Friday, November 28, 2008

Configuring DNS If You’re Already Using Microsoft’s IIS to Host Your Own Web Site

Follow these steps:

  1. Follow the instructions for MooPS, but in the Server Settings window set the server port number to 33333 so it doesn’t conflict with IIS, which runs on port 80 (the standard port for Web and HTTP traffic).
  2. Open the Control Panel and then click Administrative Tools.
  3. Select Internet Information Services. This opens the Internet Information Services MMC (Microsoft Management Console) plug-in.
  4. Click the plus sign next to the computer icon, then click the plus sign next to Web Sites, and you’ll see Default Web Site.
  5. Right-click Default Web Site and select Properties.
  6. Under the Web Site tab, make sure IP Address is set to All Unassigned and that TCP Port is set to 80.
  7. Click the Documents tab and make sure Default.htm is in the list of documents
  8. Click the Home Directory tab and make a note of where your Web site’s documents are stored. You can change the directory, too, but the default location of c:\inetpub\wwwroot is usually just fine.
  9. All right, you’re good to go with IIS. In the next section, you configure the DNS server.

Configuring DNS If You’re Using MooPS


Follow these steps:

  1. Select Launch MooPS from the Start>All Programs>MooPS menu. After a few moments, the MooPS status window appears.
  2. From the Options menu, select Server Settings.
  3. When the MooPS – Server Settings window appears, enter the following:
  • Your computer’s IP address into the Redirect IP Address field.
  • Change the drop-down selection under IP Address from (Any) to your computer’s IP address
  • Your router’s IP address (the gateway address) into the IP Address field under DNS Client
  • Change the IP address under Web Server from (Any) to your computer’s IP address Click OK when you are done. If you don’t change the IP addresses in the drop-down lists that say (Any), MooPS will likely crash when you attempt to use it. If you don’t know your IP address and router address settings.Now that your server is configured you need to start it. From the Server menu, select Start. MooPS should then start its services and tell you everything’s okay.

Download the DNS Server


Now that we have the Web service part out of the way, let’s get the DNS server squared away.
If You Have Windows
Use MooPS. It has a DNS server built in that is pre-configured for use in this hack.
If You Have Mac OS X or Linux
On Mac OS X and Linux, you can simply install Berkeley Internet Name Daemon, or BIND for short. Refer to the BIND documentation on how to download and install BIND.
BIND for Mac OS X can be downloaded from http://www.versiontracker.com/
dyn/moreinfo/macosx/658.
BIND for Linux is usually included with the distro, so check your install.
If You Have Mac OS 9
If you’re running Mac OS 9, get your hands on MacDNS, a very simple DNS server that will do just fine for hacking DNS.

Wednesday, November 12, 2008

Enabling Personal Web Sharing (Macintosh)


Macintoshes have a Web server installed, but not enabled, by default.To enable your Web server, first make sure you run Apple’s Software Update to make sure your patches are up to date, and then do the following:
1. Open System Preferences.
2. Click Sharing.

Locking Down IIS

If you are running IIS instead of MooPS on Windows, you should lock down your IIS configuration
(because security is always key, even in closed networks). If you have not done so already, you should install and run the IIS Lockdown Tool, available for free from Microsoft at

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=DDE9EFC0-BB30-47EB-9A61-FD755D23CDEC.

If that URL doesn’t work, simply go to Microsoft’s Web site (http://microsoft.com) and search for IIS Lockdown Tool. Download the IIS Lockdown Tool and run it using the Dynamic Web Server (ASP Enabled) profile (just follow the prompts—it’s pretty self explanatory). Make sure the box for Install URLScan Filter on the Server is checked (this prevents certain types of hack attempts).
Once the IIS Lockdown Tool has completed its run, put the program away in a location you’ll remember so you can undo its changes later if you need to.To undo the IIS Lockdown Tool’s changes, simply run the application again and it automatically knows it’s installed and gives you options to remove its changes.

Installing MooPS

Download MooPS from the site mentioned earlier and double-click the installer to run it. You should be welcomed by the MooPS Setup Wizard, which walks you through the fairly straightforward installation Next, select the installation directory for MooPS. I suggest the default location of your Program Files directory, which is usually the C:\Program Files directory and is entered by default. Then click Next and then Next again and MooPS is installed.When MooPS has installed, click Close to exit the installer.

Get MooPS, the Free Web Server


There are many options if you don’t already have a Web server. If you have Windows, your best choice is MooPS, a free Web server and DNS server preconfigured for use in this hack. You can download MooPS from
http://seamonkey420.techrecipes.com/psp/Wipeout_moops.html.
If you have Windows 2000 or XP Professional and are already running IIS, you can still use IIS as the Web server—you’ll just use MooPS for the DNS configuration. If you have a Mac or are running Linux, there’s already a free Web server included with your system—Apache. Let’s go over how to install each one.
If you’re on a Mac or you already have a PC Web server, you can skip this step. Macintoshes since Mac OS 8 have had a service called Personal Web Sharing. Windows XP Pro and Windows 2000 machines have IIS built-in.
Before setting up any sort of server, especially if you will make it public, make sure you have the latest security patches. The last thing you need is for it to get owned by a hacker. Before installing any server product, make sure your machine is behind a firewall and is not allowing any external traffic. Before you allow other people (even you) access to services you provide, make sure your system is fully updated before and after you install server software. In Windows you do this via Windows Update, and on the Mac it’s through Software Update. Linux and other operating systems have various update paths. Also make sure any third-party server software is fully up-to-date, as the built-in update mechanisms in operating systems only update the operating system components, not applications.

Wipeout Pure: A Cool Game with a Fantastic Feature


They say most hacks are elegantly simple. They are so much sweeter when you can use a company’s own products to perform the hack. Such is the case with Web browsing on the PSP, where Sony’s own game— Wipeout Pure—has a fairly decent Web browser (well, enough to read blogs and the RSS feeds and lots of other stuff which we’ll get to in other chapters). Using tried and true DNS and Web server spoofing techniques, you can intercept Sony’s game’s calls to Sony’s Web servers and point all those requests to your own, hacked server. Of course, you should only do this on your local network, as Sony’s legal hounds would probably tear into your flesh with ferocious persistence, but this hack will work outside of your own network if you believe you have legal-bullet-proof powers.
While this hack will work on any PSP, it is generally intended to provide a Web browser to those who do not use a 2.0 PSP (such as software developers or those who want to run homebrew applications). Either way, by reading this section you should learn quite a bit about the art of spoofing.
Here’s what you’ll need:

  • A Web server (otherwise known as an HTTP Daemon, which you’ll download in a moment)
  • A DNS server (otherwise known as a Name Daemon, which you’ll download soon, too)
  • A PC or Mac that can run both of the previous applications (called the “host PC”)
  • Wipeout Pure PSP game
  • 802.11b-compatible wireless base station (or the host PC with an 802.11b-compatible wireless card and configured as a wireless base station)
What we’re about to do is trick the game Wipeout Pure.Wipeout uses its own Web browser to access Sony’s Web site to download extra content.What you’re going to do is redirect it to a different site (your Web server) by spoofing Sony’s Web site’s IP address (via your DNS server) so you can surf the Internet through that same browser and do whatever you want online (for the most part).