Theef is a Windows based application for both the client and server end. The Theef server is a virus that you install on your victims computer, and the Theef client in what you then use to control the virus. The biggest problem with using Theef is that most Anti-Virus programs will pick it up. But with a little bit of social engineering you can generally get people to turn off their AV for you.

Before we begin you need to get a copy of Theef. I have uploaded a copy to Rapid Share here: http://rapidshare.com/files/310301581/theef.zip . If that link does not work, I have posted several others in the forums here

So lets begin. First of all you need a target. This should be relatively easy to find, as I would imagine that the large portion of you reading this article already have someone in mind that you want to hack. If not, feel free to grab a second computer just so you can try this stuff out. For the purpose of this tutorial our victim is named Bob. And we are going to pretend that we are giving him an installer for a game called Awesome Game.

Now you need to convince your victim to turn off their Anti-Virus if they have any. This is because Anti-Virus programs will generally pick up Theef as a virus and delete it. Convincing someone to turn off their Anti-Virus is not often a difficult task, most of the time you can just tell them something along the lines of, &quote;Your Anti-Virus says Awesome Game is a virus, but it isn’t so don’t worry about it.&quote; People are gullible, they want to believe you will cause them no harm, they want to trust you. Use this to your advantage.

The next thing we have to do is configure the program. This is an easy task to do. And to make it easier I will walk you through it using screen shots to help showcase the items you might want to change.

First make a copy of the Theef server. The Theef server is named Server210.exe. Name your copy of the server awesomegame.exe.

Screenshot showing awesomegame.exe is a copy of Server210.exe

Now that we have a copy to work on we need to open up the editor. The server editor is named Editserver210.exe. Once it is opened you should be presented with a window that looks like this:

Screenshot of Theef Server Editor without a server loaded.

From here we need to open up our server for editing using the Load button. Once the server is loaded some values our to be filled into the boxes. The values on the first page can be left alone. In the forums I will be putting up a detailed list of what every option does, but for this tutorial we will only focus on what is needed to give Bob a virus.

To make it look plausible that Awesome Game is indeed a game and not a virus we need to setup a false error message. To do this click Setup->False Error. On this screen check the box to enable false errors, then fill in the Input box labeled text with the following “The installer failed to run!” Your screen should look like this.

Screenshot showing the False Error Screen of the Theef Server Editor

Now the server is ready to be saved and sent. Click the Save button to save the server configuration. The status bar should now say “Finished writing new server settings.” You may now close out of the server editor.

The next step is generally the hardest. You need to send the virus (in our case awesomegame.exe) to your victim and get them to run it. Now for the purposes of our tutorial we have decided to send Bob a “game” by the name of Awesome Game. Little does Bob know that Awesome Game is not a game, but our virus. We have sent Bob Awesome Game using Windows Live Messenger. If your victim is running Vista (like Bob is) then you will need to have them run the virus using Admin privileges.

Now that you have given them the virus the real fun can begin. From here we do everything in the Theef Client. This is the program that you use to control the virus. It is named Client210.exe. You should open it at this point.

Screenshot of Theef Client before connecting to a server.

You will need to get your victims IP address at this point so that you can connect to their computer. This is an easy task to do, and there are numerous ways to accomplish it. For our example we have convinced Bob to go to http://privax.us/ip-test/ and read his IP Address off to us from that page. We could also have gotten him to run ip-config or done any number of other things. If you have no idea what an IP Address is, just direct them to Privax’s IP Test and get them to send you their IP address off the page.

Using one of the aforementioned methods I have determined that Bob’s IP Address is 127.0.0.1 (please note your victim’s IP Address will differ from the address I have used in this example).

I now enter that into the IP input box on the Theef client and press Connect. If you have the correct address and they have run the virus you should see something similar to the following show up in the log box:

[15:56:44] Attempting connection with 127.0.0.1
[15:56:44] Connection established with 127.0.0.1
[15:56:44] Connection accepted
[15:56:44] Connected to transfer port

If you don’t have their IP Address correct or they have not run the virus you will see this instead:

[15:57:37] Attempting connection with 127.0.0.1
[15:57:58] Connection failed (Error: 10060)

Now that we are connected we can start to take do stuff. There are numerous features in Theef so I will only cover a small number of them here. I will likely cover more in the forums as time goes on. Also note that not all features of Theef work, and fewer features will work in Vista than in XP.

One of the most useful features of Theef is the key-logger, which is available under the Spy menu. Upon selecting it a key-logger window will open up as shown.

Screenshot of Theef Keylogger before it logs any keys.

After you click the Start button on this window you will begin to see everything that they type on their computer. This is very useful as it shows you ever password they enter. It is a one stop shop to getting their passwords to everything and things such as their bank account numbers, etc.

There are other features in Theef that can be used for just screwing with people as well. Underneath of the Control Menu there is a button labeled Power. If you click that you will notice an Open/Close CD-ROM Drive button. Most people freak out if their CD-ROM Drive randomly opens and closes without them doing anything.

So this concludes my brief tutorial on how to use Theef. There is a lot more in this program that I covered here, but this should give you the basics on how to get started. Below I have posted two videos showing many more things that Theef can do. If you play these videos at the same time you can see how the client controls the server.

Watch Theef Server in Educational & How-To | View More Free Videos Online at Veoh.com

Watch Theef Client Video in Educational & How-To | View More Free Videos Online at Veoh.com

Love,
Haxor ~Zell Faze~
<3

href="http://www.statcounter.com/joomla/"
target="_blank"> src="http://c.statcounter.com/5351497/0/2e1fd01d/1/"
alt="joomla analytics" />

The reason behind this is that Google uses a Bot called GoogleBot and most of websites which force users to register or even pay in order to search and use their content, leave a backdoor open for the GoogleBot because a prominent presence in Google searches is known to generate sales leads, site hits and exposure. Examples of such sites are Expert-Exchange, Windows Magazine, .Net Magazine, Nature, and many other sites around the globe.

What if you could disguise as GoogleBot then you can also see what GoogleBot can.

How to Disguise as GoogleBot?

It is Quite simple. You just need to change your browser’s User Agent. To change your Browser’s User Agent follow the steps given below:

• Copy the following code segment into a notepad file and save it as Useragent.reg or you may also download it.
  

  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
  @=”Googlebot/2.1″
  “Compatible”=”+http://www.googlebot.com/bot.html”

• Now Double-Click on the file Useragent.reg to merge the registry file into your Windows Registry.
• Now Restart your computer. This is required to apply the changes made into the Registry.
• Voila! You’re done! Now you have become GoogleBot.

How Revert back to Normal Agent?

• For IE users : To restore the IE User Agent, Follow the Given Steps Below:
  • Copy the following code segment into a notepad file and save it as Normalagent.reg or you may also download it:
    

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
    @=”Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”

  • Now Double-Click on the file Normalagent.reg to merge the registry file into your Windows Registry.
  • Now Restart your computer. This is required to apply the changes made into the Registry.
• For Opera Users : Opera allows on-the-fly for switching of User Agents through its “Browser Identification” function.
• For Firefox users : Just download User Agent Switcher extension for Firefox.
  • Now Goto Tools -> User Agent Switcher -> Options -> Options.
  • Click “User Agents”
  • Click ” Add” and fill the following information  in the form
    • Description: Googlebot
    • User Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    • App Name: Googlebot
    • App Version: 5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    • Platform: +http://www.google.com/bot.html
    • Vendor:
    • Vendor Sub:
  • Click “OK”.
  • Now you may change the user agent on the fly.

In my previous article “How To Write A Basic Keylogger In VB” I showed you how to write your own keylogger. Today I will show you how to install a Keylogger on a Remote PC without the knowledge of the owner and you will get all the keystroke information through Email.

Note: This article is for educational purpose only and the author won’t be responsible for any kind of damage caused by following the information given in this article.

Now to install a Keylogger on a Remote Computer you have to follow the steps given below:

1. First of all download Winspy keylogger software from link given below:
   

   http://www.win-spy.com/

2. After downloading this software, run the .exe. You will be asked to register yourself where you will be asked to enter a Userid and Password. Remember this password as it will be required in uninstalling the software.
3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.
4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.
5. Now, Winspy’s main screen will be displayed as shown in image below:
6. Select Remote at top, then Remote install.
7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.
   

   User – type in the victim’s name
   File name – Name the file to be sent. Use the name such that victim will love to accept it.
   File icon – Keep it the same
   Picture – select the picture you want to apply to the keylogger.
   Email keylog to – Enter your Email address. Hotmail and Yahoo doesnot accept Keylog Files so enter other email address.
   Thats it. This much is enough. If you want, can change other settings also.

8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Myspace account password.

So guys, I hope you have got the trick on how to hack any email account passwords from this article. If you have any comment or views about article, feel free to mention it in comments section.

Myth 1 – I don’t keep important things on my PC, so I don’t have to worry about security. Your PC can be infected over internet

Long time ago,this was partially true… but the hybrid worms and viruses of today like Blaster, hidrag and others blindly spread across internet to thousands or millions of PCs in a matter of hours, without regard for who owns them, what is  stored there, or the value of the information they hold for the sole purpose of wreaking havoc. Even if your computer is not attacked directly, it can be used as a zombie to launch a denial-of-service or other attack on a network or to send spam or pornography to other PCs without being traced. Therefore, your civic responsibility is to protect your PC so that others are protected.

Myth 2 – I can protect my PC if I disconnect from the Internet or turn it off when I’m not using it.

Wrong. You are a target, If you connect to the Internet at all. You could download a virus when you connect to internet and it may not be activated immediately, not until you read your email offline days after. Viruses nowadays spread wildly through USB/Pen drives, pirated cd’s or torrents or file from networks. But now you can protect your business from internet threats with the top web security software

Myth 3 – I can protect myself from viruses by not opening suspicious e-mail attachments. Some viruses simply get activated by reading or previewing an e-mail

Wrong again. The next virus you get may come from your best friend’s or boss’ computer if his e-mail address book was compromised for simulating an attack. Hybrid worms can enter through the Web browser through loopholes and it is possible to activate some viruses simply by reading or previewing an e-mail. You simply must have a PC-based antivirus package or a firewall.

Myth 4 – I have a Macintosh (or a Linux-based system), not a Windows system, so I don’t have to worry about being attacked.

It is true that most attacks target Microsoft Windows–based PCs, but there have been attacks against Mac OS and Linux systems as well. Some experts have predicted that the Mac virus problem will get worse, because Mac OS X uses a version of Unix. And although these systems have some useful security features, they can still be attacked.

Myth 5 – My system came with an Anti-virus package, so I’m protected.

Not quite. Firstly, if you haven’t activated your antivirus to scan incoming web traffic automatically, you don’t have a good Anti-virus and malware protection software. Secondly, new threats appear daily, so an antivirus package is only as good as its last update so its a must to activate the auto-update features to keep your guard up against the latest  threats. Thirdly, an antivirus package can’t protect you from every threat. Malwares, spywares are running in the wild out there and every now and then malicious code penetrate weak systems. You need a combination of solutions, including, at minimum, antivirus, a personal firewall ,an anti spyware/malware package and a plan for keeping your operating system and software up to date with security patches.

Using these programs any noob can remotely access your computer without any Authentication and do whatever he wants. I will tell you some of the features rest of them you need to try it and find out. These Programs :

• Work as a key logger.
• Send any Information from Victim’s PC to the Hacker’s PC.
• Run any program on the Victims PC.
• Display any Violating Image on victim’s Screen.
• Open the CD Drive of the Victim’s PC.
• Open any Web page on the Victims Screen.
• Disable any Specific Key or whole Keyboard.
• Shutdown Victim’s PC.
• Start a Song on the Victim’s PC.etc.etc…………..

Back Orifice / Back Orifice 2000

Back Orifice is one of the most common backdoor programs, and one of the most deadly. The name may seem like a joke, but sure, the threat is real. Back Orifice was established in Cult of the Dead Cow group. Back Orifice is an Open Source Program. The main Threat of this software is that by making some changes in the code anybody can make it undetectable to the Anti virus Program running on the Victim’s computer. Apart from the strange title, the program usually gets port 31337, the reference to “Lit” phenomenon is popular among hackers.

Back Orifice uses a client-server model, while the server and client is the victim attacker. What makes Back Orifice so dangerous that it can install and operate silently. There is not required interaction with the user in, meaning you could its on your computer right now, and do not know.

Companies such as Symantec have taken steps to protect computers against programs that they consider dangerous. But even more attacks using Back Orifice 2000. This is due partly to the fact that it is still evolving, as open source. As stated in the documentation the goal is ultimately the presence of the Back Orifice 2000 unknown even to those who installed it.

Back Orifice 2000, developed for Windows 95, Windows 98, Windows NT, Windows 2000 and Windows XP.

Where can I download Back orifice 2000?

Back Orifice 2000 can be downloaded at the following address: http://sourceforge.net/projects/bo2k/

I infected! How do I remove it?

Removing Back Orifice 2000 may require that you change the registry settings. To remove it at 7 simple steps, refer to the diagram below.

How do I delete Back orifice 2000

1. Click Start> Run, and type “Regedit”(without the quotes)
2. Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices “
3. Now looking in the right box: “The umgr32 = ‘c: \ windows \ system \ umgr32.exe”
4. Right-click on this entry and click Remove. Now restart your computer.
5. After restarting only open Windows Explorer. Make sure you can see all registered extensions. To do so, select “View Options and configure the appropriate settings.
6. Go to the WINDOWS \ SYSTEM directory, and find “umgr32.exe” file. Once you find it, delete it.
7. Exit Windows Explorer and reboot again.

NetBus / Netbus 2.0 Pro

NetBus was established around the same time that the Back Orifice was in the late 1990′s. NetBus was originally designed as a program prank friends and family, of course anything too malicious. However, the program was released in 1998, and is widely used as a backdoor to manage computer.

Like the Back Orifice, NetBus allows attackers to do virtually everything in the computer victim. It also works well under Windows 9x systems, as well as Windows XP. Unlike Back Orifice, the latest version of NetBus regarded shareware is not free. NetBus is also implementing less stealthy operations, as a direct result of criticism and complaints of abusive use.

Where can I buy and download NetBus?

NetBus can be purchased and downloaded at the following address: http://www.netbus.org/

Ok, I am infected. Now what?

Fortunately, the latest version of NetBus is a valid program. It can be removed just like any other program. Previous issuance NetBus is a bit more tricky, however. If you are not lucky enough attacked with the latest version, the withdrawal process and in the Back Orifice.

How do I remove NetBus?

1. Click Start> Run, and type “Regedit ‘(without the quotes)
2. Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices “
3. Now, in the right box, looking as follows: “[Name_of_Server].”Exe Of course, you have to find the actual name of this file EXE-. Usually This” Patch.exe ‘or’ SysEdit.exe “, but may vary.
4. Reboot and remove all traces of the actual program, which can be left. Additionally, you can set yourself NetBus, and then use its own function disposal.

SubSeven / Sub7

SubSeven or Sub7, has been established for the same purpose was to NetBus pranks. Sub7 actually has more support for pranks, and has more advanced users. Sub7 also widely used by the script kiddies, although that many firewalls and anti-virus software before initialization.

Since Sub7 not supported for several years, the threat is usually very low. Most security programs will not have any problem in ending Sub7 before it has a chance to be started. This shows that the importance to the modernization and security programs is critical, because the money was still there.

Nevertheless, it is widely used by those who have physical access to your firewall, or security programs. If access rights, the tool will work without restrictions.

Where can I buy and download Sub7?

Sub7 not supported more, and hence is not available for download on any legitimate websites. If you were to make a Google search, you would find links to download Sub7. However, this is not the official site, and should be considered dubious and dangerous.

Sounds harmless, How do I remove it?

1. End of the following processes through the curator: “editserver.exe, subseven.exe”
2. Delete the following files: “editserver.exe, subseven.exe, tutorial.txt.”

Why these programs is absolutely legitimate?

All the basis behind these programs is that they are designed to help people, not harm. While some like NetBus really were originally created for pranks, they switched routes to avoid legal problems.

These programs claim to be the legitimate remote desktop program, although they certainly easily used for malicious use. These programs really should be used to aid or customer support departments. Why all adolescents is to copy these programs goes beyond us, but leave the content of their networks, while computer is a good idea.

The advent of new technology has made these programs in some respects less effective. However, programs such as Back Orifice 2000, yet still evolving, so do not be surprised to learn that he works in the background, waiting for instructions. Since the best defense is a good offense, be sure to save a sharp eye on what is installed on the network computers. After all, an ounce of prevention is worth a pound of cure.