How To Hack HTTP Passwords With Wireshark

Most of the websites on the Internet use HTTP protocol for comunication which runs on Port 80, The data send to the server is Un-encrpypted and goes in plain text. If you are using HTTPS (Port 443), The data will be send to the server encrypted. When ever you enter the data in a Form, Your browser either sends a POST Or Get Request to the webserver, In most cases you will see POST method used in forms. Now most of the websites on the internet use Http protocol for the authentication, which enables an attacker on the local area network to sniff every thing that goes through that form, That's the reason why you see websites like Paypal, Ebay, Gmail with https.


In this tutorial, I will show you how a hacker can hack passwords sent via http to the server with wireshark. Wireshark is a network analysis tool used to capture and analyze all the packets being send from your computer to the server.

Attack Scenario

Let's suppose that you went to starbucks to have a coffee with your friend, You have connected to the wifi hotspot, An attacker comes in and starts wireshark and captures your HTTP Post passwords and therefore compromising your security.

How To Hack HTTP Passwords With Wireshark

Before, you i show you how to hack http passwords, i would like to let you know that for a successful capture, your network card should be in Promiscuous mode, which will enable to capture all the traffic going through your network.

Step 1 - First of all download wireshark from the official website and install it on your computer.

Step 2 - Next open up wireshark click on analyze and click on interfaces at the top.


Step 3 - Next choose the appropriate interface and click on start. Wireshark would start sniffing the network.

Step 4 - Continue sniffing for around 10 minutes. Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

In the mean time, Log into any website (For Testing Purposes), having http Authentication.

Step 6 - Next set the filter to http.request.method == "POST", This will enable it to capture all the HTTP Post request going through your computer. Start analyzing the packets and locate the website in which you logged in having http authentication.

Step 7 - Next click on Follow TCP stream. You will see the username and password that you entered. In this particular senario i logged in my wordpress account, where i entered the username:admin and password:rafayhackingarticles, Since wordpress uses http for authentication, The data that was entered was successfully captured.

Countermeasures

The best countermeasure would be to use a VPN, so that all the traffic would be encrpyted.

You Might Also like:

• Hack A Facebook Password With ARP Posinoning

Read more

by Malik korrich ~ jeudi 6 décembre 2012 0 commentaires

Ethical Hacking Vs Penetration Testing

Recently a reader posted a comment on our previous post "jSQL Injection - Java GUI for Database Injection.", where he asked about the difference between Ethical hacking And Penetration testing, As i said in the reply of that comment that it has been highly debatable topic among security researchers and hackers. According to some people "Hacking" cannot be Ethical in any way and lots of people do not like to associate the term "Ethical hacker" with them. According to some people both of them have same meaning and the term "hacker" is used to attract people for their courses and training programs.


However, the opinion of the people on the other side is that "Ethical hacking" should not be confused with Penetration testing and both of them are different terminologies and have different goals.

According to Ec-Council:

Penetration Testing: 
A goal-oriented project of which the goal is the trophy and includes gaining privileged access by pre-conditional means. 

Ethical Hacking: 
A penetration test of which the goal is to discover trophies throughout the network within the predetermined project time limit.

I found a more better explanations for both of these terms on likedln group discussion:

A penetration test is a formal set of procedures that measure an organizations security, are sanctioned by the organizations business and seek to improve the organizations security. 

Hacking is a very broad term. It's original meaning was simply to program or create devices as creative outleta and for pleasure. It has now acquired a darker meaning though among practioners, both meanings are used and context defines the sense of it. 

A hacking approach, to Pen testing can be useful because it would seek to find novel means of penetration before an attacker does. It still needs to be sanctioned and it should be done with a view to maintaining the clients operational reliability. In short, the person doing the hacking should have real professional mastery and control of what they are doing. 

According to Pen-test.com:

Penetration testing is a more narrowly focused phrase, it deals with the process of finding flaws in a target environment with the goal of penetration systems, taking control of them. Penetration testing, as the name implies, is focused on penetration the target organization’s defenses, compromising systems and getting access to information.

Ethical hacking is an expansive term encompassing all hacking techniques, and computer attack techniques to find security flaws with the permission of the target owner and the goal of improving the target’s security while penetration testing is more focused on the process of finding vulnerabilities in a target environment. In short, penetration testing is a subset of ethical hacking.



I hope the above clears the difference between Ethical hacking and Penetration Testing.

Read more

by Malik korrich ~ mercredi 24 octobre 2012 0 commentaires

Which Programming Language To Learn For Hacking?

                                                   

Having the prior knowledge of programming is something which will separate you from all the other script kiddes( Wanna be hackers) and other tool lovers out there, Lots of times during penetration tests you come across a point where you need to write or build your own custom scripts and programs this is where the knowledge of programming comes handy.

The other and by the far the most important advantage of programming is that you will be able to understand exploit codes and even learn to write them too, Though there are softwares which have made the process of exploit writing much simpler, but you still need to have a solid grasp of programming languages in order to know how the exploits work.

Now that you have understood the importance of learning programming languages, You might be asking yourself “where to began”, “Which programming language” should I began learning with, Don’t worry, I have seen these types of questions asked a lot in various hacking communities and forums, The answer to these questions is that it depends on your interest.

Web Hacking


Now if you are interested in webhacking subject, subject then I would recommend you to learn the following languages:

1. HTML – Start with Html if you don’t know it


2. Javascript – Next learn javascript, which will help you understanding the fundamentals of cross site scripting which will be explained later in this book.

3. SQL Databases – You should learn to work with databases, which will help you to understand the fundamentals of SQL Injection attacks which will be also explained later in this book when we come to the Web Application hacking chapter.

4. PHP – Learning PHP should be your one of your first priorities if you want to understand the mechanisms behind the web hacking attacks. I would recommend you to learn it as soon as possible.

Recommended Sources:

5. W3schools – W3schools has wide variety of e-learning courses including languages like PHP, HTML, Javascripts etc, If you have zero knowledge of programming languages try starting with HTML and javascript.


Exploit Writing


Exploit writing is a very difficult segment in hacking as it requires pure programming knowledge, which is why I will not recommend you to start with exploit writing, Exploits are/can be coded in almost any programming language e.g C/C++, Python, Perl etc, but more than 50% of the exploits you will find on the web will be coded in C/C++ languages because they were present before any one of other languages. Languages such as C and C++ are considered as programming languages where as languages such as ruby, perl and python are considered more as scripting languages.

I would recommend you to start with C languages and then to C++, C/C++ have lots of similarities, so if you could get a good grasp on any one of them you can learn the other one easily.

Ruby

Talking about scripting languages, I would recommend you to start with Ruby, Ruby is one of my most favorite programming language as it’s purely objected oriented which means that everything you work on is an object. Ruby is really useful when it comes to exploit writing, Ruby is used for coding meterpreter scripts and what could be more better that the Metasploit framework itself was coded in ruby language.

Python

Python is also a very useful programming language, it can also be used for exploit writing, If you go for python first then make sure that you learn Python socket programming as it will help you a lot in the exploit creation process.

PERL

Talking about PERL, it’s also used widely for exploit writing, you will find lots of exploits out there written in PERL, but the problem is that perl is really difficult compared to other languages such as ruby and python, so I would recommend you to learn it at the very end.


Reverse Engineering

Reverse engineering is an act of tampering softwares, applications to make them work out way, If you are interested in reverse engineering and software cracking stuffs then you would surely need to learn Assembly language.

Reverse Engineering Tutorials:

• Reverse Engineering Tutorial For Newbies
• Reverse Engineering Tutorial For Newbies - Part 2
• Reverse Engineering Tutorial For Newbies - Part 3

If you are serious about learning to code in assembly then I would recommend you to read jeff Duterman’s “Assembly Language Step-by-step” book.

This concludes our chapter “Hacking And Programming”, One thing I would like to point out that learning 10 different programming languages is not a big deal but mastering a one is surely very difficult, Consider picking up a programming language to learn and make sure that you keep practicing it.

Read more

by Malik korrich ~ mercredi 18 janvier 2012 0 commentaires

Learn how to hack with the Hackers academy

How to hack?, I get this question asked daily, Lots of people are curious to learn Ethical hacking but they do not know where to start, Any one can become a fairly good Ethical Hacker if he/she can learn from basics and he/she should have a place to practice what he learned

This is where The Hacker's Academy comes into play, If you are a beginner or intermediate or advanced this is still for you, The Hackers Academy is one of the most professional online Ethical Hacking and penetration testing institute, one of the best parts of hackers academy i like is that they give you labs(A place where you can practice) so you can try the concepts for your self

The course will contain of audio recording and video recordings but the most important part is that once you are a member of hackers academy they will tell you exactly how you can create Labs so you can practice what you have learned.

If you get stuck some where then they have professionals 24/7 there to help you out with any problem you have or any question you have. The Hackers Academy course will also prepare you for different types of certifications, once you become a member of The Hackers Academy and I can say it surely that you will pass any type of Ethical hacking certifications and tests

The membership program also has a 30 day money back guarantee, so you have nothing to loose!, If you are unhappy with them, then they will return your every penny

So what are you waiting for, Don't wait until you loose your chance!Get it now!

Read more

by Malik korrich ~ dimanche 30 janvier 2011 0 commentaires

Black Hat Hacker’s Tricks To Hack Into Secure Systems

Black hat hacking is the term given to the course of action on protruding into the security system of a computer to get access to the computer network connectivity with out the knowledge of the authentication party. As long as the internet connectivity serves in best message transaction and other such features of information storage, black hat hackers are expected to play their role of hacking the secure private data.
There are a variety of hacking tips and techniques that each hacker exploits challenging to crack the system security. We also have certain software applications to make the hacking progression easier. Black hat Hackers makes their toils on the psychological stipulations to inflate the crack deep for passwords and user id of a system. As Security openness is one of the ill-fated and obvious parts of computation structure today.

Black hat tips and techniques

Black hat briefings brings together a team of legislative body from federal organization along with a set of professional and expertise hackers towards a conference on keeping up computer security. Black hat briefings and trainings are being provided from specific vendors who work upon neutralizing the vendor conferencing.

Black hat cloaking is a form of Search Engine Optimization approach where the data passed to the search engine spider is varied from that of the user’s browser. It is performed based on the user agent HTTP header who requests for the page. The rationale of the black hat cloaking is to swindle the search engine to exhibit the page at times of not available to display.

Ollydbg and IDA pro are the effective hacker tools that are well-versed in debugging, which is utilized generally to analysis and sort out the set of codes. Ollydbg is limited to function with 32 bit files while IDA pro can work on 32 as well as 64 bit files.

Usually a computer system or phone or network is being hacked for malevolent motive such as fraudulence over credit cards, identity cards, piracy and theft of data from secure systems. Jonathan James, Adrian Lamom and Kevin Mitnick holds the top place in perfect hacking technique.

Both the black hat hackers and white hat crackers come up with similar pattern of cracking the system’s security to make their job done. In a hacker tool box one can find various tools that are being utilized in hacking course of time as they discover and utilize the network with special softwares to overturn a series of coding.

Author bio

Corliss Jennica, The author of this article has got keen knowledge on bringing out various issues related to the black hat hackers technique. Feel free to contact her on further hacking tips and guidance on computer system security.

Read more

by Malik korrich ~ mercredi 29 décembre 2010 0 commentaires

What is Social Enginering in the field of Hacking?

Social engineering is defined as the process of obtaining others passwords or personal information by the act of manipulating people rather than by breaking in or using technical cracking techniques. Here I will show you an example on how social engineering works
Example 1

Robert (Hacker) calls Michael and pretends to be a Google employee, Here is the
conversation:

Robert: Hi Michael I am Robert a Google employee

Michael: OH How are you doing?

Robert: Me fine. I am here to inform you that Google is performing a security update on all Google accounts and we therefore need to install those securities updates on
your account.

Michael: Yes kindly install those security updates.

Robert: Thanks for your interest in our security updates we will require your account
password for installing it.

Michael (Victim) has become a victim of social engineering, he will give out his password thinking that the person whom he was chatting was a Google employee.

Note: The Hacker will create an account similar to

Googleupdates(at)gmail.com
Securityupdates(at)gmail.com

Example 2

You may receive an email from saying that your computer is infected with virus and to eliminate this virus you need to install a tool. The tool will not eliminate virus from your computer but instead it will give access to your computer and all data stored on
it.

Remember: Never give out details, or secure information such as your passwords. Use passwords that aren’t anything to do with your age/DOB/FirstName/Surname etc. All of that can be found too easily.

This article was a part of my book A Beginners Guide To Ethical Hacking, if you are a beginner and want to Learn Ethical hacking I suggest you to purchase a copy of my book

Read more

by Malik korrich ~ mardi 7 septembre 2010 0 commentaires

How to hack a remote Computer with telnet

This article is posted on request of Mr Sehaj Mathur who is one of my blog readers,Telnet is a service gives the users to access a host and perform as if they were working, If you call yourself a Hacker you must be able to do telnet.It can be done in many ways, be careful not to try from your home because a tons of hackers have been busted for doing this,I recommend you reading my article on 15 tips on How to Survive as a Hacker to protect yourself from being caught while HackingWell there are many methods to hack with telnet but i will tell you about two simplest method to hack with telnet:


Hack a remote computer with telnet Method 1:

Before looking at this method to Hack with telnet you must know that what are ports?There are two kinds of ports-Physical(HardWare) and Virtual(Software)You may be thinking of ports to be the slots behind your CPU to whichy ou connect your Mouse or Keyboard or your monitor. These sockets are called physical ports .We are here interested in only virtual ports.It is nothing physical but it is kind of a virtual pipe through which information can go in and out of the computer. 

A particular computer can have a large number of ports. All ports are numbered .Now at each port a particular service is running. A software which runs on a port is called service . For interchanging different kinds of information different ports are used. A typical list shows the various ports

Ping : 7
Systat : 11
Time : 13
NetStat : 15
SSH : 22
Telnet : 23
SMTP : 25
Whois : 43
Finger : 79
HTTP : 80
POP : 110

Method 2


You can connect to a remote computer at a particular port. When you are connected to that port then you can interchange information related to that particular port only. Ports can be open or closed. If a particular port of a computer is closed then you can not connect to that computer
on that port. Generally most of the computers have atleast 5 or 6 ports open


First goto run and type telnet:

Once the Telnet windows pops up click on Connect->RemoteSystem then in the host name type the host i.e. the IP address of the remote computer or the website you want to connect to . Then in the Port select the port you want to connect to . You can only connect to ports which are open on the host computer.Almost always leave the TermType to vt100.We use vt100 as it is compatible with most monitors . 

Then click connect and you will be connected to the remote machine in some time. The syntax of the telnet command from DOS prompt is C:\>telnet.
By default port is taken as 23. Scroll down and read more about ports

The first thing you have to do if you want to hack with Telnet, is find your local Telnet phone number.This can be done many ways. One way that always works, is to call up your local computer store, tel them that you recently purchased The Source or something like that, but that you lost the sheet that has the phone no. written on it.They'll tell it to you. (People who work in computer stores usualy aren't very smart
about that sort of thing.)

Call the number with your computer. Once the connection is established,
press twice. the computer will display "TERMINAL=" Type again. The computer will then display an at sign: "" Type in the access code here.:below are some access codes listed

(But please don't misuse it)
------------------------------------------------------------------------
Telemail
--------
To use the Telemail feature of Telenet, type mail at the "" prompt.
User id's are usually the first initial of the user's first name, plus
the last name.
eg- William gates= Wgates


-------------------------------------------------------------------------
C 20120 - VM 370 ONLINE
C 20124N- NEW YORK TIME INFORMATION SERVICE
C 20125 - NJIT ELECTRONIC INFORMATION
C 20130
C 20133
C 20138
C 20148
C 20154
C 20165
C 20166
C 20167 - WARNER COMPUTER SYSTEMS
C 20168 - WARNER COMPUTER SYSTEMS
C 20171
C 20182 - BANKERS TRUST CUSTOMER SERVICE
C 20184
C 20222
C 20225 - COMSHARE "COMMANDER II"
C 20246
C 20247 - GSD TIMESHARING
C 20270 - GSD TIMESHARING
C 202124- GENERAL MOTORS WARREN
C 202133
C 202138- (TYPE .HELP *)
C 202139- (TYPE .HELP *)
C 202140- (TYPE .HELP *)
C 202143
C 202144- (TYPE .HELP *)
C 202148
C 202149
C 202175 - HONEYWELL
C 202222 - GM PARTS
C 202229 - PRIMENET
C 20321 - WYLBUR
C 21221 - PRIMENET
C 21224 - PRIMENET
C 21225 - INTERACTIVE MARKET SYSTEMS
C 21226 - INTERACTIVE MARKET SYSTEMS
C 21228 - BURROUGHS NYC DATA CENTER
C 21229 - LANDART SYSTEMS
C 21231 - E.F.HUTTON
C 21233 - UNIVAC 1100
C 21247
C 21248
C 21252
C 21253 - VM/370 ONLINE
C 21256 - CITIBANK CASH MANAGER
C 21264 - CITICASH MANAGER INTERNATIONAL
C 21265 - CITICASH MANAGER INTERNATIONAL
C 21269
C 21281 - BANKERS TRUST CUSTOMER SERVICE
C 21284 - DATAMOR TIME SHARING
C 21288 - S-K WDC SYSTEM 1/ONLINE
C 212136 - (TYPE NEW/TSC)
C 212141
C 212142
C 212151 - CITICASH MANAGER INTERNATIONAL
C 212152
C 21255 - PRIMENET
C 21256 - PRIMENET
C 212160 - TELSTAT SIGMA 6
C 212167 - RSTS V.7.0-07
C 212168 - RSTS V.7.0-07
C 212171
C 212172
C 21284 - DATAMOR TIME SHARING
C 21325 - PRIMENET
C 21335 - MARKETRON RESEARCH AND SALES
C 21336 - MARKETRON RESEARCH AND SALES
C 21341
C 21360
C 21365
C 21366
C 213170 - DIALOG
C 21370 - XCC-WEST SYSTEM X2
C 21371 - XCC-WEST SYSTEM X3
C 21372 - XCC-WEST SYSTEM X3
C 21373 - XCC-WEST SYSTEM X1
C 21375 - XCC-WEST SYSTEM X2
C 21379 - INTERACTIVE SYSTEM/ONE
C 21384
C 21385
C 21386 - IAS PROGRAM DEVELOPMENT SYSTEM
C 21388
C 213105
C 21520 - TPF&C ONLINE
C 21534 - PRIMENET
C 21538
C 21722
C 21725
C 21726 - U OF I COMPUTING SERVICES
C 30121 - NASA RECON
C 30124 - SOURCE SYSTEM 10
C 30126 - DISTRIBUTIVE NETWORK
C 30128 - SOURCE SYSTEM 13
C 30134 - INTERACTIVE(GAITHERSBURG)
C 30135
C 30136
C 30138 - SOURCE SYSTEM 11
C 30147 - SOURCE SYSTEM 12
C 30148 - SOURCE SYSTEM 15
C 30149 - SOURCE SYSTEM 14
C 30320 - COMPUTER SHARING SERVICES
C 30330 - COMPUTER SHARING SERVICES
C 30335
C 30337 - PRIMENET
C 30339 - PRIMENET
C 30340 - PRIMENET
C 303125
C 30520
C 30522
C 30531
C 30532 - C.S.I. TIMESHARING SERVICE
C 30523 - C.S.I. TIMESHARING SERVICE
C 31231 - C.I.C. TIMESHARING
C 31232
C 31235
C 31236
C 31240
C 31247
C 31248
C 31249
C 31250
C 31254
C 31279
C 31289
C 312124
C 312127
C 31325
C 31327
C 31340 - ADP NETWORK
C 31341 - ADP NETWORK
C 31345 - PRIMENET
C 31359 - GENERAL MOTORS WARREN
C 31360 - GENERAL MOTORS WARREN
C 31361 - GM PARTS
C 31363 - VM/370 ONLINE
C 31370 - GM DECSYSTEM-20 TIMESHARING
C 31422
C 31423
C 31424 - MCAUTO VM/370 ONLINE
C 31425 - MCAUTO VM/370 ONLINE
C 31426
C 31432
C 31435 - PRIMENET
C 31444
C 31726 - RSTS V06C-04
C 40420
C 40434
C 40822
C 41520 - DIALOG
C 41527 - STANFORD IBM-3033A
C 41548 - DIALOG
C 41556
C 41560
C 41561
C 41562
C 41567
C 41580 - HARPER GROUP INFORMATION NETWORK
C 41587 - BUSSIPLEXER
C 51632
C 51633
C 51634
C 51638
C 51646
C 51647 - VM/370 ONLINE
C 51729
C 60320 - DARTMOUTH COLLEGE COMPUTING
C 60322
C 60324
C 60328
C 60331
C 60720
C 60942
C 60945
C 61114
C 61115
C 61118
C 61120
C 61221
C 61724
C 61735 - (TYPE D FOR SYSTEM) APPLIED LOGIC NETWORK CONTROL
C 61748 - PRIMENET
C 61750 - PRIMENET
C 61760 - (TYPE D FOR SYSTEM) APPLIED LOGIC NETWORK CONTROL
C 61766 - PRIMENET
C 61767 - PRIMENET
C 61770 - NDC-SYSTEM#
C 61774
C 61776 - NDC-SYSTEM#
C 61777 - NDC-SYSTEM#
C 61778 - PRIMENET
C 617120
C 617121
C 617124
C 617125
C 617127
C 617133
C 617135 - VM/370 ONLINE
C 61737 - VM/370 ONLINE
C 617138 - MASSACHUSETTS INSTITUE OF
C 617139 - MASSACHUSETTS INSTITUE OF
C 617140 - VM/370 ONLINE
C 617151
C 617152
C 617159
C 61763
C 61769 - (TYPE D FOR SYSTEM) APPLIED LOGIC NETWORK
C 61770 - BPL-INFORONICS
C 617171 - INTERACT LINE
C 617177 - ERT ENVIRONET
C 617178
C 617179 - ERT ENVIRONET
C 61780 - (TYPE HELP)
C 71424 - GLOBAL DATA TIMESHARING
C 71431 - (TYPE HELP)
C 71620 - UNION CARBIDE
C 80331
C 80423 - CONTROL DATA INTERCOM
C 80424 - CONTROL DATA INTERCOM
C 80426 - BABCOCK AND WILCOX
C 81623
C 81625 - UNINET
C 81626 - UNINET
C 90995D - TELENET NEWS SERVICE
C 91930
C 91931
C 91933 C 91934




Hope you liked the post,Pass the comments

Read more

by Malik korrich ~ lundi 1 mars 2010 0 commentaires

Learn How to hack

How to hack. It’s a very often asked question with around 1,000,000 Google searches each month. I know that anyone that runs a hacking related website get’s asked this question daily. The same questions get asked from me again and again eg.My girl friend is cheating me i need her password? or Some one is really abusing me i need her password?
Most of us are very curious to learn Hacking and want to become a Hacker, but don’t know where to start. If you are in the same situation this is right place for you.


I am very happy to tell you that my book "A Beginners guide to Ethical Hacking" has just launched.I have been working on this book for past few months.I have dedicated this book completely to beginners who want to become hackers.

 

How will the information in the book affect me?

• You will learn All Ethical hacking techniques and also you will learn to apply them in real world situation
• You will start to think like hackers
• Secure your computer from trojans,worms, Adwares etc
• Amaze your friends with your newly learned tricks
• You will be able to protect your self from future hack attacks

And Much more...

Reality about Password Hacking softwares


You might have heard about some paid password hacking softwares which claim to hack a password on entering the email account.But in reality all those softwares are fake.If you believe what they say then you are just wasting your time and money.These all softwares are fake.If there exists such a software, will there be any security on web. And all expert engineers at Google, Yahoo and other services are not mad. They are all engaged in ensuring security of their customers ie email account owners. So, no such software exists.
So stop wasting your time and money on these foolish softwares and services and learn real Ethical Hacking methods which hackers use to access email accounts.

For Download Link visit the following site

Ethical Hacking Book

Read more

by Malik korrich ~ lundi 21 décembre 2009 0 commentaires

Hack Facebook, hotmail and yahoo account

I get numerous email from readers asking me to tell them the easiest way to hack Facebook,hotmail and yahoo account,Many of these people claim that they have lost their passwords because they have been hacked and now need to get their password back.so today i have decided to compose a post explaining the ways to hack yahoo,aol and hotmail account

Phishing:
This is one of the most popular way to hack Facebook,hotmail and yahoo account,In this method the hacker creates a fake page which exactly resembles to the original page,when the victim enters his email address or password it is saved in a txt file.

I have also posted a way to Create a fake login page for any site,just check it out



Keylogging:

A keylogger, sometimes called a keystroke logger, keylogger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard. Keylogger is the easiest way to hack a Facebook,hotmail and yahoo account if you have physical access to victim’s computer. 


Post related to keylogging:


1.Keyloger to hack passwords
2.Hack an account using keylogger
3.Hack gmail account using keylogger
4.How to install a keylogger remotely
5.How to bypass keylogger antivirus detection




IMPERSONATION

It is possible to impersonate a program on a computer by launching windows that look like something else. For instance, let's say you login to the MSN® service and visit a website (in this case a hostile website.) It would be possible for this website to pop-up some windows that look like something else. They could look almost identical to windows that an inexperienced user might expect from his local computer. The user could be fooled into submitting information to the hostile website. For instance, consider the effect of seeing the following window:




SNIFFING:

If two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others' packets as they sign-on. The traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or "played-back." This is not a simple attack to execute, but is possible if two people are close to one another and share a hub. Again, this is likely to be illegal and we do not condone this activity.

BRUTE-FORCE ATTACK:

Many people want to find software to perform a brute-force attack. This is really impractical. It would take hundreds of thousands of years to attempt any kind of reasonable brute-force attack on Facebook,hotmail and yahoo accounts and this would expand exponentially if the password is longer than the minimum length. Using multiple computers or multiple sessions could reduce this to merely thousands of years. This is highly illegal since these services own the servers on which an account is hosted. Even if you are hacking your own account, you don't own the servers and the service is going to monitor and log this activity. It is extremely unlikely that you could recover a password in this way, but it is extremely likely that you'd be arrested and prosecuted for doing this.

SOCIAL ENGINEERING:

Social engineering is the name given to the art of attacking the person, rather than the computer or system. The basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. For instance, I might call someone and say I was from AOL and that I was finally getting around to responding to their technical support question. I would then ask you to describe the problem that you are having and tell you that we have a solution. However, I just need to verify the account. Can you give me the username and password again? A surprising number of people would fall for this obvious scam. There is no limit as to how elaborate this can be. The more information that is given by the caller, the more realistic or believable the call is. Again, never give your password to anyone. No legitimate customer service representative will ask for this information.

These are the basic methods that we are aware of for hacking any Facebook,hotmail and yahoo account or any other dial-up or on-line password

Read more

by Malik korrich ~ samedi 7 novembre 2009 0 commentaires

How to become a professional hacker

This Post has been moved to the following post - 100 Ways To Become A Better Hacker.

Read more

by Malik korrich ~ mercredi 21 octobre 2009 0 commentaires

What is a keylogger - Keylogger explained

Today, with the advent of a program called Keylogger it’s just a cakewalk to hack an account. It doesn’t matter whether or not you have physical access to the victim’s computer. Using a keylogger is the easiest way to hack an account. Any one with a basic knowledge of computer can use the keylogger and within few hours you can hack any account.

What is a keylogger?

A keylogger, sometimes called a keystroke logger, keylogger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard. Keylogger is the easiest way to hack an account if you have physical access to victim’s computer.


A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password

NOTE:-YOU NEED TO HAVE ACCESS TO THE VICTIM'S COMPUTER TO DO THIS:


If you have physical access to the computer of the user that you are targeting, because it is a lot easier if you do. One option you have, that you will hear a lot if you ask this question, and anybody bothers to answer is to use a keylogger. A keylogger is an excellent option, and probably the easiest. There are a lot of keyloggers out there, ranging from hardware keyloggers, to software keyloggers. For this task, you won't need to buy a hardware keylogger, since the only advantage to a hardware one is that you can grab passwords that are given to access a certain local user on the operating system used. There are a lot of software keyloggers out there, and you can feel free to check out www.google.com to look at your options. I will go ahead and toss a couple of keyloggers out to try for those of you who seem allergic to search engines.


Once you have whatever keylogger you are going to use downloaded, just install it onto the computer you are wanting to monitor, and wait till next time they login to their email account. You will then have the password for the account. Another option you have if they use Outlook to access their email account, is to copy the *.dbx files for their Outlook account onto a floppy, and extract the emails at home (the dbx file stores the files stored in each Outlook folder on a given account, meaning the received and sent emails). When you are on the computer of the user you are targeting, look in

C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\ and copy all the .dbx files onto a floppy. Then when you take the .dbx files back to your house, use DBXtract to extract the messages from these files. 

Which are the best keylogger now a days?

I have made a detailed post on this topic in my post Which spyware keylogger software to choose,You must prefer reading it

RAT:(Remote administration tool)

Another option you have if you have physical access is to execute a RAT (Remote Administration Tool, you may know these programs as trojans) server on the computer. Of course, you do not have to have physical access to go this route, but it helps. What you must understand is that these tools are known threats, and the popular ones are quickly detected by antivirus software, and thusly taken care of. Even ISPs block incoming/outgoing traffic from the most popular ports used by these programs.

Read more

by Malik korrich ~ jeudi 19 mars 2009 0 commentaires