HACKERS UNDERGROUND © 2012 BY RISHABH SHARMA

Wednesday, 16 January 2013

Ardamax Keylogger(Free and full version)


Today i am going to show you how to hack gmail, facebook, Yahoo! Passwords using ardamax keylogger.
  sometime latest antivirus show it as virus,,but don't worry it is not virus,,....use nd enjoy..

Procedure to hack.
Step 1) First downoad Ardamax keylogger from here. 
PASS: hackersunderground

Extract the keylogger from RAR into your desired folder and open it.



Double Click  the setup file and install it as normal setup by clicking next.
Once if you complete your installation, it shows an icon at the right bottom corner of your screen as shown in the figure below..





  then after installation double click on the patch,, and patch the ardamax instal exe file.. which instal in your given directory..

Step 2) Now right click the ardamax kelogger icon and select  “enter registration key “ Enter the name and key which are there in the downloaded folder.



Step 3) Now right click the icon and select “remote installation”. Click next by checking all the boxes until you see the following window and then follow the following pictures.



Step 4) Once you are done with the above, you will see the following window. Selecting delivery method via FTP is the better option, but in this tutorial i am going with email delivery method.


Now fill the email options as mentioned here.
Send to- your email id
Send from- your email id
Smtp host –smtp.gmail.com
And finally your username and password.  You can test whether it is working or not by clicking the test button. And finally click next to proceed.


Step 5) Now you can change your icon by selecting change icon option and then click next.


Finally you will see the following window, if you have done everything correctly.



Now send the created server file to your victim. It logs all his keystrokes and sends them to you via email.
Note: The server file you have created will be detected as a virus by your antivirus. I will write few articles on bypassing antivirus detection in my upcoming posts.

post by rishabh sharma hackersunderground

[TUT]HOW TO MAKE AN SELF-DESTRUCTING E-MAIL!!

 If you ever wanted to to trick your friends by sending them a self-destructing e-mail or are just of curiosity here, then continue reading. We will be using a Self-destruct service which tells you when your tracked e-mails are opened, viewed… Follow the steps below:

1) Go to this website: [url=http://www.self-destructing-email.com/][/url]http://www.self-destructing-email.com/


[Image: self-destructing-email.png]

2)Sign up for free and get your account. Use your e-mail while registering.

3) Fill up the details.


[Image: self-email-2.png]



4)Now just log in into your e-mail service you are using and write a new message, so like sending an ordinary message to your friend, except, in column where it says ,,To’’ Just add .self-destructing-email.com at the end of your friends e-mail address.

Your friend will receive an e-mail that says he has to click on the link to read the message, when he opens it a message will pop up that will say he has 1 minute to read the message, and the message will expire after 1 minute.


[Image: warning.png]


HOPE YOU LIKED IT!!! 

post by rishabh sharma hackersunderground

[TUTORIAL]Hack Facebook Accounts On The Same LAN!

Ok, I am going to show you a way you can hack the facebook accounts of all the people who are on your network (LAN/wifi ). This is really the best way to hack facebook accounts. It̢۪s much easier than installing RATs, Keyloggers or making phishing sites.

You will need 3 tools for this:
Cain and abel : http://www.oxid.it/cain.html
Wireshark : http://www.wireshark.org/download.html
Web developer add-on for firefox : https://addons.mozilla.org/en-US/firefox...developer/
So what exactly happens when you type in http://www.facebook.com and login with your username and password? First download the web developer addon for firefox and then login to facebook. After you log in view the cookies in the web developer toolbar.


[Image: jdK0p.png] 

Ok now if you click on view cookie information, you will be able to see all the cookies which facebook has transmitted to your browser.

The main cookies are the c_user cookie (which identifies a person uniquely) and datr cookie.

So your aim must be to get the cookies of your victim through wireshark and then replace your cookies with the victim's. So then, facebook will think you are the victim as you have his cookies and you will be logged in as the victim. Simple isn't it?

So how do you do this?

First off install cain and abel. It will ask you whether you want to install the packet driver - WinPCap. Go ahead and install that also. Open up cain.
1. Click on configure on top and select your Network card. Mostly it's the one with an IP address.
2. Next click on the start/stop sniffer on top as shown below in green square.
3. Once you start the sniffer, go to the sniffer tab in cain, right-click and click scan MAC address as shown below!


[Image: YRKpj.png] 


Ok now you should have a list of everyone on the network. It may take some time though. You can right-click on any one computer and find out its name.

Now what we are going to do is the actual shit! We are going to do an ARP poison! What this means is that you fool the router in thinking that you are the victim, and you fool the victim in thinking that you are the router.

So initially victim -> router -> facebook. Now after ARP poison, victim->hacker->router. This is called an MITM(Man in the middle) attack. You can google it for more info.

Doing the ARP POISON
1. First Click the APR tab below in cain
2. Click the white screen in the top frame
3. Click the blue plus on top.


[Image: i9QFz.jpg] 

Now you should get a list of all the devices on the left and a blank screen on the right..

In the left screen you should select the router IP. And in the right box, select the computers you want to target. To be safe it's better to target one computer. But if you want some real fun then select all the computers on the right frame. Press ok.

WARNING: If there is a person at the router, he can know if you have just done an ARP poison. But where is the fun without the risk.

You can try googling on other methods to do ARP poison safely.

In the top frame all the computer list should have got filled. Now select the whole list and click on the nuclear button (top left of cain).
  






[Image: rkZF8.jpg]

Thats it you are done with the ARP poison. Just be careful, if you select too many computers, your computer can't handle the traffic and the network may just crash.

Now all the data is passing through your computer. All you have to do is sniff the data in wireshark, get the cookie and replace your cookie with victim's cookie.

So how do you go about doing that? It's very simple actually.
1. Open up wireshark.
2. Go to capture -> Interfaces in the top menu and select your interface. It's usually the one which has an IP address and a certain number of packets flowing through it.
3. Next go to capture and click on start. It should look something like this


[Image: J2ZY2.jpg]

This window has all the packets sent from the victim's/victims' computer to the router and all the packets sent from the router to the victim.

Next in the filter type "http.cookie contains datr". You ask why? Because, when a user logs in to facebook, he is given some cookies which are unique to him. If we replace our cookies with the victim's cookies, we can login to his account as then facebook won't know the difference.

  [Image: KY7ZH.png] You now have the cookies. To get the information stored in the cookies, right-click on any one of the cookie and click on Follow TCP stream.

[Image: URRWs.jpg] 

In the TCP stream look for the line Cookie: (and all cookie names). If it doesn't come, select some other packet in wireshark and click on follow tcp stream for that. You can see the source IP and destination IP in wireshark. So if you have more than one source IP, then you know you have the cookies of more than one account on your LAN. This is what I got when I did it.

[Image: E3I5i.jpg]

So now you have it. The datr cookie, c_user cookie, lu cookie, sct cookie, w cookie and xs cookie. These are the main cookies you need.

Now open firefox and go to http://www.facebook.com. Once there, click on cookies in the web developer add on which you had installed in the last post. Then do the following:
Clear session cookies
Delete domain cookies
Delete path cookies


[Image: kvEdY.jpg]

IMPORTANT: Once you do this, again type http://www.facebook.com in the URL and click enter. Basically you are reloading facebook after deleting all cookies.

Now login to your account with your username and password. After logging in, click on cookies in web developer add-on and click on "view cookie information".

And there you have all your cookies. Now what to do?! I guess you know it by now. !

Click on "edit cookie" for each cookie there and replace the cookie value with the value you got through wireshark.

If you did not get all the cookies in wireshark its OK! But mainly, you should look to replace the datr cookie, c_user cookie, lu cookie, sct cookie, w cookie and xs cookie.

[Image: 94ht1.jpg]

After replacing all the cookie values with the ones you got in wireshark, just refresh the facebook page. And that's it! You are in to the victim's account! You have HACKED a facebook account on LAN!


POSTED BY HACKERSUNDERGROUND

Sunday, 13 January 2013

Gmail Hacker | Fake Tool to Hack Gmail Accounts

Hey friends, today i am going to disclose some irony stuff that Hackers nowadays using to make people fool these days. Hackers are spreading a software tool named as Gmail Hacker v1.0 on the internet with title " Hack Gmail Accounts using Gmail Hacker" or "Gmail Hacker : A superb Gmail Account Hacking tool". But beware of such articles because its nothing more than a smart keylogger which is actually intended to hack users credentials that user gonna use to hack somebody's gmail account. Let us discuss the process in detail:
First of all frankly speaking, Gmail Hacker is a hacking tool( or i better call it social engineering hacking tool) which can be used in either way like Hacking someone's Gmail account and at same time loosing your Gmail Account( if not handled with extreme care). So friends which process you all wanna learn first. Hacking one or getting Hacked one.. or both at same time going step by step :P.
For Having a trail of Gmail Hacker tool you gonna need below stuff:
Now lets go step by step for the Hacking procedure:
Gmail Hacker for Hacking Gmail Accounts:
Step 1 - Extract the arhive named Gmail.rar on your computer, Once you have extracted you will see the following file:
Builder.exe
Step 2 - On opening Gmail hacker builder.exe you will see the following:
Step 3 - Next you need to enter your gmail address where you would receive logs. However I would recommend you to create a fake email address and use it for receiving logs. 
Step 4 - Once you have entered your credentials, click on the build button. 
Step 5 - A file named gmailhacker.exe would be created, On executing the file, the victim will see the following: 
Now you need to apply your social engineering skills in order to make the victim enter his/her credentials on to the software. The simplest way of accomplishing this is to tell the victim that the application Gmailhacker.exe is itself a gmail hacking software, You just need to the victim's username, your own gmail ID and your own gmail password, where you would receive victims passwords and click "Hack Them".
Step 6 - Once the victim clicks on the "Hack Them" button, his own gmail credentials that he entered would be sent to you on the email you typed while configuring the software. 
Well, here is an interesting part, when the victim will click on the button "Hack them", he will receive the following error, making him thinking that their is a problem with the software:
Now i hope you all understood which part you need to provide credentials and which part you need to provide the fake account credentials that you have recently created.
Irony Part : The file that is being generated by builder.exe i.e. Gmail Hacker.exe is a advance type of remote keylogger which will sent the credentials you have entered into the Gmail Hacker option menu to the hacker who has build the Gmail Hacker.exe file. So important part never put your original account credential in any of such tools which gurantees that they can hack email accounts or facebook accounts because all are simply fake. They are just cool social engineering stuff which is used to make newbie Hackers or users fool to hacker their Gmail accounts.
If you have any doubts ask me in form of comments.


post by rishabh sharma hackersunderground

How to hack crack or bypass cyberoam in college

Hello Friends, today i am going to explain you How to hack crack or bypass cyberoam websense and all other security firewalls that college, institutions, offices use to block websites at their respective places. Most of colleges, school and offices nowadays prefers a hardware firewall to block the users to access the restricted websites. Most of my friends have asked me about that how to access blocked websites or bypass cyberoam or simply cracking the cyberoam to access restricted websites in their college and offices, i have explained some methods earlier also but those loopholes are now fixed and those methods to hack cyberoam and websense doesn't work effectively now and also hacking through proxy is quite tedious task as first of all we have to search for good working proxy websites which in itself is a very tedious task, and most of times it is also blocked. So it actually wastes lot of our precious times and most important daily. So why don't we have a permanent solution for it. The method that i will explain today is really awesome and doesn't require much effort and thus its quite easy and the most important its 100% working. So friends read on for detailed hack....

hack cyberoam, crack or bypass cyberoam client
Hacking or bypassing or cracking cyberoam
For hacking Cyberoam or Websense  you must know How cyberoam and websense works? If you know how it works then you can easily find flaws in it and hack or bypass it very easily. So friends lets learn how cyberoam actually works.

Cyberoam is a 8 layer hardware firewall that offers stateful and deep packet inspection for network and web applications and user based identity security. Thus the firewall is quite secured. Now how we can hack that 8 layer security its the main important question here, as i have mentioned above that main working and blocking of any website or application by cyberoam is basically done at deep packet inspection step, now here the flaw in any security firewall lies, also in case of cyberoam and websense too. They block all websites by parsing their content and if their content contains the restricted keywords then they block that websites. They also use category blocking which also works on same concept. The flaw is with websites that uses SSL feature, the websites that contains SSL lock i.e. the websites that uses https are not blocked by them. They have to block these websites manually which is a very hectic task and believe me nobody blocks them.
So the proxy websites that uses https i.e. SSL proxies are also not blocked by these websites. 
Only those proxies are blocked which are known or being heavily used. But the tool that i give you create SSL proxies by itself that means its proxies cannot be blocked. So friends this tool rocks..:P :)


Things that we need to hack cyberoam, websense and any such such hardware firewall:
1. TOR browser ( a anonymous web browser like Mozilla which has inbuilt proxy finder that bypasses the websites easily that are being blocked by cyberoam or websense).
2. A USB or pendrive ( where you will keep the portable version of TOR browser)
3. If USB drives are disabled we will use different drive for its installation. (also portable version of TOR can be executed from any place).


Steps to hack Cyberoam:
1. Download the TOR web browser.
     To download TOR browser: CLICK HERE

2. Now install the TOR web browser. In case of portable version it will extract.
    For Installation and usage Instructions visit here: CLICK HERE

3. Now open the TOR browser and start surfing your favorite website like facebook, orkut, gmail ..everything at you office....

4. That's all the hack. I hope you all have liked it.


Note: Have a portable version in your pen drive or USB drive and enjoy where ever you want.


For such hacks keep visiting...and subscribe our posts, if you don't wanna miss any such hack....

post by rishabh sharma hackersunderground

Crypters tutorial for Hackers by Hackingloops

Crypters are computer applications which are solely used to bypass the antivirus detection of malwares. Hackers use crypters to hide viruses, Trojans, RATS, keyloggers and other hack tools into a new executable, whose sole purpose is to bypass the detection of the same from antivirus. Crypters are basically dead programs which does not affect the actual functionality of the program, they just spoof the actual program behind their encryption and make antivirus fool. Most antivirus detects viruses on basis of heuristics and normal string based detection. Since we have spoofed the original program, so antivirus stand lame and does not detect it as virus.


Common terms related to crypters:
   
For understanding and designing crypters, hackers must be aware of certain terms, most of you already know these terms, but as i am writing this tutorial starting from novice level and take it to elite level at the end. So if you know these terms just read them one more time, as that might help you to clear some of your doubts.

1. FUD or UD : Fully undetectable(FUD) means that your virus is not detected by any of the existing antiviruses while undetectable(UD) means detectable by few antiviruses. FUD is our only goal and elite hackers always rely on that. 
Note: Crypter will remain FUD until you have openly shared on internet. Public crypters remains FUD up to maximum 2 to 3 days then they become UD. So if you want to use crypter for long time so never publish and share that on internet. Use it anonymously.

2. STUB : A stub is a small piece of code which contains certain basic functionality which is used again and again. It is similar to package in Java or simply like header files in C ( which already has certain standard functions defined in it). A stub basically simulates the functionality of existing codes similarly like procedures on remote machines or simply PC's. In crypters, client side server is validated using stubs, so never delete stub file from your crypter. Stubs adds portability to crypter code, so that it can be used on any machine without requiring much procedures and resources on other machines.
Let me explain with small example:
Suppose you are writing a code that converts bytes to bits, so we know formula or method for converting bytes to bits will remain same and it will be independent of machine. So our stub (or method stub or procedure) will contain something like this:

BEGIN
    totalBits = calculateBits(inputBytes)
    Compute totalBits = inputBytes * 8
END
Now what we will pass is only number of bytes to this stub. And it will return the resulting bits. Similarly, we include some common machine independent checks and functions in our stub, and in main code we only passes linkage and inputs to these stubs, which in return provides suitable results.
Note: Most of times it happens, suppose you downloaded some keylogger and you complain to provider its not working, only reason for that is stub. Also always kept in your mind, if you are downloading any keylogger or crypter  always check stub is present in it. If not, don't download it, its just a piece of waste and for sure hacker is spreading his virus using that. I recommend that never download any hacking tool on your real machine, always use virtual machine or sandbox to test hack tools.

3. USV: Unique stub version or simply USV is a part of crypter that generates a unique version of stub which differentiates it from its previous stub, thus makes it more undetectable against antiviruses. For detecting this antivirus companies has to reverse engineer your crypter stub, that is not that easy to do, so it will remain undetectable for long time. This consist of one most important component USG ( unique stub generation) which is the actual part of crypter that encrypts and decrypts the original file means its the heart of your algorithm and i will recommend never write this part in stub, rather include this part in main code. Why i am saying this, stub is part of code which is shared with victim, so it will become public and hence your Crypter will not remain FUD for much long time.


Different types of crypters:
1. External Stub based crypters : This category consists of public crypters (those you have downloaded till date :P (noobish one's) and you complains to provider that its detectable by antiviruses. That really foolish complaint, if crypter is public then it can never remain FUD. So don't ever complain to me also after my next article for such noobish things. Ahahah.. i got deviated for real thing.
External Stub based crypters are those crypters in which most of the functionality of the crypter depends of external stub, if your delete that stub file, your crypter is useless. :P Most antivirus only do that. These type of crypters contains two files one is client.exe and other is stub.exe . Stub contains the main procedures and client contains the global functions that call those procedures.

2. Internal or Inbuilt stub based crypters: The crypters that contains only one exe file (i.e client) fall under this category. This client file has inbuilt stub in it. You can separate stub and client part here too using RCE (reverse code engineering) but it is not recommended.

Note: External or Internal stub doesn't make much difference as antivirus detects files on the basis of strings related to offsets. Whenever you reverse engineer any application or program, the program execution flow will gonna remain the same but offsets may change. USV will come into picture at this point. If you include your encryption algorithm separately then it will be more harder for antivirus to detect your crypter.

3. Run time crypters: Run time crypters are those crypters which remain undetected in memory during their execution. We are looking for these type of crypters only. :P These can any of the two above.

4. Scan time crypters: Those crypters which will remain undetected while encrypting the files but will become detectable when resultant file is generated. :P Fking one's that wastes all effort we have put. This really annoys everything is working fine and at last you get your file being detected by noob antiviruses.


post by rishabh sharma hackersunderground

How to hack keyloggers or RAT's server password

Keylogger's and RAT's nowadays are everybody's problem across the internet. Hackers use keyloggers to hack the email passwords of the victim which they receive in the form of emails or text files on their respective FTP servers. They spread their keyloggers with the help of cracks, keygen's or patches of popular software's or simply through hack tools. So friends, today i will teach you how to reverse engineer the keylogger or RAT to hack the hackers FTP server or email password. I have already discussed this with the help of bintext tool on my other website ISOFTDL. 


Most of hackers thinks that they are too smart, so what they do bind their keylogger or Rat servers with popular programs and when user open that their system got infected and hence what ever they type is get recorded and sent to hacker. 
Now all keyloggers sent data to hacker in regular intervals (usually every 5 to 10 minutes) by using below to ways:
1. Using the Emails : where hacker configures his email ID and password while creating the server. Keylogger records the key strokes in a temp file and sends it to the hacker in form of emails. But this has a limit as most free email servers like Gmail or Yahoo or Hotmail has limit of 500 composed and received mails. So most hackers use the second method.
2. FTP server : While creating the keylogger server, hacker configure their FTP server, where they receive the logs of key strokes in the form of text file( usally labeled on the basis of current system time stamp). Hackers keylogger server uploads the files to FTP server after every few minutes interval.

So friends, here the actual trick or loophole in above technique lies. If we monitor the everything coming in and going out of our Ethernet card or Wireless then we can detect that what is going out of our system. Its nothing but just monitoring your your system's traffic, where its going and from where its coming. You can use any of the tool that monitor the packet flow of your Ethernet or wireless card.
ok...ok.. let me tell you my favorite tool for doing the same. I love Wireshark because its simply superb.

Wireshark is a very famous network scanning hack tool which is used by hackers or network forensic experts to monitor the packet flow of their network cards like Ethernet or WLAN. It records the each and every packet coming and going out of your system's Network card. Now you all must be thinking wth is this Packet. Packet is nothing but just a bunch of bits(data in form of 0 & 1) usually 32bit or 64bit. In network terminology, data is termed as packet which can be either TCP or UDP( both contains the header n other stuff accordingly). 

So friends, whenever you feel anything suspicious in your system like your system is compromised or you are infected from a keylogger or RAT or simply you want to test a hack tool and you are not aware that hack tool is safe to use or not. Just follow the below procedure to reverse engineer these noob hacking tools.
Note: Every keylogger or RAT sends the logs to hacker's FTP server or email account after few minutes interval( when you are connected to internet) but some novice keyloggers even tries to send data while you are offline and hence the data sending keep on failing. In some situations it displays warning message and in some situations you PC gets hanged or SVHOST service CPU usage increases. But nothing matters whether it sends logs online or offline, the only thing matter is time period, after what interval it sends data.

Steps to Hack or reverse engineer the Hacker's Keylogger server password:
1. First of all download and install the wireshark. You can easily get this using by Googling it. 
Note: While Wireshark is getting installed, ensure that it installs the Winpcap with it other it won't work properly.
2. Now go to the Capture button in the top menu of the Wireshark as shown below and select the interface( means your network card which can be Ethernet or WLAN).



3. Now it will start capturing the packets through that Network card. What you have to do is just keep capturing the records for atleast 20 - 30 minutes for getting the best results. After 20- 30 minutes, again  go to capture and stop capturing the packets.
4. Now you need to filter your results, for this Go to the filter box and type FTP and SMTP one by one. Note: if you get records for FTP then hacker has used FTP server and if you didn't got FTP that means hacker has used SMTP, so give SMTP in Filter box.
5. As you scroll down you will find the “FTP username” and “Password” for victims ftp account in case FTP server is used.  And if hacker has used SMTP then you will find "email address" and its "password" that hacker has used to create keylogger.

6. That's all my friends. Isn't that too easy. 
 
post by rishabh sharma hackersunderground

 
Design by HACKERS UNDERGROUND
HACKERS UNDERGROUND © 2012 BY RISHABH SHARMA