Facebook Hacking | Hacking Tools | Facebook Hacking Tool | Twitter Hacking | Crash Website | Hack Gmail Account
Home / Archives for December 2011

Pak Cyber Combact Squad hacked 84 NATO(UK) sites

Posted by Deepanker Verma Tuesday, December 27, 2011 0 comments
Pak Cyber Combact Squad has again done a mass deface. This time websites are from UK, not from India. If you are the regular reader of my website, you surely know the name of the group as it has defaced more than 150 websites in last 15 days. The group is too active these days.

This is the list of the hacked website

  • http://alientalking.com/

  • http://bluemoonpsychic.com/

  • http://castalovespell.co.uk/

  • http://castaspell.co.uk/

  • http://catalinacroft.com/

  • http://catalinacroftblog.com/

  • http://gaygirlmates.com/

  • http://empathicedge.com/

  • http://astudioempathica.com/

  • http://lastudioerotica.com/

  • http://livecatalina.com/

  • http://livecatalinachat.com/

  • http://love-magic.co.uk/

  • http://lovespellstore.co.uk/

  • http://magiclovespells.co.uk/

  • http://perfectpekins.com/

  • http://perfectpekinsforum.co.uk/

  • http://perfectpekinspost.co.uk/

  • http://sexypsychicwitch.co.uk

  • http://sexypsychicwitch.com/

  • http://http/://www.1st-light.net

  • advancedvaleting.co.uk/

  • anchor-it.co.uk/

  • andylangfordsongs.co.uk/

  • beckenhamblinds.co.uk/

  • bentleysburgundy.com/

  • bluedevs.co.uk/

  • blueleaflandscapes.co.uk/

  • britoriatravel.com/

  • cautleyhouse.org.uk/

  • ceramicsbymelanie.co.uk/

  • christinebouquet.eu/

  • clinident-uk.co.uk/

  • clinident-uk.com/

  • clinijel.co.uk/

  • clinijel.com/

  • cocodellic.co.uk/

  • csrmetal.co.uk/

  • dacarsuzuki.co.uk/

  • filmyourevent.co.uk/

  • gravity-training.co.uk/

  • greenliteltd.co.uk/

  • hallidaymarx.com/

  • handdee.co.uk/

  • homeexchange50plus.com/

  • icepromotions.co.uk/

  • jarvisblake.com/

  • kestoncattery.co.uk/

  • legworkuk.com/

  • michaelmiles.co.uk/

  • michaelmiles.me.uk/

  • mojitos-bromley.co.uk/

  • myhomebromley.co.uk/

  • myhometws.com/

  • niche8.co.uk/

  • nottinghamgroundsmaintenance.co.uk/

  • npmhomesandgardens.co.uk/


They have also posted a deface message on the website



US and NATO Forces are involved in Organised butchary of Human race since it's inception.
They overthrow governments of sovereign nations and they undermine, threaten, refuse to recognise and seek to destroy
democratically elected governments like they are in Gaza, Palestine.

They support dictators as long as they are fulfilling US, EU & NATO interest in the region like they did in Pakistan
and Saudi Arabia.

In Iraq, Afghanistan, Pakistan, Libya at all they are killing Men,women & Children indiscriminately! And for what?
Certainly not to protect civilians as they will have you believe, rather to steal the natural resources of said nation
and to install a puppet regime who they can dominate for their own ends.

You speak of Freedom of speech and freedom of expression but you remain silent in the face of a people desire to seek
freedom to exist - unless those people are Israeli Zionists!

Hypocrisy of this magnitude will bring the chickens home to roost and not peace and security as is your mantra!

Categories: ,

How to add profile pics in facebook chat

Posted by Deepanker Verma Sunday, December 25, 2011 0 comments
Facebook has added a new feature in chat. Now users can add faces to chat. here faces means profile pic of a person or group. You need to know profile id or username of the group or person whose pic you want to add on tha chat window.



follow these steps to add faces to chat-

  • Get the username or profile id of the person of the group.

  • Now write in chat [[username]] or [[user id]] and press enter.

  • See the magical effect.

Categories: ,

How to send password protected Email

Posted by Deepanker Verma 0 comments
Now a days, Email is the most common media for information interchange. It is used by most of the working person. Most of the popular email servers such as GMail, Yahoo mail, Hotmail and many other provide this email service for free. Users need to create a free account and then they can use their account for sending and recieveing emails.


But Cyber criminals are always try to hack passwords of users email account to read emails and misuse the account. Do you know? you can also protect each mail sent by you with a password for better information security. If some one maneged to get into the account, he would not be able to read the email without knowing the password. To send the password protect email, you have to use a third party service named as LockBin
  • go the link http://adf.ly/54hxG
  • Fill the form and send the mail. And also inform receiver that you have sent the mail and password as well
  • Recipient will get the email with a link. To read the email, he will have to go the link and verifiy the password which you have entered while sending the email.
  • After submitting password Receiver can view message.
This service is free and easy to use. So use this for secure communication over the internet.
Categories: , , , ,

MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & CrackingTool

Posted by Deepanker Verma Saturday, December 24, 2011 1 comments



MysqlPasswordAuditor is the FREE Mysql password recovery and auditing software. Mysql is one of the popular and powerful database software used by most of the web based and server side applications.


If you have ever lost or forgotten your Mysql database password then MysqlPasswordAuditor can help in recovering it easily. It can also help you to audit Mysql database server setup in an corporate environment by discovering the weak password configurations. This makes it one of the must have tool for IT administrators & Penetration Testers.
Features
  • Free and Simple software to Recover/Audit Mysql Password.

    •
  • Very useful for IT administrators & Penetration Testers

    •
  • Dictionary based Password Recovery method

    •
  • Detailed statistics such as tested passwords, elapsed time, progress bar is displayed during Audit operation.

    •
  • Simple, easy to use GUI interface

    •
  • Integrated Installer for local Installation & Uninstallation.



Download Here:
http://securityxploded.com/download.php#mysqlpasswordauditor 
Source:
http://securityxploded.com/mysql-password-auditor.php
Categories: , ,

How to Create Fake Email Sender and Send Spoof Emails

Posted by Deepanker Verma Friday, December 23, 2011 0 comments

What is Fake Mail Sender

Fake Mail sender are those websites that allow users to send fake emails. Fake emails means, users can decide the sender's email id too. So users can send emails that can pretend to come from any email id they wish to show.

For exmaple: I can send email to any person which will pretend to be come from Mark Zuckerberg (mark@facebook.com). 

It does not matter whether the sender's email id which we want to show exists or not. We can send email from any email id we can think.
Sending fake email or email spoofing is really easy as there are many websites available online for this. You can get hundreds of results by searching in Google. But you can also create your own fake email sender website to send fake emails. For this, you need to have follwing things
  • A website hosting account with PHP mail support
  • PHP email sending script
You can easily get some free web hosts which support php and mail. But You need to know some php for hosting your own fake mail sender. You can create a form to get user input for sender and receiver email addresses and message. Then use mail() in php to send the mail.


mail($to, $subject, $message, "From: $from");


But most of use do not know php well. They can download a good fake mail sender script by this link.



After downloading the script, go to your hosting account and upload the script. Now run the script and send fake emails. This script records each messages being sent and stores it in the database. You can easily modify it as your wish.
Categories: , ,

sslyze – SSL Configuration Scanner

Posted by Deepanker Verma Sunday, December 18, 2011 0 comments
Have you ever notice the URL of Gmail, twitter or other popular website. You will notice https instead of http. It is TLS(Transport Layer Security, commonly called SSL). This is used for secure website connection to protect user data from being theft. As hackers are highly active these days, it is important to secure website against most common attacks.


Only implementation of SSL is not the thing which will make your website secure. There are some configurations which can be done properly. Misconfiguration always lead to a big security hole which can be harmful.


How to know if your server is properly configured?


sslyze is a free software which is used for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.


It is an python script which scans for simple SSL misconfiguration, but using it with some available plugins improves its performance.


Features:
  1. Insecure renegotiation testing

    2.
  2. Scanning for weak strength ciphers

    3.
  3. Checking for SSLv2, SSLv3 and TLSv1 versions

    4.
  4. Server certificate information dump and basic validation

    5.
  5. Session resumption capabilities and actual resumption rate measurement

    6.
  6. Support for client certificate authentication

    7.
  7. Simultaneous scanning of multiple servers, versions and ciphers





Categories: , ,

uCertify CEH v7 prep kit - [Review]

Posted by Deepanker Verma 0 comments
uCerifty is a well known institute for e-learning which provides study materials for various certification courses. As  i write about hacking and security related stuffs in this blog. So i have decided to write something about the CEHv7 prep kit of uCerifty. This perpkit is for those who are looking for Certified Ethical Hacker version 7 examination. V7 is the latest version of CEH certification from EC-Council.

I recently got the uCertify pre kit and this have some interesting things which i want to share with all my readers. This prepkit is divided in some sections to help students while studying.  These sections are "study material", "practice" and "track progress". If you take a look on the course of CEH7, you will surely think that this section wise study material is really helpful for preparation.

When i accessed the "study material" section i got many sub sections for easy access the tutorials which i want to read. Every thing is organized in a good manner. Study notes are in short and easy to understand. But those who are looking for a primary guide for CEH will not find it useful because it is good for your final preparation. It does not have detail description of any topic. Articles are basically copied from the Wikipedia but having everything at one place is better than searching it in Google again and again.

 Practice Section is the main part of the kit. It contains some practice test which will give you a better idea to know how prepare you are for the upcoming CEH exam. You can also customize the tests to know better about your preparation.

 It also have a track section to track and measure your performance on various topics and tests. This will help you to know about your weakness. You can then try hard on them.

 I have mentioned all the things the kit contains. It costs $119.

 Why to buy: If you are looking for a better practice environment before the original exam. For quick revision and easy notes.

 Why not to buy: If you have already prepared good notes and do not want to invest more money.

 Get this kit from www.uCertify.com
Categories: ,

Facebook worms again hitting user profiles

Posted by Deepanker Verma Friday, December 16, 2011 2 comments
Users of facebook are again in trouble due to the new scam called "Yeahh!! It happens on Live Television!". This is spreading rapidly among the users. In this a semi nude pic is shown to attract the users and force them to click on the video link. The lady shown in the video post is Marika Fruscio an Italian Model, She had Wardrobe malfunction on a live TV show. Once a user clicks on the video link, it asks for age verification which is actually a hidden link. On click this executes the javascript code which posts the same link with yout contacts. And it aks for a survey to see the video. Thus scammer makes money each time a user go for the survey.

how to protect from these scams:

The only thing you need to do to protect yourself is self control. Do not try to open this type of strange videos. These can be identified by the messages posted with videos. You should also report these as spam to help facebook to control these scams.
Categories: , ,

Download Hacker ToolBox kit V.01

Posted by Deepanker Verma Tuesday, December 13, 2011 0 comments


All latest tool need to hack any email account, facebook account or system.

  • Email id hacking tools

  • Remote Keyloggers

  • Remote system control

  • Remote monitoring tool

  • Sniffers

  • Packet analyzer and stealers

  • DDOS tools

  • Fully undetectable Trojans

  • email id tracing tools

  • IP tracing tools

  • LAN hacking tools

  • Stegnography tools

  • Cryptors

  • keyscrambler

  • FUD Gmail hacker

  • Wifi hacking tool


The best tools used by industry experts will be provided with this kit.

 

 

 
Categories:

Social-Engineer Toolkit (SET) – Introduction [Video]

Posted by Deepanker Verma 0 comments
This is the video tutorial which will introduce you with social engineer toolkit. The video will give you a brief introduction into the toolkit and give a detailed explanation of the SET configuration file that can be used to customize SET to add or remove functionality within the tool.

Categories: , , ,

The Social Engineer Toolkit (SET) v.2.5 Released

Posted by Deepanker Verma Monday, December 12, 2011 0 comments
The Social Engineer Toolkit (SET) (Codename: “Rippin and Tearin") has been released.

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. This latest release has improved the kit with some more features and enhancements of existing attack vectors.

Changelog:

  •  rehaul of site cloner, it now injects into body properly and leverages unc, redirection, and others properly

  •  redid a few options on repeater.database, unc.database to make more streamline

  •  fixed bugs with java repeater

  •  added more granularity around how repeater operates and functions when on different webpages

  •  added ability to inject into tags first and if not found then it injects into tags

  •  added ability to render even when flag is being used versus

  •  added more stability to the Java Applet.jar and backup routine for redirect to websites

  •  bug fix in website cloner

  •  rewrote portions of java applet to gain more stability around java repeater as a fallback

  •  added better handling around unc database and fixed a bug when in the wrong loop within cloner.py

  •  established a baseline fallback for java applet


Download:

Categories: , ,

BeEF 0.4.2.12 alpha Released - Browser Exploitation Framework

Posted by Deepanker Verma 0 comments
The Browser Exploitation Framework (BeEF) released the latest version. BeEf is the powerful security tool that provides security professionals to work on attacks more practically. This tool focuses on browsers vulnerabilities to access the target.

BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port scanning, keylogging, TOR detection and more.
Download Here:
http://code.google.com/p/beef/downloads/list

Categories: , ,

XSSer v.1.6 beta released

Posted by Deepanker Verma Sunday, December 11, 2011 0 comments
XSser (Cross Site Scripter) is an automatic tool to detect and exploit XSS vulnerabilities of a web application and websites. This script is a powerful tool to inject code in a Web application.

This new version has added few more features which makes it more powerful than before.
See the example and learn how to use:
http://xsser.sourceforge.net/#examples

Download:
http://xsser.sourceforge.net/#download
Categories: , ,

Hacker redirects Google, Gmail, YouTube, Yahoo, Apple, Microsoft, Hotmail, Linux, Samsung website to deface page

Posted by Deepanker Verma Tuesday, December 6, 2011 0 comments
A hacker have managed to attack on some hogh profile websites. Website were showing a deface page which says that the websites are hacker by AlpHaNiX. He attacked on websites of Google, Gmail, YouTube, Yahoo, Apple, Microsoft, Hotmai, linux, samsung. All websites are hacked on domain .cd wich belongs to Democratic Republic of Congo.


Website servers are safe. He managed to poisoned the DNS cache of the DNS server which was redirecting users to wrong IP address. So all the users requesting for the website were sent to deface page.

The same attack was performed almost 11 months ago on the website of Google bangladesh in which tiger mate defaced the Google bagnglasesh with the same DNS cache attack.
Categories: ,

How to hack a website with Havij - SQL injection

Posted by Deepanker Verma Monday, December 5, 2011 1 comments
SQL Injection is one of the most found vulnerabilities in the websites and web applications. Developers know how to kow the website but they eaasily forget to filter the date sent to the website in forms and queries. This mistake makes website vulnerable to SQL injection. I have already post many Automatic SQL injection tool in this website. But most of the reader found it difficult to use the tool SO here i am gloing to write about the most famous SQLi Tool which do all the work for you and extract the whole database of the vulnerable website.



If you do not have Havij, then download fromthe given link.


http://hackingtricks.in/2011/09/download-havij-1-1-5.html
http://www.itsecteam.com/en/projects/project1_page2.htm


It was my older post. And if the link is dead. then try to Google it.


Now run the tool in your system. I am not including the detailed snapshots because i do not want to target on a website at a public post.


Enter the target URL with a query string as a get parameter. http://targetwebsite.com/index.aspx?id=12


Then click on analyze.


The tool will scan the website and will give the details about the server and technology it is using.


After the tool had done with its work and found the name of the database.


Now click on Tables to fetch the tables of the database. After the tables have been retrieved by the tool, you can easily fetch the data inside the tables.


Tool also has the cmd shell to execute the cmd commands on the server and MD5 tool to ctrack the passwords stored in the MD5 hash.


Comment below if found any problem with the tool
Categories: , ,

The Mole – Automatic SQL Injection SQLi Exploitation Tool

Posted by Deepanker Verma Saturday, December 3, 2011 0 comments
I have already posted many automatic SQL injection Tools. Now one more advance automatic sqli tool which is easy to use. It only takes URL and the valid string to detect the injection and exploit.



Features:

  • Support for injections using Mysql, SQL Server, Postgres and Oracle databases.

  • Command line interface. Different commands trigger different actions.

  • Auto-completion for commands, command arguments and database, table and columns names.

  • Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.

  • Developed in python 3.

Download for Windows

Download for Linux


Categories: ,

Download Advance Port Scanner

Posted by Deepanker Verma Thursday, December 1, 2011 0 comments


Advance Port scanner is a small light weight but a powerful port scanner. Only type Ip address of the computer and the scan for all ports.

It uses a multithread technique, so on fast machines you can scan ports very fast. Also, it contains descriptions for common ports, and can perform scans on predefined port ranges.

Download here:

Categories: , , ,
Featured FREE Resource:
X




Security Tools

Loading...
Share
Get This

About Me

My Photo
Deepanker Verma
I am Deepanker Verma. A computer geek, Security researcher blogger and software developer. I have deep interest and Information security and web development and try to learn new things. you will see my blogs on hackingtricks, TechlomediaWebtips and Usethistip.

I was also honoured by Apple, Ebay, Symantec, PandaSecurity and various other computer software giants for my security work for their company. I also contribute on some opensource projects regularly.

I also own a web app called NoteDIP that allows users to send self-destructive messages with password protection.

You can add me to circles to get my daily tips :)

View my complete profile

Partners

Blog Archive

Copyright © Hacking Tricks. All rights reserved. Blogger template designed by BLog Bamz