Thursday, November 24, 2011

HACK COMPUTER

                                     How to Control a Remote Computer using Lost Door

Remote Administration tools also known as RAT are windows Trojans or in simple terms programs used by a Hacker to get administrative privileges on the victim’s computer. Using a RAT you can do a lot of cool things such as “Upload, delete or modify data” , “Edit registry”, “Capture victim’s screen shot”, “Take control of victim’s Computer”or “Execute a virus” just with a click of a button.
Throughout this article I will teach you how to use Lost Door, a Windows RAT, to control and monitor a victim’s computer remotely.
Disclaimer: Coder and related sites are not responsible for any abuse done using this software.
Follow the steps below to setup a server for Lost Door.
  • Download Lost Door from here . (Update: In case the given download link doesn’t work, use this secondary download link. The password to unzip this file is “ehacking.nethungry-hacker.com” without double quotes.)
  • On executing the download file, you will see the following screen. Accept it
  • After it is open, right click on the window and click on create server
  • Now enter your IP address and DNS here. Leave the rest of the field as it is.
  • Now click on the ‘Options’ tab and choose the options as you want. To activate an offline keylogger is a good practice.
  • Now go to ‘Advanced’ Tab. There will options related to spreading. This will be used in case you have more than 1 victim.
  • Now just go to the ‘Create’ tab and click on create server. Your server is ready for use now and now send it to the victim.

Sending the server file to your victim

This is the most important thing after you have created your server file. If you want to take control on a single computer than you have to send this server file to the desired victim but if you want to affect more and more people than you have to use some spreading techniques.
  • If you have physical access to the victim’s computer then take the server file in a pen drive and just double click on your server file once you have injected the pen drive into that computer.
  • For those who don’t have physical access can use social engineering in order to get the victim execute that file on his computer.

Using Spreading to affect multiple victims

If you have more than one victim, then you have an option of using spreading technique. You might think that by creating multiple server files you can control multiple users. But here is a secret about spreading. When you select the spreading option, the server file will act as a worm which will spread itself across different computers via Email or any other channel. So your burden will be only to get one victim to execute that file on his computer, the remaining job of getting other victims will be done on its own.
ENJOY GUYS AND HAVE A FUN
POSTED BY : BHARAT GARG
 

How to setup a Shell booter

                                                                How to setup a Shell booter
 
What is a Shell booter?

A shell booter uses a series of shells with a flood to send packets to someones router, and the router cannot handle that much packets, and simple no longer allows you to access websites for a short while. A booter can use slowloris POST, and a GET shells. GET are the best shells to use, these are the ones that are green and only have IP and time.

Downloads: Source i added a mass shell adder.

Shell checker: Here
Virus scan: Here

Setting up your Shell booter:
*** You will need hosting to do this, you can find hosting that allows booters at a reasonable price here***

Setting up your SQL database.
Scroll down through your Cpanel, till you see something related to Databases.
[Image: e72056384eb09ae83873baaf3d441b21.png]
Click on "MySQL Databases" Now your going to type a name for your database.

[Image: 9187cd2cc12c89eda4cdd48e8c0c7e0d.png]


once you're done with that, scroll down some more. You should see this

[Image: 3d6650a9e5af3b2bb47f6a7fbc09cb8c.png]
Now you're going to add a user, you can type anything you want.

After you finish this, you want to add the new user you created to new databse you created. Like this
[Image: 12a8974a51fd4d04b6bc7edab8936247.png]

Make sure you assign all privileges! We're done with the SQl for now.

Uploading the Source:

You will need go back to your Cpanel home, and locate "file manager"

[Image: 0e5645afedfe5679ee1a2cb18b771783.png]
Once there, go into your Public folder, Now go to upload, it should look like this
[Image: 9722dafda276baaa4cb315bc79bfa08e.png]Now upload the source.
Go back to your file manager, and extract.
Editing the files:

Now locate the file "dbc.php"
[Image: 011bc36e8b4db0ee395c91b1e2660ccc.png]Now edit these lines with your information From the SQL Database.

[Image: f8123d6299170c46d996eff1bbdb672d.png]



Now you must go to the "includes" folder and fine "ezSQl.php"

[Image: 4aaa3c2c5321b32bf1c22aff266a39d8.png]



Now go to line 44, 71, and edit the info to your Database information.

[Image: 0d7e766d555f92b342e6004bb14e6e6c.png]
Almost done!

Now you have to go back to your Cpanel, and go down to PHPmyAdmin it should be in databases

[Image: e72056384eb09ae83873baaf3d441b21.png]
Now you should see your database name on the left.

[Image: 2a629de874f76fb7813484adba6a01fa.png]

Click on it, and go to the SQL tab.



Now this is where you go into the source file and click on dbprepare.txt

[Image: 48fb19cc141f4c04a11681e5a05d6d5f.png]
Copy and paste that into here the "SQL" tab. MAKE SURE NOT TO EDIT!

[Image: 3e2f2399d0c9cfba34e1de75b2b129ea.png]
Now to make your account!

Go to your domain now, once you get there. You should see a login page.
go to register.


Now go back to PHPMyAdmin

Got next to users, click on broswe

[Image: 1663d313f9cf14acc416dcf554d19f8f.png]


Once you get there you should see this

[Image: d107ac760ace7fc9cd53fb5331ff52d1.png]


You need to edit user_level to 5 and approved from 0 to 1

[Image: d1f990078c304e4e25b30391c2f34b13.png]


Hit "Go" now to login Smile

Congratulations, you just made your own shell booter!
Making the shells

You will need to go to pastebin.com and serach this
webdav/

/x32.php

/shell.php

/greenshell.php
I hoped this helped everybody and cleared some questions up about SHELL BOOTER
ENJOY GUYS AND HAVE A FUN
POSTED BY: BHARAT GARG

Hacking Online Banking and Credit Card Transactions

     Hacking Online Banking and Credit Card Transactions – And How to Prevent It:

Here is process for hacking online banking and credit cards transactions and also a process to prevent from them .

The Scenario

You go to a coffee shop for a cup of coffee and to utilize the shop’s Wi-Fi HotSpot to surf the web. You connect to the hotspot network and decide to perform some online banking or to purchase something online. By the way, this could happen to you at home, as well. As an end-user, you feel quite secure, as you see the lock in the bottom corner of your Internet browser, symbolizing that the online banking or online credit card transaction is safe from prying eyes. Your data, including username, password, credit card info, etc. will be encrypted with 128-bit encryption. So it's secure, right?
It is not uncommon to perform banking and to purchase products online with your credit card. It is also a common thought that doing so is secure, as this is done via SSL. For the most part, this is true and the sessions are secure. Discover Card, for example, posts the following statement on their website:

Figure 1
The problem is that it is not “virtually impossible” for someone else to see your data, such as login information or credit card numbers. It can actually be relatively easy, as you’ll see, if you as an end-user are not knowledgeable about how you can be exploited and know the signs that this is occurring.

Figure 2
(Indicates a Secure SSL Session)
Continuing with the scenario, what you didn’t realize is that a hacker has intercepted your Online Banking login credentials and credit card information and can now log into your Online Banking Website or purchase items with your credit card. How is this possible, since SSL was used and is hard to break? The answer is that you made a fatal mistake that subjected you to an SSL Man-in-the-Middle (MITM) attack.

The Attack

The fatal flaw that enabled the sensitive information to be stolen is possible when an end-user is not properly educated on an easy to do and well-known SSL exploit – SSL MITM.
Here’s how it’s done:
The hacker goes to coffee shop and connects to the same Wi-Fi network you are connected to. He runs a series of utilities to redirect other user’s data through his machine. He runs a number of other utilities to sniff the data, act as an SSL Certificate Server and to be the Man-the-Middle. The following diagram shows a very simplified graphic of how your SSL Banking session should work under normal conditions, then how it would work during an attack:

Figure 3

Figure 4
An important concept to grasp here is that a certificate is used to establish the secure SSL connection. This is a good thing, if you have a good certificate and are connecting directly to the website to which you intended to use. Then all your data is encrypted from your browser to the SSL website where the bank’s website will use the information from the certificate it gave you to decrypt your data/credentials. If that is truly the case, then it is pretty darn hard for a hacker to decrypt the data/credentials being transmitted, even if he is able to sniff your data.
This is a bad thing if you have a “Fake” certificate being sent from the hacker, and you are actually connecting to his machine, not directly to the bank’s website. In this case, your credentials are being transmitted between your browser and the hacker’s machine. The hacker is able to grab that traffic, and, because he gave you the certificate to encrypt the data/credentials, he can use that same certificate to decrypt your data/credentials.
Here are the exact steps a hacker could use to perform this attack:
The first thing he would do is turn on Fragrouter, so that his machine can perform IP forwarding

Figure 5
After that, he’ll want to direct your Wi-Fi network traffic to his machine instead of your data traffic going directly to the Internet. This enables him to be the “Man-in-the-Middle” between your machine and the Internet. Using Arpspoof, a real easy way to do this, he determines your IP address is 192.168.1.15 and the Default Gateway of the Wi-Fi network is 192.168.1.1:

Figure 6
The next step is to enable DNS Spoofing via DNSSpoof:

Figure 7
Since he will be replacing the Bank's or Online Store’s valid certificate with his own fake one, he will need to turn on the utility to enable his system to be the Man-in-the-Middle for web sessions and to handle certificates. This is done via webmitm:

Figure 8
At this point, he is setup and ready to go, he now needs to begin actively sniffing your data passing through his machine including your login information and credit card info. He opts to do this with Ethereal, then saves his capture:

Figure 9
He now has the data, but it is still encrypted with 128-bit SSL. No problem, since he has the key. What he simply needs to do now is decrypt the data using the certificate that he gave you. He does this with SSL Dump:

Figure 10
The data is now decrypted and he runs a Cat command to view the now decrypted SSL information. Note that the username is “Bankusername” and the password is “BankPassword”. Conveniently, this dump also shows that the Banking site as National City. FYI, the better, more secure banking and online store websites will have you first connect to another, preceeding page via SSL, prior to connecting to the page where you enter the sensitive information such as bank login credentials or credit card numbers. The reason for this is to stop the MITM-type attack. How this helps is that if you were to access this preceeding page first with a "fake" certificate and then proceeded to the next page where you were to enter the sensitve information, that page where you would enter the sensitive information would not display. That is because the page gathering the sensitive information would be expecting a valid certificate, which it would not receive because of the Man-in-the-Middle. While some online banks and stores do implement this extra step/page for security reasons, the real flaw in this attack is the uneducated end-user, as you'll soon see:

Figure 11
With this information, he can now log into your Online Banking Account with the same access and privileges as you. He could transfer money, view account data, etc.
Below is an example of a sniffed SSL credit card purchase/transaction. You can see that Elvis Presley was attempting to make a purchase with his credit card 5440123412341234 with an expiration date of 5/06 and the billing address of Graceland in Memphis, TN (He is alive!). If this was your information, the hacker could easily make online purchases with your card.

Figure 12

Also Real Bad News for SSL VPN Admins

This type of attack could be particularly bad for corporations. The reason for this is that Corporate SSL VPN solutions are also vulnerable to this type of attack. Corporate SSL VPN solutions will often authenticate against Active Directory, the NT Domain, LDAP or some other centralized credentials data store. Sniffing the SSL VPN login then gives an attacker valid credentials to the corporate network and other systems.

What an End-User Needs To Know

There’s a big step and end-user can take to prevent this from taking place. When the MITM Hacker uses the “bad” certificate instead of the “good”, valid certificate, the end-user is actually alerted to this. The problem is that most end-users don’t understand what this means and will unknowingly agree to use the fake certificate. Below is an example of the Security Alert an end-user would receive. Most uneducated end-users would simply click “Yes”… and this is the fatal flaw:

Figure 13
By clicking “Yes”, they have set themselves up to be hacked. By clicking the “View Certificate” button, the end-user would easily see that there is a problem. Below are examples of the various certificate views/tabs that show a good certificate compared to the bad certificate:

Figure 14

(Good Certificate) (Bad Certificate)

Figure 15

(Good Certificate) (Bad Certificate)

Figure 16

(Good Certificate) (Bad Certificate)

How an End-User Can Prevent This

  • Again, the simple act of viewing the certificate and clicking “No” would have prevented this from happening.
  • Education is the key for an end-user. If you see this message, take the time to view the certificate. As you can see from the examples above, you can tell when something doesn’t look right. If you can’t tell, err on the side of caution and call your Online Bank or the Online store.
  • Take the time to read and understand all security messages you receive. Don’t just randomly click yes out of convenience.

How a Corporation Can Prevent This

  • Educate the end-user on the Security Alert and how to react to it.
  • Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials.
  • When using SSL VPN, utilize mature products with advanced features, such as Juniper’s Secure Application Manager or Network Connect functionality.

Conclusion

This type of attack is relatively easy to do in a public Wi-Fi hotspot environment. It could also easily happen on a home Wi-Fi network, if that Wi-Fi network isn’t properly configured and allows a hacker to connect to that home network (See Essential Wireless Hacking Tools for more info on securing your home network). An educated end-user and sound security practices by corporations can protect your valuable data.
The credit goes to the Ethical Hackers.
ENJOY AND HAVE A FUN
POSTED BY : BHARAT GARG

HACK WEBSITE DATA

                                                    Hack into a Database and take files
WELCOME
Hello and welcome to my database hacking tutorial where I will show you how to hack and take files from a database.

What will you need?
  • You need basic computer skills such as making new folders.
  • You Need a dos called Wget You can download from HERE
  • You need to have administrative privileges on your computer.

The Tutorial
Step 1: Download Wget from HERE
and put it on the root of your operating system, most people have "C" So go there and make a new folder called wget NO CAPS. Inside only put the dos. (btw the dos doesn't open I will show you how to use it)

Step 2: Open Cmd
In XP go to run and put CMD or command.com
In vista/7 Search for CMD and right click open as Administrator.

[Image: step2e.png]

Step 3: In Cmd put "cd C:\wget" No quotes and if your main drive is not C put it as your main drive.

[Image: step3gj.png]

Step 4: Post this command "wget -r -A.jpg" (Don't press enter) See how it says .jpg, you can make it the extension your trying to get. Right now it would take any file with the extension .jpg and download it. If you changed the command to wget -r -A.html it would get all the html files ect.

[Image: step4y.png]

Step 5: Now after that you can space once and put the website or link/server you want to take from. It will check for safety and certificates if you don't want it too because its a hassle you can put this. --no-check-certificate. So after you put the first command you space you put this then you space again and post the website/link/server and port if you want to get specific.

Step 6: Now you're set! Just press enter and watch the magic happen. You can open another cmd and do another file extension at the same time.

[Image: step5b.png]

Step 7: Now just go to the wget folder on C and open it. There should be a new folder of the website in there. Click on it and thats the files.

[Image: step6o.png]
Ok now if you have any questions whats so ever, feel free to post below. I will try my best to answer all of them. :blackhat:
enjoy and have a fun
posted by: bharat garg

How to Network Two PCs Using a USB-USB Cable



Introduction
A very easy way to connect two PCs is using a USB-USB cable. Connecting two PCs with a cable like this you can transfer files from one PC to another, and even build a small network and share your Internet connection with a second PC. In this tutorial we will explain you how to connect two PCs using a cable like this.
The first thing you should be aware of is that there are several different kinds of USB-USB cables on the market. The one used to connect two PCs is called “bridged” (or “USB networking cable”), because it has a small electronic circuit in the middle allowing the two PCs to talk to each other. There are the so-called A/A USB cables that, in spite of having two standard USB connectors at each end, don’t have a bridge chip and cannot be used to connect two PCs. In fact, if you use an A/A USB cable you can burn the USB ports of your computers or even their power supplies. So, these A/A USB cables are completely useless. A/B USB cables are used to connect your computer to peripherals such as printers and scanners, so they also won’t fit your needs.

As for speed, the bridge chip can be USB 1.1 (12 Mbps) or USB 2.0 (480 Mbps). Of course we suggest you to buy a USB 2.0 bridged cable, because of its very high-speed. Just to remember, the standard Ethernet network works at 100 Mps, so the USB 2.0 cable will provide you a transfer rate almost five times higher than a standard network connection.
We decided to open the bridge located on the middle of our cable just to show you that this kind of cable really has a bridge chip, and that’s why it is more expensive than a simple A/A USB cable that doesn’t have any circuit at all.
USB-USB board
Now that you know the kind of cable that you should buy (on the top of this page we are listing several places you can buy this cable online), let’s talk about its installation.
Installation
This cable can work in two modes: link mode and network mode. On link mode, it will work just like the very old “lap link” cables, i.e. it comes with a software where you can select files and simply drag and drop them to where you want to move or copy them to or from the remote computer. If you just want to copy files, that’s the mode we recommend you to use, because it is easier and quicker to install and use.
On network mode, you will create a small network between two computers. After creating this network you can share folders, printers and Internet access. This mode is recommended if besides copying files you want to have access to a printer located on the other computer (or any other computer on the network, if this computer is connected to a network) or want to have Internet access.
The cable installation process will depend on the cable manufacturer. You will have to install the programs and drivers that come with the cable on a CD-ROM. This procedure must be performed on both computers, with the cable not installed.
So, don’t install the cable yet, leave it away from the computers.
Some manufacturers ship two different setup files, one for the link mode and another for the network mode. Other manufacturers ship just one setup file valid for both modes. Then you need to select the mode you want to use during the installation or inside the transfer program that will be installed.

Figure 4: Choosing the mode during installation.

Figure 5: Choosing the mode inside the transfer program.
After you have installed the corresponding drivers (link mode or network mode), you should install the cable on the computer. Windows will recognize it and install the correct drivers.
If you installed the program and drivers with the cable attached to the computer, you should remove it from your computer and install it again. This will make Windows to recognized it and install its drivers.
You should repeat this process for the other computer now.
If you want to change the mode your cable is working under, you should run the setup program for the other mode or selecting the mode change on the transfer program, depending on the cable model. This should be without your cable attached to your computer. After changing the mode, reinstall the cable and the system will recognize it automatically. If you run the setup program or changed the mode with the cable attached, simply remove the cable from your computer and install it again to force Windows to install the correct drivers (the drivers used on link mode and network mode are different). You should repeat this process for the other computer.
Now that you cable is installed, let’s see how to use it on both modes.
Link Mode
As we mentioned, the link mode is the easiest and fastest way to connect two PCs using your USB cable for transferring files. If you want to have Internet access and/or have printer access, you should go to network mode.
After installing the cable as describe on the previous page, you should check if the cable is correctly installed on Device Manager (right click My Computer, Properties, Hardware, Device Manager). It should be listed under “Universal Serial Bus controllers”, see Figure 6 (our cable is listed as “Hi-Speed USB Bridge Cable”, but your cable can use a slight different name, depending on the manufacturer).

Figure 6: USB-USB cable correctly installed using link mode.
To transfer files, you should open the transfer program that was installed when you run the setup file. On our cable this program was called PClinq2. This program must be opened on both computers.
The usage of the transfer program is really easy. On its left side it will show your computer, and on its right side it will show the remote computer. Just select the drive/partition and folder/files you want to transfer and drag and drop them to the desired location. It couldn’t be easier!



click to enlarge
Figure 7: Transfer program.
Network Mode
As we mentioned, under network mode the computers will be linked in a small network, and the connection will work just like a network. This mode allows you to share the Internet connection, if available on one of the computers.
After installing the cable as describe before, you should check if the cable is correctly installed as a network adapter on Device Manager (right click My Computer, Properties, Hardware, Device Manager). It should be listed under “Network adapters”, see Figure 8 (our cable is listed as “Hi-Speed USB-USB Network Adapter”, but your cable can use a slight different name, depending on the manufacturer).

Figure 8: USB-USB cable correctly installed using network mode.
The next step is to configure both computers to use the USB cable as a network adapter.
First you have to configure the computer that has access to the Internet. On this computer, open Network Connections (Start, Settings, Network Connections). You will see there the network adapters located on your computer. In our case, “Local Area Connection” was the network adapter that connected our PC to the Internet (to our broadband router) and “Local Area Connection 2” was the USB-USB cable, see Figure 9.



click to enlarge
Figure 9: Network connections.
Network Mode (Cont'd)
Right click on the network card that is connecting your PC to the Internet (“Local Area Connection”, in our case), choose Properties and, on the window that will show up, click on Advanced tab. There, check the box “Allow other network users to connect through this computer’s Internet connection”. Depending on your Windows XP version, there will be a drop-down menu called “Home networking connection”, where you should select the USB cable connection (“Local Area Connection 2”, in our case).

Figure 10: Enabling Internet sharing.
After you have done this configuration, you must restart your computer. After restarting it, everything should be working just fine. Try browsing the net from the other computer to see if everything is running fine.
If the remote computer cannot access the Internet, check if the USB cable is configured to get an IP address automatically from the network. Go to Start menu, Settings, Network Connections, right click the cable connection (“Local Area Connection 2”, in our case), select Properties and then, on the window that will appear, double click on “Internet Protocol (TCP/IP)”. Both two options available on the screen that will show up must be set on “automatically”, as shown on Figure 11. Both computers should be configured this way.

Figure 11: TCP/IP configuration must be set to automatic on both computers.
enjoy and have a fun