Monday 18 February 2013

Hacking Gmail Account With GX Cookie

Introduction:
Hacking web application was always curious for the script kiddies. And hacking free web email account is every geek first attempt. The method which I will describe in this post is not new; the same method can be applied to yahoo and other free web email services too.



The method we will be using is cookie stealing and replaying the same back to the Gmail server. There are many ways you can steal cookie, one of them is XSS (Cross site scripting) discussed by other is earlier post. But we won’t be using any XSS here, in our part of attack we will use some local tool to steal cookie and use that cookie to get an access to Gmail account.

Assumption:

  • You are in Local Area Network (LAN) in a switched / wireless environment : example : office , cyber café, Mall etc.
  • You know basic networking.

Tool used for this attack:

  • Cain & Abel
  • Network Miner
  • Firefox web browser with Cookie Editor add-ons

Attack in detail:

We assume you are connected to LAN/Wireless network. Our main goal is to capture Gmail GX cookie from the network. We can only capture cookie when someone is actually using his gmail. I’ve noticed normally in lunch time in office, or during shift start people normally check their emails. If you are in cyber café or in Mall then there are more chances of catching people using Gmail.

We will go step by step,
If you are using Wireless network then you can skip this Step A.

A] Using Cain to do ARP poisoning and routing:



Switch allows unicast traffic mainly to pass through its ports. When X and Y are communicating eachother in switch network then Z will not come to know what X & Y are communicating, so inorder to sniff that communication you would have to poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning because Wireless Access points act like HUB which forwards any communication to all its ports (recipients). 

  • Start Cain from Start > Program > Cain > Cain
  • Click on Start/Stop Snigger tool icon from the tool bar, we will first scan the network to see what all IPs are used in the network and this list will also help us to launch an attack on the victim.
  • Then click on Sniffer Tab then Host Tab below. Right click within that spreadsheet and click on Scan Mac Addresses, from the Target section select
All hosts in my subnet and then press Ok. This will list all host connected in your network. You will notice you won’t see your Physical IP of your machine in that list. 
How to check your physical IP ?
> Click on start > Run type cmd and press enter, in the command prompt type 
Ipconfig and enter. This should show your IP address assign to your PC.
It will have following outputs:


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : xyz.com
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Main thing to know here is your IP address and your Default Gateway.

Make a note of your IP Address & default gateway. From Cain you will see list of IP addresses, here you have to choose any free IP address which is not used anywhere. We assume IP 192.168.1.10 is not used anywhere in the network.

  • Click on Configure > APR > Use Spoof ed IP and MAC Address > IP
Type in 192.168.1.10 and from the poisoning section click on "Use ARP request Packets” and click on OK.
  • Within the Sniffer Tab , below click on APR Tab, from the left hand side click on APR and now click on the right hand top spreadsheet then click on plus sign tool from top. The moment you click that it will show you list of IP address on left hand side. Here we will target the victim IP address and the default gateway.

The purpose is to do ARP poisoning between victim and the default gateway and route the victim traffic via your machine. From the left side click on Victim IP address, we assume victim is using 192.168.1.15. The moment you click on victim IP you will see remaining list on the right hand side here you have to select default gateway IP address i.e. 192.168.1.1 then click on OK.

  • Finally, Click on Start/Stop Sniffer tool menu once again and next click on Start/Stop APR. This will start poisoning victim and default gateway.


B] Using Network Miner to capture cookie in plain text



We are using Network miner to capture cookie, but Network miner can be used for manythings from capturing text , image, HTTP parameters, files. Network Miner is normally used in Passive reconnaissance to collect IP, domain and OS finger print of the connected device to your machine. If you don’t have Network miner you can use any other sniffer available like Wireshark, Iris network scanner, NetWitness etc.

We are using This tool because of its ease to use.

  • Open Network Miner by clicking its exe (pls note it requires .Net framework to work).
  • From the "---Select network adaptor in the list---" click on down arrow and select your adaptor If you are using Ethernet wired network then your adaptor would have Ethernet name and IP address of your machine and if you are using wireless then adaptor name would contain wireless and your IP address. Select the one which you are using and click on start.
Important thing before you start this make sure you are not browsing any websites, or using any Instant Mesaging and you have cleared all cookies from firefox.
  • Click on Credential Tab above. This tab will capture all HTTP cookies , pay a close look on "Host” column you should see somewhere mail.google.com. If you could locate mail.google.com entry then in the same entry right click at Username column and click on "copy username” then open notepad and paste the copied content there.
  • Remove word wrap from notepad and search for GX in the line. Cookie which you have captured will contain many cookies from gmail each would be separated by semicolon ( GX cookie will start with GX= and will end with semicolon you would have to copy everything between = and semicolon
Example : GX= axcvb1mzdwkfefv ; ÃŸcopy only axcvb1mzdwkfefv

Now we have captured GX cookie its time now to use this cookie and replay the attack and log in to victim email id, for this we will use firefox and cookie editor add-ons.

C] Using Firefox & cookie Editor to replay attack.



  • Open Firefox and log in your gmail email account.
  • from firefox click on Tools > cookie Editor.
  • In the filter box type .google.com and Press Filter and from below list search for cookiename GX. If you locate GX then double click on that GX cookie and then from content box delete everything and paste your captured GX cookie from stepB.4 and click on save and then close.
  • From the Address bar of Firefox type mail.google.com and press enter, this should replay victim GX cookie to Gmail server and you would get logged in to victim Gmail email account.
  • Sorry! You can’t change password with cookie attack.

How to be saved from this kind of attack?
Google has provided a way out for this attack where you can use secure cookie instead of unsecure cookie. You can enable secure cookie option to always use https from Gmail settings. 
Settings > Browser connection > Always use https

How to Make FireFox as a Key Logger


Hi Folks.
Most of you Know what is a keylogger ? 
But the problem is most keyloggers are demo and buying them costs a lot. 
So why not use what we have as what we want ?  
This process is too simple to be called a"hack" Still it helps in hacking so Lets Go. !


How it works:

-------------------------

We just change firefox a lil so that each and every password and email typed areautomatically saved.
Later we can use Firepasswordviwer to retrieve the passwords.

Process :

Download the Script link will be provided.
go to " C:/Program Files/Mozilla Firefox/Components"
now search for a file "nsLoginManagerPrompter.js" and backup it or copy it somewhere safe.
Now open the script you've downloaded, there you'll find  "nsLoginManagerPrompter.js"paste it to where the original script was.
Done ! Now each and every E-mail and password typed will be saved automatically.


How to get the Details:

Download Free PassWordViwer from here --> Click Here
Install or Run it
Click on "Start Recovery"
Click on "Show Passwords"
Done.!!

All Saved Password Location



All Saved Password Location

Google Chrome:
Chrome Passwords are stored in a SQLite file the sites name and sites username is in clear text but the password is seeded in a Triple DES algorithm. The file is called Web Data and is stored in the following location

XP – C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome\User Data\Default
Vista – C:\Users\Username\Appdata\Local\Google\Chrome\User Data\Default

Trillian:
Note- I have just realised the new version of trillian the passwords made be stored/encrypted differently
Trillian Passwords are stored in .ini files the first character of the password is encrypted with XOR with the key 243 then the password is converted into hex. The file is based on what the password is for so if it was icq it would be icq.ini (for new versions I think they are all stored in a file called accounts.ini or something similar if you open it up with notepad you will see all the data + the encrypted password). The files are stored in the following location:

XP (old version) – C:\Program Files\Trillian\users\
XP (new version) – C:\Documents and Settings\Username\Local Settings\Application Data\Trillian\user\global – I am not sure on exact but it is somewhere their
Vista (old version)- C:\Program Files\Trillian\users\
Vista (new version)- C:\Users\Username\Appdata\Roaming\Trillian\user\gl obal

MSN /Windows Live Messenger:
MSN Messenger version 7.x: The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\C reds\[Account Name]
Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with "WindowsLive:name=”. They a set of Win API functions (Credential API’s) to store its’ security data (Credentials). These functions store user information, such as names and passwords for the accounts (Windows Live ID credentials). Windows Live ID Credential records are controlled by the operating system for each user and for each session. They are attached to the "target name” and "type”. If you are familiar with SQL you can think of target name and type as the primary key. Table below lists most frequently used fields in Windows Live ID Credential records.

Paltalk:
Paltalk Passwords are using the same password encryption algorithm. Paltalk passwords are stored in the registry. To encrypt the new password Paltalk looks at the serial number of the disk C:\ and performs a mix with the Nickname. The resulting string is then mixed again with the password and some other constants. The final string is then encoded and written to the registry.
AIM, ICQ and Yahoo Messenger passwords that are stored by Paltalk are encoded by BASE64 algorithm.
The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Paltalk\[Account Name]

Google Talk:
Google Talk passwords are encoded/decoded using Crypto API. Encrypted Gmail passwords are stored by Google Talk in the registry under HKEY_CURRENT_USER\Software\Google\Google
Talk\Accounts\[Account Name]

Firefox:
The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)
These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.

Yahoo Messenger 6.x:
The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager
(”EOptions string” value)

Yahoo Messenger 7.5 or later:
The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager – "ETS” value.
The value stored in "ETS” value cannot be recovered back to the original password.

AIM:
AIM uses Blowfish and base64 algorithms to encrypt the AIM passwords.
448-bit keyword is used to encrypt the password with Blowfish. The encrypted string is then encoded using base64. The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords
Filezilla:

Passwords are stored in a .xml file located in Filezilla on appdata their is sources for this

Internet Explorer 4.00 – 6.00:
The passwords are stored in a secret location in the Registry known as the "Protected Storage”.
The base key of the Protected Storage is located under the following key:
"HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider”.
You can browse the above key in the Registry Editor (RegEdit), but you won’t be able to watch the passwords, because they are encrypted.
Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.

Internet Explorer 7.00 – 8.00:
The new versions of Internet Explorer stores the passwords in 2 different locations.
AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords.

Opera:
The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile

Outlook Express (All Versions):
The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.

Outlook 98/2000:
Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.

Outlook 2002-2008:
All new versions of Outlook store the passwords in the same Registry key of the account settings.
The accounts are stored in the Registry under HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index]
If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.

ThunderBird:
The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
You should search a filename with .s extension.

Digsby:
The main password of Digsby is stored in [Windows Profile]\Application Data\Digsby\digsby.dat
All other passwords are stored in Digsby servers

Hack Your Friend's PRofile Pic In Facebook

Hello my friends today i will show you a private method i discovered in Facebook ^_^

as i posted in the past the method how to hack status of Facebook Click

Now it's different you can change the default pic of your victim ^_^ how ?

Easy send this link to your victim https://m.facebook.com/upload.php?profile_pic&refid=17&_rdr

ask him to give you the email :




So now just open your account Gmail then send him a message ,put the email he gave you , then attach the pic you want to see in his profile in the message then go and check his profile . .Enjoy Hacking.

Sunday 17 February 2013

Hack Facebook (All MEthods)



So You Guys wanna Learn Facebook Hacking.  ..How to Hack Facebook Accounts Easily Yeah And I Mean It.
So Here Goes All Methods Of Facebook Hacking From Zero To One .. .
Let's Go.
Before Starting I Think You Guys All Know What Is Facebook How To Use It  .. That's Why You Are Here.
So Before Starting Let me Clear One thing There's No Such Software Exists Which Will Hack Facebook for You

The Only Two Methods By Which You Can Hack Facebook Is

  • Hire A Professional Hacker Who Will Hack For You
  • Or Just Learn All These Methods which i'm Gonna Provide you
Facebook Hacking Methods Are Following:

1.    Session Hijacking Attack
2.    Facebook Security
3.    Cookie Stealing Attack
4.    Keylogging
5.    Clickjacking
6.    Tabnabbing
7.    Remote Administration Tools
8.    Social Engineering Attack
9.   Phishing attack
10.  Using 3 Fake Friends Method

  •    Session Hijacking Attack :- What Is Session Hijacking Attack ? Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.
    Click Here To Get In Detail With Session Hijacking:- Click Me
  •     Facebook Security :- When you bookmark the URL for Facebook or any of your other social networks, be sure to use HTTPS instead of HTTP. This encrypts your communications.

    In fact, you will have to temporarily disable this feature any time you give access to a new application. That alone should give you confidence that you have achieved a greater level of protection.
    Click Here To Get In Detail With Facebook Security:- Click Me 
  •  Cookie Stealing Attack :- In this tutorial i will explain how you can hack a Facebook/twitter accounts by stealing cookies. This method works only when the victims computer is in a LAN (local area network ).Best place to try out this is in schools ,collages ,cafes . where computers are connected in LAN .Before i proceed let me first...
    Click Here To Get In Detail With Cookie Stealing Attack :- Click Me
  •     Keylogging :- What Is Keyloggers? Using key logger utility you will be able to establish full control over your computer. You will also find out, what was going on your computer in your absence: what was run and typed etc which act as best children internet protection software. Using the keylogging program constantly,...
    Click Here To Get In Detail With Keylogging:- Click Me
  •     Clickjacking :- What is Clickjacking? Clickjacking is a technique used by hackers or spammers to trick or cheat the users into clicking on links or buttons that are hidden from normal view (usually links color is same as page background). Clickjacking is possible because of a security weakness in web browsers that allows...
    Click Here To Get In Detail With Clickjacking :- Click Me
  •     Tabnabbing :- Hey friends,It's Chris Defaulter Valentine.An Microsoft Certified Systems Engineer (MCSE),Internet Marketer IIT hacker I Have 10 Years' Experience Circumventing Information Security Measures And Can Report That I've Successfully Compromised All Systems That I Targeted For Unauthorized Access Except One. I Have...
    Click Here To Get In Detail With Tabnabbing :- Click Me
  •  Remote Administration Tools :- A remote administration tool (or RAT) is a program that allows certain persons to connect to and manage remote computers in the Internet or across a local network. A remote administration tool is based on the server and client technology. The server part runs on a controlled computer and receives commands...
    Click Here To Get In Detail With Remote Administration Tools :- Click Me
  •  Social Engineering Attack :- I myself have had a few people in the past ask me questions on social engineering. I always say to anyone, you need to imagine social engineering as a game. But before i talk about the 'Game', I want to go into detail about Basic knowledge and self preparation. Basic knowledge and self preparation: It's...
    Click Here To Get In Detail With Social Engineering Attack :- Click Me
  •     Phishing attack :- Phishing - is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include...
    Click Here To Get In Detail With Phishing attack :- Click Me
  •     Using 3 Fake Friends Method :- Hack Facebook Account" is most popular term is the in Web, Previously I posted many articles on "Hack Facebook Accounts" with Keyloggers, phishing, etc but that Hacking Of Facebook Account methods are not working fine now a days. So Hackers have to go smarter and we have found a new security hole (its just...
    Click Here To Get In Detail With Using 3 Fake Friends Method :- Click Me
Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get up to 40 years of imprisonment, if got caught in doing so.  

Hacking Facebook Account Using Phising Attack




Phishing - is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.


1. First a fall you need a fake login page for facebook (fake.html),and a Php script to redirect and capture the victims passwords (login.php)
2. Download Here - Click Me

Password - @hackaholic
After you download the files, Open login.php,with a note pad and search for the term www.enteryoursite.com and replace it with the site address where you want the victim to be redirected ,finally save it.

Note : This a very important step redirect the victim to a proper site other wise the victim will get suspicious .In our case we are making fake face book login page so its better to redirect the victim to www.facebook.com/careers

4. Now create an account at Free web hosting site like 110mb.com , T35.com or ripway.com


5. Now upload both the files (fake.html , login.php ) to your hosting account and send the fake.html(fake facbook login page) link to your victim


            Example:- www.yoursite.110 mb.com/fake.html

6. Now when the victim enters all his credentials, like login name and password in our fake login page and when he clicks login He will be redirected to site which we did in step 3


7. Now to see the victims id ,password, login to your hosting account "110mb.com " where you will see a new file "log.txt" .Open it to see the victims user id and the password

Note:- If your still confused, you can watch my video on Hack a Facebook Account Using a Fake login Page

This is a simple but a very effective method to Hack face book accounts .If you have any doubts please feel free to comment !!


Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.


Search This Blog