Tor Hacking Utilities | 18 KB

Some crude Tor hacking utilities that I’ve put together. These are for hacking via Tor, not hacking Tor itself.

What Is TOR?

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Hundreds of thousands of people around the world use Tor for a wide variety of reasons: journalists and bloggers, human rights workers, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and just ordinary citizens. See the Who Uses Tor? page for examples of typical Tor users. See the overview page for a more detailed explanation of what Tor does, and why this diversity of users is important.

Tor doesn’t magically encrypt all of your Internet activities, though. You should understand what Tor does and does not do for you.

Tor’s security improves as its user base grows and as more people volunteer to run relays. (It isn’t nearly as hard to set up as you might think, and can significantly enhance your own security.) If running a relay isn’t for you, we need help with many other aspects of the project, and we need funds to continue making the Tor network faster and easier to use while maintaining good security.

Tor is a registered 501(c)(3) non-profit whose mission is to allow you to protect your Internet traffic from analysis. Please make a tax-deductible donation.

Download:

http://pseudo-flaw.net/resource/tor/hacking/attach:/tor-hacking-utils-0.06.tar.gz

The debate over whether or not Internet Protocol (IP version 4) addresses are personal information continues. As reported on New York Times Blog: Europe: Your I.P. Address Is Personal. It has been since commented on at Educated Guesswork (Uh, yeah IP addresses are identifying) and Adam Shostack added it to his Adam’s Law of Perversity in Computer Security.

Let’s review a few quick facts about IP addresses:

• IP addresses are not private
• IP addresses are not anonymous
• IP addresses do not uniquely identify a person
• IP addresses do not uniquely identify a computer

Granted an IP address may become identifying when it is stored in conjunction with other personal information, but by itself an IP address is not personally identifying information.

And to suddenly start talking about confidentiality and protecting your IP address (as if you own it) is simply ludicrous. By their very nature IP addresses cannot be private, because they are used to route data. Playing the privacy card for IP addresses is intellectually dishonest, and it detracts from real privacy arguments. It is disheartening to see so many people hopping on the “IP address is personal” bandwagon.

You can even change/Hide your IP address very easily. Some of the ways are illustrated below:

Using TOR Network:

Tor (=The Onion Router) is an open source software implementation of the so-called onion routing protocol.

Tor’s idea is to protect its users against traffic analysis attacks. Volunteers operate an overlay network of onion routers that enable anonymous outgoing connections and anonymous “hidden” services.

Disadvantages of using TOR:

DNS leaks

As with many anonymous web surfing systems, direct DNS requests are still performed by many applications, without using the Tor proxy.

Traffic analysis

Like all current low latency anonymity networks, Tor is vulnerable to traffic analysis from observers who can watch both ends of a user’s connection.

Eavesdropping by exit nodes

It was revealed that by operating and monitoring Tor exit nodes it is possible to intercepted usernames and passwords for a large number of email accounts.

Download TOR

Using Other Ordinary IP hiding tools:

Ultrasurf and NotMyIP are two very similar tools to hide/change your IP address. Due to the fact that Ultrasurf is very well know and consequently blocked by many security products and filter, NotMyIP has gained lately a lot of popularity.

On Privacy-Gateway.com, the home of NotMyIP, I have found an interesting comparison between the 2 products. From the very beginning, Privacy-Gateway team declares that NotMyIP was not built to replace Ultrasurf but more to be an alternative when Ultrasurf is blocked.

Here is the comparison as found on Privacy-Gateway.com:

What do I think?

In my opinion, both products are good and provide solid browsing anonymity. Similar features, similar performance.  What I appreciate to NotMyIP is that fact that it performs auto configuration for Firefox, Chrome, Opera, etc. No need for add-ons or other manual configs.

What do you think?

Have you tried Ultrasurf and/or NotMyIP? What do you think of them? Which one is better?

Hacking an Orkut, Yahoo, Gmail, Facebook,  account using fake login page and its countermeasure – An easy clean and working method.

NOTE: This is for educational purpose only.

These Days Hacking Orkut, Yahoo, Facebook, Paypal using fake login pages is very common. Even everybody knows about it. The fake login pages are even available on the internet. They are just a search away from you. Let me just come to the point.

Everyone knows how to setup a fake login page(if you dont know how to? click here)  but the difficulty is this how to redirect the user to that fake page that has been created for the victim.
like you want to redirect the victim to your orkut.freewebspace.com fake login page, when victim enters orkut.com in addressbar and hit enter. Its pretty simple.

1) Open C:\WINDOWS\system32\drivers\etc
2) Open “hosts” file in your favourite text editor(here i am using Notepad)
3) The file will look something like this>>

4) Add a line over there below the “127.0.0.1        localhost” line…

5)Save and try it in your browser.

Bonus: you can even code a program a script that will automatiacally do it for you, i will discussing it in the next post.

Countermeasure:
1) Carefully read the address in the addressbar before filling up the login form.

Please reply if you like the post.

Hello readers,

I found this very interesting paper by Patrick Carroll, Computer Science Deptt at University Of Maryland, Baltimore.

This document is a short and nice intro to Keyloggers and Buffer Overflows under Linux Machines.

This doucment is just a 7-8  page long description of these two attack vectors out of which Keylogging is mostly practised by Script kiddies, whereas Buffer Overflows are a more advanced and sophisticated form of attack. Hope you’ll enjoy reading the document as much as i did.

[scribd id=16527840 key=key-t1kuntum8hlb6vjbmex]

Originally, the article can be found here:

http://patrickomatic.com/school/426/project/final_report.pdf

Hack This Site is a Safe way for newbie hackers to learn and master the art of hacking. This video is solution to one of the challenge presented on Hack this Site and deals with the domain of JavaScript.

httpv://www.youtube.com/watch?v=mXcpwqu7mds

This video and article was originally found at this address:

http://www.gotmyidea.com/71112-javascript-hacking.php

Spyware overview

Spyware is a categorical term given to applications and software that log information about a user’s online habits and report back to the software’s creators. The effects of these programs range from unwanted pop-up ads and browser hijacking to more dangerous security breaches, which include the theft of personal information, keystroke logging, changing dialup ISP numbers to expensive toll numbers, and installing backdoors on a system that leave it open for hackers.

Spyware usually gets into the computer through banner ad-based software where the user is enticed to install the software for free. Other sources of spyware include instant messaging, various peer-to-peer applications, popular download managers, online gaming, many porn/crack sites, and more. Note that most, but not all, spyware is targeted exclusively at Microsoft’s Internet Explorer web browser. Users of modern Web browser alternatives, such as Mozilla’s Firefox and Apple’s Safari, are generally not affected by spyware at all.

The most recent delivery methods used by malicious spyware require no permission or interaction with the users at all. Dubbed as “drive-by downloads,” [ref 1] the spyware application is delivered to the user without his knowledge simply when he visits a particular website, opens some zipped files, or clicks on a malicious pop-up ad that contains some active content such as ActiveX, Java Applets, and so on. Spyware can also be hidden in image files or in some cases has been shipped along with the drivers that come with a new hardware device.

Spying techniques

Depending upon the nature of the information gathered, each piece of spyware may function differently. Some spyware applications simply gather information about a user’s surfing habits, purely for marketing purposes, while others are far more malicious. In any case, the spyware attempts to uniquely identify the information sent across a network by using a unique identifier, such as a cookie on the user’s hard disk or a Globally Unique Identifier (GUID). [ref 2] The spyware then sends the logs directly to a remote user or a sever that is collecting this information. The collected information typically includes the infected user’s hostname, IP address, and GUID, along with various login names, passwords and other keystrokes.

Types of keyloggers

As mentioned, keyloggers are applications that monitor a user’s keystrokes and then send this information back to the malicious user. This can happen via email or to a malicious user’s server somewhere on the Internet. These logs can then be used to collect email and online banking usernames and passwords from unsuspecting users or even capture source code being developed in software firms.

While keyloggers have been around for a long time, the growth of spyware over the last few years means they warrant renewed attention. In particular, this is due to the relative ease at which a computer can become infected — a user simply has to visit the wrong website to become infected.

Keyloggers can be one of three types:

1. Hardware Keyloggers. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time — however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.
2. Software using a hooking mechanism. This type logging is accomplished by using the Windows function SetWindowsHookEx() that monitors all keystrokes. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookEx() is capable of capturing even autocomplete passwords.
3. Kernel/driver keyloggers. This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start. Since the program runs at the kernel level, one disadvantage to this approach it that it fails to capture autocomplete passwords, as this information is passed in the application layer.

Analyzing a keylogger

There are many different keyloggers available, including the Blazing Tools Perfect Keylogger [ref 3], Spector [ref 4], Invisible Keylogger Stealth [ref 5], and Keysnatch [ref 6]. Most of these have more or less the same set of features and way of functioning. Therefore, we will focus on one particular tool in our examples, the one from Blazing Tools.

The Blazing Tools Perfect Keylogger will be analyzed in this paper because it has been found hidden in so many Trojans on the Internet. It’s a good example of a common hook-type keylogger. Although Blazing Tools markets its products to IT administrators and parents, the presence of their keylogger in many Trojans illustrates how people can package legal code and use it for malicious activities. The following features of the “Perfect Keylogger” are of use to anyone trying to spy on an unsuspecting user:

1. Stealth Mode. In this mode no icon is present in the taskbar and the keylogger is virtually hidden.
2. Remote Installation. The keylogger has a feature whereby it can attach to other programs and can be sent by e-mail to install on the remote PC in stealth mode. It will then send keystrokes, screenshots and websites visited to the attacker by e-mail or via FTP.
3. Smart Rename. This feature allows a user to rename all keylogger’s executable files and registry entries.

This keylogger was installed on a test PC. The following capture, with the help of a tool such as SNAPPER [ref 7], shows the changes in the files after installing the keylogger, as shown below in Figure 1.

Figure 1. File changes made by the Perfect Keylogger.

With the help of a free anti-spyware application such as Microsoft Antispyware [ref 8], the registry entries made by the keylogger as well as its DLLs and EXEs can be seen below in Figure 2.

Figure 2. Registry entries, .dll files and .exe files of Keylogger.

The keylogger also runs as a background process which can be seen with the help of a tool such as SysInternals’ Process Explorer [ref 9], as shown below in Figure 3.

Figure 3. Spyware process running in the background.

This same keylogger was next installed on a different test PC through another program’s installer and then configured to send keystrokes captured in an email to a test email-id. Ironically, the program used for this example was Spybot Search & Destroy [ref 10], a legitimate freeware tool that does a good job of detecting spyware. This is a good example of how other legitimate applications can also be used to install spyware, unbeknownst to the reader.

The procedure as described above is the Remote Installation feature. The information sent by email was then captured with the help of a network sniffer. For ease-of-use, Ethereal [ref 11] and the corresponding TCP stream is shown below in Figure 4 and Figure 5.

Figure 4. Ethereal captures the keylogger’s outgoing email.

Figure 5. TCP stream of Ethereal capture.

Since the content of this email is base64 encoded, the actual output can be seen only after decoding it with a base64 decoder. After passing the output through a base64 decoder, the part of the output of significance is shown as follows:

Tuesday, 28 December Iexplore.exe, 12:11 AM Paladion Networks: The Internet Security Architects – Microsoft Internet Explorer sachin.shetty sachin123 [PASSWORD CAPTURED: sachin123]

It can be seen that the email-id (sachin.shetty) and the password (sachin123) are captured. Similarly, the keylogger can be used to capture all types of passwords including passwords used for proxies, email accounts, and online banking applications. It can also capture programming code typed by a developer, instant messaging text, and the URLs of websites visited by the user.

New approaches

With the market being inundated with new anti-spyware products, spyware creators have now resorted to unorthodox methods of sustenance. One such example is the nasty ability of the spyware code to keep reinstalling itself. Although anti-spyware applications can remove the spyware’s registry entry from one location, most of them are found lacking in cleaning hidden registry entries that try to have the software reinstalled on boot. Another approach is to make the spyware application load into memory very early in the boot process (before the Operating System loads user-level processes). In this case, when a user tries to uninstall the software with an anti-spyware application, the OS will not allow this as it tries to protect the integrity of a running program (spyware) that it doesn’t control. [ref 12]

Detection and removal

A spyware application is inherently very different in behavior and operation from a traditional virus or a worm, and therefore to most antivirus software, it may appear as a legitimate program. The fact is, virus signatures are very different from spyware signatures. Firewalls also are ineffective in dealing with them as spyware is either piggybacked with legitimate applications, hidden in a regular image file, or can occur as normal port 80 web traffic.

Therefore, the essence of any spyware prevention exercise is first to ensure the operating system is fully patched to known vulnerabilities. The best prevention, aside from switching to less vulnerable operating systems like Mac OS X and Linux, is to educate users that it is not safe to click on anything and everything found on the Web, and they must also install only what is needed. Freebies on the Internet, ones which are often typically advertised in pop-up banners, must be totally abstained from. Other methods of avoiding spyware are to ensure the browser used is configured securely, and to have at least one good spyware detection and removal tool installed. Microsoft Antispyware, Ad-Aware [ref 13], PestPatrol [ref 14], and Spy Sweeper [ref 15] are some of the free tools that help in detecting and removing spyware.

Please note that spyware is largely, but not exclusively, a problem with Microsoft’s Internet Explorer. The user of more modern, feature-rich browsers such as Mozilla Firefox can virtually eliminate the spyware problem altogether. However, it is still the case that some websites are coded to only work with IE, and therefore switching to Firefox may not be a solution for 100% of a user’s web surfing needs.

Preventing keystroke capture

Since this article has looked at keyloggers, it was found worthwhile to include a section on how to avoid keystroke capture. Keyloggers, both hardware and software, are basically designed to capture what a user types on the keyboard. On the web application side, one method to avoid keystroke capture is to use a virtual keyboard for entering the username and password. A virtual keyboard is analogous to a graphical keypad where a user clicks on the characters rather than types them on the keyboard. This approach may not be practical for every user, for obvious reasons. However, it can be still be useful for very sensitive applications. Note however that even this approach is not completely secure, as some keyloggers are designed to capture screenshots on every mouse-click. Thus, the password of the user can still be found out when a virtual keyboard is used by looking at the screenshots and getting all the characters clicked corresponding to the mouse click. To avoid this, some virtual keyboards also have a feature that allows a user to enter a character by hovering the mouse cursor over a letter for a few seconds. Thus the user can enter the password without even clicking the mouse button. An example of a virtual keyboard is shown below in Figure 6.

Figure 6. A virtual keyboard.

Another method of avoiding keystroke capture is to ask the user to enter the characters of the password randomly. For example, an application can ask the user to enter the 1st, 3rd and 5th (odd placed) characters of the password and then the characters in the even places. However this sequence has to change every time or else anyone capturing the password can easily reconstruct the original password — and additionally, the application must support this approach. The disadvantage of this method is that the keylogger still captures all the characters in the password and the malicious person can easily crack it by simply trying different combinations.

Anti-keylogging software

To prevent keyloggers on the desktop level two types of anti-keylogging software is available from various vendors:

1. Signature based anti-keylogger. These are applications that typically identify a keylogger based on the files or DLLs that it installs, and the registry entries that it makes. Although it successfully identifies known keyloggers, it fails to identify a keylogger whose signature is not stored in its database. Some anti-spyware applications use this approach, with varying degrees of success.
2. Hook based anti-keyloggers. A hook process in Windows uses the function SetWindowsHookEx(), the same function that hook based keyloggers use. This is used to monitor the system for certain types of events, for instance a keypress/mouse-click — however, hook based anti-keyloggers block this passing of control from one hook procedure to another. This results in the keylogging software generating no logs at all of the keystroke capture. Although hook based anti-keyloggers are better than signature based anti-keyloggers, note that they still are incapable of stopping kernel-based keyloggers.

Summary

With the vast proliferation of spyware in recent years, there has been a growing list of websites and malicious users trying to cash in by installing keyloggers and stealing personal information. Identity theft has become rampant.

The need of the hour is to be aware of such common practices in spyware, and recognize it for what it is: malicious code that should always be avoided. The first step in evaluating ways to combat spyware should be to consider an alternate Web browser, such as Firefox, Safari, Opera, and others. If this is not possible, then steps to detect, combat and remove keylogging spyware must always be taken.

The tutorial actually uses a command nothing else, it’s just a prank you can play it with your friend…….
1) Right click on desktop, and then go New, then Shortcut.

2) Then in the “type location of the item” you want to type:
%windir%\system32\shutdown.exe -s -t 60 -c “Learn Hacking At Hak9.Com”

Send It your freind using any of the messenger like Yahoo!, MSN etc. etc

I would prefer sending it in a zip file.
You can replace “Learn Hacking At Hak9.Com” with your own message and “60″ is the amount of time the victim will recieve on its computer screen, within which the computer will shutdown.

To make t more attractive:
*Rename it like game, porn depending on the age.
*replace its icon with an attractive icon, you can find icons on the web(refer to the previous article google searches hacking to find the icon)

Countermeasures:
1) open up run, by going to start and clicking on run…
2) type shutdown -a and hit enter.

Google is a powerful search engine that hackers often use it to find passwords, and confidential or sensitive documents that companies do not realize are even available to the public. Most computer people use Google, but do not know how to use all of its search parameters. The term “google hacking” is a method used by unscrupulous people to not only uncovers sensitive data, but also to expose web server vulnerabilities. Here I list several Google search parameters and examples.

The syntax “filetype:” instructs Google to search for files on the Internet with specific extensions. For example: filetype:doc site:gov confidential Google will produce all the word documents, from all the gov domains that may contain the word confidential. Another example is, filetype:pdf site:com access-list. You may use any domain type, (com, gov, edu…)

cache:

The syntax “cache:” will display the version of the web page that Google has in its cache. For Example: “cache:www.microsoft.com” will display Google’s cache of the Microsoft homepage.

intext:

The syntax “intext” searches for the words within a specific website and ignores the URLs and page titles. For example: intext:confidential will return only links to those web pages that has the search keyword ” confidential ” in its webpage.

intitle:

The syntax “intitle:” instructs Google to search for pages that contain the words behind intitle: For example intitle:index of master.passwd will return pages within Unix or Linux where the master.passwd files are. /etc/passwd “allintitle:” will produce a list of all words in the title. Google will ignore the slashes.

intitle: examples:

intitle:”Index of” .sh_history
intitle:”Index of” .bash_history
intitle:”index of” passwd
intitle:”index of” people.lst
intitle:”index of” pwd.db
intitle:”index of” etc/shadow
intitle:”index of” spwd
intitle:”index of” master.passwd
intitle:”index of” htpasswd
intitle:”index of” members OR accounts
intitle:”index of” user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurl:

The syntax “inurl:” instructs Google to search for pages that contain specific words or characters included in the URL such as this inurl:windows. The results of this query will produce such pages that have the word “windows” in it. allinurl: will produces the results of URLs with all of the specified words in its query. allinurl:windows/cracks.

inurl: examples:

inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:”wwwroot/*.”
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls “restricted”

link:

The syntax “link:” will produce a list of webpages that have a link to a specified webpage. For example: link:www.hak9.com will create a Google list of websites with links to www.hak9.com.

phonebook:

The Google syntax “phonebook” searches for U.S. street addresses and phone number information. For Example: “phonebook:James+FL” will list down all names of person having “James” in their names and located in “Florida (FL)”.

related:

The syntax related: lists web pages that are “similar” to a specific web page. For Example: related:www.hak9.com will list web pages that are similar to that of Hak9′s homepage.

site:

The syntax site: instructs Google to search for keywords in a particular site or domain. For example: exchange site:microsoft.com will search for the keywords “exchange” in those web pages in all the links of the domain microsoft.com.

Thanx To Douglas…