DzireZOne: ID hack

Showing posts with label ID hack. Show all posts

Monday, January 13, 2014

6 Most Common Password Cracking Methods And Their Countermeasures

There are number of methods out their used by hackers to hack your account or get your personal information. Today in this post i will share with you guys 6 Most commonly used method to crack password and their countermeasures. You must check out this article to be safe and to prevent your online accounts from hacking.
1. Brute Force Attack

Any password can be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until the right password is match. Brute-force attacks can take very long time depending upon the complexity of the password. The cracking time is determined by the speed of computer and complexity of the password.

Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.
Example: Passwords like "iloveu" or "password" can be cracked easily whereas computer will take years to crack passwords like "aN34lL00"

2. Social Engineering

Social engineering is process of manipulating someone to trust you and get information from them. For example, if the hacker was trying to get the password of a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometime hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someone password, to get bank credentials or any personal information.

Countermeasure: If someone tries to get your personal or bank details ask them few questions. Make sure the person calling you is legit. Never ever give your credit card details on phone.

3. Rats And Keyloggers

In keylogging or RATing the hacker sends keylogger or rat to the victim. This allows hacker to monitor every thing victim do on his computer. Every keystroke is logged including passwords. Moreever hacker can even control the victims computer.

Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. Check out below article to know more about Rats and Keyloggers.

4. Phishing

Phishing is the most easiest and popular hacking method used by hackers to get someone account details. In Phishing attack hacker send fake page of real website like facebook, gmail to victim. When someone login through that fake page his details is send to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.

Countermeasure: Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of facebook might look like facbbook.com (As you can see There are two "b"). Always make sure that websites url is correct. Check out below article to know more about phishing.

5. Rainbow Table

A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 and is transformed into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases is md5. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords.

Example: ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592 and zero length string ("") is d41d8cd98f00b204e9800998ecf8427e

Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources

6. Guessing

This seems silly but this can easily help you to get someones password within seconds. If hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire your password.

Countermeasure: Don't use your name, surname, phone number or birthdate as your password. Try to avoid creating password that relates to you. Create complex and long password with combination of letters and numbers.

Tags:- #Passwordcrack,#Password,#Crack,#BruteForceAttack,#Phishing,#md5

Saturday, January 11, 2014

7 Most Important Addons for Hackers & Pentesters

Hello friends, after a short break m back with an interesting post. well guys check my previous post on Bots both good and evil, but actually all challenges, practice, & Hacking requires tools, so there is Addons as in the form of tools. There are many types of Addons & there is also many Hacking, Pentesting ad-dons specially for Security researchers. So today i created this Post to give you little info about important addons for hackers & pentesters.

# 7 Most Important Addons for Hackers & Pentesters :

*First of all always use Mozilla Firefox for Web App Pentesting & to use all these addons.

[1] Tamper Data

Tamper Data is one of the most useful Addons for Pentesters it is used to view and modify HTTP/HTTPS headers and post parameters.Trace and time HTTP response or requests. Security test web applications by modifying POST parameters and Much More.

Download & Install →

[2] Hack Bar

Hack Bar is one of the Best & Most wanted Simple security audit / Penetration test tool. Very Strongly Recommended you to Install & very useful. Useful in XSS, SQL Encoding/Decoding - MD5, SH1, Base64, Hexing, Splitting etc.

Download & Install →

[3] Live HTTP Headers

Live HTTP Headers is little bit same as Tamper Data but with great difference and art of working & Viewing HTTP headers of a page while browsing. It most comes use to Inject XSS Payloads & get many information of website plugins,CSS,Javascript & HTML content.

Download & Install →

[4] User Agent Switcher

The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It can help you changing the User Agent to IE, Search Robots, I-Phone (I-OS), or you can also create your own User Agent.

Download & Install →

[5] Cookie Manager+

Cookies manager to view, edit and create, Inject Cookies etc. It also shows extra information about cookies, allows edit multiple cookies at once & backup/restore.

Download & Install →

[6] HTTP-Fox

HttpFox monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers. It aims to bring the functionality known from tools like Http Watch or IE Inspector to the Firefox browser.

Information available per request includes:
- Request and response headers
- Sent and received cookies
- Querystring parameters
- POST parameters
- Response body

Download & Install →

[7] Passive Recon

PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information. Most Wanted Information Gathering Tool.

Download & Install →

[0] XSS Me

This one is Just from my side ;). isn't recommended but you must have - XSS Me : Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.

Download & Install →

Thank you friends for reading my Post, actually many users are still aware of Addons & there uses, so i just posted to share knowledge - If you have any type of problem o question please comment & Let me know. and please share it.

Tuesday, July 10, 2012

How to Hack Facebook Account by friends adding technique

How to Hack Facebook Passwords by adding into friends list

These days many Facebook users have hundreds and possibly thousands of friends. More friends increase the chance that your Facebook account will be hacked – especially if you accept friend requests from people you do not know.

It isn’t entirely unusual that Facebook users receive friend requests from people they do not know. Often, those friend requests are blindly accepted in an effort to grow the friendship base. It seems that especially people with Facebook accounts that are primarily used for marketing purposes are more likely to accept friend requests from people they do not know than the typical Facebook user does.

Such accounts could be hacked easily, and there is no ingenious hacking talent required to do so: You simply need to walk through Facebook’s passwork recovery process with two other Facebook friends of a targeted account.

You can easily gain access to a your friends Facebook account through a collusion approach. You have to use Facebook’s password recovery feature, which is accessible through the “Forgot your password?” link on the Facebook login page.

Once identified the Friend, Facebook suggested to recover the password via the existing email address. However, you can bypass this hurdle by clicking the “No longer have access to these?” link. In that case, Facebook asks for a new email address. In the following step, Facebook presents the security question tied to the account. However, you can also to bypass the question by typing wrong answers three times in a row. After that, Facebook provides a rather surprising way to get your account back – via the support of three friends.

1. First, you select three friends “you trust”. These three friends then receive a code, which is required to change the account password.

2. Select yourself and immediately received a code from Facebook. With those three codes, you can easily change the password for the targeted account.

3. The problem clearly is that three friends you do not really know and cannot trust could potentially gain access to the victim Facebook account – through the standard password recovery feature.

4. To bypass problem mentioned in step 3 .social engineering Create your own 2 more fake profiles and add the victim as a friend on facebook. Now get all the 3 codes and you are done.

NOTE: The targeted account will be locked for 24 hours after this password change and the user’s old email address receives a notification of the password change as well as the names of the three friends who were given the codes. However, if these are friends with fake names, it doesn’t quite matter that you now know their names.

Now if a Facebook user could in fact be in a situation when a Facebook account is not checked within a 24-hour period, particularly since we enjoy to flaunt our activities through Facebook status messages. And if the account is checked frequently, the account depends on Facebook’s response time, which can easily stretch to a number of days.

Facebook Message Hack || Send fake messages to ur friends

hey Friends ...Rex is back with a facebook message hack trick which is Damm Simple .
Today i will Show you how to Missuse facebook's email Service by Email Spoofing!!!

Follow The Steps:

Requirement:Facebook id like abc@facebook.com to know someone facebook email just goto their profile & click info and get it from there.

Now Goto website :http://emkei.cz/

Send Fake Facebook Message Now:

Now fill the desired options:
to : abc@facebook.com (receiver fb mail) [Victim]
from : xyz@gmail.com (sender id) [your friend]
subject: this will appear bold
message : what ever message u want to send as a fake message
Now Send the message.

Your friend can only be pranked if he has @facebook mail id..!!!

Keep Visiting :)

Monday, July 2, 2012

ARDAMAX KEYLOGGER V3.8.9 LATEST [FULL] [FREE] [CRACK] [SERIAL KEY]

Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited.

This invisible spy application is designed for 2000, XP, 2003, Vista and Windows 7.

Keylogger Features:

* Email log delivery - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring!

* FTP delivery - Ardamax Keylogger can upload recorded logs through FTP delivery.

* Network delivery - sends recorded logs through via LAN.

* Clipboard logging - capture all text copied to the Windows Clipboard.

* Invisible mode makes it absolutely invisible to anyone. Ardamax Keylogger is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list.

* Visual surveillance - periodically makes screenshots and stores the compressed images to log.

* Chat monitoring - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats:

o AIM

o Windows Live Messenger 2011

o ICQ 7

o Skype 4

o Yahoo Messenger 10

o Google Talk

o Miranda

o QiP 2010

* Security - allows you to protect program settings, Hidden Mode and Log file.

* Application monitoring - keylogger will record the application that was in use that received the keystroke!

* Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke!

* Powerful Log Viewer - you can view and save the log as a HTML page or plain text with keylogger Log Viewer.

* Small size – Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher.

* Ardamax Keylogger fully supports Unicode characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets.

* It records every keystroke. Captures passwords and all other invisible text.

Other Features:

* Windows 2000/2003/XP/Vista/Windows 7 support

* Monitors multi-user machines

* Automatic startup

* Friendly interface

* Easy to install

Enjoy;)

Download: This file is full Ardamax (Latest) Keylogger with no activation needed, downloaded from their official site. Just Downlaod and ENJOY ;)

ARDAMAX 3.8.9 ::: HERE (without remote package)

SERIAL KEY :
==========
DOWNLOAD SERIAL KEY

HOW TO HACK GMAIL ACCOUNT USING PHISHING.

First I have shown you people how to set up Facebook Phishing site , In this Tutorial I will show you how to set up Gmail Phishing site, step by step with pictures.

Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)

Step 2: Now Goto your email account that you gave and confirm your account with confirmation link

Step 3: Now Download this FILE (http://adf.ly/AGrYe ) .

Step 4: Now Goto http://members.000webhost.com/ and Log into your account.

Step 5: Now when you are logged into your account click on the Go to Cpanel in front of your domain that you had registered, and then Go to File Manager under Files and log into it.

Step 6: Now Click on the Public_html.

Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.

Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.

NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:

http://www.yoursitesadress.p4o.net/lol.html

If I am not clear in any point Please ask me in comments below.

THE DOWNLOAD LINK TO Gmail-phishing-site.zip is http://adf.ly/AGrYe

HACK FACEBOOK BY MAKING FACEBOOK PHISHING SITE TUTORIAL.

In my previous article I taught you people how to make a Phishing site. Now in this article i am going to teach you how to set up the Phishing site, which is the Difficult task than making a Phishing site.

Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)

Step 2: Now Goto your email account that you gave and confirm your account with confirmation link

Step 3: Now Download this FILE (http://adf.ly/AGrBG )

Step 4: Now Goto http://members.000webhost.com/ and Log into your account.

Step 5: Now when you are logged into your account click on the Go to Cpanel in front of your domain that you had registered, and then Go to File Manager under Files and log into it.

Step 6: Now Click on the Public_html.

Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.

Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.

NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:

http://www.yoursitesadress.p4o.net/lol.html

If I am not clear in any point Please ask me in comments below.
THE DOWNLOAD LINK TO facebook.zip is http://adf.ly/AGrBG
PS:> If www.p4o.net didn't worked for you, you can use :
www.drivehq.com
www.yourfreehosting.net
www.esmartstart.com

=============================================================
The Input Data (Email and Password) will look like following:

==============================================================
UPDATE:
Now if you have successfully made the Phishing page(site) then you must know that on Facebook you cannot post it, mail it, or sent it in chat. e.g: www.yoursite.p4o.net. This is because Facebook dont allow the T35.com sites. So Solution to this problem is to use http://www.dot.tk for the URL hiding.
All you have to do is to Goto http://www.dot.tk , on the main page enter your Phishers address and get a domain for that. Like for www.myphisher.p4o.net you gets www.myphisher.tk. And facebook will allow you to post it

HACK TWITTER BY MAKING TWITTER PHISHING SITE TUTORIAL


Hack Twitter Tutorial.

Yah! Today is turn of Twitter. I am going to show you how to make the Twitter Phishing site, with which you can Hack any Twitter account ;)

Step 1: The First Step in Making the site is to regester an account at http://www.p4o.net/signup.php (if you have account than you can skip first 2 steps)

Step 2: Now Goto your email account that you gave and confirm your account with confirmation link

Step 3: Now Download this FILE ( http://adf.ly/AGqib ) .

Step 4: Now Goto http://www.p4o.net/login.php and Log into your account.

Step 5: Now when you are logged into your account click on the Online File Manager under File Management.

Step 6: Now Click on the htdocs and then on Upload Button.

Step 7: Now choose the file under the Archives that you have downloaded, to be uploaded.

Recent Post

6 Most Common Password Cracking Methods And Their Countermeasures

7 Most Important Addons for Hackers & Pentesters

How to Hack Facebook Account by friends adding technique

Facebook Message Hack || Send fake messages to ur friends

Your friend can only be pranked if he has @facebook mail id..!!!

ARDAMAX KEYLOGGER V3.8.9 LATEST [FULL] [FREE] [CRACK] [SERIAL KEY]

HOW TO HACK GMAIL ACCOUNT USING PHISHING.

HACK FACEBOOK BY MAKING FACEBOOK PHISHING SITE TUTORIAL.

HACK TWITTER BY MAKING TWITTER PHISHING SITE TUTORIAL

Pages