How to Own a Hacker - Reverting Keyloggers and Stealers

In my previous article I've been writing about How to know if you are infected with RATs or Keyloggers. Here i will show you how to revert those keyloggers, RATs, or stealers, and find who sent them to you.

What is Reverting?

Reverting generally means reversing an action or undoing the changes. Here in our case, reverting would be more of reversing the action.

For this we will need a keylogger server using ftp. It can be found on warez sites, youtube etc. You basically need the following things:

• Keylogger, passstealer
• Cain and Abel
• Virtual machine (so you don't get infected, and what if the hacker is using better protocol that would be epic fail).
  

Getting Started:

Execute the keylogger on your virtual machine.


Now run Cain and Abel and do the following things as per stated order.


Wait for sometime and then check back the passwords area.


As you can see the keylogger used ftp protocol to transfer the logs. Ftp protocol isn't very safe since it doesn't encrypt the data. Anyways you should see the IP address where your PC is sending packets. And also the username and password. This might not work if the server is using other protocol like http, smtp, etc. you'll most probably get junk values in user and pass box if those protocols are used.

So i open the ipaddress http://66.220.9.50/


Guess what its our very own drivehq.com =D. Now login using ftp password that we got from the sniffer and get going. I would recommend to steal the logs quietly like a ninja, so you can get others logs as well. Of course you can change the pass if you want but it won't send any further logs.

Continue Reading >>

A Guide To Safe Trading

Scammers are everywhere, and it's very hard to spot them. Sometimes, even the most trustworthy looking member will attempt to scam.
This guide will help you catch out the con men, and stop you being scammed for your hard earned money.

How to spot a scammer

Scammers all work in different ways, but there are some similarities about their actions, here are some things to look out for while making a trade.

• Grammar: A lot of scammers operate in foreign countries, and it's usually noticeable by their poor grammar. It is advised to trade only with members of the same country where the laws are the same for the both of you.

• Stories: This is used very often. The scammer will lure you in with a sympathy-inducing story. This is a highly successful method. If the person you are trading with are legitimate, their personal life will not be mentioned during the trade.

• Find references to third parties: Many times, scammers will reference clients, secretaries, personal assistants, bank associates or other individuals who don't have anything to do with the transaction. The addition of these people in your correspondence is supposed to trick you into thinking that the transaction is very important. Scammers may also include in their correspondence fake forwarded emails from these supposed people. Remember, the trade is between you and them only.

• Pay attention: Scammers sometimes attempt to confuse potential victims by including a lot or irrelevant information in their correspondence so that the scam will be easier to complete. Sometimes ask them to repeat things they have said, if it's not the same as before, you're probably dealing with a scammer. If anything seems a little ''off'', cancel the trade.

• Follow your instincts, if you think you're dealing with a scammer, you probably are.

• Don't be rushed into anything: Scammers will often hurry you to trade, saying if the transaction isn't completed now, someone else will make the trade.

Securing a safe trade

Never pay for anything before a job is complete or you have received the item in trade. Here are some ways to get proof of ''completed'' jobs.

• Use a trusted middleman

Middlemen are in the middle of the transaction. For example, if you are paying $5 for a program, the middleman will receive your $5 and the program, and then forward them either side.
Both of you must trust the middleman involved.
Remember, if your client declines a middleman, cancel the trade immediately, they are probably a scammer.

• Teamviewer

Nothing is better than seeing the proof with your own eyes. Teamviewer allows you to see other peoples computers, anywhere. You can use this get proof of a completed job, E.G- A hacked email account.
If the client you are dealing with is not a scammer, they will not have any objection to this.

You can download Teamviewer from here.


Tips

Some scammers are extremely clever, and can pull off a con even if you follow the above steps. Here are some tips to get justice easier if you are scammed.

• Take Screenshots

Anything that could be used as proof of you being scammed, take a screenshot of it. This can include online conversations, paypal transactions ect. Doing this will make it a lot harder for the scammer to talk their way out of the situation.

• Record Every Conversation

During conversations about a trade, record it and save it. It can be used as evidence against the scammer.

• Do no post your IM publicly
  

When asking in a thread to be contacted, do not post your IM. Anyone can fake a member here and if you publically post then it will be easy for someone to fool you into thinking they are a trusted member. It's suggested anyone that does contact you via IM you confirm their HF identity with a PM on the site.


That's all for now, I'm sure I'll add more in time, scammers always think of new methods to con you.

Remember, if you doubt anything about the trade, do not complete it!

Continue Reading >>

Get a Free Serial Key for Auslogics BoostSpeed

I'm making this post for all my loyal readers. Here, I’m going to give you a free serial key for Auslogics Boostspeed. It's one of the best all-in-one computer maintenance and optimization tool, providing you with everything you may need to keep your PC running fast.


Auslogics BoostSpeed - the ideal solution to keep your PC running faster, cleaner and error-free. This powerful optimization suite will boost Internet connections, tweak Windows to its peak performance, clean registry and block annoying ads. It's a great way to keep your computer clean and optimized.

Modify Windows settings, file system and services to greatly increase system performance. Increase startup and shutdown speed, disable annoying CD autorun and error reporting features.

BoostSpeed will keep monitoring your system for possible optimizations and let you know if such optimizations are possible. You can also run the System Optimization Wizard to periodically optimize your PC.

Download Auslogics BoostSpeed

Free Auslogics BoostSpeed Serial Numbers:

Name: www.serials.ws
Serial: 64E5-F822-A162-B51A-6A76-929B-CB7A-4119-68F1

Name: www.serials.ws
Serial: 6407-F822-A162-B59F-36AE-93FE-0288-0882-09AA

Name: www.serials.ws
Serial: 6441-F822-A162-0239-E99C-81F9-9B37-4F60-8B5C

Name: Team NOY
Serial: 120D-D33D-C043-98B8-D869-65E3-7529-6CC1-CF80

Name: www.serials.ws
Serial: 655D-F822-A162-5D22-3359-7E64-444D-225B-A37A


Have a great time using this software. Enjoy ;)

Continue Reading >>

How to Not Get Caught Watching a Porn - Porn Browser

In this post, I am writing about a web browser which allows you to watch porn on the web, without the worry of getting caught.


P0w3R0fChr1sT's Porn Browser Features:

• Panic button
• One button close
• Quick porn links on the side
• Fast and light
• Minimize in system tray
• Customizable window title
• MSN icon as system tray icon
• All links work
• Can clear IE history
• Redirects to Wikipedia on "Panic Mode"
• Pop up blocker
• Password protect your browser when you leave
• More cool features...

Download P0w3R0fChr1sT's Porn Browser

Continue Reading >>

How to Hack YouTube to Get More Subscribers

I found many users on YouTube that are making high quality videos, but they are not getting much subscribers because of the big competition. This tutorial will show all of you how to make it look like you have hundreds, thousands and even millions of subscribers!

Before we start you need:

1. Mozilla Firefox [Download]
2. Firebug [Download]

Once you have got those we can begin

1. You should see Firebug in the bottom right hand corner like so.
*Taken down, 10 photo limit.

2. Then go to your "YouTube" account and load your channel.

3. You should see some editing options at the top.

4. Click on "Themes and colors"

5. Then click show advanced options you should see this:


6. Right click on the Font choosier and look for "Inspect element"


7. You should see a menu like this:


8. Change where it says Value="Arial" to Value="Arial Black"

9. Now exit out of "Firebug" and on the Font choosier choose "Vendeta". Then your font should change.

10. Now choose "Arial" again and you should have Arial Black Font.

Now for the final steps:

11. Copy your channel description into the "About me" Box


12. Set this as your channel description:

Subscribers: 85,396 (Change the number to whatever you want)

Now it will say you have 85,396 Subscribers.

I Recommend that you use "Tube Increaser" to increase your channel views (so it dosen't look retarded ;)

13. And your done!

Finished result:

Click here to enlarge the picture

Continue Reading >>

How to Hack PayPal Accounts using PayPal Hacking Software

In my previous post I've been showing How to Hack PayPal Accounts using Fake Login Page. In this article i will show you how to hack PayPal accounts using PayPal hacking software.

This tutorial is written by Saint Andrew, a loyal reader of this blog.

Note: Hacking credit cards or Bank accounts like PayPal is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial. This post is for educational purposes only.

This is fake PayPal Money Adder software to help you bind your keylogger or whatever Trojan server you have. This PayPal Money Adder software seems to be used to Add some Money to your PayPal Account, but actually this is fake PayPal Money Adder software used only as means for installing Trojan Server binded with it on victim computer.

PayPal Money Adder to bind your Trojan Server

1. Download link of Fake PayPal Money Adder is HERE

2. PayPal Money Adder is free fake application which appears to hack PayPal Accounts, now run .exe application to see something like this:


Note: PayPal Money Adder is a FAKE application. It doesn’t add any money to your PayPal Account. It is only used to fool victim and to bind your Trojan server.

3. When you open this, there is a TextBox to type your PayPal Email, and you have to select how much money you want to Add. After that, click on Send Money, and Progress Bar will start.

4. When Progress Bar is full, it will says “Money Has Been Added to your Account Successfully “ as in the Picture below, but it wont add any money to your Account !!!


5. So that is one fake PayPal Money Adder, not one real !!!

6. Now create a keylogger or whatever server (like stealer or RAT), crypt it, and bind with this application. You can use Shock Labs File Binder or Easy Binder. You can find some binders on this blog, just search for it !!!

7. Now, send this binded PayPal Money Adder to your victim and tell him this PayPal Money Adder is used to Add Money to PayPal Accounts. You can use Social Engineering for this. So as long as he runs PayPal Money Adder on his computer, your keylogger server is installed on his computer.

8. Many other Fake Hacking Tools are coming soon, like AlertPay Money Adder, Skype Money Adder, Ultimate Password Cracker, Neobux Hacker and other!!!


(All this fake Hacking tools are coded and created in Visual Basic 2010 by Saint Andrew)

Continue Reading >>

We Are Looking For a YouTube Partnership

Hi to all of my readers. "Computer Hacking" is going to make a YouTube channel, and we are looking for someone that will cooperate with us.

What will be your job as our youtube partner?

• Making videos about the content you will find on this blog.
  
• Help people find the answers to their questions.
• Spam or delete comments if needed.

REQUIREMENTS:

• Having a great knowledge in video making/editing techniques.
• Speaking English well, and clearly.
• Having a helpful and easy going personality.
• Being able to enjoy team work and some fun!

If you are interested, or if you have more questions, you can contact me here.

Applications are currently

Open

Continue Reading >>

Get Free SandBoxie Serial Keys

Who doesn’t like free stuff! I know you do, that’s why I’m going to give you free serial keys for SandBoxie. As most of you know, Sandboxie will allow you to run your software downloads in a sandbox (in a separate memory area) to check whether or not they're what you were expecting. This can be great if you don't trust a download or freeware. This software is used to protect your computer from being affected from various hacking software loopholes.

You can read more about SandBoxie here.


Free SandBoxie Keys:

User: Serial

1. test: CXKEJJB
2. Freeware: 95VEMA1
3. FreeSandBoxie: ENKX652
4. SandBoxieIsFree: YF8SZC2
5. SandBoxie: EFJ3BJA
6. A: S6JEW41
7. B: L4ERQGB
8. C: 5VRJ9TA
9. D: JYVCST1
10. E: C3D5CA2
11. F: 5S2WG9B
12. G: KCRWRCB
13. Creator: 3AKGF72
    

Continue Reading >>

Black Hat Method to Make Money Online

There are so many click ad sites that are totally scam. Before going in, you must have an enough knowledge about it. I would not spend my time dealing with scammers and fake websites. In this article i am posting a very unique e-book where you can learn the dirtiest black hat method ever to make lot of money online. I wish this book was around when I began my journey to learn how to make money online. It was made specifically for the beginners who really want to make cash online, and for those of us who began and got lost.


This method is black hat… VERY black hat. So black hat in fact that I felt bad about doing it - however, you definitely can make money with it, as I’m proof that it works. I made $647/three days with this, before I stopped - twenty minutes of work to set this up, and I’m not joking. After the setup, it took five seconds daily… to check how much I had earned.

This book costs $10. By buying this book you are also making a donation to this blog.

Bonus Files:

• Greatest Money Making Ebook EVER!
• CPA Monopoly

Download Black Hat Method to Make Money Online (+ CPA Monopoly, and Greatest Money Making Ebook EVER!)

Continue Reading >>

The Best Operating System for Hackers

There are a couple of things that are essential to any hacker’s walk of life. To name a few, there’s the ubiquitous flash drive for data transfer. You have the crossover cable for even faster data transfer. There’s the Wi-Fi antenna for high gain and strong amplification. Possibly, you might find a video capture card in the computer. Of course, there’s the ubiquitous laptop and desktop computer. But what software is on these computers? Undoubtedly, you will find at least two operating systems, most often Windows and Linux. But with Linux, there are several different distributions. Is there a specific one? With hackers and crackers, there is only one Linux distro out there. It is called Backtrack.


BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.

Regardless if you’re making BackTrack your primary operating system, booting from a Live DVD, or using your favourite thumb drive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

Back Track is quite possibly the most comprehensive Linux distribution of security tools. Both hackers and crackers can appreciate the features of this distribution. For black-hatters, it is an easy access to software that facilitates exploitations of secure system. For white-hatters, it is a penetration tester that finds holes in a security scheme. See, everybody wins!

Major Features

BackTrack features the latest in security penetration software. The current Linux kernel is patched so that special driver installation is unnecessary for attacks. For example, an Atheros-based wireless networking adapter will no enter monitor mode or inject packets without the MadWiFi driver patch. With BackTrack, you don’t need to worry about that. It’s just plug-and-play ready-to-go!

What’s great is that this Linux distribution comes Live-on-CD. So, no installation is needed. However, what you experience BackTrack, you will realize that it is a must to download this operating system and install it on your Laptop. At the very least, download the VMWare Virtual Appliance for Backtrack. Make sure you also install the VMWare Tools for Linux as well. Many features will still work in VMWare mode.

• Based on: Debian, Ubuntu
• Origin: Switzerland
• Architecture: i386
• Desktop: Fluxbox, KDE
• Category: Forensics, Rescue, Live Medium
• Cost: Free
  

Tools:

BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.

BackTrack includes many well known security tools including:

• Metasploit integration
• RFMON Injection capable wireless drivers
• Kismet
• Nmap
• Ettercap
• Wireshark (formerly known as Ethereal)
• BeEF (Browser Exploitation Framework)
  

A large collection of exploits as well as more common place software such as browsers. BackTrack arranges tools into 11 categories:

• Information Gathering
• Network Mapping
• Vulnerability Identification
• Web Application Analysis
• Radio Network Analysis (802.11, Bluetooth, Rfid)
• Penetration (Exploit & Social Engineering Toolkit)
• Privilege Escalation
• Maintaining Access
• Digital Forensics
• Reverse Engineering
• Voice Over IP
  

Download and Documents:

Home Page
User Forums
Documentation
Download Mirrors

Continue Reading >>

How to Hack Graboid to Get Unlimited Movies for Free

So if some of you may have heard, Graboid offers free movies, TV shows and more to download. It is subscription based on bandwidth. In this post i am going to show you how to download as much as you want videos, movies, and TV shows through Graboid for free.

First, download the program HERE.

Then after you open the program you will have the option to create and account.


Create it and log in. You will notice your bandwidth restriction, and your account will expire in a month, when you have to buy a subscription.


Once your account has expired, I have discovered a new way to make accounts (NOTE: After your account is created, you will never be able to create a free account again, nor through the program or website).

Make this batch script:

cd %appdata%
del MozillaControl /F /q
cd “%LOCALAPPDATA%\Graboid_Inc\”
del *.* /F /q

Or download it HERE if you don't know how.

Run the batch file, and behold, the new account button shall appear again. Enter a different email address than previous, and your good to go.


For those with issues creating accounts:

1. Renew your IP address (unplug your modem for about 5mins and then reconnect it).

2. If the problem is not solved by number 2, download Hotspot Shield HERE

3. If it still doesn't work, wait a week. This will give a chance for your ISP to reset your IP.

Hope this helped!

Continue Reading >>

Know More About Phishing Attacks

Phishing is a method of stealing login info (usernames and passwords) by directing the victim to a clone (fake) login page, that logs the login info without the knowledge of the victim. Such clone website is known as a phisher. eBay, PayPal and other online banks are common targets. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

Recent phishing attempts have targeted the customers of banks and online payment services. Social networking sites such as Orkut are also a target of phishing.

Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack. In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.

How to protect yourself against phishing?

• Use your login info in the correct places only.

Don't ever put your login info anywhere else than the page you registered to, unless it's a trusted service, such as youtube or blogger, asking for your google account's info).

• Make sure the website you're logging in isn't fake.

Whenever you login to a website, if you didn't type the URL (address) of the website yourself, i.e. if you clicked a link that led you to the login page (from message, website, search engine results), always check the url (address) to see if you're in the right place.

For instance, if you're logging in your facebook account, make sure the url appears as http://www.facebook.com/
Where a phisher page would look like http://www.facebook.freewebs.com/, or http://www.facebook.spam.com/, or any url whose part before the .com isn't exactly the same as the page you want to login to.

• Make sure the links you're clicking aren't fake.

Whenever you're clicking a link, check where the link goes before clicking it. Links can be masked to appear as something else than the page they're leading to. For example, www.google.com leads to yahoo instead of google. Fortunately, in most browsers, whenever you point your mouse cursor over the link, the true location of the link is displayed on the bottom left part of the screen.
This is particularly important because it can protect you from another, rarer but more dangerous method called cookie stealing, which is basically automatically stealing your account if you're previously logged in the website.

Know that links to phishing pages are usually spread via email, and often represent impersonating trusted services and persons, such as making the email appear as it's sent from the website you've registered to, or a friend of yours whose account has been compromised.


What to do if you have spotted a phisher?

• Report the phisher as soon as you can. Report the phisher's address here: http://www.google.com/safebrowsing/report_phish/

• If the phishing attempt has been done via message, report the message in any of the following services:

http://www.reportphish.org/forwardphish.php
http://www.us-cert.gov/nav/report_phishing.html

• If you received the message from a friend's compromised account, inform your friend, and other friends that might be in danger.

• If possible, inform the admin of the website that the phisher is made for.

So the Bottom line to defend from phishing attack is

1. Never assume that an email is valid based on the sender’s email address.

2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.

3. An email from trusted organization will never contain attachments or software.

4. Clicking on a link in an email is the most insecure way to get to your account.

Continue Reading >>

How to Stay Safe Online

Many people think that a computer can only be infected by directly downloading a file, which is completely wrong. People also think, just having an anti-virus, means they will never become infected. The internet can be one of the best places, yet one of the worst. Considering malware is becoming more and more advanced daily (becoming undetectable, hiding under legitimate process names, disguising as Java applets or ActiveX components, etc.) We need to be on our toes to prevent the chances of becoming infected. I will be covering safety tips to keep your computer safe from infections.

Download an Anti-Virus

An anti-virus or an 'AV', is a type of software that is used to find, protect, and remove malware. Many of the newest anti-virus software comes with great web protection, which can be vital to ensure your safety online. AV's with web protection can help you by warning you how safe a website is. Although you don't need an anti-virus to protect you online, it is recommended you do have one to ensure maximum safety. Most companies that make AV's typically have different packages depending on the security and extra features, such as; Avast!, Kaspersky, and AVG. Of course, if you buy the Internet Security packages of these AV's, your protection online will be substantially better. Be sure to have only one anti-virus running at one time.

Download a Firewall

A firewall is a piece of software that is an essential part of your protection online. It can prevent DDoS/DoS attacks, it can prevent a hacker from infiltrating your network, shares your privacy to a greater degree, etc. Below is a list of a few, great firewalls. All have been recommended by numerous people.

• Comodo Firewall


• Online Armor


• Zone Alarm

Continue Reading >>

What is Social Engineering?

Social Engineering is the art of Hacking In Real Life. Social engineering is the art of getting people to tell you stuff that they usually wouldn’t disclose, through the use of words and your appearance.

A good Social engineerer (or as I love to call these types of people, “Bullshit artists”), can make people believe nearly anything.

I will use the example of someone trying to get someone’s password:

Now the most important thing is having a believable story. If you go to someone and say “hotmail have requested i get your password for account checking”, then they will most likely tell you to piss off.

One of the most common ways that i use, is “I’m doing a survey”. Make a fake survey, attach it to a clip board, and just walk up to the person and start asking him questions.

For example:
Hi, my name is Alexander, and I am doing a survey on how strong peoples passwords are. You will be surprised at how insecure most people’s passwords are, and you may find it extremely worrying about how insecure your password may be. If you don’t mind, would you allow me to ask you a few questions?

The person will think “insecure personal information” and 9 times out of 10 will agree to talk to you.

Ask them questions like “does your password contain letters numbers and symbols”, “how long is your password” (when they are counting, watch their lips to see if they spell the words/numbers out), etc.

You may also be able to give them the “i also have a good way of calculating how strong your password is. This isn’t necessary but you can give me a password you use most frequently and i can calculate how strong it is”, but that sometimes pushes the bar a little too much.

Prevention of Social Engineering

As you can probably see above, the power of SE can EASILY be used against people. It is always a good idea to be aware of people who you don’t know, but it is also good practice to watch people you DO know. Don’t be getting paranoid about things, because that isn’t what i mean, but SE is the EASIEST way to hack anything.

Here are some tips of keeping safe:

I cant have a complete list, because Social Engineers are constantly changing the ways in which they gain trust.
A few things to look out for:

Something that is too good to be true

If its too good to be true, then it probably is. Always make sure that the person is trusted, or is well known. Hey, don’t just go on that, the person may have fooled everyone, but it is always good to ask yourself “If this is such a good offer, how can he/she be offering it.”

Someone who you never usually talk to has started being really interested in you

They might just have become really interested in you, but what for? If they start asking really strange/personal questions, I would recommend you play the “Playing it hard” game. Ask them the same question as your answer, and refuse to tell them until they tell you. Then just be like “I don’t believe you”. Doesn’t matter if its true or not, but what you have just done is proven to them they aren’t as trusted as they believed they were, even if its only psychological. Then just make up an excuse so you need to go. There are plenty of ways to just get out of something, but i prefer the method where you beat them at their own game. Make it SO much more entertaining =)

Someone you don’t know asks you for your details

Obviously you don’t give them out, you would have to be stupid to do that.

As a rule of thumb, just make sure that the person isn’t trying anything. You will find it hard to pick a real good Social engineerer, but just remember that there are always people out there who aren’t that good, trying it.

Remember: Never give out details, or secure information such as your passwords. Use passwords that aren’t anything to do with your age/DOB/FirstName/Surname etc. All of that can be found too easily.

This Post was written with the beginner in mind, and just defines the basics of the Social Engineering techniques.

Continue Reading >>

What is a Hacker / Cracker?

What is a Hacker?

A Hacker is known to build things, solve problems and not break or crack any system. The computer industry initially hired good programmers to make sure how to full proof their system. However, over the years, the media, journalism and writers have played a very important role in changing the real meaning of the word hacker. They themselves are very confused in the term Hacker and a Cracker. A typical definition of a Hacker, that today comes to you mind is that a Hacker, is a person who tries to gain unauthorized access to any property and computers. The term Hacker came as slang from the computer world. So, different people have given different definitions to it. But what remains the common point is, that whenever you hear the word hacker, the first think that comes to your mind is always negative and bad. However, the real meaning of a hacker is a programmer who really finds it thrilling to learn more about it, who likes to explore more details about the programming language and hence stretches his or her capabilities more than any average person.

What is a Cracker?

Crackers are people who get cheap thrill out of cracking computer codes, and breaking into systems. Hence, these are the people who have negativity around them and they only believe in breaking or cracking an access to any kind of system that they have no authorization to. They are malicious annoying people who try to uncover sensitive information by poking their unwanted nose everywhere. Hackers on the other hand are knowledgeable and responsible people. They like to take intellectual challenges and like to overcome all limitations that are there in a particular system. Learning to hack is not very easy. It is a special gift that is only given to a selected few. Only people who are good in searching and keeping themselves updated about the latest technology are the one who are blessed with it. Only being good with computers does not qualify one to be a good hacker. Some people also reapply their hacking knowledge to different fields like music and electronic. It is also said the every hacker is independent of any kind of hack he does, call it in the computer field or elsewhere. Hackers are known to be ethical, wise in their practice.

The realty is: “Hackers build things, crackers break them.”

Today the hacker world has been given 3 different names. The White hat hackers, who do all the good things and are positively motivated people, Then we have the Black hat hackers also called the crackers who are usually into negative work of cracking and breaking into someone’s system and finally the third and the last are the gray hat hackers who explore the best of both the worlds. To conclude, we can say that Hackers are people who are skilled programmers that work for a positive cause or a goal, either for themselves or for an organization which could be private as in an industry or for the government.

Thinking of a Hacker

The thinking of a hacker is very much the same as that of a good program developer. Hackers who have been successful have developed a common strategy over a period of time. This strategy is to very patiently and carefully document every step, which is what the programmers do. They are good at analyzing and following a methodical approach of investigation. So when they start they don’t have much as in the background, they start from the starch and gradually build what is called the entire roadmap or game plan.
It is a known fact that in order to think like a master hacker one should imitated all the big hackers both intellectually and emotionally. As they always work on a different platform and it is the platform of Self Belief.

1. The typical thinking of a Hacker is that, they believe that the world is full of ongoing problems which continuously need solutions to it. So looking for solutions should be the ultimate aim and not giving up till the time the problem is cracked.

2. Another fundamental that they work on is that, the same wheel should not be invented twice as it will be a waste of time and effort both. Brains with creativity should be used for new proposes and not older ones. So, they believe in the theory that time is precious and make the best out of it.

3. The third fundamental truth that they believe in is that, repetition is what leads to success and no word like boredom can be found in their dictionary.

4. The next good thing they believe in is Freedom. Most of the hackers work independently and that is a strong foundation for them to grow. It is said that freedom has no limit to the growth of an individual.

5. No replacement for a good attitude. An attitude to fight and not flight. One can give up whenever he or she wants. It is only the attitude that makes you different from the other.

6. Hackers believe in a value system that is not negotiable and do not compromise on it, because if they do then they would be crackers and not hackers.

Documentation is said to be the wisest thing that any developer a simple programmer or a hacker maintains. At times finding solutions is so difficult that is only the documentation that can help one understand the entire process all over again. It is like hunting for a treasure hunt in a jungle with small clues that take you to the next clue and one step closer to the final gift.

Continue Reading >>

Learn How To Create Your Own Programming Language

Creating a programming language from scratch is hard. It takes several attempts before finally coming up with a fully working language. This system will teach you all the tricks you need to know to make your language come to life. This is a great skill to put on your résumé and it's also fun to learn. In this post i am going to present you an easy step-by-step book that will guide you through the creation of a simple language written in Ruby. I am reading this book currently, and for now i am really satisfied.


What you’ll learn

The system will walk you through each step of language-building. Each section of the book will introduce a new concept and then apply its principles to a language that we’ll build together. All technical chapters end with a Do It Yourself section that suggest some language-extending exercises. You’ll find solutions to those at the end of this book.

The language will be dynamic and very similar to Ruby and Python. All of the code will be in Ruby, but I’ve put lots of attention to keep the code as simple as possible so that you can understand what’s happening even if you don’t know Ruby. The focus of this book is not on how to build a production-ready language. Instead, it should serve as an introduction in building your first toy language.

Here are some subjects covered in the book:

• Lexer, with Python-style indentation
• Parser, using Racc (a Yacc-like tool)
• Runtime, bootstrapping and self-hosting
• Compilation, using LLVM
• And much more!

Create Your Own Programming Language

Learn how to create a simple programming language in a few days with this easy step-by-step guide.

Continue Reading >>

What Are Keystroke Loggers (Keyloggers)?

A Keystroke logger (also known as a Keylogger) is a program, usually ran secretly in the background that records what users type, then the typed output is usually sent via email or uploaded by the keylogger somewhere in secret. These can be attached to other executable so you never even know you ran them in the first place, once you click it once it often is started at start up from their on.

There are two main types of keystroke loggers:

1. Software based, and

2. Hardware based

Software based keyloggers

These are software programs designed to work on the target computer’s operating system. Once the software is installed on the target's computer, it captures every key pressed on the keyboard and stores it down in a file or memory-bank that can be viewed by the person performing the monitoring in real-time, or at a later date.

There is also a type of remote access software keyloggers. This is a process of creating server keylogger and then sending this server.exe file to the victim. Once the keylogger server is installed on the victim's computer, all text and passwords typed on his computer are sent to you in your email inbox by this server created using keylogger.

Also, server keyloggers are detected by antiviruses. So, you need to have FUD (Fully UnDetectable) keylogger so that victim computer's antivirus will not detect your sent server keylogger as virus and prevent it from being deleted.

Continue Reading >>

Know More About Antivirus Software

Antivirus is a program which makes your system clean and secure from harmful virus,worms and attacks. Antivirus software is vital to maintain proper computer functioning. When computers operate without antivirus programs, they have an increased risk of acquiring malicious software that could completely damage the system, compromise security or delete important information.

Okay, now in simple words. Antivirus programs fully protect the computer by scanning the entire operating system, emails and all downloaded files.

How Antivirus Detection works?

Antivirus software scan all files of your system to find the malicious software, worms and Trojans. While browsing the Internet increases the risk of picking up viruses, spyware, malware and malicious Trojans on your computer. Antivirus programs detect suspicious websites and files that contain malicious programs before they enter the computer. Antivirus programs block malicious tracking software from being downloaded to your computer. Tracking software is used to steal credit card, banking and personal information; the information is then sold to organizations that run identity theft rings. Antivirus programs automatically remove spyware files, Trojans and all other forms of malicious software from the computer. Automatic virus removal is a simple process, and it is also very extensive.

Why is Important to Install an Antivirus in Your Computer?

There are lots of hackers in the world, who every minute make and spread millions of new viruses. The main purpose of those hackers is to hack and collect your secret information, like your facebook, email passwords, your ATM password, your bank account info and lots more type of private info. Other attacks are just for fun to destroy systems. You have also seen sometimes in your window that your antivirus stop working, your files are automatically deleted, your net connection becomes very slow, task manager disable, even sometimes your window crashes. All these are effects due to such virus.

How and Why Hackers Code this Virus?

Everyone wanna know how hackers code such virus. These viruses can be coded in different programming languages. The very basic language used is Vb.net or Batch, then Java, Delphi, Python or other more advanced programming languages can be used. These viruses mostly work only for Windows system, because Linux doesn't support all such extensions and formats of viruses, and also doesn't support autorun.

There are lots of virus maker programs available, with which you can create your own customized virus without knowing the programming languages.

Why Updating of Antivirus is Important?

As I mention above, every minute there are lots of new virus types that come online to attack on our computers. So, Antivirus programs update their virus registry on a daily basis. These updates are important because new viruses are released every day, and they can go undetected if the virus scanner is not up to date. Virus signature / Database/Data mask is an algorithm or a set of algorithms which calculate a hash to distinctively identify the strains of a virus. A generic anti-virus checks the database or virus signature and a heuristic anti-virus uses heuristic algorithm and checks malicious character in virus behavior by different statistical and other advanced means.

So from today keep in mind that only installing an antivirus is not sufficient for your security. You have to update it regularly.

Where Mostly a Virus may Resides?

1. RAM


2. Boot Records


3. Master Boot records


4. Different type of files


5. In temporary folder


6. Can be hidden/bind with other files, like images, games, videos, keygen or patch software.


7. RAR files

What Should be the Capabilities of a Good Antivirus Program?

1. Script checking


2. Compressed Files/folder checking


3. Quarantine capability


4. Email and web mail checking


5. P2P/File Sharing Protection


6. Registry checking


7. Macro protection


8. Firewall Protection


9. Real time Protection

Which Antivirus Software to Choose?

I think now everything clear to you. Now lets see which Antivirus programs are best for your system:

1. Kespersky Antivirus


2. Norton Internet Security & AntiVirus


3. ESET NOD32 Antivirus


4. BitDefender Internet Security & Antivirus


5. Avira Antivir Premium & Security Suite

Hope you understand the need of an antivirus software for your computer.

Continue Reading >>

What is a RAT (Remote Administrator Tool)?

A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling PC's, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.


What can RAT do?

With a RAT, you can make the party download files, view their desktop/webcam, and more. Here is a list of basic features of a popular RAT:

• Manage files


• Control web browser (Change homepage, open site etc.)


• Get system information (OS Version, AV name, Ram Memory, Computer name etc.)


• Get passwords, credit card numbers or private data etc.


• View and remote control desktop


• Record camera & sound


• Control mouse


• Delete, rename, download, upload or move files

Are RATs Illegal?

Some RATs are legal, and some are not. Legal are the one without backdoor left, and they have ability to close connection anytime. Illegal are used for hacking and they can steal data (Credit Cards, Passwords, private data etc.).

Here is a list of some Legal and Illegal RATs:

Legal:

• TeamViewer - Access any remote computer via Internet just like sitting in front of it - even through firewalls.


• UltraVNC - Remote support software for on demand remote computer support. VNC.Specializing in Remote Computer Support, goto my pc, goto assist, Remote Maintenance


• Ammyy Admin - Ammyy Admin is a highly reliable and very friendly tool for remote computer access. You can provide remote assistance, remote administration or remote


• Mikogo - Mikogo is an Online Meeting, Web Conferencing & Remote Support tool where you can share your screen with 10 participants in real-time over the Web.

Illegal:

• Spy-Net


• Cerberus Rat


• CyberGate Rat


• SubSeven


• Turkojan


• ProRat

Continue Reading >>

What Are Anonymizers?

Just about everything you do in a computer is logged. In Windows, there are event handels that log main events performed by the user, such as logging into the computer. On Linux, even things such as error logging for the xorg server is performed, and some programs that users intent to use for malicious purposes, even log locally on the computers, without the users consent. The programs are not logging because they know you are conducting abuse, but because the logging is used for error-checking. However, if you find yourself in trouble, the error-logs can point the police to evidence of your mis-doing.

Say you manage to attack and compromise a webserver, and remove the logs, you're still not safe though. There is another thing that prevents you from being completely undetectable, Your IP/Domain address, and this is what this tutorial will primarily be focusing on.

What is an Anonymizer?

Anonymizers are online services that eliminate the trail of information that you leave behind, whilst surfing, so that your online activities cannot be traced back to you. The anonymizers vary in sophistication depending on the level of security and number of features that you require. Some anonymizers require the use of client software and others only require that you log onto their website before browsing other sites.

How do Anonymizers work?

You essentially surf the Web through the anonymizer site, going to that site first and then routing all your pages from there. When you send a page request through the anonymizer, it acts like a super-proxy server, stripping off the header of each data packet, thus making your request anonymous. The requested page is then fed through the anonymizer back to your Web browser.


In order to avoid being tracked, one can use an anonymous proxy to surf the web. An anonymous proxy makes sure your IP address does not get stored on the web server logs. Web servers log every ?GET? request made, together with date, hour, and IP. But if you are accessing the Internet through a proxy server, then the IP of the proxy is logged and not yours.
In case you do not go through an anonymous proxy, then you are actually risking vital information that belongs to you. For example, a hacker can easily find out your IP Address, your web browser, your Operating System and even the previous URL that you have visited. You can also be easily located geographically (provided one has the necessary software tools) because people can find out a whole lot of things that give your location. Like your hostname, your continent, your country, your city and even your Internet Service Provider.

Continue Reading >>

How to Hack and Spy on a Webcam

I get a lot of emails where my readers are asking for help to find out if his/her partner is cheating on them, chatting to someone she/he shouldn't be, etc. So here i decided to answer this question, and to get it clear once for all.
Today there are softwares called RATs (Remote Administrator Tools) that are mostly used for malicious purposes, such as controlling PC’s, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it. With a RAT, you can make the party download files, view their desktop/webcam, and more.

Except the advantages of using a RAT, there are also few disadvantages that you should know about:

1. The RATs are detected by the most anti-virus software.
2. You can get infected by using a RAT.
3. You can get traced when you rat somebody.

In this article i am going to share A step by step guide that allows you to remotely access anybody's webcam, microphone, files and desktop from anywhere in the world, without to worry about the things i mention above.


You can install this on any PC and monitor who ever uses that PC, or even someone passing by. There are no system requirements and this works 99.9% of the time.

This also includes the ability to:

• Access almost any computer anywhere without knowing the computer password or IP Address.
• Record and watch any webcam at the same time.
• Record desktop action and watch at the same time.
• Dig deep into files, download then and upload new ones.
• Watch a webcam from any PC in the world.
• Monitor activities whenever that PC or laptop is online.
• Save all recordings in a number of file types.

This software costs $19.95, but I think the price totally worth for a software like this one.

I have tested this from every single angle possible and have had the BEST success rate with it.

Download Webcam Spy Hack

Continue Reading >>

How To Make Money with Facebook

I did a search on "make money online" and "making money online", and much of the information out there is just promoting various info-products, mostly about Internet marketing. I see why people sometimes ask, "Is anyone making money online besides Internet marketing experts?"
Here you can download a great ebook that will teach you how to make money online using nothing but Facebook. This book covers a step by step guide to make atleast $150 everyday from Facebook.

Today Facebook is one of the largest social networking websites, with more then 500 million active users, so why not to make some money while "wasting" your time there. Facebook is a great money making opportunity

The author of this book is Stella Demin. This book is a great source for the beginner who want to make money. It's written in such a manner that even a 5th grade kid can understand it.

This book costs $5. By buying this book you are also making a donation to this blog.

Bonus E-Book: Farmville Secrets - The Best Kept Secrets Revealed

Download How To Make Money with Facebook (+ Farmville Secrets)

Continue Reading >>

How to Check if Your Computer is Infected or Not

In my previous post "How to Know if You Are Infected with RATs or Keyloggers" I've been writing about methods to find out when you are infected with a RAT or Keylogger, without using any complex tools. Here i will show you how to know if you are infected or not from any malware. These ways are very simple, but I guarantee you to 80% that you will clean your system using these methods.

Lets start:

First Method: Checking the startup

1. Open the "Run" by pressing "windows key + r" or go to "Start", and then select "Run".
2. Type msconfig
3. A window will come up. Go to the "Startup" Tab.
4. Now as you can see, you have the list of all the applications that start with Windows. You can find almost every RAT/Stealer/Keylogger/bot...
5. Search for some file like "Stub.exe" ,"server.exe" ,"s3rver.exe"... This are the most used names.

If you found one uncheck it, and click on "Save". Reboot your computer, and you have successfully prevented the malware(s) to startup with the system.


Second Method: Checking the Registry

In the registry every application saves its configuration, of course malware too. Malware often uses the Registry to startup, and Save the options.

1. Open the "Run" (Start -> Run)
2. Write regedit.exe
3. Search In The HKey_Current_User (HKCU) for the Software Folder.
4. There will be a list with the programs. If you are infected, you'll find something like Server or Stub, some sh*t like that.
5. If you found one, delete that entry (Right Click -> Delete Entry).

Third Method

1. Install Malwarebytes' Anti-Malware. It's really the best anti-malware. Check for updates and make a full scan.

Continue Reading >>

Get a Free Serial Key for Advanced SystemCare Pro

Who doesn’t like free stuff! I know you do, that’s why I’m going to give you this awesome system optimization tool - Advanced SystemCare Pro. In my personal opinion, IObit products especially the latest Advanced SystemCare PRO is my favorite and BEST system tuning software to keep my computer running like new. It provides an always-on, automated, all-in-one PC Health-care Service with anti-spyware, privacy protection, performance tune-ups, and system cleaning capabilities. This powerful and award-winning precision tool fixes stubborn errors, cleans out clutter, optimizes Internet and download speeds, ensures personal security, and maintains maximum computer performance automatically.

Here i am giving you a free serial key for Advanced SystemCare Pro Edition.


Have a great time using your Advanced SystemCare Pro.

Continue Reading >>

Get a Free iPhone Navigator

In this post I present iPhone navigator called MotionX GPS Drive for iPhone and iPod Touch. Below you can find download link, size is 7.6 MB.


MotionX-GPS Drive turns any iPhone 3G or 3GS into the next-generation car and pedestrian navigation solution. MotionX introduces new features not yet seen on mobile device, including “door-to-door” personal navigation tools, user interface innovations that greatly simplify the navigation experience, and integration of live search capabilities.

Download MotionX GPS Drive

Continue Reading >>

How To Access Remote Computers from Your Mobile Phone

Here i am giving you a cracked version of TeamViewer Pro for iPhone and iPod Touch that allow you to access remote computers from everywhere. It allows you to give spontaneous support as well as having permanent access to unattended computers. You can:

• Support your clients and colleagues spontaneously.
• Access your office desktop with all of its documents and installed applications.
• Remotely administer unattended computers (e.g. servers).
  

Features:

• Remotely access unattended computers
• Conveniently control remote computers using the iPhone multi-touch gestures: left click, right click, drag & drop, scroll wheel, zoom, change monitor
• Complete keyboard control incl. special keys such as Ctrl, Alt, Windows®
• Remotely reboot the computer
• Automatically adjust the screen resolution of the remote computer
• Overview of computers that are online via the integrated Partner list
• Effortlessly access computers behind firewalls and proxy servers
• Meets highest security standards: 256 Bit AES Session Encoding, 1024 Bit RSA Key Exchange

Download TeamViewer Pro for iPhone, and iPod Touch

Continue Reading >>

How To Make Your Keylogger Undetectable using Hex Editing

I've been writing a lot about keylogging on this blog. Now as you know, most of the keyloggers are detected by anti-virus softwares, so what you really want is a FUD Keylogger (Fully Undetactable). That means no anti-virus software will alrert the victim saying its a virus. There are very few FUD Keyloggers on web and the most of the time you need to buy a keylogger that will be FUD for a long time. They normally cost about 3$-20$, depending on the functions of the Builder.
Since the FUD keyloggers cost money, i decided to show you how to make them undetectable for free, using hexediting method.

Here I will try to explain how to hexedit your favorite Trojan in order to make it undetected by certain anti-virus programs. I will try to put this as simple as possible so everyone understands it.

Content:

1. General info about hexediting .
2. What tools you need to get started.
3. How to hex.

General info about hexediting

If you want to make your server undetectable, you need to know how AVs work and how they detect your files, right? There are a few ways that AVs use to detect your server heuristics, sandboxing, etc., and one of them is using so called "definition files" that carry information about strings inside your server. Well, that's the way we are going again in this tutorial because hexing is pretty much useless for other methods of detection. So when AVs scan your files it searches for specific stings on specific parts in your server, and if strings match with strings in the AV database, your file is detected.
Let as say that detected strings are "XX" so we need to change that string to something else (e.g. "XY","YY") that isn't in the AV definition database so the file can not be matched with any of the AV definitions and that way the file will be undetectable. There are going to be a few tagged strings in your server - not only one, depending on what trojan you are using and how popular is. Less popular trojans tend to have less tagged parts, and with that they are easier to make it undetectable.
First of all, hexing is not the best method for undetecting files because AVs can change old tagged parts, and once your AV is updated, new definition files are downloaded and your once undetected server might become detected again. Also not all AVs use the same tagged parts - this way you need to hex your server against more AVs to make it fully undetected. This can be annoying because you need to download wanted AVs then hex it your server, then download another etc., etc. Sometimes AVs tag critical parts of the server, and if that part is altered will corrupt the server. Also, heavily edited servers can become unstable, some functions might not work, or even you can corrupt your server and make it useless.
That's why you need to check your server if its still working after every single change you made while hexing it.
Now how to find detected strings in your server?
There are few ways you can do this: Manually cut your server in half adding parts to one half and scanning it until you find the detected string (which is slow and time consuming); use file splitters to split your server into bytes, and after that scan all split files and find out what byte is detected then alter it in original exe, or you can use an offset AV .

What tools you need to get started

• Unpacked trojan/keylogger server. (That's your virus)
• Hex editor > Download
  
• File Splitter > Download
  
• AV-antivirus

How to hex

Now to make this more simple, and understandable i add a video tutorial on how to make virus undetectable by AV , Watch it.



Credits for this video go to Kostaz8

Continue Reading >>

How To Test Hacking Tools Without a Risk of Infection

I was asked by many newbies over here about basic hacking software that every hacker should have. I have until now mentioned about various free software downloads. In this security article, i will mention about software used by hacker to protect his computer from being affected from various hacking software loopholes, Sandboxie.


What is Sandboxie?

Generally, if you are visiting hacking forums or various forums of free software downloads, some of these free downloads are affected or are attached viruses and trojans for malicious purposes. So, if victim installs them on his computer, the malicious scripts get installed on computer causing various problems depending on script. So, the better way is to install such applications on your PC but using Sandboxie.

Sandboxie will allow you to run your software downloads in a sandbox (in a separate memory area) to check whether or not they're what you were expecting. This can be great if you don't trust a download or freeware.


The red arrows indicate changes flowing from a running application program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Sandboxie features:

• Secure Web Browsing:

Running your Web browser under the security protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox of Sandboxie and can be discarded trivially.

• Enhanced Privacy:

Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows OS (Operating system).

• Windows Stays Clean:

Prevent wear-and-tear in Windows by installing software into an isolated sandbox provided by Sandboxie.

Requirements for Sandboxie:

Sandboxie supports windows 2000, windows XP, windows Vista and windows Server 2003.
Sandboxie does not work on Windows 95, 98 or ME, or on Mac operating systems.
There are no particular hardware requirements. Sandboxie needs only a small amount of memory and should have a very small impact on performance.

Windows 2000 users:
You may need to install GDIPLUS.DLL if you don't already have it.

Languages that Sandboxie support:

English, Chinese (Simplified), Finnish, German, Japanese, Korean, Polish, Portuguese (Brazil) and Turkish.


Download Sandboxie

So friends, download this free software, Sandboxie, and protect your computer from harmful viruses, and scripts. Now on, no need to spend time in removing malicious software. Just install Sandboxie and start installing free softwares without any fear.

Continue Reading >>

Know More About Cryptography

In my previous post I've been explaining the Basics of Cryptography, so that every beginner can know about it. Here is one more article i am going to write on "Cryptography". Lets start:

What is encryption

Encryption is the technique of converting data from a plain text into what is called cipher text. Cipher text is information that has been encrypted using an algorithm or cipher into a character string. This data can be converted back into its original form or reverse the process is called decryption. To recover the original data that was once in plain text you need the decryption key, the decryption key will undo the process which encrypting the data has done. A decryption key is what determines the output of either the cipher or algorithm.


History

Cryptography in greek means: "hidden secret". Cryptography was originally created to encrypt secret data to protect unwanted eyes from seeing the original piece of text. This is still what encryption is mainly used for today. The development of digital computers and electronics after WWII made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of data representable in any binary format, unlike classical ciphers which only encrypted written language texts; this was new and significant.


Types of encryption

There are many types of encryption techniques. Here I will be going over:

• DES
• MD5
• NTLM
• LM
  

Encryption can be broken through techniques of cracking such as:

• Bruteforce
• Dictionary attack
• More..
  

DES: DES stands for Data Encryption Standard. It was selected by the NBS(National Bureau of Standards). In 1974 it was created by the IBM team.


MD5: MD5 stands for Message-Digest algorithm 5. MD5 has a 128-bit hash value. MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1.


NTLM: NTLM stands for NT Lan Manager. During protocol negotiation, the internal name is nt lm 0.12. The version number 0.12 has not been explained. It is the successor of LANMAN (Microsoft LAN Manager), an older Microsoft authentication protocol, and attempted to be backwards compatible with LANMAN. NTLM was followed by NTLMv2, at which time the original was renamed to NTLMv1.

LM: LM stands for Lan Manger. LAN Manager hash is one of the formats that Microsoft LAN Manager and Microsoft Windows versions previous to Windows Vista use to store user passwords that are fewer than 15 characters long. This type of hash is the only type of encryption used in Microsoft LAN Manager (hence the name) and versions of Windows up to Windows Me.


Cryptanalysis

Cryptanalysis is the art of analyzing a cryptographic scheme. There are a wide variety of cryptanalytic attacks, and they can be classified in any of several ways. A common distinction turns on what an attacker knows and what capabilities are available.


Cracking techniques

There are some different types of cracking techniques. I will discuss in the paper. First being brute force.

Brute forcing is a strategy used to break the encryption of data. It involves traversing the search space of possible keys until the correct key is found. The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating the data to be encoded, brute force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code.

Dictionary attack: A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary.

Hope all your concepts about cryptography are clear now.


Also read:
The Basics of Cryptography

Continue Reading >>

Learn What is Cryptography

Cryptography has been around almost as long as language. People have been communicating for thousands of years and have been trying to keep information secret for just as long. Many cryptography methods have been in use for years, and still hold precedence today while leaps in technology have brought forth new methods. My hope is to instill a basic understanding of cryptography and to help people interested in the subject establish a base to witch they can move forward from.


For starters, there are some basic terms that are universal to anything related to cryptography and should thus be memorized.

Plain-text is a unencrypted message,
[ My name is Bob]

Cypher text is plaintext after it has been encrypted,
[ yM eman si boB]

A Key is what the receiver of the message uses to decrypt the message

While its obvious what I've done to the sentence, the difference is clear. One is readable while the other appears to be garble.

Plain and cypher text are universal when it comes to encryption, and are the basis for a encrypted message. One must become the other and then reversed to read the message.

Now on to cyphers; Cyphers can be divided into two main categories, with many sub categories within. The main two are Traditional and Modern cyphers. Traditional cyphers are basic, and have been around for a long time, while modern cyphers utilize the advancements in technology, mainly computers, making them much more advanced.

Traditional cyphers come in two main flavors: Substitution and Transposition. Both involve taking plaintext and mixing it up to create cypher-text. A very basic example would be pig latin. you are taking a message and saying it backwards, ie the example i gave earlier.
With Substitution, you take plaintext, and substitute characters within the message for others, thus scrambling it. Only the person receiving the message has the key and can unencrypted it. Substitution is specific in that when you scramble the message your moving individual characters around, or changing them out for new characters. With transposition your utilizing the same methods as with substitution but your scrambling sections of the message, instead of individual characters. The block of plaintext could be any where from a couple characters long to several sentences or more. Both still utilize the same method for the overall encryption and thus have the same weakness.

Frequency Analysis

Lets say for a moment that you receive an assignment to decode some cypher-text. You start looking at the message, and as notice that some characters appear more often then others. Frequency analysis, basically the use of statistics, involves taking these re-occurring characters and assigning new characters to them based on statistical data.

Lets take the word Experience. I'll encrypt the word and now we have GZRGTKGPEG. If we look at the word it becomes obvious once broken down that the letter g occurs the most out of the other characters with a total use of 4 times. Using statistics, if G is the most common occurring letter in the word, then we could associate this with E and substitute them.

EXRETKEPEE

Now looking at the alphabet you will see that G is two places to the right of E. We'll move the rest of the letters two characters back to get the original word Experience. This is Frequency Analysis in a nut shell. Using modern computer programs this basic technique can be applied to large quantities of cypher text, or can be used to create complex encryptions by layering the movement of characters of blocks of characters. While these can become incredibly complex they can still all be broken the same way given enough time and resources.

While Traditional cyphers can be very complex the weaknesses in there use led to the creation of Modern cyphers witch we will now take a look at.

Modern cyphers can be broken down into two main sub categories as well as several other types not related to the basic system used by the main two.
These two typed are Private Key (symmetric key) and Public Key (asymmetric key) encryptions. Well go through them in this order.

Private Key is simply a password system that keeps the key secret. The same key can be used to encrypt and decrypt, and is less complex then a public key system.
If Bob encrypts a message with Key A and sends it to Tom, Tom will use his copy of key A to decrypt it. The key must be secret to maintain the security of the cypher.

Public Key (asymmetric key) is a system that used a public key in conjunction with private keys. It utilizes a different key to encrypt and decrypt. Bobs company makes a key for encrypting messages that is commonly used, but when Bob sends the message to Tom, Tom uses his private key to decrypt it. If one key is compromised, the other part remains secret, thus maintaining security. This system can become very complex.

Since we covered the basics for Encryption, ill now talk a little about some basic methods for cracking cyphers, such as the ones above.

We already covered Statistical Analysis earlier but it is far from the only way to crack cypher text. Another common method involves Brute Forcing. This involves using a program to make repeated attempts to crack a cypher until it succeeds. This however takes time.

An exercise. is a scenario involving a simple cypher. Bob has a message for Tom. He used key A to encrypt it. Tom has key A as well making this a private key. The cypher-text looks like this:

7 14 7 18 10 3 16 22 21 7 3 22 7 24 7 20 1 22 11 15 7 22 10 7 1 9 7 22 10 11 9 10
The key: 1 = A

Its pretty simple from this point, as obviously you'll notice that every number represents the spot of a letter in the 26 letter alphabet.
Decrypted it looks like this:

GNGRJCPVU GCV GXGTA VKOG VJGA IGV JKIJ

Still looks like garble, but if we use statistical analysis we can crack the cypher text and get Bobs important message.
A quick google search will reviel that the most common letter in the english languadge is E . A quick look at the cypher text will show that G is the most common occurring letter in the sentence. Thus we'll start by swamping G for E:

ENERJCPVU ECV EXETA VKOE VJEA IEV JKIJ

Still garble but were moving in the right direction. Once agin a google search will show that the next most common letter statistical is T.
After scanning our cypher-text we see that V is the second most common letter there so once agin we start swapping:

ENERJCPTU ECT EXETA TKOE TJEA IET JKIJ

The pattern witch you might have already guessed is each character moved 2 spaces to the right. A becomes C, etc.... With that knowledge we can now finish the decoding process.

ELEPHANTS EAT EVERY TIME THEY GET HIGH

Now our cypher-text has been decrypted into readable plaintext and Bobs message to Tom becomes understandable. Not sure of the meaning tho, maby Bob was on something at the time but that aside, this shows how to types of encryptions can be used in conjunction. While this was a very simple cypher, something much more complex can be constructed using the same means, and that same cypher can be broken using Frequency Analysis, and by looking for patters. While everything taught here is at a very basic level it can be taken to great complexities when dealing with real world use.

I hope this has taught you something of the basics of cryptography. Once i get the time i plan on making more of these, with the next one dealing with a common but more complex cypher common to computer use. This is of course the Hash Algorithm.


Also read:
Know More About Cryptography Part 2

Continue Reading >>