welcome to Blackhat hacking video series I will introduce you myself later on But let's first focus on what this series is all about and how it's going to be different from a normal hacking course Now you might have been heard about the ethical hacking term in your country or on the internet Ethical word means legality with rules and regulations means everything would be covered legal in that course Whereas black hat hacking course is a unethical course in which legal and illegal all type of topics can be covered like credit card attacks email attacks etc So nowadays nobody wants a legal ethical hacking course because you cannot make any money out of it Everybody wants a black hat hacking course where the real fun and power relies on as it's illegal That's why no one have ever dared to make this type of course till now So this course is going to be the first real black hat hacking series in the world So here is the syllabus in which every money hacking technique would be unveiled Now as being a trainer I have taught thousands of people worldwide but mainly people from Nigeria Ghana from Africa mainly are on the top who were requesting for black hat hacking courses because they do not have any jobs power resources Today in this world everything is for money Every hack is for money So now the question is what is actually required to make money two things I would say one is skills and second is smart work skill set is what I will give you in this course smart work is what you have to do I'll give you one example in Nigeria the people are very smart there they don't tell their even family their best friends about what they do and how they are making the money everyone will see them making money buying cars buying properties but no one actually knows what they are actually doing in the real life I was having a student named as David from Lagos Nigeria whom I taught almost one year back who is also making a very good money there Now David is a very good example of being smart What David used to do is he bought an apartment on rent there in Nigeria where he and his brother were going daily where they were having a setup of internet routers laptops hard drives and other stuff to perform hacking operations and scamming people Then in evening they return back to house and enjoy their normal life as an honest man and nobody suspects even that what they're doing daily So that's what I mean about being smart So as you know the technology always needs a change Every month new techniques are coming up So what I'll do is I'll keep on updating this series every month in which I'll try to add two videos minimum in this series every month on whatever new techniques coming up So what you just have to do is just take one time subscription of this course and keep on learning your whole life In subscription you'll get three things videos tools and the trainer support at certain points you require So next is the requirements So what about the requirements for this course you just require three things The one is good configuration laptop a stable internet connection and some little money in your pocket so that we can buy some SMTPs or VPN connections over the internet Some few dollars $10 $20 That's it So just get a notebook and a pen ready on your table and be ready to rock And if you want more hacky feeling while learning you can also hook up a beer bottle on your table too So just drink and hack So I will see you in the next video Happy hacking Bye-bye So welcome to Black Hat hacking series So in this video we'll work on how to prepare our own labs for the practicals So in this video we'll be learning about the virtualization Virtualization is a technique through which we can install multiple operating systems in one computer For example I am running Windows 7 on my main computer and in that if I have to do the practicals like if I want to hack from one computer to another computer I will be needing multiple laptops for that right So maybe I'll be requiring two or three laptops to learn hacking to do the performing the practicals But what we can do is we can have a good configuration laptop and in between which we can install a software named as VMware workstation VMware workstation acts like a virtual computer It's just a software but acts like a real computer in between the VMware we can run multiple operating systems at one time or maybe for example if you have Windows 10 in your main computer you can use VMware and in between VMware you can put Windows 7 Windows 8 Windows XP Kali Linux anything you will be able to install in between the VMware and they all would be running simultaneously at one time So the use of that the VMware is that you'll be actually utilizing your resources rather than buying or investing in different multiple laptops You're just utilizing one laptop into its full performance So you're using one power of one computer to run multiple operating systems or multiple computers for you so that you can do the practicals in them There is also one more benefit of running virtual computers is or VMware is that whatever practicals you would do in between them like we will be doing harmful practicals in between them of viruses Trojans WS So they will not affect your main computer So your main computer will remain clean and you can do all your practicals in between the VMware and you can learn as well and you do not need to buy separate laptops as well So what you just have to do is you just need to go to your downloads link which is provided by us where you will see the VMware workstation You need to just it's approximately to 500 mgabyte You just need to double click next next and install That's it And once you install it will open like this way VMware workstation you have to go to help enter registration key and you can here you will get a key as well you can copy it's VMware workstation key and you can paste here that's it then it will become a full version now we have to go to create new virtual machine custom VMware 14 next Here we will choose I will install operating system later Next Which one you want to install microsoft Windows What windows 10 8 7 Anything we can install in the VMware So we will choose Windows 7 64-bit and we can remain its name like this way or we can call it Windows 7 attacker Same way we will also make one more Windows 7 victim I go next remain it on default BIOS Here you can give uh cores depending upon your laptop Like if you have a i7 laptop it must be having four cores If you have i3 or i5 it it would just be having two cores So I will I will for myself I have i7 So I'll give four cores Next I think 2 GB RAM is enough for Windows 7 So minimum you must be requiring 8 GB RAM in your computer I have 16 GB RAM in this computer which I have So I can give 22GB to multiple computers and I can run maybe you know four five computers simultaneously So as much RAM you have as much more machines you'll be able to run simultaneously Next by default so that when the virtual computer would also be share your internet recommended Next Next Next What is the maximum amount of hard drive you want to assign for your virtual computer 60gb Enough Single file Next And finish So now from where you want to install it you will also get Windows 7 ISO image in the downloads which we have provided to you So this is the image or a DVD or a CD through which we will be installing Windows 7 So we just have to click on the CD DVD from where you want to install I go to use ISO image and uh here I will give the path in the VMware I have Windows 7 image and I'll do okay and we will power on So if you see Windows 7 started installing in between the VMware like this way we have to create one more same way we have to install one more Windows 7 as well So one would be your attacker and one would be your victim from the attacker we will initiate the attacks and to the victim we will hack So one is your main computer second is this one and third one more we will create So you will be having a lab of three computers but we will not use our main computer in the practicals As I said the practicals which we will perform inside the VMware they will not affect your main computer so that your main computer would remain clean So just do next install now I accept next custom and the next now it will automatically install Windows 7 It will take maybe 10 15 minutes and uh it would finish with the same way So I have a very powerful computer so I can install the second one as well simultaneously Same way Custom Next Next Next Uh Windows 7 maybe victim Next Next Okay I give four cores 2 GB RAM Enough I have 16 So I can give two more 60 GB same to this one as well and finish to the victim as well I'll give uh same image from where I want to install Okay And power on So this one as well started installing So this one is already installing 51st% and second one is as well installing So as much powerful your computer is as much more operating systems you'll be able to run We can also install Windows 10 Windows 8 anything which you want to install you can just install them in the VMware Doesn't matter what is your main operating systems and you can run as much you want Keep in mind that all the hacking based softwares which we will be using in between our course they are sometimes already infected So I have seen most of my students till today who are you know in the domain of hacking and stealing and in the blackhead stuff they never use VMware I have seen like they always keep on using all these practicals in their main computer So so they do not even know that their main computer is already been hacked by someone else They are hacking you know someone else and their computer is already hacked by someone else as well I always say them that please use or make a habit of using a VMware in case of using your main computer for the practicals Always do anything related to hacking from the virtual machines Sorry the first one is already installed even Okay completing installation and the second one is also installing First one is ready Here we can give it a name attacker Next password we can give like 1 2 3 Skip ask Always choose ask me later else your windows will keep on you know updating from the internet and keep on taking your internet bandwidth Here you can choose any time zone depending your country Next can use home network So there are two things basically which you always have to do First is to install VMware tools One of them is install VMware tools It automatically mounts in your C drive You have to you know automatically comes here You have to double click and it installs What's the use of VMware tools is like there will be lot of files lot of tools which will be there in your main computer which you want to copy inside the VMware You cannot do copy paste from your main computer to the VMware is unless you install VMware tools So they are very important so that the compatibility would be there in your main computer and the virtual machine So same thing we will also do with the victim computer as well All the steps it would also be just next next and it will take a restart and that's it After it takes a restart the VMware tools gets installed The second thing is what we will do we'll grab a snapshot It's a very nice feature of the VMware is that you could save the state of your Windows 7 When it's fresh we can save its state So that once you do the practicals of viruses Trojans and you keep your you make your uh uh machine corrupted the VMware machine corrupted you can you know just revert back to the snapshot and it will again become fresh like a factory reset You just need to click take snapshot and then later on you can revert to snapshot If you have took any snapshot you can revert to that stage when your Windows 7 was fresh So we do not need to install these again again again once you make them corrupted So let's first install the VMware tools and then later on you have to take a snapshot and same steps with the victim computer as well So the first VMware tools are finished Restart Yes It will take a restart And our lab is ready almost here as well We do the same steps on the victim So I'll not repeat them back as you have seen all the steps So two things as I said which you have to do is the one is installing the VMware tools Second is you can take the snapshot so that you can save your state so that in the future you can revert it back And the third thing is you have to link your black hat tools which are provided by us So you have to if you can see I have also copied my blackhat tools as well here which is provided by us So how you can link it you can right click over it go to settings go to CD DVD and here you can choose blackhat toolkit and okay and you can go to my computer and here you will get all your tools You can first install VR as well in your computer so that you can extract all these tools as well So all these tools we will be learning throughout our course which you can access like this way by linking a ISO directly in the CDDVD option Rest you have also the power that you can uh right click go to screen resolution You can also uh increase or decrease the screen resolution depending upon you as you feel okay So same steps will perform with the victim computer as well and your labs are ready Now if you see I can drag and drop the files or copy and paste the files from my main computer to VMware as well because of we installed the VMware tools So same steps with attacker same with the victim and your lab is finally ready We just require two windows 7 for this course Rest there are also more highlevel courses which will be going after this black hat series There we will also be requiring Kali Linux which we can also install same way by just going through a new virtual machine next and here I can choose Linux and then the Kali Linux So you can run as much machines depending upon your computer power So I hope you like the video and thank you for watching So welcome to black hat hacking series So in this video we'll discuss about carding and all its techniques available to us Now first of all what is guarding carding is actually related to credit cards and credit card is actually the thing with which everyone gets water in their mouth whenever they hear the term credit cards So that's what actually you'll be gaining in this video and through the topic of carding Now there are two methods to get somebody's credit card or whether you hack on your own or whether you buy them There are a lot of websites over the internet where you can buy you know millions of cards are on for sale You can just pay $10 $8 $7 depending upon website to website and you can purchase any person's credit card there and most of the credit cards are available of US and UK based countries So from where they get them actually they hack the websites the transaction based websites where people are make any purchases like Amazon like for example not Amazon but for example Amazon people you know a lot of us people make purchases there they put their credit card numbers there so there could be a lot of websites where people are purchasing the sweets uh shoes or etc So they're just hacking into one website and they you know and most of the websites save the customer credit cards as well in their database Uh so they hack into the website they get all the credit cards and that just they put it on the sale So and you just pay it on $10 and you're able to buy a credit card So what are the websites from where you can get them there are a lot of websites but I have just written down the popular ones If you can see the pace.org CV.me by me carter07cashew.com So these are the sites where you can buy the credit cards I have uh this document as well where I have uh you know written down a lot of other websites as well where we'll be buying the stuff in the future in this course and which is very useful for the black hat hacking as well like the SSN numbers So mostly some of the credit cards which you'll buy and when you'll make purchases from there maybe somewhere you'll be requiring you know uh the the SSN number of the person So you can you know go on any of these websites where you can buy that specific person's SSN number as well which is a social security number Uh every US citizen have a SSN number assigned to them So you can buy these and you can uh you'll have every information of the person It would be easier for you to use that card You can also buy the personal information of any US citizen from this website basically and you uh any person's credit card you are buying you can get his you know birth date you can get his exact address where he's living all from here as well in $2 or $3 you just pay there so these are the applications which you can use for get the US numbers I'll tell you why you need the US number later on and if you need more stuff uh hackers stuff basically like RDPs uh mailers SMTPs lot of other you know background stuff So which you can also buy from these type of websites basically But I'll tell you what to buy there and what not to buy there because not every website is is a is a original or very good to to serve you back So they are the catfishing websites We'll also discuss about them in the catfishing u video This is the websites where you can buy the the business emails so that you'll be able to target business people So let's be targeted on the cards websites So the carding websites So let me go to this carder 007 first for which I have account You can simply create account on any of them and let me log in there 869 So once you log in you can see there are 37,000 cards available to buy You can just click on the cards go down and uh if you can see the first name is Michelle Semi Mark Lisa and all of them are from the United States country So their SSN is not available with the card Their date of birth is not available with the card So as I shown you from where you can buy and the personal information as well from where you can buy because some of the websites there in the US that may ask for extra information as well So your card will not work there but not every website will ask for this extra information It's possible that there would be 50% websites which will not ask for SSN or date of birth So there you'll be able to only use the card So card number it's not showing you the full number because uh you have to pay for the card and the fees like some for some cards it's $7 some cards it's $8 different different And what's the bank name it's Chase Bank And when when it's expiring in the 9th month 2018 and uh this is the city or the location of the person and the country So you can also make the filters as well that uh what you want and which zip with SSN like or with date of birth as well any cards So there is no card with the uh SSN or date of birth So not a problem So what you can do is first of all you have to add the money like it's showing you that your balance is $0 Mostly every uh this type of uh black hat websites or illegal website they'll always accept the money in the bitcoins which I'll also discuss about more into that that bitcoins are basically untraceable so that whenever you'll also be uh buying some things or when you'll also be receiving money from somebody always prefer bitcoins because you'll not be able to you know trace back in that Uh so what uh now we can do is you just have to click on the balance and from which you can add the money like bitcoin and this is the address they are showing you on which you have to pay So as much you will pay $10 $20 $30 $50 it would be added in your balance and then you'll be able to buy the cards And once you buy the cards they'll show you in the dumps or in the support So I'll show you when you buy the card how it will look like like this one like it's we already bought a card for you So this would be the card number This is the the date expiry This is the CVV number the name of the person and the address United States and I think the phone number So that's the information and this is unused card basically Now you can go to any website and I'll be on that part that how we can use that card as well Now I just shown you the websites the the popular carding websites There are hundred of carding websites basically So but I just shown you the couple of them which I have I know the names I shown you first the card websites Then I shown you how you can buy the cards by adding some of the bitcoins It's also safe for them to to to take the money and it's also safer for you to pay in the bitcoins as well So it's it's safer for both of you So always keep in your mind that bitcoins are more safe rather than if you pay somewhere with your credit card or with your bank where you'll always leave your trace back So you got the the carding websites I shown you how you can you know buy the cards Now the point is how you can make use of them Now first of all what you can do is maybe you can also check the balance of the card that maybe the the card which you have bought in $5 $10 that how much balance it's having that maybe for example there is a card which is having a limit of $10,000 which is assigned to someone and the person have already made a purchase of $8,000 from that Now it's only $2,000 left in that So and if you'll try to purchase something of $3,000 and it will fail So it's also good that if you have some type of availability to check the balance we should first check the balance of it Now how you can check the balance what you just have to do is you can Google it like Chase Bank uh balance check number balance inquiry uh number and uh you'll see somewhere the numbers where you can call and you'll just see a computer program speaking with you like press one for this option press two for this option press three for the balance check So like you press three and uh it will say that please enter your SSN number or please enter your uh credit card number for that perspective If you'll be checking the balance keep it in mind that 90% it would be asking for the SSN number So if you want to check the balance first before you buy you can also buy you can also make a purchase with with any guess amount as well So maybe the card would be having that amount you'll be the purchase would get work or if the card would not be having that amount purchase would not work But if you want to check the balance first it it may ask for the assistant number So you just type from your phone the assistant number of the person the credit card number and the computer program will just tell you that welcome to Chase Bank So the balance is $9,935 Thank you So like this way you could also check the balance then you can make the purchase Now the fourth thing the first thing the the card gu card carding websites second thing is how you buy the cards Third thing is how you check the balance Now the fourth thing is how you make steel out of the card Now there are two methods to do that One is like there's a website Paxful where there are lot of bitcoin sellers and buyers So there are people where you can pay with the PayPal and they'll give you bitcoins There are people to whom you can pay through Western Union and they'll give you the bitcoins There are also people to whom you can pay from a credit card and they'll give you the bitcoins and bitcoins are totally undetectable So from where you have caught it bought it like the person cannot come back to you even if you paid him the fraud marry But it's little tough nowadays here on the paxful because as it's written there instant ID also required So most of the people maybe also uh you know ask you that the credit card which you're going to use like of Amanda Wilson that you also have to show the ID of this person which you not be having So possibly may this service you'll not be able to use to convert it into the bitcoins So second thing is a little longer way but works which a lot of my students I also seen they're doing it like there are a lot of Nigerians and they have friends there in the US I'll also tell you like they sometimes they also go to you know uh catfishing websites the fish the dating websites where you know they date with women and and they convince them that to do some work for them or you have maybe you'll be having some friends as well uh to whom you can convince that you'll be you know sending some order like you can buy uh 10 iPhones from the iPhone Apple website and you can just you know just ship to to some woman which you was dating online or something or you have some friend there in the US you just ship 10 iPhones to him and you buy in the US because these the US-based cards or UK based card they'll just be used within the US or within the UK better if you'll try to use the cards in the you know Nigerian websites or in the Ghana websites they'll not be working so they'll be uh you know very flexibly working in their own country mainly so just make a purchase online on the apple.com by using a US IP through a US-based VPN so that the website will also see that you are making a purchase from the US and you're using a US card only then the purchase would go successful there one of some of your friend or the woman would be you know receiving that uh iPhones or the laptops whatever and then they'll ship back to you in Nigeria or somewhere wherever you are existing in that country and then you can you know just sell that products on some cheaper price and you get the money back so it's little bit longer way but it works Or maybe you do not know anyone in the US or in the UK who could receive the things for you You can also go to Aramax which is a Korea website shipping you know uh very big shipping company who offers a service like a create a drop and ship account like uh you can create an account on their website and they'll give you a permanent address in the US on which you can whatever you ship there uh like they'll give you a permanent address you can uh you can buy the iPhones and you can ship to that address and whatever comes to that address they'll ship back to you in Nigeria for free obviously you just need to pay the the shipping fee as well But that that they'll receive for you for free but they'll ship you and they'll just take the charge for that shipping only So that's the part in the carding that how you basically buy the credit cards who are already hacked by someone else and you can just make a use of them Or the third thing as well you can do is you can make you can buy a online service maybe you can you know buy go to godaddy.com or you can go to some uh you can buy some antivirus license the point is or you can buy some hosting some VPS some RDPs the point is that you're not buying something physical product or you're not converting into money you're buying some digital service so which is always so you can go to some any US site and you can just buy it so digital services are you know are given to you immediately because they are do not have to ship something back to you So this is the things I shown you in the carding that how you can buy the already hacked cards So in the later on in the series we'll go with the malware section where I'll show you how you can hack your own cards as well and especially in the bank login as well So where you'll be getting the bank login there you'll be able to transfer directly the money as well which is not the case in the credit cards So I hope you like the video So I'll not make this video more longer to make you bored and thank you for watching So welcome to black hat video series So in this video we'll discuss about the malware So what are the malaws malaws are the malicious programs which affect our computer which harm our computer Simple Maybe you have heard lot of times people saying that uh my computer is not running well It's running slow and uh my computer got a virus and that's it That's what they say They do not know that virus is just one of the malares listed in our in our section But they always complain that my computer is running slow It means it got a virus No it's not always the case There are lot of types of malares as it's displayed on our screen and our computer can be infected from any of them Now we'll discuss like what are their functions how they are different from each other All these are types of malware So malware is just a category and these are the different types of malares So first one is the virus and virus stands for vital information resource under seas If I write it down now what's the job of a virus is like if someone is designing a virus or developing a virus what it could do when you send it to someone's computer is maybe it could delete their files maybe it could slow down their computer maybe it can uh infect their computer maybe it could keep on restarting their computer Point is that it will just give a damage to their computer nothing else The point is hacker will not gain anything by damaging someone's computer That's the thing which people understood very soon That's why viruses were more popular till in the '90s or till 2002 2004 5 maximum and after that now it's rare that you'll see a virus nowadays Why so because nobody's able to gain something by destroying someone's computer So that's why the Trojan comes into the picture Now what is a Trojan is there are a lot of names First of all you'll you can maybe see Trojan horse rat a back door So whenever you scan your computer from anti-wires and it catch something just go into the details and check that what type of malware it caught Not always the wires So there will be high possibility that your antivirus would be saying that a Trojan horse is caught That's what is more common nowadays Now what's the role of a Trojan is what Trojan do like if I have created a Trojan and I've sent it to someone else and if the person double clicks on the file what will happen is I'll gain the full computer control of the person So whatever he will do maybe uh he's doing something he's watching something on his screen I'll be able to see what he's doing on his screen I'll be able to download his files delete his files start the processes close the processes I can capture his microphone whatever he's speaking on Skype with someone I can um also record his keystrokes that whatever he typed from his keyboard I'll be able to see that on my computer maybe he's going to Gmail typing his password maybe he's going to a bank website type internet banking login details Maybe he's going to some shopping website where he's typing his credit card number So whatever he type you'll get it simple So that's all you can do very easily through a Trojan horse That's why these are the most common and the most preferable program by the hackers Now the second most preferable is the ransom wares Now what a ransom ransomware is also built with the same way You just have to create it from a software and send it to someone else But its working is different So when someone will double click on your ransomware which you have designed and send it to someone it will just lock down all the files all their personal files in their computer Now it commonly affects business people more Why so because uh their files are more important than money So they have lot of you know uh important business documents pictures personal pictures etc which are more important to them which they do not want to lose and it just displays a picture on their desktop that if you want to retrieve your files back you have to pay that much money in this account So till the point you do not pay the money it cannot retrieve back Now you might be thinking that is there any way to retrieve our files back or is there any way the victim would be retrieve will be able to retrieve their files without paying us The answer is no He cannot retrieve it back uh he have only two choices basically whether he have to format his computer clean it means in that case even he'll lose his files or he have to pay the hacker only then he'll be able to retrieve the files back Now the fourth one are the adwares Now adares are uh something for the advertisement purposes they are built like whenever we install some softwares that software is also installed some more free softwares in our computer like some toolbarss etc uh so which keep on uh you know displaying us advertisements keep on giving us the pop-ups and forceful advertisements which we cannot even stop we cannot even uninstall we we put a lot of you know pop-up blockers in our chrome etc but still they doesn't work like that way because our computer gets infected from adware which is designed for a forceful advertisements to peak up the sales so they're not u much uh you know harmful for our computer basically because their main role is advertisements The fifth one is the WMS Worms are primarily built for congestion The main job is congestion in the network Now it doesn't affect one computer If worm infected one computer it will not just remain on one computer all other computers like if there there is a company in which one computer got infected from a worm and there it's a network of 300 computers in that building it will slow down the network of all the 300 computers the internet would go very slow on all the 300 because it will just create the congestion in the network that's the role of the worm is but if you notice viruses adares worms they are not primarily for the money making for the money perspective according to me only Trojans and the ransom wares as the primary key and that's what we will be doing after this video So we'll be practicing how we can create the Trojans how we can um uh go for antivirus evision so that antivirus would not be able to catch it uh how we designed the ransom wares as well as all your questions would also be cleared in the specific videos of the Trojans and the ransomwarees when we go into the more details and uh now one thing more I would say how antivirus catch all these malares from the in the form of signatures when you update your antivirus it just you know downloads some signatures which are the hack values of the or the hash values of the of the of the males basically through which it's able to catch it And now one thing more if you if you notice that still you call the products as antivirus Even the antivirus companies call it antivirus but they catch every type of malware Actual their actual name should be anti-malware not antivirus because it it it doesn't only catch the virus it catch every malware But why they still call it antiviruses because of the layman people If they call their product as anti-malware nobody will buy it If some they'll call it antivirus everyone will buy it because that's what I was said that people are only aware with the viruses So they and and antiviruses That's it That's the only two terms they know But we have to skip the viruses They are no more required We have to skip the hardways and the worms because they are not uh related to our money making part So the next video let's continue about the Trojans and the ransomwarees So thank you for watching Bye-bye So welcome to Black Hat video series So in this video we'll start about the practicals of the Trojans So if you can see on our desktop we have a Trojan horse named as Ramos Let me extract it Password 1 2 3 All the tools Trojans which you require for the training would be provided to you along with uh this video series So we go to the folder and what the file is RAMOS loader So you have to start this loader file first and click on the launch button Allow access I accept and the RAM cost is open Now let me check that uh it's on the victim machine is on the bridge Let me also make it on the not So first of all we will be trying the practical in our controlled lab in the VMware environment Later on I'll also show you how to do this practical over the internet as well through the VPS So first of all let's check our IP address here on the attacker machine and uh we disable our firewall so that the victims could come smoothly to us Our IP address is 47.132 So what we'll do is we'll first go to the local settings We add any random value like uh maybe5 not any password and we add it So now if you see we are listening on port number 55 So what is a port number i hope you'll be knowing it Port is a basically a window or a channel for every application on which it can listen Like I have Firefox it would it would be listening on some another port Internet Explorer would be listening on another port Skype would be listening on other port So everyone every application will be listening on some specific port So we have assigned like5 for the RAM cost So any victim who will coming to this computer on 55 it means the victim is coming for the RAM cost and RAM cost will catch him That's why we just opened a random port Then we go to builder We go to connection And here we have to type our IP address 192.16847.132 and the same port we have to give 55 no password and we add it So this is a socket IP address plus port number to this specific socket A victim will come back to us installation We have to click on install the remote client Why it's important else if the victim will restart his computer you will lose him if you'll not take mark this option It will give you the permanent session forever on the victim computer till the point he'll not format his computer Strength will make it invisible so that no pop-ups nothing would open in the front of the victim key logger We can also enable the offline key logger as well Surveillance no required build And we build the file with the name of uh maybe update.exe on the desktop So we can minimize close So this is the file So this is the file which we have to send it to our victim computer Let's copy it And we paste it here And uh if I double click on this file you will see one victim came Now please remember that this practical which we are doing is for the local land local land meals in your local computer network like maybe in your house into a coffee shop like on a particular area not on the internet For the internet perspective I'll show the same practical with a different way through a public IP address Now we have just the private IPs assigned in the VMware So this practical is just for the local LAN perspective just to understand how the Trojans and the RAM costs work So I will right click on the victim So the first option we have is of the screen capture If you click on screen capture you'll be able to see the victim's screen live and uh whatever that whatever the victim is doing on his screen whatever he's watching and even you can control as well Like if I'll double click on my computer the my computer is open on the victim Let's verify on the victim computer Yes we can see the my computer is open there as well We can close it Let's go back to attacker So let's close here even Now we if we again right click you'll see there are actually hundreds of options there in the Ram cause You can uh we have a feature of key logger like in which you'll be able to record the key strokes of the victim like we go to online key logger we click start and that's it Now whatever victim will type on his computer maybe the banking login maybe the Gmail passwords maybe the credit card numbers everything would be seen here like we'll go to victim computer we'll open the Firefox I go to maybe like gmail.com click sign in I type Okay John6 at the rate for example gmail.com password could be like 1 2 3 4 5 6 7 enter and uh now if we go to attacker you can see that the victim first typed the gmail.com then he typed the john6 at thegmail.com and then that was the password he typed So whatever he'll type more in the future maybe he'll be chatting with someone maybe he'll be doing some business transaction or he'll be doing some business chat everything you'll be able to read here so key logger is actually I think the best option in the RAM course through which you'll be able to grasp your perfect things like credit cards and the bank login so I stop it and let's close so we can right click again we have a option of u webcam capture You'll be able to see the webcam of the victim Microphone capture you'll be able to capture whatever he's speaking on Skype or something with someone We also have a file manager option If we click on that you can rightclick and download any of his files from any of his drives And even we can upload any file as well Like in the C drive he have a viewers folder I go there and uh for example I'll make a notepad file here with a name of ABC I write something demo save I can right click and I can upload file and where on my desktop I have ABC and ABC.txt txt is uploaded in his computer Now let's go and verify on the victim C drive viewers and you will see the ABC is uploaded there So that's it We also have a process manager where we can uh see what are the processes running and the RAM cause its own process is shown in the red that this is running as well And uh like for example I open the Firefox which is also be shown here We refresh Firefox is shown here And I can right click on any process and I can terminate as well If I terminate if you see Firefox is closed from the victim and victim will amaze that wow what's happening why I'm opening some programs it's automatically closing so he'll not know that somebody else is also controlling in the background there is also one very nice feature in the RAM cost known as password recovery for example what it's used for is maybe the victim have already saved passwords on some websites like I go to facebook.com and he have already a saved password with a John ID and a password Now if he have already a saved password he'll not be typing it again And if he will not type again you will not be able to catch it in the key logger Like if you right click and then there is a key logger option you'll not be able to catch your victim here because he'll not be typing the username and password again The key logger only shows you the keystrokes whatever it's being typed And here if you see the username and password is already saved and filled So what we have to just do is we right click and there is option of password recovery And if you do so it shows you that there is a facebook.com username and password saved This is the username This is the password So that's a very nice feature in the RAM cost that we can also grasp the saved username and passwords We can also right click and we can send some uh happy messages For example uh we can give a title you are hacked and uh happy birthday Send message And if you see the message came up and the victim will be thinking like wow who is the person who is playing with me Okay And uh so these are the mostly uh usable options which we have seen here Rest we also have some registry editors as well We have file search even we can find any file in the victim computer that maybe he have some saved file with the name of uh credit cards or something or with some credential passwords So we can you know give a path maybe in the whole C drive what you want to search for password So maybe if you have any file with the name of passwords we can search it Okay You see two things with the name of passwords have been it's found Now in the later part in the next series what we will do is I'll also show you that how we can change the icon of this Trojan because right now it's not looking as you know original that the victim will double click over it It's looking like something malicious program So in the next video I'll show you how we can change the icon of it How we can turn it into the undetectable because right now this file is detectable by mostly every antivirus and I will also show you that how we can have a public IP so that we'll be able to use this practical over the internet as well So I'll see you in the next series Stay tuned and thank you for watching So welcome to black hat hacking series So in this video we'll work on how to make our Trojans look like more original and how to change their icons so that people will trust it So let's work on So as you can see in our last video we have exploited our victim computer and we gained the control of our victim machine So let's remove it We'll uninstall our Trojan from his computer and we left him So this is our payload This is our Trojan You can say a rat back door anything we can call it which we have to send it to a victim computer again but not like this way by changing the icon So what we will do we have a tool named as Celesti file binder I extract here 1 2 3 double click celest So this binder opens where I add my Trojan file which we have created from RAM cost in last video and I also have a PDF like this any simple like invoice which you can send it to some business people or like that and I can add the invoice PDF Now we need to change the icon as well uh you can get lot of icon files from the internet like I have a PDF icon as well So I go to binder configure uh sorry configure stub icon load icon on the desktop we have PDF icon close now binder build final stub with the name of maybe invoice dot PDF F So if you see a new file is created invoice PDF which is same looking like this one but this is a original PDF This is not original PDF It have the Trojan and PDF both binded in that So what we have to do is we have to copy it and send it to victim computer paste So now if you see if I double click on this file the PDF opens If you double click on the file PDF opens in the in your PDF reader or in the Chrome anywhere it can open And here if you see you got the victim control as well So with Celest you are also able to change the icon and you're also able to bind it with some file But one thing you have to remember is the maybe the file is looking like PDF and in the extension it's showing you PDF but actually it's still a .exe file If you can see type of file is EXE From here you always go to the properties of the files because uh normally anyone can make fool of you like this way So it's a exe file but looking like a PDF Now in the later series of the videos I'll also explain you that how we can you know make a real PDF file a doc file a excel file a word file which we can send it to victim computer and from that even we'll be able to hack even but there's a different story behind it a different strategy behind it where the applica the file will not be exe the file will be really the pdf or the word which we'll cover later But still now if you see the the file is not FUD the Trojans it have is detectable by the antivirus So we have to use some crypto which I'll also show you in the later series through which we'll be able to make it undetectable by the antivirus Only then we have to send it Now one thing more from email you cannot send a .exe file Gmail Yahoo they never allow to send a .exe file for So this file as well we cannot send it through the email So I'll show you different methods even later on this series of the social engineering that how we can send this file to the people as well So I hope you like the session and uh if you have any doubts any queries or any suggestions through which we can make the videos better please let us know Thank you for watching So welcome to black hat hacking series So in this video we'll cover about how to use the trojans on the live internet As in the previous videos we have already discussed that how to use the trojans how to create the trojans from the ramcourse how to change their icons from the celestri file binder and how to bind it with other files like pdfs and other files Like pdf you can bind with any file basically You just need to download its icon from the internet and you can bind with a doc file PDF file or anyone but the extension would remain exe It will look like a doc it will look like a excel it would look like look like a pdf but in last it would be exe Now the point is the practical which we have performed last time it was over the local LAN inside the VMware owner controlled environment that now we have to learn how to do that practical from the internet so that we can hack any person across the internet whether he's sitting in Japan whether in Singapore whether US Canada anywhere so the requirement to do that is that we need a static IP public IP by default what happens is the internet connections which we have in our home they always have a dynamic IP Whenever you restart your internet connection your IP address change and if you remember if I go to RAM cost again when we create a builder we type our IP address here So if your IP will change daily previously we have typed just our private IP which doesn't go over the internet But if you put your public IP here that automatically change whenever you restart your internet connection So if you like for example today your IP is 1855.44.67 Suppose that's your IP address which your internet service provider gave you I'll show you from a way how you can check your public IP as well So if you put it here right now and you create a Trojan with this one and you send it to people maybe anyone who will double click your file today itself you'll be able to get his control but tomorrow if someone will double click your IP address will change and you'll not be able to receive that victims So what's the use of that nothing We want is the permanent access that the victims should keep on connecting to you whether they double click your file today whether tomorrow whether day after tomorrow anytime and we should remain their control in our hands So that thing can only be done if our IP should remain constant It should not change So that thing what how we can do that is we have two services over the internet One is you can either use a VPS other you can use a VPN Now VPN have lot of other uses as well like to protect you on the internet to protect your IP address to protect your anonymity to protect your uh privacy So for that perspective it's also used which we will do later on in this series that how you can be anonymous so that you'll not be get caught that's we'll do differently but VPN there are some VPN companies who also provide you a static IP as well So VPN is also used for that perspective as well Let me explain you about these both VPS is virtual private server and VPN is virtual private network So what's the difference between both of them vps is a computer or a server running somewhere in the internet like there is a company everyone is familiar with that Godaddy godaddy.com they provide website hosting they provide servers they provide domain names like that there are hundreds of websites basically who provide you web hosting servers they are also you can also relate them with the RDPs I hope you'll be knowing the RDPs as well RDPs RDP is a separate term basically which we call it remote desktop But in the world of hackers in the world of in the world of hacking basically what people do is they buy hacked RDPs like there are servers on which RDP is enabled remote desktop is enabled and you can buy it in just $55 $44 which I'll also show you later on and they are not reliable because if you're using like someone's computer someone's hacked the computer to hack some another people like it's not reliable Maybe they can shut it down their computer or maybe they format your their computer So you'll lose your all your victims You'll lose all your effort So no need to use RTPS So we will remain focused on the VPS and the VPN VPS is a computer running somewhere over the internet which you buy legally like you are paying for example $15 per month for a computer like this computer This is my computer and I will give you on rent I will put team here and I'll give you the control This computer is running 24 by7 and it have a static IP which never change So you can use my computer and you can use it to hack anyone You can use it to host your website You can use for anything you want Like I'm giving you my computer on rent for whole month 24 by7 in just $15 a month So that's kind of a a concept which you can think your mind but it's not like a normal people who are selling their computers on rent No there are companies basically who create in bulk like they have maybe 100 VPS 100 computers 200 computers they're giving on rent they are basically giving it for website hosting but we are the people who do not use it for website hosting and we just use it for the hacking perspective We just put RAM cost there and we start hacking from there According to me VPS is more safe because you are not using your computer to hack You're using some another computer somewhere running in Russia or China to hack somewhere else And this its IP never change So your IP is daily changing doesn't matter You have to connect to VPS and from VPS you can connect to your victims and from VPS you can hack any of your victims So your IP is changing doesn't matter but the VPS IP is not changing So that's the VPS a computer running somewhere on the internet which you're buying over the right Now VPN is a software basically through which you will be able to connect to a VPN company and they will assign a static IP on you on your computer So your static IP problem will be solved here But in last you will be using your own computer to hack which is little bit risky I would say not risky but I would say lesser safe than VPS that you will be assigned a static IP and then with that static IP you can create a rap cause and you can send it forward to the people and you are using your computer to control the victims So I'll show you both of them from where you can buy these type of VPSs and how you can use them on the VPN So you can use any website You just have to Google it Windows VPS and you will see hundreds not thousands of websites to buy a Windows VPS But for the hacking perspective I would say buy Russia Russian VPS because Russia cyber law is a little bit different and uh they do not spy on you and they do not give your information to any country like US Germany or European countries is they never give you your information So Russian VPS or Russian hosting Russian things are more better for the hacking because you have less chances that they will give your information to somewhere else to the US or to FBI or somewhere else So if you go down to this website they have plans like you have one core of RAM sorry one cores of CPU 256 mAB of RAM which is very less minimum I think you should go for 2 GB or 4 GB minimum of RAM four cores or six cores of CPU I think minimum you should go with the master plan or Uber or you can create your own as well like four cores of CPU 4 GB of RAM and 40 GB I think of SSD and that's it and you can order it You can pay from Visa and all that and you just need to uh go forward and that's it This is the VPN nvpn.net the VPN website if you see 100% safe it's saying and no log VPN you have to go to order now this is VPN and in the first plan they do not give you dedicated IP so it's none of any use for us from the second plan they are able to give you the dedicated IP which starts from $8 per month so it's more cheap basically but they are just giving you a static IP not the whole computer In the VPS they are giving a whole computer to use even with a static IP So you're using someone's computer someone's static IP to hack forward Here you are using your computer but someone's given static IP to hack forward So now I'll show you I have someone's VPS which is bought on the profit server Once you buy it on your email you'll receive a login panel where you can uh put a username and the password and login You have to go to management virtual machines and you will see your VPS like that I have bought Windows Server 2012 4GB of RAM If you see same plan the last plan Uber I think it's $17 or $18 Four cores And uh that's the IP address static IP of the VPS It will never change Now if you think that uh you want to change the operating system you can stop the server you can start the server you can even reinstall that uh uh like you want to which Windows Server 2008 or 2012 is like Windows 7 So you can install them It's simple to use You can also install Linux on your server and that's it Very simple Now how you can connect to it you will also just I go to run MSTSC same IP I will type here and I click connect You have to type administrator and there will be a password given to you It's this password would be given differently to you in your email Let me check what's the password I give the password and uh you're connected to this computer Now this is a VPS here As you can see we have a RAM cost here We can start the RAM cost We can build a Trojan with this IP and anyone will double click on the Trojan You will receive their control here on the server From here you can monitor your victims hack your victims So you are using a VPS to hack forward In the next video I'll show you that how you can create um a a RAM cost files from the VPS and how you can send forward in the anywhere across the world and you can hack from the VPS as well So I hope you like the video and thank you for watching So welcome to black hat hacking series So in this video we're going to cover about how to use the Trojans over the internet on the real life that how you can hack into the people in the real scenarios through the VPS So let's connect to a VPS which we have bought from that Russian website Go to run MSTSC Here we can type the IP address of the VPS and we connect You have to type administrator or like this way administrator and the password which I'll not show you and okay and we are able to connect to our VPS port in Russia So this is like a real computer but which is running over the internet which have a public IP to which we can even connect and even any Trojan we will make from here victim could also connect to it if the victim receive our Trojan So it have a public presence which we do not have it on our main computer So let's verify I open the Chrome I go to hur.net net to check what's our IP address here even you can see it's the Russian Federation that's our IP address and uh it's running in Russia right now okay so let's create a Trojan from here we open the RAM cost we go to RAM cost loader Click launch I accept and here we can uh go to first of all same way local settings I remove everything we can listen on 77 no password we add it on the builder we have to give our this IP address our public IP 185.14 29 867 no password and add installation we'll make it install stealth invisible and we'll make a build and we make it a VPS hack or uh VPS exe and we'll save it So this is the file which we can send to anywhere in the world Now the previous practicals of the Trojans which we have done it was only specifically for your local LAN where anyone in your room or anyone in your VMware you can only hack it but now we have a a worldwide environment through the VPS whether you send it to someone in Japan in Singapore Russia US Canada anywhere you'll send this file if they double click will get their control simple like I minimize it and I send it to myself This computer is right now running in India If you can see the VPS file is there and if I double click on the file and let's see on the VPS we got a victim from India Right So you can right click and you can see screen and you can do anything you want So that's how if you can see how much easy it is to perform the same thing from the internet via the help of the VPS rest What what are the things you can do over your victim you already know we have covered them in the torrent in the Trojan section sorry where you can right click you can go to the file manager in the key logger password recovery microphone webcam capture etc So I hope you like the video that how to perform this operation from the internet and any questions if you have please ping me Thanks for watching Welcome to black hat hacking series So in this video we'll cover about the detection ratio of the Trojans and how the antivirus works So everything we'll be covering in this video So let's start So if you remember in our last videos we have created a Trojan from the RAM cost which we send it to people and we gain their control and we seen how it works even over the VPS But as I explained you before that this file is detectable by the antivirus Most of the antiviruses in the world will catch it And I told you that we will do the crypting practicals later on in which we'll discuss that how we can make this file undetectable or fully undetectable So right now how you can scan this file from the various antiviruses to get to know that how much antivirus is detecting and how much antivirus is not detecting this file So there are two methods whether you have to install you know lot of antiviruses in your computer and update them first and then you scan it That's a very long process or whether what you can do is the easiest and the simple process you can go to any of the website you just upload your file there and the website will scan more than 30 antivirus in 2 minutes and it will give you the results that how many antivirus catch your file and how many antivirus say clean Now I have to explain a little bit about these websites like this The first one is the virus total.com which is a product by the Google So they have actually they scan the files with more than 60 antivirus in the world This one have more than 30 antivirus and this one have more than 25 antivirus Now you would say that virus total is best then yes I would say it's best but only for the files which you download from the internet and you suspect and you do not trust the files but you should not scan your Trojans over the virus total Why so because they share your results with the antivirus companies For example you created a RAM cost file Then you have bought a cryptor and you turned your file into undetectable Now you want to check it that your file is really got undetectable or not So maybe you will scan it over the virus total and what they will do they'll first scan with all the antivirus and they'll give you the results and after that they will send your file to the antivirus companies as well for the further research and when the antivirus companies will research over your file your file will become detectable in few days So your every effort will go away right So you should not scan your files on the virus total because they share the results with other antivirus companies So there is second website which may or may not share the results with antivirus companies because they have no data written on their website but it's also a good website The third one is a noistribute.com Even their name says that they do not distribute the results with antivirus company So if you scan your undetectable files there your files will remain undetectable for a longer period of time So you can use only virus total for the files which you download from the internet which is not your file which you do not you know uh trust even So even if that would be shared with antivirus companies it's it's it's no more going to affect you because it's somebody's file which you downloaded from the internet Just to protect yourself you're scanning it over the virus total So in that perspective virus total is the best So let me show you all of them like the first one is the virus total where you can you know choose the file I can choose my update which we created last time with the RAM cost and uh it will see okay it would scan it and now the analyzing is in the progress so till it's scanning I will also scan on the second website update same file here and no distribute as well with the same method if you see our file is right now detectable by more than 51 antivirus out of 67 on the virus total As I said before that right now the file is detectable Let's see about the meta defender It have only 30 anti 35 antivirus with which it scans and out of which 24 are detecting it So which is very bad As I said the file is not ready yet to send it across the world to hack people So we have to make our file undetectable Now how antivirus works till the point we do not know how antivirus works we cannot make our file undetectable like the concept would not be clear in your head as I said that if you see there is a hash for every file whether you crypt it whether you whatever you do with this file the hash will remain same of the Trojan so this hashes actually the antivirus companies research over them They gain this type of hashes of the various Trojans and then they up you know make it into the signatures and that signatures your antivirus updates from the internet and once it it updates from the internet it have all these hashes So if it have the hash it could also detect your file Now I would tell you that how we can make our file undetectable It can only be done if the antivirus will not be able to calculate the hash We will you know lock our file in that way We will hide our file in that way We'll fold our file in that way that antivirus will will not be even able to calculate its hash It will not be able to even see it For example my friends know my face If I go go in front of them they can you know uh locate me very easily that hey how are you but if you know I wear some hats add some mouse stitches on my ma mouth add some you know little other stuff on my mouth So they'll not be able to detect me that who I am So that's the thing we have to do with this uh Trojans Basically we have to you know add a lot of parameters in that you know make it fold make it compress make it crypt we do lot of you know changes in the file that when antivirus will see it it will see that no it's not that thing which I have it in my signature it's something else so you can go away your pass but I'll explain you more deeply that how it works I have a picture payload jug creation now there's also one name you can also call the payloads basically to your back doors to your trojans to your rats it's also a same term which you could use So if you see the blue one is your Trojan If you do a simple encoding over your Trojan there are three methods you can use over your Trojan basically to make it undetectable The first one is that you just make a basic layer of encoding So three things encoding encryption and compression Let me first give you what are these three like encoding you have a text suppose A B C D A B C D you just encode it and you can write it A D B C which is still ABC D but you have you know encoded it into a different form it's written into a different B form but it's still ABCD so if you just encode it it's very simple for antivirus to detect it So only encoding cannot protect your file The next thing is in encryption Encryption is that totally change your file Encryption works through a mathematical formulas that you maybe you will multiply your file with some number divide subtraction addition You do a lot of mathematical calculations with it and it will you know turn into a totally new value maybe 0 9 3 gx So ABCD is converted into totally new value So when you want to again convert it into ADBC you have to again revert back that calculations of mathematics and then it will be converted back into ADPC So maybe antivirus companies are also very smart nowadays They are also have all the decryption algorithms of the common encryptions which are used by the cryptonum companies or the Trojan companies So the antivirus could also you know decrypt it convert it into ADBC and can decode it and convert it into ABCD Then it's you know almost naked and it can detect it So till the point it's not naked it cannot convert it into hash It will compare hash with hash and it can detect it So the first layer is encoding Then you can maybe make it encryption And the third thing which you can do is compression Compression is like you compress it like you can there is a big paper you can fold it fold it fold it and it becomes very small So whatever is in in between the paper you have to first unfold the paper and then you can detect it what's inside written in the paper So we can also compress it to decrease its size even and to evade the antivirus even So if you see the first is just encoding is used which is very normally can be broken by antivirus and the second way is that first you use a trojan then you encode it encoding is always done second if you see on the second step is always encoding I'll tell you why the third thing is you can first encrypt it and then you can compress it or maybe first you can compress it and then you can encrypt it any way you can do it but encoding is always been done on the second level why so because if you first convert it ABCD into the crypted text basically into the cipher and then you then encode it like this way First you encrypt it to this value and then you maybe encode it like uh 93 0 xG It's the same value written with encoded thing But if you little change it it cannot be decrypted because whole thing is changed So that's why encoding is done before and then in it should encrypted so that it can converted back into ADBC and ADBC can be converted back into a ABCD So encryption is done after it encoding then maybe you can use compression and even with these steps if you do all these four still nowadays antivirus companies can detect it because they can first decompress your file decrypt your file deenccode and detect your naked Trojan So what is being done by our softwares which we call them cryptors they do multiple cycles over it They first take your Trojan encode it encrypt it compress They again encode again encrypt again compress again encode again encrypt again compress or maybe they encoding is being done one time as I said because maybe it will not be able to convert back the the file So maybe again encrypt again compress again encrypt again compress So it will give multiple cycles over it and then antivirus would not be able to know that how much cycles are being given over it and maybe antivirus will not be able to make it naked and able to detect it So that's how it being done So how now you will think that oh my god it's it's a very typical process to convert a trojan into you know undetectable No there are already a readym made softwares which we have to download from the internet which we call them usually cryptors into a simple form but actually they are not the only cryptors is what which basically we call it which crypt but actually they do not only crypt they do encoding as well do encryption as well they do compression as well so they do a lot of things basically but in the general way over the internet people call them cryptors which you can you know buy it there are different different cryptos which we will be discussing into the next video that there what type of cryptos are available in the market what are their difference how what's their cost usually 10 in between to 10 to $100 there are various crypto thousands of cryptos available in the market you just download or buy a crypto you know you you just put your uh file your the RAM cost file in between that and it will save it will give multiple cycles over encoding encryption and compression and save a new file in your computer in just 1 minute And then if you scan that file it will be undetectable Simple So we do not need to do this process This process I have explained you for your own knowledge because knowledge is the key to success If I just make you you know a dummy hacker or a script kitty Script kitty is something which you which you can just use the software that's it But I want to make a hacker who must be knowing the details as well in between a real deep knowledge as well You must be having So I hope you like the video and thank you for watching Welcome to black hat hacking series So in this video we'll discuss about the cryptors that how will make our trojans undetectable or fud fully undetectable so that any antivirus would not be able to catch it or very limited antivirus would be able to catch it So let's start So first of all we'll go a little bit in more detail of the cryptors that what type of cryptors are available in the market which we'll buy or which you'll use to make your file undetectable So first one is the public subcryptors and the second one are the private subcryptors Basically when you buy the cryptors it will not it will be rarely written with them that it's a public stop or a private stop you have to actually go into the more details of that uh crypto or you have to search about it that this is actually a public st or a private st Now what's the difference between both of them is uh for example uh I have made a crypto I'll give you one example uh with the name of maybe ABC crypto like now to make a crypto I have to write down a long code maybe a 400 lines 500 lines and that 500 lines of code will keep on do encryption encoding compression on your files which you use in my cryptor like you have uh you have got a RAM cost Trojan like this update.exe exe which we have created before You'll use my ABC cryptor which in which I have wrote line of 400 500 lines of code which will do a lot of calculations over this file It will give lot of cycles over it and it will make your save a new file in your computer Now the code which I have wrote will remain same to anybody will buy my crypto like anybody buys suppose I sold to 100 people my ABC crypto So all will be having my same code in their crypto So if one of the person will do a mistake and he will upload the file which he create again after the crypto on the virus total.com and virus total.com will send the file obviously to the antivirus companies and then everyone all 100 people's file will start detected by antivirusing like one cryptor same for everyone one code same for everyone but private stub is different and it's little costly in which for example I have 500 lines of code in my ABC crypto in which I will every time a person buys from me I will change minimum 20 lines of code every time for every customer so that if one of the customers file got detected over the internet the second customer or the other customers will not be infected Everyone will be having their own code a different code which will keep their file remain a FOD for a longer period of time So I hope you are cleared that this is the same code for everyone and there is a little different code for every person so that they'll not be affected if one file gets detected But in this case if one gets detected everyone starts detecting because same code is used by every person over their files Now what are the cryptors available in the market now there are hundreds of cryptors available in the market If you go to hackforms.net if you go to lot of sites basically you just have to Google it that FUD cryptoby or undetectable cryptoby you'll see hundreds of sites basically Now I would not uh guide you that which website you have to buy which not Why so because every website is different Maybe there could be one cryptor which is good today and tomorrow it's got detected or after one week or after 10 days it starts detected by lot of antiviruses There is no crypto permanent in the world who is you know permanent give you better results No crypto because like today you're using one crypto and you converted your file Very soon maybe in 10 days 20 days 1 month 2 months the antivirus companies will be able to locate your file will be able to start detecting your file and then you have to maybe update that cryptor If that crypto company is giving you the update a new code they have to give you so that again your file will become detect undetectable from the new code with a new update If that that crypting crypto company is not giving you updates frequently then that crypto is none of any use So whether that crypto have to keep on updating every month if it doesn't update it's no more good like so the reason is there is nothing permanent without update there is no per cryptor in the world who can remain permanent FUD So you have to keep on shifting to first crypto to second cryptor like every month you have to look for new cryptors or you have to update your old cryptors if the update is available But I have wrote few crypto names which I have found like which people lot of students lot of uh my known students or known people are using it like USG crypto data protectors pattern crypto and Kazzy cryptor which is giving a quick uh quite good results to them but no one is permanent As I said that sometimes USG gets very bad and there is no update available for them So they buy a different one and maybe after 1 month or 2 months there is update comes up with the USD and they again buy USG because now this one is good So it's keep on changing there is no one permanent and how to buy it I will also not guide you any specific websites that go there go that because I do not have you know I do not do that type of work like I take commissions from that side or that side So you just you can Google their names and you'll get the websites on their own and you can buy it But one thing more I like to add here is that as much websites you will see to buy the hacker stuff like whether you buy want to buy a cryptor whether you will buy a lot of other stuff I'll show you later on in the videos 80% of the hacking based websites are fraud so maybe you'll be paying them you'll be getting a lot of people Skype ids you know IC ICQ IDs that you'll they'll just contact you on hackformms.net internet especially there are hundreds of sellers available there they'll keep on you know ready to sell you but 80% are the frauds maybe they'll take your money like if the USG maybe costs $50 they'll take your $50 and they'll never revert you back or maybe it's also possible that uh uh they'll uh you know they have a cracked version of USG which is 6 months old and the cracked version do not get the updates and as I said without the updates no crypto is good more than a month because after 1 month antivirus company starts detecting it without update it's no more good So maybe they'll give you old version of crypto which uh with with which even you use it it's still none of any use So you have to very consciously buy it over the internet these type of stuff or maybe you can you know speak with the people that they have to first show a demo over the you know an internet or they have to you know live show you you send them your file that crypt it and revert me back and then you scan it over the internet on the virus not the virus total basically not on the meta scan or maybe on the node distribute that really what cryptor he used on your file is undetectable able now your file is undetectable or no if your file is now undetectable you can pay him and you can take his crypto you know that he's having a latest crypto or latest code latest stop he's having or you can also you know search for the private stop cryptors as well on the internet but still there is no shorty there are a lot of sites they're writing that they have private stop but no shorty that they'll give you really a private stub or they'll just fraud and they'll still give you public stub so there are a lot of scams over the internet so You have to be conscious while buying I cannot guide you any specific websites to buy And there is also hackformms.net rackings.com like uh but you have to be conscious while buying and you rest you'll get from the Google as well So let me show you a demo a quick demo I have a cryptor axe crypto basically and it's not a very good one basically it's a very cheap crypto just for a demonstration purpose I got it uh I run it so I can show you how a cryptor works it takes few seconds to come So it comes up I want to select a file like uh this one update.exe which we created from um RAMCOS and uh this is the things which it does on its own The net version you can change the net version like right now it's 2.0 if you change it to 4.0 Z the detection ratio would be different You can try with both the levels In in every cryptor you'll see the same stuff There will be a lot of stuff whether you want to change it whether you do not change it You just click on the crypt or the protect You just import your file and export your file That's it I crypt it And in the folder it created a new file with the name of update output I can give it again a name I would say encrypted file So this is our old file And if you remember the last video 24 out of 35 antiviruses were catching it Now let's go back again and scan the new file which we have created from the cryptor Now that cryptor basically automatically do the compressions encoding uh crypting everything it do on its own So crypted file and let's see So before 25 antiviruses were caugh catching it and now only 10 But I'm not saying that 10 is a very good ratio As I said before that I'm using actually a very cheap crypto right now just for a demonstration purpose but once you buy some good ones as I have mentioned or more there are hundreds more available over the internet good ones they would let your detection ratio to maybe just two or three antivirus will catch it or maybe even zero So if you see which ones are catching it avira is catching as a Trojan Uh ESET is catching it IIcorus is catching it and K7 So these are the 10 antivirus which is catching That's strange that Casper Sky is not catching which I trust According to me the Casper Sky is uh is the best antivirus which is not catching here which is very strange but not a problem So I hope you got an idea that hawk cryptors work and now I'll I think you'll be able to you know buy your own cryptos use your own cryptors over your files then your files would be ready to send it and the more advanced cryptors like kazzy or the other ones the cryptors which you buy they also have you know the features of celesti in between them that you'll be able to change even your icons like right now if you see it's just giving a you know a very bad icon of a exe over it so which is making a file untrustable to the victim So in in the advanced cryptors in the good cryptors you'll also have a feature of changing icons binding with some PDF and all that So a lot of other features even you'll get into the into the cryptors in between and uh you can use them then later on I hope you liked the video and thank you for watching So welcome to black hat hacking series So in this video we'll cover about the ransom wares So if you remember in the previous videos where we have did a discussion about all the malwares where we have covered uh a video regarding the viruses trojans ransomwares spyes worms that what are the difference between all of them all the malares So in this video we'll specifically cover about the ransomwarees that how you can create a ransomware how you can send it to someone and once the person receive your ransomware and he double click over it it will lock down all his personal files in his computer then he'll just be left with two choices whether he have to pay you the money back or whether he have to format and lose his files So let's do it So there are a lot of tools basically same like trojans in the trojans if you remember we have done a software named as ramcos now like ramcos there are hundreds of more backd doors or trojans are also available same who will be having same features like ramcos same way while in the ransomares as well there are hundreds of applications available to do it but the one which I'm going to use today in the ransomware section is the angrat now as the name explains you it's also a rat it's also a trojan It's same like RAM cost including a feature of ransomware as well So it have a feature of Trojans as well and it have a feature of ransomware as well So the point is that you will be able to control the victim computer as well You'll be able to see his keystrokes You'll be able to see his passwords as well And if you'll be willing later on to lock down his files you will also be able to apply a ransomware feature as well on his computer So it's it's both in one So let's extract it first The password is 1 2 3 for all the tools which we'll be using All these tools which we are using in our course is all there in the toolkit which we have provided with you So we extract anat lime edition and we double click over it Okay it starts up So same like in the RAM cost if you remember in the local settings we first open a port So same way we also have to open a port here as well because it's also a a Trojan in the back end So maybe here we can use uh7 and we also have to get a password as well over it like 1 2 3 key and start allow access I think our firewall is enabled So we'll disable it so that there will be no problem while receiving the victims So what we can do is we have uh now port we are listening on now we have to create a builder We have to create a Trojan We can create a builder client and here you have to put your IP address same options like which you have seen in the RAM cost So our IP address is 192.16847.132 168 47.132 it automatically picked the port which we have opened7 it automatically grabbed the key as well which we have gave in the injur so it will make a file name with the name of client.exe exe which we can change it later on even we can also uh tick mark this one copy to startup registry startup so that persistence so that it would start on its own the if you remember the feature in the RAM cost that you have to tick mark the install feature so that you will permanently have the access of the victim if the victim restart you will not lose him you will still have him whenever he comes back so same way We have to click this persistence Persistence is the permanent access So whether the victim restart even it will not affect on you You will lose him and whenever victim comes back online you will again get him back automatically Now here's the thing You also have to give your bitcoin address where you want to receive the money in case if you use the ransomware feature of it Maybe I can just put my any random bitcoin address But here you have to give your permanent bitcoin address which you'll get from your bitcoin wallet And there are hundreds of wallets online like uh blockchain You can go to that website and you can create a free bitcoin address there A free bitcoin wallet where you can receive bitcoins So I just give a random I click terms of service and I can build it on the desktop Maybe I can give a name of uh uh or maybe same update.exe It's created Now it's same process as we have learned while in the Trojans You can use Celesti file binder and you can change its icon same like Trojans which we have done You can also use a crypto and make it fully undetectable because right now if you'll scan it over the uh the metascan or maybe on the noistribute.com most of the antivirus would be detecting it So you have to make it undetectable as well first of all before you send it Now send let's send this file to the victim computer right click and paste So there is already a RAM cost file available and u I also saved a new one So this is a RAM cost file and this is the one which we created from the NJ rat So if you have seen in every rat the process would always be same that you first open a port and then you create a file with your IP address and that specific port and you send it to victim Same thing you did with Ramco Same thing we also doing with the RAM and Gerat So now if I double click on this file you must receive a session in few seconds Okay And the victim comes out So we can do like uh passwords key logger We have a key logger option Let me type something there in the Gmail or whatever If you type like there is a notepad file I type hackers rocks So if you refresh and here it shows hacker rocks So if they'll type their credit card numbers their bank login their Gmail password their chats you'll be able to get it from the key logger option Same as in the RAM cost you have seen So you have a password recovery which you also seen in the in the RAM cost You can also capture the webcam microphones same as you have seen in the RAM cost So all the options are mostly same but the there is only one option primarily which is not there in the RAM cause and it's there in theat is the ransomware feature So if you like you can and it also have little more features as well that you can shut down their PC we can change their wallpaper we can you know reverse their mouse and uh we can also turn off or turn on their monitor If I turn off their monitor their screen will go blank They'll not be able to see anything on their screen So there are a lot of like you know tricky features as well But the main thing which it have is a ransomware like if I encrypt it are you sure yes I want to lock And how much money you want to ask them like maybe $250 Okay And do you want to do you want to change the client's wallpaper i would say no I don't want to change it So if you see now automatically a notepad is opened on the victim that all your files have been locked You can get them back by just paying $250 as a bitcoin And this is a bitcoin address which we have typed while creating the the trojan if you remember And they also gave a link that this is a video you can learn how to pay You can watch this video to learn how to pay via bitcoins This is not a joke This is a ransomware And if you see there are a lot of notepad files before they're on my desktop and all of them are locked with extension of lime like update.exe.lime lime notepad lime everything is.exe txt lime and I cannot open them Whatever I open I just see encrypted text simple So it have locked everything in my computer So when the victim pays you you can also actually show him his your email ID in between this text basically So he can revert out the receipt to you that he have paid And then what you can do is you can right click over him ransomware and you can decrypt his computer as he have paid you now and it will take few minutes as much data the victim would be having as much time it will take to encrypt or decrypt So so if you see it it took 3 4 minutes and uh it have finally decrypted everything in my computer Now you must be thinking that how we will be able to provide our email address to the victim so that he'll be able to contact us back after paying So only then we will be able to know that the person have paid and we have to decrypt his computer now So if you remember I also have a picture like this you have to create a picture basically that you are hacked and this thing So if you remember when you right click and uh go to ransomware and encrypt are you sure it $150 and it asks you that do you want to change his wallpaper you can say yes on the desktop and 1 2 3 4 I select my picture and if you see it will also change the wallpaper that contact us on this email id rest it will also open a notepad as well that how much he have to pay where he have to pay and he can also learn how to pay and after paying he'll be able to contact us back on this email id and then we can maybe decrypt his computer from the decrypt Now why it have not encrypted yet is because as I said it takes time depending upon the data how much victim would be having and it will also decrypt by taking time how much data the victim would be having So I hope you got an idea that how you could also use a ransomware feature as well in between the Trojans There are multiple other features as well that like uh mouse you can go to reverse If you see if I right click I'm doing left click when I left left click it's pressing the right click So mouse buttons are replaced Uh so uh there is also taskbar It shows show or hide I make it hide And if you see there is only one button The whole taskbar is gone So it have little more tricky features as well to just play with the victim But I think all the important features the RAM cost also have it except these you know uh playing things and as well as the ransomware feature So I hope you got an idea how the ransomware works Thank you for watching So welcome to blackhat hacking series So in this video we'll cover about the malware for N6 that how you can figure out that your computer is hacked or no that maybe your computer got some Trojan or maybe your computer is getting controlled by someone else or no how you can find that So first of all what you can do is you can go to run cmd the best method you can type a command uh let's uh netstat n o so if you see this computer is uh so first of all what you have to do is close every connections like close your m uh firefox close your skypes close your team beer uh close everything every program which connects to internet Once you close everything then there will be only that connection remain which is connecting in the background So here if you see there is one connection established this is my IP and this is a hacker's IP where it's connecting like the victim is today hacking on victim Ramos is running and victim is hacking the attacker So our computer is connecting to victim computer So here you can also see the hacker's IP that who is connecting when victim is at 129 and if you see its IP it's 129 and here we can see that our computer 132 is connecting to 129 Connection is established Its pit ID is 2340 We can right click and start the task manager and we can view select columns Select the PID Okay I select and I sort from the PID and let's go to 2340 You can also click show process all processes and we scroll down 2340 is can you see RAM cost what you can do is right click and end process If you click end process your computer will be disconnected from the hacker right it's simple but it it will not permanently disconnect because the Trojan is installed in your computer When you restart your computer it will again reconnect to the hacker So I will show you how you can permanently uninstall as well Right now killing is just killing the temporary connection But let's also figure out more tools as well more softwares which you can use for the malware forensics There are three tools more auto runs process explorer TCP view These all three tools are free and you can just Google them and you'll get them for free from the Microsoft website These are the Microsoft's official tools Like first one I will use TCP view you can extract it and I can um use uh sorry TCP view double click on the TCP view yes agree and here you can see it's showing me all the connections which is established right now I can click on the state where it's established if you can see there is only one established connection And the RAM cost is connecting here It will show you the name process ID everything in one place Like you do not need to first find here then go to task manager to find it It will show you all the established connections at the same place But if you see one thing more my Java is also trying to connect somewhere on 193 IP This is a this is somewhere else I was also running you know a lot of other Trojans as well in my computer so that I can show you the real examples as well like I just downloaded a Trojan from the internet and I just double clicked on my VMware virtual machine to show you that how my computer is connecting if you can see on some IP on the internet I'll take its screenshot Let me write it down This is the real hacker's IP Let's write it down 193 if you can see.161 this is not my own 193.19 so let's go to Firefox and uh the RAM cost is my own like my victim computer is hacking it so Ramos is my own but the other one the java.exe like j a v aw.exe texe This is not my own This is some real hacker basically whose Trojan I have executed on my virtual machine for just the demonstration perspective So that you can see how the real now Firefox is also coming I can type on Google IP trace We'll get this website IP tracker Let's copy the IP You can see Firefox processes are also there So uh we have found two Trojans right now One is Ramos which is this one One is this Java which is somewhere else I don't know who is this hacker and where he's sitting but let him be happy that he's hacking my virtual machine on my main computer So in the virtual machine that's that's the use of virtual machine is that your main computer can be safe all these type of practicals we can just perform it in the virtual computer in the VMware So we can type here and trace IP Okay somewhere on the Russian Federation Moscow somebody also have a VPS maybe in Russia from where he's hacking so this is one of the way to find the current connections that where my computer is connecting right now but as I said the Trojans are installed in my computer maybe I can kill them as a temporary connection right now but once I restart my computer they'll again connect back to my to the attacker So for that I'll use the another tool named as auto runs And if you see here you just have to see you know all this uh this light red connections because all blue ones are verified If you can see this is the path somewhere in the temporary folder there is explorer.exe exe Now what this auto run software do it will show you all the permanent installed files not the ones who are connecting who are installed which automatically starts when the computer starts up So if I and there is also this blue banana.jar jar this is also if you can see it's a Trojan which infected my computer but which is not right now connecting somewhere that's why we will we will not be able to see it in the TCP view because it's not connecting somewhere right now but whenever I start my computer this blue banana also starts up Ramos is also installed this blue banana and two more three 1 2 3 so three Trojans are permanently installed in my computer which automatically starts with my computer So if you go down others are all fine So what I can just do is I can first right click on the RAM cost entry and I delete it I can right click on blue banana delete it I can right click on this you know bad name explorer.ex in temporary right click and delete it That's it Now if I restart my Windows 7 it will no more be connecting somewhere on the internet even because they will the Trojans will not be started automatically with my computer Maybe they are remaining in my computer but they will not start automatically in my computer I hope you liked the video and thank you for watching Welcome to Blackhat hacking series So in this video we are going to cover about advanced concepts in the Trojans If you remember in our past videos we have learned about RAM cost that how to generate the Trojans from the RAM costs and in the next video after that we have also learned that how to use Celesti file binder like this way and you drag and drop your file and you also drag and drop your PDF and then you give a icon and then you generate a file as in ypdf for example So this is your file So this is the thing which you have learned before that how to use ramcos and how to use the celesti file binder But now I want to show you something very important for which maybe you'll be scammed in the future on the names of silent exploits silent PDF exploits silent doc exploits Now this is the reason Now everyone requires something to send as a PDF or a doc Why there's a reason behind it because once you send it to some people they accept more PDF or a doc rather than exe because exe will seek it as a malicious but if you send them a invoice that maybe uh I want to buy some shoes from you and this is my my requirement in the PDF please download it and open it So if now every business person if you'll see as your proposal he will obviously download your PDF and open it and once you open it you get his control that's what everyone want It's so easy to break into people if you send them a doc or a PDF Now the point is maybe you have learned this thing before that once generating a exe file like backd dooror you can use celesti file binder and you can bind it with a pdf but there is one thing which we are missing here this is not a pdf this is a looking like pdf if you go to its properties it's application but if you see this file is look like pdf even if you send it to some victim and they double click over it you'll see that a pdf opens and you can close it even that um so the so the victim will think that this is a real PDF Yes you can also use it like this way But the point is if someone download it in their browser for example can you see it shows invoice PDF.exe if you send them as a link on their email on their Gmail PDF somewhere you'll send them a file to download Once they download it they'll see the complete name like this But once the download is completed they'll just see invoice PDF So now that's the thing which I'm willing to explain you is now a question would be arising in your mind that can we make it as a real PDF rather than looking like a PDF or a real doc rather than looking like a doc The answer is yes and no both I'll explain you why we have to understand the science behind it That's why I'm making this video Now if I open the notepad now what is a .exe exe is a executable file It means it do not need anything else to make it run You just doubleclick this thing and it can execute itself It can start itself You do not need anything to start it Like you go to your car you put your key and you roll it which starts the spark plug and spark plug starts the whole car starts the engine and then engine starts rolling and then it just keep on consuming the fuel and it runs So the key actually you require to start the spark plug and spark plug is required to start the car But exe can start on its own It doesn't need something to be started You just need to double click over it and it can extract itself and it will automatically do all the operations for which it is built Like it will automatically connect back to attacker It will give the full control to attacker It will automatically with just one double click it will perform all the operations for which it is built That's it But now you like that I want a extension to be doc or a PDF Now doc or a PDF is a non-executable file Both the PDF as well Both are non-executable files Right now I have this is a real PDF file This is the one which is looking like PDF Now if I double click this file the file opens in the Adobe Reader 9 If I uninstall the Adobe Reader you'll see one thing now If I uninstall the Ad Adobe Reader would this file will work can you open the PDF no you cannot open the PDF because PDF is a non-executable file But Adobe Reader is executable Now it still shows you icon But if I open it it shows how to open It does not know how to open itself It cannot open itself It needs someone to open it Like Adobe Reader like some PDF opener like some Chrome Chrome also have a feature to open a PDF file Like it needs something to open it It cannot open itself That's the same case with every extensions whether it's a JPG whether it's MP3 like a music file a video file a PDF file a doc file they all needs a opener now but I'm not saying that there is no way to make your Trojan into a form of a PDF or a doc there is a way we can use our exe file and we can bind it into a doc And in the result the file will also be into the doc extension But now it will depend on the opener like the latest version of Microsoft Office is 2016 If that version is safe if the opener is safe it will only start your doc file It will not start the .exe embedded in that But if you use some old Microsoft Office if the victim is using some old Microsoft Office maybe 2013 2008 2003 if that openers are weak they will also run the doc file and they will also run the .exe hidden in that So the point is you can embed a .exe into a doc and doc will be the extension but it still cannot execute on its own It will be dependent upon the version of the Microsoft Office or the PDF Adobe Reader they are using If they're using a latest Adobe Reader your .exe binded in the PDF will not run If they use a latest Microsoft Office version your .exe hidden in the doc file will not run So in the non-executable files they are always dependent upon the openers that if the opener is strong the file will not run If opener is weak the file can run because opener is actually extracting the juice the exe out of the dock and running for you But because the doc cannot run itself but exe it needs it needs nothing like this is a PDF looking like but it's application even if you see right now this PDF file which is a real PDF file is not opening but if I double click this PDF looking file I will get the control in the RAM cost because doesn't matter it's a exe doesn't matter the PDF will run out of it or no but the exe will run it doesn't need any software to run but if you use PDF as I shown you people can suspect if you use exe kind of like a looking like it can be suspected but it can run itself so everyone have their own advantages and disadvantages advantage of running this type of file is it do not need a opener The disadvantage is it looks malicious The advantage of sending a doc file is that it's a doc file Obviously they people will happily accept it But the disadvantage is that if they use the latest version it will be none of any use Now there are some terms named as silent exploits What a silent exploit is actually mean for silent exploit means a zero day exploit Now what is a zero day obviously it means no one is aware about it Like you are a security researcher and you have the in the latest version of Microsoft Office you have find a bug and uh related to that bug you have coded 300 400 lines of code through which you can hide a .exe into a doc and even the latest 2016 will also run your exe file out of the dock That's what you want So everywhere nowadays on the hacking based websites you'll see that we sell silent exploit We sell silent exploit Silent exploit means no one is even the Microsoft company is not aware about it that this type of thing exists because if they know they'll release a update in their version so that they can make safe all their customers So if whatever it's not known to anyone even the Microsoft you think it would be cheap people hackers are selling it like $100 $200 $500 no they are not real they are all scammers the real silent exploit which can like which is a zero day which can run over a latest version of Microsoft office latest version of Adobe Reader that you can send just a PDF to people just a doc real doc file or real PDF file to people and even if they are using the latest version of their openers It still runs That's a real silent exploit which worth more than $10,000 If anyone have it and even you are not actually sure that who have it and who do not have it maybe they are scammers who are making you fool Now how they are used how they look like even if you buy a silent exploit they comes into two type of forms One are the graphical builders like this that you just give your RAMOS file the .exe file here You give the license key which you got it like while buying this builder and then you choose the office version If you see only 2007 and 2010 is there no 2016 If someone is giving you even 2016 it could be fake as well because if they're giving you 100 200 500 it could be fake because the original silent exploit which no one is aware about it which will really run on the 2016 which would cost obviously in thousands of dollars There are also into exploit form also they come up which you just install it into your Kali Linux and by using a metas-loit software through some little codes you can generate a file and you can control a victim So in my next video I'll also show you a example of a silent exploit I I do not have even a pure silent exploit As I told you it worths in thousands of dollars But I have a semi-ilent exploit which could run up to 2013 which could even run on some versions of 2016 as well like 2016.1 2016 even and even 2013 as well and with almost a FUD the detection ratio which I seen last time was just 4 out of 35 a real silent exploit is always 0 out of 35 that because no one is aware about it so no antivirus would also detect it but mine is detected by four antivirus but I'll show you how to use it in the next video but I'll show you as a real engine form like a real exploit form form not like this type of builders because they could be mostly scammers And the next thing is there's also one more thing which some of the new hackers are crazy about it are like the jar rats like we use the RAM cause it have generated a .exe file There are also Java rats basically they generate a jar file I'll show you one example like this is the one this is a unknown rat 1.2 2 if you can see it can hack even the Windows it can even hack Linux it can even hack Mac and it can h also hack Android now you will think like yeah this is the best this is the best you want but that's also somewhere I would say no what's the reason this is a Java rat now Java is a multiplatform Java you can also install on the Mac Java you can also install on the Linux Java you can also install on the Windows But if Java is installed on the victim computer the file will run If Java is not installed on the victim computer it will not run Still it's a opener Java will open the Trojan out of a JAR file If Java is not there no one can open it Only .exe is the one thing which can open itself Still the same concept If you notice if you see if you use unknown rat this type of jar file it will generate Some people think rather than exe jar is still people may double click may because exe think they will never double click It's also sometimes a reason So you can generate a jar file and you can send it still if they use Java And the second drawback of this rat is normal cryptors will not work over it because normal cryptors are built to encrypt .exe file To encrypt a Java file you need a special cryptor and which is very very hard to find it over the internet So you should first of all think about it that what you want to use is a a PDF looking like .exe sufficient for you I have also a way to send it to people and they will see only PDF So that thing I will show you in the coming video I hope you enjoyed this one and thank you for watching So welcome to black hat hacking series So in this video we are going to do a small practical regarding the silent exploits or maybe the semi-ilent So if you remember in our last video I have shown you some of the examples that how what a silent exploit is mean about and how actually they look like even but I just shown you a way or like a picture of these type of builders Can you see it's written like fast silent exploit builder and like there could be so many names like that like HT silent exploit builder fast silent exploit builder cool silent exploit builder so doesn't matter actually they are silent so it's a builder it's builder means it's just a graphical access which use a engine behind it and that engine actually generates a doc file for you so my point is that I always prefer to use directly the engine rather than using this type of builders engine is always into a code form So the real exploits always look like this like I have which we have uh tried to do some changes like they always look like into a code form This is exactly a engine which is being used to generate a doc file But these type of builders are mostly like you know built by some type of scammers They say okay buy our builder and it generates a doc file Actually it's not a beauty of this builder It use always a engine or this exploit file a Ruby file behind it This file is actually the thing which generates the file Now that's why they just make a very cool builders They're very easy functions that you select just 2007 2010 and generate But they could be fake even maybe they do not have even the engine behind it They just have this interface so that you can see a interface and you they can sell it to you because you just see okay they have something look like this where you can give your exe and you can generate a doc maybe it doesn't even generate it's just a dummy software so but if you have the engine like the one I have obviously I have the real thing which actually generates it so I always prefer to work with the the directly code exploits and that's how the exploits always look like exploits always primarily come with a Ruby file I'll explain you how the codes look like and everything in a in a moment But you should always even make a habit that you should avoid this type of builders and try to make a habit to work with the real exploits If you are going to use a silent exploit or if you want to use some kind of RAM cost type of things then you do not need to you know need these even builders or not even the engine type of the code type of exploits but let's do a practical let's close this uh type of builders and let's directly go to the code level So this is exploit and if you see I'll I'll I'll not make this video much complex I'll just show you like how it have to be built Basically if you want to make your own exploits you need to learn Ruby or some programming language or if you can if you want to buy it always prefer that you buy it into a code form the raw form engine form which you can use anyway you can also make a builder which can use this engine behind it or you can also use it directly like into a code form So if you can see I'm including some of the modules for HTTP server for file formats the PowerShell which is pre-installed language in the Windows 7 Windows 8 and 10 and I'm also including the EXE modules then it's going to generate uh uh it will show you the names basically and then um I'm also selecting the architecture that whether it could be 32-bit or whether the the victim could be 64-bit it will work on both of But the platform should be only Windows It will not work on any Linux or Mac or anything because Microsoft Office can only be installed on the Windows So first of all it will verify that it's Windows only Then it will run else it will false And even you can see I'm using the payload windows/metrap reverse_TCP It's a very common payload Reverse TCP means it will give you a reverse connection back that the the victim will connect back to attacker automatically And uh it will save into a invoice RTF file after it will be building and it will use powershell to inject into the temporary folders and uh after that there are so many random functions are being used to generate hacks and uh I think that's fine So let's not make this video much complex and let me show you how to use it So first of all I have to copy this uh exploit into my metasloit folder Then we can use the metasloit So let's copy this uh this exploit in our metasloit folder Then we can use metasloit as our main tool to use this engine Now if you want to learn more about metasloit Kali Linux or this type of hackings even which are like related to little professional level we'll also be running one more series after this black hat in which we will we will be learning with the more advanced type of hacks through Kali Linux metasloits exploits etc So I just copy it that this is a command that you are saying that copy the file of which we have the name which we have the doc exploit and the path where you want to paste it So copy I go to the my desktop and I paste it So this is copied in our metasplot That's it Done Now we can start our metasplot and we can use this exploit to generate a doc file So now I search for same name which we have copied in it in the metasplot HT doc and it found it So I do use I use this exploit show options What are the things you have to set for this one just the LHOST and L port It's by default selecting 4ouble4 and uh okay set LH host and here it would be your Kali IP I copy it I'll host is your own IP If you use VPS to hack now Kali cannot Kali IP cannot be used over the internet obviously you have to use your VPS we can also install metasloit on our VPS as well and then we'll give inal host as the VPS IP set payload it's already set but I set it again and we can do just exploit and it have generated the file for the doc Now let's upload and send this file Let me upload uh on the copy it on the desktop and that's it Your job is done This is the file and uh we can upload on the internet and we can send it to attacker I'll upload upload files.io IO and we can drag and drop and this is the link we can go there Now if you see we have generated the file and server is also started If anyone will open your uh doc file or the RTF file which also looks like a doc file Anyone will open it will get his control automatically in the metasport We are waiting slow download save file and that's it Now Microsoft Office have to be installed and once the installation finish I'll show you how to double click the file and how to get the victim back on the Kali Linux So the installation is ready So what we'll do is we'll go to our downloads and if you see this is the invoice file which we have downloaded before So let me open my Maras plot which is waiting for the victim And if I double click this file it says okay yes nothing is there in the doc file Okay that's it And if you go to Kali Linux you'll see one request is coming Something is happening on Kali One request is coming from the victim delivering the stage and one session open That's it You got the control of the victim So what I'll do is sessions hyphen i to interact What's the session number two and we have the metrop info We are on Windows 7 Screenshot Screenshot is saved in the root What's the name hh you can see that's what it's opening on the So if you do run VNC you can also see the live screen of the victim Okay if you see this is the victim screen you are viewing If I minimize something you'll also see it's minimized here on the Kali So there are so many things basically which we can do while to control the victim through the met the metasloiter as well Same way like you control from the ram cost but this one is little typical because as you have to do commands for everything So this uh Kali Linux and the metasloit is very deep which we will be covering in our next series So right now I hope you got an idea how the silent exploits work but the one which I have it's the semi-ilent because it's not completely FUD and may it could not even run on the very latest 2016 version of the Microsoft office as well but still I will call it a semient but let's scan it its detection ratio that how much antivirus detects Last time I scanned it it was just four out of 35 and it's still today four out of 35 That's it Only four antivirus are catching it So I would uh it's really a good semient exploit It could still work to catch so many victims which you cannot even imagine if it would be zero and it could work on a very latest version as well but that would cost in thousands of dollars but that would be the mind-blowing in the best So I hope you got an idea how the real silent or semi-ilent exploits work without the builders and with the builders So see you in the next video and thank you for watching Welcome everyone to the blackhead hacking series So in this video we're going to start a topic named as fishing So I hope you'll all be aware with the fishing and I hope in your life minimum one time you have heard a term named as fishing Now what fishing means is basically it's not like you catch a fish nearby to a pond obviously as it's term The fishing means fake websites or fake web pages looking like real and they are just a trap to catch people's usernames passwords banking information credit cards etc So for example if you see this is an example a very uh it's it's a page which is totally looking like a PayPal but if you see on the top it's not PayPal it's p a p a i looks like a PayPal but it's p a p a y p a i last character is only one which is changed but the rest everything looks like so original that it have that confirm your card for the shop and with the PayPal right away So you so this is the top link which actually you'll be sending to people as a email to maybe you'll send to maybe thousands of people daily and everyone nowadays use PayPal So you'll be sending them that uh hello hello uh sir and we are from the PayPal and uh we have seen an unauthorized activity in your account So please loging in with your account and put your confirm your credit card again so that we'll be able to verify you So if the person clicks the link he actually goes to the fishing page He puts his credit card number his banking information or whatever what type of fishing page you have made depends upon that and he submits Once you submit the information actually goes to the hacker and then the person is actually redirected to the real PayPal and it sees just a message that thank you for putting your information now you're safe but now actually you're not safe you're hacked now So that's what actually a fishing is It's fake websites fake web pages looking like real and they're just made to catch the inputs of the victim Maybe his credit cards maybe his usernames passwords etc anything So in this video we'll cover about a automatic fishing technique There are so many videos we will be making on the fishing because uh I'll I'll show you how to create your manual fishing pages how to upload them over the real hosting so that your your hosting your website would also look like the same way as it is right now And then I'll also show you some advanced fishing in which just people clicks a link in your email and his email id automatically gets filled So in that case he will trust more that where he's entering the password they already know him So we'll be on that later but let's start with the very basic baby steps for the fishing So for that you have to go to anomore.com as you can see on the website an o.com where you have to go to sign up and create account there It's Arabic website but most of the things are there in English I go to home and I already have account so I log in So if you see it's login and if you notice they have hundreds of fishing pages already created like of Gmail Facebook Skype everything they have already made it for you Like if I open like this is the fourth page and it opens like this way This is like a email and password of a fishing link I can also open maybe uh this one Facebook protect Facebook So if you see Facebook security so you just need to send this link to your victim and if he fills his username and password or maybe this link any page you look okay you copy it link and send it to your victim and if the victim fills any username and password maybe john at the rategmail.com password maybe 1 2 3 4 5 6 if he clicks it and that's it he's gone what you have to do is you just go have to go to my victims and you'll see IP address of the victim when the date he filled the username and the password he filled and on which page he filled on the protect FB protect Facebook one it means it's a Facebook username and password so it's a very simple that you just see any page looking like and uh you send it to them and if you see they have a Yahoo page They have Ask Yahoo It's so they have all the fishing pages ask page just need to copy the link and send it to people So hundreds of pages pre-built and easy to use simple So in the next videos what we will be covering is we'll cover cover about how to create manually like here you will not see a fishing page of a bank maybe of American Express maybe of a Chase bank or maybe any credit card or uh so that you do not know actually right now that how to create your own fishing page by changing few of the codes you do not have that knowledge So what we will do in the next video is we will create a fishing page from the scratch and we will make a fake server as well on our own where you'll be able to see what are the things you have to change and make your own fishing page looking like original and I hope you like the first series of the fishing and see you in the next video Thank you for watching So welcome to black hat hacking series So in this video we'll cover topic two of fishing in which we will learn how to create the manual fishing pages and how to create your own dummy server in your VMware So why we need a server as you know whenever you open gmail.com Facebook.com the gmail server replies you back with the page Facebook server replies you back So a a dynamic website a PHP website can only work over a server It needs a server So obviously after building a fishing page we have to upload it over a C panel or a real server over the internet which we can buy maybe in $5 per month But before we upload it maybe we have to test it So what we can do is we can make our VMware as a dummy server in which we can test our fishing page that is it working fine or no So for the test perspective we'll test here We'll make a manual page by changing few lines of code into a real page And then we'll make our Windows 7 this Windows attacker as a fake dummy web server in which we'll put that page and we'll test it and then in the next video I'll show you how you upload the same page over a real server and you'll be able to target the whole world So this is a software named as ZAMP which would be there I think in your toolkit or you can it's also free to download from the Google even just install it and it will make your server as a your computer as a web server So we have to uninstall sorry uncheck few of the things which are not required and next So it will take few minutes to install So it's finished Now we have to start our Apache by clicking start and database That's it Now our computer is working as a web server So let's see what's the IP address of uh the Windows 7 Let me fix it We go to C drive zamp HD docs So this is the folder Delete everything here Let's make a very small web web page here Like I open notepad just to HTML And I save it on the desktop Maybe index dot html So I copy this page and I put it here in the HD docs Now if we refresh sorry type the IP and enter it shows this is a test page It's same like if you type google.com and the Google opens in front of you We do not have a name right now It's a dummy web server So we just type its IP and whatever the website remains there it opens in front of the victim So the point is this Windows attacker is acting as a server Now any type of website would be there that would be served to the everyone will try to access So now we will even delete it And let's refresh here There will be nothing The server is empty And we have to create a fishing page Now we go to [Music] facebook.com and uh once the page is loaded finished right click save page as with the name of index on the desktop and save it So we have our index page Copy it both the things and we paste it here Now if we refresh we can see a Facebook page But it's a reals page right now Even if I double click it's a Facebook page We just saved this page and we put it in in the HD docs folder HD docs is a web folder in our ZAMP in the C drive Zamp HD docs We'll be having here we have to put our website Now one thing you have to know that wherever you enter something we call it a form into a web language and every form have a action like login behind this login button there is action behind this registration form there is a sign up button there would be action action means let's send all your details to the Facebook so what we just have to do is we just have to change the action behind the login page that whenever someone fill a username and password and click login rather than sending the username and password to real Facebook just save it in our computer and redirect the user to the real Facebook simple So let's edit this index page with the notepad++ I click word so everything would be shrink and would be visible in one box Then I Ctrl F and search for action equal to enter And if you see in the action there is a Facebook link and I delete the link And here I can type uh any PHP file name maybe like uh ABC dot PHP We have to create this file as well So whatever name you put here that file name we have to create and just save So what happens now is anytime I use fill a username and password and click login this page will send the username and password to abc.tphp Now let's create abc.tphp We have already a fishing page and uh this one have a PHP file So we just take it from there and I paste it here in the HD docs and I give the name ABC PHP So this index whenever we fill the details we will give it to index and where index will give to ABCP Now what abc.tphp PHP will do with your username and password Oops So what it will first do is it will first save it in the user in the username and password in the log.txt and then it will redirect the user to facebook.com save So it will first save it in the notepad your username and password then it will redirect the user to real Facebook That's it Now let's test refresh If someone will enter a username and password maybe john at the rateyahoo.com password 1 2 3 4 5 6 If we click login the page will send the username and password to abc.php PHP and what abc.php will do it will first save it into a notepad and then it will redirect me to the real Facebook like this Maybe you will think that oh why I'm not logged in You think okay maybe I typed the wrong password You type it again and then you log in and you'll be logged in But you not know that your username and password was trapped before You just go on server and you see a log file is created automatically by this PHP file And you will see it have a username and password So that's a manual fishing that you just need to change the action So whether it's a bank page or whether it's anything you just need to look for a action behind a login form You change the action to some PHP and in that PHP you give your in which file name it have to save and where it have to redirect and that's it Your fishing page is ready So I hope you enjoyed it and thank you for watching Welcome to Black Hat hacking series So in this video we'll discuss about how to upload your fishing pages over the internet over a C panel Now if you remember in the last video we have discussed about how to make manual fishing pages with the very basic ones like with the example of Facebook we have learned with and uh if you remember the page we were having a a normal page in which we have changed the action and we have also made a PHP file which saves every username and password into a txt and then it redirects the victim to the original website So if you see this is our Facebook page but but you cannot make it work till the point you do not upload it over the internet So for that we need two things One a domain like google.com like facebook.com we need something relevant to your fishing page For example if you're making a bank fishing page so there will be like onlinebank.com So something there would be similar kind of name you have to buy And then we also need to buy a server space which we also call a C panels basically where we will be able to save our files So there are too many sites basically for the online hosting and C panels and domains but uh there is one I'm going to show you with where you can pay through bitcoins as well like it's cohoster.com So what you have to do is you have to first go to domains and give any domain which you prefer like uh for example anything any are relevant I'm just typing right now like walk.com anything you prefer and it says available if you show google.com Facebook if it would be acquired occupied already it will show you unavailable so if it's available yes you can order now and it costs $10 per here It's always per year basis So you just order now Now this is just a domain We also need to add hosting So rather than buying hosting separately we can add it here as well Click here to add And the very basic plan starts from $7 we can also add it Okay Let's order the first one mini Okay Use this domain which we already used Continue And your hosting is also added uh used for uh 6 months because there will be no setup fee The domain we are buying for 1 year and the hosting we are buying for 6 months So if you see hosting is $14 for 6 months and uh the website we are buying walkold.com for $10 So total is $25 almost which you can you can fill this thing and you can pay with any method like with bitcoin PayPal perfect money web money with anything There's hundreds of payment methods there and just finish and activate Before that you also need to fill this thing and that's it And uh once it would be ready you just need to you know go and login in your account it would be there So let me show you now I have already there we have a domain named as centricgold.com which uh one of my student have it So if you see hello centric here you can log in and everything and uh it's enabled So we do not need to do anything with the domain Let's go with the services So here if you see in the services we also have uh the hosting for a mini hosting for centricgold.com which is for which was for uh $14 for 6 months And we can go here and view details of the hosting and uh go to C panel And this is your C panel for centricgold.com Now either you can go to file manager I can open a new tab And uh you always go to public_html folder I click it And this is your area where you have to upload select file the my documents We have all of them Like I have to first upload this mail like let me upload this mail.php first So here you have to upload one by one and if you see one file is uploaded but I do not recommend you know uploading files online because if you if your fishing page your bank page is very big you cannot upload it you know one by one it will take so much of time then what I'll suggest you is use FTP you go to FTP accounts first what you have to do is you just go to Google and type FileZilla download like this one and you can install it and it opens like this way So a FileZilla is the FTP through which we can connect our C panel through this software in which you can upload the files by just drag and drop very quickly and simply But first of all you need to create account here like uh I can create it maybe gold with the name of anything any name you want gold at the rich centric gold it's FTP account not a email account I can have any password and uh remove the path because we want by default path only and create FTP account so it's created gold at the So I copy this thing my username I delete all of them which I have before So this is like you have the fresh So you click a new site I can give any name hosting and uh username is Sandre gold and the password which I just gave for this uh username and password and what would be the host So for the host you just need to click on the configure FTP client and here it tells you the server the username is this which we have already filled and in the host and the server this is what you have to type copy and port is 21 by default and uh that's it you can just click connect and here all directory comes So here is the same public_html and if you see it shows your mail.php PHP which we just uploaded through uh file manager in the public_html we uploaded through the browser but here you have to do one by one but in the filezilla you just see I go to my where I have the fishing page I just select and drag and drop if you see 30 files there total because if you see there are so many things in the folder And if you see 29 three files are successful four five So it will automatically upload So for the real websites for the professional big websites always FTP software this filezilla is being used to upload the higherend databases high-end files They are never being uploaded one by one It's almost done Then we can go to our website the one which we have bought centricgold.com copy it and uh paste and go So if you see on centric gold.com we have a username and password If you send this link now to someone anywhere in the world and if they fill the username and password and they log in Let me refresh If you see put here automatically a file will be created log.txt in which the username and password will go Okay So you can just right click on that and view You will be able to see your username and passwords on the server I'll not do the full practical of it If I do it here maybe uh you know I could come into the eyes of the hosting company that I'm doing something fishy and I do not want to you know lose this domain right now because uh once we create fishing pages Facebook Gmail fishing pages are very common Uh so they comes into the eyes very quickly So I do not want to you know do it right now The centricgold.com maybe you can make a gold company's fishing page Maybe you can make a uh you can buy a domain with like uh something you know a maggi bank.com and you can make a Maggie banks fishing page like this way So it will be less suspected because the hosting company would not be knowing that it's a fake page of a bank or you you are the actually company who owns that bank But obviously if you're making a Facebook fishing page they'll be knowing you cannot own a Facebook You're doing it for the fishing perspective So that's why I'm not creating it complete But once you fill the username and password in your server in the file manager you'll see a log file in which you'll see the username and password The Facebook one was very simple You just need to change the action and add a PHP file and it's ready But most of the you know back websites you go and something like that There you just have to first enter email like I would say John 6 Then you have to enter the password then sign in So it's a multi-page fishing page here by just only changing action will not work and lot of bank websites are something like that where they do not have even a action they have hided everything in the source code So there you need some special knowledge of web designing and fishing to recreate every type of fishing pages you want So my point to say you is that after finishing this black hat series I'm going to create a series of 30 videos only and only on web designing and fishing that how you can learn to change your own codes to write your own codes and make your own professional fishing pages of any bank or how to make any type of fake whole website as well I hope you enjoyed it and if you want to register for the next series on the fishing which is going to arrive after this course you can also contact me I'll give my Jabber account and the email very soon in the videos where you can contact me back and register for the next fishing series I hope you like the video and thank you for watching So welcome to Black Hat hacking series So in this video we'll be discussing about the email gathering Now why email gathering is very important What is email gathering as you have learned that how to create trojans how to create fishing pages etc Now obviously you have to target someone You need business people to whom you can send your trojans You need business people to send your fishing links so that once they double click or once they fill your things only then you'll be able to gain something from back from them Now how you will send to them what identity you need of them obviously their emails and from where you get the emails by email gathering process So the emails are very important You must be having like maybe 1 million business emails 10,000 business emails 100,000 business emails We need them only then we can target them So how we can gather them basically we have three methods to collect the emails The one is one by one Now you'll be see thinking that do one like if you want to collect maybe 10,000 emails do one by one will be working is it really a practical process I according to me yes because in one by one you actually be going on only the specific companies which is in your head maybe there is a very big uh shoe export company in China with the name of maybe ABC exports so you know they do a very well business So what you can do is you just search for them and you gather the specific their employee emails you know who do the business on behalf of them They keep on sitting in the office of the ABC exports office They sit there They speak with the people in the abroad They do the business and then they take the funds in the company's account So if you're able to hack their employees you'll be able to monitor their transactions and you'll be also be redirect the transactions in your account So you don't need to actually gather 10,000 emails Maybe ABC exports just have 100 employees You just gather their you know 10 20 30 employees emails That's it You just keep on targeting them hack them and do your job So how you do that you just create an account on LinkedIn where every business company and the employees are there You just have to search for maybe any company like uh there is a smart data for example it's a company and uh here you see all the 67 employees they have on the LinkedIn and you can connect to any of them you just click connect connect and they will accept your connection like a Facebook request once they accept it you just go to their profile and you'll see see contact info you click on that you'll see their phone numbers their email ids the birthdays everything So you can just copy their email ids and keep on writing them Just gather their 10 20 employees and that's it Then just keep on targeting them So this is also a very good way to you know just keep on gathering little little emails There is no point right sending 10,000 people's daily and you're just receiving two victims back It's not I think a practical way Rather than you just sending 20 emails per day to a quality people and you're getting two you know victims per day I think it's a more success rate because you are actually targeting the exact person you want to target So the second thing is gathering the random emails Now what is random emails there are some softwares which gathers emails for us where you can just fill into like what uh like a business Alibaba real estate doctors and it will you know keep on finding the emails for you all across the globe Maybe someone from China a doctor maybe someone from US a doctor email So it will not be a specific company or it will not be a specific country So their success rate could be less because you're actually you know gathering required or unrequired Every type of emails would be there quality emails non-quality emails everything would be a mixture But it's a easy process You're getting the emails simply without any hassle without any work So how we do that even we have a software in your toolkit email extractor we just have to install it before that you have to install Microsoft.NET framework which is also there in your toolkit and I already have it so I repair the application next I just but you just have to install it Okay I do not run finish because I have to copy the crack I go to C drive program files email extractor and I paste it Copy and replace It's finally cracked It's a full version now So I'll run the tool And here you have a search bar where you can type maybe Alibaba real estate maybe doctors anything you want and start search now as much time you'll keep this software running on as much emails it will start gathering So if you see it started gathering quality emails these all are the business people linked with Alibaba It's trying to fetch more As you can see 27 gathered till now all can you see info sales at the rate all our business people linked with Alibaba very nice this one as well and if you see source is all Alibaba.com because Alibaba is a business website 29 now so anytime you can stop as as much time you'll keep it running as much more results you'll get so you after that you can save them text emails and finish That's it And if you open it in the Notepad++ you'll see your emails export Third way is that you just buy a targeted company emails These are the websites basically who sells the targeted company emails specific country specific company even So you just open it any of the website like reachgolfbusiness.com they have a pricing tab if you go to the pricing and you'll see the middle all Middle East emails $300 and they have 100,000 emails of that only UA emails $200 Saudi Arabia emails $90 So they have a listing as much emails you buy as much you pay the cost simple So I hope you got an idea regarding all the three methods through which you can you know gather the emails by one by one through that email extractor software as well or by the buying of the emails as well And once you have the emails then we use a good SMTP server which can deliver your Trojans your fishing links to them in their inbox through which you'll be able to send 100,000 emails per day even That's SMTP which we'll discuss in the later on series and uh you're ready to send So I hope you like the video and thank you for watching Welcome to Black Hat hacking series So in this video we're going to discuss about the catfishing Now catfishing is the only topic basically which every Nigerian is aware about or maybe they have done it once in their life What it's all about is it's about the dating scams that you go to Google and you type Christian singles or you'll get so much you know US-based websites to chat with women there who are singles or some of even the married women they just like to you know chat there So once you speak with them you create accounts basically with the US IP because you're registering as a US citizen If you register as a Nigerian citizen African citizen the woman would not like to speak with you And if you're creating account with the US IP you have to keep it opening from a same IP from a US IP so that the website will not block your account because there are so many scams So even website people are you know they want to make it safe as much for their customers for the women for the US citizens So and I think so for this one even the socks are more safer because you are going through a residential IP that's why like u and if you're going from a particular US IP from a residential IP through the socks it would be more easier for the websites to trust you and your account would be more active for a more longer period of the time So now what you do is basically you speak with women there you register there you pay even for a premium membership you speak with women you take them into the confidence and then you ask for some money she gives you some money like uh maybe you take her into so much confidence that you love that's why she pays you or maybe you just ask her that I am very rich and my money is stuck somewhere and I need just some money for the credit uh and I'll return you back after some time so it depends upon person to person like how they make them fool and then they retrieves money from them So this all about the dating and if you just write on Google Christian singles you'll see so much of websites where you can have a registration and you can speak with them like there's also one this zuk.com even and the match.com as well it's very popular ones rest you'll find on your own even now chatting is not the only thing which they can you know use to take them in the confidence as so much frauds are increasing the women do not trust much so maybe she'll be suspected ing that you're not a US citizen or maybe you're asking money because you're not even love I think you're just doing it for the frauds So she might can suspect that's why the people nowadays use some more additional techniques while in the catfishing to take the woman into the confidence and that that ones are the fake websites What type of fake websites they use first of them are like fake bank websites So in the fake bank websites what they do is they create a relevant name they register a domain like amagibs.com the real one is maybe amaggy bank.com and they purchase a domain with like amagibi banks.com which is a fake bank website then they develop a fake bank website over it which have a login section which have a credit card section which have so many pages to so that it should look real and then they create a fake profile file in that with the name of maybe Richard Daniels and with the Richard person they create a profile they show his picture complete address and shows like $1 million in that and once uh the person speaks with the woman he shows that okay I have a bank account on this website this is a bank in maybe in UK or somewhere or in uh France maybe and you can check my profile he gives his username and password to login and the woman log with the specific specific username and password without knowing that it's a fake bank website She thinks that this is a real bank and she she sees that oh my god after logging in it's $1 million the person is having but then the person says can you see how much money I have but I'm not able to withdraw because some issue came up or like any excuse they give up and then they says that I'm able to withdraw basically if I pay them 10% fee to the bank they will let me to you know because I have not paid some of the dues or something so I need to pay them 10% of my amount to so that I can withdraw all my $1 million Then the woman says "Okay I'll help you for that." She agrees and she pays like "Okay let me give you $100,000." And u once she pays the person goes away So this is just one of the example basically that uh they show some fake websites to take the woman into the confidence They also make some type of business website in which you create a page of board of members in which you also list the same person as Mr Richards with a complete profile and you also send your your business website to the woman so that she sees that on your business website as well The same person with the same picture have a profile listed and on the bank website even once she loins with your username and password she sees the same picture same address and with $1 million in that Once she sees the both websites of a business site and a fake bank website she agrees that yes the person is real and he have the money and then she will not suspect and she gives the money to the person So the fake bank websites are very useful while in the dating which they use to make women fool Now there are a lot of other types of fake bank websites which are used nowadays Let me give you the example of them which are not related to to catfishing only but they can be used for other perspective as well Let's see So one of them is like this hardageconstructions.com This is like a constructions company but it's a fake website Go to their careers You'll see that they have some jobs opening like uh what they do is like they first select a country to target like Panama or maybe US then they just collect emails of that specific country of maybe US or Panama and then then they send a email by this hardage constructions.com that we have a job openings and anyone who want to apply please apply where the person fills everything and then he submits the entry and once they receive the the people who are already interested in they call them that okay that okay we'll give you the job but basically you have to provide your bank account in which we are sending you some money which you have to pay out to one of customer in Panama uh so the person thinks that uh if you refuse they'll not give him the job so he agrees okay then I'll do the job for you he gives you a bank account you make him a wire transfer through a hacked bank account which you have hacked in the past and the person receives money and then the person sends you money from the Western Union or from anywhere you receives from the person who is applying from the for the job So the point is that you're paying a job seeker a fraud money and the person withdraws it and pays you the clean money There are also something related to real estate scams There are so many US-based websites in which you can people can buy sell the properties houses like Zillow.com the relator.com like even you can see a map even century 21 that which property costs how much then you speak with people like can you see there is a contact button and you can speak with the seller that okay I'm interested to buy and he sends him the quotation okay I'm only uh pay that much price which I'm sending in the PDF once the person opens your file he gets his complete computer control that uh then you say okay I'm not no longer interested but once the person deals with someone else and uh he's selling to someone the property and then he sends him his bank details you jumps into the transaction and you sends your own details to the second side from his computer that okay I'm willing to sell my property from his computer and I want to the money to be received in this bank account which a hacker owns it not the seller buyer basically pays into a different bank which hacker is providing after that they both keeps on fighting the the buyer says I have paid the seller says I have not received it so this type of things has also run away there is also a scams related to binary investments binary options investments I would say where people make a fake website for the investments and then they just target US people that by just investing $100 $200 We have some investment schemes which always go up never goes down and you can just try with even $100 So $100 is not a big amount They gets interested and they just invest it invest it and then you just keep on showing daily the graph that now their money is increased to 150 Now it's increased to 500 Now it's increased to 10,000 So they gets very happy and then they pay you they little pay more so that it increase more and once the point shows 1 million 100,000 the person says that I want to withdraw it and then you say that we have a company policy that if you want to the whole withdraw the whole money you have to pay the 10% of it and that's why they increase it up to 1 million because 10% of a 1 million would be like $100,000 the person agrees okay he pays you 100,000 and then you run away that's also some type of binary schemes people use it There is also like some type of fake couer websites people make that personal corers like if you want to send some diamonds some precious things to some another country maybe from US to France or somewhere that you just call them they come to you at your house they collect everything very safely because it's so precious that you do not need to even come to us it will come to you and collect and they'll give you a tracking number fake tracking number you keep on tracking that where it's have reached where it have reached you keep been showing them some tracking for a week and and the last you just show them caught by custom and you have to pay 50% of the price in the cash only then this you know the order would be released and the person fears it and steps backward and leaves everything to go away and actually you haven't sent it somewhere and you keep the diamonds in your pocket So this type of fake bank websites fake career sites fake construction sites are being used lot of by the scammers basically So if you also want to develop these type of websites your own quality fishing pages you could also go on in our second series of web designing and fishing which is very soon going to start after finishing this black hat series So I hope you like the video and thank you for watching So welcome to black hat hacking series So in this video we'll start a topic named as identity hiding So within this topic first of all we'll get to know that which is your main identity which goes over the internet Our computer always have two type of addresses One is the IP address and one is the MAC address So what do you think that which address goes over the internet is it a MAC or is it IP i'll give you the answer It's a IP address which goes over the internet So which IP address goes over the internet it's always your router's IP For example you're using a public Wi-Fi of a coffee shop and there are 10 20 people who are using the Wi-Fi at the same time If any of the one do any crime there only coffee shop's main IP address the router's IP will go over the internet And if the police makes any investigation they'll be only be able to reach back the coffee shop not the specific person who did it So my point to say is public IP is the only one which goes over the internet not our computer's IP Even if you have a internet connection in your house and your father also use that your mother also use the same Wi-Fi you also use it So once you do any crime your router's IP will go over the internet So police would be able to only reach your house but they'll not be knowing that your father did the crime your mother did it or you did it So there is always a one IP as per one internet connection only that goes over the internet Anyone who are sharing that internet that information doesn't go over the internet So let's see first of all we'll go we will go to a website named as hur.net to check our IP address Like if you can see this is our real IP on this computer right now and it's in the Russian federation It's it's Russian IP and uh so IP is the main thing which goes over the internet but there are some websites who also collect some extra information from your computer that what is your chrome version what is the operating system version and uh what is your ISP and even the time zone over your computer So it shows that it is like uh plus you know the GMT 7.0 maybe it's a Russian time zone So they'll be able to know that you are coming from Russia and uh from your time zone even it clears that you're actually from Russia You're not you know hiding your IP So people always think to hide their IP only but it's not only the case Along with your IP you should also change your time on your computer You should also you know change your screen resolution like like that So everything which is visible here we have to hide everything so that nothing of your computer goes over the internet Now what are the ways we can use to hide our identity hide our IP address So these are the ways So we'll first continue with the proxy sites It's the simplest way you know to bypass uh some restrictions if some websites are blocked or if you want to visit a website anonymously like I just go to Google and I type proxyite.com So as you can see this proxyite.com is open Here we can choose our server that from which server you want to go forward like from US server So here if I go to hur.net net and it will show your IP that now your traffic is coming from United States because you're going through this website So that's always a mechanism behind IP hiding There is no way to hide your IP It's always IP routting that you go to somewhere else and from there you go forward and all the websites just see the last coming address that from where you are coming right now not from where actually you started at first you started from Russia to China then China to to Germany and then Germany to US so US will only see Germany they'll not see that from where actually you started and what is your actual IP no but your ISP is seeing the internet provider is seeing that you're opening this proxy site and through this proxy site you're you're accessing h.net So how we can use some more safer technique in which you'll be able to browse safely and your ISP will also not be able to see anything For that we'll go to the second technique which is the to browser It's a browser like Chrome Firefox which you can you know go to Google and uh you can type uh to browser download You just go like this and download After downloading it just next next and install That's it So we can start our tour browser This is a browser just built to surf the internet anonymously Any website you open in this browser will automatically take you through the tour through a onion routting protocol and it will just be hiding your IP for every website you'll visit in that like I'll go to h.net net and if you see it just shows anonymous proxy no country even it's showing and if you see this browser is first connecting to France then Netherlands then again France uh but is a different area in France then going to internet and it's just saying anonymous proxy it's no time zone can you No proper time just only language is US no proper IP no proper versions nothing everything it hides automatically for you that's the to browser here we are improving our quality from the proxy sites to a better better platform but here also one problem we have anything you open in the to browser it will hide your IP but what If if you start some softwares like Skype team viewer or any other tools but they all will be going through your real IP So what how what should we do to hide the whole computer's IP that any program which goes to internet it should go from a fake IP Then you have to buy a third thing whether a VPN or whether VPN chain Let me first explain you what is VPN then we'll go on the VPN chaining VPN is a software like uh this one if you can just type on the Google top 10 VPN companies and you'll see uh so many companies like ExpressVPN NordVPN Cyber Ghost IP Vanish ViperVPN You just need to make sure that no none of the company should be headquarters in the US If it's headquarters in US it means they are compromised by the FBI They and uh it means you're going through FBI then because any company works in US they have to go through the rules and regulations which they have They'll not focus much on your on your anonymity They'll more focus on the rules they are provided with So you must prefer China and the Russia VPN companies to be more safer Like I have purchased this ViperVPN and you just need to you know go to their website uh anyone you can buy and get started and they have like $3 monthly plan You buy it and they'll just give you a software to install You do next next and that's it It it's like that You can select this location show all servers It's up to you that uh which location you want to select like Canada uh Japan Italy anyone you just select and that's it and connect and once I connect I just show you and then if we go to h.net net it will just change your IP and your whole computer will go through this VPN through a changed IP address that's it connected now let me go to h.net net directly not through a proxy site or not through a tour and it shows you United States before it was showing you Russia there So these are the couple of things basically which I just learned in this video Rest in the next video we'll go through the other techniques to be anonymous and the next we'll also I I just also let you know about the VPN chaining Even VPN chaining is that you buy multiple VPNs like one you bought ViperVPN the second one you bought maybe ExpressVPN as I shown you there's so many companies basically like first you connect to one VPN to somewhere in US then you connect to a second VPN to somewhere in Germany then you connect to third VPN maybe somewhere in the in uh in Russia and then you're going to the internet so in this way you're actually changing your IP so many times that if some investigator comes up he'll get mad he cannot travel to so many countries you know to ask for your IP address and it would be mostly safer for you to be anonymous so rest there are so many other techniques as it's written down in the notepad we'll cover them in the next video what about the VPN with the VPS socks and the tail OS so in this video we just learned about the proxy sites which is the least safer then more safer to browser but it's only for just websites Then we have also seen about the VPN for which you can use your whole computer to hide your IP and you can use multiple VPNs you know to be more safer So I hope you you like the video and thank you for watching So welcome to Blackhat hacking series So in this video we'll cover about the topic two of identity hiding So if you remember in our last video we have learned these specific topics which are the proxy sites to and the VPN VPN chaining Now in this video we'll discuss about VPN plus VPS and the socks Now what is VPN plus VPS both are individual things I hope you remember the old videos in which I have shown you what a VPS is VPS is a computer basically which we buy in any location across the world like this one which I'm showing you right now This is a VPS which is bought in Russia like my location is somewhere in Asia and I am connected to a computer a VPS in Russia So let's check its IP over.net net and it shows Russian Federation which is its real IP address current IP address So if I do anything from here like if I go to some website and I hacks it So they'll just be seeing that someone from Russia hacked it They will not see that behind Russia there was someone from Asia who hacked it No So if I do not use anything I'm still safe But to make it more safe what we can do is like from Asia I'm first connecting to this Russian VPS And on that Russian VPS we will also hide its IP through a VPN Like I just connect to somewhere in the US Now what will happen is like there are two hopes between me like from Asia I'm connecting to Russia from Russia I'm connecting to US from US I will visit that website which I'm going to hack so let's check now if I go to ha.net It's showing me now United States Los Angeles So two times we hide our IP So it's also a better layer of security It depends upon you except proxy sites everything is safe which you can use You can also use a to browser which is only for the browser Basically you cannot use your whole computer to hide your IP To hide your whole computer IP you can use maybe VPN or to make more better you can use VPN plus VPS So like this way Now we'll be on the socks Now know what socks is before I explain you the socks let me again rewind up a little bit and explain you the base of every technique If you see in base of every technique is rooting like we go to a proxy site and proxy site takes us forward So that proxy site will use its identity to take you forward in the to network in a to browser We go to some to servers automatically and that servers hide your identity and they use their identity to take you forward In the VPN even you connect to any of their server in the US UK anywhere and that server basically use its own identity to take you forward and they will hide your identity there and they will take their identity to take you forward means is we are always behind something that's why we are able to hide our IP but if you notice one thing proxy sites store VPN they are very very you know public networks I would say they are very public that so much people thousands millions of people I would say they use their service so sometimes their IP addresses are blacklisted so if you are going through like ViperVPN I will give you one example suppose you purchased a credit card of somewhere of of a of a person maybe from uh Texas in the USA because it also shows you the address that from which location you bought about the card So if you want to use the card obviously what you have to do is you have to change your location to US with Texas city not Los Angeles US with taxes So maybe this ViperVPN could support that you can go to uh change your IP and you can maybe select taxes as your location but same taxis location hundreds thousands of customers of ViperVPN may be using at the same time and that IP maybe it's blacklisted if you go to apple.com to make any purchase if you go to amazon.com to make any purchase they will mostly pro most probably they will be knowing that the IP which you're using it's a ViperVPN's IP which is provided to you So you are using actually a VPN it's not your own IP because their IPs are very much you know used by thousands of people So maybe there could be a problem while you make the purchase and it will make you deny So how we can have a residential IP address like maybe there is a customer there is a person living in US maybe Mr John and maybe someone hacked his computer and he's selling his computer IP as a proxy that you can you know use his internet by just sitting somewhere in Asia You can use Mr John's internet sitting in the US and you can go forward from his residential internet connection or from his residential computer which will not be blacklisted and if you go through with his through his computer there is most probably you'll be more trusted over the websites but there is only one issue of using socks that they are not trusted because you do not know who's that person whose internet you're using So you should only do illegal stuff from that You should not open your Gmail accounts your personal Facebook accounts because maybe he's he could be intercepting your traffic because you're going through him So we should only open that specific things from his from your internet that time what he can even intercept will not affect you So that's the socks socks same like proxy or the to but they're residential IPs normal people normal computers normal hacked people their IPs are the one which we use in the socks now I'll show you how to do them there are two types even you can also go to Google and you can see free socks list and like I go to this I also have some paid list of uh socks This one is the most recommended for the carding but uh the registrations for this website is closed You have to see someone who is already having account on the first one Rest all other ones are you know the paid sites from where you can buy the socks Rest the free socks you can get from anywhere in the Google And this is the the website basically where you can check the sock is active or no or it's you know closed Maybe the person found it that his computer is hacked He's no more letting his computer to use his internet Uh so let's see as much lowest the time is it means ping time it means as much good or fast it is switch from Hong Kong right now for me So I'll use this one Let me check And uh the port is 8,000 So I type uh colon 8,000 And I check Okay it's died It's no more working Uh they are the free proxies Uh let me use this human India 67 check Okay it's also died Okay there is one more from France This is the IP Uh the port number is43 which I just found before recording the video If I check it it's live It's working It's France If you see blacklist it's yes So basically it's working but it's still blacklisted So you should not use this one Maybe you have to use someone else because it could be blacklisted So maybe while you use your credit card it will still give you some problem They'll not trust you But this is how basically you have to find the free proxies or free socks you can say and uh else you have to buy them for the non-block blacklisted ones So how you use them you use your uh Firefox browser and uh I go to options network proxy settings a manual proxy And here we give the IP and the port 443 and uh okay that's it Now if you go to h.net so if you see we go to h.net now our IP is from the France So we are hiding our IP address through the sock S sock is like someone's computer there in France Maybe someone hacked it and installed a proxy server in that and uh letting everyone to use his computer to go to internet So his IP address is a residential IP It's not someone like a VPN or a VPS IP which is used by thousands of people So maybe we or maybe someone else two or three people maybe could be using his IP address currently So maybe you know it it looks more genuine to the websites basically but it's not as safe for your personal use So I hope you got an idea related to how you can use a VPS and over the VPS you can also put a VPN for extra layer of security so that two hops will be between you and the internet And I hope you also got an idea related to socks as well So next video we'll cover about the tails OS the whole operating system which is built for hiding your identity So thank you for watching See you next video Welcome to blackhead hacking series So in this video we are going to resume our identity hiding and in this specific video we are going to learn about the tails OS If you can see Tails is a complete operating system like Kali Linux like Windows 7 like Windows XP and anyone This operating system is specially built to preserve your privacy and anonymity like whatever work you do in that or whatever internet you browse or whatever you do in that it would just hide your identity and maintain your privacy So how to download it how to install it the whole process I'll be just be showing you now So first of all we'll go to this website You type Tales OS on the Google and you'll get the website Install Tails OS for the Windows Yes And uh we go to run Tails into a virtual machine Yes We'll click here and we want to download the Tails You can just click on this and it will download the image as I have already downloaded right now or you can also download from the torrent Then what I have to do is you just have to open your VMware workstation create a new virtual machine custom Next I will install operating system later next Here we choose Linux and you can choose anyone other Linux 4.x 64-bit or 3.x 64-bit anyone Let me choose 3.x X 64bit Next And here you can give a name like uh Tails OS and next Here you can do two cores of processes Next 2GB RAM Next Not to share the internet in the VMware Next Recommended Next Next In a single file And you can give maybe up to 15 GB of space Next and finish Now you have to click on the CD DVD and you have to assign the location of Tails OS Okay Okay And we can start I just need to click enter to run it live So start tails and that's it You're ready to use the Tails OS It's Linux based So if you want to operate it from the commands you must be knowing the Linux commands which you use in the Kali Linux So it's same like that Like I go to applications I start to browser it have already inbuilt in that So if I go to h.net net if you see wrong IP location anonymous proxy and the best thing about is the operating system it's a Linux based operating system and it's just showing Windows 7 wrong version of Firefox wrong version of Windows 7 totally fake things US location language is US and if you see the time zone no time even nothing totally anonymous they can never even see that you're coming from a tails OS so it's also one of the way which you can use for uh browse the internet anonymously rest you have also learned so many other ways as well like the proxy techniques like the top like the VPN chaining VPN plus VPS So it it would be totally dependent upon you now that which technique you want to use to maintain your privacy So be safe and happy hacking Thank you Welcome to Blackhat hacking series So in this video we're going to discuss about the calling scams Calling scams are very popular basically in in every country nowadays And uh in this video I'm going to show several examples of the calling schemes that how you can call someone and make them fool and steal their money Like the first example of the calling scams is is by the Facebook Now you'll be thinking how Facebook can be used to make someone as a calling victim Like just type anything in the Google like China shoes any country you want to target with like China US Russia whatever Then shoes gold whatever and open like normal websites out of them Not the very big ones like I just click the made in China and it opens like this way And then you just go down and you'll see their Facebook page link somewhere Like if you just click on the Facebook link and the Facebook link opens It's their Facebook page and uh let's see how many likes they have Oh my god they have almost to 600,000 So it's a very big company seems to be but uh you should you know target like a little smaller ones who should be having maximum up to 100,000 That's it You'll also get their phone number as well So what you have to just do is just call them and tell them that you are speaking from the Facebook team Also try to call from a US number it would be more good You can type on Google by a US number or call from US number You'll see so many websites which you can use to call in just like one or two dollars a month That's it So you just have to call them and you just say them and say into American accent that you are speaking from a Facebook office and we have noticed that you are posts are not legal according to us and your posts are violating our terms So we are going to proceed to delete your Facebook page Can we proceed they'll say no no no please wait because we have maintained this page from so many years like five years 6 years we are we are a business company and this is our business page from like six 7 years we have gained as much number of likes if you delete it and we again rebuild it it will take so much of our time to again get so much number of likes so you'll say okay no problem we'll give you one chance to improve the type of the posts which you post please next time do not post uh like these ways and try to post some more better ones which you know which look more good They'll they'll think that we have not posted something bad but they'll say okay no problem as we are saying we not have to argue and we'll be better in the future but you'll say okay but before we cut the call please tell your email ID will you tell to the customer that please tell your email ID so that we are sending you our terms and services you have to read them and accept them they'll say okay and make sure that you'll not do it in the future they'll say okay please send us they'll give you your email id like ABC or info at the ratemidanchchina.com Then what you'll do is you'll send them a fake fishing page link Once they click it they'll see Facebook of work They'll fill something They'll login They'll get a second page that uh facebook.com assumes responsibility and you do not need to do this this that etc Please accept all the terms and submit So before that they have entered the username and password which have already gone to the attacker Once they submit they'll just see real Facebook.com They'll be redirected to real Facebook and you and he's doing it everything on the call The call is still running and you just say them Thank you very much sir You are safe now We are not going to delete your page So after you disconnect the call what the person do they have their username and password They log in with their username and password in the Facebook They make himself as the admin of the page and then they remove the original person from the admin rights Then you are the one who have their Facebook page control and the owner do not have it And then you again call them that please check your Facebook account what we have posted and maybe you have posted something invalid and very bad They'll request you that why you're doing that way please return us our page We cannot delete that illegal stuff from our page You say no we'll not give you the page back till the point you do not pay $10,000 or $5,000 etc depending upon the client So obviously they cannot lose their page which they have gained you know the publicity in last 5 6 years and even it's not even about to losing the page If you'll be keep on posting bad things it will also even more spoil their brand Even they'll lose the page and even it will spoil it even So most of the 90% of the victims basically agrees to pay I have seen so much type of uh scams in my country even there a lot of people do it and still people pay them because they cannot lose their page So this is just one of the example basically in which you just need a a Facebook business page like this I have built one of my for one of my client in the past I can maybe also give it to you There's one more scam in our country very popular going on Uh it's about like someone calls you and he says that we are from the main bank of your country and we have noticed that you have not submitted your proper proofs and and the files etc while in your bank account while initiating your bank account So what we are going to do is we are going to disable all your ATM cards and credit cards in 24 hours So that till the point you'll not go to your bank branch and you'll not submit everything whatever it's required your ATM cards will remain disabled for one week and uh they request you please don't do that and I I'll go I'll go to my bank very soon they'll say okay no problem uh we'll appreciate your uh request and what you have to do is please tell all your ATM card numbers and their CVV numbers etc so that will put them in the database He fears a lot So he tells you all his ATM numbers and after 1 hour he sees a message on his phone that that much amount of shopping is being done So this is also one of the scam which keeps on goes on the very innocent people who do not know that by just telling their ATM numbers this could be happened So this is second type of thing which also very common nowadays And maybe maybe you'll be thinking that what if you got someone's credit card or ATM card and you're trying to use it on the internet Maybe you'll get a OTP or the person gets the OTP who owns it on his mobile phone That's also right But there are still some websites where you use the same card and that websites are so trusted like apple.com and other ones that that the OTP will not come and the purchase could go direct So that's the second type of there is also one more type of uh scam which I have not seen yet by someone but I just heard about it from one of my student he claimed that he did it but if you have noticed one thing in my trainings they are very genuine and clean I am only showing you that things which are possible in the real life There's nothing imaginary or dummy but only this is type of you know a calling scam And the third one which I'm going to discuss with you which one of my student have discussed with me but I have not seen it with with my eyes So but I'm going to discuss with you because maybe it could help you in something So what he told me is that uh there are a lot of carding websites In the past videos I have shown you that how you can buy a credit card in just $102 of someone After doing that there is uh a SSN buying list like you can go to any of the sites and you can you know find that person there of the same num uh uh city of same name and you can just put it here and you buy his SSN number as well This just social security number of the citizens living in the US the these are the websites who have almost every person's database of assassin uh living there in the US and you purchase the same card because once you'll be using the card over somewhere on the internet or you're doing some purchase sometimes for a security reasons bank or and the website asks you for the SSN number because they they think that SSN number only the owner of the card could be having no one else So if you have the SSN number the purchasing can go more smooth and even what my friend said that he haven't did even uh the purchasing out of it What he said that uh they buys a credit card they buy this SSN number then they calls the bank from the US number that hello my name is Mr Richard or whatever the name uh from the the card you have bought and uh I have lost my I I traveled to a different city and I have lost my card So uh and I need it urgently My money I want I wish to be my old card should be blocked urgently and I should be reissued with a new card They say okay please confirm your address Please confirm your SSN number and everything He confirms everything as he have bought it The personal details as well you can buy uh I'll I'll give you the website very soon here from where you can also buy the address details and everything of a person of living in the US as well So they okay they say okay that's fine we we we can verify that you are the real person and this is your card number this is everything you can also send someone to collect from the bank or you or we can tell you it's uh all the digits and CVV etc so that you can use it there in the different city where you are currently so that you'll not feel short with the money he gets thank you thank you for the assistance to the bank and you use the card numbers and you just make any purchase out of it sometimes bank again stop it if you make a purchase with that maybe at the apple shop or somewhere with like $10,000 $20,000 because they have a system like when some suspection suspect uh purchases are being done stop it then he again calls the bank that I'm the one I'm the owner and who is doing it please unblock it I don't wish that and as much time type of purchase I make I I don't like that it should be blocked they they'd say again okay you're verifying with your SSN number we again making you more limits do as much you want to do makes a big purchase is sends to Aramx or a FedEx and they ships you back to the Nigeria somewhere to the anyone who is doing it and then they sell the products and they make the money So even they are able to make fool to the banks that you are the real person and they are able to even get the real card from the bank even which seems to be very imaginary but sometime I think maybe it could be possible even as he said that he have done it several times one of my student So I hope you also like the this video regarding the calling scams as well So it depends upon you if you also want to if you feel them important you could also try to use them There's I'll not say that there there is a very big sheet of money here but it's but still it's a good money Yeah So I hope you like the video and thank you for watching Welcome to black hat hacking series So in this video we are going to link up all the techniques which we have learned in our last videos and uh it's also kind of a experience sharing video in which I will show you how you can combine everything as per my tips like uh how you can combine every technique which you have learned all and how you can make them into a flow and what were the challenges which were been faced by other students while doing these techniques what will be the challenges which you will face and how you can overcome that challenges So it's kind of a experience sharing and a flowmaking video So I hope you'll enjoy this one very much a lot So the first thing is which techniques are more being used by the students to make money out of which all you have learned So kind of a use even where I'll be answering so many of things which you ask There are two ways The first thing is the rats the Trojans People create Trojans they encrypt them they they write a good message and then they send it They also you can they can use some social engineering techniques like they can link up with some PDF They can change its icon They can uh use a semicilent exploit or anyway you can they can turn it up and then they need uh good emails of the CEOs or something and then they use a good SMTP to send it One is so 50% of the students go this direction The another 50% goes into like uh the fishing only that they just create a good fishing page of some banks or credit card companies or even something about the emails only They send them they use they buy good emails they use a good SMTP and then they send them a email fishing link If they enter their email details of their username and password they keep on monitoring their emails of their that what they do like they have seen that they are the it's a CEO's email ID and he speaks with the accounts guy that please transfer this of the bills or dues of the company and this account or something So they knows that okay this is the accounts guy Then they after some time of monitoring a few days then they writes a email to the accounts guy that it's a very urgent that you have to transfer $20,000 in this account And as you know in the US type of US UK type of countries if a CEO writes a email with urgent it means urgent they will not call and confirm No they take the email as same as the mouth words of the CEO So they do it So some just do the basic fishing and they also make the same amount of money or some go with the with the Trojan's way as well in which they do not only get the email account control they also get the whole computer control through which they can even gain something more as well but that's a long process So what are the other rats like I have just shown you the RAM costs like I have the collection of rats basically and uh according to me Ramcos is good and uh lot of students uses that there is JAT as well there is uh some good ones there is nanoore even it's good there is uh so many and even let me show you these are the top most usable rats and Ramos is one of them so I don't think so that you should you know change your rat but in the future if you also want to go with some any other one you can you can pick any of them out of these but ramos is also good so next the cryptors the cryptor which I shown you like the cryptors is a non-constant thing whatever a cryptor is good today maybe it could go bad after a month so maybe after a month you have to again look for the cryptors and believe me most of my student are being ripped off on so many sites It's like hack forums and all that People say that they have a a FUD crypto and all that and they just take $550 $100 from you and no one have it Cryptos is also a very challenging thing in which you may suffer a lot But right now on some judgment if I have been arrived is that this is a cipher it.org RG as you can see and this you should also go with you have to see the compatibility of a crypto maybe you buy a crypto which is not not compatible with the Ramos rat that's also would be a problem so I have seen a most compatible crypto with all the topmost rats and also gives you like you know satisfying results it just gave we just bought it today in the September of the month 2018 and as they claim that they it it bypass all of them and it just cost $20 €20 And uh this is the cheapest and the best which I have just found right now And uh other ones would be costly And if you want to go for a private stub then this is a dark eye uh protector crypto but it costs like $225 but they will give you a really a private stub As you have learned in my previous video that what is a private stop that it would be a totally fresh code would be just written for you and it will last more longer rather than the ones which you buy like the public stubs like this one So these two I have found till now good after so many research believe me cryptos are also like thousands of cryptos available and you cannot you know spend on everyone and to see which one is good but these two I am giving you shortity right now they are good This is also an online site which were giving which was giving me very good result They just take $10 to crypt it if you buy it But right now they are not working anymore But maybe in the future if they work they they give very good results which I have seen Okay So the next thing is uh what about the emails emails I would say that you have also seen my previous videos there are uh there's nothing to add more regarding the emails you can the best way is if you go on the LinkedIn and get one by one emails the quality emails which you know and you can speak with the CEOs and all that there you can so you can gather quality emails there which would be more better rather than if you buy and you do not trust that even the buy bought ones are good or no so just go with the lesser amount even but go with the targeted ones so it's about the emails the second thing about the SMTP I'm saying that SMTP is also a very challenging thing like the cryptos So I the the one I would just suggest you is that you can just use your Gmail into a fast mailer pro and you can send from that as many emails you want and you can like create five six Gmail ids So if from one Gmail id you can send 500 emails So you can use six emails maybe you can send 3,000 emails a day And you may be thinking that uh 3,000 emails a day is a very less amount but no if you have crap emails like I can give you 1 million emails but crap not good ones So then it it could be less but if you're just getting a targeted emails of top top CEOs and good ones from the LinkedIn even 100 emails is also uh enough a daily point of view if you send it And the good thing about fastmailer pro as I shown you in the last time is that if you in put a Gmail ID and you can tell fast mailer pro that I do not want to show that from which name it's been sent You can send it from office 365 team You can also show a name that it's the email came from a Facebook team So you can show any name It will not display that from which Gmail ID it came Even you can show them a wrong email ID from which it have been came So I think so it would give you satisfying results rather than buying more SMTPs and all that So as I have said that uh how they they just do is they just hack into the computers whether through the Trojans or they just hack into the emails from the fishing and then they keep on monitoring their emails or web mails After monitoring their the CEO's emails they just you know makes a transfer or save the accounts person to transfer The last thing which I would also like to add is that if you have are able to hack into one email id of someone you can also go ahead with a concept of email chain hacking In email chain hacking what it is actually is that uh if you send a email to unknown people sometimes they do not maybe click the things which you're sending Like if you send me something I would not execute it But if one of my close friend is sending me something obviously I'll try to open it that what he's sending because I'll trust that email So the email which you hacked you send to all his contacts to all email ids which he have in his contacts and his email you use his email to send to his friends from his email So all the his friends to whom you are sending the trojans they will double click on that because they will think that it's coming from their friend And once you get their emails you get you send to their friends more So like this way it will never end and you'll be keep on you know uh having trustworthy uh relation going on and you'll be having so many victims at one day So hope you like the video and I am I hope I'm giving I'm able to clear all your questions even and one thing more which I would like to add you the next thing is the VPS even and and VPS also have so many sites as I have shown you the profit server is good because it's Russian but it's slow hoster you can also use it but I have not tried it personally but the good thing about Khoster is you can pay from the bitcoins but it's costly like $7 Contabo is also fast but they only accept PayPal and their the terms are very tough once you pay and they always say that send your passport copy or something for verification and all that So maybe for that point of view you can skip it But if you have if you're living in US and you have and you can provide them the copy and all that then it could good then you can go with the cont But they are little quick The best one which or the good one you cannot the best all all of them are the good but the the fast one I have found is either contabo either host key The good thing about hosting key I have found is that there's no PayPal you can also pay from the bitcoins average price fast enough and safe So as I say that there are a lot of research have to do You have to keep on buying from lot of you know uh websites then we will get to know about the best ones So I hope so you will not the guys who will be suffering So I have tried as my best I can do the research for you guys and I'm trying to bring up everything best I can give you so that you do not need to struggle over the internet and keep on wasting your money So I hope in this video I have cleared a lot of your doubts and gave you more suggestions you know to give you a far up speed in your career Thank you So welcome to black hat hacking series So in this video we are going to start our topic named as social engineering So what is social engineering social engineering is all about making people fool Now you have learned so many techniques in our past videos that how to generate RAM cost files how to bind it with PDF how to create silent exploits and etc etc But now you also need to learn how you send these things to people How they will trust your files more how you'll be able to make them fool and they'll think that what you're sending is the real stuff and they'll accept it So there are multiple ways to do that We'll be covering three videos of social engineering in which we'll cover different scenarios to send your stuff to people so that they'll trust So first of all it I'm showing you is the fishing emails like this way like I have received a email by the VMware that a new version of VMware is launched to 12.5 and you can upgrade now and download now they have given two buttons and even I can go down and there's also the upgrade now and download now button So now if I download it if I click on the upgrade now or download now I'll get a file will start downloading I click on download now and you'll see the VINRA starts downloading Now why VINRA is actually downloading because it's a fake VMware email You can change the links behind it And uh we should serve this file with the name of VMware.exe And you can also write down that maybe today we have a 10th anniversary of VMware and you'll get free license key You can also put even the license key down there in the email So once they install it they double click on your file the RAM cost will be executed and you'll get the complete computer control one of the way of social engineering Now how you change it how you change the links and how you link your own files So first of all we have a file like we generated from a RAM cost then we used a cryptor and we encrypted our file it's fud now So now what I'll do is I'll go to my C panel which you remember I shown you last time in the in the Q hoster we have created it You can upload the files update.exe and our website name is centricgold.com Go back up It's capital U So the name is centric gold.com Now you just have to forward What would be the link now centrigold.com/update.exe Whatever file you have uploaded So this is the link You can also add HTTP over it So copy and uh I will forward it So once you forward you just have to click on the download now and it shows you the link You click click the change delete the link and paste the new one Okay Click on download now change the link and paste the new one Okay That's it Now you can send to yourself maybe to test it So if I go to my inbox and I open the email this is how the email will look like to me But if I click on download now I'll be served as the update.exe Can you see this is the one and now if I go to my downloads folder I have the update which we have downloaded from the centric gold and uh if we double click on the file the victim control will gone to the attackers's VPS So this is one of the way you have seen how you can upload the files first of all on your C panel and then you can link the files in a fishing email and that email you have to serve to your victim Now as the email will look so fine like if you see so much good graphics good text it's been used there as much the victim will trust over it So you have to see about your vocabulary your pictures So you so as good you'll demonstrate as best you'll see the results by the victims Now there is one more way you can use to send it Send it is uh I will right click this file add to archive I'll choose at zip Make sure that you are using VRA 4 not VRA 5 And okay now it's a zip file Sometimes sending as a .exe doesn't look good So you can send it as a zip But if someone double click they can still see that it's a .exe file inside it Not a problem What you just have to do is you have to install a software HXD hex editor which will be there in your toolkit even and drag and drop this zip file We go to in the very last and here you see it's written update.exe and I make it update PDF That's it Save it and close Now this only shows PDF but it have not changed its name to PDF just to make it look like PDF Now if I take it to somewhere else because here is already the file is there Maybe I take it to music Now if you serve it this zip file and if you extract it and you'll see the exe file is out and if they run and you'll get the session back So we can also make it full to people by showing as a PDF but once they extract they'll get back the real exe And what you just have to do is you can upload this zip file and uh in the email you have to give the link as update.zip zip once you upload it and in the chrome even you have to change the link as update.zip So once they double click they'll be downloading a zip file and once they open the zip they'll just see PDF But if they double click exe will run Simple There is one more way So if you see how you can serve your exe files to people by making them fool I'll also show you one more way like there is a very famous website to download softwares like filehippo.com millions of people download the softwares daily from them and if you see uh they have every type of softwares popular antivirus uttorand vraar vc hundreds of softwares they have which you can download and if you see number of downloads are served so what you can do is you can make such type of a fishing websites where You can make a free software download website and every software would be infected with a Trojan If people will download from you automatically you will get thousands of victim get back to you daily There are also a lot of torrent websites basically from where people try to download free softwares from the torrent You could also the the softwares there as well You can you know uh make the software infected and you can upload there and anyone downloads the torance you'll get automatically the victims You do not need to collect their emails send emails to them put them into the trap People will automatically download your files and automatically come back to you No need to do any hassle So this is one of the example of the social engineering In other two videos I'll show you more tricks to serve your files more better to the people so that they'll accept it happily and you'll get more results I hope you like the video and thank you for watching Welcome to Blackhat hacking series So in this video we are going to cover the second part of social engineering So here I'm going to show you such kind of a PDF which will make a very good impact on the victim's brain like this one in voice If I open it with my browser or with any PDF opener you will see that there is a blurry PDF and it says that it's secured and uh we have to unlock it first to open it So if you send this type of a PDF to maybe CEOs that someone paid you or a invoice that from a bank or you have to pay $10,000 to the bank and this is a secure document only authorized people can view it So they will think that okay I I am pending with some dues by the bank and uh it's it's safe it's secured because of only so that only me can open it So the person will click on get the key and once the key he'll be redirected to some .exe file would be downloaded in his computer or he'll be redirected to some fishing page or somewhere where he have to login with his email and password and he will get his email and password whether you can redirect him to a fishing page or whether you can serve him a download or a RAM file will be downloaded on his computer once he click on the get the password link Now how you can create this type of PDF on your own i'll show you First of all you need a software named as Acrobot DC This is the one Acrobot DC Pro version I will add it in our in your downloads folder This one so that you can download it And uh this will be like this one So first of all you have to run this one as administrator That's it And then you have to just double click and next next next next and it will install So once it install you can open it and uh we can create it So first of all we need a a invoice like this one a invoice For this type of invoice you can get it You can type it on the Google invoice You can click on the images and you can download any type of invoice which looks good to you as a picture like this one is also good So you can choose any type of invoice here which you feel okay Then what we have to do is we type on Google blur image online and you have to open this website lunape.com So I have to browse like I'll be using this invoice which I have already uh downloaded the picture Open it and uh it will blur it You can also adjust the level of blur more or less but I think it's fine Now you have to click apply And then you can save it If you see it's blurry now And now you can uh copy it on your desktop And uh in your Acrobot Now we'll click we'll click create PDF from a file and I will choose this blurry image Now we edit the PDF and uh we have to add a a lock symbol So we will type we need a picture like unlock PDF So you can download any picture from here but I have already one like this unlock symbol So add image I can So I think in the center it's good now So now what I have to do is this image I want to make a hyperlink Add select this area Choose open a web page Next And here we have to give a link Let me give a link of uh like vinarr download Basically here you have to give a link of any like hack.com/rammcos.exe Here should be your website which you have hosted on the Q hoster and in that you can upload a RAM cost file and you can link it so that once they click this link to unlock the PDF they will be served with a RAMOS file and if they double click on the RAM cost file you will get their complete computer control but I'm showing you with the with example of winrar I copy link address and I can paste it that http vindra.com vra.exe Okay And now we can save it on the desktop with the name of final PDF and uh this is your final PDF So if you send it to anyone and even you can attach this PDF into Gmail or anywhere If you open it with any of your browser this is how it will look like You can change the invoice or this change this type of uh icon depending upon your need or depending upon the looks So if I click the unlock icon I'm served with VRA But you can link it with your Ramos file from your C panel And uh so if someone click this one if it's RAM cost that's it we will get their full computer control So this is one of example of a social engineering with which you can also make people fool very easily as I have demonstrated in in one of my old video where I have explained about concepts regarding the extensions that a PDF is either it will be a looking like PDF or either if you want the extension exactly to be a PDF then you need a silent exploit but if you do not want extension to be exe and you do not have even a silent exploit you can use this type of method where you're sending a p real PDF to the people and through PDF we serve exe and we get the control like rather than sending a direct RAM file we send a PDF and through PDF we can redirect them to the Ramos file and from RAM cost file you get their full control so the first thing which you send to them as a PDF which makes a more big impact to the victim that you are not sending something malicious you're just sending some type of invoice and for security reasons the PDF is locked So it will look more original to the victim and there will be more chances that you'll get their victim computer control So I hope you like the video and thank you for watching Welcome to Blackhat hacking series So in this video we are going to cover about a very exciting topic of social engineering which is named as autolink If you can see this type of a email which I have received it shows that in your inbox it shows me my email id and if I click the message that please recover your messages and the email is received from office 365 If I click it a fishing page would be opened in front of me of Office 365 and it will automatically show me my email here So if you send this email to maybe 10,000 people and everyone once they click this link everyone will be shown with their own email here Now it gives a very good impact on the victim's mind because if he sees that his email is already filled and he just have to enter his password he thinks that it's original he doesn't suspect that it could be a fraud because if someone if the office 365 already have our email we trust it because we created an account there and they have our email it means they know us So there would be a trust relationship and the victim will be entered his password without any doubt So now how it can be done how you can create this type of uh fishing page with the auto link and how you can send it to people Now first of all you need a fishing page like this one I have all these files which you have to upload in know into a c panel as I have shown you into a video of where we have bought a domain on a cohoster.com and we also bought a a hosting there and in the c panel you have to upload all these files in the file manager once you upload it will be this is the main file with which you will be linked on so this is a PHP file so if you are uploading loading it For example if your name is like uh gold centric.com slash this would be the file name This would be your link This will be the link which it will be made And now if you see our own this is something myhyore AU this is a Russian company / au/outlook slash this is a long folders it being created there and then slash the same file name question mark login is equal to which will automatically be taken So the point is this it's it's also redirecting to the same file which I have set Now after uploading all these files over the over your C panel then what you do is we will use our fast mailer pro we go to options and if you can see we are using a Gmail ID a password and uh smtpgmail.com is already filled Okay Now if you go to our uh group name with we are going to send with the name of office 356 center and office at the rate365.com and even if you see the email came from office 365 center and in the mailing list I'm sending to this email id and what would be the message you have to choose HTML message here and Same thing you paste If you see at 6:58 a.m you're in may your mailbox At 6:58 a.m your mailbox Only one thing you have to change percentage email percentage This part means that fill the victim's email here That's it And if you see it automatically filled the email here Now once they click the message we wish that their email should also be filled here as well So we give a hyperlink that click that recover messages and we give the same link with a question mark This is the PHP fail question mark login is equal to if I copy it this is the one So the link would be your link will be this one that gold center this is the name which you will be buy like for example any name you can buy slash this will be the file name which you will pick out of all you just because this all the files are uploaded on the gold centric.com and then this is the file name you give question mark login is equal to percentage email percentage it means take the automatically the email from from the victim's Gmail id right so we are using some another name and it have a long folders/outlook/ this/ then then the page is there but in your case you do not need to make so many folders you can directly upload it over your name and you can like this Okay And uh you give the whole message just in the case of the email id you give percentage email percentage where victim's email would automatically be filled on for all the victims If you send this email to 10,000 people they all will see their own email at this place But we have just one person to whom we are sending And we will click send And it's delivering now And successfully sent And if you see this is this is type of email which you'll receive And it will show you your email id here And even you can see down the hyperlink here You will see the hyperlink when I hover my mouse If you can see down there it's showing you login is equal to where I have gave percentage email percentage it's showing me my email and uh the same email it automatically we filled here So this is a very good technique which we call it autolink that it will autofill the email id of the victim that he just have to enter the password rather than he have to enter a username and a password both where he have to enter a username and a password both it looks suspicious that it might be a fishing page but where they just have to only enter the password it seems to that this the front company is the real company that's why they have our email a fake company could not be having our email id so they'll enter their password without any doubt So I hope you like the video and thank you for watching Welcome to black hat hacking series So in this video we are going to cover about the mailers and the SMTP So you have learned so many things in the previous videos that how to create trojans how to create fishing links etc Now you wish to be delivered them to the people or to the email ids which you have gathered Know how you can send bulk emails to bulk people like 10,000 emails a day 4,000 emails a day 5,000 emails a day How you can send them and the main goal is that after you send that emails they should be delivered in the inbox of the people not in the spam So what to be done now what can be used to send that emails the question is SMTP Now what is a SMTP what is a mailer or what is a PHP mailer these type of terms maybe you have heard before or some of the hackers already use them to send emails to the people Now I'll give you a quick example Now you all be using Gmail Yahoo Outlook you all must be using them Now what is a Gmail gmail is a SMTP SMTP stands for simple mail transfer protocol SMTP is a server which can send or receive the emails on behalf of people Like Gmail have a SMTP server You always open your gmail.com You login with your email id You can send re email to some company or you can receive email from someone as well Now Gmail have a limit Gmail Yahoo Outlook they are the public SMTPs means anyone can use them Anyone can register their account there and just for free they can use this service So they are limited You cannot send more than 500 emails from Gmail Yahoo or Outlook Right now the point is it's not maybe sufficient for you You need something bulk like Gmail There are thousands of more companies who have their own SMTP servers It means you can also use them to send or receive the emails but they will be paid as SMTP as the Gmail is free for 500 emails and but that SMTP servers you pay them and you can send as much you want that's what people use or the hackers use them to send emails but there are good SMTP server companies if if you use them they'll deliver in the inbox if you use the bad companies companies or the spammer companies or a lot of spammers who use their SMTPs there will be they'll can go to spam I'll show you how it uh works If you just type on Google SMTP buy Amazon also have their own SMTP which is also very best but it's very tough to purchase from them or set up it Not very tough like little complex I would say And if you see complete mail server netsite.com sendpulse.com hundreds of thousands of companies and uh if you see uh $200 per month so there are thousands of companies which you can use to send or receive the emails to the people If you use good companies out of the list they'll not go to inbox Some of them go to spam So it depends upon the server Now you will ask me that I should suggest you which companies go inbox and so actually there is no permanent solution for that like maybe some company like this company if I'm using it today it going to inbox maybe after a month it could go to spam so you have to test on your own which one looks easy and cheap for you you can use that like this one $9 per month etc but I'll give you more examples you have to wait for that now second thing is what is a mailer now mailer is a software which use SMTP in the back end and you can send emails from that So mailer do not have something its own identity Mailer is a easy platform in with which you can configure a SMTP server So you click button send button in the mailer and mailer will automatically use your SMTP to send or receive the emails For example I'll give you a example like fast mailer pro This is uh a mailer software So you have to tell your SMTP details in that like I go to options and uh here you have to click add first of all and now once you buy any SMTP they will give you their SMTP name the port number and a username and the password You can also use Gmail SMTP to send or receive emails but 500 maximum I'll show you You have to type on the Google SM Gmail SMTP settings So they give you smtp.gmail.com I copy it I paste here And the port number is 465 And uh in the username you have to type your Gmail ID For example abcthegmail.com And then your Gmail password for example And that's it Okay Now any email I send from this software it will login my Gmail and it will automatically send from it I do not need to go to gmail.com So then why actually now you will say why we have to use this software why not directly go to gmail.com and send from there because this software have so much advanced features For example in the recipient groups I have to add with which I have to give a group name like uh mailing list from which with the name you want to send like my email is abcthegmail.com but I want to send it from support which looks more good and with uh support there uh privacy.com any email you can display to people but actually it will be sent from abcadgmail.com It will use that to send emails but it will send through this name It will display this name when it will be delivered to the victim Now we have created a mailing list and here we can add people like uh uh CEO at the rate company.com So this way you can add so many people johnthergmail.com to whom you want to send So you can give even 500 people of list all together which you cannot do it in the Gmail You have to send like comma comma comma and 100 people at one time 200 people at one time Here you can give like even 10,000 list or even 1 million list of emails But then you should not use Gmail as Gmail have 500 limit So you should use some good SMTP or some private SMTP same how this one So you can give so many list or even you can import from a notepad file If you used your uh if you have 1 million emails into a notepad you can import it and it will show you a long list here Then you have to give a message What message you want to deliver to all like subject please click promotion link and uh dear sir blah blah blah blah blah and please click our link as promotional offer We are giving this thing for free This this that and regards support team and that's it So you have a message as well and you have a mailing list list of people as well and you just need to click send like I start sending Okay Now unscent messages too because I click stop now to stop sending because the Gmail and the password I have given wrong It's not a correct email and a password If it's a correct email and password it will login with my Gmail on the Gmail SMTP and it will start sending my emails and the people will receive my emails as well So these are the mailers So mailers actually use the SMTP to send your and receive your emails because SMTP you cannot use without a interface So mailer is an interface basically which provides you interface through which you can give a list of people you can give a message you can configure SMTP details and uh so mailer actually use your SMTP to send or receive the emails mailer do not have its own functionality that's a mailer now what are the PHP mailers now PHP mailers are for which you need a hosting in our old video we have seen that how you can create account on Q host store and you can buy a website and a hosting So you can go to login to the C panel and uh in the C panel you'll get a file manager option and in between the file manager and the public_html you can upload a PHP script like this a page you can upload where you can write type your uh uh name like John for example Steve country Australia any subject and submit Once you submit it will send to you should also have option where emails like John at the redgmail.com this this at the redisting.com comma So you can actually use your hosting company to send or receive the emails because your hosting company also have a SMTP server in the back end So that because every website nowadays have a contact form For example I go to like this way You can give your name your email your mobile number and a message and you submit Once you submit a email will be sent to the this company that this person is interested in your business So there is some service it means this is a website and website have also means a SMTP server Actually the website do not have SMTP server the hosting company where this website is hosted that hosting company also have a website SMTP server so that the queries on their website they can receive but we can misuse them like we can upload something a page in our website where we can have a email option where you want to send what is the uh subject what is the message and keep on comma comma comma you can give like even 10,000 emails and you click submit So it will use the hosting company's SMTP to send them emails for which I'll also give you an example in the next video But I hope you have got an understanding between these main three terms which always confuse to most of the students that what is SMTP smtp is the main thing which sends a email or receive a email mailer actually use the SMTP to send or receive the emails PHP mailer actually use the hosting company's SMTP to send or receive the emails So PHP mailer or a normal softwarebased mailer are the interface which use actually the SMTP to send or receive the emails So I hope you like the video In the next video we'll cover about the PHP mailers and the more options to send or receive the emails And thank you for watching Welcome to blackhat hacking series So in this video we are going to discuss about the c panel based SMTPs So if you remember in our previous videos I have shown that how you can you know buy a hosting or a domain from any type of uh hosting sites like host blue host there are thousands and number of sites basically in the world from where you can buy a hosting or uh a domain name from there and once you buy it you can login it obviously like this one it's a separate one it's not bought from the K host so I can login the C panel And uh we can also use as I have shown you in the last videos that how we can use this type of c panels to upload a fishing page or a fishing site Even what you can do is you can also go and create email accounts there and you can send emails from there one by one which is not uh a good option It will behave like a Gmail as you send the emails from Gmail that's how you'll be sending but we do not want that one we want some more better way uh to send emails even So today I'm going to show you how you can use the same C panel for email sending perspective as well like a SMTP as well All C panels or all hosting companies have a SMTP server as well in the back end So I just go to file manager and I have to upload a script I have uh a PHP script mailer.php php which you just have to go to public_html and uh here you can upload the mailer dotphp I have already there it said do you want to override it I say yes that okay it's done clear so we have uploaded in our c panel in our hosting and this is our website of someone of my Student he have it So I can just write it the website name/mailer.php and the mailer is open now So you can use any website like last time we have used the gold centric.com on the Q hoster and the same way you can login there Let me pause like as you can see we are logging in the Q hoster even they have changed their panel You can go to services my services and we have uh goldcentric.com and we can go to its c panel So like same way this is goldcentric.com you can also go to file manager and you can upload the script but this is a separate site This is a separate website separate site and not bought on the on the gold send uh sorry on the cohoster It's bought somewhere else So you can actually buy from any hosting company like host uhnow now.com It's a some different hosting company like cohoster So same way my point is that you just need to buy a domain name and a hosting then you go to the file manager and upload this script and then you can your website name/mailer.php PHP and you can access the PHP script and here you can mention any email from which you want to send For example John at the rate uh this website name sender name John You can also attach a file PDF something which you want to subject hello So urgent email hello boss please call back Then you can send any write down any email where you want to I have uh a fake email id where we can just send it And we just click send You can give complete list of emails here like maybe 10,000 emails 20,000 emails You can just paste them here and click send As I said in this video that every hosting company have a SMTP server in the back end which this PHP mailer can access automatically without buying them They are for free The SMTP server by the hosting company is always free So from this type of script we can access it and we can send as many we want And as you can see it says that to this email it's okay it's been sent So let me verify that the email has been received or no So if you can see it came in the spam because maybe this hosting company is not as strong like your hoster or anyone So it it's sent from the same name John and uh with the same email id it's been sent hello boss So if you buy from some good hosting companies like blue host like too many in the world and then there if you upload this script it will go in the inbox as well So let me show you one thing more that how you can buy hacked c panels like someone owns gold centric.com someone hacked their website and uploaded this script and then they just sell to you the link they give you this link that okay take it and send as many emails you want and just pay $7 $10 that's it like someone hacked this website and they go to their file manager and upload the script and then they just give you the link Now this link anyone can open it in the world who pays $10 to the hacker and anyone can send emails So this is a website like ox.2 where you can login You can also create account there if you don't have account And uh they gives the mailers and SMTPs as I gave you the difference last time The SMTP is the whole server like as this hosting company have a SMTP server which they which can be used for all the websites like I also have a website on their hosting company You also have a website So all we just use the same SMTP server to send or receive the emails And uh but so you can buy the whole big SMTP server as well The whole server as well you can buy the hacked SMTP or you can just buy a mailer that someone hacked someone's c panel and uploaded a script there So if you see the hosting company this is a hosting company Different different hosting companies and people owns websites there And uh you click have to the good thing I like about this site is that you can also test Click send send So we have to wait and let me verify which one comes in my inbox If you see this email came in the inbox Uh how much came in the spam no one came in the spam even just one arrived and it arrived in the inbox 108524 and 108 5 the first one and uh this is the hosting company and this arrived in the inbox and you can just buy it in just $5 Click buy pay $5 as a bitcoin and you can buy and then they will just give you the link like this one It could be like uh abc.com any name We do not know the website name They have hack/mailer.php This could be the link kind of which they will give you after you pay them $5 You just enter and this type of thing will open in front of you You put your list of emails 500,000 10,000 and if you send them they all will go inbox Let's see if anyone else have also arrived We refresh No others have even not came Just one came out of five and it came in the inbox Let's test more even like send send Okay one of them is bad even So no one else have came So it's better that we just buy the first one and they give you the link and then just send it as we just used our own So if you just see the first thing which I just shown you is that we use our own C panel on our own We put the script and we use it These one are also same but these one are the hacked ones on which the scripts have been put by some hacker and they just give you the link of someone else c panel So you are using someone else's c panel and their name to send or receive emails rather than using your own So anyhow you can use it So the point is whether you can follow my last video where I have shown that how you can configure the Gmail in your fast mailer pro which is also a very good way that you can send emails all inbox and you can send from any name or any email ID you want It's also because Gmail also supports 500 emails a day according to me that's also best uh rather than buying some another SMTP server or whether you can use this C panel method whether your own or whether hacked one anyway and you can send the emails to your clients and you can forward them your fishing pages your Trojans hack them and make your money So I hope you like the video and thank you for watching Hello everyone welcome to the last video of black hat hacking course So first of all I would like to thank you for watching this beautiful training and I hope you have really enjoyed in this training and you have learned a lot which would help you to achieve your goals faster But the point is the black hat hacking is not a very small topic which could be covered and finished in one series So due to a very high demand from all that students who purchased this training we have finally created a fresh level two in the blackhat hacking So the level two would be the last level in the black hat hacking course in which we have covered everything which was left in the level one After you finish the level two there would be nothing left to learn in the black hat hacking and you'll feel yourself a master in these black hat stuff This course is already allrounder but what still could be more added in the next training So first of all I would say the more powerful hacks There are already so many types of hacks I have shown you whether it's Trojans whether it's ransomwares whether even the silent exploits But how you make your own exploits how you make your own tools how you can design more powerful hacks that would be covered in the next training What I mean from less expensive is if you seen in this training we have to buy the cryptos we have to buy the VPN we have to buy some specific tools even But in the next course we'll only be using the Kali Linux which is known as the hackers operating system which we have used very much less in this course and that's the most important operating system if which you do not know how to use it you cannot call yourself a hacker So the beauty about Kali Linux is that all the powerful hacks which we will be performing with it all the powerful tools they all would be coming for free So you just need to put a little effort in learning Kali Linux and then what would happen is you do not need to buy anything You do not need to purchase anything You can call yourself a professional hacker You can make powerful attacks and without spending a single penny Now obviously if you're making a good money you can spend some bucks over your over your tools as well The problem comes in the beginning Most of the people who are watching this series they all are beginners they some of them they haven't made any money with it before If in the beginning they have very tight budget and they still have to buy the tools and the and the VPS and all the other stuff it becomes a extra burden for them So if they have the extra knowledge as well they have more knowledge they have more safety tips they have more professional attacks and they do not need to buy anything I think so that would be allrounder too So due to the high demand from Nigeria Ghana and most of Africa we have finally created the level two of which some of the highlights I'm going to show you in this video Obviously in the next course it would also focus on the more safety tips so that it would make sure along with the more powerful hacks you would also be covering your tracks that it would become impossible to track you down so that you can make money for a longer period of time It's not about making something It's also about protecting yourself even as well as it would be a last one so that you do not need to invest more on knowledge and then just start making money that's it So let me show you some of the sample clips of the next training rest lot of topics would be a surprise even which would be revealed in the training itself only So after installing Kali Linux first of all we'll see the brief about all the tools present within the Kali Linux important for black hat hacking then we'll cover the basic commands related to Kali Linux which are very much important if you become a master in the Kali Linux the basic commands are related to editing the files creating the files removing the files and other basic stuff doing command line and then we'll also cover the lockpicking techniques as well that how with by using these sticks you can and open any locks within the world We'll cover the exploitation basics behind the scenes Then we'll also cover how to scan all the victims nearby you and then we'll open the metas-ploit within the Kali Linux and we can exploit their machines without sending any Trojan any file to their computer which is a blockbuster I would say which is there in this course that I think it would be replacing the whole concept of Trojans which you have seen in the past training and we'll also cover the antivirus evasion as you can see right now in the screen that how we can bypass the antiviruses with the free cryptors available within the Kali Linux we'll also learn the Wi-Fi hacking so that You can use any of your neighbors Wi-Fi or coffee shop Wi-Fi and you can break into it Doesn't matter any type of security is being implemented on that We'll use our latest techniques to break into a Wi-Fi so that if you do not use your own IP address and you just use someone else Wi-Fi you would be more safer And then we'll also cover the reverse engineering techniques By using them you can turn any software from trial to a full version without paying any fee to that software company So it would be also be a blockbuster in this course so that you can use some softwares for free by cracking them manually We'll also cover the password hacking techniques in this course via which without having any password of someone's computer you can enter in that very easily Fishing is again becoming very important in 2019 now which is being used by a lot of my students nowadays So I'm adding a whole stack of fishing within this course in which I'll be covering basics of HTML and we'll see all that type of tags which could be very useful for you if you want to learn and then we'll also learn how to create the complete full websites as well from the scratch which would be very useful for you even while you'll create the fake bank websites for the cat fishing We'll also learn the banks fishing as well of related to any bank if you want There are a lot of bank websites which are denying the fishing but I'll show you how you can learn all that codes and you can create the fishing manually without getting dependent upon the security of the bank Then we'll cover the multi-page fishing pages in which the user in gives the input in multiple pages and after submit you'll get all that inputs on your email And then we'll also cover the SSL which we also say the HTTPS that how you can make your fake van websites or fishing pages over a HTTPS which looks more good if you're sending it to some victim He would only accept your fishing page if your website is over the HTTPS And then we'll also cover how you can track your users that how many people are coming on your fishing page and how many are getting caught And then we'll also cover the mobile hacking in which I'll show you how we can create the Trojans related to mobile phones and we can hack into their call details their SMS their geolocations even their webcams and everything Then we'll cover the DOSs attacks that whatever you cannot hack you can destroy them you can make them crash even the servers existing over the internet Rest other topics would be a surprise and see you in the training Thank you