So as you can see we got the email & the password :
Email: gonza.la22@gmail.com
Password: e10adc3949ba59abbe56e057f20f883e
Another Demo : http://www.salondaddy.com/profile.php?ID=85
So when i try the same method with my profile for example : http://www.poringapic.com/profile.php?id=mauritanie.forever
It says "Invalid profile link followed!" loool because i didn't clicked on the Like Button so an advice becareful don't like external pages on websites they are
backdoored with a javascript malware that can sniff all your informations
So for example the ID "profile.php" is infected with "Code Disclosure Path" as you can see most of websites nowadays they use plugins of facebook on their websites
especially applications , so the facebook user must allow permission to access to the application and most of the plugins are infected !_!
So if you see that a website has the Like Plugin or use a facebook app you can surely get the passwords of the users no doubt , just use your brain !
Another Example : http://www.rosexconect.net/profile.php?ID=15370&shPhotosMode=top
Check this : [NickName] => orso44 ===========>>> add this to www.facebook.com
Hi guys this is King_Haxor new Author of this blog.
to day i bring a tricky thing for you guys .Hope you will enjoy ,So lets go
trick Started:
Trick Name:DNS Snoofing
DNS Snoofing is very ticky method to hack a victum if your victum is little smart .
if he is very over smart you can try Direct Phishing etc, But Snoofing is little different
In DNS Snoofing we redirect the victum to the other site.
For Example victum want to open facebook.com and i want that victum open my phishing page
for this i will redirect facebook.com to myphishingpage.my3gb.com (etc).
For this we will nead Cain and Abel
and open it, go to configure and select your adapter.
Select Sniffer option and then select the start/stop sniffer option from the toolbar.Right click in the white area and then click on scan MAC addreses.
After
scanning click on the APR option in the left bottom corner. Then click
on the + sign in the top and select the computers you want to mess with.
After
that select APR-DNS and again click on + sign to add websites. (Now
here i have entered www.facebook.com), then click on resolve and type
the website name that you want to open up instead of www.facebook.com.
(i have given www.myspace.com)
Now click on the start/stop option.
Now
wait for a minute and see what happens to the victim. (In my case when
the victim will open www.facebook.com he will be redirected to
www.myspace.com). You can use any websites of your choice. Hope You Like The Tutorial
guys this time as i mentioned earlier i was quite busy from a long time so i was unable to post some good content now i decided to provide some good downloadable content and in the serice of which i am sharing some email hacking scripts as i had posted few months ago that how we can use these php scripts for hacking purpose so use them but only for educational purpose
Like Nate Anderson's foray into password cracking, radix was able to crack 4,900 of the passwords, nearly 30 percent of the haul, solely by using the RockYou list. He then took the same list, cut the last four characters off each of the words, and appended every possible four-digit number to the end. Hashcat told him it would take two hours to complete, which was longer than he wanted to spend. Even after terminating the run two after 20 minutes, he had cracked 2,136 more passcodes. radix then tried brute-forcing all numbers, starting with a single digit, then two digits, then three digits, and so on (259 additional plains recovered).
He seemed to choose techniques for his additional runs almost at random. But in reality, it was a combination of experience, intuition, and possibly a little luck.
"It's all about analysis, gut feelings, and maybe a little magic," he said. "Identify a pattern, run a mask, put recovered passes in a new dict, run again with rules, identify a new pattern, etc. If you know the source of the hashes, you scrape the company website to make a list of words that pertain to that specific field of business and then manipulate it until you are happy with your results."
He then ran the 7,295 plains he recovered so far through PACK, short for the Password Analysis and Cracking Toolkit (developed by password expert Peter Kacherginsky), and noticed some distinct patterns. A third of them contained eight characters, 19 percent contained nine characters, and 16 percent contained six characters. PACK also reported that 69 percent of the plains were "stringdigit" meaning a string of letters or symbols that ended with numbers. He also noticed that 62 percent of the recovered passwords were classified as "loweralphanum," meaning they consisted solely of lower-case letters and numbers.
This information gave him fodder for his next series of attacks. In run 4, he ran a mask attack. This is similar to the hybrid attack mentioned earlier, and it brings much of the benefit of a brute-force attack while drastically reducing the time it takes to run it. The first one tried all possible combinations of lower-case letters and numbers, from one to six characters long (341 more plains recovered). The next step would have been to try all combinations of lower-case letters and numbers with a length of eight. But that would have required more time than radix was willing to spend. He then considered trying all passwords with a length of eight that contained only lower-case letters. Because the attack excludes upper case letters, the search space was manageable, 268 instead of 528. With radix's machine, that was the difference between spending one hour and six hours respectively. The lower threshold was still more time than he wanted to spend, so he skipped that step too.
So radix then shifted his strategy and used some of the rule sets built into Hashcat. One of them allows Hashcat to try a random combination of 5,120 rules, which can be anything from swapping each "e" with a "3," pulling the first character off each word, or adding a digit between each character. In just 38 seconds the technique recovered 1,940 more passwords.
"That's the thrill of it," he said. "It's kind of like hunting, but you're not killing animals. You're killing hashes. It's like the ultimate hide and seek." Then acknowledging the dark side of password cracking, he added: "If you're on the slightly less moral side of it, it has huge implications."
Steube also cracked the list of leaked hashes with aplomb. While the total number of words in his custom dictionaries is much larger, he prefers to work with a "dict" of just 111 million words and pull out the additional ammunition only when a specific job calls for it. The words are ordered from most to least commonly used. That way, a particular run will crack the majority of the hashes early on and then slowly taper off. "I wanted it to behave like that so I can stop when things get slower," he explained.
Early in the process, Steube couldn't help remarking when he noticed one of the plains he had recovered was "momof3g8kids."
"This was some logic that the user had," Steube observed. "But we didn't know about the logic. By doing hybrid attacks, I'm getting new ideas about how people build new [password] patterns. This is why I'm always watching outputs."
The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict.
"The combinator attack got it! It's cool," he said. Then referring to the oft-cited xkcd comic, he added: "This is an answer to the batteryhorsestaple thing."
What was remarkable about all three cracking sessions were the types of plains that got revealed. They included passcodes such as "k1araj0hns0n," "Sh1a-labe0uf," "Apr!l221973," "Qbesancon321," "DG091101%," "@Yourmom69," "ilovetofunot," "windermere2313," "tmdmmj17," and "BandGeek2014." Also included in the list: "all of the lights" (yes, spaces are allowed on many sites), "i hate hackers," "allineedislove," "ilovemySister31," "iloveyousomuch," "Philippians4:13," "Philippians4:6-7," and "qeadzcwrsfxv1331." "gonefishing1125" was another password Steube saw appear on his computer screen. Seconds after it was cracked, he noted, "You won't ever find it using brute force."
The ease these three crackers had converting hashes into their underlying plaintext contrasts sharply with the assurances many websites issue when their password databases are breached. Last month, when daily coupons site LivingSocial disclosed a hack that exposed names, addresses, and password hashes for 50 million users, company executives downplayed the risk.
"Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one," CEO Tim O'Shaughnessy told customers.
In fact, there's almost nothing preventing crackers from deciphering the hashes. LivingSocial used the SHA1 algorithm, which as mentioned earlier is woefully inadequate for password hashing. He also mentioned that the hashes had been "salted," meaning a unique set of bits had been added to each users' plaintext password before it was hashed. It turns out that this measure did little to mitigate the potential threat. That's because salt is largely a protection against rainbow tables and other types of precomputed attacks, which almost no one ever uses in real-world cracks. The file sizes involved in rainbow attacks are so unwieldy that they fell out of vogue once GPU-based cracking became viable. (LivingSocial later said it's in the process of transitioning to the much more secure bcrypt function.)
Officials with Reputation.com, a service that helps people and companies manage negative search results, borrowed liberally from the same script when disclosing their own password breach a few days later. "Although it was highly unlikely that these passwords could ever be decrypted, we immediately changed the password of every user to prevent any possible unauthorized account access," a company e-mail told customers.
Both companies should have said that, with the hashes exposed, users should presume their passwords are already known to the attackers. After all, cracks against consumer websites typically recover 60 percent to 90 percent of passcodes. Company officials also should have warned customers who used the same password on other sites to change them immediately.
To be fair, since both sites salted their hashes, the cracking process would have taken longer to complete against large numbers of hashes. But salting does nothing to slow down the cracking of a single hash and does little to slow down attacks on small numbers of hashes. This means that certain targeted individuals who used the hacked sites—for example, bank executives, celebrities, or other people of particular interest to the attackers—weren't protected at all by salting.
The prowess of these three crackers also underscores the need for end users to come up with better password hygiene. Many Fortune 500 companies tightly control the types of passwords employees are allowed to use to access e-mail and company networks, and they go a long way to dampen crackers' success.
"On the corporate side, its so different," radix said. "When I'm doing a password audit for a firm to make sure password policies are properly enforced, it's madness. You could go three days finding absolutely nothing."
Websites could go a long way to protect their customers if they enforced similar policies. In the coming days, Ars will publish a detailed primer on passwords managers. It will show how to use them to generate long, random passcodes that are unique to each site. Because these types of passwords can only be cracked by brute force, they are the hardest to recover. In the meantime, readers should take pains to make sure their passwords are a minimum of 11 characters, contain upper- and lower-case letters, numbers, and letters, and aren't part of a pattern.
The ease these crackers had in recovering as many as 90 percent of the hashes they targeted from a real-world breach also exposes the inability many services experience when trying to measure the relative strength or weakness of various passwords. A recently launched site from chipmaker Intel asks users "How strong is your password?," and it estimated it would take six years to crack the passcode "BandGeek2014". That estimate is laughable given that it was one of the first ones to fall at the hands of all three real-world crackers.
As Ars explained recently, the problem with password strength meters found on many websites is they use the total number of combinations required in a brute-force crack to gauge a password's strength. What the meters fail to account for is that the patterns people employ to make their passwords memorable frequently lead to passcodes that are highly susceptible to much more efficient types of attacks.
"You can see here that we have cracked 82 percent [of the passwords] in one hour," Steube said. "That means we have 13,000 humans who did not choose a good password." When academics and some websites gauge susceptibility to cracking, "they always assume the best possible passwords, when it's exactly the opposite. They choose the worst."
Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers have , I have written a couple of post related to facebook hacking here. I mentioned the top methods which were used by hackers to hack facebook accounts, however lots of things have changed in 2013, Lots of methods have went outdated or have been patched up by facebook and lots of new methods have been introduced, So in this post I will write the top 10 methods how hackers can hack facebook accounts. 10 Ways How Hackers Can Hack Facebook Accounts
So here are the top 10 methods which have been the most popular in Everytime : 1. Facebook Phishing Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.
2. Keylogging Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will recordevery thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.
Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software's specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful. 4. Session Hijacking Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan's.
5. Sidejacking With Firesheep Sidejacking attack went common in late 2010, however it's still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards wifi users. 6. Mobile Phone Hacking Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.
7. DNS Spoofing If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.
8. USB Hacking If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser.
9. Man In the Middle Attacks If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article, 10. Botnets Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus. Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.
To Create a fake page for any website is known as Phishing Attack. It can be for various websites e.g Facebook, Twitter,Gmail, Yahoo, Hotmail etc. I have received many emails regarding fake/phisher page so this post is to clear doubts andproblems regarding Fake Page For Any Website. This is for educational purpose we are not responsible for any illegal activity.
How to hack Gmail password:
.
Step 1:
Open Gmail.com
Right click in an empty space on Page and Click view page source.
Copy all Content to Notepad & save it as Gmail.html
.
Step 2:
Open Gmail.html with Notepad.
Press (Ctrl + f ) to Search “action=”https “
.
Step 3:
Replace this Syntax https://accounts.google.com/ServiceLoginAuthto login.php
Likewise change Method = “Post” to “GET” and Finally Save it.
.
After Replacements It will Look like this.
.
.
Step 4:
As we Have to create login.php, So
Open New Notepad & Copy Paste this following Code and Save it as login.php
SniperSpyis the industry leading Remote password hacking softwarecombined with the Remote Install and Remote Viewing feature.
Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s! This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access! Do you want to Spy on a Remote PC? Expose the truth behind the lies! Unlike the rest, SniperSpy allows you to remotely spy any PC like a television! Watch what happens on the screen LIVE! The only remote PC spy software with a SECURE control panel! This Remote PC Spy software also saves screenshots along with text logs of chats, websites, keystrokes in any language and more. Remotely view everything your child, employee or anyone does while they use your distant PC. Includes LIVE admin and control commands!
SniperSpy Features: 1. SniperSpy is remotely-deployable spy software 2. Invisibility Stealth Mode Option. Works in complete stealth mode. Undetectable! 3. Logs All Keystrokes
4. Records any Password (Email, Login, Instant Messenger etc.)
5. Remote Monitor Entire IM Conversations so that you can spy on IM activities too 6. Captures a full-size jpg picture of the active window however often you wish 7. Real Time Screen Viewer 8. Remotely reboot or shutdown the PC or choose to logoff the current Windows user 9. Completely Bypasses any Firewall
What if i dont have physical acess to victims computer?
No physical access to your remote PC is needed to install the spy software. Once installed you can view the screen LIVE and browse the file system from anywhere anytime. You can also view chats, websites, keystrokes in any language and more, with screenshots.
This software remotely installs to your computer through email. Unlike the other remote spy titles on the market, SniperSpy is fully and completely compatible with any firewall including Windows XP, Windows Vista and add-on firewalls.
The program then records user activities and sends the data to your online account. You login to your account SECURELY to view logs using your own password-protected login. You can access the LIVE control panel within your secure online account.
Why would I need SniperSpy?
Do you suspect that your child or employee is inappropriately using your unreachable computer? If yes, then this software is ideal for you. If you can't get to your computer and are worried about the Internet safety or habits of those using it, then you NEED SniperSpy.
This high-tech spy software will allow you to see exactly what your teenager is doing in MySpace and elsewhere in real time. It will also allow you to monitor any employee who uses the company computer(s).
E-mail Spoofing is very Easy, But Spoofing E-mail without making it spam is really very hard It was being a small challenge for me !! But nowadays PHP is one of the best way to spoof E-mails without making it spam, So I just found a new way How to Spoof E-mails 100 % undetectable by any Spam detector.............So let's start now
What is E-mail Spoofing ? E-mail Spoofing is a fake connection of mails that can be Spoofed to mail fake Mails for eg. An ATTACKER can send mails to any E-mail ID without Logging to victim's ID or the Spoofer ID, & an attacker can STEAL victim's Personal data or information
Here is one example How can an Attacker send you mails with any E-mail ID, without making it's Spam
Let's take 3 E-mail ID for Test
Now Suppose if u wanna send mail to Kevin from Mac ID so you can use many types of FAKE MAIL SENDER OR ANONYMOUS E-MAIL SENDER, But all this services is spam, So i just created a PHP file that can send any mail to any E-mail ID without logging to any a/c, NOTE This service is not detected Spam yet ... So if you wanna send mails from Mac E-mail ID to your victim's E-mail ID, without logging in to Mac ID, & 100 % FUD (Fully Undectable) by spam detector it is called as a E-mail Spoofing 100 % FUD
You can send mails to Kevin, from Mac & the main thing is if suppose victim's replies to your mail ?? so in whom E-mail ID it goes, It goes in Attacker E-mail ID I mean viv_7@yahoo.com................ So to do Spoofing Attack Go on my PHP page & friends do not Explode this trick much !! This is my PHP Page to Spoof E-mail's without making it Spam
E-mail Spoofing Chart
How To Do ? First of all go to my Unknown E-mail Spoofer it is free, but you have to wait for 5 seconds to skip Ads CLICK HERE TO GO ON SPOOFING PAGE
You can also make your own Spoofing server by uploading the PHP file if you want PHP file and Script then mail me on this viv_7@ymail.com. & host it on free web hosting sites ;). Step 1
STEP 2
NOTE THIS IS FOR EDUCATIONAL PURPOSE ONLY !! I M NOT RESPONSIBLE FOR ANY SPOOFING DID BY ANY READERS !!
.jpg)
.jpg)