This Article should be short as it's easy nowadays to find a keylogger
a good keylogger is ardamax and it's not free so ill post it cracked soon :)
also Istealer 3.0 or 5.0 are good and free ill also post them later
just to break the rock some people faced while setting up a keylogger or Stealer
FTP??!
yes File Transfer Protocol.
The best FTP server for using a keylogger is
www.drivehq.com
its pretty simple and easy and free
if you're using Ardamax create a folder and call it logs and setup the keylogger to send to it
to make servers FUD (Fully Undetected) people use a Crypter which can be bought from computer programmers at Hackhound and other places.
Thursday, December 31, 2009
Phishing.
Now that we've finished our course in penetrating Wi-Fi Connections its time to hack with another way of hacking
Let's try Data hacking like personal Data's
so what shall we use?
certainly Phishing Or Desktop Phishing
Phishing :
its a fake page where the victim signs in from and falls in the trap giving you his Personal Data
I'll post a link with paypal and rapidshare Phisher soon
" Here"
okay how to use phisher?
go to some stupid free web hosting website
create some new website
in the website control panel
remove index.html and place it with the phisher and in the same folder put post.php with it
now whenever someone opens that page he will fall for it and enter his account data where you will get it at the same folder in a txt file called "Passwords.txt"
but this trick is old so it sounds stupid to trick someone with it
so find some Url Shortener like nutshell.com and shorten that url
send an email to the victim telling him he'd won 50$ and he have to login to through the link then he gets hacked :)
but a better way for phishing is Desktop Phishing where instead of the victim logging in through the fake page he logins through the normal URL
like google.com but he gets hacked how??
first find a Wampserver and download it
open it
now in the C://wamp/www
put in it the phisher
okay great now to make the bomb the phisher arm
Download hosts at "Here "
Now to get hosts ready
Go to http://www.whatismyip.com and copy your IP.
Opem "Hosts" file you've downloaded using Notepad.
Search for "[YOUR IP ADDRESS]" and change it to your IP address.
Change"phishingwebsite.com" to "www.paypal.com"(or any website you wanna hack)
now let's get the bomb ready to rock!
- Right click on "Hosts.exe" and select "Add to Archive".
- Now, in window, change Archive Format from ".rar" to ".zip".
- Tick "Create SFX Archive". Now, in "Advanced" tab, click "SFX Options".
- Now, in "Path to extract", enter "C:\WINDOWS\system32\drivers\etc" (without inverted commas).
- In "Modes" tab, check "Hide all" and "Overwrite all". Hit OK and again OK.
That's The Phisher Arm
Now, after installing Phisher Arm on computer, whenever victim tries to visit Paypal.com or msn.com, he is actually shown our phisher page by his browser and thus we can easily extract and hack paypal or msn password using Desktop Phishing. The hacked msn or paypal password is saved passwords.txt file in your "C:\wamp\www" directory.
Have Fun Phishing :)
Let's try Data hacking like personal Data's
so what shall we use?
certainly Phishing Or Desktop Phishing
Phishing :
its a fake page where the victim signs in from and falls in the trap giving you his Personal Data
I'll post a link with paypal and rapidshare Phisher soon
" Here"
okay how to use phisher?
go to some stupid free web hosting website
create some new website
in the website control panel
remove index.html and place it with the phisher and in the same folder put post.php with it
now whenever someone opens that page he will fall for it and enter his account data where you will get it at the same folder in a txt file called "Passwords.txt"
but this trick is old so it sounds stupid to trick someone with it
so find some Url Shortener like nutshell.com and shorten that url
send an email to the victim telling him he'd won 50$ and he have to login to through the link then he gets hacked :)
but a better way for phishing is Desktop Phishing where instead of the victim logging in through the fake page he logins through the normal URL
like google.com but he gets hacked how??
first find a Wampserver and download it
open it
now in the C://wamp/www
put in it the phisher
okay great now to make the bomb the phisher arm
Download hosts at "Here "
Now to get hosts ready
Go to http://www.whatismyip.com and copy your IP.
Opem "Hosts" file you've downloaded using Notepad.
Search for "[YOUR IP ADDRESS]" and change it to your IP address.
Change"phishingwebsite.com" to "www.paypal.com"(or any website you wanna hack)
now let's get the bomb ready to rock!
- Right click on "Hosts.exe" and select "Add to Archive".
- Now, in window, change Archive Format from ".rar" to ".zip".
- Tick "Create SFX Archive". Now, in "Advanced" tab, click "SFX Options".
- Now, in "Path to extract", enter "C:\WINDOWS\system32\drivers\etc" (without inverted commas).
- In "Modes" tab, check "Hide all" and "Overwrite all". Hit OK and again OK.
That's The Phisher Arm
Now, after installing Phisher Arm on computer, whenever victim tries to visit Paypal.com or msn.com, he is actually shown our phisher page by his browser and thus we can easily extract and hack paypal or msn password using Desktop Phishing. The hacked msn or paypal password is saved passwords.txt file in your "C:\wamp\www" directory.
Have Fun Phishing :)
Cracking Wpa-psk or Wpa2-psk
Welcome to my guide to crack wpa2-psk and wpa-psk
Follow my Steps Carefully and you will get it worked out
now put the card in monitoring mode by typing
airmon-ng start wlan0
now remember the interface (wlan0,mon0,ath0) depends
okay now let's check the networks around
airodump-ng mon0
wait 2 mins now press Control + Z
Copy the mac Adrress of the AP and channel and so on
now monitor the AP writing all packets to a file
Follow my Steps Carefully and you will get it worked out
now put the card in monitoring mode by typing
airmon-ng start wlan0
now remember the interface (wlan0,mon0,ath0) depends
okay now let's check the networks around
airodump-ng mon0
wait 2 mins now press Control + Z
Copy the mac Adrress of the AP and channel and so on
now monitor the AP writing all packets to a file
airodump-ng mon0 --channel 10 --bssid 00:19:5B:52:AD:F7 -w /tmp/wpa2
At this point, you have 2 options : either wait until a client connects
and the 4-way handshake is complete, or deauthenticate an existing
client and thus force it to reassociate. Time is money, so let’s force
the deauthenticate. We need the bssid of the AP (-a) and the mac of a
connected client (-c)
aireplay-ng -0 1 -a (AP mac Address) -c (Client mac address) mon0
now it will deauthinticate a client so when it reconnects you capture the hand-shake
13:04:19 Waiting for beacon frame (BSSID: 00:19:5B:52:AD:F7) on channel 10
13:04:20 Sending 64 directed DeAuth. STMAC: [00:1C:BF:90:5B:A3] [67|66 ACKs]
that's how it looks when it works
As a result, airodump-ng should indicate “WPA Handshake:” in the upper right corner
Stop airodump-ng and make sure the files were created properly
From this point forward, you do not need to be anywhere near the
wireless network. All cracking will happen offline, so you can stop
airodump and other processes and even walk away from the AP. In fact, I
would suggest to walk away and find yourself a cosy place where you can
live, eat, sleep, etc…. Cracking a WPA2 PSK key is based on
bruteforcing, and it can take a very very long time. There are 2 ways
of bruteforcing : one that is relatively fast but does not guarantee
success and one that is very slow, but guarantees that you will find
the key at some point in time
The first option is by using a wordlist/dictionary file. A lot of these files can be found on the internet (e.g. http://0a9c9e1f.youfap.com or on packetstorm (see the archives)), or can be generated with tools such as John The Ripper. Once the wordlist is created, all you need to do is run aircrack-ng with the worklist and feed it the .cap fie that contains the WPA2 Handshake.
So if your wordlist is called word.lst (under /tmp/wordlists), you can run
aircrack-ng –w /tmp/wordlists/word.lst -b 00:19:5B:52:AD:F7 /tmp/wpa2*.cap
The success of cracking the WPA2 PSK key is directly linked to the strength of your password file. In other words, you may get lucky and get the key very fast, or you may not get the key at all.
The second method (bruteforcing) will be successfull for sure, but it may take ages to complete. Keep in mind, a WPA2 key can be up to 64 characters, so in theory you would to build every password combination with all possible character sets and feed them into aircrack. If you want to use John The Ripper to create all possible password combinations and feed them into aircrack-ng this is the command to useroot@bt:~# /pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b 00:19:5B:52:AD:F7 -w - /tmp/wpa2*.cap
(Note : the PSK in my testlab is only 8 characters, contains one uppercase character and 4 numbers). I will post the output when the key was cracked, including the time it required to crack the key.
That’s it
Update :after 20 hours of cracking, the key still has not been found. The system I’m using to crack the keys is not very fast, but let’s look at some facts :
8 characters, plain characters (lowercase and uppercase) or digits = each character in the key could has 26+26+10 (62) possible combinations. So the maximum number of combinations that need to be checked in the bruteforce process is 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 = 218 340 105 584 896 At about 600 keys per second on my “slow” system, it could take more than 101083382 hours to find the key (11539 year). I have stopped the cracking process as my machine is way too slow to crack the key while I’m still alive… So think about this when doing a WPA2 PSK Key.
Welcome to the Art of hacking blog.
In here we will be learning a few means of hacking to serve our personal Purpouses "Warning This Is For educational purposes only"
okay now lets start with hacking starting from setting up a connection with the internet
We will be learning how to Crack Wep Keys And Wpa-psk and Wpa2-psk Keys so be patient and get ready to rock!!
First of All Wep Keys.
Wep Keys can be cracked easily and without any effort as long as you're near to the AP (Acces Point)
First of all you've got to download Backtrack 4 which is a live linux distribution having alot of tools that can serve our needs (Ps: Check at aircrack-ng.org if you're wireless card can go in monitoring mode if not then you cant do this operation)
Subscribe to:
Posts (Atom)
