Get FREE lessons from "Hack It Easy Hacking Course"

Enter your email and instantly receive the lessons in your inbox for free

Thursday, May 16, 2013

Setting Webserver- Host Webpages on your own computer

Have you ever wondered to setup a website without signing up at any web hosting site ? Learning web site designing and wanna keep testing how your web pages look? Free Web hosting sites removing you phishing     pages ?

So solution to such kinda things is in this post.  Basically we are going to turn our pc to a server.

What is a server  ?


Server is we can say, any computer that is serving something . Like webserver serves webpages, ftp server serves files. Any computer can be turned into a server by simply installing a server software. In this post,
I am using XAMPP . By installing this, contents of a particular directory of  our computer would accessible all over internet . Means one could access those contents from any part of the world through our Public IP address.
You can place your web pages or whatever you wish in that directory.
Download XAMPP from here. This package consists of Apache http server (A), MySQL database (M), php (P),Perl (P) and X represents cross platforms.

After dowloading it, simply install it .

At last stage on installation you will get this . Press 1 to start XAMPP control panel.

The control panel would look like this

Click Start to start apache server. Now lets check whether its working,

Open your web browser and visit your local machine address that is 127.0.0.1 or localhost. Hopefully you must get the XAMPP page as shown.

Now check whether it is accessible on internet. Type your Public/External Ip in your web browser and hit enter.
If you got a page as shown, follow the instructions :


1. Go to file httpd-xampp.conf
2. Remove "deny from all" and save the file.



3. Now restart the server and hopefully it would be all right now.

Now what ?

There must be a directory 'htdocs' at location C:\xampp\. The contents of this particular directory will be available to every body. Suppose you place a file anything.html in 'htdocs' directory. It would be accessible at
1.http://localhost/anything.html  or http://127.0.0.1/anything.html
( Obviously above two links gonna work on your own computer only.)
2.http://xxx.xxx.xxx.xxx/anything.html (where xxx.xxx.xxx.xxx is your IP address)
You can start/stop this service simply through the control panel.
Thats all. And you have also use Filezilla(ftp server software) and Mysql (database) as per your need.

Get a domain name ?
Now you would want to get a domain name instead of  using the Public IP to check out your contents.
But how can we get a domain name because our IP is dynamic and to which IP domain name would point ?
Dont worry, we have a solution.
1. Log on to www.no-ip.com and sign up for an account. Choose available domain name.
2. Download their dynamic DNS update client and run on PC.


This client would automatically keep updating your dynamic IP address and that is how the selected domain would always be pointing to your IP address.

Note: You might need  do port forwarding if you are behind a router. Kindly mention the queries regarding that  in comments.

Monday, May 13, 2013

Trojan Horse | RAT | Configure and Use | Tutorial- Part 2

Just go through the Part 1 which includes the basics of  Trojan Click here. This tutorial is about configuring and using a trojan. There are many trojans available on internet for free. Some popular ones are Beast, Pro Rat, Netbus , Back Orifice, Girlfriend, Sub 7. I will be using Pro Rat in this tutorial.

Requirements


1. Prorat- Click here to download Trojan Prorat.
2. Hostname  -  Your IP address would probably be dynamic that it keeps changing everytime you disconnect and reconnect. You need a host name which always automatically keep pointing to your changing IP. Follow these steps -:

1. Log On to www.no-ip.com and register for an account.
2. Go to Hosts/Redirects -> Add Host and choose any free available hostname. Do not change any other option and simply click on Create Host.
3. Downloading and install their DNS update client available here http://www.no-ip.com/downloads.php Run it and enter your credentials. Update your host name and save it.
4. Lets check whether your IP has been associate with chosen host name or not. Go to command prompt and type 'ping yourhostname' (without quotes) , hopefully it should reply with your IP address.

Tutorial for configuring Trojan.


1. Open prorat.exe that you have downloaded.
2. Click on Create  and then Create ProRat Server


 3.  Enter your host name in the ProRat Notification field as shown. Uncheck all other options.

4. Click on general settings Tab and have a look at server port,password, victim name. Remember these things.Check out and configure other options as per your need. You can bind server.exe with any genuine file, change its icon etc.
5. Finally click on create  server and now its ready to be sent to victim.  Once victim installs it, it would automatically disable antivirus/firewall.

Modes of sending-: 
You must be thinking of sending this server.exe to victim through an email as an attachment but unfortunately you cant do so. The good option is  to upload it on any uploading site like mediafire.com and give downloading link to victim.

What after victim has run the server part ?


1.Click on ProConnective Tab and start listening to connections. Allow firewall if it asks you to open a port.
2.You will start listening to connections, I mean you will get a notification as shown when victim would be online.






Note: If you know victim is online and still its not listening to any connections. Trace victim's IP,enter in IP field and hit connect. But its gonna work only if he is not behind any network and directly connected to internet. If you dont know how to trace IP, mention in comments.

What after successful connection ?

After you have managed to connect to victim's machine. There are numberless interesting things to do. I leave this part on you.  Have Fun.

How to make it undetectable from antivirus ?
Though there isn't any hard and fast way to make it fully undetectable from all antiviruses. The real way to do it is modify the source code of open source trojans available. Its very challenging job. There are many crypters which claim to make it undetectable but unfortunately hardly one out every hundred works. I would try to write next article on the same.


Contermeasure against Trojans -
The obvious coutermeasure against trojans is that do not accept downloading links blindly. Keep your antivirus up to date.

Detecting and removing Trojan -
Though trojan once installed is very hard to remove . It would hide itself from the Task Manager . Install Process Explorer and it would hopefully show you all process running including trojan. Kill the process and remove it. One good thing is to carefully check the open ports and services running through 'netstat' command. Anyways , the best option is to reinstall the windows.


Feel free to ask  the queries in comments :)

Sunday, May 12, 2013

Trojan Horse (Basics) - Part 1

Have you watched movie Troy ? okay lets leave . Have your wallpaper ever changed automatically ? Have the programs ever started without your initiation ? Have the browser opened unexpected websites automatically ? Simply have you ever felt that someone else is controlling your computer ? NO ?
Congrats, you probably haven't been a victim of trojan yet :).

A trojan horse is a remote administration tool(RAT). This is some thing extremely dangerous.  A trojan gives the full control of victim's PC to the attacker. 
 A trojan has two parts . One is client part (Control Panel) and other is server part (meant to be sent to victim).

The basic methodology of using a trojan is as follows:-

1. Attacker creates an executable file of size in kbs. This  is  server part of trojan and mostly called as server.exe

2.Attacker might hide this server.exe behind any genuine file like a song or image. Attacker gives this file to victim and victim is supposed to double click on it.

3.As victim run that server part , a port on victim's computer gets opened and attacker can control his PC sitting remotely in any part of the world through the control panel(client part). Attacker can do anything with victim's computer remotely that victim himself can do on his computer.

Note: Now I am assuming that you know a little bit about IP addresses that is lan/internal/private and wan/external/public IP.
Two different methods of working of Trojan.

1. Direct Connection : In this method, after the server part has been installed on victim's machine, the attacker enters the public IP address assigned to victim's computer for making a connection to it. But limitations of direct connection is that public IP address is most probably dynamic and gets changed everytime one disconnects and reconnects. So attacker needs to find out IP address of victim each time.Moreover the incoming connection like this is usually restricted by firewall.
The main limitation of direct connection is that you can not access the victim who is behind a router or a network beacuse victim's machine is not assigned public/external/wan IP. It is only assigned private/internal/lan IP which is useless or meaningless for computers outside that network.The wan IP belongs to his router.

It doesnt matter how attacker is connected to internet. Attacker can be connected to internet any of three means.




Victim is behind a router in this case. (havent inserted the picture of victim behind a network, imagine that )
2. Reverse Connection: In this method, attacker enters his own IP address in server part while configuring it .So when the server part is installed on victim's computer, it automatically makes connection with client part that is attacker. Also the firewall in victim's machine would not restrict to outgoing connections. Problem in this case is same that attacker's IP is also dynamic. But this can be over come easily. Attacker actually enters a domain name in server part which always points to his dynamic IP.

Reverse connection can bypass a router or a network.


You might be confused at this point. Kindly mention your queries/doubts in comments.

Saturday, May 11, 2013

How to see saved password in Mozilla firefox

Here is simple hacking tutorial to view the saved passwords in Mozilla firefox.
While visiting public internet cafe ,some innocent peoples click the "Remember" while mozilla asking for remembering.   This is one of the benefit for us to hack their account in very simple way.

Follow these steps to see the saved Passwords:


  • click the "Tools" menu in menu bar.
  • Select Options
  • It will open a small window
  • Select the "security" tab in that small window
  • You can view "saved Passwords" button

  • Click that button.
  • It will another small window
  • There will be list of sites with usernames
  • Select One site and click the "show Password"
  • It will clearly show you the password

x

   First Name:
* Your Email Address:
 

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More