New Post


Saturday, March 31, 2012
Top 50 Common Passwords Internet users use

Top 50 Common Passwords Internet users use

Password guessing(social engineering) is one of the fastest technique to hack any account but most of times chances are quite rare but most internet users are stupid enough as they choose very foolish passwords for their email accounts. According to a survey by Sophos 33% of the people use the same passwords on social networking website and email accounts and some even use same password for internet banking. What this means that if a hacker can get inside a person's Facebook account, then he can also get inside his/her other accounts using the same password. The chart below is the set of most commonly used Gawker Passwords that were leaked online due to a security breach in year 2011.

top 50 common passwords of year 2011
Top 50 Passwords of year 2011
The following incident shows us how careless people can be while choosing their passwords and ultimately getting themselves hacked. Alternatively if you are worried that you password might be guessed or simply want to check if you are using a poor passwords.

Please watch the below video for learning how to create secure passwords:

I hope you guys might not be using any of these passwords. If yes please change your passwords and never use such stupid passwords as these types of passwords are very easy to crack using the dictionary attack.
Play well to enjoy well...
Have fun..
Friday, March 30, 2012
Reverse Code Engineering Tutorial Part 2 Hackingloops

Reverse Code Engineering Tutorial Part 2 Hackingloops

Hello friends, lets continue our tutorial on reverse engineering. Today i will teach you assembly language basic that are necessary for learning reverse engineering. As we all know assembly language is very important for reverse engineering and we must know, what are registers and which register serves for what. How the assembly language instruction work and how can we relate them with normal high language coding( C, JAVA, VB, etc.)  to hack any software. So friends, lets start our reverse engineering hacking class part 2..

reverse engineering, assembly language
Reverse Engineering Hacking class 2 - Introduction to assembly language

What is Assembly language?
Assembly language is a low level or simply called machine language made up of machine instructions. Assembly language is specific to processor architecture example different for x86 architecture than for SPARC architecture. Assembly language consist of assembly instructions and CPU registers. Isoftdl(Lokesh) means I will explain my tutorial considering x86 architecture... Ahhha... From where i start explaining to you ... assembly language is too big topic... I think i have to tell only what you need for reverse engineering.. So i start from CPU registers.

CPU registers - Brief Introduction:
First of all what are registers? Most of Computer Engineering and Electronics Engineering guys knows about them but for others, Registers are small segments of memory inside CPU that are used for storing temporary data. Some registers have specific functions, others are just use for some general data storage. I am considering that you all are using x86 machines. There are two types of processors 32 bit and 64 bit processors. In a 32 bit processor, each register can hold 32 bits of data. On the other hand 64 bit register can hold 64 bit data. I am explaining this tutorial considering that we are using 32 bit processors. I will explain the same for 64 bits in later classes on  hackingloops.
There are several registers but for Reverse engineering we HackingLoops users are only interested in general purpose registers. We are interested in only 9 General purpose registers namely:

All these registers serves for different purposes. So I will start explaining all of them one by one for a more clear and accurate understanding of register concepts. I am putting more strain on these because these registers are called heart of reverse engineering.

EAX register is accumulator register which is used to store results of calculations. If any function returns a value its stored into EAX register. We can access EAX register using functions to retrieve the value of EAX register.
Note: EAX register can also be used for holding normal values regardless of calculations too.

The EDX is the data register. It’s basically an extension of EAX to assist it in storing extra data for complex operations. It can also be used for general purpose data storage.

The ECX, also called the count register, is used for looping operations. The repeated operations could be storing a string or counting numbers.

The ESI and EDI relied upon by loops that process data. The ESI register is the source index for data operation and holds the location of the input data stream. The EDI points to the location where the result of data operation is stored, or the destination index.

ESP is the stack pointer, and EBP is the base pointer. These registers are used for managing function calls and stack operations. When a function is called, the function’s arguments are pushed on the stack and are followed by a return address. The ESP register points to the very top of the stack, so it will point to the return address. EBP is used to point to the bottom of the call stack.

EBX is the only register that was not designed for anything specific. It can be used for extra storage.

EIP is the register that points to the current instruction being executed. As the CPU moves through the binary executing code, EIP is updated to reflect the location where the execution is occurring.

The 'E' at the beginning of each register name stands for Extended. When a register is referred to by its extended name, it indicates that all 32 bits of the register are being addressed.  An interesting thing about registers is that they can be broken down into smaller subsets of themselves; the first sixteen bits of each register can be referenced by simply removing the 'E' from the name. For example, if you wanted to only manipulate the first sixteen bits of the EAX register, you would refer to it as the AX register. Additionally, registers AX through DX can be further broken down into two eight bit parts. So, if you wanted to manipulate only the first eight bits (bits 0-7) of the AX register, you would refer to the register as AL; if you wanted to manipulate the last eight bits (bits 8-15) of the AX register, you would refer to the register as AH ('L' standing for Low and 'H' standing for High).

Introduction to Memory and Stacks:
There are three main sections of memory:

1. Stack Section - Where the stack is located, stores local variables and function arguments.

2. Data Section - Where the heap is located, stores static and dynamic variables.

3. Code Section - Where the actual program instructions are located.

The stack section starts at the high memory addresses and grows downwards, towards the lower memory addresses; conversely, the data section (heap) starts at the lower memory addresses and grows upwards, towards the high memory addresses. Therefore, the stack and the heap grow towards each other as more variables are placed in each of those sections. I have shown that in below Figure..

High Memory Addresses (0xFFFFFFFF)
---------------------- <-----Bottom of the stack

|                          |

|                          |   |

|         Stack        |   | Stack grows down

|                          |   v

|                          |

|---------------------| <----Top of the stack (ESP points here)

|                          |

|                          |

|                          |

|                          |

|                          |

|---------------------|  <----Top of the heap

|                          |

|                          |    ^

|       Heap          |     |   Heap grows up

|                          |    |

|                          |

|---------------------| <-----Bottom of the heap

|                          |

|    Instructions    |

|                          |

|                          |


Low Memory Addresses (0x00000000)

 Some Essential Assembly Instructions for Reverse Engineering:

Instruction Example          Description
push     push eax Pushes the value stored in EAX onto the stack
pop pop eax Pops a value off of the stack and stores it in EAX
call call 0x08abcdef Calls a function located at 0x08abcdef
mov mov eax,0x5 Moves the value of 5 into the EAX register
sub sub eax,0x4 Subtracts 4 from the value in the EAX register
add add eax,0x1 Adds 1 to the value in the EAX register
inc inc eax Increases the value stored in EAX by one
dec dec eax Decreases the value stored in EAX by one
cmp cmp eax,edx Compare values in EAX and EDX; if equal set the zero flag* to 1
test test eax,edx Performs an AND operation on the values in EAX and EDX; if the result is zero, sets the zero flag to 1
jmp jmp 0x08abcde Jump to the instruction located at 0x08abcde
jnz jnz 0x08ffff01 Jump if the zero flag is set to 1
jne jne 0x08ffff01 Jump to 0x08ffff01 if a comparison is not equal
and and eax,ebx Performs a bit wise AND operation on the values stored in EAX and EBX; the result is saved in EAX
or or eax,ebx Performs a bit wise OR operation on the values stored in EAX and EBX; the result is saved in EAX
xor xor eax,eax Performs a bit wise XOR operation on the values stored in EAX and EBX; the result is saved in EAX
leave leave Remove data from the stack before returning
ret ret Return to a parent function
nop nop No operation (a 'do nothing' instruction)

*The zero flag (ZF) is a 1 bit indicator which records the result of a cmp or test instruction

Each instruction performs one specific task, and can deal directly with registers, memory addresses, and the contents thereof. It is easiest to understand exactly what these functions are used for when seen in the context of a simple hello world program and try to relate assembly language with high level language such as C language.

Here is simple C program that displays Hello World:
int main(int argc, char *argv[])
    printf("Hello World!\n");                
    return 0;            

Save this program as helloworld.c and compile it with 'gcc -o helloworld helloworld.c'; run the resulting binary and it should print "Hello World!" on the screen and exit. Ahhah... It looks quite simple. Now let's look how it will look in assembly language.

0x8048384     push ebp                      <--- Save the EBP value on the stack
0x8048385     mov ebp,esp               <--- Create a new EBP value for this function
0x8048387     sub esp,0x8                 <---Allocate 8 bytes on the stack for local variables
0x804838a     and esp,0xfffffff0          <---Clear the last byte of the ESP register
0x804838d     mov eax,0x0                 <---Place a zero in the EAX register
0x8048392     sub esp,eax                  <---Subtract EAX (0) from the value in ESP
0x8048394     mov DWORD PTR [esp],0x80484c4     <---Place our argument for the printf() (at address 0x08048384) onto the stack
0x804839b     call 0x80482b0 <_init+56>                     <---Call printf()
0x80483a0     mov eax,0x0                 <---Put our return value (0) into EAX
0x80483a5     leave                              <---Clean up the local variables and restore the EBP value
0x80483a6     ret                                  <---Pop the saved EIP value back into the EIP register

As you can easily figure out these instructions are similar to that of C program. You can easily note that flow of program is same. Off course it will be same as its a assembly code of same binary (exe) obtained from executing above C program.
I hope you all like it. We will continue our discussion tomorrow where i will explain how to analyze assembly language codes for those binaries whose high level source code we don't have.

A quick tip for all users how to learn assembly language better...  Pick a already made code and generate its binary or exe file and now obtains the assembly code of that binary and try to relate assembly code with high language code. I guarantee that will surely help you to understand better as I always used to do understand things like these ways only.

Share your love by sharing this with your friends.. If you have any issues ask me in form of comments..
Thursday, March 29, 2012
RCE Tutorial | Reverse Code Engineering Intro Part 1

RCE Tutorial | Reverse Code Engineering Intro Part 1

Hello Friends, Welcome back after a long time on HackingLoops. Today i will teach you basics of Reverse Code Engineering simply called RCE and in future hacking classes we will discuss it in depth with practical reverse engineering examples. We will cover complete reverse code engineering concepts one by one and i have divided the tutorial into 8-10 different parts which will give you a complete idea of RCE and different tools like IDA pro and other debuggers like ollydbg, disassemblers, obfuscators etc.

Today we will discuss what is reverse code engineering? How its useful for ethical hacking? Common terms used in reverse engineering. In next post i will share the coding tutorials for Assembly Language and Register manipulation and memory heap basics that i normally use to reverse engineer any program, software or windows file. So friends, lets start our hacking class of reverse engineering.

reverse engineering
Reverse Engineering Introduction

What is Reverse Engineering?
Have you ever noticed, say any famous company like Apple made an application or introduced a new feature and after few days you find that some other company also introduced the same. The magic behind this is a technique known as reverse code engineering. They decode or reverse engineer their programs or applications to get the basic structure of the original program and then following the structure, codes their own application and what hackers do they reverse engineer the code and make keygens and patches to crack the application and in some cases releases the source codes like what happened in case of NORTON( Internet security Giant).
According to Wikipedia "Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. It often involves taking something (e.g., a mechanical device, electronic component, biological, chemical or organic matter or software program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original".

Ahh.. more technology related. I will explain you in better way. As the name suggest reverse engineer means if you have something that is already made, in computer field say exe, binary or simply installer package. Now what reverse engineering is, decoding the exe or binary in such as fashion that we will get original source code or some what near to it or get the basic architecture of the design. Consider an example, you have a wall made of bricks, here bricks are base material to build the wall. Now what we want to do is we want to obtain all the bricks from the wall. Similarly we have an executable or dll file and we know programs are made from coding only, so source codes are base material in building executable. So we want to obtain the source code from the executable or some what near to it. As when you break wall also to get the bricks some bricks are also got broken and that's all depend type of material used to fix or mend bricks to make the wall. Similarly the retrieval of source code from executable depends upon how securely software is being packed and type of cryptography or packer is used by its designer.

I hope now you have got what exactly reverse engineering is...

What is the use or benefit of Reverse Engineering?
I can guarantee most of internet users use cracks or keygens or patches. Have you ever tried to understand how they are made. Ahhh... I know you haven't. So let me give you clear information. All the keygens or cracks or patches of software's are made by technique called Reverse Engineering. Oops... I was going to tell the benefits.. what i am telling...negative features... But these are features of reverse engineering my friends and most commonly used by all famous organizations as its a part of their Program promoting methodolgy. They wants users base that's why they themselves releases keygens and patches of their software's so that their market visibility ratio will be maintained otherwise open source will acquire their place. Like what famous companies like Microsoft, Adobe do, do you think they cant develop a software that can't be cracked. Its two easy but they avoid it because if they do so people will look for open source alternatives and by this, they will loose their customer base simply called Market visibility.

Other Beneficial Uses of Reverse Engineering:
  • Product analysis: To examine how a product works
  • Removal of copy protection, circumvention of access restrictions.
  • Security auditing.
  • Extremely useful when you lost documentation.
  • Academic/learning purposes.
  • Competitive technical intelligence (understand what your competitor is actually doing, versus what they say they are doing).
  • Last but not the least..Learning: learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected.

Common Terms Used in Reverse Engineering:
1. Debugger : A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). This helps in finding out loopholes in the applications and programs. Penetration testers uses debuggers to test their programs. Famous example of debugger is ollydbg. I will explain theses in detail in coming classes.
2. Disassembler: A disassembler is a computer program that translates machine language into assembly language. It behaves in completely opposite manner of an assembler.
3. Decompiler : A decompiler is the name given to a computer program that performs, as far as possible, the reverse operation to that of a compiler. Note decompiler and disassembler are both different things. A decompiler translates the code into high language like C, C++ etc which disassembler generates a assembly code.
4. Packers or Unpackers: Packers do simply as their name suggests, they 'pack' or 'compress' a program much the same way a compressor like Pkzip does, packers then attach their own decryption / loading stub which 'unpacks' the program before resuming execution normally at the programs original entry point. The weakness of every packer is of course simple, if a program runs it must be unpacked at some stage and at said stage we can dump the program to disk.
5. Program Obfuscation: Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.
6. Hex Editing: As name suggests, we use hex editors to edit the binaries and exe's.
7. Cryptography: Cryptography is a technique to protect the data( any form ) in the computer world. Cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption).

I will explain these terms in detail in my coming articles. Till then you can explore these topics on internet so that you will have some prior knowledge of Reverse Engineering terms.

Note: Reverse Code Engineering articles will going to be more advanced and technology oriented which surely requires prior knowledge of Assembly language specially registers and accumulators and several reverse engineering commands like JMP, DCL etc.. Don't worry i will try to cover these basics in my next article of reverse engineering where we will explore about assembly language and other registers related stuff. Till that time keep exploring things.

I hope you like the introduction class of reverse engineering.. If you have any issues ask me in form of Comments..
Share your love by sharing this with your friends..
Saturday, March 17, 2012
How to Protect yourself from Keyloggers using Keyscrambler

How to Protect yourself from Keyloggers using Keyscrambler

KeyScrambler encrypts your keystrokes in the kernel and decrypts it at the destination application, leaving Keyloggers with indecipherable keys to record. For your personal office, family, and business, KeyScrambler adds a reliable layer of defense.
When you try do something online, for example access your checking account on your bank's website, your keystrokes will travel along a path in the operating system to reach the destination application. Many places along this path, malware(keyloggers and Rats or simply keyboard hookers) can be physically or remotely installed by hackers to log your keystrokes so they can steal your user name and password and this is really a very dangerous threat.
Protect yourself from keyloggers using keyscrambler

How does key Scrambler Work?
Any Idea, yes most of you might know that but today i will disclose the internal details of key scrambler step wise.
Actually any key scrambler works in three basic steps namely: Encrypt Keys, Bypass Malwares like keyloggers, rats or keyboard API hook programs and at last decrypt keys. I have explained the steps in detail below:
1. As you're typing on the keyboard, Key Scrambler is simultaneously encrypting your keystrokes at the keyboard driver level. Because Key Scrambler is located in the kernel, deep in the operating system, it is difficult for keyloggers to bypass the encryption.
 2. As the encrypted keystrokes travel along the crucial path, it doesn't matter if they get logged, or whether the keyloggers are known or brand new, because your keystrokes are completely indecipherable the whole time.
 3. When the encrypted keystrokes finally arrive at the destination app, the decryption component of Key Scrambler goes to work, and you see exactly the keys you've typed.

Few misconceptions about key scramblers:
1. Key scrambling is not key stroke obfuscation. Actually key scrambler uses cryptography (namely state-of-the-art cryptography) for encryption and decryption which makes it a reliable defense against keyloggers and api hookers.
2. Key scrambler does not depend on type of keylogger or signature of keylogger. But some advanced keyloggers nowadays bypass key scramblers too, so never rely completely on key scramblers.
Note my word: " Prevention is better than cure", so keep yourself  protected and avoid being prey to any such noobish trap.

There are lots of key scramblers available in the market but i have chosen key scrambler pro for you guys, as i found it to be the best:

That's all my friends, I hope you all love the piece of information. If you have any doubts ask me in form of comments.
Designed by Hackingloops.