miscellaneous-hacks

Website Hacking And Security With DVWA Tools

Wed, 02 Nov 2011 16:35:51 +0100

Website Hacking And Security With DVWA Tools:

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.This app. allows you to learn and practice web application attacks in a safe environment.

Warning:
Don't upload ot to your personal hosting otherwise its vulnerable and your site will be hacked.

Download it from here:

Download DVWA

Video installation Guide:

Encryption and Decryption

Wed, 02 Nov 2011 16:28:49 +0100

Today i am giving a short tutorial on how to encrypt and decrypt you messages, texts and any other sensitive information which you just want to be read by the one whom you are sending. I will make use of online encryption and decryption databases.

Crypo.comand string-functions.com
There are lots of encryption methods and also decryption methods to do on. I will elaborate by simple examples.

Encryption:
So i want to encrypt the following string :
www.hackersthirst.com in order Base 64-Reverse-String to Hex

a. So, to start with encryption, go to: http://www.crypo.com/eng_base64e.php
and enter our string or text: www.hackersthirst.com in the text box. Hit on "Encrypt" to get the encrypted Base 64 password.
Its : d3d3LmhhY2tlcnN0aGlyc3QuY29t

b. Now, next we have to Reverse the string obtained from step a. So, go to:
http://www.crypo.com/eng_reverser.php
and enter the string from step a in the text box and hit on Reverse. Copy the string from second box.
Its : t92YuQ3cylGa0Nnclt2YhhmL3d3d

c. Next is to encrypt with Hex. Go to: http://www.string-functions.com/string-hex.aspx
and enter the string copied in step b. Hit on Convert to get:
7439325975513363796c4761304e6e636c74325968686d4c33643364

So, this is our final encrypted string or text.

Decryption:
So, we are given the above encrypted text or string and need to get the actual real password.
The encrypted password we need to decrypt is:
7439325975513363796c4761304e6e636c74325968686d4c33643364

Since Encryption order is: Base 64-Reverse-String to Hex
while decrypting, we need to follow exact opposite order.

So, Decryption order becomes: Hex to String-Reverse-Base 64

a. We have to convert Hex to String. Go to:
http://www.string-functions.com/hex-string.aspx
and enter the encrypted password. Hit on Convert and copy the resultant string.
Its: t92YuQ3cylGa0Nnclt2YhhmL3d3d

b. Now, to reverse this string, go to:
http://www.crypo.com/eng_reverser.php
and reverse it. Copy the reversed string.
Its: d3d3LmhhY2tlcnN0aGlyc3QuY29t

c. To decrypt using Base 64, go to:
http://www.crypo.com/eng_base64d.php
Enter the string copied in step B and hit on Decrypt. Thus, now, you get your final string or text: www.pgims.yolasite.com
Thus, you have successfully decrypted your text.

So i have demonstrated the use of encryption and decyption. You can use any other order in this way.

21 Hacking Tools

Wed, 02 Nov 2011 15:16:40 +0100

These are Top 20 Hacking Tools, which are used for various purposes.

Nessus

The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.

Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Snort
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.

Netcat
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol

TCPdump
TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.

Hping
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).

DNSiff
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.

Ettercap
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.

Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.

John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix.

OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

TripWire
Tripwire is a tool that can be used for data and program integrity assurance.

Kismet
Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.

NetFilter
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.

IP Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

pf
OpenBSD Packet Filter

fport
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.

SAINT
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.

OpenPGP
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.

Brutus

Brutus is a remote password cracker.With the help of it you can crack ftp etc.

Some best Firefox Addons For A Webdeveloper

Wed, 02 Nov 2011 15:01:54 +0100

Well basically i am also a firefox lover due to its large flexibility and other options. Personas feature in also good in firefox to change its skins but thats a non technical point and i am not going to discuss it in tech site :P. Today! i am sharing some of the best addons for firefox which may help you technically from every aspect. I have come across all these addons in my short career devoted to computer. lol.

1. Colorzilla - Easy Color Choice For WebDevelopers:-

With ColorZilla you can get a color reading from any point in your browser, quickly adjust this color and paste it into another program. You can Zoom the page you are viewing and measure distances between any two points on the page. The built-in palette browser allows choosing colors from pre-defined color sets and saving the most used colors in custom palettes. DOM spying features allow getting various information about DOM elements quickly and easily.
Download this Add-on

2. Statusbar - Modern Download Window:-

View and manage downloads from a tidy statusbar – without the download window getting in the way of your web browsing. Despite its compact size, Download Statusbar packs in more useful features than the standard download window. The fully customizable interface auto-hides when not in use, allowing full control without interruption.
Download this Add-on

3. Flash Switcher-Flash Plugin's Version Switcher:-

Switch between various flash plugins or remove current plugin. It is installed in the statusbar of your browser. when you click on it a popup menu appears showing different options: which flash player version to install (2,3,4,5,6,7,8,9) or if you want to remove the currently installed one.
Download this Add-on

4. Firebug-Developers Choice:-

Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.Well actually this addon helped me a lot for examining external pages inspite of my site.
Download this Add-on

5. Html Validator-Let Computer Validate your hardwork of HTML:-

HTML Validator is a Mozilla extension that adds HTML validation inside Firefox and Mozilla. The number of errors of a HTML page is seen on the form of an icon in the status bar when browsing.

Download this Add-on

6. IE Tab-Internet Explorer i-e Cross Browser Checking

This is a great tool for web developers, since you can easily see how your web page displayed in IE with just one click and then switch back to Firefox. Got to say I develope website in firefox and this make switching to an IE browser unbelievably easy.
Download this Add-on

7. Save As Image-Screen Shot Tool:-

I used to use screengap however I dont think its supported in the new firefox and it uses Java runtime to save the image. I’ve got to say it took me a while to find this addon but it’s brilliant. Adds the ability to save a page, frame, or part of either as an image.
Useful for showing people bugs in a website, creating a snapshot of design progress, or perhaps even creating a gallery of websites.
Download this Add-on

8.Live HTTP Headers-View HTTP headers of a page and while browsing:-

Its also good addon for a developer.It adds a new tab to the Page Info dialog that shows details of the HTTP request/response for that page. To see it, install the extension, visit a page and select Page Info (via the Tools menu, via the context menu, or via Cmd-I on Mac). Then select the Headers tab to see the HTTP headers panel.
Download this Add-on

9.Acunetix Web Scanner-Scan The Vulnerability:-

This addon is made basically for auditing the security of yours site. Since! acuntex itself is becoming popular for such purpose so here is its addon for firefix. Its not been reviewed by mozilla but you still can install it as it is trustworthy addon.
Download this Add-on

If you know any other addons then post in comment I will upadte this post. But addon must be special one.

Facebook Fan Pages Customization tutorial (FBML)

Wed, 02 Nov 2011 14:56:43 +0100

Facebook Fan Pages Customization tutorial (FBML)

Recently facebook fan pages have become a great portal for showing your products to the world present at facebook. I too have a facebook fan page of my site but i haven't customized fbml of that pge to a great extent because i don't find time to do so. But i will share these small tricks to my loyal reader here. Read post to learn things and also subscribe to us.And yes we are here with a new theme. I made this for those who have a slow internet connection. Well sorry i am going of the topic. So here we start :

1. Embedding YouTube Videos in your Fanpage :

In case of embedding YouTube video on Facebook page, the default embed HTML code doesn’t works. The video on Facebook can be only embedded using the lash. Copy-Paste the code below into the FBML box of your page to embed the video. Remember to replace VIDEO_ID with the YouTube Video ID before you save.

<fb:swf swfsrc=”http://www.youtube.com/v/VIDEO_ID” imgsrc=”http://img.youtube.com/vi/VIDEO_ID/default.jpg” width=”480″ height=”360″ />

2. Separate contents for Fans and non-fans:

Showing Separate contents for the Facebook Page fans and non fans can also help you gain more fans for your page. You can use the FMBL below and show separate content for the fans and non-fans.

<fb:fbml version=”1.1″>
< fb:visible-to-connection>This part is visible for fans only!
< fb:else>This part is visible for non-fans</fb:else>
< /fb:visible-to-connection>
< /fb:fbml>

3. Invite to Friends box:

Adding an Invite to Friend box below the main Content of your welcome Tab will also help you increase the fans of your page as it makes your fans easier to invite their friends on Facebook. Use the following code in FBML box to insert the Invite box in your page :

<fb:request-form method=”post” type=”[your organization]” invite=”true” content=”Check out [your organization]<fb:req-choice url=’http://www.facebook.com/YOURPAGE’ ‘ label=’GO’ /> “>

<fb:multi-friend-selector actiontext=”Tell your friends about [your organization]” rows=”3″ showborder=”true” />

</fb:request-form>

4. Adding a Comment Box:

Adding a comment box will allow the fans of the page to give a reply easily at you fbml page. Thats a gooe feature use the code below to enable it :

<fb:comments xid=”YOUR_PRODUCT_UNIQUE_ID” canpost=”true” showform=”true” candelete=”false” numposts=”3″ returnurl=”http://YOUR_PRODUCT_HOME_URL”>

</fb:comments>

5. Adding podcasts and MP3 Audios:

Like YouTube videos you can also embed podcasts or any Mp3 Audio on your Fan page using the Fbml. You have to provide the direct link to the mp3 audio file or Podcast in the Fbml.

<fb:mp3 src=”http://example.com/podcast.mp3″ title=”Our new Song” artist=”This Week in Facebook” />

6. Adding pop-up Dialog Box :

The Pop-up dialog box is used to give the short description of the link with on a Popup dialog box whenever a user clicks a specified link in your fan page.
For instance,You have used pop-up box for the ‘About’ Link on your page then it will show the popup box as above when your fan click on the link and the ‘learn more’ link can be even redirected to your About page.

<fb:dialog id=”dialog” cancel_button=1>
< fb:dialog-title>About Us</fb:dialog-title>
< fb:dialog-content>Hackers Thirst is a blog on hacking an tech.
Would you like to learn more?</fb:dialog-content>
< fb:dialog-button type=”button” value=”Yes” href=”http://www.hackersthirst.com” />
< /fb:dialog>
< a href=”#” clicktoshowdialog=”dialog”>Click here</a> to learn more.

7. Inserting Flash Content:

Inserting Flash Content on your Facebook page is also like inserting YouTube video in your Page. Use the Fbml to insert Flash content n your page. Use the Flash file URL in the swfsrc and use the image URL on imgsrc as the source of the image that is being displayed, before your flash.

<fb:swf swfbgcolor=”000000″ swfsrc=’http://domain.com/file.swf’ imgsrc=’http://domain.com/picture.jpg’ width=’760′ height=’920′ />

8. Adding a Chat Room:

Adding a chat room on your Fan page enables you to chat with your Fans when they are on your page. Firsth thing yopu need is to create a Flash based chat widget for your Facebook page using MeeboMe and then embed that Chat widget on your Facebook Fbml box usng the code below.

Remember to replace CHAT_ID with your widget chat Id provided by Meeome before you save the code.

<fb:swf swfsrc=’http://widget.meebo.com/mm.swf?CHAT_ID’ width=’515′ height=’425′ imgsrc=”chat-thumbnail.jpg” />

9.Adding a share button:
A share button on your Facebook page lets your fan to share the provided link on their Facebook profile easily. You can use the following code on Fbml Box of your Page to insert the ‘Share’ button on your fan page.

<fb:share-button class="meta"><meta name="medium" content="mult"/> 
<meta name="title" content="name of fan page"/> 
<meta name="description" content="description of fan page"/> 
<link rel="image_src" href="url to image location" /> 
<link rel="target_url" href="http://facebook.com/hackersthirst"/> 
</fb:share-button>

10.Showing Visitor’s name
Its good to welcome user on your page with his name and in0rder to show name use following script :

<fb:userlink uid="loggedinuser" />

Hope it may help you someday! for further reference go to Facebook Developers.

CyberGate RAT - Hacking Facebook, Twitter and Email Id's Passwords

Wed, 02 Nov 2011 14:35:07 +0100

What is CyberGate:

CyberGate is a powerful, fully configurable and stable Remote Administration Tool coded in Delphi that is continuously getting developed. Using cybergate you can log the victim's passwords and can also get the screen shots of his computer's screen. You can connect o multiple victims in single time. One should no know what is the ip-address of the victims' computers. That is the main benefit. What you have to do is to spread the server file to the vicitms or the people whom you want to infect. Also there is a file manager utility using which you can explore the data of the victim. So, its much exciting, therefore i thought to give a tutorial about it, since it can also be used for constructive purpose i-e you can view the clients of you office or your homies, that what are they doing at computer. Rather they are sincere or not. I am going to show you step by step guide, by creating my own server. I created Hackersthirst to produce awareness among people about general tools usage also.

Steps For creating a successful cybergate server:-

Step 1) I have hosted to cybergate for dowloading to the two locations, as often i get messages that download link is not working.
Download CyberGate:
First Download Location of Cyber Gate
Second Downalod Location of Cyber Gate

Step 2) Now, It will be better that you temporarily disable your antivirus software. and also other security software if its the case that CyberGate isn't working for you.

Step 3) Set up your account at no-ip.com , If you are already registered that just login. After loging in add a host. Picture Demonstration is given below, since in last post of pro-rat people asked lots of question.

After this, Type your email id here, Like i did:

Now, Fill the forum provided with your real preferences or fake :P , Do what you like. After that you will receive a confirmation email in your inbox, Like the one you receive while subscribing to Hackersthirst, Click the confirmation link provided there, and thus you will have an activated and verified account. Login there. Now, What you have to do, is given below in step 4 with pictures!

Step 4) You have to add host, Like this, after getting logged in!

After that, fill like this, Replace hackersthirst with your desired name!

Thats it you are done, with following info:
Host name: hackersthirst.zapto.org
Host Type: DNS Host (A) , Further leave other fields blank like i did.
Host process is now finished now i am moving to no-ip client.

Step 5) Download no-ip client from here. Download according to your OS, It supports windows, mac or linux. After downloading install the program, And then run it, You will promted to put in your email id along with password which you used to login to the no-ip.com, After loging in, Do what i did in the following screen shot!

Note: Always keep this software opened, Whenever cyper gate is running.

Thats it, We have done with no-ip.com, Now procees forward with cybergate!

Step 6) Extract The Cybergate archive You Downloaded In The Beginning To Your Desktop! Once Extracted, Open It & Wait 20 Seconds For The Agreement To Pass! When It's Open, Press: Control Center -> Start.
and then press, Control Center -> Options -> Select Listening Ports, After this a popup will appear fill that like this:

Explaining further:
At first, Write "100" In That Little Box And Press The Blue Arrow. Then It Should Appear Under "Active Ports"
Active Ports: The Port You Will Forward Later using modem or uTorrent!
Connections Limit: The Max Amount Of Victims You Can Have.
Connection PW: The Connection Password. Use "123456"
[V] Show Password: (Shows Password)
Once This Is Done, Press "Save"!

Step 7) After this we are going to create the server, Go to, Control Centre -> Build -> Create Server

After adding name, select the name i-e wamiqali and Press forward.Now, Following windows will appear, Fill it like this:

Now, Click ok, It will be added in the list, After that select 127.0.0.1 and click delete. So, that following form will come in front of you:

Note: If You Want To Try The Server On Yourself, Then Delete Both:

- 127.0.0.1:999
- hackersthirst.zapto.org

And Replace Them With; 127.0.0.1:100 Since 127.0.0.1 Means "Local Computer & LAN Internet"

Step 8) After this move on to the installer tab, and do what i did in the following screen shot:

Well, i think for this section no further explanation is required, things themselves in the screen shot are telling that what they are meant to do.

Step 9) Now move on to the Anti-Debug tab, and follow guideline as shown in the screen shot:

Step 10) Move on to the final tab, that is Create Server. and do what i did!

So, You are done!

Step 11) (There are many ways for this step, You can also google for some other better way) Now you have to port forward, For this purpose, login to your router or modem (Recommended way) and forward the port which you have used while making the cber gate i-e 100, But another quick tweak is this that simply run uTorrent and select Options > Preferences > Connection than enter there in Listening Ports, the value of port you want to be forwarded (e-g 100) than select Apply.After that Exit the uTorrent from the tray of the windows. and go to http://canyouseeme.org/ and check whether port is access-able or not. If its access-able, You will get this message for port 100:

Success: I can see your service on 100.100.200.200 on port (100)
Your ISP is not blocking port 100

What to do if RAT is not Connecting?

Make Sure That....

1) You are properly port-forwarded if using a router.
2) You have the No-IP Client installed and running.
3) Your DNS entries are correctly spelled when building your server.
4) The password in Listening Ports and the password your server uses are identical.
5) You are Listening on the correct ports.
6) Your Firewall is letting connections through on the port you're listening on.
7) Your server is added to excluded files in your Antivirus and Firewall.

Once You've Port Forwarded Your Port: "100" Then Just Get It Crypted And Start Spreading. After that you will surely get some victims But i will surely point out here that don't use this for bad purpose!

You can read How to Hide Keyloggers and RAT's From Antivirus for hiding you server from antivirus.

Note: All this was for educating my readers, Hackersthirst is not responsible for company or individual harm caused by it. Also don't use it to hack innocents, As this isn't attitude of hackers.

How to: Convert Computer in WebServer - Host Webpages For Free

Wed, 02 Nov 2011 14:36:27 +0100

Wanted to know that how can we convert our own computer into a web server? So that you may access your public data at any time from any place? Were you eager of this before? OK, Hackersthirst is here to help you in this tech and hacking world, I am going to show you that How can you make your computer a web server inorder to host your own files and also webpages in HTML. This conversion will help you in creating sql, php and much other databases (Visit download link provided below).So, that you may be able to test your website that how will its look online. There is another benefit that often you get banned by hosting providers for hosting your phishing pages and scripts or some illegal crap to hosting, This will surely help you getting out of this mess and you will be able to host your phishing page freely in order to hack a victim.

For this purpose we can use many softwares like wamp and others, But i recommend you using xampp, You can download xampp from here. There are many flavors available you can use it with linux, Windows and Mac also. After downladoing just follow my steps:

Step 1) Download the program and install it (Prefer another drive rather than c:/program files for installation, Otherwise in vista and seven inorder to avoid software functions restriction you may have to deactivate UAC (Windows Vista User account control) with msconfig later). During installation you will be prompted for following options, Choose what you want, I have just selected following :

After that press next and installation will start:

Step 2) In the end it will ask that do you want to run xampp control panel hit OK and you will see control panel infront of you. And start the following services, you may start others as per your requirements!

Afterwards go to your browser and put 127.0.0.1 or localhost in the browser address bar, You will get following screen after selecting right language!

Inorder to check that your local hosting is accessable publically then use your public/external ip address and put it in browser address bar and hit enter, You will get this page:

So, Yo have to edit "httpd-xamp.conf" file now, Just go to "httpd-xamp.conf" and find and remove "deny from all" and save it. Path of such files is here : Your Drive:\xampp\apache\conf\extra

So, After deleting "Deny from all" Save it (Ctrl+S) And Thus you are done.
In the end restart the server by restarting the software and i hope that it will work now.

Where to host and upload your pages:

Yes, this is most important question, There will be a directory named htdocs where you have installed xampp and thus I may say it will be in drive:\xampp\htdocs , What you will upload in it will be available to the whole world from your public ip address. Suppose you have made index.html and this inorder to access it you will have to paste it in htdocs directory and it will be accessible at:

http://Your-public-ip/index.html OR http://localhost/index.html

Yes, public ip address link will work in whole world while local host in your local network as i described above.You can start and stop services from control panel of xampp also you can use filezilla too.

If you want to get a domain name:

Just singn up to the no-ip.com and get a domain or host for your ip address. But question is here that our ip address is dynamic and to which ip domain name will point, Yes, There is solution by no-ip.com, Just go to downloads and get their dynamic DNS update client and run on PC. It will automatically point that domain to your current ip-address. Inorder to get more and step wise information for setting up domain, You should read the start of this post here, Where i have used no-ip.com for setting up your own domain name for cyber gate with ip address.

Social Engineering (how its done and how to remain safe)

Wed, 02 Nov 2011 14:16:41 +0100

What is Social engineering?
In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking and fooling other people to break normal security procedures. A social engineer runs what used to be called a "con game". For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Appeal to vanity, appeal to authority, and old-fashioned eavesdropping are typical social engineering techniques.
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.
Explaining with common example:
Such as a small example is this that i came across and email in my msn account. It was written in that email that your bank account will be deleted soon there is a lot of money in it. So, you click the link below to save it. However now i know that i don't have a bank account in any foreign country but what is it that often people become greedy and they do not know that it is a spam and scam. Ultimately on clicking link their session is hijacked or there passwords are stolen.

Another example is that you have often seen that emails come that you have won a prize money. Click the link below. and also sometimes you want to hack facebook acounts or paypal and you come across a software But i will say:

There is no software in this world to hack facebook or other acounts these are just programmed in VB or C++ to hack your own passwords.

So these are some of the examples of social engineering. and also hackers make videos and assure people that this software will hack hotmail,yahoo,gmail etc. But thats all fake.also if you receive email that your acount will be deleted then its also fake because there are terms and conditions to do things.

Further prevention:

Anti-Social-Engineering Tips & Tricks	Reason
Beware of people that call you on the phone and try to make you provide your personal information, passwords, and other sensitive information.	Always be skeptical if someone calls you on the phone and tries to get your personal information, your passwords, and other sensitive data. Always be skeptical and never give out any information to strangers. Tell the people who are trying to get information from you that you need to confirm their claims first and then double-check by calling trusted parties. More to the point, if a person who's claiming to be from your bank calls you and tries to get information from you, never give out anything. You should then call the bank and ask them if they called you to get information from you soon afterwards.
Never provide sensitive information via email.	If someone tries to get you to give out personal data, passwords, and other sensitive information via your email, don't do so. Always call back to the real source and confirm if such a request is needed. If it is required, send your information via traditional mail so you know where it is being sent to (that is, you're sending it to the correct, official address of the trusted company).
Be skeptical of anyone that tries to get personal data, passwords, and other sensitive information from you.	Always be skeptical if anyone tries to get information from you. Normally, it is very rare for a company to make you give out any information, so you should never do so if you haven't checked the source first and are absolutely confident about it. It is your right not to give out any information unless it is under extreme circumstances.
If you need to track information about a person who tries to get information from you, then use the Penetrator or Portable Penetrator.	The Penetrator and Portable Penetrator can quickly retrieve a large amount of information about a person. By using this feature, you can get an overview of whether or not the person who's trying to make you reveal intimate details about your life is a legitimate official of a trusted company or organization. Moreover, you can check out other sources over the worldwide web as well to see if the stranger you've encountered is a legitimate representative of a business connected to you or not.

If you receive an email saying that you have won something or please click this link otherwise your acount will be deleted then its fake donot click the link.

The hackers use this trick to spread there phishing pages and cookie stealing links to hack innocent people acounts and to use them for wrong purposes since these are registered at there names.

Hide Keyloggers and RAT’s By Using Binders

Wed, 02 Nov 2011 14:12:21 +0100

Binders have great importance for playing social engineering tricks over victim whom you want to hack by use of some key loggers, RAT’s and Trojans etc. These will help you a lot in order to hide your server from human eye and these are capable of encrypting your server too, In order to hide them from antivirus eye. Today I,ll show you some binders using them you can combine your keylogger and RAT server with any image or an application too. Well, in market there are many paid cryptors and binders present but I,ll share some free binders with you.

Now the thing is this that often we think that mp3, jpeg and png and other related things are free from viruses and malwares, May be this hypothesis is true but how can we state this? That is the reason I am making this post we can even bind our trojan and keylogger in a mp3, jpeg and png file. I,ll cover this security Section later in another post.

What is Binder – Brief Intro:-

A binder is a simple program in kb,s or else nearly 1mb and is used to hide a keylogger or trojan in any other file like jpeg, png and mp3 and thus we can change the icon of the newly created output, Also we can use binder to combine an application with a trojan and keylogger and save it with different icon and name, When victim will run it he will think that it’s a trusted application but in background binded trojan will also run. That is the basic scheme hope you may get it now.Some binders are given below:-

Simple Binder By Nathan – Free Binder :-

It is quite simple and can be used in seconds without installing. You can combine image with any .exe trojan as you can see and in the FILE#1 I have given the path of the image and after that in FILE#2 I have given path of the trojan which is to be binded, It is quite useful for script kiddies too as its much easy . You can fool victim by telling him that its just and image file of yours own pic . You can download it from here:-

Download Free Simple Binder by Nathan

Weekend Binder By Nathan – Free Binder:-

This is also quite good binder which can be used easily without any installation process and we can bind two applications with each other like one should be genuine and other should be the server of RAT like I did in the screen shot above. I have Given an image file in the File#1 (You can use any file which you want ) and in File#2 I have given the server.exe which is to be binded. Now tick bother Execution options if you want both files to be executed in the victim computer. In order to download this Weekend Binder by Nathan for free see below for download link:-

Download Free Weekend Binder By Nathan

Gmail Hacking By Phishing Page

Sun, 30 Oct 2011 12:15:46 +0100

This post will show you on how to hack a gmail account by using a phishing method. Or in simple words by using a fake page and bit social engineering. Lets start the tutorial:

Note: I am posting this just for educational purpose don't try to misuse this.

Method:
1. Download the gmail phishing page and script from this link.
Password for the archive: hackersthirst.com

2. Get some free hosting from t35.com or 110mb.com or 0fees.net, and upload the extracted package there i-e upload index.htm, input.php.
Learn how to upload from here.

3. Give the link to the victim of the index.htm e-g www.yousite.com/index.htm . Ask him to login and be bit tricky, You can also email victim and by hyperlinking the link www.yousite.com/index.htm to something like gmailverification etc, and write in email that we are checking that whether your acount is active or not, Inshort words be social engineer. It depends on you.

4. When victim logs in with your uploaded page he will be redirected to input.php and thus input.php will create a file name passwd.htm in your hosting. Open this file with filezilla and see, You will get email and password of victim.

How this phishing works?
1. In order to log the text of the victim i created a php script and named it as input.php and connected it to the forum of the login fields of Email and Password, Like this, See Below:
This is login forum:

This is Coding behind this login forum:

You can see that in <forum action there is input.php value, So what you will write in Username and password it will be logged. That is basic phishing theme also.
Remain safe from such attacks and always look at the browser address bar for safety, If the url is something like www.site.word.com then its fake.