Sniffing Tutorial

Hi, Today I am posting a tutorial on Sniffing which can be done using “BACKTRACK” . You can download Backtrack from here.

I prefer using Backtrack 3.0 Final version.

Well lets start with sniffing. If you don’t know what sniffing is, then click here.

Tools you need are:

Ettercap

nano

1. For SSL Dissection support (hotmail,gmail), you need to do this:

Open a shell, type: “nano /usr/local/etc/etter.conf”, use the down arrow until you reach “redir_command_on/off”, look at the linux part, your gonna need to uncomment:

Code:

# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

to:

Code:

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

after your done, press F2, Y, Return.

Now boot Ettercap: Menu –> Backtrack –> Spoofing –> Ettercap

Go to: Sniff –> Unified Sniffing –>ethX(what interface you want to sniff).

Then Press: Ctrl+S to scan hosts.

Then Go to: Mitm –> ARP poisoning, select sniff remote connections, and press ok.

Then Go to: Start –> Start Sniffing.

For an Example, Walk to another pc, go to your internet email account (Hotmail, Gmail), and log in, you will be asked to trust the certificate, Trust it, and watch your sniffing computer, the username and password should appear.

When your done, go to Start –> Stop Sniffing, And go to Mitm –> Stop mitm attack(s)

Read More

Download Free Softwares, Games, Movies and lot of Hacking Stuff from 50+ FTP Sites

Internet definitely has several unheard places also known as underground websites, few of these website offer users 100s and 1000s of softwares, games, movies and lot of Hacking Stuff for downloads. Though these sites are pretty tough to find, I was able to unearth more than 50+ FTP sites that allow users to download softwares, games, movies and lot of Hacking tools for free.

Here is a list of 50+ FTP sites that will allow you download content for free. Don’t forget to share and bookmark this page so that everyone can take advantage of it.

1. ftp://ftp.freenet.de/pub/filepilot/

2. ftp://193.43.36.131/Radio/MP3/

3. ftp://195.216.160.175/

4. ftp://207.71.8.54:21/games/

5. ftp://194.44.214.3/pub/music/

6. ftp://202.118.66.15/pub/books

7. ftp://129.241.210.42/pub/games/

8. ftp://clubmusic:clubmusic@217.172.16.3:8778/

9. ftp://212.174.160.21/games

10. ftp://ftp.uar.net/pub/e-books/

11. ftp://129.241.210.42/pub/games/

12. ftp://193.231.238.4/pub/

13. ftp://207.71.8.54/games/

14. ftp://194.187.207.98/video/

15. ftp://194.187.207.98/music/

16. ftp://194.187.207.98/soft/

17. ftp://194.187.207.98/games/

18. ftp://ftp.uglan.ck.ua/

19. ftp://159.153.197.74/pub

20. ftp://leech:l33ch@61.145.123.141:5632/

21. ftp://psy:psy@ftp.cybersky.ru

22. ftp://130.89.175.1/pub/games/

23. ftp://194.44.214.3/pub/

24. ftp://195.116.114.144:21/

25. ftp://64.17.191.56:21/

26. ftp://80.255.128.148:21/pub/

27. ftp://83.149.236.35:21/packages/

28. ftp://129.241.56.118/

29. ftp://81.198.60.10:21/

30. ftp://128.10.252.10/pub/

31. ftp://129.241.210.42/pub/

32. ftp://137.189.4.14/pub

33. ftp://139.174.2.36/pub/

34. ftp://147.178.1.101/

35. ftp://156.17.62.99/

36. ftp://159.153.197.74/pub/

37. ftp://193.140.54.18/pub/

38. ftp://192.67.63.35/

39. ftp://166.70.161.34/

40. ftp://195.161.112.15/musik/

41. ftp://195.161.112.15/

42. ftp://195.131.10.164/software

43. ftp://195.146.65.20/pub/win/

44. ftp://199.166.210.164/

45. ftp://195.46.96.194/pub/

46. ftp://61.136.76.236/

47. ftp://61.154.14.248/

48. ftp://62.210.158.81/

49. ftp://62.232.57.61/

50. ftp://212.122.1.85/pub/software/

51. ftp://193.125.152.110/pub/.1/misc/sounds/mp3/murray/

Read More

Top 10 Facebook Hacks

Facebook has become very famous in last 1 year. Orkut which was considered to be the best Social networking website has been sidetracked by emerging Social Networking Websites like Facebook and Twitter. Considering the popularity of Facebook we have collected the Most Essential Hacks of Facebook and presented them to you.

1.How to View the Album of Any User Even if it is Private

You can use this script to view a photo in the original album, even if you’re not friends with the person.

Get it Here

2. How to Remove Annoying Facebook Advertisement

Get rid of some of the Facebook advertising and sponsored by sections with this tool.

Get it Here

3. How to see Real Profiles from Public Pages

This script redirects to real profiles from the Facebook people pages (public profiles). There is a risk of an infinite redirect loop if not logged in, so be logged in.

Get it Here

4. How to Undo Facebook Changes

If you hate some or all of the new Facebook changes, undo them with these scripts and use what you liked previously.

Get it Here

5. How to View All the Photos from a Person

You can search for pictures of a Facebook member who has tight privacy settings and view all his/ her pictures without his/ her consent.

Get it Here

6. How to Find More Friends at Facebook

Suppose some of your friends have newly joined Facebook and you didn’t even knew. Use this script and it will help you go through your friends’ friends list and find them out.

Get it Here

7. How to Share Files from Facebook

With this box widget, you can share files from your computer through Facebook. Isn’t it great?

Get it Here

8. How to Get a Job from Facebook

Looking for a job? This application gives Facebook users unique access to job information, networking opportunities and other career resources.

Get it Here

9. How to Tighten up the Privacy and still Maintain Communication Convenience

The Private Wall combines the best of both worlds of Facebook: online convenience and communication with more serious privacy settings.

Get it Here

10 How to Cheat Facebook Texas Hold em Poker

This is one of my Favorite hacks and that is why I have saved it for the last one. Using this software you can see the cards of any player and the advanced version of this software allows you to even add credits to your account for free.

Get it Here

Read More

Reveal hidden passwords under asterisks for free

College labs, Cyber cafes are a good source of saved passwords. People either save their passwords unknowingly sometimes as the “Remember my password” is checked by default or when the settings of the browser are set to saving the password automatically.

Accessing their email accounts, social networking profiles etc becomes easier but most of the times its difficult to change or know those passwords as they are under asterisks and changing the password required you to enter the old password.

This is where Asterisk Key comes in handy. Its a free software which shows you the password behind asterisks in the ACTIVE INTERNET EXPLORER window. It however, doesn’t work in firefox or chrome but only Internet Explorer.

Download Asterisk Key (454KB)

Stay tuned as I’ll post on how to use Asterisk Key and retrieve MTNL broadband internet password of any user.

Read More

Phishing Tutorial: Explained stepwise

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake.

Read more for the Phishing Tutorial

Now i am going to explain you “How to do phishing?”

Steps are indicated as follows:-

Step 1- Firstly you must signup for a free web hosting service like:

www.freehostia.com

www.ripway.com etc….. and register a domain or subdomain.

After getting your signup done, you have your own subdomain like for instance you registered with freehostia, then your domain is like “www.yourname.freehostia.com”

Step 2- Now Login to your freehostia account and go to “File Manager” in the freehostia control panel.

Step 3- Now what you have to do is, go to your domain folder like “yourname.freehostia.com” and create a separate folder in that directory with the name of the site, for eg. yahoo , if you want to phish a yahoomail account!

Step 4- Click here to Download the compressed file and extract it to your desktop:

and then open your “yahoomail” folder. You’ll find two files there viz. “bhanu.php” & “index.htm” [ Each phisher folder contains same files]

Step 5- Now upload “bhanu.php” & “index.htm” to the “yahoo” folder you created inside “yourname.freehostia.com”

So when you’re done with the uploading part, the link to your yahoo phisher is “www.yourname.freehostia.com/yahoo/index.htm”.

Step 6- Congrats!! That is your Yahoomail phisher!! Now all you have to do is copy the link to the phisher file i.e.”www.yourname.freehostia.com/yahoo/index.htm” and send it to the victim you want to hack! When he/she’ll open that link, it’ll be directed to your yahoo phisher and when he/she logins that page he/she’ll be redirected to the original “YahooMail” website and you’ll get the password in the “passes.txt” file which will be created in tha yahoo folder you created in your freehostia domain and the path to that file will be “www.yourname.freehostia.com/yahoo/passes.txt” !

IMPORTANT NOTE: CHANGE YOUR FREEHOSTIA DIRECTORY PERMISSION TO “755” SO THAT NO ONE CAN ACCESS YOUR PERSONAL FILES EXCEPT THE PHISHER LOGIN PAGE!!

**FOR EDUCATIONAL PURPOSES ONLY!**

Read More

How do The Crackers Crack IM, E-Mail and other accounts?

The most frequent questions asked by many people especially in a chat room is How To Hack Yahoo Password or any other email account.So you as the reader are most likely reading this because you want to break into somebody’s email account.Here are some of the tricks that can be used to track an email password.

THINGS YOU SHOULD KNOW BEFORE PROCEEDING



There is no program that will crack the password of victim’s account.There exist many password hacking programs which claims to do this,but unfortunately people using these kind of programs will only end up in frustration.

None of these programs work since services like Hotmail, Yahoo!, etc. have it set so that it will lock you from that account after a certain number of login attempts.Another thing you must know if you ask this question in any “hacker” chat room/channel, you hear that you have to email some address and in any way you give up your password in the process, in attempt to crack others password.So DO NOT BELEIVE THIS.

TWO WAYS OF HACKING METHODS THAT YOU CAN TRY



IF YOU HAVE ACCESS TO VICTIM’S COMPUTER



If you have physical access to victim’s computer then it’s definitely possible to crack his password.This can easily be done by just installing a keylogger.

What is a keylogger? A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard.

A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password.OK we can crack passwords using a keylogger but these are the questions that arise in our mind now!

1.Where is the keylogger program available?

A keylogger program is widely available on the internet.some of them are listed below

Powered Keylogger

Advanced keylogger

Elite Keylogger

Handy Keylogger

Quick Keylogger

Oops i think the above list is enough.There exists hundreds of such keyloggers available on the net.These are software keyloggers.There are also hardware Keyloggers available which can be directly attached to computer and can be used to sniff valuable data.These programs are none other than spyware! So use it @ your own risk.

2.How to install it?



You can install these keyloggers just as any other program but these things you must keep in mind.While installing,it asks you for a secret password and a hot key to enable it.This is because after installing the keylogger program is completely hidden and the victim can no way identify it.Keylogger is hidden from control panel,Program files,Start menu,Task manager so that it becomes completely invisible but runs in background monitoring the user activities.

3.Once installed how to get password from it?



The hacker can open the keylogger program by just pressing the hot keys(which is set during installation) and enter the password.Now it shows the logs containing every keystroke of the user,where it was pressed,at what time,including screenshots of the activities.

Some keyloggers also has a built in SMTP server.So once you install the keylogger on victim’s computer you can just sit back in our place and receive the logs via email

4.Which keylogger program is the best?

According to me Elite Keylogger and Powered keylogger are the best.You can also read the features and side by side comparisions of them and select the best that suites your needs.

IF YOU DO NOT HAVE ACCESS TO VICTIM’S COMPUTER



Ofcourse the above method can only be employed if you can access victims computer.But what to do if we do not have access.In this case there exists many Remote Administration Tools commonly known as RATs available on net.Just try googling and you can get one.

OTHER WAYS OF HACKING PASSWORD

The other most commonly used trick to sniff password is using Fake Login Pages or Phishers.

This is where many people get cheated.A Fake Login page or a Phisher is a page that appears exactly as a Login page but once we enter our password there ,we end up loosing it.

Fake login pages are created by many hackers on their sites which appear exactly as Gmail or Yahoo login pages but the entered details(username & password) are redirected to remote server and we get an error “Page cannot be displayed”.Many times we ignore this but finally we loose our valuable data.

Read More

KeyLoggers: (Keystroke Loggers)

Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.
There are two types of keystroke loggers:
1. Software based and
2. Hardware based.

Read more about keyloggers….

Spy ware: Spector (http://www.spector.com/)

• Spector is a spy ware and it will record everything anyone does on the internet.


• Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.


• Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.

Hacking Tool: (Software KeyLogger) eBlaster (http://www.spector.com/)

 

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

 

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

• The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.


• It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Read More