Ninja Bot By PCbots Labs - (X MadSpoT Security Team)

Salam, Its me again Muhammad Usman, from PCbots Labs. Today i have Danyal Malik, my friend Xtream Programmer is with me in Lab. As a Pakistani hackers programmers, we  code 1st Pakistani Botnet. Last time u see Me and Ali coded Pakistani 1st PHP Backdoor shell name with" Madspot Security Shell". We got about 10'000 plus download of Madspot Shell. We really want to code lot of stuff but time is huge issue for us. :( We have to work for others to get 3 times meal. So inshAllah, When ever we get time, we will make some thing interesting again.

We was working on special Project related to Botnets. We are here, With Pakistani 1st Botnet + RAT and use some Malwares Skills to hide and spread. Till now its 100% FUD, May be because we code it ourselves. As a coding point of view, Code is generic and can handle all data and scripts dynamically. 

Basic Features:-

• Backdoor
• System Basic Info.
• Screen Shots.
• Live Command execution from Bot Master. 
• Offline Script Execution.
• Script Execution on Effected Systems. 
• With Very few System Dependencies.
• Logs dump in SQL Server Even system connects with internet after a year. 

This is admin panel of botnet logs panel. Its in asp.net. We again also work on cool hackers Design so it give little feel related to hacking. I hope u will like it. 

This is admin panel with all details of botnet shares, DOS access etc. Graphic are also working cool like hell.

This panel is related to scripts. Like what is scripts for, what is time and data, should we need to take screen short of effected PC. Is script executed or not. Any DOS command and etc...

We added IP based search and also added MAC based search to get accurate response for effective PC.

This part get screen short and store in DB. You can view all details of screen shorts with time and data in panel. 

We use high level OOP using C# to code this. We also convert code in C++ and generate executable file. 

We think that there is lot of work need to be done. So i m not going to public it now. Their are few bugs and more testing is need to make final product. InshAllah soon i will update this Post with Download Link and Tutorial.

If some one got any query or question then feel free to mail us at 
Danyal Malik: danimalik54@gmail.com
Muhammad Usman: usman.madspot@gmail.com

Regards, :)

Posted by Muhammad Usman 2 comments

Read More

DDOS(Distributed Denial of Service) Attack Introduction ~ By PCbots

Salam, Me Muhammad Usman, live from my PCbots Lab's.

Today i m going to discuss about DDOS. Its very funny technique because its very difficult to stop. Its very common way to take down any server for temporarily amount of time. If server start responding then you site goes down. The worst thing about DDOS is that attacker need NO skills to attack on server. Attacker just need correct tools or bots and real IP of server.

What is DOS or DDOS ?

DOS stands for "Denial of Service" and DDOS stands for "Distributed Denial of Service" attack. In DDOS, An army of compromised system started to attack on single target. This will flood server with fake request and server goes down or stop responding.

DDOS Real Life Example:

If some one not able to understand then i give you a real life example. 

lets suppose, we have 1 eating table, which will act as server and 5 people can eat on table at a time. If some extra person can, those can wait in waiting room. Waiting room can keep 4 people waiting. In Computer Science, we call waiting room a "Que". 

So what will happen, if 10 more people came ??? Think about it.

Table is fill for specific time and more and more people are coming. Soon there will be no space on table as well as in waiting room. So No one is going to eat any thing. 

Same thing happen in DDOS. Server got too many request so it can't able to handle them all and server goes down. I hope you will understand idea of DDOS with eating example. 

And after example i started to feel hungry. :| Dammm.. you DDOS.

How many kinds of DDOS ?
Now i m going little advance. There are hundreds of way to create a DDOS attack but if we see as bird eye then all attacks lies in 3 categories. 
1. Volumetric Attacks:-
The main idea about volumetric attacks are to consume all bandwidth with in network of target server OR between the bandwidth of Target server and Internet. So there will be no bandwidth for public user of server or target. In simple words to heart fail the network between internet and target server. 

2. TCP State-Exhaustion Attacks:-
TCP State-Exhaustion is quit interesting. When we talk about TCP connection then we will also talk about connection state tables. These connection state table are present in many places in server. i.e firewall, server applications, and any other service working on server. The more services running on server, the more server is vulnerability to DDOS. Its true that due to threading, its possible to maintaining states on millions but still its not so difficult to take down those services.

3. Application Layer Attacks:-
Very very common attack in last 2 to 3 years and quit difficult to stop it. Basically in Application layer attacks, we only target some specific application running on target server. i.e HTTP GET flood. This attack don't need lot of traffic so few machine can attack on target server and due to low traffic, it become very difficult to to detect. 

How to DDOS Attack? - Unleash the HELL ( ^_^ )
There are hell many Scripts, tools and botnets to throw packets on server.  Just Google it and you will find too many results. Google Images
We got some php scripts and i think we forgot to put DDOS script in Madspot Shell :/ 

We got Python, ruby, Perl, php scripts for DDOS from server to Target server.
We got some tools in VB.net and C# for through UDP packets from your PC to target Server.
We also got some old Russian DDOSer in C++ and C. Hell fast and threading at high number.
We also got botnets, i think, i also show you a screen short.

You can generate about 50GB/s DDOS attack on Server using Botnets. Mostly server goes down with only 2GB/s DDOS. But its totally illegal and very noobish thing to do. 


How to Protect ?
- Hide your real IP.
- Get Powerful server.
- Use fake IP like Cloud-flare
- Use Script to block IP's which give too much extra traffic from your server.

When you have to fight with botnets then its quit difficult to stop DDOS. Only powerful server is solution which can bear hell of traffic. 

Today i talk about only introduction about DDOS. This month, i will not write any thing advance because if you don't know about basic then how can you understand advance logics. Like if you find SQL Injection on site DB and it did not give you admins password but you can use that injection point for DDOS on Database. I will teach you about these advance techniques in next section. Use Google! 
That's all for today. i m now really tired after writing this post. I need a drink :( Some one ? Any one ? So No one :( lol just kidding. i m going to cafe :D

Little Advice:
The world is full of niCe people, If you don't find one then Be One! :)

If you need to ask me some thing directly then you can find me on social media with user name "usman.pcbots"(Skype, fb, Gtalk), PCbots Lab's

Bye Bye and keep learning.....

Posted by Muhammad Usman 4 comments

Read More

How to hack Facebook Account [20 Different Ways] ~ By PCbots

Salam to All,
Me Muhammad Usman from PCbots.

I don't know why, But about 100+ people ask me hack Facebook Account of any person. *__* My Question to them, WHyyyyyyy...!!! Ok i admit that i am Ethical Hacker but we work really hard to learn techniques. Public thinks that we have software and we add Email and BingoOO...!!! 

Game Over! I wish that it would be that simple but unfortunately, There is No Such thing like Facebook Hacking software. What you think that Companies like Facebook, Google and Twitter are sleeping ??? They spend million of $ to set security every year.

These are 20 very common ways to Hack Facebook accounts. You can also use same techniques to hack, Gmail, Yahoo, Hotmail, Twitter and all mailing account.

1. Social Engineering
2. Facebook Phishing
3. Keylogging
4. Password Stealers
5. Brute Force Attacks
6. Dictionary Attacks
7. Exploiting Facebook's Trusted Friend Feature
8. Fake SMS 
9. Session Hijacking
10. Sidejacking
11. Clickjacking
12. Mobile Phone Hacking
13. DNS Spoofing
14. USB Hacking
15. Man In the Middle Attacks
16. Botnets
17. By Pass Security Question
18. Cookies Grabbing
19. Using Facebook App's
20. Steal Victim Laptop/Cell Phone

There are few more ways to hack accounts but i think, its better to remain them private. 

Hackers Facts
80% Hackers receives request of Hacking Facebook Accounts from their Real Life Friends.

How to Protect yourself from Hackers ?
Install Firewall in your PC. I think Firewall is more Important then AV(Anti Virus). Windows firewall is shit, so don't trust on it. 
If you have some important Stuff on Facebook or Gmail then make new Email ID(Its free so Chill) and make yourself Admin of Pages and put mobile verification on it. And Turn ON all Security stuff which is available. Hide that Email ID from Public. And use 2nd one for Content Creating and other stuff.
At least in 2 month, Reset you Password for once.
Don't use same password at every place. 
Clean Cookies every month. 
Don't run exe files, which download my itself. 
There is NO such thing like 100% Security. So Chill. 

That's all for today. We will discuss one by one all topics mention above with Piratical. Every thing i teach is just for learning purpose. 

If got any Question, then put it in comments or find me on Social media. 
User Name: usman.pcbots (Facebook, Gtalk, Skype).

Bye Bye.... And Keep learning. 

Posted by Muhammad Usman 5 comments

Read More

Introduction to Hacking - Noobs Friendly ~ PCbots Lab's

AOA, Live from my PCbots Lab's. My Name is Muhammad Usman. I m from Islamabad, Pakistan. 

Today, i am going to talk about some basic technique about hacking. Off course, we will also about in detail in future but today will just talk about basics.

What is Hacking ?
Every one has their own definition of hacker, But i think, Hacker is person who think outside the Box. Who explore system and see and observe things in different angle. 
Let's have an example. What happen, when you see things very closely ??
It become very difficult to observe things. So we just need to change angle to see things. It will give us more information and better view. 

There are different "Types of Hackers". You can read in link, if you want to know more. 


What we have for hacking ?

Now the most basis question about hacking is about devices for hacking. There is huge list.

We have Windows, Windows phones, Linux, Android, SCADA, Networks, Servers(Linux, Unix, Windows, MAC and many many more), Banks, VPS, SMTP servers and each and every thing which is connected with Internet. By the way, those devices which are not connected to internet can also be hacked but its after long way to go. We need medium to hack any thing. 

Only GOD is perfect. So every system make by man must have some venerability or mistake in it. Hacker are those, who exploit those mistakes made programmers mostly. 

How many techniques for hacking?

This question is very difficult to answer because now in 2014, we have 1000's of techniques for hacking. Even people are hacking flying drones of army. 

- For Servers and defacers

SQL Injection

XXS, Cross sites Scripting

DNS Poisoning and Port Exhaustion

Kernel rooting

Social Engineering(Making fool dump Admins)
LFI, Web 0days and bugs.
DDOS (Denial of Service Attack)

- For Regular Computers User

Key-loggers

Botnets

spy tools

RAT
Malwares
Worms
Zero-days
Exploits
Trojans
Viruses

Shared data

Sniffing 

Cookies hijacking

Fake Tools(Like Facebook hacking software's)

and many many more. 

Who are more dangerous then hackers??
The Answer is "Cracker"or "Black-hat". These are some hell genius people, There fight is with System. They find ways to Crack system and create damage. Never mess with them on Internet. 

Tips:
If you want to become "Ethical hacker OR White Hat Hacker Or Security Expert"(Person who stop Hackers) then Google every topic separately and understand working of Computers and Systems. Hacking is all about Determination with mind that can think outside the box. And if you work hard, you will surly become hacker. 

Only thing is person to see is his/her manners. Never forget this. 

If you want to ask any Question then you can find me on Social media with usman.pcbots(Gmail, Skype, Facebook). Or comment. That's all for today. See you Next time. Allah Hafiz. :)

Posted by Muhammad Usman 0 comments

Read More

Different Types of Hacker and their Thinking ~ PCbots

The different kinds of types of hackers there are, so people don't misunderstand what they are

White Hat: A hacker who is motivated to explore systems for intellectual curiosity, rather than for malicious or criminal intent. White hat hackers oppose doing damage to systems, stealing data, or interrupting service to a Web site. But their activities may be illegal if they explore systems they aren't authorized to enter. White hats can also unintentionally damage or delete data. Many white hat hackers work as well-paid security consultants, programmers, and network administrators. Refers to ethical hackers as well, as they (usually) only break into systems and pentest IF they have permission, thus they don't have a reason to do anything malicious except if it has been requested by f.ex. a contracting corporation (which is quite unlikely). These are also refered to as the good guys, as most of them makes proof of concept, consulting, etc. Which helps the internet to become more secure (even though their proof of concept are usually abused by f.ex. script kiddies). It should be said though, that occasionally black hats has been seen claiming they're white hats, and also (of course) that script kiddies were white hats. 

Black Hat: If you think of www as the wild, wild west, then you can guess on which side of the law the black hat hacker operates. Black hat hackers (aka "crackers") steal data or damage systems. The most dangerous black hats are able to remain undetected for years, secretly monitoring a victim's PC for whatever nefarious purpose they have in mind. This is the type of hacker that hacks for usually personal gain, weather it is economical, political or just fun doesn't matter. There's no such thing as respect for authorities, loyalty or morale (if there were, then they would be more near the gray hat area). In this case there's often found script kiddies claiming that they are pure black hat, because it sounds cool, destroying and might work with non-hackers to induce a state of "awesomeness", even though the real hackers would have no problem seeing that the person is just a script kiddo.

Red Hat- A Red Hat is an Aggressive Version of a White Mage in the employ of a Government Agency whose purpose is to hack into the Computer Mainframes of other Governments with the Goal of Disabling or Cripping them.

A Grey Hat-

A Grey Hat in the computer security community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

Disambiguation

One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. It might be a little misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system admin of a penetrated system of their penetration. Such a hacker will prefer anonymity at almost all cost, carrying out their penetration undetected and then exiting said system still undetected with minimal damages. Consequently, grey hat penetrations of systems tend to be for far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.

The Ghost Hacker (Spammers)

This type of hacker, doesn't exist as the person behind has hidden that identity so well he should never get caught. The reason why it's unlikely he would get caught is due to he's extremely well skilled and also very focused on what he is doing. The ghost hacker lives though, a double-life in the real world and also virtually. He has a job, usually an anonymous IT-job in the middle-class, which he does without any problems. He has a normal route and routine on the internet just as the others of us, but this whole identity is just an identity to hide his real intentions. In his other life, which NO ONE knows about, he has probably a room with separate machines, which are quite stealthy. The last note about ghost hackers is they (usually) make big money on their things, and they might use a lot of time on doing the work with their contractors which are of course, hidden as well.

Blue Hat- A Blue Hat is a Rouge Hacker who hacks for fun or to get revenge on a certain person or company who may have angered them. You should avoid angering or offending Blue Hats, this should be very easy due to the fact that most Blue Hats are passive in nature and would rather practice on a person that they REALLY hate. Blue Hats are akin to "Noobs" due to the fact that they don't really care that much about hacking.

Green Hat- A Green Hat is a name for a New/Newb Hacker, who is just starting to practice hacking. Green Mages are akin to "Newbs" due to the fact that they show a desire to learn about hacking and listen to more experienced hackers, and also they don't suffer from the ADHD-like Noobdom of Blue Hats.

The Script Kiddie

A script kiddie is not a hacker. He doesn't have the required knowledge about computers, servers and networks, infact only very basical knowledge about protocols, if he even knows what a protocol is. He's usually not capable of programming anything, though he's usually found on forums where similar exchanges ignorance. These kind of guys usually claims they know a lot, even though they really don't thus they are also found striking very at very random targets, on todays internet usually google picks their targets for them by using googledorks which might have even been made by other more skilled hackers. Most script kiddies doesn't understand anything in depth, yet they think they know a lot cause they can do their advanced stuff on windows machines.

Now My own Point of view is that 

World Best Defacer or Web hackers are "Turkish"
They hack 1 million plus sites and really make hell in cyber space.

World Best Coders are "Russians" 
Russian hacker codes are really really dangerous and what they code in 2003 are now used in 2012. This shows the level of Russian coders.

Reference : http://en.wikipedia.org/wiki/Hacker_(computer_security) Google Images

Posted by Muhammad Usman 6 comments

Read More