Since now a days my inbox is full of msg from people asking how can i hack fb account and all stuff...
So here in this post im writting all the method available which help you guys in hacking fb or gmail etc a/c
Note : In this thread i will only give a intro about all the method available. And in coming days i will surely write tut . on each method im writing about. Well since now all the sites is improving their security so might be possible that some of the method might not work...
1 - Android Remort Adminstrator Tool - A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling Android Phones, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.
2- Remort Administrator Tool - A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet. RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss.
3- Keylogger - Keyloggers are programs which record each keystroke on the computer they are installed on. This provides a complete log of text entered such as passwords, emails sent and websites visited. This log can then be automatically sent over a remote connection without the person using the computer necessarily knowing about it. Because of this, keyloggers are typically associated with malicious software and they will usually be picked up and removed by virus scanners. However, there are also keyloggers which are commercially available for home or office use. In this way, keyloggers have a distinct set of purposes which make them very useful in certain situations.
4- Phishing - In computing, phishing is a form of criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
5- Click-Jacking - Clickjacking, also known as a UI redress attack, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is hijacking clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.
6- Tabnabbing - Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser.
7- Session Hijacking - The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
8- Side Jacking Using Fire Sheep - HTTP session hijacking, better known as “sidejacking”, poses a major threat to all internet users. This is due to the common use of Wi-Fi networks, which are inherently unsecure, but also because of the wide-spread misplaced trust in the safety of internet use on phones and perceived secure connections. It has been demonstrated that wired networks are also not necessarily safe from sidejacking attempts and even your interactions in an App store can be at risk as well.
If you are logging into Facebook using the open Wi-Fi network at your local watering hole, an individual with a simple tool such as Firesheep can gain access to your account, change your password, and then potentially take advantage of other programs linked to that account. These sidejacking attacks can be done without any programming knowledge and the problem isn’t simply limited to the unencrypted Wi-Fi networks we are familiar with. Firesheep can be used to intercept information sent over any unencrypted HTTP session, whether it is wired or wireless. And what can a Sidejacker do with my connection to an App store, you may wonder? Great question! Elie Bursztein at Google cites the various ways your App browsing and buying can be compromised. It can be everything from password stealing to App swapping, when an attacker’s malware App is downloaded instead of the actual App that was paid for.The industry is slowly starting to adapt the practice of always on SSL to protect users, including in App stores. The implementation of always on SSL, or end-to-end encryption using HTTPS, is a great place to start. It is natural to visit a website and feel secure because you have logged in to your account with a unique username and password, but the problem is that if the rest of the traffic is not encrypted, a Sidejacker can gain access to the vulnerable cookie and then manipulate any personal information within the account. However, when a website is secured with HTTPS from the time of first access to the time you leave, the entire session is encrypted in a way that prevents your information from being compromised.
9 - ARP Poisoning - Address Resolution Protocol (ARP) poisoning is a type of attack where the Media Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it is effective against both wired and wireless local networks. Some of the things an attacker could perform from ARP poisoning attacks include stealing data from the compromised computers, eavesdrop using man-in-the middle methods, and prevent legitimate access to services, such as Internet service.
A MAC address is a unique identifier for network nodes, such as computers, printers, and other devices on a LAN. MAC addresses are associated to network adapter that connects devices to networks. The MAC address is critical to locating networked hardware devices because it ensures that data packets go to the correct place. ARP tables, or cache, are used to correlate network devices’ IP addresses to their MAC addresses.In for a device to be able to communicate with another device with a known IP Address but an unknown MAC address the sender sends out an ARP packet to all computers on the network. The ARP packet requests the MAC address from the intended recipient with the known IP address. When the sender receives the correct MAC address then is able to send data to the correct location and the IP address and corresponding MAC address are store in the ARP table for later use.
ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC address so that the IP address points to another machine. If the attacker makes the compromised device’s IP address point to his own MAC address then he would be able to steal the information, or simply eavesdrop and forward on communications meant for the victim. Additionally, if the attacker changed the MAC address of the device that is used to connect the network to Internet then he could effectively disable access to the web and other external networks.
10- Stealers - It is a small software which steals passwords that are stored in our web browsers, chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers FTP server, Usually Stealer's look like keyloggers but there are many differences, Stealer's steal only passwords that stored in the web browsers they wont capture keystrokes typed by the user
11 - Java Drive By - A Java Drive-By is a Java Applet that is coded in Java and is put on a website. Once you click Run on the pop-up, it will download a program off the internet. This program can be a virus or even a simple downloader. If you'd like to get the source code or wanna know more information about a Java Drive-By, use Google.
12 - Cookie Stealing Attack - Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user .For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account. So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that we need not no the victims id or password all we need is the victims cookie.
13 - Social Engineering - Social engineering is the use of deception and manipulation to obtain confidential information. It is a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. In anti virus computer security software, social engineering is generally a hacker's clever manipulation of the natural human tendency to trust. The hacker's goal is to obtain information that will gain him/her unauthorized access to a system and the information that resides on that system. Typical examples of social engineering are phishing e-mails or pharming sites.
14 - Botnets - Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.
15 - Man In the Middle Attacks - A Man-in-the-Middle attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-Middle attacks can be abbreviated in many ways including, MITM, MitM, MiM, or MIM.
Note : Hacking can't be learned all you can gain is knowldge and its depend on you/your brain how you use that knowldge. If with that knowldge you can access other account/server/sites and all other stuff including computer system etc that people call is hacking. So hacking cant be learned exactly.
Knowldge is everything in each and every field which can be gain from books as well as from google.
And i would like repeat it this thread is meant for intro purpose and in coming days i will surely write tutorial on each of the method i wrote above.
0 comments:
Post a Comment