Monday 27 June 2016

how to hack facebook 2016




Despite the security concerns that have plagued Facebook for years, most people are sticking around and new members keep on joining. This has led Facebook to break records numbers with over one billion monthly active users as of October 2012—and around 600 million active daily users.
  • We share our lives on Facebook. We share our birthdays and our anniversaries. We share our vacation plans and locations. We share the births of our sons and the deaths of our fathers. We share our most cherished moments and our most painful thoughts. We divulge every aspect of our lives. We even clamor to see the latest versions even before they're ready for primetime.
But we sometimes forget who's watching.
We use Facebook as a tool to connect, but there are those people who use that connectivity for malicious purposes. We reveal what others can use against us. They know when we're not home and for how long we're gone. They know the answers to our security questions. People can practically steal our identities—and that's just with the visible information we purposely give away through our public Facebook profile.
The scariest part is that as we get more comfortable with advances in technology, we actually become more susceptible to hacking. As if we haven't already done enough to aid hackers in their quest for our data by sharing publicly, those in the know can get into our emails and Facebook accounts to steal every other part of our lives that we intended to keep away from prying eyes.
In fact, you don't even have to be a professional hacker to get into someone's Facebook account.
It can be as easy as running Firesheep on your computer for a few minutes. In fact, Facebook actually allows people to get into someone else's Facebook account without knowing their password. All you have to do is choose three friends to send a code to. You type in the three codes, and voilĂ —you're into the account. It's as easy as that.
In this article I'll show you these, and a couple other ways that hackers (and even regular folks) can hack into someone's Facebook account. But don't worry, I'll also show you how to prevent it from happening to you.

Method 1: Reset the Password

The easiest way to "hack" into someone's Facebook is through resetting the password. This could be easier done by people who are friends with the person they're trying to hack.
  • The first step would be to get your friend's Facebook email login. If you don't already know it, try looking on their Facebook page in the Contact Info section.
  • Next, click on Forgotten your password? and type in the victim's email. Their account should come up. Click This is my account.
  • It will ask if you would like to reset the password via the victim's emails. This doesn't help, so press No longer have access to these?
  • It will now ask How can we reach you? Type in an email that you have that also isn't linked to any other Facebook account.
  • It will now ask you a question. If you're close friends with the victim, that's great. If you don't know too much about them, make an educated guess. If you figure it out, you can change the password. Now you have to wait 24 hours to login to their account.
  • If you don't figure out the question, you can click on Recover your account with help from friends. This allows you to choose between three and five friends.
  • It will send them passwords, which you may ask them for, and then type into the next page. You can either create three to five fake Facebook accounts and add your friend (especially if they just add anyone), or you can choose three to five close friends of yours that would be willing to give you the password.



at No comments:

How to Hack Gmail


Hacking a Gmail address can come in handy if you lose your account password. It's also a good way to test your own account's security. There are several ways you can try to break in. Most methods rely on you obtaining someone's password through other means. Hacking someone else's Gmail account is illegal.
1
Understand the limitations. Gmail is an incredibly secure service. The only way you'll be able to "hack" into someone's account is by stealing their password. If your target has two-factor authentication, you'll need their mobile device as well. There is no other way around two-factor authentication.
2
Understand the legality. It is absolutely illegal in most areas to access someone's email account without authorization. This article is for educational purposes only.



1
Find a keylogger program that suits your needs. A keylogger is a program that logs the keystrokes on the computer it is installed on. There are a variety of keylogger programs available for free or for purchase online, with varying degrees of stealthiness. Be sure to research all of your options carefully. Popular programs include:
  • Actual Keylogger
  • Spyrix Free Keylogger
  • BlackBox Express
  • KidLogger
  • NetBull
2
Install the keylogger on the target's computer. This will require administrator access to the target's computer. On many computers, the password will be "admin" or will just be blank.
  • The process for installing the keylogger varies depending on the program you are using.
  • Installing a keylogger without the other person knowing is illegal.

3
Start the keylogger service. Start the service so that it begins recording keystrokes. The process for this will vary depending on the program you are using. You may have to configure the program to record keys if it has multiple functions.

  1. 4
    Let the keylogger run while the target uses the computer. The keylogger will likely capture a lot of information. You can filter based on the window that the user is typing in.
5
View the logs. Some keyloggers will send the logs to your email. Others will require you to export them from the computer that the program is running on. Browse through the logs until you find what you suspect to be the target's Gmail password. You may be able to filter by the Gmail login page.
  • If the keylogger doesn't send you the logs via email, you'll need to access the program on the computer you installed it on to view them.
1
Open the web browser that your target uses on their computer. You must have access to that person's computer. Try this when they're out of the room or you know that you have a few minutes alone.
  • Open a link from an email or a Help menu to launch the default browser.

Open the password manager. The process for accessing the password manager is different depending on the browser you are using.
  • Internet Explorer - Click the Gear button or the Tools menu and select "Internet Options." Click the "Content" tab and then click the "Settings" button in the AutoComplete section. Select "Manage Passwords" from the new window.
  • Chrome - Click the Chrome Menu button (☰) and select "Settings." Click the "Show advanced settings" link and then scroll to the "Passwords and forms" section. Click "Manage passwords."
  • Firefox - Click the Firefox Menu button (☰) and select "Options." Click the "Security" tab and then click "Saved Passwords."
  • Safari - Click the Safari menu and select "Preferences." Click the "Passwords" tab.
3
Find the password for your target's Google account. Use the search bar in the password manager to search for "google". This is the quickest way to narrow down the list of passwords. Look for the "accounts.google.com" entry for the target's Gmail address.

4
Display the password. Select the password and then click the "Show" or "Show Password" button. You may have to enter the administrator password for the computer before the passwords are displayed.

5
Write down the password and then close the password manager. Make note of the password as well as the exact Gmail address. Close the password manager when you are done to cover your tracks.

6
Try the password from another computer. If the target has not enabled two-factor authentication, then you should be able to access the account. The target will likely be notified that a login has occurred from an unknown browser.
  • If the target has two-factor authentication activated, then you will need the code that is sent to their mobile device. There is no way around this if it is activated.
link here 
https://www.youtube.com/watch?v=MCVpnYTAV00
at 1 comment:

Sunday 26 June 2016

how to hack website

More people have access to the internet than ever before. This has prompted many organizations to develop web based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers.
In this article, we will introduce you to web applications hacking techniques and the counter measures you can put in place to protect against such attacks.

What is a web application? What are Web Threats?

A web application (aka website) is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C# and VB.Net, PHP, ColdFusion Markup Language etc. the database engines used in web applications include MySQL, MS SQL Server, PostgreSQL, SQLite etc.
Most web applications are hosted on public servers accessible via the internet. This makes them vulnerable to attacks due to easy accessibility. The following are common web application threats.
  • SQL Injection – the goal of this threat could be to bypass login algorithms, sabotage the data etc.
  • Denial of Service Attacks– the goal of this threat could be to deny legitimate users access to the resource
  • Cross Site Scripting XSS– the goal of this threat could be to inject code that can be executed on the client side browser.
  • Cookie/Session Poisoning– the goal of this threat is to modify cookies/session data by an attacker to gain unauthorized access.
  • Form tempering– the goal of this threat is to modify form data such as prices in e-commerce applications so that the attacker can get items at reduced prices.
  • Code Injection – the goal of this threat is to inject code such as PHP, python etc that can be executed on the server. The code can install backdoors, reveal sensitive information etc.
  • Defacement– the goal of this threat is to modify the page been displayed on a website and redirecting all page requests to a single page that contains the attacker’s message.

How to protect your Website against hacks ?

An organization can adopt the following policy to protect itself against web server attacks.
  • SQL Injection– sanitizing and validating user parameters before submitting them to the database for processing can help reduce the chances of been attacked via SQL Injection. Database engines such as MS SQL Server, MySQL etc support parameters and prepared statements. They are much safer than traditional SQL statements
  • Denial of Service Attacks – firewalls can be used to drop traffic from suspicious IP address if the attack is a simple DoS. Proper configuration of networks and Intrusion Detection System can also help reduce the chances of a DoS attack been successful.
  • Cross Site Scripting – validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values can help reduce XSS attacks.
  • Cookie/Session Poisoning– this can be prevented by encrypting the contents of the cookies, timing out the cookies after some time, associating the cookies with the client IP address that was used to create them.
  • Form tempering – this can be prevented by validating and verifying the user input before processing it.
  • Code Injection - this can be prevented by treating all parameters as data rather than executable code. Sanitization and validation can be used to implement this.
  • Defacement – a good web application development security policy should ensure that it seals the commonly used vulnerabilities to access the web server. This can be proper configuration of the operating system, web server software and best security practices when developing web applications.

Hacking Activity: Hack a Website

In this practical scenario, we are going to hijack the user session of the web application located atwww.techpanda.org. We will use cross site scripting to read the cookie session id then use it to impersonate a legitimate user session.
The assumption made is that the attacker has access to the web application and he would like to hijack the sessions of other users that use the same application. The goal of this attack could be to gain admin access to the web application assuming the attacker’s access account is a limited one.
Getting started
  • Open http://www.techpanda.org/
  • For practice purposes, it is strongly recommended to gain access using SQL Injection. Refer to this article for more information on how to do that.
  • The login email is admin@google.com, the password is Password2010
  • If you have logged in successfully, then you will get the following dashboard
  • Click on Add New Contact
  • Enter the following as the first name

HERE,
The above code uses JavaScriptIt adds a hyperlink with an onclick event. When the unsuspecting user clicks the link, the event retrieves the PHP cookie session ID and sends it to the snatch_sess_id.php page together with the session id in the URL
  • Enter the remaining details as shown below
  • Click on Save Changes

  • Your dashboard will now look like the following screen
  • Since the cross site script code is stored in the database, it will be loaded everytime the users with access rights login
  • Let’s suppose the administrator logins and clicks on the hyperlink that says Dark
  • He/she will get the window with the session id showing in the URL
Note: the script could be sending the value to some remote server where the PHPSESSID is stored then the user redirected back to the website as if nothing happened.
The PHPSESSID is board and it is the part that we are interested in.
Note: the value you get may be different from the one in this tutorial but the concept is the same

Session Impersonation using Firefox and Tamper Data add-on

The flowchart below shows the steps that you must take in order to successfully complete this exercise.
  • You will need Firefox web browser for this section and Tamper Data add-on
  • Open Firefox and install the add as shown in the diagrams below
  • Search for tamper data then click on install as shown above
  • Click on Accept and Install…
  • Click on Restart now when the installation completes
  • Enable the menu bar in Firefox if it is not shown
  • Click on tools menu then select Tamper Data as shown below
  • You will get the following window.  Note: If the windows is not empty, hit the clear button
  • Click on Start Tamper menu
  • Switch back to Firefox web browser, type http://www.techpanda.org/dashboard.php then press the enter key to load the page
  • You will get the following pop up from Tamper Data
  • The pop up window has three (3) options. The Tamper option allows you to modify the HTTP header information before it is submitted to the server.
  • Click on it
  • You will get the following window
  • Copy the PHP session ID you copied from the attack URL and paste it after the equal sign. Your value should now look like this
PHPSESSID=2DVLTIPP2N8LDBN11B2RA76LM2
  • Click on OK button
  • You will get the Tamper data popup window again
  • Uncheck the checkbox that asks Continue Tampering?
  • Click on submit button when done
  • You should be able to see the dashboard as shown below
Note: we did not login, we impersonated a login session using the PHPSESSID value we retrieved using cross site scripting

Summary

  • A web application is based on the server-client model. The client side uses the web browser to access the resources on the server.
  • Web applications are usually accessible over the internet. This makes them vulnerable to attacks.
  • Web application threats include SQL injection, Code Injection, XSS, Defacement, Cookie poisoning etc.
  • A good security policy when developing web applications can help make them secure.

at No comments:

How to crack password of an Application

Information is a valuable resource. It needs to be accessed and shared with legitimate people. Towards that end, access to information is usually protected via the use of authentication systems. Password cracking is the process of attempting to gain un-authorized access to restricted systems using common passwords or algorithms that guess passwords.
In this article, we will introduce you to the common password cracking techniques and the counter measures you can implement to protect systems against such attacks.

What is password cracking?

Password cracking is the art of obtaining the correct password that gives access to a system protected by an authentication method. Password cracking employs a number of techniques to achieve its goals. The cracking process can involve either comparing stored passwords against word list or using algorithms to generate passwords that match.

What is password strength?

Password strength is the measure of a password’s efficiency to resist password cracking attacks. The strength of a password is determined by;
  • Length: the number of characters the password contains.
  • Complexity: does it use a combination of letters, numbers and symbol?
  • Unpredictability: is it something that can be guessed easily by an attacker?
Let’s now look at a practical example. We will use three passwords namely
1.  password
2.  password1
3.  #password1$
 For this example, we will use the password strength indicator of Cpanel when creating passwords. The images below show the password strengths of each of the above listed passwords.
Note: the password used is password the strength is 1 and it’s very weak.
Note: the password used is password1 the strength is 28 and it’s still weak.
Note: The password used is #password1$ the strength is 60 and it’s strong.
The higher the strength number, better the password.
Let’s suppose that we have to store our above passwords using md5 encryption. We will use an onlinemd5convertor to convert our passwords into md5 hashes.
 The table below shows the password hashes
Password
MD5 Hash
Cpanel Strength Indicator
password
5f4dcc3b5aa765d61d8327deb882cf99
1
password1
7c6a180b36896a0a8c02787eeafb0e4c
28
#password1$
29e08fb7103c327d68327f23d8d9256c
60

As you can see from the above results, we managed to crack the first and second passwords that had lower strength numbers. We didn’t manage to crack the third password which was longer, complex and unpredictable. It had a higher strength number.

Password cracking techniques

There are a number of techniques that can be used to crack passwords. We will describe the most commonly used ones below;
  • Dictionary attack– This method involves the use of a wordlist to compare against user passwords.
  • Brute force attack– This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack. For example, a password of the value “password” can also be tried as p@$$word using the brute force attack.
  • Rainbow table attack– This method uses pre-computed hashes. Let’s assume that we have database which stores passwords as md5 hashes. We can create another  database that has md5 hashes of commonly used passwords. We can then compare the password hash we have against the stored hashes in the database. If a match is found then we have the password.
  • Guess– As the name suggests, this method involves guessing. Passwords such as qwerty, password, admin etc. are commonly used or set as default passwords. If they have not been changed or if the user is careless when selecting passwords, then they can be easily compromised.
  • Spidering– Most organizations use passwords that contain company information. This information can be found on company websites, social media such as facebook, twitter etc. Spidering gathers information from these sources to come up with word lists. The word list is then used to perform dictionary and brute force attacks.Spidering sample dictionary attack wordlist
    1976 <founder birth year>

smith jones <founder name>

acme <company name/initials>

built|to|last <words in company vision/mission>

golfing|chess|soccer <founders hobbies

    Password cracking tool

    These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths.uses a rainbow table to crack passwords. We will now look at some of the commonly used tools
    John the Ripper
    John the Ripper uses the command prompt to crack passwords. This makes it suitable for advanced users who are comfortable working with commands. It uses to wordlist to crack passwords. The program is free but the word list has to be bought for more information and how to use it.
    Cain & Abel
    Cain & Abel runs on windows. It is used to recover passwords for user accounts, recovery of Microsoft Access passwords; networking sniffing etc. Unlike John the ripper, Cain & Abel uses a graphic user interface. It is very common among newbies and script kiddies because of its simplicity of use. for more information and how to use it.
    Ophcrack
    Ophcrack is a cross platform windows password cracker that uses rainbow tables to crack passwords. It runs on windows, Linux and Mac OS. It also has a module for brute force attacks among other features.  for more information and how to use it.

    Password Cracking Counter Measures

    • An organization can use the following methods to reduce the chances of the passwords been cracked
    • Avoid short and easily predicable passwords
    • Avoid using passwords with predictable patterns such as 11552266.
    • Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
    • Most registration system have password strength indicators, organizations must adopt policies that favor high password strength numbers.

    Hacking Activity: Hack Now!

    In this practical scenario, we are going to crack a windows account with a simple passwordWindows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.
    Cain and Abel cracker can be used to crack passwords using;
    • Dictionary attack
    • Brute force
    • Cryptanalysis
    For this demonstration, we have created an account called Accounts with the password qwerty on windows 7.

    Password cracking steps

    • Open Cain and Abel, you will get the following main screen
    • Make sure the cracker tab is selected as shown above
    • Click on the add button on the toolbar.
    • The following dialog window will appear
    • The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine.
    • Right click on the account you want to crack. For this tutorial, we will  use  Accounts as the user account.
    • The following screen will appear
    • Right click on the dictionary section and select Add to list menu as shown above
    • Browse to the 10k most common.txt file that you just downloaded
    • Click on start button
    • If the user used a simple password like qwerty, then you should be able to get the following results.
    • Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
    • If the password is not cracked using dictionary attack, you can try brute force or cryptanalysis attacks.

    Summary

    • Password cracking is the art of recovering stored or transmitted passwords.
    • Password strength is determined by the length, complexity and unpredictability of a password value.
    • Common password techniques include dictionary attacks, brute force, rainbow tables, spidering and cracking.
    • Password cracking tools simplify the process of cracking passwords.
at No comments:

Saturday 25 June 2016

How to crack the WEP code or password for Wi-Fi

Because of potential abuse, Computer Hope does not assist users in bypassing security measures. If this is your wireless router, and you forgot the WEP code, WPA code, or other password, open your router setup and enter the wireless security section. Within the wireless security section, you will see the WEP or another security password that can be used to access your wireless network.
If you forgot the router setup password, you need toreset your router and re-run the setup so that your password and WEP can be reconfigured with a password that you will remember.

How to can I crack my neighbors Wi-Fi password

We do not assist anyone with breaking any Wi-Fi security for any device, not only is it an invasion of privacy, it is against the law. If you want access to your neighbors router ask them for their code.
Tip: If you have Comcast (XFINITY) and your neighbor is also using a Comcast wireless router you can connect to their router using your Comcast account.

Crack

CrackAlternatively referred to as crackz, a crack is a software program or script that is designed to bypass software protection or decipher or determine a username and password. These programs are almost always used to gain illegal access or run a program that was not purchased.
at No comments:
Labels:

Tuesday 21 June 2016

How to Break WordPress Password

Most of the time we watch that when do something good with a website when somebody hack our website whereby all hard work convert into garbage within seconds. It gives pain because we do hard work on a website from many couple of month or years where we receive zero after the hack website. WordPress is the strong place for building commercial website where most of the website developers are taking too much interest now these days. WordPress password should be strong and immeasurable otherwise you will get lose from website security. Security breaking system has been common now these days where newbie tries their skills on website and hack them for their professional advantage. Let’s start the lesson that how to break wordpress website.

Break wordpress through SQL injection

  1. Check it out all website’s coding and developing art that how to developer use code for the website.
  2. Go to the plug-in files and check it out all SQL related coding and find the chance to hack a website.
  3. Queries become main reason behind hacking a website that’s why we should more concentrate upon it.
  4. Usually, hackers like to use “union query” and fetch with website’ database to get information about owner.
  5. Hackers check all tables and rows of wp-user and relate it with their email addresses.
  6. This is the example of it. (-1 union Select 1,2,3,4,5,6,group_concat(user_login,—-,user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40 from wp_users)

How to Break WordPress Admin Password

WordPress admin password is not a big deal but it has much importance in our life because it is our first sign up where we enter into the website’s dashboard without any problem as an author. Here, we can do anything change and modification so there is no limitation here for us. Suppose, if a hacker has been success to break your admin password then what will happen with you. Now, you can think about it because most of the website gets problems from here. WordPress admin password is the main key of secret information that contains all kind of information about website. Keep secure it and maintain with update information. People will search “how to break wordpress admin passoword” but you have to stand with strong security updates.
  • First, try to get email information of owner because most of the users keep their secrets in email id.
  • Check all plug-in files and search config files because these kind of files remain coding secrets that release admin password.
  • <“Select * From “.$wpdb->prefix.”allvideogallery_profiles Where id=”.$_pid>
  • Hackers give force to queries because developers like to use variable direct in queries without any type casting because they think that it is common issue, which will not create problem for us. It becomes reason to hack a website.
  • $_pid=$_GET[‘pid’]> it is the real example of using variable where developers leave type casting.

How to Break WordPress Posts into Pages

Post pagination is the simple and most advantageous facility in the wordpress website where we can break posts into pages through this manner because it becomes pages comfortable and user-friendly. Now these days, website’s content has been long and professional bloggers are writing more than 2000 words that’s why most of the websites could not publish data on single page where create duplicity andpost pagination save us from this kind of problem. Posts into pages are the part of wordpress hacking because hackers hacked those people website that could not good use of post pagination. We need to define it clearly and avoid how to break wordpress settings.

How to Break WordPress Home Page

Home page is one of the most visiting places for a website where a visitor comes first and watches website’s strategy. Most of the hackers make target this page instead of deep link pages. WordPress home page should be static which should be separate from header, footer, side bar navigation and main body area. It should be clean and upgrade otherwise old information has maximum chance to hacking purpose. a website never can be complete without home page creation that’s why each web developer make home page first. How to break wordpress home page is not so tough for hackers because most of the web developers do not use paid version and authorized theme that’s why most of the website have been easily hacked by hackers
  • Keep clean your HTML and compress it after creation because it should not large more than 32KB according to standard rules.
  • Keep proper use of paragraph tag (<p>) and break tag (<br>) to become home page identical for visitors.
  • When you decide a theme for a website then use this code (the_excerpt() instead of the_content()) to make your home page secure from hackers.
  • Keep all coding paste in the notepad and save it in the computer’s folder for next time backup because it will help after hacked a website.
  • Integrate text with visual wysiwyg text editor and adhere all rules and regulations about formatting issues.
.
at No comments:
Subscribe to: Posts (Atom)