Author: admin

Hack-O-Crack

http://hack-o-crack.blogspot.com/

Hacking the Firefox Profile Data Storage

Have you ever wondered where Firefox keeps all of the history it has remembered from your previous browsing sessions… not just URL’s but saved password, form data and certain preference values? The answer, quite simply, is inside of SQLite databases in your Firefox profile folder.
Using an open source program, SQLite Database Browser, you can not only see the structure of the individual databases but browse and, if you are so inclined, manipulate all the data in each of the tables. While this article focuses on Windows, the same basic information should apply to Linux and Mac users as well.

Viewing the Firefox Profile Data

Before getting started, make sure Firefox is closed so there are no problems with locks on any of these files.
Open SQLite Database Browser, click the open icon and navigate to your Firefox Profile. In Windows 7, the location is here:

%UserProfile%\AppData\Roaming\Mozilla\Firefox\Profiles\.default

An interesting database we will take a look at is “formhistory.sqlite”.

The reason this particular database is interesting is because it stores values you enter into form input fields such as your address, email and phone number (if you have Firefox set to keep this information).
As you can see when you open this file and browse the “moz_formhistory” table, there are loads of entries which give you a bit of insight into how this feature works. Essentially the name of the HTML field where you entered the data is stored in the “fieldname” column and the respective value in the “value” column.
Because field names such as “Email” and “Subject” are very common and likely to be across multiple sites, you may see several entries for the same “fieldname” value with different “value” values. This also explains why you can see values you entered on one site when you are filling out a form on a completely different site.

However, this information can be sensitive. For example, if I search for my credit card number (by pattern) I can find the plain text entry in this database.

If you find entries like this you want to get rid of, simply locate the respective “id” value in the Browse Data tab and click the Delete Record button, save your changes and it is gone.
This can be useful for not only clearing sensitive data, but also entries such as old email addresses or phone numbers without having to clear out all of your history.

Other Profile Databases

While there are several more SQLite databases you can take a look at (all having the .sqlite file extension), below are some which may be of interest. You can open these using the SQLite Database Browser exactly as shown above.

  • addons.sqlite = Installation information on installed add-ons. This is most likely used for keeping your installed add-ons current.
  • content-prefs.sqlite = Stores information specific to web sites and your settings. For example, the last used location on your computer to upload a file.
  • downloads.sqlite = Information about items which appear in your download items list.
  • extensions.sqlite = Information about installed add-ons. There is nothing too insightful here, but if you are looking for intricate details about an add-on, the information here may be helpful.
  • formhistory.sqlite = (covered in detail above) All non-password data which has been saved in Firefox.
  • signons.sqlite = Saved login password information. The passwords are encrypted against your master password but you can view the number of times each one has been used.

Take a look and if you find something interesting, please share.

Download SQLite Database Browser

Author Jason Faulkner is a developer and IT professional who never has a hot cup of coffee far away.
Thanks to Stupid Geek Tricks

Dual booting Winbuilder/Win7PE SE and Backtrack 5 on a USB flash drive with XBOOT

This is a quick and dirty video to show how to make a multiboot thumbdrive with XBOOT. You can also create a multiboot CD/DVD by combining other ISOs. Operating Systems loaded on mine include: Backtrack 5, Winbuilder/Win7PE SE, DBAN, UBCD4Win, TAILS, Gparted, Ubuntu 11.04, etc.

NetBIOS : Hacking into other Computers

NetBIOS Hacking-What is it?-

Net BIOS Hacking is the art of hacking into someone else’s computer through your computer. Net BIOS stands for “Network Basic Input Output System.” It is a way for a LAN or WAN to share folders, files, drives, and printers.

-How can this be of use to me?-

Most people don’t even know, but when they’re on a LAN or WAN they could possibly have their entire hard drive shared and not even know. So if we can find a way into the network, their computer is at our disposal.

-What do I need?-

Windows OS
Cain and Abel (http://www.oxid.it/)

-[Step 1, Finding the target.]-
So first off we need to find a computer or the computer to hack into. So if your plugged in to the LAN, or connected to the WAN, you can begin. Open up Cain and Abel. This program has a built in sniffer feature. A sniffer looks for all IP addresses in the local subnet. Once you have opened up the program click on the sniffer tab, click the Start/Stop sniffer, and then click the blue cross


Another window will pop up, make sure “All host in my subnet” is selected, and then click ok.


It should begin to scan


Then IP’s, computer names, and mac addresses will show up.
Now remember the IP address of the computer you are going to be breaking into.
If you can’t tell whether the IP address is a computer, router, modem, etc, that’s ok.
During the next step we will begin our trial and error.




-[Part 2, Trial and Error]-

 

Now, we don’t know if we have our designated target, or if we have a computer or printer, or whatever else is on the LAN or WAN.
If you did get the IP of the target though, I still recommend reading through this section, for it could be helpful later on.

Click on the start menu and go to run, type in cmd, and click ok.
This should bring up the command prompt.
From here we will do most of the hacking.
Now I will be referring to certain commands that need to be inputted into the command prompt.
I will put these commands in quotes, but do not put the quotes in the code when you type it into the prompt.
I am only doing this to avoid confusion.
Let’s get back to the hacking.
Type in “ping (IP address of the target).” For example in this tutorial, “ping 192.168.1.103.”
This will tell us if the target is online.
If it worked, it will look something like this (note, I have colored out private information):

If the target is not online, either switch to a different target, or try another time. If the target is online, then we can proceed.

-[Part 3, Gathering the Information.]-
 
Now, input this command “nbtstat –a (IP address of target).” An example would be “nbtstat –a 192.168.1.103.”
This will show us if there is file sharing enabled, and if there is, it will give us the: currently logged on user, workgroup, and computer name.
 

Ok, you’re probably wondering, “What does all this mean to me?” Well, this is actually very important, without this, the hack would not work. So, let me break it down from the top to bottom. I will just give the first line of information, and then explain the paragraph that follows it.

The information right below the original command says: “Local Area Connection,” this information tells us about our connection through the LAN, and in my case, I am not connected through LAN, so the host is not found, and there is no IP.

The information right below the “Local Area Connection,” is “Wireless Network Connection 2:” It gives us information about the connection to the target through WAN. In my case I am connected through the WAN, so it was able to find the Node IpAddress. The Node IpAddress is the local area IP of the computer you are going to break into.

The NetBIOS Remote Machine Name Table, give us the workgroup of our computer, tells us if it is shared, and gives us the computer name. Sometimes it will even give us the currently logged on user, but in my case, it didn’t. BATGIRL is the name of the computer I am trying to connect to. If you look to the right you should see a <20>. This means that file sharing is enabled on BATGIRL. If there was not a <20> to the right of the Name, then you have reached a dead end and need to go find another IP, or quit for now. Below BATGIRL is the computers workgroup, SUPERHEROES. If you are confused about which one is the workgroup, and the computer, look under the Type category to the right of the < > for every Name. If it says UNIQUE, it is one system, such as a printer or computer. If it is GROUP, then it is the workgroup

-[Step 4, Breaking In]-

Finally it’s time.
By now we know: that our target is online, our target has file sharing, and our target’s computer name.
So it’s time to break in.
We will now locate the shared drives, folders, files, or printers. Type in “net view \(IP Address of Target)”
An example for this tutorial would be: “net view \192.168.1.103”


We have our just found our share name. In this case, under the share name is “C,” meaning that the only shared thing on the computer is C. Then to the right, under Type, it says “Disk.” This means that it is the actual C DISK of the computer. The C DISK can sometimes be an entire person’s hard drive.

All’s that is left to do is “map” the shared drive onto our computer. This means that we will make a drive on our computer, and all the contents of the targets computer can be accessed through our created network drive. Type in “net use K: \(IP Address of Target)(Shared Drive). For my example in this tutorial, “net use K: \192.168.1.103C.” Ok, let’s say that you plan on doing this again to a different person, do u see the “K after “net use?” This is the letter of the drive that you are making on your computer. It can be any letter you wish, as long as the same letter is not in use by your computer. So it could be “net use G…,” for a different



As you can see, for my hack I have already used “K,” so I used “G” instead.
You may also do the same for multiple hacks.
If it worked, it will say “The command completed successfully.”
If not, you will have to go retrace you steps.
Now open up “my computer” under the start menu, and your newly created network drive should be there.



Now, if you disconnect from the WAN or LAN, you will not be able to access this drive, hence the name Network Drive.
The drive will not be deleted after you disconnect though, but you won’t be able to access it until you reconnect to the network.
So if you are doing this for the content of the drive, I recommend dragging the files and folders inside of the drive onto your computer,
because you never know if the target changes the sharing setting.
If you are just doing this to hack something, then go explore it and have some well deserved fun!

Congratulations! You’re DONE!

-Commands used in this tutorial:
PING
NBTSTAT -a (IP Address of Target)
NET VIEW \(IP Address of Target)
NET USE K: \(IP Address of Target)(SHARENAME)

How to Write-Protect USB Flash Drive

Many a time, it becomes necessary for us to write protect our USB flash drive so as to protect it from viruses and other malware programs. Because flash drives are so popular and most widely used to move data between computers, they are the prime target for attackers as a means to get infections spread around the computer world. Also, since USB drive is not a Read-Only Memory (ROM), the data inside it can easily be modified or deleted by malware programs.

But unfortunately, most of the new flash drives do not come with a write-protect feature as the manufacturers wish to cut down the cost of production. Hence, the only way to write-protect your USB flash drives is to enable this feature on your own computer.
This can be done by adding a small entry to the Windows registry which acts as a switch that can be enabled to make use of the write protection or disabled to allow write access.
Just follow these steps:
1. Open the Registry Editor (Open the “Run” dialog box, type regedit and hit “Enter”).
2. Navigate to the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
3. Create a New Key named as StorageDevicePolicies. To do this right-click on Control, and click on New->Key and name it as StorageDevicePolicies.
4. Now right-click on  StorageDevicePolicies and create a New->DWORD (32-bit) Value and name it as WriteProtect.
Write-Protect USB Drive
5. Double-click on WriteProtect and set the Value data to 1.
Now the right-protection for USB drives is enabled on your computer (no restart required) and thus it would not be possible for anyone or any program to add/delete the contents from your USB flash drive. Any attempt to copy or download the files onto the USB drive will result in the following error message being displayed.
USB-Write Protect Error
To revert and remove the write-protection, all you need to do is just change the Value data for WriteProtect (Step-5) from 1 back to 0. Now write access to all the USB devices is re-enabled.
Sometimes it may seem difficult to remember and follow the above mentioned steps each time you want to enable/disable the write protection.

Converting Firefox Into Keylogger

Without any programming knowledge do you want create your own working undectable keylogger with the help of this pc tricks. Do you know firfox Mozilla save the user name and password in keylogger without user’s consent. Before starting this PC trick we must know that what is keylogger and how it work?
Whenever you login into any website using mozilla firefox browser it always ask’s you whether you want to Save password or not for that website.

In this PC tricks we will be using a script that will not give the user option to save the password instead it will automatically save the passwords without user’s consent and we will retrieve them later.
After applying this pc trick even your antivirus can not detect these file. The files of keylogger are totally undetectable.

This PC trick is working on almost all websites like facebook, hotmail, reddit and digg.But this pc trick somehow failed on Gmail.
Now I will give you the step by step tutorial on how to use this PC trick work:
1. First of all you have to download a script.Click here.

If you are using this pc trick on Windows then goto
C Drive:/Program Files/Mozilla Firefox/Components
If you are using MAC system then goto
Applications > Right click Firefox > Show Package Contents > Contents/MacOS/Components

1. Now find a file nsLoginManagerPrompter.js and copy it to somewhere safe location because we will be replacing this file in next step.

2. Extract the script folder that you have downloaded in first step and copy and paste the nsLoginManagerPrompter.js from the folder to the folder mentioned in step 2.

3. So now your firefox keylogger is ready.Now Each and every username and password will be automatically saved.

Apply this pc trick and make your own directory for the user name and password.

Spyware Basics

What is spyware?
                           A spyware is a piece of malicious code or program installed in system to monitor activities of a person. A spyware is capable of logging key strokes, it can take screen shots and if there is active Internet connection then it can even mail logs to specified email-address or transfer logs to ftp server. Beyond just monitoring it can record your computing habits including which site you browse more, at what time you prefer to be on system or amount of time you spend on computer.
spyware can be used to track all information about your social-networking habits and IRC(Internet Relay Chat) Clients including all major and minor chat clients example: Google Talk, Rediff Messenger, Yahoo Messenger, Microsoft Live Chat, absolutely every thing related to IRC client is exposed to spyware. On the basis of its commercial use and monitoring capabilities spywares are classified as follows,
On Basis Of Commercial Use: Domestic Spywares and Commercial Spywares
On Basis Of Monitoring: Key Loggers, E-mail Loggers/Chat Recorders, Screen Recorders.
Domestic Spywares: This kind of spywares are purchased and used by common people to monitor their system. Most of the times parents install this type of spyware to monitor their children or network admin or a company to monitor computing activities of their employees. The most widely and most powerful use of these spywares are done for hacking purposes only.
Example: SniperSpy, Winspy, Sentry PC, Spy Agent
Commercial Spywares: Commercial Spywares incude the services included in your Operating System and softwares to monitor event logs and crash reports. The information about software crash is anonymously sent to software vendors, also the reports about user experience, crash, memory dump etc are sent to Operating System Vendor. The only fact is that this type of spying is legal to improve product and provide better and secure service.
Example:Windows and Linux Crash Logs, Virus info in Anti-Virus program, Event Collectors etc.
Key Loggers: Key loggers are spywares specially made to record keystrokes from keyboard. Key Logging can retrieve information about bank account password, online transactions, login passwords etc.
E-mail Loggers/Chat Recorders:These spywares are used to track e-mails and chat report from your IRC. If you use e-mail client like Windows Mail or Mozilla Thunderbird etc. Then these spywares are capable of modifying internal settings to forward mails to attacker’s inbox without keeping a track in your Outbox.
Screen Recorders: Screen recorders are capable of capturing screen and send recording using minimum bandwidth. Such monitoring is done by parents on their children to protect them from online pornography.
Example:Spy Agent, Winspy, Sniper Spy

Bots And Botnets: The Basics

The word bot is derived from word RobotBots are software applications that run automated tasks over internet. Internet bots allow the host to perform click fraud, which occurs on advertising codes on websites to fraud advertisers for money. Rather than just a code a bot might be a compromised system. A compromised system in terms of hacking is known as Zombie system, in other words a zombie is nothing but a bot.

The term botnet is derived from word robot network, which is also called as Zombie Army. A botnet is huge army of zombie systems.  So if I infect any system with dark comet rat then will that system will act like bot or zombie to me. And the answer is yes and if you have several PC’s infected with your RAT server that means you will have your botnet.
botnet usually is meant for illegal activity. They can act as hidden programs that offers identification of vulnerability. Botnets can be used to perform any illegitimate activity like click fraud, password hacking, monitoring, spying, stealing information like credit card numbers, identification theft and even Distributed Denial Of Service attacks. A botnet as huge as 3000 computers is capable of performing undoubtedly untraceable hack without attacker making any extra efforts to hide traces. Bot nets are not always bad they provide search engines their capability to index a site and provide search results.

RAT (Remote Administration Tool) – IV

Prevention Against A RAT Attack
Now we are to the last part of RAT Remote Access Tool. Up till now we have covered how a RAT is created, how attackers manage to hide presence of RAT in victim’s PC and how we can manually detect and take action against presence of RAT if our Anti-Virus Program or Security suite fails to detect it. Now in this part we’ll learn how we can prevent ourselves from getting caught by a RAT attack.
As told in RAT- II attacker does some process to hide detection of RAT from Anti-Virus program but you are not fool to click on any suspected file unnecessarily. So most of the time an attacker uses Trojan vector to execute his RAT server on victim. There can be many method an attacker can use to hide his malicious code in some kinda media that can transfer it to victim, such media is known as vector. A vector is responsible for spreading of viruses worms and RATs.
A vector may be a simple image file, executable file, media file or even a website. So now lets have our look on each one by one.
Vector Image File: As stated earlier a RAT file might be very very small in size of 100kbs-200kbs only. But as we are now prone to high definition image files only whose resolution usually remains above 1800×1600 with possible better color depth making it 1MB – 3MB in size. They can store 100-200kbs information in them very easily. If an attacker want to execute RAT from vector image it appends RAT to end of Image file thus when you click on image, image opens without any problem but also invokes appended executable ultimately infecting victim’s computer. The appending is usually done via a software providing binary addition of files without change in their integrity. Now what is binary addition method to add files and how it works is beyond scope of this post. Now this kinda images are distributed by attackers using torrents and by spamming. Have you ever found an e-mail in your inbox with “Nude Pics Of Aishwarya Rai For Free(HD)”, “Katrina Kaif Nude Pics Revealed(HD)”. Now fact number one any how you always know that pics does not really exists and fact number two even if it exist then they are fake pics created using Photo editing tools like Adobe Photoshop or Gimp. Then why to make yourself eager unnecessarily. Keep yourself away from such things, these are tricks by attackers to download those high quality fake images in which they have hidden their dirty stuff.
Executable File: Many RAT clients by default offer you adding a legitimate executable file with their server code so that once the victim runs legitimate file he/she gets infected. These files are usually spread using torrents and Dark Warez sites. Dark Warez sites are those where a software is provided with its key-gen or crack executable, they are also known as pirate sites. Attackers usually bind their files in keygens and crack executable s, I think I don’t need to mention this, because if you have ever downloaded any file from such kinda site your anti-Virus might have got in form. Most people disable Anti-Virus thinking its false alarm but Anti-Virus makers are not fools to give you a false alarm on every such file downloaded from Dark Warez site. They are actually malicious and hence we find most of our college computers are always infected with malware.
Media: Media files like audio and video both can contain malcious code and wrapping against them a RAT file can never get detected since we hardly find any reduction and compromise in quality of media. People who always stay online for movies and music usually become prey to such infected media files. A better defense is always keep your media players and flash player to newest version.
Websites: Now a days many web technologies allow a web page to execute Active X contents on the visitor’s PC via browser. Browsers are per-configured to run scripts and scripting languages responsible
for execution of these Active X elements. Sites which support Java drive by and flash scripts are more likely to put you in trouble. That’s the reason why most of the time I advise to avoid flash contents on your blog because they can be exploited very easily. To avoid getting infected from websites which run malicious codes on your PC always keep your eyes on notification and keep pop-up blocker on and use some good Internet security suite.

RAT (Remote Administration Tool) – III

Counter And Defense Against RAT Attack
Welcome to the third part of The RAT tutorial and I am extremely sorry you have to wait a little more so see this article coming up. By the way in this section we ll make ourselves aware how we can counter and create a defense against RAT attack. Dear visitor if you are reading this post without reading its previous parts then I urge you to please read,
before you read this.
So as seen before RAT may use any unknown port to communicate with attacker and the best defense against any process communicating using unknown port is firewall. There are various commercial firewalls available but here are few good free firewalls that can even lead a commercial firewall bow down to its feet. Following are few good free firewall programs on basis of their ranking by customers,
1.Online Armour
2.Zone Alarm
3.Comodo Firewall
4.Private Firewall
People consider Online Armour as one of the toughest free firewall available, by the way I prefer Comodo Firewall. Comodo firewall also shows you process which are communicating, port numbers via which they are communicating and full path of process invoking executable file, here’s a view of how Comodo shows you process.
Now as we discussed in RAT – II a RAT becomes fully undetectable if he/she applies any process discussed in previous RAT post. That means if your anti-virus fails to detect it, following can be symptoms that can appear on your system which can help you identify its presence,
1.Disable Of Task Manager and Disable Of Folder Option
2.Sudden Opening And Closing Of CD/DVD-ROM
3.Blue Screen Of Death or Just Blue Screen
4.High Bandwidth Consumption
5.Sudden Open Of Web Pages
6.Pop Ups
7.Change Of Wallpaper
8.Disappear Of Mouse Arrow, Start Button and Task Manager
If you find any of the above things happening on your PC its time to manually check your system for RAT. But as I told you before RAT server may hide in known processes or may even use only known ports to communicate with attacker so detection would not be easy. Here we’ll learn step by step approach how you can manually detect its presence.
As told earlier a RAT can hide it self in process space of another process like explorer.exe, iexplorer.exe, scvhost.exe, services.exe. Open your firewall and check out if explorer.exe or services.exe are communicating with remote host. If yes then you are infected because these processes never communicate with any remote host. Now the process that communicate are svchost.exe and iexplorer.exe.
To find out whether iexplorer.exe is communicating with remote host as client to installed RAT server close Internet Explorer, wait for 5-6 seconds and see if its communicating then you are infected. Now if attacker has configured to close connection as soon as Internet Explorer(IE) closes you will not be able to detect its presence in firewall, in this case you have to keep yourself prepared by watching how much memory IE takes while opening www.google.com leave IE like that and open “Task Manager” by typing taskmgr.exe in RUN window. Keep your eye on memory consumption(not CPU consumption) of IE if it fluctuates even after 1 minute then you can be sure you are 100% infected.
What if attacker decides to hide process in scvhost.exe? In this case open firewall and watch for ports with which svchost.exe is communicating. Make sure port numbers should be 53 or 443 on remote host in listening mode only, if not then you are infected. Now if attacker has planted port number 53 or 443 in RAT for communication with svchost.exe then how you gonna detect. Now here you’ll need a little technical brain, a scvhost.exe process runs in three modes,
System Mode: Which never communicates with internet
Local Mode: Which never communicates with internet
Network Mode: Which communicates with internet.
All three modes run as different processes with different process IDs. Now the Network Mode scvhost.exe runs as network service, so open taskmgr.exe and locate scvhost.exe where username is Network Service now note process ID, disconnect from network and wait for 1-5 minute monitoring that process memory consumption. You have to wait for 5 minutes just because even after disconnecting scvhost.exe does not settle down network and hence memory usage appears fluctuating for long time. Once memory usage becomes stable then wait for sometime and monitor it for memory usage fluctuation, it should not be above 2 MBs.
Now above were manual method to identify presence of RAT in your system if your Anti-Virus and even malware detection software fails to detect RAT. So far as my view is concerned Norton, Avast Professional, Avira and AVG professional are best Security Suites available to tackle all kind of software based threats and malware. And if you use your system for critical purposes then you are the fellow who is in very much need of “Black Ice Defender”. It is awesome piece of code written specially to avoid any kind of intrusion on your system.

The RAT (Remote Administration Tool) – II

Why RAT’s Don’t Get Detected
 
So we are back to the second part of The RAT Remote Administration Tool. In this section we will learn how an attacker manages to hide a RAT in victim’s computer, if you are new visitor or you haven’t read the first part I urge you to please go through previous post on The RAT before you read this.
 
Before we proceed I want to tell you there’s no RAT tool available whose server can not get detected by an Anti-Virus program. At practical level every Anti-Virus program can detect RAT developed by all possible free as well as commercially available RAT developing tools. Then how an attacker manages to implement an attack on you. Following may be the reasons, why you may become victim to his/his attack,
 
  1. Your Anti-Virus Sucks
  2. The attacker has created his/her own RAT client
  3. He had got a custom RAT client from RAT client vendor
  4. Applied Hex-editing on his RAT server EXE
  5. Attacker has used crypt or
 
As I always tell you hacking evolves by fractions of minutes to fractions of seconds, RAT clients also gets updated and hence your Anti-Virus too needs to be updated. If you don’t update it means you are inviting more and more troubles than just RAT, always update your Anti-Virus programs or let its auto-update option enabled. In any other case than this if your Anti-Virus fails to detect RAT it means it is total crap UN-install it and use some another Anti-Virus program.
 
The second case is the attacker is master programmer and he/she has used his/her master programmer skill to develop a new custom RAT client. Since the code is new, no Anti-Virus will have its definition ultimately making it Fully UN-Detectable (FUD). It is really very hard to keep yourself safe from such kinda RAT since it is hard to detect before damage is done.
 
Some vendors also offer custom RAT clients for special price, again due to its code being new any Anti-Virus program will hardly have its definition and hence even this works. Next is hex-editing, it is one of the most difficult thing to do for changing signature of the RAT server(our virus) file. So far as I know it is really very difficult and attacker must be having powerful hand over understanding different number systems and machine level codes, also it is very time consuming process. If you want to know how it is done then Rahul Tyagi has offered a pro tutorial on his blog www.salienthacker.in on hex-editing.
 
Last is one of the most easiest methods and due to which a VIRUS code becomes Fully Undetectable. The use of crypt-or software avoids the job of recoding and hex-editing and mutates the signature of virus file in such a way that it works fine but its code generates different signature which is not anyhow matches the previous signature, thus making is undetectable.
 
Other factor that leads to hide RAT in your system is process space sharing. In this the RAT server file shares process space of system processes or well known process like,
explorer.exe
svchost.exe
services.exe
 
And the last factor that let them do their job is port number. Many RAT clients will use regularly used port numbers to establish connections like HTTP port 80, HTTP proxy port 8080, FTP port 21 and uses any kinda connection may it be TCP or UDP.
 
So above are some reasons why a RAT server doesn’t get detected when all codes are available to Anti-Virus vendors. So the next time we meet we’ll discus how you can prevent yourself from a RAT attack.

Catching a cheating spouse

http://tomphillips.blogspot.com/

Cheating Spouse? Easy ways to catch him/her.

Cheating Spouse

To catch a cheating spouse you need to put on your best Hollywood performance.

As one spouse put it, “It was extremely important that I pretend that absolutely nothing was wrong. I didn’t ask questions I normally wouldn’t. Didn’t let my tone or body gestures give off any clue that I suspected something.”

Many do-it-yourself investigators unknowingly sabotage their own infidelity investigations by suddenly becoming interrogators of their spouses. Once a cheating spouse senses you are on to them then if they have any intelligence at all they take extra precautions to make sure they aren’t caught. This will only slow down your investigation.

Here’s what you can do instead of drilling your cheating spouse with lots of questions, just start keeping a log book of everything he/she does. Write down the suspicious incidents including date, time, place and who the spouse was supposed to be with. Keeping a journal helps you analyze the information easier and uncover patterns you would miss otherwise.

An added benefit of keeping a journal is that liars have bad memories but a journal doesn’t. So if your spouse says he went out bowling last night with two guys from the office, casually ask him about it again in two weeks and see if he supplies the same information. Chances are if he wasn’t really bowling he may tell you that was the night he was at the baseball game.

If you don’t have the patience to keep an on-going journal, then check out the 11 different traps profiled in the Cheating Spouse Traps Guide available at http://CheatingSpouseTraps.com and discover right now how you can easily get concrete evidence of what your spouse is doing behind your back.

How to Hide Your IP Address Online

Every computer on the Internet has a unique IP address allotted to it which makes it possible to trace it back to its exact location. However, there are ways to hide IP address online! In this post, I will discuss some of the popular ways to hide your IP address so that your identity and privacy are kept safe.
How to Hide Your IP?

Following are some of the most common ways to hide IP address on the Internet:

1. Using a VPN Proxy – Safe and Secure Way to Hide IP

Using a trusted VPN proxy service is by far the best way to conceal your IP address online. Here is a list of most popular VPN services that will hide your IP address:

  1. Hide My Ass VPN – Hide My Ass is one of the most popular and trusted VPN service that allows people to easily conceal IP address and protect their online privacy.
  2. VyprVPN – VyprVPN offers the world’s fastest VPN services that allows people to easily conceal their real IP.

Following are some of the advantages of using a VPN to hide your IP address:

  • In addition to hiding your IP, a VPN is very fast, offers high performance and encrypts all your web traffic to keep you safe from hackers and intruders.
  • You have a long list of countries and states to select your desired IP address location.
  • By selecting an IP address of your choice, a VPN allows you to easily access restricted websites that are not available for your country.

Why Hide IP Address?

Following are some of the reasons why people want to hide their IP address:

  1. By hiding the IP address, one can browse anonymously.
  2. To access websites that are not available to the IP address of a particular Geo location.
  3. To stay safe from hackers by showing a fake IP to the outside world while keeping real IP concealed.
  4. Hiding IP means hiding Geo location.
  5. Hiding IP prevents leaving a digital footprint.

2. Web Based Proxies

This is another popular way to quickly hide IP address on the Internet. Following are some of the popular web based proxies to conceal your IP address:

  1. www.proxysite.com
  2. www.newipnow.com
  3. www.filterbypass.me

The downside of using these free proxy services to mask your IP address is that most of them are overloaded and are too slow to use. In addition, your security and privacy may get compromised during the usage.

Hacking Phone or PC remotely with Remote Keyloggers

Because the keylogger is mightier than the sword
In this tutorial, we’ll attempt to remotely install a keylogger. This one is actually quite basic, so without further ado, let’s begin.
Fire up Metasploit and let’s get started. Like before, we’re assuming that the system has already been broken into and we have the meterpreter session.
Step 1: Find a program.
The way the keylogger in Meterpreter works is, you have to attach it to a running program. Say for example, we find that the victim’s computer is running an internet browser, a game and MS Word. Clearly there’s two items of interest in there. We can attach the keylogger to the browser or MS Word to get whatever’s being typed in these two applications. So, first we check what all processes are running on the target system using the following command:
meterpreter >ps
Usually you’ll get a very long list of items. The two columns we’re interested in are PID (Process ID) and process name. For this step you may want to google up the names of some processes to see which programs they belong to or if you find the ones you know of, like chrome.exe (Google Chrome) or notepad.exe then you can use these. We need to migrate meterpreter to the corresponding PID. Suppose we found wordpad.exe at PID=1440
meterpreter > migrate 1440
You should see a message “Migration completed successfully”.
Step 2: Start the Keylogger
Now we can embed the keylogger into the program.The Meterpreter keylogger is a built-in feature called keyscan. We can start it up by the following command:
meterpreter> keyscan_start
This should successfully attach the keylogger to our preferred program and the keylogging will start immediately.
Step 3: Dump the logged Keystrokes
So, in the previous step we hooked up a keylogger to the WordPad application running on our victim’s computer. It’ll keep running until we tell it to stop (or the victim shuts down the computer). We can recover whatever the keylogger has logged by the following command. You might want to wait a while, maybe grab a snack while the keylogger is running on the system just to give it enough time to log something. It’s pretty much hit and trial since we don’t know when the victim is going to choose the application we’re keylogging and type something in it. They could be typing in it just as we hooked up the keylogger or they may not use the application for hours.
meterpreter> keyscan_dump
If all went great and the victim actually typed something in our chosen application meterpreter will print out everything in our command shell. You could try using different applications to get different results. Obviously you’ll not get anyone’s passwords by keylogging WordPad whereas chrome.exe and firefox.exe are much more likely to give us something of more interest.