Elakiri Security Guide for members Part1


Desktop Phishing
( the new art of phishing )

Hello Guys This is a Video Tut for you guys to be out from Hackers ! in this Video you'll get to know about the new way Of phishing

special about desktop phishing is :

old way of phishing = www.hotmail.freehost.com (http://www.hotmail.freehost.com)

Desktop Phishing = www.hotmail.com (http://www.hotmail.com)

I recommend you all to watch this Video



Screen Shots Of the Video

http://img2.imageshack.us/img2/4333/capt4.png

http://img141.imageshack.us/img141/1250/capt1.png

http://img148.imageshack.us/img148/3001/capt.png

Videos

Sit Back and watch all the videos are 30 mins long

http://www.youtube.com/profile?user=EthicalWorld&view=playlists


kM0TE9QbCNs

lSFriZ1eX6c

0t4nkbHdcRc

VFPkhxfsF_0

thanks bro

ow

for all this troubles only 2 commens ?> :( :(

he man u are really wonderful man.. keep ur good work up... dont value ur thread by comments.. hope to see this kinda things

thanks in advance

Machan Sirawatama patta :yes: godak watinawa EK memberslata mekanam :P EK Phishers la dethun denekuth inna eke dan kattiya dana gaththa eka ela :rofl:
Keep it up ;)

sticked !!! wow .. thanks GTRZ aiiya

hehee ela maxxa machoo ;) ane elakiri ekath phish karanawa kiwwama ;)

thnx dude

owkay !!

MAX machan :D
Awesone toutorial :)
thxx :D

elzz thnx. vena monava kiyannada?

thamange knowladge eka mevage honda vidiyakata yodavanavanam kochchara deyak da?

thnx again

Thanx! man i actually gonna DL these vids cuz i utterly dnt understand ! keep up ur Ethical things going man! all the best :D

I actually thought you were using Ubuntu first! :lol:

thankx!

Thanx! man i actually gonna DL these vids cuz i utterly dnt understand ! keep up ur Ethical things going man! all the best :D

I actually thought you were using Ubuntu first! :lol:


I was using .. Im back to windows !! but I have Ubuntu on my Virtual PC

sticked !!! wow .. thanks GTRZ aiiya
;) :D

thanx bro. never knew anything abt this sort of phishing. thanx for saving us from getting phished. :D

thanx bro. never knew anything abt this sort of phishing. thanx for saving us from getting phished. :D

ur welcome

Once you can open the door, proceed straight ahead to an arena called the Dark Iron highway. It is the location where you have the ability to make huge amounts of wow gold (http://www.thewowgold.net) by mining ore. Here there are a lot of dark iron spawn points so it is possible to reach one or two of them on every run. You are able to go ahead and mine the ore, depart and reset the instance to repeat it over again. Probably it will be necessary to have a couple of people for this. The exception would be a Rogue or a Druid, in which case you could stealth in. Hunters have the ability to run in and pretend they are dead to escape the mobs around the ore.Cheap wow gold (http://www.thplay.com) here http://www.thplay.com

he man u are really wonderful man.. keep ur good work up... dont value ur thread by comments.. hope to see this kinda things

thanks in advance

Wellsaid bro
One of the most valuable thread I ever saw in EK :yes:
Keep up with ur great wrk machan
Counting on ur time uploading all 30 minutes vdo to U tube ,
We all highly appriciate your work for a better future of EK family :D

i'm already using it

by the way if you infect you cant survive you wont notice

hay their are many ways to hex the arm you wont notice now most of the hackers using rar self extractor easy

thanx

:yes: :yes: :yes: :yes: :yes: :yes: :yes: :yes: :yes:

patte banzzzzzzzzzzzzzz

pixxu hadey!

thnx man

ha ha...........

wow,,,must study..

Seriously, this is kiddy stuff. there are much more advanced ways to phish.

This is not a new type of phishing. this is called DNS spoofing.

Seriously, this is kiddy stuff. there are much more advanced ways to phish.

This is not a new type of phishing. this is called DNS spoofing.

wrong this is called Pharming

wrong this is called Pharming

Thanks:)... I didn't know someone has created a word for "DNS spoofing" with hostfile.

Thanks:)... I didn't know someone has created a word for "DNS spoofing" with hostfile.

The thing ur talking about isnt really called DNS spoofing its DNS Poisoning and in this video I not talking about the both ..Im talking about desktop phishing ..there is a little bit dif bitween pharming and desktop phishing ..Im dont remeber the explanation on it .. thats it ..

This is pointless as, for this to take place. U have to commandeer the victims pc to make any changes to the host file or proxy setting etc. If you have control of the pc, why use this techniques to get a password ? simple key logger will be enough .

nice work. you have taken a lot of time and effort to make this vids. good work. as you said in the vid there are many... many... MANY ways of doing things. i honestly don't expect a average user to be able to defend them selfs if they are really targeted.

i agree with bash101 though.. if you can run something in someones box... why not just install a kernel level root kit. you can log everything... and do much more if you wish so... and get them to you.

nice work. you have taken a lot of time and effort to make this vids. good work. as you said in the vid there are many... many... MANY ways of doing things. i honestly don't expect a average user to be able to defend them selfs if they are really targeted.

i agree with bash101 though.. if you can run something in someones box... why not just install a kernel level root kit. you can log everything... and do much more if you wish so... and get them to you.


we dont u think it depends .. Ok do me a faver how many tuts on Google u can find about how to keylog or steal .. try it . then google on desktop phishing.. see the result ..this techinc has been grouded for a long time dude

.. btw to detect keylogers and stelars there are AVs, But for this ?..umm I dont think so

.. btw to detect keylogers and stelars there are AVs, But for this ?..umm I dont think so

yea but how will u get access to the victim's machine if it have AV ? To get access to u have to use some sort of back door or have physical access. pointless going all this trouble if u already have access to the machine.

yea but how will u get access to the victim's machine if it have AV ? To get access to u have to use some sort of back door or have physical access. pointless going all this trouble if u already have access to the machine.

Now your talking topicless ..This isnt about getting access to a computer ..This is only about a technic on phishing .. you dont get access to a computer doing this

Now your talking topicless ..This isnt about getting access to a computer ..This is only about a technic on phishing .. you dont get access to a computer doing this

I know that, how can u get access to the host file with out accessing the computer ?

wOw...thanks DudE !!!

Greate woRk !!!!

we dont u think it depends .. Ok do me a faver how many tuts on Google u can find about how to keylog or steal .. try it . then google on desktop phishing.. see the result ..this techinc has been grouded for a long time dude

.. btw to detect keylogers and stelars there are AVs, But for this ?..umm I dont think so

don't get me wrong machan, i am not trying to undervalue your contribution here, its well worth the effort and is much appreciated. please keep continuing your work. you deserve much respect.

about keyloggers... well any script kiddy can google and find some ready to deploy keyloggers these days. there are plenty of keyloggers that escape AV detection. you might be able to detect a plain keylogger or a trojen...etc with AV... s/w. but if you get infected with a (good) kernel level root kit, its very hard to detect it. as it sits in the kernel level. it can modify/alter/disrupt system calls and basically it have a lot of power. any AV... or other program will find it hard to detect a well coded KLRT. but still these too can be detected, as with anything thats out there. but it will require much more work, skill and time. please google kernel level root kits for windows. you'll find plenty of papers and s/w.

tnx bro rep +

thxx

don't get me wrong machan, i am not trying to undervalue your contribution here, its well worth the effort and is much appreciated. please keep continuing your work. you deserve much respect.

about keyloggers... well any script kiddy can google and find some ready to deploy keyloggers these days. there are plenty of keyloggers that escape AV detection. you might be able to detect a plain keylogger or a trojen...etc with AV... s/w. but if you get infected with a (good) kernel level root kit, its very hard to detect it. as it sits in the kernel level. it can modify/alter/disrupt system calls and basically it have a lot of power. any AV... or other program will find it hard to detect a well coded KLRT. but still these too can be detected, as with anything thats out there. but it will require much more work, skill and time. please google kernel level root kits for windows. you'll find plenty of papers and s/w.

Ur Talking about FUD keyloggers . well yeah but it only stays max 3or 4 days FUD . BTW antivirus allways take a peak on the executing file where it goes what it does ! .

well if your talking about rootkits, hacker defender does a good job .. and most of HD's delect befor they execute .and it only helps to hide your shits .. you can cypter a trojan to make it FUD but not for ever ..

BTW Rootkits / Keyloggers / Stealer isnt my topic here dude !

I know that, how can u get access to the host file with out accessing the computer ?

Now I see whats the problem ..you didnt Understand it completely:lol::lol: ..lol it happens .. even it happed to me for the 1st time..

anyways .. it works in the same way dude ..bind it with a software send it to your victim thats all

godak honda vadak. e vagee ma mahansi velaa karapu honda tutorial ekak. uthsahaya ithaama agaya karanava. bohomath ma sthuthi me vage vatina thread danavata.

habai man hithana deyak thamai 2nd video eke samahara software handunaganeeme salakunu ivath venavanum hondai kiyana eka. visheeshayen eevala num. moko eeka virus ha venath hanidayak software pathuravana ayata udavvak vena nisaa.

wow bro!!;)

amazing!!!

one of the most useful threads of EK :):)

Wow Ethical World bro..oya wage thawath oyage danuma share karanna!!
all the best!!

;):)

yea but how will u get access to the victim's machine if it have AV ? To get access to u have to use some sort of back door or have physical access. pointless going all this trouble if u already have access to the machine.


:lol: :lol: :rofl:

hay, nice \ TUT DUDE . .

see this is what happens when ********** get their hands on information....
before you teach others, first take a right look at the meaning of the word "hack"....

**********= any word u lyk

"ashwaya ta ann labuna wage"

see this is what happens when ********** get their hands on information....
before you teach others, first take a right look at the meaning of the word "hack"....

**********= any word u lyk

"ashwaya ta ann labuna wage"
Flamer .. Dont Flame Others Threads

elane

Mr. From Ethical_World

Thank You For Educating Us About Desktop Hacking:
But I have to say few things on behalf of you too.

1. First of all change your wallpaper man it disgust me.

2. And what the hell is wrong with your OS, to me it seems like that you have put a crappy Ubuntu theme, Your this has slows you down.

3. Ok, About this hacking. You cant setup this on a remote machine.

4. Without the Pre-involvement of the remote user you wont be able to hack his Host File.

5. Specially in Vista & Windows 7 Without the permission of the administrator editing the host file is hopeless.

6. Even if you arm this is a Cafe / Labs Latest Internet Security Suits Blocks Redirection's.

7. And use a step method to describe tuts since we don't have to spend 36 minutes to watch this.

KEEP UP THE GOOD WORK

Mr. From Ethical_World

Thank You For Educating Us About Desktop Hacking:
But I have to say few things on behalf of you too.

1. First of all change your wallpaper man it disgust me.

2. And what the hell is wrong with your OS, to me it seems like that you have put a crappy Ubuntu theme, Your this has slows you down.

3. Ok, About this hacking. You cant setup this on a remote machine.

4. Without the Pre-involvement of the remote user you wont be able to hack his Host File.

5. Specially in Vista & Windows 7 Without the permission of the administrator editing the host file is hopeless.

6. Even if you arm this is a Cafe / Labs Latest Internet Security Suits Blocks Redirection's.

7. And use a step method to describe tuts since we don't have to spend 36 minutes to watch this.

KEEP UP THE GOOD WORK

Answers

1.Wallpapers goes on my likeness not yours .
2.Well I have Ubuntu theme coz I like it , same answer as like 1st one
3.You can ! you can google and find the correct tut. or just watch this
http://milw0rm.com/video/watch.php?id=101
plus now it come with SSL certifications . most ppl use this to hack paypals
4. Its not about a remote user
5. Its only work on XP
6. It depends . most of cafe dont have that much shit
7. lol got to say sorry about that

Answers

1.Wallpapers goes on my likeness not yours .
2.Well I have Ubuntu theme coz I like it , same answer as like 1st one
3.You can ! you can google and find the correct tut. or just watch this
http://milw0rm.com/video/watch.php?id=101
plus now it come with SSL certifications . most ppl use this to hack paypals
4. Its not about a remote user
5. Its only work on XP
6. It depends . most of cafe dont have that much shit
7. lol got to say sorry about that



you proved my point. you cant setup this automatically. user involment is a must :lol::lol::lol::lol::lol::lol::lol::lol:

you proved my point. you cant setup this automatically. user involment is a must :lol::lol::lol::lol::lol::lol::lol::lol:

අයි සි ඩ්ම්බ් !!

aha cool thankzzzzz

අයි සි ඩ්ම්බ් !!

ආර් යූ ලුකින් ඇට් එ මිර?

ආර් යූ ලුකින් ඇට් එ මිර?:frown::frown::frown::frown: Damn Damn Damn .. u dont get this
Lets say ! I've put a download file on elakiri binded with a phisher arm and it phishers Elakiri ! when u download and run the file it execute the host file and replace ur orginal host file thats what happed . then whn u brows elakiri.com it will come up with my phisher.see isnt it simple ?

BTW without user involvement is impotent without user involvement nothing work .. not Phishing , not stealing , not keylogging , nothing

:frown::frown::frown::frown: Damn Damn Damn .. u dont get this
Lets say ! I've put a download file on elakiri binded with a phisher arm and it phishers Elakiri ! when u download and run the file it execute the host file and replace ur orginal host file thats what happed . then whn u brows elakiri.com it will come up with my phisher.see isnt it simple ?

BTW without user involvement is impotent without user involvement nothing work .. not Phishing , not stealing , not keylogging , nothing

Sinhala :itin eka thamai yako man kiyane...oka download kerala exicute kere nattam IMPOSSIBLE.

English :Thats what I mean bro.If I dnt download and install it it wont work, If my AV finds it b4 downloading......

Tamil :teriyama da, appada suppa internet ippadu download sariya na.appade teriya sami semma sumana teriya paadu naai

Sinhala :itin eka thamai yako man kiyane...oka download kerala exicute kere nattam IMPOSSIBLE.

English :Thats what I mean bro.If I dnt download and install it it wont work, If my AV finds it b4 downloading......

Tamil :teriyama da, appada suppa internet ippadu download sariya na.appade teriya sami semma sumana teriya paadu naai
\
Ithin yako mama mona welaweda kiwwe without download and execute wada kiyala ?

thank you !!

Bump :eek:

:) thnx

අඩො ! පිස්සො ටික :lol:, ඔච්චර ටිකක් කියල දිලත් mr, Ethical_World ට පද හදනවනෙ බන් උබල, තොපිලට ඕකනෙ ඉතින් මොකවත් කියල දෙන්න බැරි. හැකින් කියන්නෙ පොත බලාගෙන කරන දෙයක් නෙමයි. කොහෙන් හරි දෙයක් දැනගත්තම, ඒක ඔය ඔලුව ඇතුලෙ තියෙන එකට ඒක දගෙන, තමන් දන්න දෙවල් එහෙමත් එකතු කරල තමයි කරන්න ඔනි.

ඕක over the internet ඉන්ස්ටොල් කරන්න ඔනි නම් මෙහෙම කරන්න. (but noobs proof එකට කමක් නැනේ)

1. ඉස්සරවෙලාම, හැක් කරන්න පොරක් (තරහ ගන්නෙ නැති යලුවෙක්) සෙට් කරගන්න. (එලකිරි එකෙම ඉන්නෙ ඔනි තරම් යලුවො, )

2. 1mb විතර ඉඩක් හොයගන්න සවර් එකක. (දැනටම ඔව්න් කරගනිපු එවා එකහෙමත් ඇතිනෙ, ෆ්‍රි හොස්ටින් හරි කමක් නැ කියමුකො, ඒ එකක් වත් බරිනම්, ඔයාලගෙ කොම්පුටර් එකටම අපාචි, පිඑච්පී දාගෙන no-ip එකෙන් ට්‍රෆික් එක රීඩිරෙක්ට් කරගන්න)

3. ඊටපස්සෙ php කොඬ් එකක් ලියන්න විසිට් කරන අයගෙ අයිපි එක ගන්න ($_SERVER['HTTP_CLIENT_IP']) ඔකෙන් පුලුවන්
ඒ ගන්න අයිපි එක ටෙක්ස්ට් ෆයිල් එකක ඇපෙන්ඩ් කරගන්න. (මෙහෙමත් පුලුවන් file_put_contents($file_name,$ip);)
php script එකේ අන්තිමට ලියන්න කොහෙට හරි රිඩෙරෙක්ට් වෙන්න (header( 'Location:'. www.මොකක්හරි.com)) එතකොට සැක හිතෙන්නෙ නැ කාටවත්,

4. අපේ යුආර්එල් එකට එන ඔනිම කෙනෙක් එයගෙ ip එක අපේ ටෙ‍‍ක්ස්ට් ෆයිල් එකෙ දාලා තමයි යන්නේ. (ඕනිම නම් එ‍යාගේ ඕඑස් එක, බ්‍රවුසර් එක එහෙමත් ගන්න පුලුවන්, එහෙම ඕනිනම් text file එකකට නැතුව, xhtml table එකකට ගන්න. ටේබල් එකකට අලුත් row ඇඩ් කරගන්න පුලුවන් ලෙසියෙන්ම str_replace(</tr>,<tr>bla bla bla</bla> ) එකෙන්)
5. දැන් තමයි ලොකුම අවුල, මෙතනින්පස්සෙ පොර (හැක් වෙන්න බලන් ඉන්න එකා)
නෙට් එන්නේ කොහොමද කියලා හොයා ගන්න ඔනි. එන්නේ මොඩම් එකකඉන් නම් මේ ස්ටෙප් එක ඔනි නැ, එසෙල්ටී නම් අනිවා රවුටර් එකකින් එන්න එපැයි, (අයිපී එක trace කරානම් වැඬේ ලේසියි ) දැන් telnet එකෙන් පොරගේ රව්ටර් එකට ලොග් වෙන්න බලන්න, (මම නම් telnet වලට වඩා කැමති putty එත් හැමොටම බැනේ) හැබැයි දැන් ගොඩක් රව්ටර් වල ලිනන්ස් 2 + micro http demon දාලාම එන නිසා ip එක බ්‍රොව්සර් එකේ ගහල උනත් ලොග් වෙන්න පුලුවන්.

6. ලොග් වෙන්න පාස්වර්ඩ් එක දන්නේ නැත්නම්, metasploit express හරි වෙන tool එකකින් හරි, ඩික්ශනරි අටැක් එකක් දිලා ඇතුලට යන්න metasploit express එකේ ට්‍රියල් එකක් ගන්න පුලුවන් ඔනි කෙනෙක්ට. හැබැයි කොම්පැනි මේල් එකක් ඔනි. වෙබ් මේල් වලින් බැ. (මම නම් දිලා තියෙන්නෙ sltනෙට් )

7 ඊට පස්සෙ NAT ඒකෙන් ඔනි පොර්ට් ටික ෆෝවර්ඩ් කරගන්න ලැන් අය්පි එකට (ඔනි පොර්ට් ටික හිතාගන්න, මම ඕවා කියල දෙන්න්න ඔයාලා බබාල නෙමයි නෙද?).

8. හරි, දැන් වැඬෙ බාගයක් ගොඩ. metasploit framework එක ඩවුන් ලොඩ් කරගෙන අප් ඩේට් කරගන්න.

8. metasploit හොදට දන්නවා නම් නෙට් එපිඅයි 80 වගේ එකක් හරි තමන් හොදට පුරුදුවෙලා ඉන්න එකක් හරි මොකක් හරි පේලෝඩ් එකකින් cmd එක අරගන්න, (metasploit දන්නේ නැත්නම් නිකම්ම ඔටෝ පව්න් පාරක් දිලා meterpreter එක ඔපෙන් කරානම් එලකිරි)

9. දැන් වැඩේ ගොඩ. දැන් vb script එකක් ලියන්න හොස්ට් ෆයිල් එක ඔය කියන විදියට අපෙන්ඩ් වෙන්න (වැඩ කාරවෙක් නම් බැච් ෆයිල් එකක් උනත් කමක් නැ. අහ්, අමතක උනා ඔක්කොටම ඉස්සරවෙලා ෆයිල් එක රයිටබල් කරගන්න, ඔය කියන exe එකත් හොඩයි ඔය වැඩෙට!). එ ෆයිල් ඔක්කොමයි, අපේ එතිකල්_වර්ල්ඩ් අය්යාගේ ගැජට් ටිකයි ඔයාලගෙ කොම්පුට්‍ර් එකේ ෆොල්ඩර් එකක් ඇතුලට දාලා, රිමෝට් cmd එකෙ FTP එකෙන් ඔක්කොම ටික පොරගෙ එකට යවන්න, පස්සෙ cmd එකෙන්ම සයිලන්ට් කමාන්ඩ් එකත් එක්කම රන් කරන්න) වැඩේ හොඩ.

10. අන්තිමට, කරපු පව් කාරවැඩේ නිසා අයිති කරගතා වු සියලු අකුසල් හේදෙන්නත් එක්ක, සුදු කිටක් ගහලා පන්සල් ගිහින් මලක් පනක් පූජ කරලා පව් සමා කරගන්න. :පී

ඔන්න ඔච්චරයි වැඩේ. . ස්ටෙප් 10 යි.
php, xhtml, ftp, cmd, meterpreter, metasploit, nmap & ncap ( අහ් මේ දෙක ගැන කියන්න බැරි උනනෙ. ඔයල දන්නවනෙ ඔවා ඔනි වෙන තැන ;) ) තව vb script, and batch file විතරයි යුස් කලේ . අද ඉතින් ඉස්කෝලෙ යන බච්චොත් දන්නවානේ ඕවා....

හැක් කරන එක ටිකක් උනන්දුව තියෙනවානම් මහ ඛජ්ජක් නෙමයි, එ වගේම හැකර් කෙනෙක් උනා කියලා කවුරුවත් ලොකූ පොරක් වෙන්නේත් නැ. . ඕනිම මිනිහෙක්ට තියෙනවා තමන්ට කියලාව පෞද්ගලිකත්වයක්. අපි එකට ගරු කරන්න ඔනි. ඒක තමයි මනුස්සකම. අනුන්ගේ දෙවල් හොරකම් කරලා සතුටු වෙන අය ඉන්නවානම් ඒ මානසික ලෙඩ්ඩු.

(මතකයෙන් ලියු එකක් බැවින් අඩුපාඩු ගෙන සම වෙන්න, ලගදි කවුරුවත් ගේම ඉල්ලුවෙනැ.. එ හින්දා මතකනැ සමහර තැන්)

Ethical_World එල පොරක් ඔයා නම් . . . . . . .



Disclaimer
මෙ සියලු කාරනා කටයුතු තමන්ගේ අධ්‍යපන කට යුතු සදහා පමනක් යොදා ගන්නා ලෙසත් අනුන්ගේ කොම්පුටර් හැක් කිරීමෙන් මහත් පළ මහා අනිසංස ලැබී,ඊලග ආත්ම භවය කොම්පුටෙර් එකක් දකින්නවත් නැති කොංගෝ වනයෙ අබ ගෙඩියක ඉන්න පනුවෙක් වෙලා උප්පත්තිය ලබා නොගන්නා ලෙසත් ඉල්ලා සිටිමි. ඔබට සියලු දේවි දේවතාවුන්ගේ පිහිටයි, ආරක්ශවයි..

maxxa kolla!

machan site eke ping karala ape ip eke ganne puluwan neda?

ela

bump