Hide exe into Image

Hide exe Files into Image

This is a good trick to hide your exe files into a jpg file..!
How about sending a trojan or a keylogger into your victim using this trick..?  Here this Hiding exe in image id called Binding.

This can be done using software and also manully via Dos.So ,here we are going to do this using Dos.

Do the following steps as explained:

1) Firstly, create a new folder and make sure that the options 'show hidden files and folders' is checked and ‘hide extensions for known file types’ is unchecked.Basically what you need is to see hidden files and see the extension of all your files on your pc.

2) Paste a copy of your server on the new created folder. let's say it's called 'server.exe' (that's why you need the extension of files showing, cause you need to see it to change it )

3) Now you’re going to rename this 'server.exe' to whatever you want, let’s say for example 'picture.jpeg'

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this 'picture.jpeg' in the same folder.

6) Now that you have a shortcut, rename it to whatever you want, for example, 'me.jpeg'.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

8) First of all delete all the text on field 'Start In' and leave it empty.

9) Then on field 'Target' you need to write the path to open the other file (the server renamed 'picture.jpeg') so you have to write this :- 'C:\WINDOWS\system32\cmd.exe /c picture.jpeg'  .Hope every CHC(Chennai Hackers Connect) member understanding it.

10) The last field, 'c picture.jpeg' is always the name of the first file. If you called the first file 'soccer.avi' you gotta write 'C:\WINDOWS\system32\cmd.exe /c soccer.avi'.

11) So what you’re doing is when someone clicks on 'me.jpeg', a cmd will execute the other file 'picture.jpeg' and the server will run.

12) On that file 'me.jpeg' (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :- %SystemRoot%\system32\SHELL32.dll . Then press OK.

13) You can set the properties 'Hidden' for the first file 'picture.jpeg' if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to 'picture2.jpeg' and the shortcut to 'picture1.jpeg'.This way the shortcut will show up first. If you set hidden properties to the server 'picture.jpeg' then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.

16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) Inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.

Pangolin Automated SQL injection

Automated SQL injection with pangolin- Tutorial+Application

Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool for Website manager or IT Security analyst. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or users specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.



Test many types of databases

Your web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.

Pangolin supports all of them.

Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall setting, Injection Digger, Data dumper, etc.


DOWNLOAD TUTORIAL

Download here

Use internet without browser

Surf on the internet without Browser

Hello CHC(Chennai Hackers Members), now can surf on the internet without any actual browser. Have you ever been find yourself sitting in front of some computer where Internet Explorer or Firefox was blocked and restricted from installing any software? If that PC is running Windows XP,  then there is chance for you to still surf on the Internet. Just follow this:
Open Calculator, Start> Program Files> Accessories> Calculator, or press Windows+R and type ‘calc’ in the run box, click OK. In Calculator, go to Help> Help Topics.Right click on the left hand side of the title bar and click on ‘Jump to URL’. 
Type in the URL and make sure include the ‘http://’ at the beginning.

Basically what you are looking at is Internet Explorer 6 inside a help window, but this version of program isn’t quite smart. This was tested in Windows XP SP2 with Internet Explorer 6 and I’m not sure whether it will works in Internet Explorer 7 installed computer.

Feel free to comment 

Enjoy.

CRACK THE HASH CHALLENGE

FIND THE HASH AND CRACK

Hello CHC(Chennai Hacker Connect) members .As previous challenge was our first one ,we made it so simple and many of them cracked successfully.But this challenge gonna be a bit difficult than the previous one.


Top five crackers name and id will be displayed on CHC(Chennai Hacker Connect) FB page.


Note :Don't forget to comment answer with your FB id or mail id

CRACK THE HASH:

c132d0663ed992e42fa61328eac71aeef47330c0

HACK PASSWORD USING HTTP SESSION HIJACKING

HACK PASSWORD'S USING HTTP SESSION HIJACKING (Cookie Stealing)

Hi CHC(chennai hackers connect) members,sry for no posts for long time .We are quite busy with developing hacking tool. This method is a bit less known but in recent months it has become widely popular due to the introduction of the software 'FIRESHEEP'. When you log in to your account at a website, your web browser sends your username and password to the website server. The password is first encrypted and then send over the network. Then the server checks the username and password against the database and if they both match then sends to the user's browser a "cookie" (a text which the browser uses for further requests to the web server) but unlike the password the cookies are not encrypted and are sent as it is over the network, this cookies can be easily captured as they travel through the network or a busy WI-FI. The newly released Firefox extension "FIRESHEEP" makes it more easy. Actually so easy that even a total nube can capture this cookies. 

FIRESHEEP TUTORIAL (Http Session Hijacking)

Firesheep a Firefox addon has recently become very popular for easily carrying out a HTTP session hijacking attack. Http session hijacking attack can't be considered as a very sophisticated attack but needs some technical knowlegde to be performed . But Firesheep makes the attack a child's play. Firesheep was developed by Eric butler for Firefox, it was released at Toorcon 12 to demonstrate how serious cookie stealing can be.
Now lets understand how Firesheep actually works. When you provide your username and password in login forms of different website and submit it, the browser first encrypts the password and then sends it over the network. The corresponding website compares the information against its internal database and if they match, it sends a cookie(a small text file) to your browser. The browser saves this cookie and uses it to authenticate the user on the website every time the user opens a different page of the website. When the user logs out of his account the browser just deletes the cookie. Now the problem is that this cookies are not encrypted before sending over the network, due to this a hacker can capture this cookies and using them authenticate himself as the user from whom the cookie was stolen.
Now lets see how to use Firesheep.

Step 1) 

First download and install WinPcap (WinPcap in Windows is used for capturing network traffic.)
            You can use Pcap in libPcap library for unix like systems.
            DOWNLOAD WinPcap

Step 2) 

Download and open Firesheep in Firefox, it will automatically install it. Or just drag it and place it
             over Firefox shortcut (Firesheep at this instant is not supporting Firefox 4 ).
             DOWNLOAD Firesheep. 

Step 3) 

After it is installed, in Firefox go to View -->Sidebar --> Firesheep. A side bar will appear in the browser with a button "start capturing", press it and sit back. In few seconds you will see account details with photos of the target. Click on one of it and you will directly enter in his account. Simple as that.

(Note:- Using Firesheep to hijack others account is illegal under wiretapping Act.)

PERSONAL NOTE:- The addon Firesheep had become very popular recently so software Blacksheep was developed which stops Firesheep.