Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Showing posts with label Gmail Hack. Show all posts
Showing posts with label Gmail Hack. Show all posts

Tuesday, 30 April 2013

How Create Virtual Online Drive For Free With The Help Of Gmail



You all may know well about virtual drives. But what about creating an online virtual drive in your own computer and make it available to you anytime anywhere. Surprised ah ? Yes its true, about creating virtual disk. Gmail is providing about 7650MB to 10240MB for each account, That means you can create a virtual online disk of about 7.5 GB to 10 GB in your own computer.All this is possible with the help of a tool called Gmail Drive.GMail Drive creates a virtual filesystem around your Google Mail account, allowing you to use Gmail as a storage medium.

GMail Drive creates a virtual filesystem on top of your Google Gmail account and enables you to save and retrieve files stored on your Gmail account directly from inside Windows Explorer. GMail Drive literally adds a new drive to your computer under the My Computer folder, where you can create new folders, copy and drag'n'drop files to it.Ever since Google started to offer users a Gmail e-mail account, which includes storage space of 7650megabytes to 10240megabytes , you have had plenty of storage space but not a lot to fill it up with. With GMail Drive you can easily copy files to your Google Mail Account and retrieve them again.

When you create a new file using GMail Drive, it generates an e-mail and posts it to your account. The e-mail appears in your normal Inbox folder, and the file is attached as an e-mail attachment. GMail Drive periodically checks your mail account (using the Gmail search function) to see if new files have arrived and to rebuild the directory structures. But basically GMail Drive acts as any other hard-drive installed on your computer.

HOW TO MAKE A VIRTUAL ONLINE DRIVE:-

GMail Drive creates a virtual filesystem on top of your Google Gmail account and enables you to save and retrieve files stored on your Gmail account directly from inside Windows Explorer.

First Download GmailDrive Clickl Here To DOWNLOAD

STEPS To Follow:-

1. Extract all the files from the downloaded archive and run setup.After installation go to My Computer where you see a drive like given below.



GMail Drive literally adds a new drive to your computer under the My Computer folder, where you can create new folders, copy and drag'n'drop files to it.

2. Double click on the Drive,when you do it then you see a window pop up like below picture...



Enter your gmail ID and Password.Its better dont use your personal Email.Create a new one for this virual online drive and thats it, All the data in this drive is secure and can be accessed only by from anywhere and at anytime.

HOW TO REMOVE THIS VIRTUAL DRIVE:-

If you want to remove this virtual drive from your system just goto
control panel => programs and features=>uninstall or change program 
and uninstall GmailDrive from there.It will be automatically removed from My Computer

Friday, 30 November 2012

How To Make Phishing Site ? Easy Tutorial




PrinceMahen here. Today i am going to show you a quick tutorial on how to make a Gmail phishing ( Fake Login Page ) site.Phishing is a fake login page of a particular site which captures email and password of the victim when he type it in the form. After capturing it would send all the information to hacker's webhosting.

1) Goto free webhosting, if you have paid then you have to use that. I would recommend http://www.000webhost.com/order.php



2) Signup for free! after that goto your email for confirmation and sign in.


3) When you are logged in, Go to Cpanel, after that go to File manager for the creation of phishing page.



4) The menu will display now go to Public_html.




5) Now click upload, and upload the files to the hosting.




6) That's it, you are done! Now goto your domain and you will see it would same like gmail login page. Send the link to your friends and Enjoy hacking.
To see the input information of your phishing page ( I mean your victim's email and password ).
Go to :- http://www.yoursitesadress.p4o.net/lol.html

Download the phishing page From Here



Note - This file and its contents are only for educational purposes. Please do not misuse them.The author is not responsible in any way for your act.By using this you accept with the disclaimer.

Tuesday, 23 October 2012

HOW TO GET PASSWORD AND EMAIL FROM A PHISHING SITE




HELLO THERE ITS ME DAVID REX BACK FOR MORE...........................
TODAY IM GONE TEACH YOU HOW TO GET FACEBOOK EMAIL AND PASSWORD FROM A PHISHING SITE

1) FIRST COPY ONE OF THE GOOGLE DORK BELOW AND PASTE IT IN GOOGLE SEARCH ENGINE

i)  intext:charset_test= email= default_persistent=

ii) inurl:"passes" OR inurl:"passwords" OR inurl:"credentials" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff

2) THEN YOU WILL GET SOME SITES JUST CLICK ONE AND SEE THE EMAIL AND PASSWORD

3) SOME OF THE EMAIL AND PASSWORD THAT I GOT http://rexcybertrix.blogspot.com/2012/10/10000-facebook-account-had-been-hacked.html

Friday, 24 February 2012

How to Configure Gmail With A Desktop Mail Client

We love using Gmail.com for its many features, but if you want offline access and a more "desktop-like" experience, you can get your Gmail messages delivered to a desktop client, like Outlook or Apple Mail. Here's how.

Every mail client is a little bit different, so we can't show you every way to set up Gmail, but in general, it should be pretty similar. Some programs will set up Gmail automatically with just your username and your password, while others will require you to set them up manually. If you have a Google Apps account (that is, if you're using Gmail but your email is not an @gmail.com email address), you'll also have to do it manually. Here are a few examples using the most popular email clients.

Initial Setup (for All Clients)

enableimapgmail.jpgBefore you do anything, you'll need to enable IMAP in Gmail, which will let you access your accounts on the desktop. To do this, head into Gmail's Settings and go to the Forwarding and POP/IMAP tab. Scroll down to the IMAP section and enable IMAP. Then save your changes, and open up your desktop email client of choice to set it up using the following instructions.

Set Up Gmail in Microsoft Outlook

To set up Gmail in Microsoft Outlook (we'll be using Outlook 2010 for this demonstration), open up Outlook and run through the following steps:
  • Head to File > Account Settings > Account Settings. Click the New button to create a new account.
  • Click on the "Manually configure server settings" radio button at the bottom of the new account window. Then, hit Next.
  • Choose Internet Email at the next screen and hit Next.
  • Type in your name and Gmail address under "User Information. Change your Account Type from POP3 to IMAP, and add imap.gmail.com as your Incoming Mail Server. Type in smtp.gmail.com as your Outgoing Mail Server.
  • Type in your full Gmail address (i.e. whitson@gmail.com) and password under Logon Information.
  • Hit the More Settings button and go to the Advanced tab. Under Incoming Server, type 993 and set your encryption from "None" to "SSL". Under Outgoing Server, type 587 and set your encryption to TLS.
  • Head to the Outgoing Server tab of the same window and check the box that says "My outgoing server requires authentication". Hit OK, and hit Next to complete your account setup.
If all goes well, Outlook should send a test message, and let you know that your account was successfully set up! Check out the video above to see this process in action.

Set Up Gmail in Apple Mail

To add a new account in Apple Mail:
  • Head to Mail > Preferences in the menu bar and go to the Accounts tab. Hit the plus sign in the bottom left corner to add a new account.
  • Type in your Name, full Gmail address, and password and hit Continue. If you're using an @gmail.com address, you're probably done—Mail should fill in the rest of the settings for you. If you're using a Google Apps account, you'll need to do a few more things.
  • On the next window, choose IMAP as your Account Type, type in a description (something like "Gmail"), and type imap.gmail.com. Change your username to your full Gmail address and type in your password. Click Continue.
  • On the next screen, type a description, type smtp.gmail.com as your Outgoing Mail Server, and check the Use Authentication. Click Continue, and click Continue on the next screen as well. Hit Create to take the account online.
When you're done, Mail should start downloading all your messages to your inbox, and you'll be ready to read all your email right from the desktop. Check out the video above to see this process in action. Note that Mail doesn't automatically use Gmail's Sent, Spam, or Trash folders—it'll create its own, which can be annoying. To fix this, just select Gmail's Sent Mail folder, then go to Mailbox > Use This Mailbox For > Sent in the menu bar. Repeat this process for Trash and Junk, too, to make sure all your folders sync up.

Set Up Gmail in Mozilla Thunderbird

Setup in Mozilla Thunderbird is pretty much the same as in Apple Mail. To add Gmail to Thunderbird:
  • Head to Tools > Accounts, and at the bottom of the window that pops up, click the Account Actions drop-down. Hit "Add Mail Account".
  • Type in your name, email address, and password and click Continue. Thunderbird will try to set up the account automatically. If it fails to do so, hit the "Manual Setup" button.
  • In the sidebar, find the account you just created and click on Server Settings. Type in imap.gmail.com for your Server Name, type 993 for your port, and make sure your username is your entire Gmail address. Under Connection Security, pick SSL/TLS and pick Normal Password as your Authentication Method.
  • Hit OK to finish the account creation process.
Once Thunderbird imports your account, you'll be able to send and receive mail right from your desktop.

If you're using a mail client different from one of the above, the setup shouldn't be too different—just make sure you're typing in your full Gmail address as your username, and that you're using the correct ports and encryption types as described above in the account settings.

Friday, 18 November 2011

CyberGate RAT - Hacking Facebook, Twitter and Email Id's Passwords

CyberGate is a powerful, fully configurable and stable Remote Administration Tool coded in Delphi that is continuously getting developed. Using cybergate you can log the victim's passwords and can also get the screen shots of his computer's screen. You can connect o multiple victims in single time. One should no know what is the ip-address of the victims' computers. That is the main benefit. What you have to do is to spread the server file to the vicitms or the people whom you want to infect. Also there is a file manager utility using which you can explore the data of the victim. So, its much exciting, therefore i thought to give a tutorial about it, since it can also be used for constructive purpose i-e you can view the clients of you office or your homies, that what are they doing at computer. Rather they are sincere or not. I am going to show you step by step guide, by creating my own server. I created Hackersthirst to produce awareness among people about general tools usage also.

Steps For creating a successful cybergate server:-

Step 1) I have hosted to cybergate for dowloading to the two locations, as often i get messages that download link is not working.
Download CyberGate:
Download CyberGate From Here

Step 2) Now, It will be better that you temporarily disable your antivirus software. and also other security software if its the case that CyberGate isn't working for you.

Step 3) Set up your account at no-ip.com , If you are already registered that just login. After loging in add a host. Picture Demonstration is given below, since in last post of pro-rat people asked lots of question.

After this, Type your email id here, Like i did:

\
Now, Fill the forum provided with your real preferences or fake :P , Do what you like. After that you will receive a confirmation email in your inbox, Like the one you receive while subscribing to Hackersthirst, Click the confirmation link provided there, and thus you will have an activated and verified account. Login there. Now, What you have to do, is given below in step 4 with pictures!

Step 4) You have to add host, Like this, after getting logged in!


After that, fill like this, Replace with your desired name!


Thats it you are done, with following info:
Host name: anyname.name.org
Host Type: DNS Host (A) , Further leave other fields blank like i did.
Host process is now finished now i am moving to no-ip client.

Step 5) Download no-ip client from here. Download according to your OS, It supports windows, mac or linux. After downloading install the program, And then run it, You will promted to put in your email id along with password which you used to login to the no-ip.com, After loging in, Do what i did in the following screen shot!
Note: Always keep this software opened, Whenever cyper gate is running.
 Thats it, We have done with no-ip.com, Now procees forward with cybergate!

Step 6) Extract The Cybergate archive You Downloaded In The Beginning To Your Desktop! Once Extracted, Open It & Wait 20 Seconds For The Agreement To Pass! When It's Open, Press: Control Center -> Start.
and then press, Control Center -> Options -> Select Listening Ports, After this a popup will appear fill that like this:


Explaining further:
At first, Write "100" In That Little Box And Press The Blue Arrow. Then It Should Appear Under "Active Ports"
Active Ports: The Port You Will Forward Later using modem or uTorrent!
Connections Limit: The Max Amount Of Victims You Can Have.
Connection PW: The Connection Password. Use "123456"
[V] Show Password: (Shows Password)
Once This Is Done, Press "Save"!

Step 7) After this we are going to create the server, Go to, Control Centre -> Build -> Create Server


After adding name, select the name i-e wamiqali and Press forward.Now, Following windows will appear, Fill it like this:



Now, Click ok, It will be added in the list, After that select 127.0.0.1 and click delete. So, that following form will come in front of you:




Note: If You Want To Try The Server On Yourself, Then Delete Both:


- 127.0.0.1:999
- anyname.name.org


And Replace Them With; 127.0.0.1:100 Since 127.0.0.1 Means "Local Computer & LAN Internet"
Step 8) After this move on to the installer tab, and do what i did in the following screen shot:


Well, i think for this section no further explanation is required, things themselves in the screen shot are telling that what they are meant to do.

Step 9) Now move on to the Anti-Debug tab, and follow guideline as shown in the screen shot:

Step 10) Move on to the final tab, that is Create Server. and do what i did!


So, You are done!

Step 11) (There are many ways for this step, You can also google for some other better way) Now you have to port forward, For this purpose, login to your router or modem (Recommended way) and forward the port which you have used while making the cber gate i-e 100, But another quick tweak is this that simply run uTorrent and select Options > Preferences > Connection than enter there in Listening Ports, the value of port you want to be forwarded (e-g 100) than select Apply.After that Exit the uTorrent from the tray of the windows. and go to http://canyouseeme.org/ and check whether port is access-able or not. If its access-able, You will get this message for port 100:
Success: I can see your service on 100.100.200.200 on port (100)
Your ISP is not blocking port 100

What to do if RAT is not Connecting?

Make Sure That....

1) You are properly port-forwarded if using a router.
2) You have the No-IP Client installed and running.
3) Your DNS entries are correctly spelled when building your server.
4) The password in Listening Ports and the password your server uses are identical.
5) You are Listening on the correct ports.
6) Your Firewall is letting connections through on the port you're listening on.
7) Your server is added to excluded files in your Antivirus and Firewall.

Once You've Port Forwarded Your Port: "100" Then Just Get It Crypted And Start Spreading. After that you will surely get some victims But i will surely point out here that don't use this for bad purpose!

Note: All this was for educating my readers, Best4hack is not responsible for company or individual harm caused by it. Also don't use it to hack innocents, As this isn't attitude of hackers.

Thursday, 22 September 2011

How To See Password in Any Login Form

You might have been in this postion more often then not that you are using your friend’s computer or any of the office colleague’s Computer and your are about to login into your facebook,gmail,yahoo,hotmail or by matter any website and you see the username and password already filled,though you can login in at that moment and try to change the settings of that particular user!!.

but what when you want to Prank you friend’s account at some different place then the User’s PC,for this you would want to know the password ,which is either in “****”  or “…..” marked,and to get to know the password without the “**” marks or how to hack the password all you need to do is follow this simple steps
step1} first go to that login page where you think that your friend would have been logged in previously e.g Gmail or Facebook
step 2} We here are considering gmail account,you can just see the “****” marks in the Password field,
gmail How to see ****** marks password in any login Form
step3} Just copy paste the below code in your browser address
javascript:(function() {var%20s,F,j,f,i;%20s%20=%20%22%22; %20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j) %20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i) %20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22) %20s%20+=%20f[i].value%20+%20%22 %22;%20}%20}%20if %20(s)%20alert(%22Password Hacked by %20www.best4hack.blogspot.com.com:%20The%20password%20on%20 this page is:%22%20+%20s);%20else%20alert(%22There%20are %20no%20passwords%20in%20forms%20on%20this %20page.%22);})();
step4} Now you would be able to see the password in a pop up window.

Thursday, 15 September 2011

Gmail Cookie Stealing And Session Hijacking Part 3


So friends, This is the third part of my Gmail Session Hijacking and Cookie Stealing series on RHA, In the first part I introduced you to the basics and fundamentals of a Session Hijacking attack, In the second part I introduced you to the variety of methods used to capture session cookies. In this part I will tell you how to carry out a session hijacking attack once you have the session cookies.


Cookie Injection With A Firefox WebBrowser

Now there are variety of plugins used to inject cookies in your browser, depending on which browser you are using, I would recommend you the use of firefox browser as it supports vast number of cookie injection plugins.

Web Developer Toolbar

Webdeveloper toolbar is an addon for the firefox browser it makes the process of injecting cookies extremely easy. All you have to do is to install the webdeveloper toolbar, Click on the cookies drop down menu and click on the cookie you want to edit.



Once you have clicked on the edit cookie option, You will be brought to the following screen:


Next replace your cookie value with the victims cookie value.


Now if you have captured cookies using wireshark, then instead of using Webdeveloper toolbar, you can use Cookie injector to inject session cookies directly in to your browser. All you need to do is to press Alt+C after installing the cookie injector and then just paste the wireshark cookie dump and press ok. After you have done so, Just refresh your browser and you will be in victims account.



Note: In order to install Cookie injector script you would need to first install Greasmonkey plugin for firefox


CookieManger is one of my most preferred choice for performing a Session hijacking hijacking, Since it's very user friendly and extremely easy to use. You can view CookieManager's usage guide here.

Cookie Injection With Google Chrome



If you are too lazy to use firefox for cookie injection, then luckily there are few extensions on google chrome used to inject cookies into your browser and take control of the victims account. One of my favorite cookie injecting extensions is Cookie editor by Philip, It sports a very unfriendly interface.


Drawbacks of Session Hijacking Attack:

With so many advantages of a session hijacking attack there are some drawbacks that you also need to know.

1. First of all cookie stealing becomes useless if victim is using a https:// protocol for browsing and end to end encryption is enabled.

2. Most of the cookies expire once the victims clicks on the logout button and hence the attacker also logs out of the account.

3. Lots of websites do not sport parallel logins which also makes cookie stealing useless.

Protection Against A Session Hijacking Attack

The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.

Gmail Cookie Stealing And Session Hijacking Part 2





In my previous post Gmail Cookie Stealing And Session Hijacking Part 1, I discussed all the basics and fundamentals in order to understand a Session Hijacking attack, If you have not read the part 1, Kindly read the part 1 first in order to get good grasp of the topic.

Well after a tremendous feedback and response of readers on Session hijacking, I thought to extend this topic and write more on it, In this tutorial I will explain you some methods to capture Gmail Gx cookies.


Gmail GX Cookie

In gmail the cookie which authenticates users is called a GX cookie, Now as we cannot use a cookie stealer since by now we don't know any XSS vulnerability in gmail.

Tools You will be required


1.Cain And Abel
2.Network Minner
3.Wireshark

How To Capture Cookies?


Now there are couple of ways you can use to capture unsecured Gmail cookie which depend on the type of network you are on.

Packet Sniffing


 If you are on a Hub based network you can use packet sniffing in order to capture local traffic. You may use any packet sniffer you want to capture cookies, but I would recommend you to either use wireshark or Network Miner because they are quite userfriendly.

Wireshark

Wireshark is my recommended choice if you are on a hub based network and are looking forward to capture an unsecured Gmail Gx Cookie. Here is how you can capture a gmail GX cookie via Wireshark.

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.


Step 4 - The wireshark will now start to capture the traffic, In the mean time log in to your gmail account but make sure that you have selected "Don't use https://" in Gmail account Settings.






Step 5  - Next set the filter to on the top left to http.cookie contains "Gx", What this filter will do is that it will filter out all the traffic for the gmail authentication cookies named as GX.

Step 6 - Once you have found the suitable line of Gmail GX cookie right click on it and click on Copy and then select Bytes (Printable Text Only)

Step 7 - Now you have successfully captured Gmail GX unsecured cookie.

Network Miner

You can also use network miner to capture, it's more easier and userfreindly than wireshark.



Note: You would need a Winpcap before capturing traffic from either Network Miner or Wireshark.

ARP Spoofing Or Man In The Middle Attack:


Now if you are on a switched based lan network, packet sniffing will probably not work for you as the traffic meant for the particular system will only reach it, So packetsniffing becomes useless in Switch based networks.

1. Cain And Abel.

Cain and Abel should be your only choice if you are on windows operating system, You can easily place your self between the victims computer and the gateway and capture all the traffic going through it and hence successfully launching a man in the middle attack, afterwards you can filter out cookie information from the captured traffic. Here is a screenshot of captured traffic from Cain and abel.


2.EtterCap

Now if you are on a linux machine, You should probably use Ettercap as it's one of the best sniffers I have ever played with, With Ettercap you can easily launch a Man in the middle attack(ARP Poisoning) and capture unsecured Gmail GX cookie.


How can I prevent this kind of attack?

So friends till now you might have known the importance of using https:// connections. In order to prevent these kinds of attacks always use a https:// connection or a VPN solution while logging in to your email accounts.

So friends this concludes the part 2 of my series on cookie stealing, In part 3 we will look on variety of different methods used to inject cookies in to our browser to gain access to the account.

Gmail Cookie Stealing And Session Hijacking Part 1

Well I have posted lots of articles on Phishing and keylogging, but today I would like to throw some light on a very useful method which hackers use to hack gmail, facebook and other email accounts i.e. Stealing.  One of the reasons why I am writing this article as there are lots of newbies having lots of misconceptions related to cookie stealing and session hijacking, So I hope this tutorial cover all those misconception and if not all most of them.



What is a Cookie?

A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.

What is a Session Token?

After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.

What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.


What is a Cookie Stealer?

A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you. Personally I use Cookie manager v1.5.1 as it's quite user friendly.



You can also use the webdeveloper toolbar to do the work for you.

5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking

Why it does not work on a website which is not vulnerable to XSS?
It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.


Gmail GX Cookie



By now I believe that I might have cleared lots of misconceptions related to cookie stealing, but all of those information is only good for you if you try to do it practically,  So let's get to the main topic.

In gmail the cookie which authenticates users is called a GX cookie, Now as we cannot use a cookie stealer as by now we don't know any XSS vulnerability in gmail, So if you are on a LAN  you can use wireshark or any other packet sniffer to steal gmail Unsecured GX cookie and use it to gain acess.

Will this hack always work?

Well this trick won't work on all Gmail accounts and as Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail it can work for sure.



I hope you have liked the post uptill now, I will cover the method to steal gmail gx cookies and using it to hack gmail accounts in the next post, So stay tuned !.

Related Posts Plugin for WordPress, Blogger...