Sunday, 20 September 2015

Top 10 Ways to Hack Facebook Accounts [2015]

  
Top 10 Ways to Hack Facebook Accounts 2015


So below are the Top 10 Ways to Hack Facebook Accounts :-

1. Facebook Phishing 
Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims “Email Address” and “Password” is stored in to a text file, The hacker then downloads the text file and get’s his hands on the victims credentials.


2. Keylogging 
Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealers 
Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software’s specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful.

4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan’s.

5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it’s still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it’s more targeted towards wifi users.

6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.

7. DNS Spoofing 
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.

8. USB Hacking 
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser.

9. Man In the Middle Attacks
If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article

10. Botnets 
Botnets are not commonly used for hacking facebook accounts, because of it’s high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.

Top WhatsApp Spywares 2015

  
Top WhatsApp Spywares 2015



1. iMobispy
(Available for Android, iOS, Blackberry, Windows Phone and Symbian devices)

2. StealthGenie
(Available for Android, iOS and Blackberry devices)

3. OwnSpy
(Available for Android and iOS devices)

4. MobileSpy
(Available for Android, iOS, Blackberry, Windows Phone and Symbian devices)

5. Mspy
(Available for Android, iOS, Blackberry, Windows Phone and Symbian devices)

6. FlexiSpy
(Available for Android, iOS, Blackberry and Symbian devices)

Common Methods used for Website Hacking

  
Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:

1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack


Tools commonly used to find a vulnerable website

1) Acunetix    
Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

2) Nessus
Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file securitychecks a client/server architecture with a GTK graphical interface etc.

3) Retina
Retina is another Vulnerability Assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.
Download Retina from the link below
http://www.eeye.com/downloads

4)Metasploit Framework
The Metasploit Framework is the open source penetration testing framework with the world’s largest database of public and tested exploits.
Download Metasploit from the link below :
http://www.metasploit.com/download/


Bypass Sms Verification [2015] [Updated]

  
Bypass Phone and SMS verification of Any Website [2015] [Updated]


Steps :

1) First go to this Website : Receive-Sms Online

2) Copy any one number and paste it where they are asking SMS Verification.
3) Simply come back and click the number which you have selected, check it out there is your code sent by google, youtube or whatever else.


Thursday, 17 September 2015

Denial Of Service Explained (DOS)

  
DENIAL OF SERVICE EXPLAINED (DOS)


Denial-of-service Attack is a very famous and common attack we daily experience such attacks but we are not able to figure it out.Let me define Denial-of-service (DOS) for you  a denial-of-service attack (DoS attack) or Distributed Denial-Of-Service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. What it means is sometimes we visit a website the website keeps on loading and after a while the connection from the server breaks and we get website not available error.Mostly high profile servers like bank servers, credit card payment gateways and even social services servers are targetted by hackers.


 How Denial Of Service Works

A hacker tells one or more of his computers contact a specific server or Web site repeatedly.The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely.

Some of famous Methods of Attack
● Ping of Death - bots create huge electronic packets and sends them on to victims
● Mail bomb - bots send a massive amount of e-mail, crashing e-mail servers
● Smurf Attack - bots send Internet Control Message Protocol (ICMP) messages to reflectors.
● Teardrop - bots send pieces of an illegitimate packet; the victim system tries to recombine the pieces into a packet and crashes as a result
● SYN flood-A SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a forged sender address.
● Permanent denial-of-service attacks - This attack that damages a system so badly that it requires replacement or re-installation of hardware.
● Denial-of-Service Level II -The goal of DoS L2 attack is to cause a launching of a defense mechanism which blocks the network segment from which the attack originated. In case of distributed attack or IP header modification (that depends on the kind of security behavior) it will fully block the attacked network from Internet, but without system crash.

TOOLS

LOIC (Low Orbit Ion Cannon)
LOIC was used by Project Chanology, a project by the Anonymous group, to attack websites from the Church of Scientologythen by Anonymous itself to successfully attack the Recording Industry Association of America's website in October 2010,and again during Operation Payback in December 2010 to attack the websites of companies and organizations that opposed WikiLeaks.It is an open source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain,and now is hosted on several open source platforms.The software has inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon. These enable a DoS from a web browser.LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP packets or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.

HOIC (High Orbit Ion Canon).
It is another dos tool it is not much famous like LOIC but is very powerful and has a good GUI.It is windows executable.

HULK
HULK (Http Unbearable Load King) is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

DOS prevention

●  Mitigation performance – high rate DDoS must be mitigated by specialized hardware to withstand the attack load while allowing legitimate traffic to pass through – e.g. Anti-DDoS solutions using ASIC-based DDoS Mitigation Engines
●  Reducing reaction time – Network Behavioral Analysis (NBA) technology should be utilized to automatically and accurately distinguish attack traffic from legitimate traffic – at all layers including layer-7 (e.g. HTTP)
●  Blocking multiple attack vectors – using NBA, IPS and DoS technologies within a single Anti-DDoS solution ensures no attack is overlooked during a multi-vector attack campaign.
●  Firewalls like nexusguard,cloudflare etc helps protect ddos attacks efficiently by providing reverse ip proxy and limiting ping from a certain ip.
●  Apart from Web Firewalls,Firewalls for system like iptables and comodo are also very helpful in preventing ddos attacks. They block the ip of the attacker which kick him off the server.
●  Web Server matters most ddos attack fail to exploit nginx.
●  For bandwidth saturation attacks, make sure your service provider can mitigate volumetric attacks that may saturate your bandwidth.



Note : Always Configure your firewalls,ports and other server mechanism correctly becuase I have seen cases where the admin has not configured his firewall correctly and becomes a victim of DDOS.

Note For Server Administrators: A fact is despite being designed to provide network security, firewalls and intrusion prevention systems (IPS) are impacted by DDoS attacks.To stop DDoS attacks you can also go for dedicated hardware solutions.

Tuesday, 8 September 2015

Latest Hack Bar r0ot-K4jji-v1.6.5 Download

  
Hello Guys,
Today I am gonna share with you the Latest hack bar which is Designed by KAZMI GUJJAR (Code name: R00T-k4jji)

Features

·        Sqli basics 
·        MYSQL ,MMSQL CHAR
·        UNION BASE
·        EURROR/DOUBLE QUERY
·        JS-ON/OFF
·        LIVE HTTP Header
·        TEMPER DATA
·        WAF BYPASS
·        *HTML
·        ENCRYPTION
·        XSS 


Download it from here

Please comment below and share your valuable feedback :)