Archive for February, 2011


Are you forgot your Windows 7 password when someday you open your computer?
Need someone to help but can’t find a expert?
Don’t worry, Today I will show you some ways to let you easy slove your problem.

Password Reset Disk

Mircrosoft Windows allow you to create a lost or forgotten password. The disk is extremely easy to create and use. You can recover your password in only a few minutes time. It is advised that once you create a password for your Windows operating system, you also create a Password Reset Disk as well. However, if you forgot your password and do not have a Password Reset Disk, you must find a different strategy to recover your password.

Password Hints

One of the easiest ways to recover your Windows password is to use the password hint, usually located at the side of your password prompt on the Welcome screen. While this might not be that helpful, it is always a good idea to take a few minutes to relax and try to think using the tip of your forgotten password.

Other Strategies

If you can’t recover your password using the password hint feature, or have never made a password reset disk, there is still hope for recovering your password.
Third Paty Software
Besides the above strategies, there is also third party software that can be extremely effective. While most third party software can be costly, there are a few free solutions available. They mostly consist of cracking software that can find your lost or forgotten password in your registry. Some are very easy to use and only take a few minutes. You may need Internet access or a USB drive to download and install the files.
Here take Windows Password Key 8.0 for example.
Step1: Choose the existing windows password key 8.0 image file.
You can click “Browse” to browse Windows Password Key 8.0 image file. The file is usually located as the default.
clip_image001
Step2: Choose your CD/DVD drive:
Select “CD/DVD” and specify the CD burning drive from the pull-down list. Insert a blank CD/DVD disk into the CD-ROM drive.
clip_image002
Click “Burn” button.
clip_image003
Step3: The burning process starts.
Windows Password Key extracts the ISO image and copies the necessary files on a CD.
clip_image004
Step 4: Put in your newly created CD and remove your Windows password:clip_image005
1. Insert newly created CD in your CD drive and reboot your computer.

When the CD boots, you’ll see Windows Password Key 8.0 initializing (see screen shot below). If so, you can continue to the next step. If the computer boots still boots into Windows, it’s necessary to change your computer’s setup to make it boot from the CD. You can find more info about this on our BIOS page HERE.
clip_image006
2. Choose the Windows installation to be processed:
clip_image007
3. Choose the user whose password you want to reset by typing it’s number and pressing ‘ENTER’.
clip_image008
4. Type ‘y’ followed by ‘ENTER’ to reset the password.
clip_image009
5. After you confirm the resetting of the password. Windows Password Key 8.0 asks: ‘Reset password for another account? (y/n)’. Type ‘y’ to reset password for another account, or ‘n’ if you are finished and want to exit. Remove the Windows Password Key 8.0 bootable CD/DVD and restart your PC. Now you are able to log into your computer without a password!
clip_image010

Cybercrime and Cyberwar Predictions for 2011

Hacki9 is an e-magazine which talks about Ethical Hacking and Security issues, I just came across the its website Hacki9.org and had a look at some magazines they were awesome, So I though to share it here on RHA, This Months Issue is related to Cybercrime and Cyberwar Predictions for 2011 which contains information related to following issues.

Articles

  • Free Issue (01/2011) to Download!

    In order to download the magazine you need to sign up to our newsletter. After clicking the “Download” button, you will be asked to provide your email address. You need to verify your email address using the link from the activation email you will receive. If you already subscribed to our list, you will be asked to provide your email address each time you download the magazine. No activation email will be sent and you should see the link for download.

    IMPORTANT NOTICE
    1. After the activation of your subscription you need to click the “download” button once again to start downloading the PDF.
    2. In case you do not get the activation email please check your spam folder. If it is not there, please use different email address.

    Download pdfDownload pdf


  • Pros and cons of partial passwords in web applications

    Almost every web application requires some kind of authorization. Most of them use user password authorization. And most of time one is forced to type full password. Is this solution convenient Probably yes. Is it secure? Not quite. There are few solutions of authorization by password. Let’s consider one of them called partial passwords.


    – Darek Łysyszyn

  • Target Attacks via Email

    After the lecture of this article we will be able to understand how the target attacks by email work, what are their targets and what are the malwares used. We will also see how easy it is to create an exploit based on public information.


    – Pedro Bueno

  • Spyware Threat Invades BlackBerry App World

    Lately, Google’s Android Market has attracted the attention of the security community for not vetting or ensuring the authenticity of the applications posted on its app market. Earlier this year, the Junos Pulse Global Threat Center team performed a thorough analysis of the Android Market and unveiled numerous malware applications disguised as utilities or game applications. Since then, several research studies of the malicious nature of applications on Android Market have surfaced and all the studies concluded that the Android Market has been hosting a large number of malicious applications, which forced Google to enforce a Remote Kill switch for the malicious applications.


    – Mayank Aggarwal

  • Open WiFi and Firesheep

    Recently there’s been a lot of commotion in the press about a new threat to privacy at open WiFi hotspots known by the humorous moniker Firesheep. What’s new about Firesheep isn’t the exploit – HTTP session hijacking has been well known for years – it’s that Firesheep is a simple Firefox plug-in that is available to anyone and requires no technical expertise to utilize. In other words it allows anyone with Firefox and Firesheep to be a hacker. No experience required.


    – Joseph Webster

  • Cybercrime and Cyberwar Predictions for 2011

    In my last article, I showed you where to find some of the best and mostly untapped resources available to improve your personal computer and network security posture. In this article, I will share with you some great resources on researching trends of Cybercrime and Cyberwar and from my own research my conclusions on what is coming our way in 2011.


    – Gary Miliefsky

  • Sharing Malware

    There is a lot of malware out there, and a lot of people interested in analyzing what they can find. Commercial services, friendly alliances, and others set up to collect and share those samples. Is this a good idea?

So what are you waiting for go ahead and Download Hacki9 magazine for january here

It’s a long weekend and you’re happy because you’ll get to spend the next three days with your family. You left the office in an excited mood but as the cab was approaching home, you suddenly realized that you forgot to shut down the Office PC. Oops!

It’s a sinking feeling because there’re so many confidential documents on the computer and since most of your trusted colleagues have also left for the day, there’s no point calling them for help.

So what do you do? Drive back to Office? Well that’s not required – just take out your cell phone or switch on the laptop at home, send an email (or an SMS or a tweet) and that will instantly lock your Office workstation. And if you share the same computer with multiple people, you can use another email command to remotely log off or even shut down the computer from anywhere in the world.

There’s no magic here, it’s the power of TweetMyPC utility that lets you remote control your computer from a mobile phone or any other Internet connected computer.

It works like this. You first install the free TweetMyPC utility on any Windows PC and associate your Twitter account. The app will silently monitor your Twitter stream every minute for any desktop commands and if it finds one, will act upon it immediately. The initial version of TweetMyPC was limited to basic shutdown and restart commands, however the current v2 has a far more robust set of commands, enabling a far more useful way of getting your PC to carry out certain tasks especially when you’re AFK (Away From Keyboard).

Before we get started, it may be a good thing if you can set up a new twitter account for remote controlling your desktop and also protect the status updates of this account to ensure better security.

Protecting the account means that you prevent other users from reading your tweets which in this case are email commands that you sending to the computer. To protect your Twitter profile, log in to Twitter with the credentials you want to use, click Settings and check the box next to “Protect my Updates”.

Let’s get started. Install the TweetMyPC utility of your computer and associate your Twitter and Gmail account with the application. It will use Twitter to receive remote commands (like shutdown, log-off, lock workstation, etc) from while the email account will be used for send your information (e.g., what process are currently running on your computer).

How to Send Commands to the Remote Computer

Now that your basic configuration is done, it’s time to set up a posting method. You can use email, SMS, IM, web or any of the Twitter clients to send commands to the remote computer.

By Email: Associate you Twitter account with Posterous (auto-post) and all email messages sent to twitter@posterous.com will therefore become commands for the remote computer. (Also see: Post to Twitter via Email)

By SMS: If you live in US, UK, Canada, India, Germany, Sweden or New Zeleand, you can send associate Twitter with your mobile phone (see list of numbers) and then control your remote computer via SMS Text Messages.

By IM: Add the Twitter bot – twitter@twitter.com – to your list of Google Talk buddies and you can then send commands via instant message.

By Web:If you are on vacation but have access to an internet connected laptop, just log into the Twitter website and issue commands (e.g., shutdown or logoff) just as another tweet.

lock computer shutdown

Download Files, Capture Remote Screenshots & more..

While the TweetMyPC is pretty good for shutting down a remote computer, it lets you do some more awesome stuff as well.

For instance, you need to download an unfinished presentation from the office computer so that you can work on it at home. Or you want to download a trial copy of Windows 7 on the Office computer while you are at home.

Here’s a partial list of commands that you can use to remote control the PC – they’re case-insensitive and, as discussed above, you can send them to Twitter via email, SMS, IM or the web.

Screenshot : This is one of the most useful command I’ve come across after the shutdown command. Want to know what’s happening within the confines of your PC when you’re not around? Just tweet screenshot and TweetMyPC will take a screenshot of your desktop and post it to the web.

ShutDown, LogOff, Reboot, Lock : The function of these useful commands is pretty obvious from their names.

Standby, Hibernate : Don’t want to shutdown the remote PC? Save power by entering standby mode with this command. Or hibernate your PC with a tweet, thereby saving even more power.

 

Download <url> : You can download any file from the Internet on to the remote computer using the download command. For instance, a command like download http://bit.ly/tCJ9Y will download the CIA Handbook so you have the document ready when you resume work the next day.

GetFile <filepath> : The Download command was for downloading files from the Internet onto the remote computer. However, if you like to transfer a file from the remote computer to your current computer, use the GetFile command. It takes the full page of the file that you want to download and will send that you as an email attachment. If you don’t know the file page, use the command GetFileList <drivename> to get a list of file folders on that drive.

GetProcessList : This is like a remote task manager. You’ll get a list of programs that are currently running on the remote computer along with their process IDs. Send another command kill <process id> to terminate any program that you think is suspicious or not required.

Conclusion:

TweetMyPC is a must-have utility and you never know when you may need it. And if you have been trying to stay away from Twitter all this time, the app gives you a big reason to at least create one protected account on Twitter.

twitter whalegmail whale

That said, there’s scope for improvement. For instance, the app will wait for a minute to check for new messages in your Twitter stream so it’s not “instant”. The developers can actually increase that limit because the Twitter API now allows upto 100 checks per hour.

And since the app is dependent on Twitter and Gmail, it will not work during those rare fail-whale moments.

F.B.I. Forensic Field Kit.

F.B.I Forensic Field Kit

Download Link:
http://rapidshare.com/files/101572386/FBI_Forensic_Field_Kit.part01.rar
http://rapidshare.com/files/101579122/FBI_Forensic_Field_Kit.part02.rar
http://rapidshare.com/files/101717806/FBI_Forensic_Field_Kit.part03.rar
http://rapidshare.com/files/101724082/FBI_Forensic_Field_Kit.part04.rar
http://rapidshare.com/files/101730527/FBI_Forensic_Field_Kit.part05.rar
http://rapidshare.com/files/101736811/FBI_Forensic_Field_Kit.part06.rar
http://rapidshare.com/files/101743154/FBI_Forensic_Field_Kit.part07.rar
http://rapidshare.com/files/101750051/FBI_Forensic_Field_Kit.part08.rar
http://rapidshare.com/files/101756226/FBI_Forensic_Field_Kit.part09.rar
http://rapidshare.com/files/101762490/FBI_Forensic_Field_Kit.part10.rar
http://rapidshare.com/files/101769113/FBI_Forensic_Field_Kit.part11.rar
http://rapidshare.com/files/101775696/FBI_Forensic_Field_Kit.part12.rar
http://rapidshare.com/files/101779620/FBI_Forensic_Field_Kit.part13.rar

https://slimshady90358.files.wordpress.com/2011/02/hotmail_gmail_aol_yahoo_mail_hacked.jpg?w=300

 

 

 

 

 

 

 

 

 

 

 

I’ve been posting a lot about Email Hacking on this blog. Now you know that there are many ways to hack email password, like bruteforcing, social engineering or Reverting, but the main two methods used to hack email passwords are Remote Keylogging and Phishing. In this article i’ll show you how to hack email account password using keyloggers and trojans. Here I am demonstrating using PRORAT trojan. You can use any trojan or keylogger as per your ease. The basic functionality of all backdoors are same. Pls make note that all these hacking tools and softwares are detected by antivirus. You have to uninstall or close you running antivirus first. Now we can start.

How to Hack Email Account Passwords Using ProRat?

1. First of all Download ProRat. Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. The password will be “pro”.

2. Open up the program. You should see the following:


3. Next we will create the ProRat Trojan server. Click on the “Create” button in the bottom. Choose “Create ProRat Server”.


4. Next put in your IP address so the server could connect to you. If you don’t know your IP address click on the little arrow to have it filled in for you automatically. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.


5. Now Open General settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager.

Here is a quick overview of what they mean and which should be checked:


6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. A good suggestion is a picture or an ordinary text document because that is a small file and its easier to send to the people you need.


7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. I prefer using .exe files, because it is cryptable and has icon support, but exe’s looks suspicious so it would be smart to change it.


8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document.

9. After this, press Create server, your server will be in the same folder as ProRat. A new file with name “binded_server” will be created. Rename this file to something describing the picture. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it.

Very important: Do not open the “binded_server” file on your system.

10. You can send this trojan server via email, pendrive or if you have physical access to the system, go and run the file. You can not send this file via email as “server.exe”, because it will be detected as trojan or virus. Password protect this file with ZIP and then email it. Once your victim download this ZIP file, ask him to unlock it using ZIP password. When the victim will double click on the file, he will be in your control.

11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.

Once the victim runs the server on his computer, the trojan will be installed onto his computer in the background. The hacker would then get a message telling him that the victim was infected. He would then connect to his computer by typing in his IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to the victims computer and have full control over it.


12. Now the hacker has a lot of options to choose from as you can see on the right. He has access to all victim’s computer files, he can shut down his pc, get all the saved passwords off his computer, send a message to his computer, format his whole hard drive, take a screen shot of his computer, and so much more. Below I’ll show you a few examples.


13. The image below shows the message that the victim would get on his screen if the hacker chose to message him.


14. Below is an image of the victims task bar after the hacker clicks on Hide Start Button.


15. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen.


As you saw in the above example, a hacker can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won’t get infected. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti-virus programs.

This tutorial is for those newbies out there, wanting to “hack” their school. I’m gonna start by saying, if your going to hack the school, theres a high probability your get caught, and don’t do anything dumb like deleting the network. Its lame, and you will get flamed for doing it. This hack will allow you to take control of the PC’s at school. Lets start:
https://i0.wp.com/www.oldschoolhack.net/wp-content/uploads/2010/01/OSH_WebTitle.png
How to take control of the PC’s at school:

Here are the steps;

  1. Preparing The Virus
  2. Setting Up The Virus
  3. Controlling The PC

Obviously, if you gonna take control over your school PC you need a virus. You have 2 methods:

  1. The virus I made which is harmless and you won’t even notice it was executed.
  2. Dropping a Trojan on the school PC.

Method 1

What you need:

  • Pen Drive (You can buy one, or you just use yours)
  • Brain (You can’t buy this)

Now, open notepad and copy/paste this code: the code

Save the file as something.bat (you can change something to whatever you want). In “Save as type:” choose “All Files”.


I strongly recommend you not to change the rdport and tnport configuration. The rdport will open the remote desktop default port, and the tnport will open the telnet’s client default port.

You can change the username, password and the rport (randomn port you choose to be opened)

At ipconfig /all >> C:\attach.txt you must change C:/ by your pen drive letter.

Save it and remove your pen drive.

Take your pen drive to school and run the bat file. Don’t forget the pc you runned it in cause you might need it.

When you get home go to your pc and try to telnet them or remote desktop the PC.

Method 2:

In this method we will use a Trojan to control the school PC.

Here is a tutorial about how to create a Trojan: ProRat Trojan

Now just create a server (there is an explanation in the tutorial above), bind it and put it into your pen drive. Make sure you leave your PC turned on.

Then go to your school and drop the trojan.

Other way to do this is to give your trojan to a friend and tell him to stay in school. When you arrive home, send him a SMS and tell him to drop the trojan. This way you could even see if it worked.

After this you can probably do whatever you want with the PC