border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Friday, July 15, 2011

Free VPN For All

VPN On Demand service adds numerous benefits to your internet experience:

Use the internet without restrictions.
Secure your internet connection.
Fast connection speeds.
Easy to setup.

How to apply to a free private beta account?

Send an email to promotion at with subject vpnod

and you will get an instant reply with access credentials to VPNoD service.

Windows Setup Instructions

2- Select Set up a connection or network

3- Select Connect to a workplace and click Next

4- Select Use my Internet Connection (VPN)

NOTE: If prompted for "Do you want to use a connection that you already have?", select No, create a new connection and click Next.

5- In the Internet Address: field, type

6- In the Destination Name: field, type VPNOD.

7- In the User Name: field, type your VPNOD username. Your VPNOD username which was sent to you earlier in an email.

8- In the Password: field, type your VPNOD password.

9- Click the Create button and then click the Close button.

10- To connect to the VPN server after creating the VPN Connection, click on Start, then Connect to.

11- Select the VPN connection in the window and click Connect.

Note: It does keep logs but not for long time.

Thursday, July 14, 2011

ExoBinder V.1 [FUD] [Public Release]

It was FUD but some n00b uploaded it on Virustotal so it got detected by Av’s. Works well if you crypt it with a crypter.

ExoBinder Features:
* FUD Stub
* RC4 Encryption
* Junk Code 
* Icon Added
* Anti-N00bs and Leecher Protection 


Nmap Tutorial | Command Line

I’ve just installed Linux on PC and I’m already having fun with it.
So today I’ll be showing you how to use Nmap to scan and suck the information of the target 
usingthe tools commands. 

First of all you’ll need:

1) A Linux OS (Any Distro)(I’m using Mint Linux)
2) Nmap
If you don’t have Nmap installed don’t worry, Just open the terminal and type the command:
sudo apt-get install nmap
This will install Nmap. Now open a second tab and launch Nmap by typing “nmap”.
This will open a whole list of useful information read them line by line and understand the function of each command.
Now to the tutorial. First choose your target, it can be a Remote PC of your friend or a Web Server about which you want to get information about.
Now if you want to find out what type of OS your target is using then, Open a new Tab in the Terminal and type the following command:
nmap -v -A -O Target IP 
Actually this command carries more then one function. It detects all the open Ports, The server OS, which is the  “-O”
Now when you are done typing the command and the target, Press enter and let Nmap do it’s magic.
After the work is done you’ll get a similar output:
Don’t worry with the images. I’ve split them into three parts actually they are the result of the same scan.
Now as you can see in the pictures that Nmap has generated alot of useful information that might help a hacker exploit the site as well as help a security dude  save his site by observing the open ports and restricting their access. You can see that Nmap has also given the OS of the server which in the above picture is “Linux”. It has also listed many open and vulnerable ports + SSH and SSL secure ports.
This ends my Nmap tutorial. Next time I’ll be posting a tutorial on hacking a remote PC with Nmap + Metasploit.


SIM cloning is the process in which a legitimate SIM card is duplicated. When SIM cloning is completed, the cloned SIM card's identifying information is transferred onto a separate, secondary SIM card. The secondary card can then be used in a different phone while having all calls and associated charges attributed to the original SIM card. The phrase SIM clone is often used to refer to the SIM card that has been successfully duplicated.

A successful duplication hinges on the a user's ability to extract the SIM card's IMSI (International Mobile Subscriber Identifier) and Authentication key (Ki). While a IMSI is relatively easy to identify, finding the Ki can prove to be much more difficult for the novice user. Separate devices and software programs may have to be used to decrypt the Ki.

SIM CLONING Instructions in PDF 

Amarok 2.4.2 Beta 1 "Nightshade" Released

This has been a busy spring and early summer in Amarok-land. Developers met up in Randa, Switzerland and sprinted with a lot of other KDE teams, including KDE Multimedia. Besides lots of good times, much coding progress and bugfixing was done too. You will immediately notice a new streamlined look, and some nice background graphics. The other big change is in dynamic playlists.
One we have been waiting for: drag and drop on Collections, to copy or move within Local Music, and also directly from the Playlist. We also got patches for various bugs and wishes: one can now configure the names of Podcast episodes, thanks to Sandeep Raghuraman, and automatic scrolling in the Lyrics applet is possible, thanks to Jan Gerrit Marker. Good news for classical music listeners, you now have the option to scrobble the composer as artist in, thanks to Nicholas Wilson.
We also have an updated dynamic playlist which should be easier to understand. Some of the functionality changes are: New AlbumPlay example playlist, a Quiz-play bias that will pick a song that starts with the same character the last one ended with, preventing duplicate tracks.
And of course we have quite a few bug-fixes, and changes under the skin. The changelog below gives a fairly complete overview of the changes in this beta release. Please help us test it and get it ready for prime-time.


  • Made Amarok compile with the Clang LLVM frontend.
  • Enable drag and drop on collections to copy/move within Local Music and directly from the playlist.
  • Added KNotify scripting interface. 
  • Make podcast episodes download filename configurable. Patch by Sandeep Raghuraman. 
  • Automatic scrolling in lyrics applet (Thanks to Jan Gerrit Marker)
  • Option to scrobble composer as artist to (Thanks to Nicholas Wilson)
  • Option to hide the OSD if another window is taking the full screen


  • Again write back ratings only if option is selected.
  • Moved the queue-editor action to the main menu under playlist to save space. Queue editor now has a shortcut: Meta+U.
  • Removed the redo action from the playlist toolbar to make it less wide.
  • Made some playlist toolbar actions collapse into a menu button for use on small screens.
  • Removed the statusbar. Moved progress info & messages to the Media Sources dock.
  • Removed the preview button and checkbox from the organize collection dialog.
  • General user interface cleanup (addition of browser widget backgrounds, etc.)
  • Removed the add button in the context toolbar. Applet explorer is opened on config.
  • Easier to understand Dynamic playlists
  • Made Amarok depend ffmpeg-0.6 or newer.
  • Use KImageCache if possible (kdelibs 4.5.0 and later), which should reduce the number of cache-related crashes.


  • Don't let the album applet freeze Amarok for ages on track change. 
  • Fixed cover fetching from Google Images. 
  • Fixed a crash in the equalizer dialog when selecting "Off".
  • Fix finalization of track copy process to media device collections. 
  • Fixed crash on MusicBrainz search.
  • Avoid crash in ContextView when accessing Plasma::Applet::view(). 
  • Fixed playlist tooltip getting too tall for multiline comments. 
  • Made equalizer keywords (dB,kHz,...) translatable. 
  • Made equalizer preset names translatable. 
  • Fixed runtime error reporting of scripts. 
  • Fixed "Happy" moodbar theme. 
  • Fixed crash for invalid scripts trying to be stopped by the manager. 
  • Fixed collection menu items ordering. 
  • Fixed top level podcast location setting. 
  • Fixed double-clicking in collection using left-handed mouse setting.


Monday, July 11, 2011

SQL Power Injector v1.2


SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.

For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Indeed, the normal mode is basically the SQL command that someone will put in the parameter sent to the server.

If the aspect of inline SQL injection is powerful in itself, its main strength dwells in the multithreaded automation of the injection. Not only there is a possibility to automate tedious and time consuming queries but you can also modify the query to get only what you want. It is obviously more useful in the blind SQL injection since the other ways to exploit the SQL injection vulnerability is more effusive and much faster when the results are displayed on the web page (union select in a HTML table and generated 500 error for instance).

The automation can be realized in two ways: comparing the expected result or by time delay. The first way is generally compared against an error or difference between positive condition with a negative one and the second way will turn out positive if the time delay sent to the server equals to the one parameterized in the application.

The main effort done on this application was to make it as painless as possible to find and exploit a SQL injection vulnerability without using any browser. That is why you will notice that there is an integrated browser that will display the results of the injection parameterized in a way that any related standards SQL error will be displayed without the rest of the page. Of course, like many other features of this application, there are ways to parameterize the response of the server to make it as talkative to you as possible.

Supported on Windows, Unix and Linux operating systems
SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant
SSL support
Load automatically the parameters from a form or a IFrame on a web page (GET or POST)
Detect and browse the framesets
Option that auto detects the language of the web site
Detect and add cookies used during the Load Page process (Set-Cookie detection)
Find automatically the submit page(s) with its method (GET or POST) displayed in a different color
Can create/modify/delete loaded string and cookies parameters directly in the Datagrids
Single SQL injection
Blind SQL injection
Comparison of true and false response of the page or results in the cookie
Time delay
Response of the SQL injection in a customized browser
Can view the HTML code source of the returned page in HTML contextual colors and search in it
Fine tuning parameters and cookies injection
Can parameterize the size of the length and count of the expected result to optimize the time taken by the application to execute the SQL injection
Create/edit ASCII characters preset in order to optimize the blind SQL injection number of requests/speed

Multithreading (configurable up to 50)
Option to replace space by empty comments /**/ against IDS or filter detection
Automatically encode special characters before sending them
Automatically detect predefined SQL errors in the response page
Automatically detect a predefined word or sentence in the response page
Real time result
Save and load sessions in a XML file
Feature that automatically finds the differences between the response page of a positive answer with a negative one
Can create a range list that will replace the variable (<<@>>) inside a blind SQL injection string and automatically play them for you
Automatic replaying a variable range with a predefined list from a text file
Firefox plugin that will launch SQL Power Injector with all the information of the current webpage with its session context (parameters and cookies)
Two integrated tools: Hex and Char encoder and MS SQL @options interpreter
Can edit the Referer
Can choose a User-Agent (or even create one in the User-Agent XML file)
Can configure the application with the settings window
Support configurable proxies

Click here to download the tutorial

Download Version 1.2

Installation file MSI

Source code in C# and .Net 1.1

Same document as the one of the tutorial and Databases "Aide Memoire" Help file (chm)

Plugin Firefox (XPI Plugin Installation file)

BSQL Hacker

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits. 

Key Features

Easy Mode
SQL Injection Wizard
Automated Attack Support (database dump)
MySQL (experimental) 
Fast and Multithreaded
4 Different SQL Injection Support
Blind SQL Injection
Time Based Blind SQL Injection
Deep Blind (based on advanced time delays) SQL Injection
Error Based SQL Injection 
Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
RegEx Signature support
Console and GUI Support
Load / Save Support
Token / Nonce / ViewState etc. Support
Session Sharing Support
Advanced Configuration Support
Automated Attack mode, Automatically extract all database schema and data mode 

Update / Exploit Repository Features
Metasploit alike but exploit repository support
Allows to save and share SQL Injection exploits
Supports auto-update
Custom GUI support for exploits (cookie input, URL input etc.) 

GUI Features
Load and Save
Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
Visually view true and false responses as well as full HTML response, including time and stats 

Connection Related
Proxy Support (Authenticated Proxy Support)
NTLM, Basic Auth Support, use default credentials of current user/application
SSL (also invalid certificates) Support
Custom Header Support 

Injection Points (only one of them or combination)
Query String
HTTP Headers

Post Injection data can be stored in a separated file
XML Output (not stable)
CSRF protection support (one time session tokens or viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.) 

BSQL Hacker Manual.pdf 1.1 MB


SqlInjector v1.0.2

SqlInjector is an application to perform completely blind SQL injection. Currently it only supports MS
SQL Server. It uses time and true/false based inference to conditions to extract data. The key feature
is that it uses a binary search mechanism to reduce the character search address space; this means it
can get each character value within 7 to 8 requests.

Binary search for faster character identification
Completely blind injection using time based inference
True/False inference
Supports MS SQL Server
Extracts database name
Extracts current user
Extracts server version
Extracts table names
Extracts column names
Extracts column data types
Extracts column lengths
Configurable space encoding
Configurable wait timing
Tree view display of enumerated data
Resume support
Save/Loading of project files
Proxy support
Authentication support (Basic, Negotiate, Digest, NTLM, X509)


Blackshades 4.2 Cracked

All right I've noticed ppl having trouble still with the crack.
Since that last thread has degenerated into incoherent jibber-jabber,

I am posting this here. The culmination of our (My) efforts.

Everyone use THIS as the latest known working version of the crack.

And yes, just in case the 4.2 is deleted from the official site ive decided to mirror it in here. This will contain everything needed to run. Try not to change anything unless you know what you are doing.

Things to remember:
1: Only keep the login server on if you want to generate a server. Once ur finished, feel free to turn it off.

2: Run the login server to be able to login. Type anything you want in that login box. Think of it as a server with no authentication. Its like we're ruining cloud computing here. But we should! If it were up to cloud computing none of us would have PERSONAL computers.

3:When making a server, for this implementation of the crack, SAVE your settings BEFORE you build. If you read the source code ull understand why.

4: Atm you cannot inject the server into other processes. You can only inject the server into itself. Like, say u have a crypter which uses injection. If it injects the server into its own memory image then its ok. If you try to inject into say svchost, it'll be blocked by DEP. Thank god I didnt lose any bots permanently due to that.

5: If you are using like DarkComet and want to migrate to blackshades like I have, and you are foolhardy enuf to have them running on the same ports, when your DarkComet gets few or no connections, it is bcuz the blackshades servers are effectively DoS'ing your DC client. (But its worth moving over. That filemanager is fuckin FAST! AND IT HAS TIMESTAMPS!!! AND REVERSE RELAY! But I digress.) Keep that in mind ad you migrate. The workaround obv uses windows firewall inbound filtering rules. I will not explain how to do that.

6: Keep the msvbvm60.dll file in there, otherwise itll revert back to being uncracked. And it may prompt you to update. In fact it will. 4.3 is released. Doesnt really have any new features that are useful, but since this one is cracked they thought theyd release a new version more secure just to keep their uncrackable RAT title. They can keep their title, and we can keep their RAT ^_^. I mean hey this 4.2 is kickass already. Who needs a steam stealer when you have keylogs eh? And this crack obviously will NEVER prompt for update.

It. Will. Work. FOREVER!!! ... until windows decides to stop supporting vb6 binaries, which is prolly not happening anytime soon. ( I mean it wont literally work yknow... forever... but.... u get the point)

Is that it? I think thats pretty much it. Remember you can run the login server source code in autoit SciTe if you dont rly trust the binary. Hell if you find a better server generation method, like oh i dunno maybe the right way to do it, like the official server does, feel free to patch it into the source!!!


A Beginners Guide to Keylogging

[Image: biginnersguide1.png]
[Image: biginnersguide2.png]

Welcome to a Beginner's Guide to Keyloggers! In this guide I will go through all the common topics that you may need to know. When you finish reading this topic you will know everything you will ever need to get started keylogging. I cover every topic related to keyloggers as well as cover terminology and definitions. I'll explain how a keylogger works and how to even get started making your own! So let's get started!

[Image: tableofcontents.png]

  • What is a keylogger?
  • Learning the lingo and definitions.
  • Common features keyloggers have.
  • How do I use a keylogger?
  • What is a "stub"?
  • What is the "server"?
  • What is crypting?
  • What is the difference between a stealer and a keylogger?
  • What is .net framework and why do I care?
  • What are some good keyloggers?
  • What are some upsides to keyloggers?
  • What are some downsides to keyloggers?
  • I want to make my own keylogger. Where do I start?
  • I think I've been infected with a keylogger! What do I do?
  • Conclusion

[Image: whatisakeylogger.png]

A keylogger is a program that logs a keyboards keystrokes. It can be used for several purposes, both black hat and white hat. The most common use is black hat. A keylogger functions by grabbing a keystroke, triggered by when the slave presses a key on their keyboard, and saving it to a variable. This process is called "keyboard hooking". It then will take this long variable and send it via a SMTP or FTP server. You can then view these logs and use it for whatever your intention may be. Keyloggers have several different features that I will go into in a later section. The most basic ones only include keyboard hooking and a way to send the logs.

[Image: learningtheling.png]

One of the most confusing things about starting something new is not understanding the lingo. If you don't understand the lingo, how will you know what people are talking about? In this section I'll be explaining the common terms people use concerning keyloggers. I'll be going over some other more general things as well.

  • Logger
    • Slang term for keylogger. See the "What is a keylogger" section.
  • Hooks
    • Slang term for keyboard hooks. These are also explained in the "What is a keylogger section"
  • Keystrokes
    • Section of code that is triggered when the slave types something on the keyboard.
  • Logs
    • Compiliation of all the keystrokes over a period of time.
  • FTP
    • A webhost that stores files that allows the user to connect and retrieve said files. Files in this case are logs.
  • SMTP
    • A way that logs are sent via email. Example, MSN, Gmail, Yahoo, etc.

  • FUD
  • UD
    • Undetected. This means that some antiviruses will not detect your files as a virus, while others will.
  • Server
  • Crypter
    • A crypter crypts your file removing detections. I'll take this in-depth in the "What is crypting" section.
  • Detection
    • A detection is a term used when an antivirus detects, or thinks your file is a virus. You always want to have the least amount of detections possible to increase your success rate and to reduce errors.
  • Black hat
    • A black hat is someone who uses their knowledge of computers and security for malicious reasons.
  • White hat
    • A white hat is someone who uses their knowledge of computers and security for helpful reasons. They help disinfect and improve others security to combat black hat hackers.
  • Grey hat
    • A grey hat is a mixture between a black and white hat. They will infect innocent people and then help them get rid of it, for free or a price (the latter being more common).
  • Backdoored
    • When a file is backdoored it has a virus binded to it. This means that the file will act normally and the user will be infected without their knowledge. This has become extremely common in the keylogger section. Always be wary of new releases.

[Image: commonfeatures.png]

As I've said before, most keyloggers have two basic settings. Keyboard hooking and log sending (by FTP or SMTP). Most keylogger developers (myself included) like to include more settings to help ease the user experience. Below is a list of common settings you may find, and what they do:

  • Icon Changers
    • This will change your viruses icon without corrupting it like some third party programs can do.
  • MuteX
    • MuteX is a unique string that you generate. It helps prevent multiple logs from being sent.
  • Add to Startup
    • This will add a registry (or other ways) that will cause your virus to start when the computer is turned on.
  • Antis
    • Antis are a feature that help keep your virus on the slaves computer for as long as possible. They disable or stop certain white hat programs such as antiviruses, sandboxie, and keyscramblers from running or removing your file.
  • Disable CMD/Taskmanager/Registry
    • This feature will change the registry value for each of these system tools to disable them.
  • Logging interval
    • This allows the user to chose how often logs are sent.
  • Fake Error Message
    • This will cause a fake error message to pop up, making it seem less suspicious.
  • File pumper
    • This will add to the size of your virus. This helps making it seem less suspicious as a game won't be a few kilobytes.
  • Assembly Editing
    • This allows you to change things found in the properties menu when right clicking a file. This helps it seem more like a real file rather than a virus.
  • Encrypted user information
    • This encrtyps your information so that others cannot steal it by decompiling your virus.
  • Test connection
    • This will test your credentials that you've entered to make sure they are correct.

[Image: howdoiuseit.png]

Using a keylogger is a lot easier than it sounds. All you need to do is find one that you want to use, download it, and then chose your settings. Once you have entered all your information and chosen your settings, click the build button. The builder will create your server. This is what you give to people. Give them this file and when they run it they will be infected and you will start receiving logs. Pretty self explanitory. If you ever have a question contact the creator and they should be able to help you.

[Image: whatisastub.png]

A stub is a separate binary that contains special code that is required for the keylogger to function. There are usually two things in a keylogger. The builder and the stub. Some keyloggers will have a stub built in. A builder takes the information and settings you've chosen and merges it with a stub. The stub contains keyhooks and the workings of each feature. These two merge to create your virus, containing all of the information. I'll cover this file in the next section.

[Image: whatistheserver.png]

A server is the ouptput of your keylogging builder. It takes your user information (the builder) and the actual malicious code (the stub) and merges the two (via either Code DOM which I'll explain later in this section, or by file splitting, which I will also cover) to make one bad ass file. There are several ways that this is accomplished, and both ways have their ups and downs. The server is also what you distribute to infect people. It is your "virus"

CodeDom is a type of building that generates the code during run time. This allows the user to only have to download one file (just a builder). After inputting your information, the builder will take this and combine it with the malicious code (already inside the builder). This helps lower detection rates, but overall is harder to do, and is harder to reFUD (you have to re distribute the entire builder, instead of just providing another stub).

Filesplitting is the old school way to do things. It requries taking your information (the builder) and combining it with a separate file that contains the malicious code. While this makes it easier to detect, it's easier to update as you can simply give your users another file (same thing, just with less detections).

[Image: whatiscrypting.png]

Crypting can be very complex, though it isn't necessary for you to know all of this information. So for this section I'll keep things to what you need to know. Crypting involves taking a stub (sometimes it's CodeDOM) and using that to FUD (or lower your detection rate) your file. The entire process can get a bit confusing, and I won't bother getting into it. What you do need to know is that crypting can easily corrupt your keylogging sever making it no longer work. A corrupt keylogger may not be detected (the crypter at least did it's job) but it will not send logs making it useless. Because of this you should chose your crypters carefully and it may take a while to find one that works (for free) with your keylogging server. If you are buying a crypter (which I recommend) then be sure to ask the seller to either test or verify your server. In short, crypting is used to lower detection rate, and raise execution rates. That's all you need to know.

[Image: differencebetween1.png]
[Image: differencebetween2.png]

There is one major defining difference between a stealer and a keylogger. A stealers purposes is to steal passwords that have been saved in the browser/application. Ever logged into something and your browser prompted you to save the password? This is what stealers steal. They are good for massivley grabbing passwords and quickly. Once run they do not continue to steal until run again.
[Image: whatisnet.png]

.Net Framework is a very in-depth concept from Microsoft. While you don't need to know (or should you really care) you should know that most keyloggers are written in Visual Basic .Net, giving it a dependancies. Depending on who made it (whether they suck or not) you may have to install a specific version (.Net 4.0). Most computers (99%) come with .Net 2.0 installed. Your output will also requrie a specific framework (depending on which one you use).


Twitter Delicious Facebook Digg Stumbleupon Favorites More