Posts

Showing posts from March, 2013

MAC Address Spoofing

Image
MAC Address Media Access Control (MAC) address is a unique identifier or a serial number assigned to a network interface. This unique identifier is used in the Media Access Control protocol. It is hard coded in the read only memory of your NIC (network interface card). MAC addresses are used for routing packets between physical devices (i.e. network interface cards) on networks. Most important thing is that no two NIC card in the world can have same MAC address. MAC Spoofing MAC Spoofing is the way of changing the MAC address of a NIC on a network. By using MAC Spoofing, you will never by pass server access control list. It is only used to hide your identity on the network and it allows network devices to impersonate another network device. In IP Spoofing, response came to the original MAC Address Spoofing With SMAC SMAC is a nice tool that can help you in spoofing MAC address of your NIC. This tool is available for Windows and works on Windows VISTA, XP, 2003, and 2000 sy

Create your own Trojan horse virus

Image
Here i am going to describe a tool name ProRAT which is used to create Trojan virus. First of all you need to download ProRAT from this link   Download You will also get a tutorial with this setup so there's no need to explain more. Now run the ProRAT. we will create a server, which you will send to the victim. Click "Create", and a window will pop up. Then choose the way how you want to be notified, and fill in the necessary details. If you want to use Pro-connective, then tick the appropriate box. Now, click on the general settings tab, and choose a name for your victim, and make a password for your server. Tick whatever boxes you want. If you wish to bind with a file, then click on that tab. The last two tabs will allow you to choose an icon and a sever Extension. Now, Click the create server button. Now your server is ready. Now we have to send this server to the victim, and get their ip. Once you have done this, and victim has got the server, go on to the c

Packet Sniffer for Android phones

Image
This is a nice app to capture and display WiFi and bluetooth traffic on Android phones. But for using this app, you have to root your phone and have "su" command install. This app is based on the tcpdump package therefor it have to be installed manually. 1. Download and Install PacketSniffer App from the market or from the following link. 2. Copy the precompiled TCPDUMP file to the "/data"  library on your phone:                  first make sure your "/data" library has READ and WRITE privileges. if not use:  "chmod 777 data"               in order to copy use the following command if you have ADB :"adb push c:\locationOfTheTcpdumpFile /data"             in case you don't have ADB you can copy the tcpdump file to the SD card and do:  "cat /sdcard/tcpdump > /data/tcpdump  3. Give the tcpdump file Read Write and Exec privileges :    "chmod 777 /data/tcpdump" Before you start to capture you can pick weat

Man In the Middle (MITM) method

Image
Man in the middle attack is a type of attack in which the attacker intercept into the existing connection and breaks it in two different connections, one between the client and the attacker and the other between the attacker and the server. Now all the data would go through the attacker and he would be able to read, modify and insert data in the communication. Man in the middle attacks are sometimes known as fire brigade attacks. This attack is very effective on http protocol because data is seny on plain text form. It is possible to capture session cookies by header and also possible to change. MITM Attack tools There are several tools to perform a MITM attack. PacketCreator Ettercap Dsniff AirJack Cain e Abel

Session hijacking methodes

Image
When a user log in to the account  it starts a session with that account and this session ends up with log out  In a running session, user is give a session id which is unique identifier of the user for that session and is only valid for that session.It is the type of attack in which hacker gain access to the session id to gain unauthorized access to information or services in this maintain on cookies. Session hijacking is simple method to hack someone id hack like as a Facebook, g mail, Hotmail,twitter etc. Session hijacking is support on  cookies... Session hijacking can be done at 2 levels: Network level (TCP and UDP session hijacking) Application level (HTTP session hijacking) Network level (TCP and UDP session hijacking)      TCP session hijacking TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. It can be do

key logging with XSS

Image
Keylogger is the tool which is used to record the key events. We all know about the keyloggers used int the computer to capture the keystrokes. But this tutorial guide you to create and use a keylogger on a website to capture all keystrokes on that page. As the name suggest, It only works on the website that are XSS vulnerable. As we know that we can run our own scripts on those website which have XSS vulnerability. We use our Keylogging script on XSS vulnerable website. For this attack we need three things: Kelogging script. XSS vulnerable website A webhosting First of all download Keylogging script from Here: DOWNLOAD Now create an account in any free hosting web host that supports PHP. PHP will be used to write keystrokes on a text file. Now open Logger.js and change the URL of your script. Default URL is http://yourwebsite.com Change it to your hosting URL.  Now host all these scripts on your web host. Now find a XSS vulnerable website website and include script link like

WiFi password crack with fern WiFi cracker

Image
This is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools. It should work on any version of linux running the following: Requirements: python python-qt4 macchanger aircrack-ng xterm subversion For Slax Distributions, download the zipped module package on the download section, and follow the instructions in the "README" file. To install simply run the following command in terminal after changing directory to the path were the downloaded package is: root@host:~# dpkg -i Fern-Wifi-Cracker_1.2_all.deb Icons and Running the application: Software Icon can be found at the application Menu of the GNOME desktop interfaces Icon can also be found at /usr/share/applications for KDE and also GNOME: There you find "Fern_Wifi_Cracker.desktop" To get the source code for this project from SVN, here's the checkout link: root@host:~# svn checkout http://fern-wifi-cracker.googlecod

How to send self-destructing messages

Image
Today i am going to tell you how can you send the self-destructing messages. After reading the message, it will not be available  again for reading.                                   Follow these steps for sending self-remove  messages.    1. Click on this  Link .    2. Write any message you want to send  Now.    3. it will give you a link. Send this link to the person by email.    3. Then click on Create not. The note will self-destruct after being read.

Sniff WhatsApp Messenger

Image
In this post, I came up with a hack for WhatsApp messenger. If you are in a wifi network, you can easily read conversation, being sent and received via WhatsApp in the same Wifi network. You can sniff whatsApp data with an  android  device by using an app. For this, you need to download and install WhatsAppSniffer in your Android device. You can only use this app on your rooted Android phone. It sniffs conversation separated by phone numbers. So it is easy to read conversation by phone numbers Download whatsapp sniffer  

Password Cracking With Cain & Able

Image
If you have few knowledge about password cracking and know few password crackers, I am sure you already know about Cain and Able. Cain and Able is one of the most popular password cracking tools. You can learn more about this tool in our security tools gallery. Installation of Cain and Able is really simple. Just visit the official website and download it for free of cost.  Download Here These are the system requirements for this tool  At least 10MB hard disk space Microsoft Windows 2000/XP/2003/Vista OS Winpcap Packet Driver (v2.3 or above). Airpcap Packet Driver (for passive wireless sniffer / WEP cracker) After installation, run the program. Now click on Configuration menu and open configuration dialog box. Here select the desired network interface card which you use. Here you will find various tabs which you can use to configure the tool for various kind of attacks. You will find, Sniffer, AR, Filter and ports, HTTP Fields, Traceroute and other. Password Cracking As I al

FACEBOOK2ZIP BACKS UP FACEBOOK PHOTO ALBUMS IN A SINGLE ZIP

Image
To start, head over to  Facebook2Zip  and login with your Facebook credentials. From there, it’s pretty self-explanatory, choose either your own photo albums for download or choose a friend. Choosing a friend is as simple as searching on Facebook itself, just type their name and then select the album(s) of theirs for download. The album listing is displayed in block format with album titles to help you quickly find the right one.To download multiple albums at once, hold the ‘Ctrl’ key on your keyboard prior to clicking an album. All albums are archived into a single zip file for download, regardless of how many albums you choose.