Saturday, 2 June 2012

Hack an email account using Keylogger



1. What is a keylogger?
A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a small program that monitors each keystroke a user types on a specific computer’s keyboard. Using a keylogger is the easiest way to hack an email account. A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password.

2. Where is the keylogger program available?
A keylogger program is widely available on the internet. Some of the best ones are listed below
SniperSpy
Win-Spy

3. How to install it?
You can install these keyloggers just as any other program but these things you must keep in mind. While installing, it asks you to set a secret password and a hot key combination. This is because, after installation the keylogger program is completely hidden and the victim can no way identify it. So, you need the Hot Key combination and secret password to later unhide the keylogger.

4. Once installed how to get password from it?
The hacker can open the keylogger program by just pressing the hot keys (which is set during installation) and enter the password. Now it shows the logs containing every keystroke of the user,where it was pressed, at what time, including screenshots of the activities. These logs contain the password of the victim’s email account.

5. I don’t have physical access to the victim’s target computer, what can I do?
It doesn’t matter whether or not you have physical access to the victim’s computer. Because keyloggers like SniperSpy and Win-Spy offers Remote Installation Feature. With this feature it is possible to remotely install the keylogger on the victim’s PC.
You can attach the keylogger with any file such as image, MS excel file or other programs and send it to the victim via email. When the victim runs the file, it will automatically get installed without his knowledge and start recording every activity on his computer. These activities are sent to you by the keylogger software via email or FTP.

6. What if the target user (victim) refuses to run the attached file?
Sometimes the victim may refuse to run the attachment that you send via email because of suspicion.


7. How can a keylogger hack the Email password?
Hacking an email password using keylogger is as simple as this: You install the keylogger on a Remote PC (or on your local PC). The victim is unaware of the presence of the keylogger on his computer. As usual, he logs into his Email account by typing the username and password. This username and password is recorded and sent to you via Email. Now you have the password of your target email account.
In case if you install the keylogger on your local PC, you can obtain the recorded email password just by unhiding the keylogger program (use your hot key and password to unhide).

8. Which Keylogger is the best?
Both the keyloggers mentioned above are the best for email hacking. However I recommend SniperSpy as the best for the following reasons.
1. Sniper Spy is more reliable than Win-Spy since the logs sent will be received and hosted by SniperSpy servers. You need not rely on your email account to receive the logs.
2. Unlike Winspy, Sniperspy doesn’t require anything to be installed on your computer. To monitor the remote PC all you have to do is just login to your SniperSpy account from your browser.
3. SniperSpy is more easy to use and faster than Winspy.
4. SniperSpy offers better support than WinSpy.
5. SniperSpy has got recognition from media such as CNN, BBC, CBS, Digit etc. Hence it is more reputed and trustworthy.
Apart from the above mentioned reasons, both SniperSpy and WinSpy stands head-to-head. However in my opinion it’s better to go for SniperSpy since it is the best one. I have tested tons of keyloggers and the only two that stood up were SniperSpy and Winspy.
So what are you waiting for? If you’re serious to hack an email account then go grab either of the two keyloggers now!


Tuesday, 15 May 2012

How to Hack Email Account with Cookie stealing

Cookie Stealing. 

I observed that cookie stealing is neglected by some fellow hackers (even I was one of them). But, recently, I discovered that cookie stealing can be pretty handy to hack an Email account. In the following article, I have covered basics of how to hack an Email account using Cookie Stealing.

How to hack Email account:

If you are a newbie and don't know about cookie, then for your information, Cookie is a piece of text stored on user computer by websites visited by the user. This stored cookie is used by webserver to identify and authenticate the user. So, if you steal this cookie (which is stored in victim browser) and inject this stealed cookie in your browser, you can imitate victim identity to webserver and enter hisEmail account easily. This is called Session Hijacking. Thus, you can easily hack Email account using such Cookie stealing hacks.

Tools needed for Cookie stealing attack:

Cookie stealing attack requires two types of tools:
  1. Cookie capturing tool
  2. Cookie injecting/editing tool
1. Cookie capturing tool:
Suppose, you are running your computer on a LAN. The victim too runs on same LAN. Then, you can use Cookie capturing tool to sniff all the packets to and from victim computer. Some of the packets contain cookie information. These packets can be decoded using Cookie capturing tool and you can easily obtain cookie information necessary to hackEmail account. Wireshark and HTTP Debugger Pro softwares can be used to capture cookies.

Update: Check out my Wireshark tutorial for more information on cookie capturing tool.

2. Cookie injecting/editing tool:

Now, once you have successfully captured your victim cookies, you have inject those cookies in your browser. This job is done using Cookie injecting tool. Also, in certain cases after injection, you need to edit cookies which can be done by Cookie editing tool. This cookie injection/editing can be done using simple Firefox addons Add N Edit Cookies and Greasemonkey scripts. I will write more on these two tools in my future articles.

Drawbacks of Cookie Stealing:

Cookie Stealing is neglected because it has some serious drawbacks:
  1. Cookie has an expiry time i.e. after certain trigger cookie expires and you cannot use it to hijack victim session. Cookie expiry is implemented in two ways:
    1. By assigning specific timestamp(helpful for us).
    2. By checking for triggers like user exiting from webbrowser. So, in such cases, whenever user exits from his browser, his cookie expires and our captured cookie becomes useless.
  2. Cookie stealing becomes useless in SSL encrypted environment i.e. for https (Secure HTTP) links. But, most Email accounts and social networking sites rarely use https unless vicitm has manually set https as mandatory connection type.
  3. Also, most cookies expire once victim hits on LogOut button. So, you have to implement this Cookie stealing hack while user is logged in. But, I think this is not such a serious drawback because most of us have the habit of checking "Remember Me". So, very few people actually log out of their accounts on their PCs.
So friends, this was a short tutorial on basics of how to hack Email account using Cookie Stealing. As I have stated, Cookie stealing has some disadvantages. But, I think Cookie stealing is a handy way to hack an Email account. In my next articles, I will post detailed tutorial to hack Facebook and Gmail accounts using Cookie stealing. If you have any problem in this tutorial on how to hack Email account using Cookie stealing, please mention it in comments.

Enjoy Cookie stealing trick to hack Email account...

Saturday, 12 May 2012

Making Facebook Phishing Site

Now in this article i am going to teach you how to set up the Phishing site, which is the Difficult task than making a Phishing site.

Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)



Step 2: Now Goto your email account that you gave and confirm your account with confirmation link


Step 3: Now Download this FILE http://www.mediafire.com/?svyhib869w1lzhy

Step 4: Now Goto http://members.000webhost.com/ and Log into your account.



Step 5: Now when you are logged into your account click on the Go to C panel  in front of your domain that you had registered, and then Go to File Manager under Files and log into it.


Step 6: Now Click on the Public_html.



Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.

Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.




NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:


http://www.yoursitesadress.p4o.net/lol.html


If I am not clear in any point Please ask me in comments below.
THE DOWNLOAD LINK TO facebook.zip is http://www.mediafire.com/?svyhib869w1lzhy
PS:> If www.p4o.net didn't worked for you, you can use :
www.drivehq.com
www.yourfreehosting.net
www.esmartstart.com

=============================================================
The Input Data (Email and Password) will look like following:

==============================================================
UPDATE:
Now if you have successfully made the Phishing page(site) then you must know that on Facebook you cannot post it, mail it, or sent it in chat. e.g: www.yoursite.p4o.net. This is because Facebook dont allow the T35.com sites. So Solution to this problem is to use http://www.dot.tk for the URL hiding.
All you have to do is to Goto http://www.dot.tk , on the main page enter your Phishers address and get a domain for that. Like for www.myphisher.p4o.net you gets www.myphisher.tk. And facebook will allow you to post it

HOW TO FIND YOUR USERNAME?
Ok guys this is the most asked question of all so here is a simple answer, just look in the following picture of Admin Paned the red shaded area tells you the username of the website
.

Friday, 27 January 2012

How To Password Protect Your USB Drive





USB flash drives are portable. Which makes them easy to keep with you but unfortunately also makes them east to mislay.

The solution to protecting your USB drive depends on what you need to do and how much of the drives contents you need to protect.

If you only want to protect a handful of files on your USB flash drive then it's probably simplest to save them with a password. Programs like Word and Excel make it fairly easy to do this. Before saving your file, go to the Tools menu. Choose Options and then click on the Security tab. You'll be given the option to enter a password to open the file. Although the box only asks you to enter the password once, you'll be asked to type it in again before you can exit from the Options dialog box. But once you've done that, you're on your own. So make sure you can remember the password otherwise you'll have to resort to a program to recover passwords before you can open it again!

For many people, this will be enough protection. After all, those photos of beautiful looking scenery from your recent holiday probably don't need to be stored securely


How To Protect Your Complete USB Flash Drive

If you need to store lots of data securely on your USB drive then it makes sense to password protect the complete drive.

For instance, you wouldn't want other people to be able to get hold of your company's data if your drive went astray, would you?

If you don't mind splitting your USB drive into multiple "volumes" (kind of like virtual disk drives) and providing the files you want to protect aren't too large, you may want to check out the free program Cryptainer LE. The biggest snag is that the maximum volume size is 25Mb. So if you're dealing with Word documents and Excel spreadsheets, you'll be fine. But if you're looking at Access databases and the like, it's likely that you'll soon run over this limit. It's also a pain in the neck to have to continually swap drives, so remember that when you're considering this program.

The best compromise I've found is a neat piece of software called Securestix which lets you password protect specific folders on your USB drive. This is a good solution - you can leave those holiday photos for all to see whilst making sure that your backup copy of your login passwords and your company data are securely locked away.

Securestix even comes with a password hint option (you don't have to use this, but it's there anyway) so that you can remember long forgotten passwords in much the same way that web sites let you get back a password from their secure servers.

The program is very simple to use and very affordable. You can download your copy instantly from this link.

What Do You Want To Password Protect On Your USB Flash


USB Flash Drive

Kingston DataTraveler I - 4 GB USB 2.0 Flash Drive DTI/4GB

Kingston DataTraveler I - 4 GB USB 2.0 Flash Drive DTI/4GB

Amazon Price: $5.95 (as of 01/10/2012)Buy Now
This 4 GB USB flash drive lightens your load without emptying your wallet. As easy as click and drag, the DataTraveler holds just about any file you can think of--from reports and pictures, to spreadsheets and other important documents. It works with virtually any device with a USB port--even cross-platform from Macintosh to PC and vice versa.

More About USB Flash Drives

Category: file - :SanDisk Cruzer Micro.png|thumb|SanDisk Cruzer Micro, a brand of USB flash drives
Category: file - :MicroSDFDrive.JPG|thumb|A Kingston card reader which accepts Micro SD memory cards (Transcend card shown inserted) and acts as a USB flash drive, resulting in a size of approximately 2 cm in length, 1 cm in width and 2 mm in thickness
Category: File - :IBM card storage.NARA.jpg|thumb|Punched cards in storage at a U.S. Federal records center in 1959. All the data visible here would fit on a 4 GB flash drive.
USB flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus (USB) interface. USB flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g.Frequently Asked Questions About USB Flash Drives. Peripherals.about.com (2010-06-17). Retrieved on 2011-05-18. drives of 256 gigabytes (GB) are available,Baker, Jeff (July 20, 2009) "Kingston unveils 256GB thumb", MobileWhack.com and storage capacities as large as 2 terabytes (TB) are planned, with steady improvements in size and price per capacity expected. Some allow up to 100,000 write/erase cycles (depending on the exact type of memory chip used) and 10 years shelf storage time.
AboutCom-Swivel-Pro-Flash "Imation Swivel Pro Flash Drive", About.com, 2008USB flash drives allow reading, writing, and erasing of data, with some allowing 1 billion write/erase cycles in each cell of memory: if 100 uses per day, 1 billion cycles could span 10,000 days or over 27 years. Some devices level the usage by auto-shifting activity to underused sections of memory.
USB flash drives are often used for the same purposes for which floppy disks or CD-ROMs were used. They are smaller, faster, have thousands of times more capacity, and are more durable and reliable because they have no moving parts. Until approximately 2005, most desktop and laptop computers were supplied with floppy disk drives, but floppy disk drives have been abandoned in favor of USB ports.
USB Flash drives use the USB mass storage standard, supported natively by modern operating systems such as Linux, Mac OS X, Windows, and other Unix-like systems. USB drives with USB 2.0 support can store more data and transfer faster than much larger optical disc drives like CD-RW or DVD-RW drives and can be read by many other systems such as the Xbox 360, PlayStation 3, DVD players and in some upcoming mobile smartphones.
Nothing moves mechanically in a flash drive; the term drive persists because computers read and write flash-drive data using the same system commands as for a mechanical disk drive, with the storage appearing to the computer operating system and user interface as just another drive. Flash drives are very robust mechanically.
A flash drive consists of a small printed circuit board carrying the circuit elements and a USB connector, insulated electrically and protected inside a plastic, metal, or rubberized case which can be carried in a pocket or on a key chain, for example. The USB connector may be protected by a removable cap or by retracting into the body of the drive, although it is not likely to be damaged if unprotected. Most flash drives use a standard type-A USB connection allowing plugging into a port on a personal computer, but drives for other interfaces also exist.
USB flash drives draw power from the computer via external USB connection. Some devices combine the functionality of a digital audio player with USB flash storage; they require a battery only when used to play music.

Wednesday, 12 October 2011

Apple iPhone 4S review



The first time you see Apple’s highly anticipated iPhone 4S, you might be a little surprised. That surprise will come from the fact that it looks nearly identical to last year’s sleek metal-and-glass iPhone 4.
But the hardware is only half the story. The introduction of the iPhone 4S marks the debut of Apple’s newest mobile operating system, iOS 5. The new OS is not only loaded with some important improvements — from how notifications about missed calls and other messages are displayed to how your device connects to your computer — it also introduces an innovative, voice-activated “intelligent assistant” named Siri. This is arguably one of the most meaningful updates to the iPhone we’ve ever seen.
First, the basics: The phone is being sold in the United States on Verizon, AT&T and now Sprint in three capacities (16GB, 32GB and 64GB).
The new phone touts a faster processor than its predecessor (a custom chip Apple designed called the A5) and a new cell radio that can work on both CDMA and GSM networks, so the Verizon and Sprint models will be able to function overseas.
The device has an eight-megapixel camera with improved optics and, as a result, the 4S took some of the cleanest photos I’ve seen in any mobile device. Apple has done a similarly excellent job with video. The iPhone 4S captures 1080-pixel content, and does so with the same crispness and polish that it lends to its still photos, meaning the phone could easily stand in for a dedicated point-and-shoot camera.
The iPhone 4S has an improved antenna design as well. The company claims the phone can “intelligently” switch between its two antennas. In my testing, I did seem to be getting more bars more consistently, though it’s tough to say if it made any big difference in terms of call quality.
Apple also boasted of faster download speeds over certain 3G networks, though I saw little improvement compared with the older iPhone, and the speeds paled in comparison to the 4G LTE service that Verizon offers.
But there’s no LTE option here, no larger screen, no new body design, no set of stereo speakers, it doesn’t do 3-D, and Apple didn’t add a kickstand.
Now on to the software. For starters, gone are those intrusive pop-up notifications. Now when you get an alert, you see a small notice at the top of your screen. Apple takes a page right out of Android’s playbook and utilizes a window to collect all of your notifications in one place.
The company has also included a new messaging component in iOS called iMessage. Think of it as a BlackBerry Messenger killer. The service is free and works across 3G or WiFi connections, and it’s really fast.
iOS 5 allows you to wirelessly sync your device over WiFi, meaning you don’t have to plug in a cable to transfer files or backup your phone.
Perhaps the biggest breakthrough feature in the new operating system is called Siri.
Siri is one of the more novel applications Apple has produced. Utilizing a combination of voice recognition, logic and text-to-speech, the software can interpret casual requests and follow conversations. With Siri, you can ask to get directions, send text messages, schedule reminders or appointments, get suggestions on where to eat, and lots more. Siri can even answer not-so-basic questions such as,“Who wrote ‘Jane Eyre’?”
Siri understands what you’re saying and the context in which you’re saying it. The software also learns things about you and the people you communicate with.
The crazy thing about Siri is that it works — at least most of the time — better than you’d expect. It understands and responds to you in a way that’s so natural it can sometimes be unsettling. The software even has a good sense of humor.
That’s not to say Siri is without issues. Sometimes it misunderstands you or can take too much time to get answers to your questions because it has to connect to Apple’s servers for data.
Still, while Siri may not be finished yet, it acts like something straight out of a science-fiction story.
The iPhone 4S is launching alongside another new Apple service called iCloud, which is free. iCloud can back up your data, music and app purchases and documents, keeping them synced across multiple devices. In my testing, it worked nearly flawlessly and was painless to set up.
Looking at all these pieces combined, the iPhone 4S is an astoundingly good phone. The lack of a larger display, a new design and LTE service may put off some buyers, but that won’t change the fact that 4S is a force to be reckoned with. Indeed, Apple has said that pre-orders of the iPhone 4S exceeded 1 million within the first 24 hours the device was on sale.
The iPhone 4S reminds me again of just what makes Apple’s products so special. It’s not really specifications or apps, but some other, intangible spark.
Is this the best phone ever made? That’s debatable. But I can tell you this: It is pretty cool.

How to Identify and Avoid Phishing Scams


Phishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworty person/organization. Since most online users are unaware of the techniques used in carrying out a phishing attack, they often fall victims and hence, phishing can be very effective.
With the dramatic increase in the number of phishing scams in the recent years, there has also been a steady rise in the number of people being victimized. Lack of awareness among the people is the prime reason behind such attacks. This article will try to create awareness and educate the users about such online scams and frauds.
Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter thier personal information. Here are some of the tips that can be used to identify various phishing techniques and stay away from it.
 

Identifying a Phishing Scam

 
1. Beware of emails that demand for an urgent response from your side. Some of the examples are:
  • You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your account asap so as to avoid permanant suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed webpage (similar to your bank website) and enter your login details over there.
  • In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.
2. Phishing emails are generally not personalized. Since they target a lagre number of online users, they usually use generalized texts like “Dear valued customer”, “Dear Paypal user” etc. to address you. However, some phishing emails can be an exception to this rule.
3. When you click on the links contained in a phishing email, you will most likely be taken to a spoofed webpage with official logos and information that looks exactly same as that of the original webpages of your bank or financial organization. Pay attention to the URL of a website before you enter any of your personal information over there. Even though malicious websites look identical to the legitimate site, it often uses a different domain or variation in the spelling. For example, instead of paypal.com, a phishing website may use different addresses such as:
  • papyal.com
  • paypal.org
  • verify-paypal.com
  • xyz.com/paypal/verify-account/
 

Tips to Avoid Being a Victim of Phishing

 
1. Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.
2. Don’t use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.
3. Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive data such as usernames and passwords, account numbers or credic card details. You will see a lock icon Picture of the Lock icon in your browser’s address bar which indicates a secure connection. On some websites like paypal.com which uses an extended validation certificate, the address bar turns GREEN as shown below.
HTTPS Address Bar


In most cases, unlike a legitimate website, a phishing website or a spoofed webpage will not use a secure connection and does not show up the lock icon. So, absence of such security features can be a clear indication of phishing attack. Always double-check the security features of the webpage before entering any of your personal information.
4. Always use a good antivirus software, firewall and email filters to filter the unwanted traffic. Also ensure that your browser is up-to-date with the necessary patches being applied.
5. Report a “phishing attack” or “spoofed emails” to the following groups so as to stop such attacks from spreading all over the Internet:
You can directly send an email to spam@uce.gov orreportphishing@antiphishing.org reporting an attack. You can also notify the Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov.

4 Ways to Identify Safe Websites on the Internet


On the whole Internet, there are approximately more than 150 million active websites up and running. As a result, it often becomes a real challenge for the users to identify safe websites that are trustworthy and reputed. Have you ever wondered to know the reputation of a website before placing the order? Need to know whether a given website is child safe? Well, here are some of the ways to identify safe websites on the Web.
 
1. WOT or Web Of Trust (www.mywot.com):
WOT is a great place to test the reputation of your favorite website. WOT gives real-time ratings for every website based on the feedback that it gets from millions of trustworthy users across the globe and trusted sources, such as phishing and malware blacklists. Each domain name is evaluated based on this data and ratings are applied to them accordingly.
Trustworthiness signifies the overall safety of the website. A poor rating may indicate that the site is associated with threats like Internet scams, phishing, identity theft risks and malware. For more information on phishing, you may refer my other post on how to identify and avoid phishing scams.
 
Vendor reliability tells you whether a given site is safe for carrying out buy and sell transactions with it. An excellent rating indicates superior customer satisfaction while a poor rating indicates possible scam or bad shopping experience.
 
Privacy indicates about “to what extent the site respects the privacy of it’s users and protects their personal identity and data”.
 
Child Safety indicates whether the content of a given site is appropriate for children. Site contents like sexual material, nudity and vulgarity will have a poor Child Safety rating.
 
In most cases, the WOT ratings are found to be highly accurate. To check the reputation of any given website, just visit www.mywot.com type-in the address of your favorite website and click on “Check now”. This tool alone can tell you a lot about the reputation and safety level of a website. However, in addition to this, I am giving you another 3 handy tools to identify safe websites on the Web.
 
2. McCafee SiteAdvisor:
McCafee SiteAdvisor is a free tool that is available as a browser add-on. It adds safety ratings to your browser and search engine results. You can download it fromwww.siteadvisor.com.
 
3. StopBadware:
Using this tool, you can check whether a given site is said to have involved in malware activity in the past. To check this, go tohttp://www.stopbadware.org/home/reportsearch and enter the URL or domain name of a website and click on “Search Clearinghouse ”. If the search does not return any result, that means the site was never involved in any of the malware activity in the past.
 
4. Google Pagerank:
Google PageRank is another great tool to check the reputation and popularity of a website. The PageRank tool rates every webpage on a scale of 1 to 10 which indicates Google’s view of importance of the page. If a given website has a PageRank of less than 3, then it is said to be less popular among the other sites on the Internet.
 
However, PageRank will only tell you how much popular a given website is and has nothing to do with the safety level of a website. So, this tool alone cannot be used to evaluate a website’s safety and other factors.
 
PageRank feature is available as a part of Google Toolbar. You can install Google Toolbar from http://www.google.com/intl/en_uk/toolbar/ie/index.html.