Maxguy’s Security Weblog

Hey guys i have been playing around with bat scripts and i found this small code that will let you create a admin account and hide it from the super admin. so in case you get a chance to access a box with admin status all you have to do is to copy this code to note pad and make the changes and save it as .bat and run it. and then you have your own admin account which is hidden   {Original Code by Netanelj Credits goes to AgentSmith15 for the Dynamic codes}

Continue reading ‘How to make a Hidden Admin Account using bat Script !’

After Requests from some friends i have added the download links to all the programs i have posted last time. (i have uploaded 3 tools. they are tested and clean)

IceSword
http://www.antirootkit.com/software/IceSword.htm

Security Task Manager
http://www.neuber.com/taskmanager/

DiamondCS Process Guard 3.150
http://www.topshareware.com/DiamondCS-Process-Guard-download-13291.htm

X-NetStat Professional 5.5
http://www.freshsoftware.com/xns/pro/

Fearless Bound File Detector
RDG keylogger Detector
Firewall Leak Test Tools
http://rapidshare.com/files/56063890/Tools_colelction.rar.html

Registry Commander
http://www.aezay.dk/aezay/regcmd/index.html

CommView
http://www.tamos.com/products/commview/

Enjoy

Hey guys i have been asked by some of my friends to write a white paper about the best security tools once should have. so i decided to take some time to write one. i honestly believe having a Anti-Virus software or Firewall doesn’t really gives you any protection. but i have some very good tools & tips which you can use to defend and overcome almost any hacking attempt. these are the top 10 must have tools in my list. i use them and i never got infected/hacked a single time

Top 10 Must have Security tools

1. Ice Sword - Its a Rootkit Revealer. A Rootkit is a special way of hiding processes from the system. lets say a process of a Trojan / Virus / Worm / bot. these can be hidden from your process monitor. so you have to always use a Anti-Rootkit program to constantly monitor your system. my favourite tool is called ICE SWORD. it can reveal all the hidden processes & connections. there are many other similar programs. just Google them out.

Ice Sword Connections

Ice Sword Processes

As you can see it will reveal any connections made from your computer. you can closely analyze for any suspicious connections and deny them.

2. Security Task Manager – this provides advanced information about programs and processes running on the computer. For each process it shows the following information not shown in Windows Task Manger. this is more like the first one. but it can show a possible malware marked as a priority (with the red bar)

Security Task Manager

3. Process Guard - Process Guard is an advanced security system that will protect both system and security processes (as well as user-defined processes) from attacks by other processes, services, drivers, and other forms of executing code on your system. so this can pick up any new installations of malware as well as any modification to system. it can detect any injections / shell modifications..etc..only bad thing about this program is it can get quite annoying. but this is a must have program.

Process Guard

4. -X-NetStat Professional - Its a tool that can show all the connections made from your computer. it will show all the IP addresses and open ports. you can trace any connections. you can block ports..etc.. very useful.

X-NetStat Professional

5. RDG keylogger Detector - This is a tool that can Detect any Keyloggers installed in your system. it does not relies on Definitions to detect keylogers. instead it uses Hooks to determine if there is anything installed in a system. very effective and works great. its not in English btw. you can use Key Scrambler also. it can Scramble the keys you type. i have already posted a thread about it as ‘Fooling Keyloggers’ please do a search and find it.

RDG keylogger Detector

6. Fearless Bound File Detector - This is a neat program which can detect any Binded Trojan Servers. often Trojans & worms are binded with legitimate files and distributed. so when you execute and enjoy a flash game sent by your friend your system will be also infected with a Trojan. this tool can detect most common binders.

Fearless Bound File Detector

7. Firewall Leak test tools - These are very handy tools made by different Firewall vendors. they can be used to check the strength of a firewall. this is used by pen testers all around the world. my favourite tool is Commodo CPIL Suite

Firewall Leak test tools

i tested my system with my kaspersky turned off and you can see what a malware / hacker can do to your system without a firewall ^

8. Registry Commander - Its a neat tool that can be used to monitor your system registry.

Registry Commander

9. Comm View - It’s a very advanced packet sniffer which can capture data packets. this is only recommended for high end users only. you can also use Wireshark, Ethreal.. etc.. they require some advanced knowledge about packets !

Comm View

10. A Firewall Software - I highly Recommend Jettico Personal firewall (free), Outpost firewall, Commodo Firewall or Zone alarm Pro. but having a internet security suite like Kaspersky will help a lot. keep in mind that anything can be bypassed

Hope this helps you guys..Please Google to find out all this tools. do not hesitate to ask me if you can’t find them. this almost took me 60mins to write.. damn.. have a nice day

10 Must have Security tools in your PC ~! – Written by max for Netsecurityfactor Blogs

hey guys i got this fake phishing e-mail today with a phishing page for paypal

This is the e-mail

PayPal <service@paypal.au>
Dear Paypal User,In our last screening we have reason to believe that your account was accessed by an unauthorized third-party. Due to these findings, we have limited your account until further information is provided.

How to fool a Keylogger ?

Hey guys, i was thinking about writing something about on how to fool a keylogger in case your system is already compromised with one. lets start off with a question of whats a keylogger ?

Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the user’s keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for law enforcement and espionage—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. However, keyloggers are widely available on the Internet and can be used by private parties to spy on the computer usage of others. Source - www.wikipedia.org

Ok now we know a keylogger can hide in your system and spy on you and then send the logs to a hacker via e-mail or FTP.. im not going to tell you how to prevent a keylogger. i have already covered many times before. but im going to teach you on how to fool a keylogger in case its already installed in your pc. there is a very neat tool called KeyScrambler. it can encrypt all your keylogs while your typing using a special technique.

How does KeyScrambler defeat keyloggers?

KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you’ve typed. Keyloggers can only record the encrypted keys, which are completely indecipherable.

How Does KeyScrambler Protect You?

KeyScrambler encrypts your keystrokes to protect your important personal information from keyloggers.

How do keyloggers work? When you type on your keyboard, the keys travel along a path within the operating system before it arrives at your browser. Keyloggers plant themselves along this path and observe and record your keystrokes. The collected information is then sent to the criminals who will use it to steal from you.

KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you’ve typed. Keyloggers can only record the encrypted keys, which are completely indecipherable.

Unlike anti-virus and anti-spyware programs that depend on recognition to remove keyloggers that they know about, KeyScrambler will protect you from both known and unknown keyloggers.

What’s more, KeyScrambler provides protection without getting in your way. You don’t have anything to learn about the program and you don’t have to do anything differently, but with KeyScrambler your important personal information will be a whole lot safer.

KeyScrambler Personal protects all your login information from keyloggers for free.

KeyScrambler Professional protects everything you type into a web page – your passwords, credit card numbers, search terms, and email messages – in all parts of the browser, including URL, search terms, popup password dialogs, and master passwords.

KeyScrambler Premium, developed for businesses of all sizes, protects Outlook and Microsoft Office applications, in addition to protecting everything that the Pro version protects.

Screenshot

Download and Installation instructions

http://www.qfxsoftware.com/KeyScrambler/KeyScrambler_UserManual.htm#download and install

Supports Internet Explorer 7.0 & Firefox (Install the extension for firefox)

Hope this helps. Written by – Maxguy

Sources : http://www.qfxsoftware.com/KeyScrambler

Hello guys,

This is a new cool trick on how to create a admin account on widows when you are only a limited user. e.g: your school you are restricted from using different services. like playing music, no internet browsing..etc..

Now this is the way to bypass that security measure.. please note this is only for educational purposes and it will NOT work on all the networks.
Here is a way to make either your existing account an administrator account, or to create a new administrator account on Windows, I’m going to presume the hard disk on your system is called C:\ and that the system32 directory is C:\Windows\System32\. It may be different on your system.

Step One:
First, open Command Prompt
(either; Start->Run->Type cmd.exe->OK OR; Double-Click C:\Windows\System32\cmd.exe

Step Two:
Create an account, if you do not wish to create a new account, ignore this step.
Type the following into the black box that appears (command prompt)

net user <new username> <password> /add

Example:
net user max 123456 /add

This will create a password protected account.
The username will be max
The password will be 123456

Step Three:
Find all of the user groups that are available on the network

net localgroup

This will bring up a list like this
*Administrators
*Debugger Users
*Guests
*HelpServicesGroup
*Users
The command completed successfully. (can be different according to different systems)

Step Four:
Input the following into Command Prompt

net localgroup <group without *> <username> /add

Example:

net localgroup administrators max /add

This would add the username “max” join the group “administrators” and have all privileges related to that group.

This will work on local machines. and if you are lucky enough and the admin is not very good on what he is doing you can create your own admin account in an networked environment as well but if the cmd command prompt is restricted or a manual access rights are placed then no way to make this work.. You will probably get into trouble if you get caught doing this.. I have only provided this as an example of what you can do with command prompt and thus why it should always be disabled on limited accounts, I am not responsible for anything you do with this. also note that this only work at home or in an unmanaged network.

Have fun

Maxguy

Hello Guys, Recently one of my good friend nuwan has reported me that his system is been infected with a possible IRC bot.  he said he has received a zip file from his friend via MSN. and when he executed the file his system got infected. so i wanted to help him get rid of it. i found that its a new kind of a MSN spreading worm. so i did some investigation and came up with this info. what happens is you will get a zip attachment from your contacts in msn with a message. and when you download and execute the file it will run its payload. which can be IRC bot/Trojan/Virus.  its done by a program called ‘MSN Sprinder’

This is the tool that creates your MSN worms… coded by someone named munk. this is a worm creating binder when added it can zip a payload of a virus/worm and also have the capability to spread through msn. what it does is when you execute the file it sends a copy of the payload to all the contacts in your msn list visa attachment.

Screenshot of the program

Features

Q: What is the Sprinder?
A: Ok the Sprinder is a combination of a File Binder supporting max of 512 files and a MSN Spreader.

Q: Does this mean what i bind to it gets spreader over msn?

A: Yes it does, you can put anything in it, from bots to keyloggers…

Q: How does the Spreader part work? is it a lame link method????
A: Nope its not the lame link, a .zip file is sent over msn with a message…

How to get rid of it ? 

Removal Instructions
1. Basically an Anti-Virus program Cannot Remove this worm. Reason is its new and not detected by AV’s yet..or its made to be undetectable by Anti-virus programs. Anti-virus programs use a signature to pick worms/viruses. so this is a UD version. there is no way you can remove this with a AV program..

2. Connect to Internet. Close all your programs that might be using Internet. (like skype, yahoo Messenger, firefox) Open your command prompt -> Run -> cmd type netstat -n this will list you all the active connections. (ports and IP’S) now look for any unnecessary connections or open ports. normally bots use the port number ‘6667 +’ you can use this tool called X-netstat Professional also. if this worm is using a Root kit to hide from the processes. use a Root kit Revealer. try using Ice Sword.

3. check the Registry. see if there is any new startup values are added or not ? normally HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft | Active Setup | Installed Components .. see if you can find any new added startup values here.
4. You can try using a Firewall and block the connections. like Jettico or Sygate pro.

5. There is a chance your system is already compromised by the hacker.. so best thing to do FORMAT and change your important passwords.. and call your self an Idiot for running a file sent by someone. Don’t use MSN for now. otherwise your contacts will be infected too. so for now don’t.

Hope this helps – Written by – Maxguy

hey guys someone posted this on my forum..so thought its very interesting movie for those who use online banking. as you all know the banks have implemented a new system to prevent the access keys stolen using traditional keyloggers.. they have a java based system that gives the option of a online keypad to type the security access key. so the trojans can’t pick it… but the hackers made a pretty sweet implementation in their trojans that they can capture the whole event as a video the trojan can be programmed with keyword triggers as they will sleep and when the user inputs keywords such as ‘bank, payment.. etc’ the trojans will be activated.. lol…this really proves that hackers always a step ahead

check the demo http://www.hispasec.com/laboratorio/troyano_video_en.htm

This is for those people who use online banking ! look and learn.. keep your system always up to date.. update ur virus definitions.. use a good firewall.. and have some common sense if you don’t want your bank details stolen..

how to Analyze/Scan and identify Potential Trojans

I’m using Sunbelt SandboxFirst you need to go http://research.sunbelt-software.com/Submit.aspxNow you need to give your valid e-mail address and browse open the suspicious file & write some comments. (not compulsory)