Facebook Hacking | Hacking Tools | Facebook Hacking Tool | Twitter Hacking | Crash Website | Hack Gmail Account
Home / Archives for January 2012

FatCal - Automatic SQL Injection tool

Posted by Deepanker Verma Monday, January 30, 2012 2 comments



FatCat is an automatic SQL injection tool. This tool is useful for testing SQLI vulnerabilities of a web application. This tool can extract whole database data. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability.


Features:  
1)  Normal SQL Injection 
2)  Double Query SQL Injection   


In Next Version:   
1)  WAF bypass 
2)  Cookie Header passing 
3)  Load File 3) Generating XSS from SQL   


Requirement:  
1)  PHP Verison 5.3.0 
2)  Enable file_get_function  


Download:
http://code.google.com/p/fatcat-sql-injector/downloads/list
Categories: , , ,

How to remove adware, trojan, spyware, keyloggers and worms from the computer

Posted by Deepanker Verma Sunday, January 29, 2012 1 comments





Now a day, we can not think our life without internet. But internet also comes with various computer threats. While we are surfing some website, there are some possibilites that our system is getting infection.


Your PC is probably infected with adware & spyware if:

  • You have downloaded music online
  • Your PC is running extremely slow
  • You are pestered by those horrible popup ads
  • Your homepage keeps changing



What is Spyware and Adware?
Spyware and Adware is software made by publishers that allow them to snoop on your browsing activity, invade your privacy, and flood you with those horrible popups. If you are like most users on the internet, chances are you are probably infected with these applications. That is why we have designed our revolutionary product.


Why does Spyware and Adware affect every internet user?



  • All information you enter via the web can be intercepted 
  • Unauthorized sites can add themselves to your desktop (icons) 
  • Unauthorized sites can add themselves to your internet favorites 
  • Your browsing activity can be tracked and monitored
  • Unwanted toolbars and searchbars can attach themselves to your browser without your knowledge or approval
  • Your personal information can be sold to other parties without your knowledge or consent 
  • Your default homepage and settings can be hijacked so you can't 
  • change them 
  • These malicious components not only invade your PC so they can not be removed, but take up your hard drive space and slow down your PC!
  • To protect our system and data, we need some good tools which can protect our system. No adware is a nice tool with great technology. This protects your system and data from various type of threats. 



Download it from here
Categories: , ,

How to Hack Facebook Account Password

Posted by Deepanker Verma Friday, January 27, 2012 8 comments


When we talk about hacking, people start thinking of Facebook hacking. This is the only hacking which every persons want to try. Facebook is the hot topic on my website's comment section. People also send me requests to write about easy way to hack Facebook account. So I am writing now a easier way to hack Facebook account. 

 Read Most popular and all time hit ways to hack Facebook account.


We can not say it a trick. It is a full length process in which we prepare a hacking tool and then try to hack password of the person. We will use a remote keylogger to hack the password of a Facebook account. 
First of all I want to say something about the keylogger, I am going to use in this hack. We will use winspy here. This is one of the best keylogger available in the market.. It is really safe and comes with customer support. If you are looking for any Facebook hacking tool, i think this one is best. If you are not good in hacking or something like this, you can still use this software easily.

 The only thing which can create a trouble for you is its price. But it costs very less and you can afford it if hacking a account is so much important to you.  If you really want to hack Facebook account, this is the best.
All the free versions of this keylogger hosted some file hosting website comes with Trojan. So I will recommend to buy the tool rather than using the Trojan binded version available for free.
Warning: Hacking into someone's Facebook account falls under the cyber crime. So we will not responsible for anything you do with the help of this post.

 Download WinSpy Here 


This is the kelogger which will send you the password of the facebook account direct in your email.


1. First of all get your Winspy keylogger. Download it from the link given below


2. After downloading, run the program and create the user id and password  Remember this password as it is required each time you start Winspy and even while uninstalling.
3. Then a new dialogue box will open to show you the hotkey (Ctrl + Shift + F12 ) to start keylogger.
4. Now press the hot key written in last step to go to the login form and enter login details to login.
5. Now you are on main screen of the software. Click on remote at top and then remote install.
user – type in the victim’s name
file name – Name the file to be sent. Use the name such that victim will love to accept it.
file icon – keep it the same
picture – select the picture you want to apply to the keylogger.


In the textfield of “Email keylog to” , enter your email address. 
6. click on “Create Remote file”.

Now send this file to the person you want to hack. If victim runs this on his system, you will get all his keylogs in your email. Check keylogs for the password of the victim


see the video below and learn how to use WinSpy


Categories: , ,

HconSTF v0.4 Fire Base Security Testing Framework

Posted by Deepanker Verma 0 comments




HCON is a security framework. This latest release is the portable penetration testing environment, capable of assisting in all tasks of any penetration testing or vulnerability assessments.


Key Features:- 


  • Categorized and comprehensive toolset
  • Contains hundreds of  tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Light on Hardware Resources
  • Portable - no need to install, can work from any USB storage device
  • Multi-Language support (feature in heavy development translators needed)
  • Works side-by-side with your normal web browser without any conflict issues
  • Works on both architectures x86 & x64 on windows XP, Vista, 7 (works with ubuntu linux using wine)
  • Netbook compatible - User interface is designed for using framework on small screen sizes
  • Free & Open source and always will be




Categories of Tools Included :-


  • Information gathering / Analysis 
  • Editors / Debuggers
  • Exploitation / Auditing
  • Anonymity
  • Passwords
  • Cryptography
  • Database
  • Scripting / Automation
  • Network Utilities
  • Reporting
Read more: http://www.hcon.in/hfox.html
Download here: http://www.hcon.in/downloads.html
Categories: ,

Introduction to ping sweep

Posted by Deepanker Verma Tuesday, January 24, 2012 0 comments

Before writing about Ping sweep, i would like to introduce Ping. Ping is a network based utility which is used to know if a host is alive or dead on the network. Suppose i want to check for hackingtricks.in
 if we get the response it means website is live. You can check for a system by its IP address or a website by its domain name. We can use this program to detect host like website, computer system, printer, network or any device.


Ping Sweep:Ping Sweep also known as ICMP sweep is a network scanning technique which is used to determine which of a range of IP addresses map to live hosts. As we have seen in Ping, which is used for single computer. This is used for a renge of IP address for various computers. ping sweep consists of ICMP (Internet Control Message Protocol) ECHO requests sent to multiple hosts. If a system (HOST) is live, it will reply with ICMP ECHO reply.
There are a various tools available that can be used to do a ping sweep, such as fping, gping, and nmap.
Download Fping here: http://fping.sourceforge.net/
Categories: , ,

Dreamhost server data breach, ftp passwords revealed

Posted by Deepanker Verma Sunday, January 22, 2012 0 comments

Dreamhost has confirmed that some hackers have got the login details of customres from the DreamHost server. Company has also started sending mails to all the customers regarding this hack. 
“Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users,” company wrote in the letter sent to customers.
According to the company, only FTP/SHell access passwords have been hacked but customers must change all passwords of the hosting account. Dreamhost provide 3 type of passwords to their customers, a web panel password, used for logging into the administration panel, email passwords, and FTP/shell access passwords. 
To change the password, please log into the web panel and go to Manage Users. Click edit next to the FTP/shell user on the right and you can change your password there.
Categories: ,

Mobius Forensic Toolkit 0.5.10

Posted by Deepanker Verma 0 comments



Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.


Download here:
http://download.savannah.gnu.org/releases/mobiusft/mobiusft-0.5.10.tar.gz
http://download.savannah.gnu.org/releases/mobiusft/mobiusft-0.5.10.zip


Read More: http://freecode.com/projects/mobiusft
Categories: ,

Zero-Day Vulnerability Found in McAfee’s SaaS Products

Posted by Deepanker Verma Wednesday, January 18, 2012 0 comments

Security researchers from ZDI (Zero Day Initiative) have found a critical vulnerability in McAfee's Security-as-a-Service (SaaS) products. McAfee has been notified about this vulnerability back in April 2011 but company has failed to provide any kind of patch.


An attacker can execute arbitrary code by exploiting the flaw, but only if he manages to convince the potential victim to visit a malicious page or open a specially crafted file. Unfortunately, from previous experience, we know that the task is not difficult to accomplish.


“The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser,” reads ZDI’s report.
SOURCE
Categories:

DEFT Linux 7 Computer Forensic Live Cd - Released

Posted by Deepanker Verma Tuesday, January 17, 2012 0 comments

Finally DEFT Linux 7 has arrived and is available to download. DEFT (Digital Evidence & Forensic Toolkit) is a customized distribution of the Lubuntu live Linux CD. This latest version has been tested on various platforms and machines to give best performance. This version 7 also adds more support to mobile forensics. It has also added several tools that allow you to analyze files and databases used in new generation smartphones (Android and iPhone). 


New features:

  • Based on Lubuntu 11.10
  • Installable Distro
  • Linux kernel 3.0.0-12, USB 3 ready
  • Libewf 20100226
  • Afflib 3.6.14
  • TSK 3.2.3
  • Autopsy 2.24
  • Digital Forensic Framework 1.2
  • PTK Forensic 1.0.5 DEFT edition
  • Maltego CE
  • KeepNote 0.7.6
  • Xplico 0.7.1
  • Scalpel 2
  • Hunchbackeed Foremost 0.6
  • Findwild 1.3
  • Bulk Extractor 1.1
  • Emule Forensic 1.0
  • Guymager 0.6.3-1
  • Dhash 2
  • Cyclone wizard acquire tool
  • SQLite Database Browser 2.0b1
  • BitPim 1.0.7
  • Bbwhatsapp database converter
  • Creepy 0.1.9
  • Hydra 7.1
  • Log2timeline 0.60
  • Wine 1.3.28 



Download Image
http://www.mirrordeft.net/listing/deft/deft7_rc1.iso
Categories: ,

Wireshark 1.6.5 released

Posted by Deepanker Verma Thursday, January 12, 2012 0 comments
The latest version of Wireshark is out now and Wireshark 1.6.5 is available for download. This new verison has fixed many known vulnerabilities of previous versions.

This version has not added any protocol but there is updated support for all existing protocols.

These are the main features of this tool:

  • Deep inspection of hundreds of protocols, with more being added all the time

  • Live capture and offline analysis

  • Standard three-pane packet browser

  • Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others

  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility

  • The most powerful display filters in the industry

  • Rich VoIP analysis

  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others

  • Capture files compressed with gzip can be decompressed on the fly

  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)

  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2

  • Coloring rules can be applied to the packet list for quick, intuitive analysis

  • Output can be exported to XML, PostScript®, CSV, or plain text




The following vulnerabilities have been fixed:

  •  Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats.

  •  Wireshark could dereference a NULL pointer and crash.

  •  The RLC dissector could overflow a buffer.


The following bugs have been fixed:

  •  "Closing File!" Dialog Hangs.

  •  Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it.

  •  Incorrect time differences displayed with time reference set.

  •  Wrong packet type association of SNMP trap after TFTP transfer.

  •  SSL/TLS decryption needs wireshark to be rebooted.

  •  Export HTTP Objects -> save all crashes Wireshark.

  •  Wireshark Netflow dissector complains there is no template found though the template is exported.

  •  DCERPC EPM tower UUID must be interpreted always as little endian.

  •  Crash if no recent files.

  •  IPv6 frame containing routing header with 0 segments left calculates wrong UDP checksum.

  •  IPv4 UDP/TCP Checksum incorrect if routing header present.

  •  Incorrect Parsing of SCPS Capabilities Option introduced in response to bug 6194.

  •  Various crashes after loading NetMon2.x capture file.

  •  Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is defined).

  •  SIGSEGV in SVN 40046.

  •  Wireshark dissects TCP option 25 as an "April 1" option.

  •  ZigBee ZCL Dissector reports invalid status.

  •  ICMPv6 DNSSL option malformed on padding.

  •  Wrong tvb_get_bits function call in packet-csn1.c.

  •  [UDP] - Length Field of Pseudo Header while computing CheckSum is not correct.

  •  pcapio.c: bug in libpcap_write_interface_description_block.

  •  Memory leaks in various dissectors.

  •  Bytes highlighted in wrong Byte pane when field selected in Details pane.


Categories:

Arachni v.0.4 Released - Open Source Web Application Security Scanner Framework

Posted by Deepanker Verma 0 comments
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

This version includes lots of goodies, including:

  • A new light-weight RPC implementation (No more XMLRPC)

  • High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans

  • Updated WebUI to provide access to HPG features and context-sensitive help

  • Accuracy improvements and bugfixes for the XSS, SQL Injection and Path Traversal modules

  • New report formats (JSON, Marshal, YAML)

  • Cygwin package for Windows


New plugins



  • ReScan — It uses the AFR report of a previous scan to extract the sitemap in order to avoid a redundant crawl.

  • BeepNotify — Beeps when the scan finishes.

  • LibNotify — Uses the libnotify library to send notifications for each discovered issue and a summary at the end of the scan.

  • EmailNotify — Sends a notification (and optionally a report) over SMTP at the end of the scan.

  • Manual verification — Flags issues that require manual verification as untrusted in order to reduce the signal-to-noise ratio.

  • Resolver — Resolves vulnerable hostnames to IP addresses.





Categories: , , ,

Sony Pictures website and facebook page hacked by Anonymous

Posted by Deepanker Verma Saturday, January 7, 2012 0 comments
A hacker names S3rver.exe who claims to be the part of Anonymous  has hacked the website of Sony Pictures and also managed to get the access over the facebook page of the Sony Pictures. Hackers also posted some videos to prove the success of operation.

Few days back Anonymous had announced to attack on Sony again to their support SOPA. They said in a statment,“Your support of the act is a signed death warrant to Sony Company and Associates. Therefore, yet again, we have decided to destroy your network. We will dismantle your phantom from the internet. Prepare to be extinguished. Justice will be swift, and it will be for the people, whether some like it or not."

The hackers said they obtained access to their entire database, the first video, which has been quickly removed, displayed a picture of a Sony Pictures Mobile dashboard.

Last year, Anonymous has hacked Sony manytimes and forced sony to shutdown the gaming network for several weeks.
Categories: , ,

Indian hackers get the source code of Norton Antivirus

Posted by Deepanker Verma Friday, January 6, 2012 0 comments
A group of Indian hackers claim to have the source code of Symantec's Norton Antivirus, the 2006 version. If the claim is true, cybercriminals can use this source code to develop the virus and malwars which can bypass Norton security check.

hackers also provide a part of the source code to the InfosecIsland. InfosecIsland gave the source code to the Symantec which confirms that the part of source code has been accessed. Cris Paden, Sr. Manager for Corporate Communications at Symantec replied to InfosecIsland,"Symantec can confirm that a segment of its source code has been accessed.  Symantec’s own network was not breached, but rather that of a third party entity."

"We are still gathering information on the details and are not in a position to provide specifics on the third party involved."

"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions.  Furthermore, there are no indications that customer information has been impacted or exposed at this time."

"However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information.  We will communicate that process once the steps have been finalized."

Though this code belongs to the older version of the antivirus so we can not say how it will help hackers to bypass Norton security checks. But it is still dangerous for the security company.
Categories: , ,

SQL Inject me - website hacking with firefox

Posted by Deepanker Verma Wednesday, January 4, 2012 0 comments
Firefox is a nice web browser and you can also improve its performance and usage with some available addons. If you love penetration testing or trying to hack a website, firefox can be a hacking tool for you.

SQL Injection is a well known vulnerability of websites which can be found in most of the website using database. The main reason for this vulnerability is that web developers always ignore some security measures. So hacking a website with SQL injection is usually easy in most of the websites.

SQL Inject Me is a firefox addon which turns firefox web browser into SQL injection testing tool. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.

The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.

Add to your firefox from here:

https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/?src=search
Categories: , ,

Nmap 5.61TEST4 released, added 51 New Scripts, Web Spidering Feature

Posted by Deepanker Verma 0 comments
NMAP has released the latest version on this new year which has many improved features with added scripts. This release is named as release 5.61TEST4. The version number may not sound that different than the previous 5.61TEST2, but it has made many big improvements in the last three months. Some of the improvements are listed below:



  • a spidering library and associated scripts for crawling websites.

  • 51 new NSE scripts, bringing the total to 297.

  • a substantial decrease in the size of the Mac OS X installer due to the removal of PPC support.

  • a new vulnerability management library which stores and reports found vulnerabilities.

  • Mac OS X packages are now x86-only (rather than universal), reducing the download size from 30 MB to about 17.


Categories: ,
Featured FREE Resource:
X




Security Tools

Loading...
Share
Get This

About Me

My Photo
Deepanker Verma
I am Deepanker Verma. A computer geek, Security researcher blogger and software developer. I have deep interest and Information security and web development and try to learn new things. you will see my blogs on hackingtricks, TechlomediaWebtips and Usethistip.

I was also honoured by Apple, Ebay, Symantec, PandaSecurity and various other computer software giants for my security work for their company. I also contribute on some opensource projects regularly.

I also own a web app called NoteDIP that allows users to send self-destructive messages with password protection.

You can add me to circles to get my daily tips :)

View my complete profile

Partners

Blog Archive

Copyright © Hacking Tricks. All rights reserved. Blogger template designed by BLog Bamz