Free Hosting & Free Domain

Monday, August 31, 2009

1. Open :- http://www.justhost.com

2. Click the Big Red "Sign Up Now!" button in the middle of the site on the home page 
 
3. Now put in whatever you want your Domain Name (.com/.net/.org/etc...) to be

4. Now Here's The awesome part, in the coupon code field, you'll see
DOMAIN4LIFE
. Change that to :
TEMPLATEMONSTER
and then hit continue..  
 
 
5.now go back.. 
 
 6. Enter new coupon code

"DOMAIN4LIFE"
and then hit continue.. 
  
7. Now all you need to do now is enter in CC info and your "$0.00/24Months" subscription package is good to go! (:<
This offer will not work with paypal )-: !
 
 
 

Hacking WEP Wifi Passwords

Sunday, August 30, 2009

Basic Entry into a WEP Encrypted Network

1. Getting the right tools

Download Backtrack 3. It can be found here:

http://www.remote-exploit.org/backtrack_download.html

The Backtrack 4 beta is out but until it is fully tested (especially if you are a noob) I would get the BT3 setup. The rest of this guide will proceed assuming you downloaded BT3. I downloaded the CD iso and burned it to a cd. Insert your BT3 cd/usb drive and reboot your computer into BT3. I always load into the 3rd boot option from the boot menu. (VESA/KDE) You only have a few seconds before it auto-boots into the 1st option so be ready. The 1st option boots too slowly or not at all so always boot from the 2nd or 3rd. Experiment to see what works best for you.

2. Preparing the victim network for attack

Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.
Type:

airmon-ng

You will see the name of your wireless card. (mine is named "ath0") From here on out, replace "ath0" with the name of your card.
Now type:

airmon-ng stop ath0

then type:

ifconfig wifi0 down

then:

macchanger --mac 00:11:22:33:44:55 wifi0

then:

airmon-ng start wifi0

What these steps did was to spoof (fake) your mac address so that JUST IN CASE your computeris discovered by someone as you are breaking in, they will not see your REAL mac address. Moving on...
Now it's time to discover some networks to break into.

Type:

airodump-ng ath0

Now you will see a list of wireless networks start to populate. Some will have a better signal than others and it is a good idea to pick one that has a decent signal otherwise it will take forever to crack or you may not be able to crack it at all.
Once you see the network that you want to crack, do this:

hold down ctrl and tap c

This will stop airodump from populating networks and will freeze the screen so that you can see the info that you need.

**Now from here on out, when I tell you to type a command, you need to replace whatever is in parenthesis with what I tell you to from your screen. For example: if i say to type:
-c (channel)
then dont actually type in
-c (channel)
Instead, replace that with whatever the channel number is...so, for example you would type:
-c 6
Can't be much clearer than that...lets continue...

Now find the network that you want to crack and MAKE SURE that it says the encryption for that network is WEP. If it says WPA or any variation of WPA then move on...you can still crack WPA with backtrack and some other tools but it is a whole other ball game and you need to master WEP first.

 
Once you've decided on a network, take note of its channel number and bssid. The bssid will look something like this --> 05:gk:30:fo:s9:2n
The Channel number will be under a heading that says "CH".
Now, in the same Konsole window, type:

airodump-ng -c (channel) -w (file name) --bssid (bssid) ath0

the FILE NAME can be whatever you want. This is simply the place that airodump is going to store the packets of info that you receive to later crack. You don't even put in an extension...just pick a random word that you will remember. I usually make mine "wepkey" because I can always remember it.

**Side Note: if you crack more than one network in the same session, you must have different file names for each one or it won't work. I usually just name them wepkey1, wepkey2, etc.

Once you typed in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked "IV" with a number underneath it. This stands for "Initialization Vector" but in noob terms all this means is "packets of info that contain clues to the password." Once you gain a minimum of 5,000 of these IV's, you can try to crack the password. I've cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made the password.

Now you are thinking, "I'm screwed because my IV's are going up really slowly." Well, don't worry, now we are going to trick the router into giving us HUNDREDS of IV's per second.

3. Actually cracking the WEP password

Now leave this Konsole window up and running and open up a 2nd Konsole window. In this one type:

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0
 
This will send some commands to the router that basically cause it to associate with your computer even though you are not officially connected with the password. If this command is successful, you should see about 4 lines of text print out with the last one saying something similar to "Association Successful :-)" If this happens, then good! You are almost there. Now type:

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0
 
This will generate a bunch of text and then you will see a line where your computer is gathering a bunch of packets and waiting on ARP and ACK. Don't worry about what these mean...just know that these are your meal tickets. Now you just sit and wait. Once your computer finally gathers an ARP request, it will send it back to the router and begin to generate hundreds of ARP and ACK per second. Sometimes this starts to happen within seconds...sometimes you have to wait up to a few minutes. Just be patient. When it finally does happen, switch back to your first Konsole window and you should see the number underneath the IV starting to rise rapidly. This is great! It means you are almost finished! When this number reaches AT LEAST 5,000 then you can start your password crack. It will probably take more than this but I always start my password cracking at 5,000 just in case they have a really weak password.

Now you need to open up a 3rd and final Konsole window. This will be where we actually crack the password. Type:

aircrack-ng -b (bssid) (filename)-01.cap

Remember the filename you made up earlier? Mine was "wepkey". Don't put a space in between it and -01.cap here. Type it as you see it. So for me, I would type wepkey-01.cap
Once you have done this you will see aircrack fire up and begin to crack the password. typically you have to wait for more like 10,000 to 20,000 IV's before it will crack. If this is the case, aircrack will test what you've got so far and then it will say something like "not enough IV's. Retry at 10,000." DON'T DO ANYTHING! It will stay running...it is just letting you know that it is on pause until more IV's are gathered. Once you pass the 10,000 mark it will automatically fire up again and try to crack it. If this fails it will say "not enough IV's. Retry at 15,000." and so on until it finally gets it.
 
If you do everything correctly up to this point, before too long you will have the password! now if the password looks goofy, dont worry, it will still work. some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in for their password. Sometimes, though, the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. It doesn't matter either way, because you can type in either one and it will connect you to the network.

Take note, though, that the password will always be displayed in aircrack with a colon after every 2 characters. So for instance if the password was "secret", it would be displayed as:
se:cr:et
This would obviously be the ASCII format. If it was a HEX encrypted password that was something like "0FKW9427VF" then it would still display as:
0F:KW:94:27:VF
Just omit the colons from the password, boot back into whatever operating system you use, try to connect to the network and type in the password without the colons and presto! You are in!

It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will get very quick with it. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.

I am not responsible for what you do with this information. Any malicious/illegal activity that you do, falls completely on you because...technically...this is just for you to test the security of your own network. :-)
 


Alternative to Binding!

OK, So when i ever want to bundle my virus with a real application to make it slightly more stealthy, Instead of using a binder, i use a install maker or self extracting archive. With binders you have to make sure for 100% FUD-ness that not only your virus is UD but your binder is as well, if it sent then you mite have to go a step further and get a up to date cryptor. All in all that can be quite a pain, So Here is The alternative, One is with the popular archive software winrar, the other is a more overall useful tool.

Winrar

So Where going with winrar? Nice and simple but id go for the other way. So first Highlight all the files/folders you want to be placed in your virus, now from the next menu select "Create SFX volume, Now go to the advanced options tab and select SFX options.

Now You should be in the general tab, where you can select the path to extract, Below you can then determine what file you want ran after or before the archive has been extracted, Now select the Mode tab, and then check Hide all, as we don't what anyone seeing what were doing now do we? Lastly with is optional we can go to the text and icon tab and select an icon.

Now select ok and ok again on the previous window to make your sfx volume!
________________________________________________________________________________​___

Smart install maker [SIM]

Now in my opinion the best way to go is this way, you have to install some software and use a serial key from online but trust me its a lot better. Google and download the trial of smart install maker, once installed, Use the following key and username for the full version, with the free one you get a prompt saying made with SIM installer.

Key: KVZEC-0U5WH-2RZRB-4OVM4-DRPFL
User: tnenad

Now when its done we can start our project. Select the files tab on the left hand side, Import all your files, if you want to go stealthy and include a real app then do so ill tell you how to run your virus in the background and the app normally later. Now select the Dialogs tab, and check silent installation, then below you can set the default installation dir, if your files are set to go to the install folder then that's where they will go.

In the interface tab we can select the icon, again if we want to make our app look like the real one. Now lastly go to the commands tab, select the green plus icon. Next to the command text box is icon, select it and select your virus file, Then run as: hide and after after unpacking. So now our dirty work gets ran in the background, do the same again for your real app that you want to show, but run as normal instead of hide.

Now select the build button, next to the green box with a white play arrow on it it. then its made in the C:\setup\ folder.
________________________________________________________________________________​___

So that's how we get around binding.

Reap Profits from Phishers

Okay, so we will be using this guide to reap the profits of other peoples phishers! First what we wanna do is type
"ripway inurl:login.php" in google and hit enter. You will get something like:

 
now lets get some wow accounts shall we?

Click the one I selected and you get this:
 
now erase that login.php and put in: passwords.txt so your url for this site should look like: http://h1.ripway.com/Virus94/wow2/passwords.txt

now we get this:

 
oh look. Phished accounts!

you can use this for almost any ripway phisher.

NOTE: THE PASSWORD FILE WILL DIFFER FOR EACH PERSONAL PHISHER. IF YOU ARE HAVING TROUBLE PLAY WITH THE PASSWORD.txt NAME, It may be anything!

other things to search for than "ripway inurl:login.php" is:

ripway-
index.php
phish.php
account.php
etc.
Other common password file names:
pass.txt
phish.txt
accounts.txt
hack.txt

ETC!


Texting via Cmd

1) All you need is your friend's IP Address and your Command Prompt.
2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as "Messenger.Bat".
4) Open Command Prompt.
5) Drag this file (.bat file) over to Command Prompt and press Enter.
6) Now, type the IP Address of the computer you want to contact and press enter
7) Now all you need to do is type your message and press Enter.

Get free Game Serial Keys.

=================
What you'll need.
=================
-Skype VOIP program (download from www.skype.com)
-A computer headset/microphone
OR
-A home/cell phone

-About 30 minutes of time
=============
How to do it
=============
There are 2 ways to do this, decide if you want to use your home phone or if you just want to use your computer.
---IF YOU DO NOT WANT TO USE YOUR ACTUAL PHONE FOLLOW THESE INSTRUCTIONS---
Install skype from www.skype.com
Make an account on the skype program
Configure your microphone/headset via the skype audio options
From skype dial the number 1-800-GOOG-411 (you can just type letters into the skype dial text box and it will convert it to numbers)
When asked for a city and state, pick any moderately populated city and say its name into the microphone
When asked for a business name or category, say "Walmart", "Target", "Kmart", or any other big box retailer that IS NOT likely to know much about video games (DO NOT call video game specific stores like Gamestop)
The robot will then tell you a list of whatever store you chose
Wait until it says the name of whatever store, but MAKE SURE it isn't the pharmacy, optician, etc. (IE: Just "Walmart" or "Walmart Supercenter")
Say the number that corresponds to the store
The service will automatically dial the number for the store

---IF YOU ARE USING A HOME/CELL PHONE, FOLLOW INSTRUCTIONS FROM HERE ON, IF YOU ARE USING SKYPE, SKIP TO THE NEXT SECTION---
Look up a phone number for a 'big box' retailer like Walmart, Kmart, Target, etc.
Make sure that the store employees are not likely to know much about video games (This will definitely not work on a Gamestop, etc.)
Call the store
---CONTINUE FROM HERE EITHER USING SKYPE OR A PHONE---
Ask for the electronics department
When the person picks up from electronics, make up a name, and tell them that's who you are and you are calling from (Insert games production studio here)
Tell them that you are calling them to inform them that there may have been a shipment of faulty serial keys for a PC game at their store (say the name of the game if you'd like), and you would like to do a quick check to make sure that their store did not get said shipment
If they tell you that they need their manager at this point, your chances are slimmed a bit, but not all hope is lost
In the event of them saying they need their manager, assure them that it is a quick and easy process and they can just do it themselves and its very easy to do and will only take 5 minutes
If they insist, get the manager on the phone, not all of them are so smart
If the manager gets on the phone, reintroduce yourself and the problem of faulty serial keys
Once they ask you what they need to do, tell them to go ahead and get a copy of the game off of the shelf (make sure to assert that its a PC game so they don't have to get it behind the glass like an xbox game)
Once they get the game off of the shelf, start small to make them comfortable, ask them for the UPC code
When they read the UPC code, tell them that UPC was likely to have been in the bad batch, and tell them that there's one more test to make absolutely sure
Tell them to open the box and try to find a separate piece of paper with a number printed on it labeled 'Serial key' or something along those lines
Tell them the serial key may also be printed on a sticker either outside or inside the CD case itself on the booklet inside
If they question what to do with the opened box (although you may want to say this anyways to make them feel better about it), tell them to put it in the returns bin with a note of some sort attached that says 'Serial test#3jd3' or something along those lines. This prevents the employee from resealing it and putting it back on the shelf, netting someone else your serial key
Tell them to read you that key (make fucking sure to read back to them what you have written down to make sure you didn't get letters mixed up, or just have the game open at a point where you can enter a key)
If they haven't hung up at this point, then congratulations, they have no idea what their store policy is and you get a free game
Also, tell them that the serial key is OK so they don't start questioning people about it, and remind them to put it in the return bin with the number on it that you made up

===HELPFUL TIPS===
Be polite to any person you talk to in the electronics department, ask them how they are doing today, etc.
Try to speak with as much authority as you can, but don't make it too obvious (ie; talking in a deeper voice that is obviously fake)
Don't fuck up your lines, make a script beforehand and just read it off if you have to, don't stutter or sound nervous
If they tell you that they absolutely will not open it, even after you assert that its easy and did the returns bin alibi, just hang up and try another one
This works for me within a few tries. If you don't get it the first time, don't give up, just try another. You are bound to run into a retard somewhere or another

Increase Views in Myspace

Saturday, August 29, 2009

First of all you must install active perl
Find it through the net
Save this code in notepad
Replace myspace url with your myspace url
Save it as whatever.pl
Run this code
Make sure you are sign out before you run this code

#!usr/bin/perl

for($x=0;$x<=1000;$x++){print "Content-Type: text/html\n\n";

my $url = "myspace url ";

use LWP::UserAgent;
use HTTP::Request::Common qw(GET POST);

my $agent = LWP::UserAgent->new;
my $req = GET $url, Referer => "(http://www.google.com/search?hl=en&q=this+should+work&btnG=Google+Search&meta=)";

print $agent->request($req)->as_string;}


Creating Your Own Crypter

Some things to know before you read this

* I have included an example source file, but don't download it expecting to have a free FUD crypter
* This guide doesn't cover every method of file undetection. I'm simply showing you one way you can decrease the number of detections your file gets.
* I'm not responsible for whatever shenanigans you pull with this information

What do anti-viruses look for in a file?
First off, you will need some basic understanding of how anti-viruses work. Exe files are simply lines of instruction, and each line is called an offset.

 
What will the program need to do?
Your crypter is going to take the contents of an infected file, encrypt them, and place it at the bottom of a seemingly virus-free file called your "stub".
Your stub file will then extract the encrypted data from itself, decrypt it, then extract and run it.

This may sound like a complicated and confusing process, but it isn't. Here are some diagrams I made to show your what I mean:
 
Example Source
I've created an example program. I have not tested how FUD it will actually make a file, but I can guarantee it is not anywhere near 100%. The reason I did this is because I want YOU to make your crypters. If you think you are completely lost at this point, perhaps you are not ready yet. Read some VB6 tutorials, look at example programs, and learn! When you think you are ready, read through this whole thing again.

I've thoroughly commented the code to help you
http://www.mediafire.com/download.php?zncawy1ztzm

Other things you can do
What will be detected now is completely dependent on your stub.

Some things you can do to make your stub further undetected:
  • Do NOT take code from other programs!
  • Change your variable or function names around to random things. (ex. dim stubFile as string can become dim hdfKd9jsd as string)
  • Do not include the word "stub" anywhere in your application.
  • After you've built your stub, go through it with a hex editor and try to find the word "stub" and take it out. Sometimes it ends up in there without you meaning to put it there.
  • Remove the version information from your stub. I recommend Resource Hacker for doing this.
  • When calling API's, use a function called CallApiByName. If you search around, I'm sure you will find an example of it.
  • There are many other things you can do. Look around on Hack Forums or Hack Hound. There are lots of great discussions about undetection techniques.
  • When test-scanning your file, use novirusthanks.org and check off "do not distribute." If you scan it with virustotal, they will distribute your file among the AV's.
  • Try not to publicly distribute your crypter
  • Don't give up!