Banner 468

pardon hackers
Facebook
RSS

COOKIE STEALING

0 comments
-
yeshwanth



Well I have posted lots of articles on Phishing and keylogging, but today I would like to throw some light on a very useful method which hackers use to hack gmail, facebook and other email accounts i.e. Stealing.  One of the reasons why I am writing this article as there are lots of newbies having lots of misconceptions related to cookie stealing and session hijacking, So I hope this tutorial cover all those misconception and if not all most of them.




What is a Cookie?

A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.

What is a Session Token?

After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.

What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.


What is a Cookie Stealer?

A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you. Personally I use Cookie manager v1.5.1 as it's quite user friendly.



You can also use the webdeveloper toolbar to do the work for you.

5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking

Why it does not work on a website which is not vulnerable to XSS?
It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.


Gmail GX Cookie



By now I believe that I might have cleared lots of misconceptions related to cookie stealing, but all of those information is only good for you if you try to do it practically,  So let's get to the main topic.

In gmail the cookie which authenticates users is called a GX cookie, Now as we cannot use a cookie stealer as by now we don't know any XSS vulnerability in gmail, So if you are on a LAN  you can use wireshark or any other packet sniffer to steal gmail Unsecured GX cookie and use it to gain acess.

Will this hack always work?

Well this trick won't work on all Gmail accounts and as Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail it can work for sure.



I hope you have liked the post uptill now, I will cover the method to steal gmail gx cookies and using it to hack gmail accounts in the next post, So stay tuned !.
[ Read More ]

Continue

skiping ads

0 comments
-
yeshwanth

 Skip or bypass Rapidshare, Megaupload Waiting time

 Yes, you are reading it correctly, its not a prank or joke, now you can easily avoid the waiting time or usually we say time limit when you download as a free user from the file sharing services such as rapidshare, megaupload, deposifiles, hotfile. Normally you have to wait for 20-60 minutes to download the second file after downloading the first one. They implement ways to invite users to purchase a premium service. But this way of limiting Free download limit and asking free users to wait for long time to start another download can be annoying one.

Skipscreen is an extension to browser to by pass waiting time on download. Unfortunately it can only be used with Firefox browsers to avoid waiting time while downloading files from some popular File hosting services like:
* Rapidshare.com
* zShare.net
* MediaFire.com
* Megaupload.com
* Sharebee.com
* Depositfiles.com
* Sendspace.com
* Divshare.com
* Linkbucks.com
* Uploaded.to
* Hotfiles.com
* 4shared.com
* Limelinx.com
* Link-Protector.com
Its use is very simple and does not require any configuration, just go to the addon page of the extension and install it, restart your browser and enter one of thesedownload sites and you will no longer have to wait.
Download Skip ----Screen Firefox Extention

 Alternative Methods or Hacks to Beat Rapidshare Download Limits and Waiting Time
Method 1:  Using Java Script:
1. Goto the page you want to download
2. Select FREE button
3. In the address bar put the following: javascript:alert(c=0)
4. Click OK
5. Click OK to the pop-up box
6. Enter the captcha
7. Download Your File
Method 2:  Request a new IP address from your ISP server
Here’s how to do it in windows:
1. Click Start
2. Click run
3. In the run box type cmd.exe and click OK
4. When the command prompt opens type the following.
ENTER after each new line.
ipconfig /flushdns
ipconfig /release
ipconfig /renew
exit
Note: This might only work for DSL/Modem Internet Connection, not for Cable Internet users

 2). Skipping or Bypassing Rapidshare or Megaupload, hotfile waiting time.

 In this post I have a new Rapidshare hacking tip for you. Well, you might be aware of Browsers like Firefox, or Internet Explorer. I would like to introduce you to a browser known as Torpark Browser, which works as a anonymous web browser. It is like a proxy browser where you can change your permanent IP Address  to dynamic IP Address. So, when ever you run this browser you get a new IP address.  Now download mutliple files at the same time. Yes you read it right, you can download multiple rapidshare files or megaupload, hotfile files at the same time. You can even skip or bypass the time limit on downloading files. The most amazing thing is IDM works with this browser.
DOWNLOAD
Note: You need to close the browser window after each download coz it will reset the ip address.
[ Read More ]

Continue

rocovering hacked Email

0 comments
-
yeshwanth


How to Recover Hacked Email Accounts?

Email Hacked?
It can be a real nightmare if someone hacks and takes control of your email account as it may contain confidential information like bank logins, credit card details and other sensitive data. If you are one such Internet user whose email account has been compromised, then this post will surely help you out. In this post you will find the possible ways and procedures to get back your hacked email account.

For Gmail:

It can be a big disaster if your Gmail account has been compromised as it may be associated with several services like Blogger, Analytics, Adwords, Adsense, Orkut etc. Losing access to your Gmail account means losing access to all the services associated it with too. Here is a list of possible recovery actions that you can try.
Step -1: Try resetting your password since it is the easiest way to get your account back in action. In this process Google may ask you to answer the secret question or may send the password reset details to the secondary email address associated with your compromised account. You can reset you password from the following link
If you cannot find success from the Step-1 then proceed to Step-2.
Step-2: Many times the hacker will change the secret question and secondary email address right after the account is compromised. This is the reason for the Password Reset process to fail. If this is the case then you need to contact the Gmail support team by filling out the account recovery form. This form will ask you to fill out several questions like
1. Email addresses of up to five frequently emailed contacts
2. Names of any 4 Labels that you may have created in your account
3. List of other services associated with your compromised account
4. Your last successful login date
5. Account created date
6. Last password that you remember and many more…
You need to fill out this form as much accurately as possible. It is obvious to forget the dates of last login, account creation and similar terms. However you need to figure out the closest possible date/answers and fill out this form. This is your last chance! The more accurate the information filled out in the recovery form, the more the chances of getting your account back. You may reach the account recovery page form the following link

For Yahoo and Hotmail:

Unfortunately for Yahoo/Hotmail there is no second option like filling out the form or contacting the support team. All you need to do is either answer the secret questions that you have setup or reset the password using the secondary email option. 
To initiate the password reset process just click on the Forgot password link in your login page and proceed as per the screen instructions.
I hope this post will help you recover the lost account. I highly recommend that you also read my post on How to protect your email account from being hacked and Tips to find unauthorized activity on your Gmail account so that you always stay protected!
[ Read More ]

Continue

Email tracking(ip)

0 comments
-
yeshwanth

Hai this post is for noobs if you are a daemon ignore it!!!
Tracing mails you recieve
                    If you have any abusive mails or if you want to trace victims IP address or if you want to know whether your friend has read your mail then this will help you
Here it goes:
                    You can trace the email received by analyzing the header actually this could be done manually ,but i wont be recommending that becoz there are tools which make life easier follow the steps
1.open the email header (you can find the header by clicking show original option in gmail)
2.copy the header and paste in below mentioned tools
Recommended tools:
Utility name: Neo Trace Pro
Fantastic tool top recommended this will geographically trace your ip address .It is very accurate and has extremely useful functionalities.
Download from here
utility name: VisualRoute , Download from here
utility name: eMailTrackerPro , Download from here
Tracing the mails that you send
                Most of you find fun in this bcoz the tool i'm gonna explain will send you information when the victim opens it.All you need to do is visit spypig.com enter the required fields then it will give you a image which has to be sent to your victim. the tool looks like this
Step 1: Specify the email id to which you want to get the Destination's ip
Step 2: Here goes your message title
Step 3: Select the image you want to send , you may upload your own image too but its recommended to select the first one(white) becoz it will mix up with white background of your mail body so some one looking at this will think that there is no image
Step 4: Press the create button 
Step 5:Here the tricky part comes copy your image into your mail body within in the time limit shown by spy pig or else it will expire
Note : Use the New gmail version bcoz in older one you cant copy a image into body
Step 6: this step says you to send the mail

                     Hopefully if the victim opens the mail you will receive all the information of victim like OS,browser,ip & mac address
Note : there is no counter measure for this
HAPPY HACKING ;]
[ Read More ]

Continue

Email/SMS Bomber

0 comments
-
yeshwanth

Bombers are programs which will be using the online resources for sending continues unlimited messages to a mail or mobile.This sounds great right! ,but the problem with these bombers is mostly they will be fake or it will be a virus which will fool you so its better to stay off from them(if you find any legitimate bomber plZZ comment that information.)
->Alternative, simple, best option is to move for tools which will automatically click the pages for you
Tools i recommend are:
1.iMacros
2.Greece Monkey
                    both do the same work for you. I'm going to explain about iMacros today which is a extension available for Chrome and Firefox.It looks:
Simply goooogle to find this extension for your browser
->All you need to do here is to click play button in iMacros and do what ever you want to be repeated in chrome.
->Once you finish doing it may be sending message to any portal or sending mail ,you have to stop the session in iMacros you will find save option in the next window save that with desired name.
->now click on the saved file and click play loop you will see the repetition of what you have done
->By setting "max" option you can control how many times the loop runs
Hope this is helpful
IF YOU STILL NEED HELP WATCH THE VIDEO
The greece monkey is pretty much the same
HAPPY HACKING;]
[ Read More ]

Continue

google unofficial shell account

0 comments
-
yeshwanth


This google-interface behaves similar to a unix-shell.
You type commands and the results are shown on this page.
goosh is powered by google. 

 goosh is written by Stefan Grothkopp <grothkopp@gmail.com> 
it is NOT an official google product!
goosh is open source under the Artistic License/GPL.

 Click here to see.
[ Read More ]

Continue

online virus scanner

0 comments
-
yeshwanth

Im gonna share a site where a data uploaded will be scanned by most popular anti virus tools and results will be shown.Its better check that on your own


                          
best site for online virus scan 

Actually guys this post will be helpful to the virus writers ,with a single click we can find which AV can trace the virus.
"SAFE HACKING"
[ Read More ]

Continue

phishing tutorial

0 comments
-
yeshwanth


A video which is made by me on phishing and the important thing is you will not get banned
if you will do phishing in this manner.


Click here to see video in Good quality





Cant see anything clearly than click here

THIS INFORMATION IS ONLY FOR EDUCATIONAL PURPOSE
"SAFE HACKING"



[ Read More ]

Continue

binders -used for binding two exe files

1 comments
-
yeshwanth




A binder is a software that is used to combine two or more files into a single file so that when the user opens the single file,two files are executed.90% binders are used for hacking.you can combine a good exe with trojan so your friend and Anti virus thinks that they are opening a normal exe.
one more coolest thing about this is if you join a virus with autorun.exe of any pendrive..........guess what happens?........................




How to use binder for Hacking:


1.first of all download registered file joiner (a simple file binder) 100% working from here,It also has little option to encypt the files, if you are facing problems while downloading then download from here


2.Now click on add file and select RATS,keyloggers,bots etc.
3.Now again click on add file and select any file,here you can see i have added mozilla firefox.
4.Change icon (optional).
5.Click join files.

[ Read More ]

Continue

AFCEH 5.0 slides

0 comments
-
yeshwanth



Powerpoint slides for all weeks of AFCEH course

 WEEK-1
                            click here

WEEK-2
                            click here


WEEK-3
                            click here


WEEK-4
                            click here

ankith Fadia certification course helps noobs in hacking to know all about hacking ,dont expect to learn from this course
slides of this course can be downloaded from the above links.
Contents in the course are:
Week 1:-
Spoofing ip address and mac addresses
Proxy bouncing
Hacking rapidshare
Shortened URL Vulnerabilities
Network reconnaissance
Ping sweeping and traceroute
Reverse DNS lookups
Netcat and NCat
Port scanning
Daemon banner grabbing
Week 2
ICMP scanning
OS fingerprinting
Firewall enumeration
Passive fingerprinting with p0f
Web server fingerprinting
Spoofed packet attacks
Email forging
DOS attaicks
Reflective DDOS attacks
Password cracking attacks
Cracking saved password in browsers
Password managers
Intellectual property thefts
EXE binders
Social engineering attacks
TCP/IP: A mammoth description
Firewall tunneling using SSH and putty
HTTP tunneling
Cracking Email accounts
Port Forwarding and port triggering
WEEK 3
Identity thefts
Input validation attacks
SQL injection
IP spoofing
Cross site scripting attacks
Misuse of hidden HTML tags
Canonicalization attacks
HTTP response splitting
Buffer overflows
Passive and active sniffing attacks
ARP poisoning attack
MAC flooding attack
MAC duplication attack
Social networking websites security
Windows 7 and windows vista password cracking
Cracking CAPTCHA
Tab napping
DNS cache poisoning
DNS cache poisoning birthday attack
Domain hijacking
WEEK 4
Meet in the middle attacks
Shell accounts
USB hacking
Road sign hacking
Steganography
Wireless hacking
War driving
De-authentication attacks
Cracking WEP keys
Caffe latte attacks
Cracking WPA and WPA2
Computer forensics
Honeypots
Viruses torn apart
Penetration testing and vulnerability assessment
Software hacking
Backtrack

hope to listen some comments
"SAFE HACKING"
[ Read More ]

Continue

How to Install Windows 7 From a USB Drive

0 comments
-
yeshwanth


Installing Windows from a USB flash drive has several advantages – First of all, the overall speed of the installation process will increase significantly, carrying a USB stick is much more convenient than a DVD, and finally it becomes possible to install the OS even on those systems that do not have a DVD drive, such as a netbook.
In this post, I will show you how to load the Windows installation on to your USB flash drive and make it bootable just like the DVD.
Tools Required:
1. USB flash drive with a minimum capacity of 4 GB.
2. Windows 7 set-up DVD.

Step-1: Plug-in your USB flash drive and backup all the existing data in it.
 
Step-2: Open the command prompt. If you are using Windows 7/Vista then open it with administrator rights*.


 
Step 3: In the command prompt, type in the following command:
DISKPART

This will start the Microsoft DiskPart utility as shown below:
Microsoft DiskPart
Now issue the following command:
LIST DISK

This will show you a list of  available disks on your system. Disk 0 is usually the hard disk. In my case, Disk 5 is the USB drive (this can be a different one in your case). Now issue the command as shown below:
SELECT DISK 5

Install Windows 7 from USB
 
 
 
 
 
 
 
 
 
 
 
NOTE: In the above command, 5 is the USB drive number on my system. If you have a different number on your system, then you need to replace 5 with that number.
 
Step-4: Now issue the following list of commands one by one as shown below:
CLEAN

CREATE PARTITION PRIMARY

SELECT PARTITION 1

ACTIVE

FORMAT FS=NTFS QUICK

ASSIGN

EXIT

Install Windows 7 from USB
Minimize the command prompt and proceed to the next step.
 
Step 5: Insert the Windows 7/Vista installation disc and note down the “drive letter” of your DVD drive. In my case, it is “H:”. Now type the following list of commands as shown below:
H: CD BOOT

CD BOOT

BOOTSECT.EXE /NT60 M:(NOTE: M: is your USB drive letter)

EXIT

Win 7 from USB flash drive






Step-6: Copy the contents of your Windows 7/Vista installation disk into the USB flash drive.
That’s it! Your USB stick is now ready to boot and install the OS for you. Don’t forget to enable the “USB Boot” option and change the “boot priority to USB device from hard disk” in your BIOS settings.
[ Read More ]

Continue

How to Make a Trojan Horse

0 comments
-
yeshwanth


Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…
Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.
Now lets move to the working of our Trojan
The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in theWindows\System32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
The algorithm of the Trojan is as follows
1. Search for the root drive
2. Navigate to WindowsSystem32 on the root drive
3. Create the file named “spceshot.dll
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full
5. Once the drive is full, stop the process.
You can download the Trojan source code HERE. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable.

How to compile, test and remove the damage?

Compilation:
For step-by-step compilation guide, refer my post How to compile C Programs.
Testing:
To test the Trojan,  just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to remove the Damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box.
%systemroot%\system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
 NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?
Please pass your comments and tell me your opinion. I am just waiting for your comments…

[ Read More ]

Continue