kisanka's Avatar, Join Date: Dec 2008
Light Poster
wow, really nice thread. even nicer if someone continue this.
Bhullarz's Avatar
Skilled contributor
Quote:
Originally Posted by kisanka View Post
wow, really nice thread. even nicer if someone continue this.
yeah ! This thread is still open. If anyone wants to ask anything about hacking techniques or have anything to say on this topic is invited....
rajdaan's Avatar, Join Date: Mar 2009
Newbie Member
good..........................
we3z's Avatar, Join Date: Apr 2009
Newbie Member
Hi,

many things said in this thread are just urban legends, some are pure nonsense and most of the information you provide is a few years old. Maybe you should first of all define what you are talking about. Trojan horses are a wide topic


I. Trojan horses used by scriptkiddies apply to the rules you tried to set up here. They will be detected by AV (even if packed WinPEs are used as the packer sigs are known) and as long as these scriptkiddies do not have serverbuilder programs with really good advanced polymorphism technologies they will not get past your AV (you should update signatures on a regular basis). These are only a problem if you download stuff from websites you shouldn't trust.


II. Trojan horses made by someone who is older than 14 and who not just wants to play superhacker will mostly not apply to the things said in this thread. AVs will not catch you if you write your own trojan horse, pack the WinPE with your own packing scheme. They just scan for signatures and the crap they call heuristic algorithms isn't worth the hdd space. It scans for API Calls and tries to figure out what the program is doing. Ha ha. There are many ways to circumvent this e.g. by packing the PE like said above.

These trojans are designed with stealth in mind so there will not be a BIGFATROJANEXECUTABLE.EXE in your C: root directory - there will be not exe at all. No dll. Nothing.
Good trojans will get admin privs if your win users does not have them (most do) by exploiting local vulns and then they just inject a system driver. Drivers run in ring0 (which means kernel-mode!) and when this happens your system is lost. Lost.
If you manage to place ring0 code you can alter anything. You want to hide files? Fine, just let the kernel say there is no TROJAN.EXE in your system whenever it stumbles upon one. Want to hide a process in memory? Allright, let's just forget our process during process enumeration and add the cputime it consumed to some other process. You want to know what the user is typing? Ok, hook the keyboard driver and copy what you want. You control everything on the lowest level.
Most of those 'AntiHacker OLOLOL AV Superscanner of Doom' crap just queries the kernel for a list of files, processes or memory to scan. An infected kernel will hide your trojan so deep inside your systems that the AV will not even know that there is something to scan.

Ok, so you might say your system is infected but the attacker will not get past your twenty firewalls (windows desktop firewalls haha). Ok, if our trojan is using the windows network stack it must deactivate the firewalls/AVs/whatever before sending data or connecting to the controller. Every user who is not completely dumb will see this and know he has been owned - not good.
But hey, we are ring0, right? What can we do about it? We just build our own IP packets and send them down the wire - not touching that windows stack (thats been watched by your firewalls) at all. It's a little work to implement your stack but so we are able to even create a virtual network card (we could even get our own IP address from a DHCP) because we can choose whatever MAC we want. Aah, freedom. Promiscious mode? Not a problem.
An attacker sitting inside your kernel will let you know what he wants you to know. No AV, no AntiHack, no chance - every information your system reports to you comes from the kernel. You're owned and you do not even know about it.
Your only way to know you're hacked is to get another system into your network and dump the traffic and take a close look to the traffic. Good hackers will hide inside the standard traffic your system pollutes to the network.


So, please do not post things like "if you're the master the trojan is a slave" - as long as you are truly a master.
TM_0034's Avatar, Join Date: Mar 2009
Newbie Member
Hi! Is anyone can help learn how to hack an ID? My old Yahoo ID has been hacked and i want to take back if possible, which that ID is my first ID in yahoo mails and messenger and all original details are thier. Please would you mind whoever knows how to hack an ID kindly share your knowledge on how to do it? Thanks a lot in advance.
!Newbie!'s Avatar, Join Date: Apr 2009
Ambitious contributor
am new here and find this discussion quiet interesting, will try and contribute...
LuckyWorker's Avatar, Join Date: Apr 2009
Newbie Member
those software that you download from warez sites and those from p2p is most likely a trojan program imitating those legitimate software. i have a habit of doing that when I was younger. I used VB or C++ to create remote admin tool. However, i get a lot of problems if there is a firewall installed. Some of my programs could bypass ZoneAlarm though.
opareadams's Avatar, Join Date: Apr 2009
Newbie Member
How can i create a keygen??
Burillo's Avatar, Join Date: Apr 2009
Light Poster
This thread has its fair share of bullshit but nevertheless is very informative, especially that post by we3z about kernel-level trojans. so i'll just put my two cents in this discussion.

So, first of all, Bhullarz, no offense, but your "HACKERS", "VIRUSES", "TROJANS" and all the other scary words capitalized look like cheap advertising
on a serious note, IMHO you're both right and wrong at the same time. It's true that new malware appears at much higher rate than it goes to the databases of the AV software (especially the free ones), but we all know that pretty high percentage of this malware is being detected by heuristics and "decoy" computers that are used by the AV companies for automated malware detection.
And despite your ravings about infected cracks and keygens the truth is that most of the cracks and keygens are clean if you download them from right sources. On any serious forum (where users are computer enthusiasts) anyone who posts trojan will sooner or later (probably sooner than later) get detected, banned and have his message deleted. Same goes for any serious torrent tracker - if something is reported as fake or trojan - it gets checked immediately by the community - and trust me, most users of such websites aren't exactly dumb computer illiterate leechers. The real danger comes in "true" filesharing networks like ed2k or limewire - but the thing is, almost every trojan i met there had fixed size and was easily detectable once you know how it looks like. A pretty much safe practice would be using some kind of sandboxing software, be it a virtual machine or Sandboxie.
As for that firewall thing... Few posters made some valid points about firewall penetration techniques, and there even is a website that concentrates on exactly that - they write "leaktests" and test them against popular firewall programs (just google Matousec). I myself use the firewall that is stably in first five for several years now and don't use an antivirus at all. The most valid point was that if the trojan was connect - they will get detected. This is not true if they were using legitimate program (like IE) to connect, but that would be true if the firewall was able to detect potentially dangerous actions. For example, i downloaded a keygen. I know it shouldn't try and execute IE, don't i? That's the whole thing, it's that simple. Of course, that won't help if the ring0 trojan was already there, but when it gets installed it will install a driver and that will be detected by firewall! So proactive security (and your own vigilance to unusual behaviour) might be your last chance if signature-based security fails.

PS this post is no bullshit - i can't count how many viruses i've blocked when they tried to own me and i even manually deleted several trojans from my system using solely my firewall and some extra tools (HijackThis, Sysinternals stuff and others). Yes, i shouldn't have been allowed them in the first place but sometimes i make mistakes too
udefined's Avatar
Light Poster
noh man i m 100% safe from hackers as i m an ethical hacker .......................
and i havee knowledge of all security measures and how to encrypt data over the net