HACKING TRICKS 2012-2013

Internet Observatory Setting New Heights with Real-Time IP Traffic Trends


Hello Friends. Here is a guest post from Adriana Jones on a very interesting topic. Special thanks to Adriana from HackingAlert for sharing this article. You can find her bio at the end of the articl...

A simple HTML tag to crash 64-bit Windows 7


<iframe height='18082563'></iframe> Yea that's true. This small ( not exactly small) iframe is powerful enough to crash down a 64 bit Win7 system to the famous Blue Screen Of Death (BSoD). This vulnerability has been recently reported by w3bd3vil (awsome work!!...

"It Happens on Live television" Facebook spam demystified - A completely new form of Spam


Hello friends. I love facebook spams. The reason is that you will find the best use of javascript, flash, facebook plugins and of coarse social engineering. There is always so much to learn. The last faebook spam which we looked at here in HackingAlert was the "How can Rehanna Do this" Facebook spam...

Why Email attachments can be dangerous?


Festive season is on. Online e-commerce sites are busy attracting users. Similarly Spammers are also prepared to utilize the season for spreading spam and malwares. Recently I got a mail from Coca Cola(spam ofcorse) which said that I won lots of dollars( it ws so much that I dont remember the exact amount). It had a malicious pdf attachment. Hiding malicious codes inside pdf has become a prime target to bypass email filters. So I thought...

Cross site scripting(XSS) Cheat Sheet - Readers Choice!!


Hello friends. These days I am on an XSS rampage. I recently posted an article on XSS vulnerability in Babylon search. Since then I got several request from the readers to post a quick article on cross site scriptting. This tutorial will be divided into two parts. In the first part I will cover the basics of XSS and how the attack vector is implemented. In the next tutorial we will discuss some techniques by which we can prevent XSS attacks...

Namedpipe impersonation Attacks


Privilege escalation through namedpipe impersonation attack was a real issue back in 2000 when a flaw in the service control manager allowed any user logged onto a machine to steal the identify of SYSTEM. We haven't heard a lot about this topic since then, is it still an issue...

Complete Guide to staying Anonymous on Internet - Combining VMs and VPNs


"the Reason which makes Anonymous hactivists dangerous is that they are really ANONYMOUS - Darklord" Hello friends. Sorry for the delay in post. Still waiting for the day when time will be in abundance for me. Today I have an interesting post for you all. In one of my several older posts I have been discussing how to penetrate different websites, perform attacks, gain information etc. But there is a big issue behind all this...

When Social Networks Become Social Engineering Tools for hacking - A Case study of hacking 10 Facebook friends in 10 minutes


These days hacking community is buzzing with social engineering techniques for hacking. People discuss what can be the best social engineering technique they can adopt. These days I am addicted to 2 things very badly. One is metasploit and other is Social networks( facebook to be precise)...

Complete SQL injection tutorial with Havij


Hello friends. This is my third post on SQL injection and for the first time I am using a tool for explaining it. Here I will be using a popular and my personal favourite SQLi tool Havij. To download Havij visit the following link - DOWNLOAD HAVIJ...

The Mole - New SQL injection tool+tutorial


The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique...

Rooting An Android Phone From Scratch - My Experiments with Truth!!


Hello Friends. From past 3 days I was on an rooting rampage with my HTC Tattoo android phone. I was a fan of Android before I ever rooted my phone and now I am in love with it since I have rooted it. The real power of any operating system lies when you have the command of the super user. This is what rooting is all about...

Setting up your own Pentesting/Hacking Network using a single Machine


Hello friends. Sorry for the long delay in writing a new post. I was out for some days and had no internet connectivity. When I came back and checked my mail, I found more than 10 mails asking me how to test for hacking. Actually this problem is because of the fact that there are too many theoretical tutorials available on the internet but there are hardly any practical implimentations shown...

New "How Can Rihanna do this" Facebook Spam - Be aware!!


Hello friends. After several days finally a new spam has come out which floods from wall to wall. This time spammers have found out a new way to fool people and take them out of the secure zone and beat the same shit of redirecting them to a url that contains millions of viruses and malwares waiting to welcome you. I alone found of 36 different class of malwares uploaded on the infected link. Let us dig out deeper into this spam..Lets have...

What happened to #opFacebook ? The Inside Story


There has been a lot of buzz about the #opfacebook. Well nothing happened to facebook and it doesn't even seems that anything is going to happen. I got answers to several questions about anonymous during my recent encounter with one of their members. Here is what exactly happened...

Cracking The Fake Gmail Password Hacking Software - So you think you are an Hacker??


Hello friends. Going really busy these days but I had to find out time to write about this post as there are really smart people who believe that they can hack Gmail accounts by using a tool. Well the truth is they can hack, but there is a second phase of the tool as well...

Create unlimited Gmail ID's from your single original ID - A must read for all !!


Hello friends. Sorry for the delay in posts. This is my new post for the month of November. Last month had been a huge hit for HackingAlert as it received 75000+ page views in the month of October. Thanks to all the readers. Well coming to our pos...

Complete Guide to #RefRef DDOS tool - Tutorial+Tool download


Hello Friends. Finally @Anonops or the Anonymos group has raised curtains from the most talked about tool in recent few months. Finally the source code has been revealed by the group and the most troubled person will be Mark Zukerberg. Facebook was expecting that this tool will be the prime weapon of #opfacebook ...

How to crack Wifi WEP password in simple steps.


Hello friends. Many of you must be aware of the technique I will discuss here as it is not new and you will find hundreds of results on google about it. Even there are lots of cool youtube videos floating around on how to crack the WEP keys of a wifi network. Wardriving is fun but dont make it illegal. There was a critical aspect missing in almost every tutorial I read...

New DOS tool to Kill SSL servers - Complete Tutorial


A newly released denial-of-service (DOS) tool can be used to bring down SSL servers using an average laptop computer and a standard DSL connection. The hacking outfit decided to release the tool, called THC-SSL-DOS, now because it has already been leaked online a couple of months ago. "We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure...

Basic SQL injection tutorial - Readers Choice


Hello readers. This has been a very busy week for me. But i had to take out time for my blog. First of all I would like to thank you all for visiting my blog frequently and post your feedbacks and requests. In the past one month Hackingalert has seen an enormous growth in traffic. today I am writing on SQL injection. this is my third tutorial on SQL injection but there is a heavy demad for it again and again. I have kept it a bit higher...

PD-Proxy Bandwidth limit reached! problem solved

PD-Proxy Bandwidth limit reached! এর সমাধান। আর নয় ১দিন এর অপেক্ষা।

কেমন আছেন সবাই। আসা করি ভালো আছেন। আমিও ভালোই আছি। কিন্তু মন ভালো নাই, কারন আমার পরীক্ষা তাই। যাক এটা আমার প্রবলেম। প্রথমে আমার পোস্ট টিতে কোনো ভুল হলে আমাকে ক্ষমা করবেন। আপনাদের অনেকেরি হয় তো কোনো কাজে বা কোনো কারনে PD-proxy এর Bandwidth limit reached হয়ে যাই বা 100MB পার হয়ে যাই, বুঝতেই পারেন না। এবং সেই দিন PD-Proxy চালাতে পারেন না। তাই আজ আমি আপনাদের প্রবলেম কমাতে এসেছি। সেটা হোলো PD-Proxy Bandwidth limit reached! এর সমাধান নিয়ে। বা 100MB পার হোলে PD-Proxy সেই দিন আবার  কিভাবে চালাবেন সেই বিষয়ে।

তাই কথা না বাড়িয়ে কাজ করা যাক। প্রথমে ফাইল টি ডাউনলোড করেনিন। ক্লিক করুন এখানে ডাউনলোড Volumeid.exe
ফাইল টি আপনার ইউজার ফোল্ডার এ পেস্ট করুন- C:\Users\your user folder name. আপনার ইউজার ফোল্ডার এই ভাবে ওপেন করবেন এবং ফাইল টি পেস্ট করেন। past your user folder

এবার স্টার্ট মেনু তে- “Run” এ ক্লিক করুন এবং লেখুন “cmd” এবং এন্টার চাপুন

এখন লিখেন- c: এবং এন্টার চাপুন। উইন্ডো টি কাটবেন না।

উইন্ডো টি কাটবেন না তারপর নিচে লিখেন- (volumeid.exe c: 1234-1234) নাম্বার গুলো ৮ অক্ষরের হতে হবে। বাস তারপরে এন্টার চাপুন।


এরকম দেখালে কাজ হয়ে গেছে তারপর কম্পিউটার রিস্টার্ট দিন। রিস্টার্ট না দিলে হবে না।


রান (run) খুজে না পেলে নিচে ইমেজ এ দেখেন

Bandwidth limit reached হয়ে যাওয়া বা 100MB শেষ হয়ে যাওয়া অ্যাকাউন্টে লগইন করবেন না। অন্য আর একটা অ্যাকাউন্টে লগইন করুন। না হলে কাজ হবে না। 
আর না হলে আবার চেষ্টা করেন আর কোনো সমস্যা হলে আমাকে জানাবেন আমি চেষ্টা করবো হেল্প করার। কোনো ভুল হলে আমাকে ক্ষমা করবেন। পোস্ট টি ভালো লাগলে কমেন্ট করে জানাতে পারেন।

FACEBOOK,EMAIL,WEBSITE HACKING

Internet Observatory Setting New Heights with Real-Time IP Traffic Trends

Hello Friends. Here is a guest post from Adriana Jones on a very interesting topic. Special thanks to Adriana from HackingAlert for sharing this article. You can find her bio at the end of the articl...

A simple HTML tag to crash 64-bit Windows 7

<iframe height='18082563'></iframe> Yea that's true. This small ( not exactly small) iframe is powerful enough to crash down a 64 bit Win7 system to the famous Blue Screen Of Death (BSoD). This vulnerability has been recently reported by w3bd3vil (awsome work!!...

"It Happens on Live television" Facebook spam demystified - A completely new form of Spam

Hello friends. I love facebook spams. The reason is that you will find the best use of javascript, flash, facebook plugins and of coarse social engineering. There is always so much to learn. The last faebook spam which we looked at here in HackingAlert was the "How can Rehanna Do this" Facebook spam...

Why Email attachments can be dangerous?

Festive season is on. Online e-commerce sites are busy attracting users. Similarly Spammers are also prepared to utilize the season for spreading spam and malwares. Recently I got a mail from Coca Cola(spam ofcorse) which said that I won lots of dollars( it ws so much that I dont remember the exact amount). It had a malicious pdf attachment. Hiding malicious codes inside pdf has become a prime target to bypass email filters. So I thought...

Cross site scripting(XSS) Cheat Sheet - Readers Choice!!

Hello friends. These days I am on an XSS rampage. I recently posted an article on XSS vulnerability in Babylon search. Since then I got several request from the readers to post a quick article on cross site scriptting. This tutorial will be divided into two parts. In the first part I will cover the basics of XSS and how the attack vector is implemented. In the next tutorial we will discuss some techniques by which we can prevent XSS attacks...

Namedpipe impersonation Attacks

Privilege escalation through namedpipe impersonation attack was a real issue back in 2000 when a flaw in the service control manager allowed any user logged onto a machine to steal the identify of SYSTEM. We haven't heard a lot about this topic since then, is it still an issue...

Complete Guide to staying Anonymous on Internet - Combining VMs and VPNs

"the Reason which makes Anonymous hactivists dangerous is that they are really ANONYMOUS - Darklord" Hello friends. Sorry for the delay in post. Still waiting for the day when time will be in abundance for me. Today I have an interesting post for you all. In one of my several older posts I have been discussing how to penetrate different websites, perform attacks, gain information etc. But there is a big issue behind all this...

When Social Networks Become Social Engineering Tools for hacking - A Case study of hacking 10 Facebook friends in 10 minutes

These days hacking community is buzzing with social engineering techniques for hacking. People discuss what can be the best social engineering technique they can adopt. These days I am addicted to 2 things very badly. One is metasploit and other is Social networks( facebook to be precise)...

Complete SQL injection tutorial with Havij

Hello friends. This is my third post on SQL injection and for the first time I am using a tool for explaining it. Here I will be using a popular and my personal favourite SQLi tool Havij. To download Havij visit the following link - DOWNLOAD HAVIJ...

The Mole - New SQL injection tool+tutorial

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique...

Rooting An Android Phone From Scratch - My Experiments with Truth!!

Hello Friends. From past 3 days I was on an rooting rampage with my HTC Tattoo android phone. I was a fan of Android before I ever rooted my phone and now I am in love with it since I have rooted it. The real power of any operating system lies when you have the command of the super user. This is what rooting is all about...

Setting up your own Pentesting/Hacking Network using a single Machine

Hello friends. Sorry for the long delay in writing a new post. I was out for some days and had no internet connectivity. When I came back and checked my mail, I found more than 10 mails asking me how to test for hacking. Actually this problem is because of the fact that there are too many theoretical tutorials available on the internet but there are hardly any practical implimentations shown...

New "How Can Rihanna do this" Facebook Spam - Be aware!!

Hello friends. After several days finally a new spam has come out which floods from wall to wall. This time spammers have found out a new way to fool people and take them out of the secure zone and beat the same shit of redirecting them to a url that contains millions of viruses and malwares waiting to welcome you. I alone found of 36 different class of malwares uploaded on the infected link. Let us dig out deeper into this spam..Lets have...

What happened to #opFacebook ? The Inside Story

There has been a lot of buzz about the #opfacebook. Well nothing happened to facebook and it doesn't even seems that anything is going to happen. I got answers to several questions about anonymous during my recent encounter with one of their members. Here is what exactly happened...

Cracking The Fake Gmail Password Hacking Software - So you think you are an Hacker??

Hello friends. Going really busy these days but I had to find out time to write about this post as there are really smart people who believe that they can hack Gmail accounts by using a tool. Well the truth is they can hack, but there is a second phase of the tool as well...

Create unlimited Gmail ID's from your single original ID - A must read for all !!

Hello friends. Sorry for the delay in posts. This is my new post for the month of November. Last month had been a huge hit for HackingAlert as it received 75000+ page views in the month of October. Thanks to all the readers. Well coming to our pos...

Complete Guide to #RefRef DDOS tool - Tutorial+Tool download

Hello Friends. Finally @Anonops or the Anonymos group has raised curtains from the most talked about tool in recent few months. Finally the source code has been revealed by the group and the most troubled person will be Mark Zukerberg. Facebook was expecting that this tool will be the prime weapon of #opfacebook ...

How to crack Wifi WEP password in simple steps.

Hello friends. Many of you must be aware of the technique I will discuss here as it is not new and you will find hundreds of results on google about it. Even there are lots of cool youtube videos floating around on how to crack the WEP keys of a wifi network. Wardriving is fun but dont make it illegal. There was a critical aspect missing in almost every tutorial I read...

New DOS tool to Kill SSL servers - Complete Tutorial

A newly released denial-of-service (DOS) tool can be used to bring down SSL servers using an average laptop computer and a standard DSL connection. The hacking outfit decided to release the tool, called THC-SSL-DOS, now because it has already been leaked online a couple of months ago. "We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure...

Basic SQL injection tutorial - Readers Choice

Hello readers. This has been a very busy week for me. But i had to take out time for my blog. First of all I would like to thank you all for visiting my blog frequently and post your feedbacks and requests. In the past one month Hackingalert has seen an enormous growth in traffic. today I am writing on SQL injection. this is my third tutorial on SQL injection but there is a heavy demad for it again and again. I have kept it a bit higher...

HACKING SOFTWARE AND TRICKS

Complete SQL injection tutorial with Havij

Hello friends. This is my third post on SQL injection and for the first time I am using a tool for explaining it. Here I will be using a popular and my personal favourite SQLi tool Havij. To download Havij visit the following link - DOWNLOAD HAVIJ...

Learn Hacking by Doing-Practical Hacking Lessons with DVWA

There is always a question that people ask me is how to learn hacking. Well I have tried my best to always find a good answer to this question, but I have always failed. The biggest reason is that hacking is not like a programming language that can be learned in few days or months. It requires a continuous effort. You cannot learn it by doing a course from NIIT or Appin. You cannot learn it by simply going to google and type "learn hacking"...

Hacking Facebook Applications - A HackingAlert Exclusive case study!!

Recently I had the honor to write for an upcoming magazine on hacking and Network security which is going to be launched this month. The chief editor of the magazine is a real hard working guy and he asked me to submit an article(cant name the topic). I went on to make some research on the worlds biggest laboratory ( internet :) !!)..Yes internet can be the world's biggest lab, at least for me. I was playing with the Facebook documentation...

Complete guide to defacing a website - CookBook!!

Please use  this post for educational and penetration testing your own website only.  Disclaimer: The methods and shell upload shown in this tutorial were tested on a hacked website, so hackingalert is not responsible for any damage. Special Thanks to Team Innobz for the shell upload (love you guyz). Hello friends . In the recent time I was quiet busy with my own stuff so couldn't post cool hacking articles. So I kept...

Understanding Honeypots - The Trap!!

First thing any hacker would do to compromise any network is gathering information passively and seeking vulnerable services as well as ports. And this is where Honeypots play a role of fake vulnerability in network. Honeypots are fake theoretically, but not practically. They are real vulnerabilities in Network intentionally kept open & designed to gather information about the possible attack / attacker...

Intercepting HTTP request/response using WebScarab to hack Web Applications

Hello Friends. Recently I am really busy with my interviews in different companies. But there is always a new thing that you can learn from everything. Though my tough time has not yet ended but still I took out time to write this post as there is somthing new that I learned while I was preparing for one of my interviews for MicroWorld that is amongst the leading companies in the field of Network Security. The best thing I find about...

5 phases of Web Application attack - A HackingAlert Exclusive research!!

Tweet Web applications are now the next big victim after games for hackers . A recent research shows that 70% of vulnerabilities exist at the top layer of the web application. The attackers use several techniques to hack web applications . I have been constantly monitoring different types of web attacks involving different methods but there ar some common steps which all hackers follow in order to perform their attack on applications. I am presenting...

Some FAQ's that you must know about hacking .

Tweet I get lots of emails from anonymous people who ask me to hack a facebook or gmail or live account and they are also willing to pay for it too . I never reply to such mails because of the obvious reason that "hacking is not dirty" . You just cannot use your tricks to fool others and steal their information . Everyone loves his/her privacy .  But there are some good questions too . Some eager learners ask me very good questions...

How to hack a website/web server - 3 step guide.

Tweet I get lot of mails from people who ask me two questions very frequently; First is "abhinav can you hack facebook,gmail,orkut etc" and the second is "how can i hack a website" . The first question is very irrelevant as there are no defined techniques to hack such secure sites . You can only hack someones account only by making the victim to commit some mistake like making the victim to enter informations in a phishing page etc . The second...

Step 3 - Gaining access to the server/remote host through vurnabilities.

Tweet This step involves gaining hidden access to the remote system by exploiting the vurnabilities that are there in various different services of the host . To gain access using the vulnerabilities found you can use METASPLOIT . This is a popular exploit scanner and execution tool . Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers...

Step 2 - Enumeration and scanning for vulnerabilities

Tweet This is the next step to hacking a website or a web server . This step involves gathering information about the web host that can be utilized to find loop holes or errors on the services running on the server. In order to find out what services are running on the perticular web server and what are the open ports on the perticular server we use a very popular tool called NMAP . You can download NMAP from the following link.  This tool will scan the server and will give you information about all the services running along with the version...

step 1 - Gaining information

Tweet This is the most basic step that deals with gaining information about the perticular website/server . One can manually gain information by popular techniques like banner grabbing . You can do a manual information check on the target server . This is known as Reconnaissance. Active Reconnaissance involves probing of network to detect accessable hosts , open ports , location of routers etc . You can find all available ip addresses so that you can perform the next scanning phase...

TOP 10 HACKING SOFTWARE FREE DOWNLOAD





There have been a lot of tools floating around the web who claim to be the best in their respective fields.
I have used many hacking tools that are built for both windows and linux platform and have seen that the linux tools are far more powerful than the windows tools. Keeping this thing in mind i thought to compile my list to those softwares that work well for both the platform and perform similar features.
The list has some new names compared to those in last years blog. I have also provided a download link of all the ten softwares compiled in a single zipped file to ease the downloading.

1.Nmap

Nmap ,by far is the best security scanning and hacking tool ever made. This software tops every list of top hacking softwares for its two reasons. Firstly,its ease of use and secondly,its wide usage.
It provides a wide range of features like port scanning, fingureprinting, os detection , ping , scanning an IP range , alive hosts etc. It has a rich command mode for advanced users which can combine several commands together to execute ones. Its the most recomended tool for new as well as advanced learners and security experts. It hosts its google  opensource project every year. Download the zip.

2.SuperScan


Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.  If you need an alternative for nmap on Windows with a decent interface, I
suggest you check this out, it’s pretty nice. It provides a cool scanning experience with lot of information displayed .Downlaod the zip




3.Cain and Abel


My personal favourite for password cracking of any kind.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. Download the zip

4.John The Riper


This is my personal favourite password cracking which has been in the market for over a decade and it has evolved into a powerful tool because of the special effort of the open source community.John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. Download the zip

5.fsCrack


FSCrack is a front end for John the Ripper (JtR) that provides a graphical user interface (GUI) for access to most of JtR’s functions.It increases the functionality of JTR and provides a detailed report of password cracking . The working is similar to JTR by using the SAM file of windows to crack the admin password. Download the zip





6.Nessus Security Scanner


This tool has been the best tool for both network administrators and hackers because of its wide implimentation.The Nessus® vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks.  Download the zip





7.Wireshark


Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers. Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams!. Download the zip







8.Live Bulk Mailer

Live bulk mailer has the ability to still deface the spam filter of gmail,hotmail and yahoo. Its an email flooding tool that allows the attacker to send desired number of bulk mails to the victim inbox and flood it completely. This can be an annoying task and can also put you into trouble so before using this tool dont forget to use a proxy server to hide your IP address. Download the zip





9.Website Digger
Website digger is a tool that helps you to digg into a website and gain information about the host by applying whois query and also banner grabbing capability. This tool is useful while defacing a webpage. Download the zip

10.PuTTY



PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4. 0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.
Download the zip