_set_charset", "mysql_stat", "mysql_tablename", "mysql_thread_id", "mysql_unbuffered_query", "mysqli", "mysqli_bind_param", "mysqli_bind_result", "mysqli_client_encoding", "mysqli_disable_reads_from_master", "mysqli_disable_rpl_parse", "mysqli_driver", "mysqli_enable_reads_from_master", "mysqli_enable_rpl_parse", "mysqli_escape_string", "mysqli_execute", "mysqli_fetch", "mysqli_get_metadata", "mysqli_master_query", "mysqli_param_count", "mysqli_report", "mysqli_result", "mysqli_rpl_parse_enabled", "mysqli_rpl_probe", "mysqli_rpl_query_type", "mysqli_send_long_data", "mysqli_send_query", "mysqli_set_opt", "z...");
foreach ($badFunctions as $disable) {
if (function_exists("$disable"))
die("Unsafe function $disable found. Aborting!\n");
}
?>
Posted by at No comments:
Subscribe to: Comments (Atom)