Search



Categories

News

Videos

Underground

Vblogs

Hacking Challenges

Underground – Downfalls of Anti-Virus Software

October 29th, 2008 by Patchy
In this Underground video, Overide explains a major downfall of many Anti-Virus Software. Anti-Virus Software detects viruses by searching an executable program for specific signatures; signatures basically are a string of code that the Anti-Virus Software considers malicious. Overide describes how to locate this signature, and how to manipulate the executable’s assembly code so that the Anti-Virus Software does not flag the executable as a virus. In this video, Overide modifies the NetCat signature by changing NOP (No Operation) instructions to INT3 (software interrupt used by debuggers) instructions. For those of you that don’t know, Netcat is a networking utility which reads and writes data across network connections, using the TCP/IP protocol. Anti-Virus software flags NetCat as a virus because it can be used to open a backdoor on a computer. Full Scale Video Here
Download Here

NetCat

If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com

Posted in Underground | 3 Comments

Underground – Evilgrade

October 20th, 2008 by Patchy
Copy and Spitfire of LCN_Crew explain how to use Evilgrade in this Infinity Exists Underground Video. Evilgrade is a modular framework that allows an attacker to take advantage of poorly implemented software upgrades. An attacker can use Evilgrade in combination with DNS spoofing or a MITM attack to spoof a software update and trick the victim computer into executing arbitrary code such as a Metasploit’s Payload. Currently, the Evilgrade framework supports the following software: Java plugin, Winzip, Winamp, MacOS, OpenOffices, iTunes, Linkedin Toolbar, Download Accelerator, notepad++, and speedbit. In this video, Copy and Spitfire illustrate how to use Evilgrade with a DNS Spoofing attack to execute a reverse shell on a target computer. Full Scale Video Here
Download Here

infobyte
Download Evilgrade

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | No Comments

Underground – Trojan Basics

October 15th, 2008 by Patchy
In this Underground Video, Koly explains some of the fundamentals of Trojans. Trojans, also known as Trojan Horses, are a type of virus designed to give an Attacker remote access to a system. In this video Koly uses the Remote Administration Tool (RAT) Poison Ivy to demonstrate how to create and use a Trojan. Although, Trojans are frowned upon it is important to understand how Trojans work so that you can defend against them or utilize to easily open a backdoor on a compromised system. Full Scale Video Here
Download Here

Download Poison Ivy

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 13 Comments

Underground – Manipulating Windows User Accounts

September 21st, 2008 by Patchy
Xauthzx’s Underground video describes how to Create, Delete, and Manipulate Windows user accounts from the command line. Although it is a relatively simple procedure, knowing how to use the Windows net command can be very helpful in many situations.

User Commands
net user – Display User Accounts
net user [Username] * – Change a User’s Password
net user [Username] /del – Delete a User
net user [Username] /add – Add a User
net localgroup – Display Local Groups
net localgroup [Group] [Username] /add – Add User to Local Group

Other Useful Commands
net start – Display Services
net start [Service] – Start Service
net stop [Service] – Stop Service
net share – Manage Shared Folders
net view – Display Network Computers
net view \\[Computer Name] – Display Network Computer’s Shared Folders
net use * \\[Computer Name]\[Shared Folder] – Mount Network Shared Folder Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 1 Comment

Underground – Combine Files

September 4th, 2008 by Patchy
In this Underground video, Crash Overron demonstrates how to hide a RAR file inside an Image file. He does this by utilizing a binary combine which basically concatenates the two files together. To accomplish this in windows use the command:
copy /B [File1 (Image)] + [File2 (RAR)] [Destination File (Image)]
The resulting file can still be view as an image, and the RAR file can still be unpacked. Not only, can this trick be used as a simple type of steganography, but also, it can be used in certain situations to exploit a flaw in a website. If a website has a Local File Inclusion (LFI) flaw and allows users to upload images, an attacker can inject PHP code into the website by using this technique to combine an Image file with a PHP file. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 6 Comments

Underground – Password Phishing

August 12th, 2008 by Patchy
Phishing is a method of obtaining sensitive information such as usernames and passwords by pretending to be a trusted website.  Tehdead shows us a variety of password phishing techniques that enable an attacker to trick a user into giving up their login information.  The first step is to create a fake login identical to the login on the trusted website.  In order to not raise suspicion, Tehdead explains two methods to capture the victim’s password and then transfer them to the real website.  One method is to sumbit the information to a php page that is disguised as a pop-up advertisment, and the other is to send the username and password to a simular php page that is contained in an iframe.  Lastly, Tehdead describes how to use link manipulation with BBcode to social engineer a victim into going to the fraudulent website. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 5 Comments

Underground – Windows SMB Relay Exploit

August 5th, 2008 by Patchy
In this Underground video, Overide demonstrates how to obtain root access on a fully patched Windows XP SP3 Machine. He exploits a flaw in Windows Server Message Block (SMB) which is used to provide shared access to files between hosts on a network. Overide utilizes the Metasploits Framework to run the exploit. It works by relaying a SMB authentication request to another host which provides Metasploit with a authenticated SMB session, and if the user is an administrator, Metasploits will be able to execute code on the target computer such as a reverse shell. For this exploit to run, the target computer must try to authenticate to Metasploit. Overide forces the target computer to perform a SMB authentication attempt by using a Ettercap Filter. Full Scale Video Here
Download Here
Download Ettercap Filter Here

For more information on the Metasploit Framework and Ettercap Filters check out Video Archive – Exploit Hacking, Underground – Metasploit Autopwn, and Episode 20 – Ettercap.

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 14 Comments

Underground – Application Patching

July 30th, 2008 by Patchy
Crash Overron’s second Underground video explains how to use Ollydbg to manipulate a simple program. OllyDbg is a debugger that analyzes binary code. Not only does Olly allow you to step through an executable’s assembly code, but also, it can trace registers, recognize procedures, API calls, switches, tables, constants and strings. Crash Overron utilizes a feature in Olly to locate a referenced text string that is displayed when an invalid serial key is entered. Once the string is located, he can find the compare statement that checks the user’s serial key, and change the flow of the program so that his serial key is accepted. Full Scale Video Here
Download Here

Download Ollydgb
Download Application

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 3 Comments

Underground – Metasploit Autopwn

July 20th, 2008 by Patchy
In this Underground Video, Copy explains how to use Metasploit’s Autopwn. The Metasploit Framework is a tool for developing and executing exploit code against a remote target machine. Autopwn is a tool in Metasploit Framework version 3 that automates the exploitation process. Copy demonstrates how to use Autopwn in both Backtrack 2 and Backtrack 3. Full Scale Video Here
Download Here

The Metasploit Project
For more information on the Metasploit Framework check out my Exploit Hacking video.

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 4 Comments

Underground – Email Spoofing

July 12th, 2008 by Patchy
The first Underground video explains how to send fake emails a.k.a. Email Spoofing. This video, submitted by Crash Overron, covers two methods of email spoofing. The first and older method is connecting directly to the SMTP server with Telnet; however, this method is usually blocked by the email provider. The second method, utilizes the Mail() function in php. Full Scale Video Here
Download Here

Download Email_Spoof.php
(Right Click -> Save As Email_Spoof.php)

If you would like to submit a video to Infinity Exists Underground send a email describing your video to underground@infinityexists.com

Posted in Underground | 2 Comments

<< Previous Entries Next Entries >>