Tuesday, October 18, 2016

Cerber 3 Ransomware

Cerber3 ransomware is a hazardous computer virus that is obviously part of Cerber family of malware. Just like old versions, this virus was made to encrypt various files on the computer leaving it inaccessible. Cerber3 uses complex encryption algorithm, which is very hard to decode.

So here goes nothing.. 

Note: I am not responsible if this does not work out for you. Certain cases you may have to format your systems ., Please not share your drives to any one . 

Note: there is not decrypting tool for cerber3 as of now

How to remove Cerber 3 Ransomware 

1. Download the free scanner called ESET Rogue Application Remover. Download Link for ERAR (this will open a new window)

2. Choose appropriate version for your Windows System. Save the file to a convenient location, preferably on Desktop.
3. After downloading the file, Windows will prompt that download has completed. Click Run to start the program. Another option is to browse the location folder and double click on the file ERARemover_.exe.

4. On ESET Rogue Application Remover SOFTWARE LICENSE TERMS, click Accept to continue.
5. The tool will start scanning the computer. It will prompt when it finds Cerber3 Ransomware and other malicious entities. Follow the prompt to proceed with the removal.

Stage 2: Double-check for Cerber3 Ransomware’s leftover with Microsoft’s Malicious Software Removal Tool

1. Download the free scanner called Malicious Software Removal Tool. Malicious Software Removal Tool Download Link (this will open a new window). follow the onscreen instructions

2. The tool automatically checks the operating system and suggest appropriate download version. Click on Download button to begin. Save the file to a convenient location, preferably on Desktop.
3. After downloading the file, Windows will prompt that download has completed. Click Run to start scanning for Cerber3 Ransomware. Another option is to browse the location folder and double click on the file to run.

4. The tool will display Welcome screen, click Next. Please note the message “This tool is not a replacement for an antivirus product.” You must understand that this program is made specifically to find and remove malware, viruses, Trojans, and other harmful elements on the computer. It was not designed to protect the computer.

 5. Next, you will see Scan Type. Please choose Full Scan to ensure that all Cerber3 Ransomware entities and other harmful files left on the computer will be found and removed. For advanced computer user, you can opt for Customized Scan, if there are other drives or folders you wanted to include in this scan.

6. Full scan may take a while, please wait for Malicious Software Removal Tool to complete the tasks. However, you may cancel the scan anytime by clicking on the Cancel button.

7. After scanning, the tool will reveal all identified threats. There may be other threats that our first scan fails to detect. Please remove/delete all detected items.
8. When removal procedure is complete, you may now close Malicious Software Removal Tool. We hope that Cerber3 Ransomware have been completely deleted from the computer. Please restart Windows to proceed with the normal operation.

[Recover .Cerber3 Files Using Decryption Tool - as stated earlier there is no way you can decrypt cerber 3 however you can try the following]

Option 1: Windows Previous Version Tool

Windows Vista and Windows 7 have a feature called Previous Versions. However, this tool is only usable if restore point was made prior to Cerber3 Ransomware infection. To use this tool and recover files affected by the virus, please follow these steps:
1. Open My Computer or Windows Explorer.
2. Right-click on the affected files or folders. From the drop-down list, please click on Restore previous versions.
3. New window will open display all backup copy of files and folders you wanted to recover. Choose the appropriate file and click on Open, Copy, or Restore. Restoring selected files overwrites the current encrypted files on the computer.

Option 2: Use ShadowExplorer to restore files encrypted by Cerber3 Ransomware

Just like Previous Version tool, ShadowExplorer is taking advantage of shadow copy created by Windows. This tool allows you to retrieve older version of files before it was encrypted by Cerber3 Ransomware.
1. Download ShadowExplorer from the official web site.
2. Install the program with the default settings.
3. The program should run automatically after installation. If not, double-click on ShadowExplorer icon.
4. You can see the drop-down list on top of the console. Please select proper drive and the most recent point-in-time shadow copies of files you wish to restore prior to Cerber3 Ransomware infection.

. Right-click on the Drive, Folder, or File you wish to restore and click Export…
6. Lastly, ShadowExplorer will prompt for location where you want to save the copy of recovered files.

points to remember : Cerber3 can destroy external drive. so please be cautious . this article has been taken from various sources and tested.

Tuesday, October 4, 2016

Wifi hacking / cracking

Here is a titbit of wifi hacking and cracking . This is meant of education purpose only . I have taken most of the documentation from couple of sites to make things simpler. I dont own this.

This is a step by step article.

Before you do all these things read about kali linux you can documentation here [click on the below link ]

Kali Linux

So i presume that you have downloaded kali linux on your sytem . If you dont have space on your system you can use an USB drive to boot it up. 

Lets get going... step by step.

Kali Linux and WEP Hacking

WEP is the original widely used encryption standard on routers. WEP is notoriously easy to hack. Even though WEP is rarely seen anymore it still does pop up every now and again.

Also this is a good place to start for someone new to wireless pen testing before moving on to WPA encryption.

Fire up your operating sytem [note it is kali linux i am talking about]

Open your terminal so it will look like this 

Next type in the command “airmon-ng” without the quotes to see if your adapter is seen by Kali Linux. It should show the interface, chipset, and driver. If it doesn’t then some troubleshooting will have to be done as to why the adapter is not seen.


Next type in “airmon-ng start wlan0” to set the USB adapter into monitor mode.


Now we need to see what routers are out there and find the test router. To do this run the command “airodump-ng mon0”. After this command is run a screen will come up showing the routers in range and there information.

(If a adapter comes up enabled on mon1 or mon2 simply used that instead of mon0) 

Once this information is seen don’t close the terminal window press CTRL+C inside the window to stop it from using the USB adapter and leave it to refer back to.

Open another terminal window to run the next command. Also when done this way the BSSID can be simply copied and pasted when needed.

Next the WEP encrypted data packets needs to be captured. To do this the airodump-ng command is used along with some switches and information collected.

For me this would be:
airodump-ng -w dlink -c 6 –bssid 00:26:5A:F2:57:2B mon0

airodump-ng is the command, -w is a switch saying to write a file called dlink to the drive, -c is a switch saying the target is on channel 6, –bssid is another switch saying which bssid to use, and finally mon0 is the command to use the USB adapter enabled on mon0.

Change the file name, channel, and bssid to match your test router. Copy the information from the first terminal window. Copy and pasting the BSSID into the new terminal window is much quicker then typing it for most.
airodump-ng -w (ESSID) -c (channel) –bssid (BSSID) mon0

After this is done correctly a window will come up and show information about the target router. The main feedback we need to watch is the Beacons and the Data.

These numbers will start at zero and grow as traffic is passed between the router and another device. As these numbers grow, they are being captured in the file specified in the previous command for this example it would be a file named “dink”. IV’s need to grow big to crack the password usually at least 20,000 plus, but ideally 100,000 plus. At this point someone can simply wait for the IV’s to grow large enough to crack the password, but there is a way to speed things up.

To speed up the IV’s open a third terminal window letting the second run capturing the data. In the new terminal window the aireplay-ng command will be used in a two part process first use the command “aireplay-ng -1 0 -a (BSSID) mon0”. So for this example it would be aireplay-ng -1 0 -a 00:26:5A:F2:57:2B mon0


After this run the command “airplay-ng -3 -b (BSSID) mon0” for this example it would be the following:
aireplay-ng -3 -b 00:26:5A:F2:57:2B mon0

This will begin sending out ARP request and the data and the beacons should begin to grow quickly. Again speeding up the capturing of the IV’s is not necessary but handy.

Aircrack-ng will be used on the data file being written to with the information. Aircrack-ng can be run at anytime even when there is not enough data captured it will say on the screen it needs more if there is not enough.

To use aircrack-ng we need the data file being written to the hard drive. In this example it is dlink. Open a new terminal window and type the command “ls” to see the file. The one aircrack-ng needs is the .CAP file here it is called “dlink-01.cap”.