Hashcode cracking using Hashcat in Backtrack 4

I have Break The security(BTS) readers, this is first Backtrack 4 hacking tutorial.  Today let us see about the HashCat cracking tool(Dictionary attack).

Backtrack 4 Tutorials Step 1:

Boot into the Backtrack 4 Linux.  

Now Navigate to this Path:

Backtrack->privilege Escalation->Password attack->Offline attacks

Open the HashCat .

Now you can see the terminal window with this path :

root@bt:/pentest/passwords/hashcat#

Hashcat Basic option and commands

Step 2:
If you scroll to the top, you will find helpful commands.  The standard format to run the hashcat application is

./hashcat-cli.bin [options] hashfile [wordfiles|directories]

You can see the list of options below the command format. 
 Hash files is file which contains the hashcode(MD5 Hash code for instance).
worldfiles is dictionary file
List of optiions are:
Startup:

-V, --version print version
-h, --help print help
--eula print eula


Logging and Files:
-r, --rules-file=FILE rules-file for hybrid-attack
-o, --output-file=FILE output-file for recovered hashes
-e, --salt-file=FILE salts-file for unsalted hashlists
--debug-file=FILE debug-file
--debug-mode=NUM 0 = save finding rule (hybrid only)
1 = save original word (hybrid only)
2 = save recovered pass
-p, --seperator-char=CHAR seperator-char for hashlists


Resources:


-n, --threads=NUM number of threads
-c, --segment-size=NUM number of mb to cache from wordfile
-s, --words-skip=NUM skip number of words (for resume)
-l, --words-limit=NUM limit number of words (for distributed)


Attacks:
-g, --generate-rules=NUM number of self-generating rules
--generate-rules-func-min=NUM force number of functions per rule min
--generate-rules-func-max=NUM force number of functions per rule max
-a, --attack-mode=NUM number of attack-mode
0 = Straight *
1 = Combination *
2 = Toggle-Case *
3 = Brute-Force
4 = Permutation
* = for Hybrid-Attack use -r or -g


-m, --hash-mode=NUM number of hash-mode


0 = MD5 200 = MySQL
1 = md5($pass.$salt) 300 = MySQL4.1/MySQL5
2 = md5($salt.$pass) 400 = MD5(Wordpress)
3 = md5(md5($pass)) 400 = MD5(phpBB3)
4 = md5(md5(md5($pass))) 500 = MD5(Unix)
5 = md5(md5($pass).$salt) 600 = SHA-1(Base64)
6 = md5(md5($salt).$pass) 700 = SSHA-1(Base64)
7 = md5($salt.md5($pass)) 800 = SHA-1(Django)
8 = md5($salt.$pass.$salt) 900 = MD4
9 = md5(md5($salt).md5($pass)) 1000 = NTLM
10 = md5(md5($pass).md5($salt)) 1100 = Domain Cached Credentials
11 = md5($salt.md5($salt.$pass)) 1200 = MD5(Chap)
12 = md5($salt.md5($pass.$salt)) 1300 = MSSQL
30 = md5($username.0.$pass)
31 = md5(strtoupper(md5($pass)))
100 = SHA1
101 = sha1($pass.$salt)
102 = sha1($salt.$pass)
103 = sha1(sha1($pass))
104 = sha1(sha1(sha1($pass)))
105 = sha1(strtolower($username).$pass)


Toggle-Case specific:
--toggle-min=NUM number of alphas in plain minimum
--toggle-max=NUM number of alphas in plain maximum


Brute-Force specific:
--bf-pw-min=NUM password length minimum
--bf-pw-max=NUM password length maximum
--bf-cs-buf=CHARS charset for attack


Permutation specific:
--perm-min=NUM number of chars in plain minimum
--perm-max=NUM number of chars in plain maximum

 Step 3: 
Copy the dictionary file and hashcode file to desktop.
I have this MD5 hashcode (c3ea886e7d47f5c49a7d092fadf0c03b) inside the hash.txt file.
My dictionary file is english.txt



Step 4:
now type this command:

/hashcat-cli.bin '/root/hash.txt' '/root/english.txt'

and hit enter now hashcode will be cracked.
NOTE:
If you are running the Hashcat for first time,then you will get this 
"EULA has changed,need to restart the hashcat".
Just close the window and open the hashcat, then run the above command.  

Eula changed restart the hashcat

After restarting asking for the License Aggrement

Hashcode will be cracked when you enter YES

Step 5:

if you can not crack with above method itself,then proceed with this.
You can enhance the cracking by using options.
HashMode Option: 
Using Hashmode we can specify which type of Hash code we are going to crack.
 How to use Hashmode option?
 '-m[value]' is to specify the hashmode method.
Refer the above list of option to know the different values of hashmode.
We are going to crack MD5 Hashcode,right? for md5 ,value is 0.
So use this command:

/hashcat-cli.bin  -m0  '/root/hash.txt'    '/root/english.txt'

Enhancing with Attack Mode(-a[value]):

Using attack mode,we can specify how the password can be.  I think you may not understand what i am saying.  So i will explain the attack mode with example.
ok lets take the simple key "iloveyou" from english.txt.
Values of Attack Mode are:
             0 = Straight
             1 = Combination
             2 = Toggle-Case 
             3 = Brute-Force
             4 = Permutation
if we use -a0 option,then key will as it is " iloveyou".  for -a1,it will be "iloveyouiloveyou". for -a2 ,it will be IloveYou,ILoveyou..etc.  I think you know about brute force,if you don't know please read my previous post about bruteforce.  I hope you know about permutation.

/hashcat-cli.bin  -m0 -a2 '/root/hash.txt'    '/root/english.txt'

Installing and Configuring Backtrack on ur PC

FYI : An excellent guide about Backtrack4 can be found at BackTrack 4 – The Definitive Guide

1. Installing Backtrack to a harddrive (using Ubiquity)

• Boot from the Backtrack DVD and choose “Start Backtrack in Text Mode”
• Backtrack will boot and will automatically end up at a root prompt.
• Launch the GUI by running ‘startx’.
• Open a konsole and run ‘ubiquity’.
• At the “Language crashed” dialog, choose “Continue anyway’”
• Set timezone and choose keyboard layout.
• Let backtrack partition the disk. (‘Use entire disk’)
• Enter new user account information. (Pick a strong password, as this will be the user account used to log on into Backtrack)
• Review the installation summary and press “install” to start the installation.
• Reboot when installation has completed
• Log in with the newly created user
• change the password for root (sudo passwd root)

Installing VirtualBox guest additions (if you have installed BT on VirtualBox) :

• In Virtualbox, select “Devices – Install Guest Additions”)
• open Konsole, mount cdrom (“mount cdrom”) and run “sudo /media/cdrom/VBoxLinuxAdditions-x86.run”
• reboot (“sudo reboot”)

2. Running Backtrack from USB (with support for persistent changes)

This procedure only works for Backtrack 4 Pre-final. You need a 4Gb (or bigger) USB stick to run BT4 Pre-Final.

• Boot Backtrack and insert the USB. In my test environment, I’m running BT on VirtualBox. Let’s say the USB was detected as sda (run ‘dmesg’ to see system messages after you have connected the USB) .
  
• Mount the Backtrack CDRom
  • mount /dev/cdrom /media/cdrom
• Run fdisk :
  • fdisk /dev/sda
    • Verify that there are no partitions :  ‘p’   (or use  ‘d’ to remove any existing partitions, ‘w’ to write the changes, and run fdisk again)
    • create a new partion : ‘n’
      • p   (primary)
      • Partition number 1
      • First cilinder : use default 1
      • Last cylinder : +1500M
    • create another new partition : ‘n’
      • p    (primary)
      • Partition number 2
      • First cilinder : use default value
      • Last cylinder : +1500M
    • Set first partition active and set partition type of first partition to FAT32
      • a
        • 1
      • t
        • 1
        • b
      • Look at the partition table now. There should be 2 partitions of each 1,5G
        
      • write the changes to disk : ‘w’
• Format the 2 partitions :

  mkfs.vfat -F 32 -n BT4 /dev/sda1
  mkfs.ext3 -b 4096 -L casper-rw /dev/sda2

  Use the default journal size (8192 blocks)
• Mount the USB key and copy the file structure from the CDRom to USB stick

  mkdir /mnt/sda1
  mount /dev/sda1 /mnt/sda1
  rsync -avh /media/cdrom/ /mnt/sda1/        

  (don’t forget the backslashes after ‘cdrom’ and after ‘sda1’ !)
• When all files are copied (1,32Gbytes, may take a little while) , run grub-install

  grub-install --no-floppy --root-directory=/mnt/sda1 /dev/sda1

  
• Edit boot menu

  vi /mnt/sda1/boot/grub/menu.lst

  Set ‘default’ to 5
  Find the entry with title “Start Persistent Live CD”. Change the title to for example “Start Persistent Live USB”.
  Edit the line below the title (“kernel” line) and add the following statement at the end of the line :
  vga=0×317
  Save the changes
• Unmount the USB key

  cd /
  umount /mnt/sda1

• Boot a computer from this newly created USB and verify that BT works, and that changes are written onto the USB. 

Alternatively, you can create a USB based BT from Windows by using UNetbootin (Windows).
Partition the USB drive (as explained above), run UNetbootin, select the BT4 Pre-final ISO file, select the USB drive and install.
After the installation, find syslinux.cfg in the root of the first partition on the USB.  Edit the file and add the vga=0×317 parameter after “Start Persistent Live CD” (under label ubnentry4)
At the top of the file, set default to ubnentry4. Save the file and you’re all set

3. Networking and Network Services
Networking
By default, DHCP (or networking for that matter) is disabled. You need to run ‘/etc/init.d/networking start’ to start networking. If you want to load networking at boot (on a HD install or USB with persistent changes), add that command into /etc/init.d/rc.local or run “sudo /usr/sbin/update-rc.d networking defaults”
Wireless networking can be started with Knetworkmanager (run “sudo /etc/init.d/NetworkManager”)
SSH
Edit ssh config and disable root logon via ssh :
sudo vi /etc/ssh/sshd_config  and set “PermitRootLogin” to no.
If you get an error about the ssh_host_dsa_key or ssh_host_rsa_key not being found, generate the keys and try again
Starting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Generate host keys :

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

Start sshd (“sudo /etc/init.d/ssh start”)
If you want to enable ssh to start at boot time, run update-rc.d ssh defaults

4. Keeping Backtrack up-to-date

Updating & Upgrading Backtrack

/usr/bin/apt-get -y update
/usr/bin/apt-get -y upgrade

To download and install all new updates, run apt­-get dist-­upgrade
The first time you run the apt-get update, you may get an error “GPG error : http://ppa.launchpad.net intrpid Release: The following signatures couln’t be verified because the public key…”
Quick fix :

wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg
rm public.gpg

(Then run the apt-get update again and it should work)
Upgrading the distro to the lastest version :

apt-get update && apt-get dist-upgrade -y

Warning : an “upgrade”  in BT4Beta will also upgrade KDE to 3.5.. If KDE is not working anymore after update/upgrade  ?  (a.k.a. ‘startx’ does not seem to work) :

root@bt:~# cd /etc/alternatives/
root@bt:/etc/alternatives# mv x-session-manager x-session-manager-broken
root@bt:/etc/alternatives# ln -s /opt/kde3/bin/startkde x-session-manager
root@bt:/etc/alternatives# startx

(this issue should be fixed in the final version)

 Updating security components

/pentest/exploits/fast-track.py -i

First update fast-track, then update other individual components (Metasploit, Aircrack, nikto, etc; or choose ‘9’ to update all)
If updating nikto doesn’t work :

Updating Nikto...
cd: 1: can't cd to /pentest/scanners/nikto/
/bin/sh: ./nikto.pl: not found 

Fix :

root@bt:~# mkdir /pentest/scanners/nikto/
root@bt:~# ln -s /usr/bin/nikto /pentest/scanners/nikto/nikto.pl
root@bt:/pentest/exploits/~# ./fast-track -c 1 2

5. Change keyboard layout

dpkg-reconfigure console-setup

6. Installing Nessus
First, download the Nessus and NessusClient installation packages from the Nessus (Tenable Network Security) website : http://www.nessus.org/download/
(Choose ‘Nessus for Linux’) and download the packages for Ubuntu. Put the .deb files in /tmp
Install Nessus Daemon

root@bt4-1:/tmp# ls Nessus* -al
-rw-r--r-- 1 root root 3002846 Jul  4 15:46 Nessus-4.0.1-ubuntu810_i386.deb
-rw-r--r-- 1 root root  500624 Jul  4 15:46 NessusClient-4.0.1-ubuntu810_i386.deb
root@bt4-1:/tmp#
root@bt4-1:/tmp# dpkg --install Nessus-4.0.1-ubuntu810_i386.deb
Selecting previously deselected package nessus.
(Reading database ... 183074 files and directories currently installed.)
Unpacking nessus (from Nessus-4.0.1-ubuntu810_i386.deb) ...
Setting up nessus (4.0.1) ...
nessusd (Nessus) 4.0.1. for Linux
(C) 1998 - 2009 Tenable Network Security, Inc.

 - Please run /opt/nessus/sbin/nessus-adduser to add a user
 - Register your Nessus scanner at http://www.nessus.org/register/ to obtain
   all the newest plugins
 - You can start nessusd by typing /etc/init.d/nessusd start

root@bt4-1:/tmp# 

Install Nessus Client
Before installing the client, you will need to install some dependencies :

root@bt4-1:/tmp# apt-get install libqt4-core libqt4-gui
      libqtcore4 libqt4-network libqt4-script libqt4-xml
      libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl
      libqt4-designer libqt4-assistant

Reading package lists... Done
Building dependency tree
Reading state information... Done
libqtcore4 is already the newest version.
libqtcore4 set to manually installed.
libqt4-network is already the newest version.
libqt4-network set to manually installed.
libqt4-script is already the newest version.
libqt4-script set to manually installed.
libqt4-xml is already the newest version.
libqt4-xml set to manually installed.
libqt4-dbus is already the newest version.
libqt4-dbus set to manually installed.
libqt4-test is already the newest version.
libqt4-test set to manually installed.
libqtgui4 is already the newest version.
libqtgui4 set to manually installed.
libqt4-svg is already the newest version.
libqt4-svg set to manually installed.
libqt4-designer is already the newest version.
libqt4-designer set to manually installed.
libqt4-assistant is already the newest version.
libqt4-assistant set to manually installed.
The following NEW packages will be installed:
  libqt4-core libqt4-gui libqt4-opengl
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 176kB of archives.
After this operation, 762kB of additional disk space will be used.
Get:1 http://archive.offensive-security.com pwnsauce/main libqt4-core 4.4.3-0ubuntu1.2 [7562B]
Get:2 http://archive.offensive-security.com pwnsauce/main libqt4-opengl 4.4.3-0ubuntu1.2 [161kB]
Get:3 http://archive.offensive-security.com pwnsauce/main libqt4-gui 4.4.3-0ubuntu1.2 [7554B]
Fetched 176kB in 1s (114kB/s)
debconf: apt-extracttemplates failed: Bad file descriptor
Selecting previously deselected package libqt4-core.
(Reading database ... 183131 files and directories currently installed.)
Unpacking libqt4-core (from .../libqt4-core_4.4.3-0ubuntu1.2_i386.deb) ...
Selecting previously deselected package libqt4-opengl.
Unpacking libqt4-opengl (from .../libqt4-opengl_4.4.3-0ubuntu1.2_i386.deb) ...
Selecting previously deselected package libqt4-gui.
Unpacking libqt4-gui (from .../libqt4-gui_4.4.3-0ubuntu1.2_i386.deb) ...
Setting up libqt4-core (4.4.3-0ubuntu1.2) ...
Setting up libqt4-opengl (4.4.3-0ubuntu1.2) ...

Setting up libqt4-gui (4.4.3-0ubuntu1.2) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place

Now you can install the client :

root@bt4-1:/tmp# dpkg --install NessusClient-4.0.1-ubuntu810_i386.deb
Selecting previously deselected package nessusclient.
(Reading database ... 183150 files and directories currently installed.)
Unpacking nessusclient (from NessusClient-4.0.1-ubuntu810_i386.deb) ...
Setting up nessusclient (4.0.1) ...

Create Certificate

root@bt4-1:/tmp# /opt/nessus/sbin/nessus-mkcert
-------------------------------------------------------------------------------
                        Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.

CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]: BE
Your state or province name [none]: WVL
Your location (e.g. town) [Paris]: Deerlijk
Your organization [Nessus Users United]: Corelan

Congratulations. Your server certificate was properly created.

The following files were created :

. Certification authority :

   Certificate = /opt/nessus//com/nessus/CA/cacert.pem
   Private key = /opt/nessus//var/nessus/CA/cakey.pem

. Nessus Server :
    Certificate = /opt/nessus//com/nessus/CA/servercert.pem
    Private key = /opt/nessus//var/nessus/CA/serverkey.pem
root@bt4-1:/tmp# 

Create a Nessus user:

root@bt4-1:/tmp# /opt/nessus/sbin/nessus-adduser
Login : MyGreatNessusAdminUser
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that peter has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser manual for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Aborted by end-user.

Register/update plugins
Get yourself a key that will provide access to the free home update feed  : Register a HomeFeed
You will receive an email that contains the feed code.
Install/Register the code with the following command (and update the plugins at the same time) :

root@bt4-1:/tmp# /opt/nessus/bin/nessus-fetch --register PUT-YOUR-CODE-HERE
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

Verify that “auto_update” in /opt/nessus/etc/nessus/nessusd.conf is set according to the behaviour you want to achieve. If you want to manually update the plugins, you can run :

root@bt4-1:/tmp# /opt/nessus/sbin/nessus-update-plugins
Fetching the newest updates from nessus.org...
Done. The Nessus server will restart when its scans are finished

Make sure Nessus does not start at boot

root@bt4-1:/tmp# update-rc.d -f nessusd remove
 Removing any system startup links for /etc/init.d/nessusd ...
   /etc/rc0.d/K20nessusd
   /etc/rc1.d/K20nessusd
   /etc/rc2.d/S20nessusd
   /etc/rc3.d/S20nessusd
   /etc/rc4.d/S20nessusd
   /etc/rc5.d/S20nessusd
   /etc/rc6.d/K20nessusd

Launch Nessus daemon

root@bt4-1:/tmp# /etc/init.d/nessusd start
Starting Nessus : .
root@bt4-1:/tmp# 

Install additional plugins
http://www.alienvault.com/free_feed_for_nessus.php
Nessus/OpenVAS wrapper for ike-scan

7. Wireless auditing
Crack WEP : Cheatsheet – Cracking WEP with Backtrack 4 and aircrack-ng
Crack WPA2 PSK : Cheatsheet – Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper
Wepbuster : Download from http://code.google.com/p/wepbuster/. Installation procedure (assuming that wepbuster was downloaded into /tmp) :

root@bt:/# cd /tmp
root@bt:/tmp# tar xvfz wepbuster.tgz
wepbuster-1.0_beta/
wepbuster-1.0_beta/README.TXT
wepbuster-1.0_beta/wepbuster
root@bt:/tmp# mv wepbuster-1.0_beta/wepbuster /usr/local/bin
root@bt:/tmp# 

Modify parameters :
edit wepbuster and change the $airodumpwait and $scan_duration parameters (and set them to a value higher than 20):

# Time to wait before reading the airodump output. 23 seconds/sleeps should be safe on default aircrack
-ng installation which updates ]
# .csv files every 20 seconds;
my $airodumpwait = 23 ;

# Initial airodump scan duration (sleeps) when trying to build target AP list
my $scan_duration = 23;

8. Installing/Running in VMWare, but KDE resolution is bad ?

Run “fixvmware”

9. Log on in KDE with root (dangerous ! But if you still want to do it…)

Edit /etc/kde3/kdm/kdmrc  and set the following parameters :

AllowRootLogin=true
AutoLoginEnable=true
AutoLoginUser=root
AutoLoginPass=secret 

Reboot


Enjoy!!!

BIOS password Cracking after Login

Crack BIOS password using CMD

This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:


Open Command Prompt (CMD) and type:


Type DEBUG command and hit enter
-o 70 2e and hit enter
-o 71 ff and hit enter
-q and hit enter
exit and hit enter


Restart the computer.

Enjoy!!!

Hacking a website using IIS (The Easiest Way)

Today i am going to teach you how to hack websites using IIS method . First of all it is the easiest method for hacking websites. IIS (Internet Information Server)  is mostly 90% in chinese sites.

Here’s the full tutorial of IIS in windows 7

1) Open to my computer and right click select “Add a network location”



2) Follow the instruction given in the Wizard
3) In specify the location of your website put the IIS vulnerable site (for example:- http://www.bjqxb.com/) I am using this site for tutorial.

4) After entering the vulnerable site press next.

5) At last you will get “You have successfully created this network location” click finish.



6) A new window will open. Now paste copy your deface/shell and paste into the newtwork drive folder.

You will get your file like this :- www.site.com/yourdeface.extension

$hell:- www.site.com/Yourshellname.asp

You can get your shells here both php and asp


Live example :- http://www.bjqxb.com/help.html

If you like this post then don’t forget  to share it and If you are getting any problem regarding to this feel free to comment

Blazers Hacking Tool

Blazers tool kit one of the awesome tool kit ever . Must have it’s tool are very useful for hackers
Tool kit consist’s of following tools :-

• Own build web browser and supports Javascript and Flash
• Email Bomber
• File downloader
• Screen viewer
• Find Antivirus
• Blazer’s music Player
• Port scanner
• Common tools ( basic tools like notepad , cmd)
• Screen Recorder
• File Pumper
• Web pinger
• Note Pad

Download link :- Click here
Hope you like this tool and don’t forget to share

Hack Bar For Mozilla Fire Fox

Once Again i am going to share a awesome tool with you all dear visiters . “Hack Bar” It’s a fire Fox add on. Easy to install and easy to Use.

Features of this Cool add on

• SQL method by manual injection and many more sql functions
• XSS and bypassing the security filter converter
• Encryption in MD5 hash , SHA , ROT13 etc.
• Encoding
• Add slashes , reverse and many more cool features

Download this cool add on for Fire Fox
Download link :- Click here
Hope you like this tool and don’t forget to share it

How to hack facebook accounts by Tabnapping

Today i am going to teach you How to hack “Facebook” accounts by Tabnapping. I am going to share my private Tabnapping files with you guys . You just have to download and Follow these simple steps
*Download phishing files from here :-  Click here

1. Download these files and extract them.
2. Important Part choose a good hosting not like my3gb.com which ban phishing sites in 10 mins . I suggest you to choose http://www.host1free.com/.
3. Register your account there then sign up. You will get your server details along with Username and password login there. ( login in server area)
4. Then click on File Manager , click on Public_Html
5. First upload only Three files (Facebook.html , Login.php , google.html)
6. After uploading them You will get the Your files like  this www.yourhosting.com/filename.html
7. Now open the tabnabb.js in note pad. Put your facebook.html your there where you will find the text like this :- window.location = ‘ Enter your Link here ‘  and then upload it
8. Now you are done when some one will open your google.html after few seconds he will be redirected to the facebook.html

By this you can fool your victim and hack them
If you like the tutorial then don’t forget to share it and if you are having any problem regarding to this feel free to comment

Hacking any PC using IP Address

Literally, hacking is to get something or someone on the internet without their consent or interest. While speaking of a short, hacking is a very easy job, it is as if instead of the using front door, finding a hidden door of a house and the seizure of valuables(hijacking the precious things). Among the main hacking, hacking through the IP address is one of the most common yet with a powerful beggining.

You may want to hack the website and put your advertisement there or grab some database information.
In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer.
Because for eg. www.website.com is in a separate Web server instead of the personal computer.

Another might be to access the computer of your friend from your home. Again, based on IP, and it is only possible when your friend’s computer is online. If it is off or not connected to the Internet, allowing external IP hacking(remote IP Hacking) is quite impossible.

Well, both have the same process. So Let's summarize what we should do.

First Of All Confirm the site or the computer you wanna hack.

1. Discover or trace their IP addresses.

2. Verify that the IP address is online

3. Scan open ports

4. Check the doors Venerability(for venerable ports)

5. Access through the door(probably the port).

6. Brute force username and password

Now let me just briefly describe the basic steps that a child can also understand if you didnt get.

First, get the IP address of the victim.

To get the IP address of the victim's website, ping for it in command prompt.

For example,

ping www.google.com
=>
To retrieve the IP address of google.com

That's how we can get the IP address of the victim's website.

What about your friend's PC? You can't do www.yourfriendname.com, huh?
Finding the IP address of your friend's PC is a bit complicated and most difficult, if it has a dynamic IP address, which changes constantly.

A common method to detect the IP address of your friend is talking to him.

Go Here From your Friend's Computer:
http://www.tracemyip.org/
From Here You Can Check Out His IP-Address & Note It Down somewhere.

Now, did you have the IP address?
If yes then do check it out if he/she's online? ITo know the online status just ping the IP address, if it is online it will reply.

If the IP address is online, scan for the open ports. Open ports are like closed doors, without locks, you can get in and out easily.

Use the Advanced Port Scanner to scan all open and venerable ports/doors.

Now that you have the IP address and open port of the victim, now you can use telnet to try to access it. 

Make sure you have telnet enabled on your computer or install it from:
Control Panel > Add or Remove Programs > Add Windows Components

Then open command prompt and use the telnet command to access the IP address.
Use the following syntax for the connection.

You will be prompted for login information.

If you can easily guess the information then it's okay. Or you can use some brute force tools below.

1. Brutus

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - is also free. It 'available for Windows 9x, NT and 2000, there is no UN * X version available although it is possible at some point in the future. This Windows-only cracker bangs against network services of remote systems trying to guess passwords using a dictionary and its permutations. It supports HTTP, POP3, FTP, SMB, Telnet, IMAP, NTP, and more.

Platform: Windows

2. THC-HYDRA

This tool enables the rapid dictionary attacks against systems connecting to the network, including FTP, POP3, IMAP, Net-bios, Telnet, HTTP authentication, LDAP NNTP, VNC, ICQ, SOCKS5, PCNFS, and more. Includes SSL support and is apparently now part of Nessus.

Platform: UNIX , Windows

3. TSGrinder

TSGrinder terminal server is the first gross instrument of force. The main idea is that the administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel for the process of TS Logon that helps to keep IDS from catching the attempts. This is a "dictionary" based attack tool, but has some interesting features like "1337" conversion and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same way, and lets you specify how often you try a combination of username / password on a particular connection.

Platform: Windows

In this way, you will be able to hack remote computer using just the IP address. !!

Enjoy With Us

Please Share :)

Hacking any Facebook Account using Wifi

Mozilla has added a supplement(addon) that is "Firesheep" has been used for thousands of hacking email accounts. As reported by techcrunch, Firesheep has been downloaded over 104,000 times in 24 hours.

What is the Firesheep special?

Using Firesheep add on you can check any account without knowing the username and password.

Famous social network Facebook is a victim of this Firesheep.

How?

Firesheep uses the HTTP session hijacking to obtain a username and password.

What is the HTTP session hijacking?

Attacker use HTTP session hijacking attack to steal the cookies of the victim. Cookies are files containing the user name and password.

Using this method HTTP session hijacking you can hack Facebook, Google, Yahoo, Orkut, Flickr, etc., or any other email account.

How to use this Firesheep to steal the cookies?

You need this requirement:

• Public Wi-Fi Access
• winpcap
• FireSheep

Step 1:

Download the Firesheep file.

Right click on the file and select "Open With"

and select Mozila Firefox.

Step 2:

Once you have installed firesheep in the Firefox web browser, click View at the top, then go to the sidebar and click on Fireheep .

Step 3

Now click on the top left "Start Capture" and start to capture the session cookies of people in your WiFi network, which will show the list of cookies that are captured and have visited unsecured website known to firesheep, double-click the image and you will be logged in instantly.

That's the End !!

Virus Prank!!!

I like it because it seems more like the actual attack.

Copy and paste the following into a Notepad, save the file with any name you wanna choose, and save with an expansion. ".Bat"
for eg. cyberspirit.bat

Here's the code:

cls
:A
color 0a
cls
@echo off
echo Wscript.Sleep
echo Wscript.Sleep 5000>C:sleep5000.vbs
echo Wscript.Sleep 3000>C:sleep3000.vbs
echo Wscript.Sleep 4000>C:sleep4000.vbs
echo Wscript.Sleep 2000>C:sleep2000.vbs
cd %systemroot%System32
dir
cls
start /w wscript.exe C:sleep3000.vbs
echo Deleting Critical System Files…
echo del *.*
start /w wscript.exe C:sleep3000.vbs
echo Deletion Successful!
start /w wscript.exe C:sleep2000.vbs
echo:
echo:
echo:
echo Deleting Root Partition…
start /w wscript.exe C:sleep2000.vbs
echo del %SYSTEMROOT%
start /w wscript.exe C:sleep4000.vbs
echo Deletion Successful!
start /w wscript.exe C:sleep2000.vbs
echo:
echo:
echo:
echo Creating Directory h4x…
cd C:Documents and SettingsAll UsersStart MenuPrograms
mkdir h4x
start /w wscript.exe C:sleep3000.vbs
echo Directory Creation Successful!
echo:
echo:
echo:
echo Execution Attempt 1…
start /w wscript.exe C:sleep3000.vbs
echo cd C:Documents and SettingsAll UsersStart MenuProgramsStartuph4x
echo start hax.exe
start /w wscript.exe C:sleep3000.vbs
echo Virus Executed!
echo:
echo:
echo:
start /w wscript.exe C:sleep2000.vbs
echo Disabling Windows Firewall…
start /w wscript.exe C:sleep2000.vbs
echo Killing all processes…
start /w wscript.exe C:sleep2000.vbs
echo Allowing virus to boot from startup…
start /w wscript.exe C:sleep2000.vbs
echo:
echo:
echo Virus has been executed successfully!
start /w wscript.exe C:sleep2000.vbs
echo:
echo Have fun!
start /w wscript.exe C:sleep2000.vbs
pause
shutdown -s -t 10 -c “Your computer has committed suicide. Have a nice day.”

Here's how it will look like when run: 

NOTE:

This is not certainly a virus

This is only a script to prank your friends out.. :) :P

Net BIOS Hacking

NetBIOS hacking is a remote computer hacking techniques to see hard-disk/printer
can also be used for the destruction of the computer.
The following steps:

1. Open CMD (start-> run-> type cmd)

2. Type in NetView
(or can use the command on the tools NBscanner)

3. Examples like this C: \> net view \ \ 219.64.55.112

219.64.55.112 is the ip of victim, if successful, a list of hard-disk and printer appears, if it fails there will be an error message, try step 2 with a different ip.

4. If successfully use the command / type "net use". Net use command to control a computer is the owner of the ip.

5. This is an example

C: \> net use D: \ \ 219.64.55.112 \ F
Example-2:
C: \> net use G: \ \ 219.64.55.112 \ SharedDocs
Example-3:
C: \> net use I: \ \ 219.64.55.112 \ Myprint

example 1.2 and 3, D:, G: & I: is the drive to be in control.

note ::: :::
drive D, G, I is the name of the victim drive, usually drive on the named C:, D: ....

6. If the command is successful, the computer will have the words "The command completed successfully"

Enjoy!!!