Hacking Tricks

WATOBO is a nice tool for website security testing. This security tool is intended to enable security persons to perform efficient security audits on web applications. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only.WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite.

Sessionthief is the best tool to hack into another email accounts of facebook accounts in open wireless connections. it has the ability to hack into most websites accounts of another user on the same LAN is logged into.
sessionthief tool performs HTTP session cloning by cookie stealing on the insecure LAN and let you use that cloned session to access other's account.

Some months ago, i posted about the XSS in product search page of rediff. But this time it's on the login page of it. Rediff is a famous website and many people use this as a email service. Now it's a shocking news for those who are the user of rediff. Rediff.com login page is vulnerable to XSS.
This type of vulnerability should not be there is such type of famous websites. You can see the snapshot above. 
Alexa rank of this website is 144

Process Hacker is a nice software which helps users to view and manage the processes and their threads, modules and memory from their computers. Process Hacker is a feature-packed tool for manipulating processes and services on your computer.


features of Process Hacker:

Two hackers have successfully built a device which is capable of connecting to wireless networks in range. It is also capable of then altering the Web content users access. It is built by Julian Oliver and Danja Vasiliev and has already been tested in cafe shops of Berlin.

cross-site-scripting (XSS) vulnerability has found in website careerlaunch.jpl.nasa.gov. You all know about Nasa and also that the information in this website is very important. This type of security holes shouldn't be there.
Alexa rank 778 .
You can see cookies in above snapshot

It is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection and exploitation.

Google is now ready to use 2 step account authentication scheme. This is the advance 2 step security for google accounts in which 1st authentication is you traditional user name and password and second is a one time code. This one time is the key factor of security.


most of the people use only alphabatical passwords which are easy to crack using bruteforce attack. And now a days hackers are active more than enough. And there are many websites which have information on hacking accounts so it was important to increase security so that common people can use accounts whithout any extra knowledge of protection.

AutoRun is the feature which automatically parses autorun.inf files found on removable media devices, such as USB memory sticks, external HDDs, and other removale storage media.
Microsoft has released an optional software update yesterday to restricts the AutoRun functionality on older Windows operating systems, therefore blocking a common malware propagation vector. This is very helpful in protecting your system from this type of autorun malwares.


For many years security experts have tried to fight against it, because it poses more security risks than usability benefits and is constantly abused by malware.
Microsoft recognized the dangers and limited it's functionality by default in Windows 7 and Windows Server 2008 R2.
However, for older versions of Windows, such as XP, Vista, Server 2003 and Server 2008, the company only provided a fix that needed to be manually downloaded and installed.
That changed yesterday, when KB971029 was released as optional through Windows Update.
http://support.microsoft.com/kb/971029

Auto Save Passwords Without Notification in Firefox


Hey friends. Today i am going to write about a simple firfox hack which helps you to hack your friends easily. When ever you try to login in any account, firefox shows a notification asking for store user name and password for this website. But aftre using this trick it will never ask to store the password but it would atomatically store all the password. Its ideal trick if you want to get someones login details who uses your computer.

Advanced IP Scanner is a fast LAN scanner for Windows. It is very easy to use and give you various types of information about local network computers in a few seconds. It gives you one-click access to many useful functions – remote shutdown and wake up, Radmin integration and more! Powered with multi-thread scan technology, this program can scan hundreds computers per second, allowing you to scan ‘C’ or even ‘B’ class network even from your modem connection.

Facebook Survey Scam Toolkits Sold on the Black Market at 25$

Websense Security researchers have found a toolkit for creating CPALead-based Facebook scams. It is being sold on the underground market for a very cheap price $25.
Tinie's App V3 is basically a viral facebook application script. This script is designed to work in conjunction with CPALead surveys. The toolkit can generate a scam's landing page, that serves as propagation mechanism and the survey dialogs. 

If you want to protect your browser by password , you can do it easily in chrome by using a simple add on. Why do you need to protect your browser by password?? You know better.. yeah..
If you use remember me option in many websites login, you should have to protect your browser for your accounts protection. 
Use Simple Startup Password chrome extension which you can find in chrome's extension gallery.

Blackbuntu is an environment for penetration testing. This operating system was specially designed for security training students who practice for information security. It is Ubuntu based distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10 and work on reference Back|Track. 
Many new features are added to V.2.0
you can download this new version of Blackbuntu operating Systemfrom the link given below.


Download:
Blackbuntu

Apache is the most widely used web server over the internet on Linux machines. For better and reliable performance you need to protect your web server from hackers. Here i am going to write some steps which can help you in protecting your web server from hacker. "I am writing this article from some references and apache security tips."




1-Update you apache at regular interval
You should update your linux at a regular interval of time.  If you have installed it from source, make sure that upgrade is not going to break any modules or dependencies your Web site has. And if you update Apache, make sure PHP (if used) is updated as well.  New holes and security risks are found all the time. You have to ready for that. 

NiX Brute Forcer is a password cracking tool. This tool uses brute force  attack in parallel to log into a system without having authentication credentials. This password cracking tool supports variety of services which allow remote authentication such as: MySQL, SSH, FTP, IMAP. It is based on NiX Proxy Checker. This tool demonstrates the importance of choosing a strong password for secure login. Brute force attack is really a strong attack against passwords.


Read Changelog here:
http://myproxylists.com/NIX_BRUTE_FORCER.CHANGELOG



Features

• Basic Authorization & FORM support in both standard and HTTPS (SSL) mode
• FORM auto-detection & Manual FORM input configuration.
• It is multi-threaded
• HTTP/SOCKS 4 and 5 proxy support
• With Success and Failure Keys results are 99% accurate
• Advanced coding and timeout settings makes it outperform any other brute forcer
• Wordlist shuffling via macros
• Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy
• Integrated proxy randomization to defeat certain protection mechanisms

Download Here:
http://myproxylists.com/NIX_BruteForce.bz2


Read MOre:
http://myproxylists.com/nix-brute-forc