Facebook hacking-Clickjacking process.Simple trick.!

Posted by Varatha krishnan On Tuesday, May 21, 2013 0 comments

What is Clickjacking?

Clickjacking is a technique used by hackers or spammers to trick or cheat the users into clicking on links or buttons that are hidden from normal view (usually links color is same as page background). Clickjacking is possible because of a security weakness in web browsers that allows web pages to be layered and hidden from general view. In this situation what happens is that You think that you are clicking on a standard button or link, like the PLAY button or download button on an video or some stuff, but you are really clicking on a hidden link. Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing. You could be downloading malware or making all your Facebook information public without realizing it. Some good hackers make ajax keyloggers and put them as javascripts over their fake websites and when you open them they retrieve all your passwords stored in web browser and records whatever you type while the web browser is open and stores this information on their servers.

There are several types of clickjacking but the most common is to hide a LIKE button under a dummy or fake button. This technique is called Likejacking. A scammer or hacker might trick you by saying that you like a product you’ve never heard. At first glance, likejacking sounds more annoying than harmful, but that’s not always true. If you’re scammed for liking Mark Zukenberg​, the world isn’t likely to end. But you may be helping to spread spam or possibly sending Friends somewhere that contains malware.

 How It Work ?

The like button is made hidden and it moves along with the mouse.So, wherever the user clicks, the like button is clicked and your fan page is liked.First download the JavaScript from the below download link.

Mediafire

After downloading the script extract all the files.Now modify the config.js and follow the below instructions.

1. Modify config.js file in "src" folder to change fan page URL and other things.
Comments are provided beside them to help you what they do exactly.

2. There is a time out function after which the like button will not be present(move) anymore. 
"time" if set to 0 will make it stay forever(which is usually not preferred).

3. Set opacity to '0' before you run the script. Otherwise the like button will not be invisible

Properly set the var in the file if it is jumbled ?

 After modifying the config.js script upload these scripts to javascript hosting website.I prefer yourjavascript you can also upload to some other website. 

How To Run The Script ?

1. Add config.js just above head tag in your pages
----------------------------------------------------------------------------------------------------------------
<script language="javascript" src="src/config.js"> </script>
----------------------------------------------------------------------------------------------------------------

2. Add like.js after body tag in your pages
----------------------------------------------------------------------------------------------------------------
<script language="javascript" src="src/like.js"> </script>
----------------------------------------------------------------------------------------------------------------

Remove src link with your uploaded link.

5. That's it. The script is ready to go.

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

READ MORE

Facebook Hack- Session Hijacking Attack- Super cool...!

Posted by Varatha krishnan On 0 comments
What Is Session Hijacking Attack ? 
Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network. 

The session ID is normally stored within a cookie or URL. For most communications, authentication procedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.

Step By Step Explanation Of How To Carry Out This Attack ?


First of all, you would need to connect to an unsecured wireless connection that others are using. Then we start capturing packets transferred over this network. Note that your wireless adapter needs to support monitor mode to scan all packets transferred over a network. you can check your wi-fi card specifications to see if it supports monitor mode.

We would then need to use a network sniffing tool so sniff packets transferred over the network. In this case, I am using a tool called Wireshark (Download From Here). Within wireshark, there is a menu called "Capture"; Under the capture menu, select interfaces from that menu, and a list of your interfaces will come up.


Next you select Start Next to the interface that you have enabled monitor mode on. most times it is the interface that is capturing the most packets. In my case, Microsoft interface is capturing the most packets, so i will select to start capturing with the microsoft interface. You would leave wireshark to capture packets for a couple of seconds depending on the amount of persons currently using the network. Say 30 seconds if 10 people currently are using the network, or 30 minutes if there is barely network activity going on. While capturing, wireshark will look something like this.

  
After capturing a certain amount of packets, or running the capture for a certain amount of time, stop it by clicking on the stop current capture button.


  After stopping the capture, you will need to look for the user's facebook session cookie which, hopefully was transferred in one of the packets captured. to find this cookie, use the wireshark search which can be found by pressing "ctrl + f" on your keyboard. In this search interface, select Find: By "String"; Search In: "Packet Details". and Filter by the string "Cookie". 


When you press find, if there is a cookie, this search will find it, if no cookie was captured, you will have to start back at step 2. However, if youre lucky and some cookies we're captured, when you search for cookie, your interface will come up looking like this in the diagram below. You would notice the cookie next to the arrow contains lots of data, to get the data. the next thing you do is to right click on the cookie and click copy->description. 

After copying the description, paste it in a text file, and separate each variable to a new line (note the end of every variable is depicted by a semicolon eg - c_user=100002316516702;). After some research and experimenting, i figured out that facebook authenticated the user session by 2 cookies called c_user and xs. Therefore you will only need the values of these cookies, and then need to inject them into your browser. Before injecting the cookies, here is what my facebook page looked like:

The next thing you would need to do is to inject this information as your own cookie. so firstly you would need to install a cookie manager extension for your browser, I'm using firefox Cookie Manager. After installing this extension, you will find it under Tools->cookie manager. The interface for cookie manager looks like this:

The first thing we would need to do is to clear all cookies, so clear all the cookies you currently have. Then select the "Add Cookie" link to add a new cookie. The first cookie you will add is the c_user cookie which will have the following information:: Domain - ".facebook.com", name-"c_user", value-"the value you copied earlier from the wireshark scanning" and the Path-"/"; leave the isSecure and Expires On values to default:


 The next thing you do is to hit the "Add" button and the cookie is saved. Repeat the same steps to add the xs cookie with all of the same information, except the value, which would be the xs value you have.


After adding these 2 cookies, just go to facebook.com, refresh the page and... Boom!! you will see you are logged in as that user whose cookie information you stole. Here is my facebook page after i injected those cookies:



Video Demonstration:-
 
Youtube video






Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

READ MORE

Facebook- hack- Cookie Stealing Attack.

Posted by Varatha krishnan On Monday, May 20, 2013 0 comments

In this tutorial i will explain how you can hack a Facebook/twitter accounts by stealing cookies. This method works only when the victims computer is in a LAN (local area network ).Best place to try out this is in schools ,collages ,cafes . where computers are connected in LAN .Before i proceed let me first explain cookies.

What Are Cookies ? And What Is The Use Of Stealing Cookies ?

Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user .For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account

So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that we need not no the victims id or password all we need is the victims cookie.

Hack Facebook / Twitter By Stealing Cookies ?

1. Ettercap or Cain and able for ARP poisoning the victim
2. Wire shark for sniffing and stealing cookies
3. Firefox browser and Cookie logger add on for injecting the stolen cookies in our browser

1. First ARP poison the victim .For this you can refer my previous articles on how to ARP poison the victims computer using Cain and able or Ettercap

2. After ARP poisoning open Wire shark ,click capture button from the menu bar , then select interface .Now select your interface (usually eth0 ) finally click start capture .

3. Now you can see the packets being captured , wait for a while till the victim logs in his account( Facebook /twitter ),

4. Mean while Find the IP address of Facebook ,for this you can open CMD (command prompt ) and enter .Ping Facebook.com to find its IP address.

5. Now filter the packets by entering the the IP address (Facebook) in the filter bar and click apply 

6. Now Locate HTTP Get /home.php  and copy all the cookie names and values in a notepad.
7. Now open Firefox and open add and edit cookies ,which we downloaded earlier , add all the cookie values and save them.

 8. Now open Facebook in a new tab , you will be logged in the victims account .


Varatha krishnan ......you have hacked the victims Facebook account by stealing cookies , You can also follow the same steps to hack  Twitter accounts


Hope you enjoyed this tutorial , If you have any doubts please feel  free to post a comment.


Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so. 

READ MORE

Facebook- Hacking in few minutes.Easy..

Posted by Varatha krishnan On 0 comments

#1– Enable HTTPS ?

When you bookmark the URL for Facebook or any of your other social networks, be sure to use HTTPS instead of HTTP. This encrypts your communications. 

In fact, you will have to temporarily disable this feature any time you give access to a new application. That alone should give you confidence that you have achieved a greater level of protection.

#2– Disable Online Chat ?

All of us have witnessed Facebook scams, with the most common being the infamous chat message … “I’m in the UK and have been mugged – please send money so I can get back home.” 

While I have no technical basis for this, it stands to reason that the hackers get in through the chat service. Every time I have noticed bogus comments allegedly made by me to my Facebook friends, it is because I had previously used the online chat. 

To disable chat just click on the little wheel in the right sidebar and take yourself offline. Then close the window and make sure is registers as chat offline.

#3 – Review Permissions Granted to Third Party Apps ?


When you grant access to Facebook apps, those permissions endure long after you stop using them. Go to this link to review your Facebook app permissions – and disable any you are no longer using. 

You will probably be surprised at the long list permissions your have previously granted!

#4 – Activate Text Message Notifications ?


Facebook allows you to receive text notifications whenever your account is accessed from a device other than your primary computer or mobile device. 

You simply go to Account Settings and then to Security Settings to set-up the proper notifications to your mobile device. 

First go to login approvals – then login notifications.


You can only choose email or text notifications. By choosing text notifications you not only get an immediate notice, but you also activate both your mobile device and your primary computer as approved access points.


#5 – Maintain Public and Private Email Addresses ?


The email address you use for Facebook should be distinct from the one you use where security is more critical – such as your online banking or Paypal account. 

If your Facebook account gets hacked its embarrassing. If that is the same email used on your more secure accounts, now that vulnerability could be costly. 

Obviously, if you are selective with your email addresses and periodically change your passwords, you minimize your chances of being hacked. 

Did you know that anyone can search Facebook for an email address? For example, if you are looking a common name such as John Smith, you only need to search with their email to find the right one. 

This is handy for finding your friends on Facebook, but also useful for hackers. The safe bet is to use distinct passwords for your public and private email addresses. 

There are even more ways to protect your Facebook and other online accounts, but these 5 are the most essential, and they are specific to Facebook, which seems to be the site that is the most vulnerable.


Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

READ MORE

How To Hack and Crack IDM without software.

Posted by Varatha krishnan On Sunday, May 19, 2013 0 comments

How to hack or crack Internet Download Manager (IDM) manually. IDM is the best Internet download manager available on internet but its not free and its cracked or patched versions contains viruses.

Using this hack you can register the Internet Download Manager (IDM) for free using you own credentials i.e register on your Name and email ID.

I am explaining the manual hacking method because most of my users said that patch and keygen contain viruses.

This hack also works for trail IDM that means download a trail IDM from there site and register the professional i.e. full version of IDM with your credentials for free using my hack.

Hack or crack IDM manually :

Step 1: Download the IDM trial or If you already have IDM installed Update it by going to Help---}} then to check for Updates.
Step2: Now Go to START => Then go to RUN and type the following text and click enter:
notepad %windir%\system32\drivers\etc\hosts

Step3:
 Now right click on hosts file and go to its properties, then go to security tab and then select your admin account, just below u will see an edit button (in front of change permissions), Now give the user full control and write and read rights and then click on apply and then click on Ok, now u will be able to edit the hosts file and save changes in it.
For Windows 7 users, due to security reasons you will not be able to save hosts file.
so follow this steps :
First of all go to C:/ drive then go to Windows Folder and then go to System32 folder and then go to Drivers folder and then go to Etc Folder, in the Etc folder you will see the hosts file.

Now right click on hosts file and go to its properties then go to Security tab select Users under Group or user names and click on edit button,Permission For Host Window will get open, in that window select Users account and grant permission in bellow section which is "Permission for SYSTEM" by clicking all checkbox under "Allow" Name and press Ok.Dnt click on any Deny check box.
Note : If  you have login through admin then skip this step .Its just for granting permission for editing file.
Step4: Now a notepad file appears something like this as shown below:
crack IDM
Now copy the below lines of code and add to hosts file as shown above image box :
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com

After adding these piece of code, save the notepad file. And exit from there.
Step5: Now open IDM and click on Registration. When you click on registration, Now a new dialog(window) appears that is asking for Name, Last Name, Email Address and Serial Key.
Step6: Now Enter you name, last name, email address and in field of Serial Key enter any of the following Keys:
RLDGN-OV9WU-5W589-6VZH1
HUDWE-UO689-6D27B-YM28M
UK3DV-E0MNW-MLQYX-GENA1
398ND-QNAGY-CMMZU-ZPI39
GZLJY-X50S3-0S20D-NFRF9
W3J5U-8U66N-D0B9M-54SLM
EC0Q6-QN7UH-5S3JB-YZMEK
UVQW0-X54FE-QW35Q-SNZF5
FJJTJ-J0FLF-QCVBK-A287M

And click on ok to register.
Step7: After you click ok, it will show an message that you have registered IDM successfully.
Now start your Internet download manager, and now you IDM has been converted to full version and specially when you update next time, your registration will not expire.
That means it will remain full version for life time and you can update it without any problem in future.
crack IDM

Note :
 To update idm you have to remove those websites added in the host file, after removing those website,save that Hosts file and update IDM software. After succesfull updation again follow above steps to crack Internet Download manager.


I hope you are now able to convert your Trial version of IDM into Full Version. If you have any problem in this tutorial on How To Hack and Crack IDM,
please mention it in comments.Enjoy .........

This is just tutorial.You are responsible for the happenings. We are not responsible.
READ MORE