ALL ABOUT HACKING
Today, I am writing another article/method of hacking Facebook account useful for those whose victim does not check his/her emails regularly. This time we will use the Password recovery feature of Facebook. I have given all the details of hacking Facebook account in the article below. Please move further.
Pre-requisites for hacking Facebook Account Password: Facebook has introduced a feature of using “Recovering password using Trusted Friends”. In this feature, if we have lost our Facebook account password, Facebook will send the security code to 3 friends. We have to ask those 3 friends for the security codes and after entering them, we can reset Facebook password. So, in this hack, we will use this feature for hacking Facebook account password. So, you have to create 3 fake accounts and make sure that your victim adds them as his friends. So, your 3 fake accounts must be listed in your victim’s Friends list. Now, if we use the above “Trusted friends” feature for resetting victim’s Facebook password, Facebook will send the security code to our 3 fake accounts and we can easily hack Facebook account.You can use Social engineering skills so that your victim will have no doubt while accepting your fake account as his friend. This is the only tricky part of the hack. Also, the fake accounts must be at least a week old. Once you are done with fake accounts, move to the steps below.
Hacking Facebook Account Password in 5 Steps: So, let us start with the steps for hacking Facebook account password.
1. Go to Facebook.com and hit on Forgot Password link to get this page:
2. You have to enter the email of the victim, or even the Facebook profile name will do. Facebook will search for profile name and you will be shown the account. Hit on “This is my account”
3. On the next page, hit on “No longer have access to these”.
4. You will be prompted for email address. Enter your email address here and hit on “Submit”.
Facebook will ask you ask you to answer the Security question. No worries here. Just enter the wrong answer 3 times
and you will move to this page:
5. Now comes the real hacking part. After hitting on Continue, Facebook will ask you to select the 3 Trusted Friends. Your 3 fake accounts (created previously) will be listed in the Friends list of the victim. Select those 3 Fake accounts. Facebook will send security codes to these Fake accounts (which are our accounts). Now, enter the 3 security codes. Facebook will send Password Recovery Email at your email you’ve entered in Step 4. You can easily change password of your friend’s account. Thus, you are successful in hacking Facebook account password of your friend. Note: The victim will be emailed about the password change. So, this method of hacking Facebook account is useful only for those whose victim does not check emails regularly. I hope you now well approached with this method of hacking Facebook account password. Just make sure that the victim will add your fake accounts as his friend. This is the only tricky part of this Facebook hack. If you have any problem in this method of hacking Facebook account password, please mention it in comments. Enjoy method of hacking Facebook account password…
How to Detect Anonymous IP Addresses
As the fraudsters are now becoming more sophisticated in bypassing the Geo-location controls by using proxies (Anonymous IPs) to spoof their IP address, it has become very much necessary to come up with a means for detecting the proxies so that the authenticity of the users can be verified. Using a proxy (web proxy) is the simplest and easiest way to conceal the IP address of an Internet user and maintain the online privacy. However proxies are more widely used by online fraudsters to engage in cyber crimes since it is the easiest way to hide their actual Geo-location such as city/country through a spoofed IP address. Following are some of the examples where fraudsters use the proxies to hide their actual IP. 1. Credit Card Frauds For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other high risk countries. So in order to bypass this restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears to have come from New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order. 2. Bypass Website Country Restrictions Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So a user from say China may use a proxy so as to make his IP appear to have come from U.S. so that he can earn from participating in the paid survey.
Proxy Detection Services So in order to stop such online frauds, Proxy Detection has become a critical component. Today most companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind and FraudLabs to detect the usage of proxy or spoofed IP from users participating online.
Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers. How Proxy Detection Works? Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity. The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this it is possible to tell whether or not a given IP address is a proxy or spoofed IP. How to Tell Whether a given IP is Real or a Proxy? There are a few free sites that help you determine whether or not a given IP is a proxy. You can use free services like WhatisMyIPAddress to detect proxy IPs. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see the results something as follows.
What are Private and Public IP Addresses
Internet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP addres in layman’s terms so that it becomes simple and easy to understand. What are Public IP Addresses?
A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway. A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP. You can check your public IP address by visiting www.whatismyip.com What are Private IP Addresses?
An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks): 10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216) 172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576) 192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)
Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).
Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation. If the private network is connected to the Internet (through an Internet connection via ISP) then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP. You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature. Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP address that is impossible to trace since the protocol itself is designed for transparency.
What is CAPTCHA and How it Works? CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer. In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.
Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used. What Purpose does CAPTCHA Exactly Serve?
CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.
What is the Need to Create a Test that Can Tell Computers and Humans Apart?
For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail. Who Uses CAPTCHA?
CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts. Designing a CAPTCHA System
CAPTCHAs are designed on the fact that computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns. Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer. Breaking the CAPTCHA
The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images. However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.
How to use Keyloggers – Detailed Tutorial and FAQs
Here is a DETAILED tutorial which contains every possible information that you need to know about keyloggers which includes how to use it, how it works etc. WARNING: I highly recommend that you read this post completely since every single piece of information is important. I know most of you are new to the concept of keyloggers. For some of you, this might be the first time you heard about the term “keylogger”. So to give you a clear picture and make you understand better I would like to take up this post in the form of FAQs (Frequently Asked Questions). Here we go… 1. What is a Keylogger? A keylogger (also called as spy software) is a small program that monitors each and every keystroke a user types on a specific computer’s keyboard. A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password. 2. How Keylogger works? Once the keylogger is installed on a PC, it starts operating in the background (stealth mode) and captures every keystroke of the victim on that PC. Let’s take up a small example: The victim goes to http://mail.yahoo.com and types his “username” and the “password” in the respective fields to login. The keylogger silently records these keystrokes and stores them in the logs. These logs when opened up shows the captured “username” and “password” and will also tell you that they were typed in the Yahoo login page. Thus the keylogger loads upon every startup, runs in the background and captures each and every keystroke. 3. How to install the keylogger? A keylogger can be installed just like any other program. Just follow the screen instructions and you’re done. 4. Do I need any special knowledge to install and use the keylogger? Absolutely NOT! Anyone with a basic computer knowledge can install and use the keylogger. It requires no special skills. 5. Once I install the keylogger can the victim come to know about it’s presence? No. The victim will never come to know about the presence of the keylogger on his/her computer. This is because, once installed the keylogger will run in total stealth mode. Unlike other programs it will never show up in start-menu, start-up, program files, add/remove programs and task manager. So the victim can no way identify it’s presence on his/her PC.
6. Can I be traced back if I install the keylogger on some other computer? No, it’s almost impossible to trace back to you for installing the keylogger on other’s PC. 7. Which keylogger is the best? Today there exists hundreds of keyloggers on the market and most of them are no more than a scam. So I tested some of the top keyloggers and conclude that the following is the best one.
>> SniperSpy 8. How SniperSpy works? I will try to explain the working of Sniperspy in simple steps. 1. After you purchase Sniperspy, you’ll be able to create the installation module using easy set-up program. You need to email this module to the remote user as an attachment. 2. When the remote user runs the module it’ll get installed silently and monitoring process will begin. The keystrokes are captured and uploaded to the SniperSpy servers continously. 3. You can login to your Sniperspy account (you get this after purchase) to see the logs which contains the password. 9. I don’t have physical access to the traget computer. Can I still use SniperSpy? Yes you can. SniperSpy supports REMOTE INSTALLATION feature which allows you to remotely install the program on any PC even if you have no physical access to it. For remote installation all you need to do is just place the module (refer FAQ-8) in a .zip/.rar file and send it as an attachment to the target email address (for which you need the password). 10. Can I install SniperSpy on a local computer? If you need to install to your local (current) computer instead of your remote computer, then the process is simple. Simply navigate to the folder in which you saved your module ( Refer FAQ-8). Double-click the module filename to execute it. Nothing will appear on the screen as the software is installed. 11. What if the antivirus block from sending it as an email attachment? Instead of sending the keylogger as an email attachment, it is recommended that you place the file in .ZIP/.RAR format and upload it to www.fileden.com. After uploading, just send the direct download link to the victim via email. Once he downloads the file from this link and run it, the keylogger will get installed automatically. 12. Why SniperSpy is the best? •
SniperSpy supports REMOTE INSTALLATION feature. This feature is not present on most of the keyloggers.
•
SniperSpy is fully compatible with Windows 2000/XP/Vista/7 and alsoMac.
•
SniperSpy canbypass any Firewall.
•
SniperSpy is more reliable than any other keylogger program. You need not rely on your email account to receive the logs. Instead you can just login to your online SniperSpy account to receive the logs.
•
SniperSpy captures full-size screenshots of the activities on the target PC.
•
Records BOTH sides of chats / IMs in Google Talk, Yahoo IM, Windows Live and more.
•
SniperSpy is more easy to install and requires no extra knowledge.
•
SniperSpy is recognized by BBC, CNN, CBS and other news networks. Hence it is reputed and trustworthy.
13. How safe is to use SniperSpy? Sniperspy is completely safe to use since all the customer databases remain confidential and private. SniperSpy do not collect any information from your system other than the information required for the product’s successful operation. They will not contact you in any way unless you request assistance.
How to Trace Any IP Address
In my earlier post I had discussed about how to capture the IP address of a remote computer. Once you obtain this IP address it is necessary to trace it back to it’s source. So in this post I will show you how to trace any IP address back to it’s source. In fact tracing an IP address is very simple and easy than we think. There exists many websites through which you can trace any IP address back to it’s source. One of my favorite site is ip2location.com. Just go to http://www.ip2location.com/demo.aspx and enter the IP address that you want to trace in the dialog box and click on “Find Location”‘. With just a click of a button you can find the following information for any given IP address. 1. Country in which the IP is located 2. Region 3. City 4. Latitude/Longitude 5. Zip Code 6. Time Zone 7. Name of the ISP 8. Internet Speed
9. Weather Station 10. Area Code and 11. Domain name associated with the IP address. A sample snapshot of the results from ip2location.com is given below
You can also visually trace route any IP address back to it’s location. For this just visit http://www.yougetsignal.com/tools/visual-tracert/ and enter the IP you want to trace in the dialog box and hit the “Proxy Trace” button. Wait for few seconds and the visual trace route tool displays the path Internet packets traverse to reach a specified destination.
Common Email Hacking Methods
Gone are the days when email hacking was a sophisticated art. Today any body can access hacking tips through the Internet and start hacking your yahoo or hotmail account. All that is needed is doing a search on google with keywords like “how to hack yahoo”, “hack yahoo messenger”, “hotmail hack program” etc. The following article is not an effort to teach you email hacking, but it has more to do with raising awareness on some common email hacking methods. Hackers can install keylogger programs in the victim’s computer. This program can spy on what the user types from the keyboard. If you think that you can just uninstall such programs, you are wrong as they are completely hidden. After installation, the hacker will use a password and hot keys to enable the keylogger. He can then use the hot keys and password to access your key entry details. A keylogger program is widely available on the internet.some of them are listed below Win-Spy Monitor Realtime Spy SpyAgent Stealth Spy Anywhere For more information on keyloggers and it’s usage refer my post Hacking an email account. Even if direct access to your computer is not possible, hackers can still install a key logger from a remote place and access your computer using Remote Administration Tools (RATs). Another way of getting your password is the use of fake login pages that look exactly like the real one. So, beware of the web pages you visit. Also if you find your computer behaving
oddly, there is a chance that some spy program is running. On such occasions it is better to try and remove the malware or reformat the entire hard disk.
Common Terminologies used in Internet Security
If you are a newbie in Internet security, you have come to the right place. The following is information on some common terms used in Internet security. So next time you don’t have to scratch your head when someone uses these. Firewall – is a system that acts as a barrier between your computer network and the Internet. A firewall controls the flow of information according to security policies. Hacker – can be anyone specializing in accessing computer based systems for illegal purposes or just for the fun of it. IP spoofing – is an attempt to access your system by pretending like another system. This is done by setting up a system with an IP address that you normally trust. Sniffing – is the spying on electronic transmissions to access data. This mostly occurs in privately owned LAN networks connected to the web. Trojan horse – a program pretending like useful software, while its actual strategy is to access, steal or destroy user data and access authorization. Apart from destroying information, trojans can also create a backdoor on your system for stealing confidential information. Virus – is a program that attaches itself to a program or file. This allows it to spread across networks and cause damage to software and hardware. To operate, viruses require the execution of the attached file. Worm - A worm is almost similar to a virus, except that it doesn’t need the execution of any executable file to get activated. It can also replicate itself as it travels across networks.
Port Scanning Port Scanning is one of the most popular techniques used by hackers to discover services that can be compromised. •
A potential target computer runs many ‘services’ that listen at ‘well-known’ ‘ports’.
•
By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.
•
Scan techniques can be differentiated broadly into Vanilla, Strobe, Stealth, FTP Bounce, Fragmented Packets, Sweep and UDP Scans.
Port Scanning Techniques
Port Scanning Techniques can be broadly classified into: •
Open scan
•
Half- open scan
•
Stealth scan
•
Sweeps
•
Misc
Commonly used tools for port scanning 1. Tool: SuperScan 3.0
2. Tool: NMap (Network Mapper)
3. Tool: NetScan Tools Pro 2003
4. Tool: ipEye, IPSecScan
Proxy Servers and Anonymizers
Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:
•
As firewall, a proxy protects the local network from outside access.
•
As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.
•
Proxy servers can be used (to some extent) to anonymize web surfing.
•
Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.
•
Proxy servers can afford some protection against hacking attacks.
Anonymizers •
Anonymizers are services that help make your own web surfing anonymous.
•
The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.
•
An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.
What are Keyloggers Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke. There are two types of keystroke loggers: 1. Software based and 2. Hardware based. Spy ware: Spector (www.spector.com) •
Spector is a spy ware and it will record everything anyone does on the internet.
•
Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.
•
Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.
Hacking Tool: eBlaster (www.spector.com) •
eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.
•
eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.
•
Within seconds of them sending or receiving an email, you will receive your own copy of that email.
Hacking Tool: (Hardware Keylogger) (www.keyghost.com)
•
eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.
•
eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.
•
Within seconds of them sending or receiving an email, you will receive your own copy of that email.
Hacking Tool: (Hardware Keylogger) •
The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.
•
It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.
Know More About Trojans and Backdoors A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user. •
It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.
•
Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.
Working of Trojans
•
Attacker gets access to the trojaned system as the system goes online
•
By way of the access provided by the trojan attacker can stage attacks of different types.
Various Trojan Types •
Remote Access Trojans
•
Password Sending Trojans
•
Keyloggers
•
Destructive
•
Denial Of Service (DoS) Attack Trojans
•
Proxy/Wingate Trojans
•
FTP Trojans
•
Software Detection Killers
Modes of Transmission •
Attachments
•
Physical Access
•
Browser And E-mail Software Bugs
•
NetBIOS (File Sharing)
•
Fake Programs
•
Un-trusted Sites And Freeware Software
Backdoor Countermeasures •
Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)
•
An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.
•
Educate your users not to install applications downloaded from the internet and e-mail attachments.
Denial Of Service Attack
Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.
What is a Denial Of Service Attack? •
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.
•
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack.
Types of denial of service attacks There are several general categories of DoS attacks.Popularly, the attacks are divided into three classes: •
bandwidth attacks,
•
protocol attacks, and
•
logic attacks
What is Distributed Denial of Service Attack? •
An attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.
•
This makes it difficult to detect because attacks originate from several IP addresses.
•
If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.
Windows IP Utilities
The following are the IP utilities available in Windows that help in finding out the information about IP Hosts and domains. These are the basic IP Hacking Commands that everyone must know! Please note that the the term Host used in this article can also be assumed as a Website for simple understanding purpose. 1. PING PING is a simple application (command) used available. PING command sends one or more requesting a reply. The receiver (Target Host) returns it back to the sender. This confirms that the host is said to be unavailable.
to determine whether a host is online and ICMP Echo messages to a specified host responds to this ICMP Echo message and the Host is online and available. Otherwise
Syntax: C:\>ping gohacking.com 2. TELNET Telnet command is used to connect to a desired host on a specified port number. For example Syntax: C:\>telnet yahoo.com 25 C:\>telnet yahoo.com NOTE: The default port number is 23. When the port number is not specified the default number is assumed. 3. NSLOOKUP Many times we think about finding out the IP address of a given site. Say for example google.com, yahoo.com, microsoft.com etc. But how to do this? For this there are some websites that can be used to find out the IP address of a given site. But in Windows we have an inbuilt tool to do this job for us. It is nslookup. Yes this tool can be used for resolving a given domain name into it’s IP address (determine the IP of a given site name). Not only this it can also be used for reverse IP lookup. That is if the IP address is given it determines the corresponding domain name for that IP address. Syntax: C:\>nslookup google.com 4. NETSTAT
The netstat command can be used to display the current TCP/IP network connections. For example the following netstat command displays all connections and their corresponding listening port numbers. Eg: C:\>netstat -a This command can be used to determine the IP address/Host names of all the applications connected to your computer. If a hacker is connected to your system even the hacker’s IP is displayed. So the netstat command can be used to get an idea of all the active connections to a given system.
What is Phishing ?
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. eBay, PayPal and other online banks are common targets. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures. Recent phishing attempts have targeted the customers of banks and online payment services. Social networking sites such as Orkut are also a target of phishing. Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack. In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address. TECHNIQUES BEHIND PHISHING ATTACK 1. Link Manipulation Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL
www.micosoft.com www.mircosoft.com www.verify-microsoft.com instead of www.microsoft.com 2. Filter Evasion Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. This is the reason Gmail or Yahoo will disable the images by default for incoming mails. How does a phishing attack/scam look like? As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. Here is an example of how the phishing scam email looks like
Example of a phishing e-mail message, including a deceptive URL address linking to a scam Web site. To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.
How to identify a fraudulent e-mail? Here are a few phrases to look for if you think an e-mail message is a phishing scam. “Verify your account.” Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail. “If you don’t respond within 48 hours, your account will be closed.” These messages convey a sense of urgency so that you’ll respond immediately without thinking. “Dear Valued Customer.” Phishing e-mail messages are usually sent out in bulk andoften do not contain your first or last name. “Click the link below to gain access to your account.” HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.
So the Bottom line to defend from phishing attack is 1. Never assume that an email is valid based on the sender’s email address. 2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email. 3. An email from trusted organization will never contain attachments or software. 4. Clicking on a link in an email is the most insecure way to get to your account.
Send Fake Email – Fake Email Pranks
Most of the email forging tutorials on internet will teach us how to send fake email connecting to SMTP server of the ISP or any other domain. But this is not possible since these hacks will no longer work today because SMTP of remote server will reject any attempts for unauthorised access. Also many of the websites offer you to send fake email from their sites where none of them work. So we have to run our own SMTP server on our computer to successfully send a fake email. SMTP server is a simple software program which can be installed on your computer in few seconds. SMTP server allows you to send fake email right from your desktop easily and effectively. Download QK SMTP server HERE. This is the SMTP server i am using in my tutorial. Once you download and install the server on your comp then you are all set to send fake email successfully.
PART A: CONFIGURING SMTP SERVER Once you have installed the QK SMTP server on your comp you must perform the following configuration. 1. Click on “Settings” button on the main screen,the Settings window pops up 2. On Settings window click on “Basic Parameter” tab 3. Set binding IP to “127.0.0.1″ 4. Set port to “25″ PART B: SENDING FAKE EMAIL (EMAIL FORGING) 1. Click on SMTP server icon on your desktop to start your SMTP server to run(The icon is shown on the notification area of the taskbar if it is running). If it is already running then this step can be ignored 2. Goto command prompt(Start-Accessories-Command prompt) 3. Type exactly as follows C:\>telnet 127.0.0.1 25 Here 127.0.0.1 is the default IP of every computer.25 is the port number. SO you are connecting to the SMTP server running on your own computer. This step is very importand to send fake email. NOTE: The IP 127.0.0.1 should not be substituted by any other IP. Heres the snapshot of what you see after step 3. Click on it to enlarge
4. After typing the telnet command in the command prompt you get entry to the server which displays the following message. The response of a OK SMTP server is given below. Message within Green color is only explanation. 220 Welcome to QK SMTP Server 3 helo hacker (Type helo & any name followed by space) 250 Hello hacker (Server Welcomes You) mail from:
[email protected] (email ID can be anything of your choice. This is the ID from which fake email appears to have come from) 250
[email protected] Address Okay (Server gives a positive response) rcpt to:
[email protected] (Type any valid recipient email address) 250
[email protected] Address Okay (Server gives a positive response) data (type this command to start input data) 354 Please start mail input From:Gates To:
[email protected] Date:Sat Jan 5,2008 9:45 PM Subject:Test to send fake email You can create as many headers followed by the “:” symbol. NOTE: HEADERS SHOULD NOT CONTAIN A LINE GAP. IF SO IT IS CONSIDERED AS BODY OF THE EMAIL. Press enter twice so that there is a line gap between the header & body data End the body of email by pressing [ENTER] .(dot) [ENTER] 250 Mail queued for delivery (Sever indicates that the email is ready for sending) quit (Type this command to quit from server) 221 Closing connection. Good bye. Connection to host lost (You will get the above 2 lines of message after typing “quit” command) (Your fake email is sent to the recipient) *****END OF EMAIL FORGING***** Here’s the screenshot for your convenience
Netbios Hacking
THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER. STEP-BY-STEP NETBIOS HACKING PROCEDURE 1.Open command prompt 2. In the command prompt use the “net view” command ( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME). Example: C:\>net view \\219.64.55.112 The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112″ is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address. 3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.
Example-1: C:\>net use D: \\219.64.55.112\F Example-2: C:\>net use G: \\219.64.55.112\SharedDocs Example-3: C:\>net use I: \\219.64.55.112\Myprint NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk. NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DIVE AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112″ is the IP address of remote computer that you want to hack. 4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer. Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”. NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address. HAPPY NETBOS HACKING!!
How to Write-Protect USB Flash Drive
Many a time, it becomes necessary for us to write protect our USB flash drive so as to protect it from viruses and other malware programs. Because flash drives are so popular and most widely used to move data between computers, they are the prime target for attackers as a means to get infections spread around the computer world. Also, since USB drive is not a Read-Only Memory (ROM), the data inside it can easily be modified or deleted by malware programs.
But unfortunately, most of the new flash drives do not come with a write-protect feature as the manufacturers wish to cut down the cost of production. Hence, the only way to writeprotect your USB flash drives is to enable this feature on your own computer. This can be done by adding a small entry to the Windows registry which acts as a switch that can be enabled to make use of the write protection or disabled to allow write access. Just follow these steps: 1. Open the Registry Editor (Open the “Run” dialog box, type regedit and hit “Enter”). 2. Navigate to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ 3. Create a New Key named as StorageDevicePolicies. To do this right-click on Control, and click on New->Key and name it as StorageDevicePolicies. 4. Now right-click on StorageDevicePolicies and create a New->DWORD (32-bit) Value and name it as WriteProtect.
5. Double-click on WriteProtect and set the Value data to 1. Now the right-protection for USB drives is enabled on your computer (no restart required) and thus it would not be possible for anyone or any program to add/delete the contents from your USB flash drive. Any attempt to copy or download the files onto the USB drive will result in the following error message being displayed.
To revert and remove the write-protection, all you need to do is just change the Value data for WriteProtect (Step-5) from 1 back to 0. Now write access to all the USB devices is reenabled. Sometimes it may seem difficult to remember and follow the above mentioned steps each time you want to enable/disable the write protection. Hence as an alternative way, there are many tools available to automatically enable/disable the write-protection feature. One of my favorite tool is USB Write Protect by Naresh Manadhar. Using this tool you can limit write access to your USB drives with just a click of a button. You can download this tool from the following link:
How to Trace Mobile Numbers
With the rapid growth of mobile phone usage in recent years, we have often observed that the mobile phone has become a part of many illegal and criminal activities. So in most cases, tracing the mobile number becomes a vital part of the investigation process. Also sometimes we just want to trace a mobile number for reasons like annoying prank calls, blackmails, unknown number in a missed call list or similar. Even though it is not possible to trace the number back to the caller, it is possible to trace it to the location of the caller and also find the network operator. Just have a look at this page on tracing Indian mobile numbers from Wikipedia. Using the information provided on this page, it is possible to certainly trace any mobile number from India and find out the location (state/city) and network operator (mobile operator) of the caller. All you need for this is only the first 4-digit of the mobile number. In this Wiki page you will find all the mobile number series listed in a nice tabular column where they are categorized based on mobile operator and the zone (state/city). This Wiki page is updated regularly so as to provide up-todate information on newly added mobile number series and operators. I have used this page many a time and have never been disappointed. If you would like to use a simpler interface where in you can just enter the target mobile number and trace the desired details, you can try this link from Numbering Plans. Using this link, you can trace any number in the world. By using the information in this article, you can only know “where” the call is from and not “who” the caller is. Only the mobile operator is able to tell you ”who” the caller is. So if you’re in an emergency and need to find out the actual person behind the call, I would recommend that you file a complaint and take the help of police. I hope this information has helped you!
How to Hack an Ethernet ADSL Router
Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a noob hacker just like you. In this post I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details. Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in the Default username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it. Before you proceed, you need the following tool in the process Angry IP Scanner Here is a detailed information on how to exploit the vulnerability of an ADSL router. Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down. Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for. Suppose your IP is 117.192.195.101, you can set the range something as 117.192.194.0 to 117.192.200.255 so that there exists atleast 200-300 IP addresses in the range.
Step-3: Go to Tools->Preferences and select the Ports tab. Under Port selection enter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.
I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Options instead of Tools
Step-4: Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image.
Step-5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or adminpassword.
Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below.
If you do not succeed to gain access, select another IP from the list and repeat the step-5. Atleast 1 out of 5 IPs will have a default password and hence you will surely be able to gain access. What can an Attacker do by Gaining Access to the Router Settings?
By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings. So the victim has to reconfigure the router in order to bring it back to action.
The Verdict:
If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack. Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model. Warning!
All the information provided in this post are for educational purposes only. Please do not use this information for illegal purposes.
How to Test the Working of your Antivirus – EICAR Test
Have you ever wondered how to test your Antivirus software to ensure it’s proper working? Well here is a quick and easy way to test your antivirus. The process is called EICAR test which will work on any antivirus and was developed by European Institute of Computer Antivirus Research. This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer. Here is a step-by-step procedure to test your antivirus. 1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad. EICAR Test code X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
2. Rename the file from New Text Document.TXT to myfile.com 3. Now run the antivirus scan on this myfile.com file. If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus. NOTE: Most antivirus will pop-out a warning message in the Step-1 itself You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. This test will cause no damage to your computer even though the
antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus.
Hack BSNL Broadband for Speed
If you are a BSNL broadband user, chances are that you are facing frequent DNS issues. Their DNS servers are just unresponsive. The look up takes a long duration and many times just time out. The solution? There is small hack on BSNL for this. Use third party DNS servers instead of BSNL DNS servers or run your own one like djbdns. The easiest options is to use OpenDNS. Just reconfigure your network to use the following DNS servers: 208.67.222.222 208.67.220.220 Detailed instructions specific to operating system or your BSNL modem are available in the OpenDNS website itself. After I reconfigured my BSNL modem to use the above 2 IP addresses, my DNS problems just vanished! Other ‘freebies’ that come with OpenDNS are phishing filters and automatic URL correction. Even if your service provider’s DNS servers are working fine, you can still use OpenDNS just for these two special features. After you hack BSNL DNS servers, you will see a noticeable improvement in your broadband speed
Customize Google to Improve Search Results
Google is indisputedbly the best search engine out there on the Internet, however there are a few ways by which you can customize Google and make it even better. I have got 3 best free Firefox extensions using which you can customize Google by adding extra useful information to your search results and remove unwanted informationlike ads, spam and click tracking so as to improve the overall searching experience. The following are the 3 best extensions for Firefox using which you can improve the search results.
1. OptimizeGoogle: Using OptimizeGoogle, you can get rid of text ads from Google search results, add links from about 10 other search engines, add position counter, product results and more. You can even filter your search results to see dead websites (using WayBack Machine) and remove click tracking so that you can search anonymously. Here is a list of some of the other useful features of this plugin.
1. Use Google suggest (get word suggestion while typing) 2. Add more security by using https wherever necessary 3. Filter spammy websites from search results page 4. Option to remove SideWiki 5. Add links to bookmark your favorite result 6. Add links to other news and product search sites To install the plugin, just visit the OptimizeGoogle page from your Firefox browser and click on the Download button. Once installed, you can enable or disable the customization options from the Tools -> OptimizeGoogle Options. After you customize Google to improve the search results, how about adding a feature that provides a way to preview the website in the search results itself? Here is a miracle Firefox extension to this job for us.
2. SearchPreview: SearchPreview (formerly GooglePreview) will insert thumbnail view of the webpage into the Google search results page itself so that you can take the guess work out of clicking a link. Just install the plugin, reload Firefox and you will have the SearchPreview at work. You can install this plugin from the following link. SearchPreview Download OptimizeGoogle and SearchPreview have made our search results smarter and faster. Now how about safer? Well you have another Firefox plugin to make your search results safer as well. Here we go.
3. McAfee SiteAdvisor: This is a free browser plugin that gives safety advice about websites on the search results page before you actually click on the links. After you install the SiteAdvisor plugin, you will see a small rating icon next to each search result which will alert you about suspecious/risky websites and help you find safer alternatives. These ratings are derived based on various tests conducted by McAfee. Based on the quality of links, SiteAdvisor may display Green, Yellow, Red or Grey icon next to the search results. Green means that the link is completely safe, Yellow means that there is a minor risk, Red means a mojor risk and Grey means that the site is not yet rated. These results will guide you to Web safety. SiteAdvisor works on both Internet Explorer and Firefox which you can download from the following link: McAfee SiteAdvisor Download I hope you enjoy these 3 plugins which make your searching experience a lot more simpler and safer. Here is a snapshot of all the 3 plugins at work.
A Virus Program to Disable USB Ports
In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program. Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports. 1. Download the USB_Block.rar file on to your computer. 2. It contains the following 4 files. •
block_usb.c (source code)
•
unblock_usb.c (source code)
3. You need to compile them before you can run it. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs. 3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).
4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected. 5. You can also change the icon of this file to make it look like a legitimate program. For more details on this refer my post – How to Change the ICON of an EXE file (This step is also optional).
How to Make a Trojan Horse Submitted by Srikanth on Sunday, 5 April 200981 Comments
Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works… Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer. Now lets move to the working of our Trojan The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup
program. This is because the Trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
The algorithm of the Trojan is as follows 1. Search for the root drive 2. Navigate to WindowsSystem32 on the root drive 3. Create the file named “spceshot.dll” 4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full 5. Once the drive is full, stop the process. You can download the Trojan source code HERE. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable. How to compile, test and remove the damage?
Compilation: For step-by-step compilation guide, refer my post How to compile C Programs. Testing: To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space. NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to remove the Damage and free up the space? To remove the damage and free up the space, just type the following in the “run” dialog box. %systemroot%\system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk. NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?
10 Tips for a Total Online Security
With the sudden rise in the Internet usage across the globe over the past few years, there has also been a rise in the amount of online scams and frauds. Today most of the Internet users are unaware of the most prevailing online threats which pose a real challenge for their safe Internet usage. As a result, Online Security has become a questionable factor for the most Internet users. However it is still possible to effectively combat online insecurity provided that the users are well aware of the common scams and frauds and know how to protect themselves. A study shows that over 91% of the Internet users are unaware of the online scams and are worried about their security. Well if you are one among those 91% then here is a list of 10 tips to ensure your total online security. 1. Always install a good antivirus software and keep it up-to-date. Also install a good antispyware to keep your PC away from spywares. Click Here for a list of recommended antispyware softwares. 2. Always visit known and trusted websites. If you are about to visit an unknown website, ensure that you do not click on suspectable links and banners. 3. Perform a virus scan on the files/email attachments that you download before executing them. 4. Regularly Update your operating system and browser software. For a better security it is recommended that you surf the Internet through the latest version of your browser program. 5. Never share your password (email, bank logins etc.) with any one for any reason. Choose a strong password (A blend of alphanumeric+special symbols) and change it regularly, eg. every 3 months. Avoid using easy-to-guess passwords. (ex. pet’s name or kid’s name) 6. Always type the URL of the website in your browser’s address bar to enter the login pages. For ex. To login to your Gmail account type http://mail.google.com 7. Before you enter your password on any login page, ensure that you see https instead of http. ex. https://mail.google.com instead of http://mail.google.com. HTTPS protocol
implements SSL (Secure Sockets Layer) and provide better security than a normal HTTP. For more information on HTTPS and SSL see Know More About Secure Sockets Layer (SSL). 8. Beware of phishing emails! Do not respond to any email that request you to update your login details by clicking on a link in the body of the email. Such links can lead to Fake Login Pages (Spoofed Pages). For more information on phishing refer What is Phishing?. Also refer How to Protect an Email Account from being Hacked. 9. Always hit the logout button to close your login session rather than abruptly terminating the browser window. Also clear your web browser caches after every session to remove the temporary files stored in the memory and hard disk of your PC. 10. Avoid (Stop) using any public computers or computers in the Internet cafes to access any sensitive/confidential information. Also avoid such computers to login to your email/bank accounts. You cannot be sure if any spyware, keystroke-logger, password-sniffer and other malicious programs have not been installed on such a PC. By following the above 10 tips your online security can be guaranteed upto 90%. I hope this will help my readers for keeping themselves safe from any of the online insecurities.
How To Hack Facebook January 7, 2011 by Suraj Kayastha Filed under Articles, Facebook Hacks, Hacks Leave a comment Wanna to learn how to hack facebook. This is complete step by step tutorial that explains how to hack facebook with fake login page, how to hack facebook with sniper spy and how to hack facebook to view private pictures .
1) How To Hack Facebook – Phishing Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages. So , we’ll create login page taht resemble the original facebook login page. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away.
Step 1 Download fake facebook login page from this link . Upload all downloaded files to web hosting that supports php language, . I recommend 000webhost.com , it’s free and has all what you need.
Step 2 Login to your web hosting and upload files to root folder (root folder in 000webhost is /public_html), if you want to upload it to other folder then you’ll need to change facebook.htm code , action=”/login.php” , replace with action=”/yourFolder/login.php”. Below are instructions how to upload files to 000webhost.com , for other web hosting services is similar. Launch Cpanel , go to File Manager and upload.
Step 3 Select FacebookPasswords.htm and Pass.php and click on Chmod. Set the permissions to 777
That is it. Send url of the fake facebook login page to the person you want to hack .
2) How To Hack Facebook – Sniper Spy (Remote Install Supported) SniperSpy is the industry leading Remote password hacking software combined with the Remote Install and Remote Viewing feature.Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s! This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access! Do you want to Spy on a Remote PC? Expose the truth behind the lies! Unlike the rest, SniperSpy allows you to remotely spy any PC like a television! Watch what happens on the screen LIVE! The only remote PC spy software with a SECURE control panel! This Remote PC Spy software also saves screenshots along with text logs of chats, websites, keystrokes in any language and more. Remotely view everything your child, employee or anyone does while they use your distant PC. Includes LIVE admin and control commands!
SniperSpy Features: 1. SniperSpy is remotely-deployable spy software
2. Invisibility Stealth Mode Option. Works in complete stealth mode. Undetectable! 3. Logs All Keystrokes
4. Records any Password (Email, Login, Instant Messenger etc.)
5. Remote Monitor Entire IM Conversations so that you can spy on IM activities too 6. Captures a full-size jpg picture of the active window however often you wish 7. Real Time Screen Viewer 8. Remotely reboot or shutdown the PC or choose to logoff the current Windows user 9. Completely Bypasses any Firewall What if i dont have physical acess to victims computer?
No physical access to your remote PC is needed to install the spy software. Once installed you can view the screen LIVE and browse the file system from anywhere anytime. You can also view chats, websites, keystrokes in any language and more, with screenshots. This software remotely installs to your computer through email. Unlike the other remote spy titles on the market, SniperSpy is fully and completely compatible with any firewall including Windows XP, Windows Vista and add-on firewalls. The program then records user activities and sends the data to your online account. You login to your account SECURELY to view logs using your own password-protected login. You can access the LIVE control panel within your secure online account. Why would I need SniperSpy? Do you suspect that your child or employee is inappropriately using your unreachable computer? If yes, then this software is ideal for you. If you can’t get to your computer and are worried about the Internet safety or habits of those using it, then you NEED SniperSpy. This high-tech spy software will allow you to see exactly what your teenager is doing in MySpace and elsewhere in real time. It will also allow you to monitor any employee who uses the company computer(s). DOWNLAOD SNIPER SPY
3) How To Hack Facebook – View Private Pictures This hack will enable you to view private pictures in facebook by adding a link above photos to see them in their albums, even if you’re not their friend. We’ll be using Greasemonkey script for firefox.
This hack will add a link above such photos with a link saying “See this Photo in its Album”. Clicking this link will reload the photo, but you’ll be viewing it inside the album that you couldn’t view without this hack. When you’re viewing a photo that is in an album like this, the script (Greasemonkey script) will now add a link above the photo that says “Back to Album”. This will remove the photo from the page and load a thumbnail gallery of all photos in the album. When viewing all photos of a user, on the page that shows photos of them and their albums etc., a link is added at the top to view all photos of them on one page. This script however cannot get around Facebook’s security, so you will not be able to view photos that you can’t otherwise view. Before I teach you how to apply this hack, I’ll be assuming that you are using Firefox Browser and have Greasemonkey script addon installed on it. Click here to download Greasemonkey Script addon for firefox. After you are done installing Greasemonkey Script, restart your firefox. Now download the following script by clicking on the link below: DOWNLOAD SCRIPT When you click the link above, you’ll be welcomed to the screen similar this:
Click on Install, restart firefox if needed. Now the script you applied will be working forever.
Remove Copying, Printing, Page Extraction Restrictions From PDF Files We have to download a lot of data from Internet. And if you have to download a text file, most probably you will find it in the pdf format. But with the pdf document, there are lot of restrictions that come along with them. We cannot print, copy or fill the data. Like if I want the hard copy of that document, I am unable to do it. And if I use various convertors, I found the data to be in distorted format. It is probably of no use anymore. So, I tried to find the solution that the restrictions should be removed in the pdf format only. So, I found a freeware known as SysTools PDF Unlocker. SysTools PDF Unlocker is a small freeware of 1.67 MB. It will remove certain restrictions from the pdf documents and allow the user to have access to those actions. The user interface is shown in the snapshot below. The actions from which the restrictions will be removed are: printing, content coping, content copying for accessibility, page extraction and filling of form fields.
You have to follow few simple to remove the restrictions. Open the required pdf document. As shown, the restricted actions will be displayed. Then you have to select the destination where you want to store the unlocked file. Click on Unlock PDF. And the process will be done in few seconds.
After the completion of the process, all the options will be check marked which have been unlocked and you can access. The new document will be saved with the name Unlock-. I found the tool to be very useful. Now, I can use all the PDF documents in the way I want to use them.
One of the major problems with the tools is that every page is watermarked with the name of tool (SYSTOOLS DEMO). The watermark is too dark to read the text behind. Also, a blank page is inserted after every page. The page shows the link to the developer’s webpage and logo of the tool. Both these things creates troubles while using the freeware. Taking the print out of that document will directly double the cost and a lot of wastage. Otherwise, we can consider the freeware as a vey good option as the users face a lot of problems while using the pdf documents. The freeware has been tested on Windows 7 and is compatible with the other versions also. Download SysTools PDF Unlocker
