Monday, 13 March 2017

Why we need hackers and hacktivists


In a perfect world, we could all sit back and just trust that our governments will do the 'right thing'. We can believe that the CIA, FBI, NSA are the good guys and there to help and protect us. We can believe that they are the 'good guys' and they are protecting us from the 'bad guys'. In a perfect world ...

The problem is we do not live in a perfect world. You just need to read the news to see how governments are hacking one another. How the 'good guys' wants more power and control to protect us from the 'bad guys' but how they misuse and abuse their power.

I live in South Africa and on a daily basis we read in the news how top government officials - even, and especially in the police and security sector - are attacking one another and exposing how the others are using their positions for self enrichment through corruption.

We live in the real world where there are no black and white (100% right or 100% wrong), but multiple shades of grey. No government or organization can be completely trusted. Not everyone working at that 'good' agency is 'good' and there will always be people that abuse their power.

We need wikileaks, we need hacktivists, we need people that fight for our privacy.

At redpill we understand that it is possible to abuse hacking tools and use it for cyber crime. We are constantly considering removing redpill Hacker from the internet for this reason. We however also understand that there are those who needs tools like redpill Hacker to fight for the truth.

Saturday, 28 January 2017

How Hackers Bypass Mobile Verification

Please Note: The purpose of this article is to inform people of how hackers can steal information and to prevent the illegal and criminal use of Penetration Testing Software like redpill Hacker.



Cyber-criminals can install key loggers on your computer to get your login details. Sites that require a more secure form of log-in will send a verification code to the user's mobile phone (SMS - OTP) to prevent this type of attack. It is mostly banks but also other sites (think of Google's two step verification) that uses this method.

So how do hackers get past the mobile verification step?

Easy - The ask the user what the code is! It is called social engineering and this is how it works:

  1. They get information about you - usually everything they need they can get from your facebook account. All they need to get started is your email and phone number.
  2. They then use hacking tools to get your username and password from your computer.
  3. They will then give you a call claiming to be from the company (bank/google/etc) and informing you that they had some problems with users complaining that incorrect verification codes are being sent. They will inform you that they are doing random checks and will ask your permission if they can send you a verification code (giving you the illusion that you are in control). 
  4. When you agree, they log into your site. You will then receive the code and it will all look very legit to you. 
  5. To put you even more at ease they will then read you a code that you need to confirm. When it is wrong (it obviously will be) they will reply "oh no, not another one! What is the code that you received?"
The next text message you will receive from your bank is to inform you that the money was successfully transferred from your account!


Monday, 5 December 2016

December 2016 Special - redpill Hacker for 99$



The $99 special is back - but only for the month of December!

The price for redpill Hacker has again been reduced from $149 to $99 - you save $50!!

redpill Hacker is advanced hacking software that includes key loggers, payload and phishing website generators and more. You can install on unlimited computers and it is a once off payment (license does not expire).

New to hacking and key loggers? Not a problem - redpill Hacker comes with a 40 page manual to get you hacking like a pro in no time.

For more information about this spy program see www.redpill.co.za



Monday, 17 October 2016

How to remotely install a spy program


Windows and Internet security came a long way since the good old Windows XP days. Installing spy software silently and remotely back then was easy. All you needed was an easy to use spy program like redpill Agent (no longer available) and you where good to go.

Several things changed from those days that makes installing spy software remotely much more difficult:
  • User Account Control (UAC) was introduced by Microsoft making silent installs almost impossible.  
  • Using Exploits to install is no longer a viable option as security updates are now much more widely and quickly rolled out. In Windows 10, automatic updates are on by default and can only be turned off for a short period.
  • Advanced Anti-Virus programs no longer just scan for known malware but uses 'Heuristic Analysis' and 'Wisdom of the Crowd'.
  • Email services started applying very strict rules as to what type of attachments can be emailed. 
  • Security awareness has drastically increased in the last couple of years. 
Nowadays, installing spy software require a lot of skill and technical know how ... unless you have redpill Hacker! redpill Hacker is a new generation hacking tool that has been designed to make hacking easy, even if you are not a professional. It bypass the issues mentioned above in the following ways:
  • Lightweight payloads (spy programs) are used to bypass the UAC security.
  • Heavyweight payloads that includes key loggers are installed using advanced Social Engineering templates. These templates are designed to convince the target to run the payload.
  • Several techniques unique to redpill Hacker are used to reduce detection rates of anti-virus packages. Each customer also gets a unique edition (special build) to make sure your payloads (spy programs and key loggers) are not known by Anti-Virus companies.
  • Instead of trying to do a silent install, redpill Hacker uses a Trojan Horse approach where the target thinks the program does something else while the spy program is secretly installed in the background. 
  • Various attachment types are supported to allow you to email using even strict email servers like gmail. 
  • redpill Hacker also includes other tools where no spy software is installed but usernames and passwords are retrieved over the Internet (See Password Phishing Website).
  • Even with no website development skills, redpill Hacker allows you to create custom payload websites where payloads (spy programs) are being installed from a web page. 
As part of the package, you also get a 30 page training manual. The manual is designed to help you get started but also help you move on to more advanced topics like using payload websites to install spy programs. 

For more information visit: http://www.redpill.co.za

Tuesday, 20 September 2016

Payload Websites with redpill Hacker 6

redpill Hacker 6 has just been released with more flexible and powerful payload websites.

A payload website is a website that is created by redpill Hacker that is used to secretly install spy software (the payload) remotely on a target computer.

Example of a Payload website create by redpill Hacker:


In redpill Hacker 5 you could also have created payload websites, but you now have more flexibility to make the website look the way you want it to.

You can use any 'con' - any app that you can think off that people would want to download. You simply choose the wording for your site and select a background.


No website development skills required - redpill Hacker will create the website for you in seconds.


redpill Hacker 6 also comes with a new and improved help file to help you with even more advanced topics including:
  • Step by step 'getting started' instructions that can turn anyone into a professional hacker. 
  • Creating payloads (spy install modules) that can be installed - secretly and remotely.
  • Different types of payloads and how to use them - including key loggers and modules that secretly retrieve documents. 
  • Using Social Engineering Templates to remotely install spy software. 
  • Emailing payloads directly to targets or using redpill Hacker to send the payload. 
  • Sending bulk emails to a list of targets. 
  • Creating Password Phishing Websites - to get user names and passwords.
  • Creating Payload Websites used to install spy software via a website. 
For more information about redpill Hacker visit www.redpill.co.za

Sunday, 7 August 2016

Hacking tools to get usernames and passwords



redpill Hacker has various tools and methods to get usernames and passwords from a target computer. In this article I will briefly discuss the different methods of retrieving passwords using redpill Hacker.

Payload with Key Logger

redpill Hacker allows you to create a payload that will remotely install a key logger on the target computer. Everything that is typed on the computer will be recorded and secretly emailed to you including usernames and passwords.

Saved keywords will not be retrieved (this action increases the detection rate), instead you can use the 'Retrieve Saved Passwords' template in redpill Hacker.

When you use the 'Retrieve Saved Passwords' Social Engineering Template, redpill Hacker will do the following:

  1. It will create a payload that looks like a Virus Removal Tool.
  2. redpill Hacker will then email the target the payload and explain that there is a virus that steal passwords doing the rounds.
  3. It will then instruct the target to temporarily disable his Anti Virus as normal Anti Virus does not detect the virus and it needs to be disabled to allow the virus tool to scan and remove the virus.
  4. The tool will then run - it will loot to the target like a virus is being removed - but the key logger will secretly be installed.
  5. The target will then be instructed to change all his passwords as the virus was found and his passwords was possibly already compromised. 
  6. As the target change each of his passwords, the key logger will email you the website or application used and the new username and password.


Password Phishing Website

The Password Phishing Website is a tool in redpill Hacker that creates a type of portal website that retrieve the target's username and password before redirecting him to the website he intended to go to. This tool has a very high success rate as nothing is installed (no warnings or problems with anti virus) and it works on all devices.

For more information on how this works read: Password Phishing Website in redpill Hacker

Document Grabber

redpill Hacker has a document grabber payload. It is a lightweight payload - that means it gets past 95% of anti-virus and does not cause a UAC warning message to pop up.

The thing that makes a lightweight difficult to detect and stop is the fact that it is ... well, lightweight. It goes in with one single task, performs the task and then disappears. It does not try to install itself in order to keep on running or do anything else.

The task that the document grabber performs is to retrieve all the documents in the Documents folder and all the sub folders.

What does that have to do with passwords? You will be amazed to find out how many computer users have a document in their Documents folder or one of the sub folders with a list of all their usernames and passwords in case they forget them.

To find out more about redpill Hacker go to www.redpill.co.za

Thursday, 7 July 2016

Hack in secret with the Darknet


If you think it is only a couple of terrorists that is being watched by the authorities, think again. 

Have a look at the google transparency report (click this link) . Google and other companies comply with thousands or requests for information about specific user accounts from authorities all over the world!

 In 2015 there where 68 908 requests where they provided data to authorities … with other words give access to the gmail accounts. These stats are from google themselves! You will also notice when you look at the graph that the number of requests per year is growing. Keep in mind, that this is just gmail. All other email providers receive similar requests.

There is of course the 'If you have nothing to hide' argument. In a perfect world that might make some sense. We live in an imperfect world where nothing is truly black or white, where the good guys is never 100% good and the bad guys never (well seldom) 100% bad.

You can't just simply trust that you are only being watched by the 'good guys' and that every employee working at the 'good guys' will never use the information they can get for malicious purposes.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say" - Edward Snowden
redpill do not encourage or condone any illegal activity. Do not use your hacking and spy software legally - respect other people's privacy - but also fight for your own privacy!

What can you do to protect your privacy?

Encrypt your emails using PGP.

You don't need to encrypt all your emails, but if there are some correspondence that you think needs to stay private, you can encrypt your emails. An easy way to do this is to use gmail with mailvelope. See the video below:


Use the Darknet

To be anonymous and to hide your IP address, you can work on the Darknet. With the Internet one computer connects to another computer and it is easy to get the IP address of the original computer.
On the darknet, internet requests are bumped around on computers (or nodes) in a way that it is not possible to get the original IP Address.

You use the darknet with special software like Tor.

How Tor Works:


Tor uses a network of computers to let your encrypted internet request jump around several computers. There is no way for the authorities to check who visited the website.

To use Tor is easy, just install it and use Tor instead of your normal browser. You can still use your normal browser for activities that you feel you don't need to keep private. 

Tor is free and can be downloaded at: https://www.torproject.org