Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Password hacking


Published on

Published in: Education
    Are you sure you want to  Yes  No
    Your message goes here
  • WE PROVIDE PROOF BEFORE PAYMENT Hack with comfort and get your job done systematically without a bridge  of security alert. It's frustrating not getting the value of your money  on services paid for. If you are in need of safe exploit in hacking,  make the right decision of using, and keep  tab on any subjects be it spouse, employees and friends information from social media, Phones, websites and erasing of certain confidential  records you don't want to be at public domain, hack formula don't brag  about hack exploit it is what we do best.
    Are you sure you want to  Yes  No
    Your message goes here
  • WORLDWIDEWEBHACK11@GMAIL.COM is real and authentic and they are global all over the world with professional hackers,with authentic tools they hack anything and everything ranging from University Grades change, Emailand phone hack for text, whatsapp messages, call logs,Gps tracking and lots more. He provides proof andhe's affordable trust me i assure you he's real tell him you were referred by Becca. Engineers and a geniuses for a fact you can also reach them through their email: WORLDWIDEWEBHACK11@GMAIL.COM
    Are you sure you want to  Yes  No
    Your message goes here
  • Chaos Computer Club is one of the largest hacking groups founded since 1981 in Berlin and we currently have branches in America, China and England. we perform a large range of services, This are some of the services we perform; *Institutional server­s-keylogging -University grades changing *Account hack -Access/Password *Credit score increase *Facebook, instagram,­ bbm, Skype, snapchat, zoosk, Various blogs, icloud, apple accounts etc *Email accounts hack ­( gmail, yahoo mail, Hotmail ) *Databases hack­- Untraceable IP *Change your school grades, *Gain access to bank ­accounts. we are also currently hiring skilled hackers, contact us for inquiries Contact us at
    Are you sure you want to  Yes  No
    Your message goes here
  • Are you suspecting your partner of cheating or having an extramarital affair? I'll advice you to get proof first before confronting him/her. As that could result in unnecessary confusion in your relationship or marriage. it's always advisable to consult a professional hacker to help you get concrete evidence by discreetly getting access to their phone or computer. WORLDWIDEWEBHACK11@GMAIL.COM he has worked for me a couple of times and he never disappoints. he provides Accurate results and can be trusted for 100% privacy and really affordable fees.
    Are you sure you want to  Yes  No
    Your message goes here

Password hacking

  1. 1. -: Password Hacking :-Password cracking is the process of recovering secret passwords from data that has been storedin or transmitted by a computer system. A common approach is to repeatedly try guesses for thepassword.Most passwords can be cracked by using following techniques :1) Hashing :- Here we will refer to the one way function (which may be either an encryptionfunction or cryptographic hash) employed as a hash and its output as a hashed password.If a system uses a reversible function to obscure stored passwords, exploiting that weakness canrecover even well-chosen passwords.One example is the LM hash that Microsoft Windows uses by default to store user passwordsthat are less than 15 characters in length.LM hash breaks the password into two 7-character fields which are then hashed separately,allowing each half to be attacked separately. Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.2) Guessing :- Many passwords can be guessed either by humans or by sophisticated crackingprograms armed with dictionaries (dictionary based) and the users personal information.Not surprisingly, many users choose weak passwords, usually one related to themselves in someway. Repeated research over some 40 years has demonstrated that around 40% of user-chosenpasswords are readily guessable by programs. Examples of insecure choices include:* blank (none)* the word "password", "passcode", "admin" and their derivatives* the users name or login name* the name of their significant other or another person (loved one)* their birthplace or date of birth* a pets name* a dictionary word in any language* automobile licence plate number* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf,or qwertyuiop)* a simple modification of one of the preceding, such as suffixing a digit or reversing the orderof the letters.and so on....In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were asingle word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
  2. 2. A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed. Check Your Password Strength3) Default Passwords :- A moderately high number of local and online applications have inbuiltdefault passwords that have been configured by programmers during development stages ofsoftware. There are lots of applications running on the internet on which default passwords areenabled. So, it is quite easy for an attacker to enter default password and gain access to sensitiveinformation. A list containing default passwords of some of the most popular applications isavailable on the internet. Always disable or change the applications (both online and offline) default username- password pairs.4) Brute Force :- If all other techniques failed, then attackers uses brute force password crackingtechnique. Here an automatic tool is used which tries all possible combinations of available keyson the keyboard. As soon as correct password is reached it displays on the screen.Thistechniques takes extremely long time to complete, but password will surely cracked. Long is the password, large is the time taken to brute force it.5) Phishing :- This is the most effective and easily executable password cracking techniquewhich is generally used to crack the passwords of e-mail accounts, and all those accounts wheresecret information or sensitive personal information is stored by user such as social networkingwebsites, matrimonial websites, etc.Phishing is a technique in which the attacker creates the fake login screen and send it to thevictim, hoping that the victim gets fooled into entering the account username and password. Assoon as victim click on "enter" or "login" login button this information reaches to the attackerusing scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider. Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.It is possible to try to obtain the passwords through other different methods, such as socialengineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shouldersurfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity
  3. 3. management system attacks (such as abuse of Self-service password reset) and compromisinghost security.However, cracking usually designates a guessing attack. -: Windows-XP Password Cracking :-Here we use the tool "Cain and Abel" for cracking passwords of any local user/administrator.First download cain and abel from "" and install it on your system.Make sure that you have disabled the antivirus/firewall running on your system before installingand throughout this process.Two most effective techniques used here are "Brute-Force" and "Cryptanalysis".Brute-Force:- As this techniques takes more time to complete, the attacker prefer thistechnique only when there is a hope that the password contain same type of characters or may betwo. i.e only loweralpha, only alpha, only numeric or may be loweralpha-numeric, also it shouldcontain less than 7 characters. Otherwise it takes more time to crack password, which may be themixture of all types of characters along with special symbols.The step-by-step explaination for this technique is given below-1) Open the tool "Cain and Abel"
  4. 4. 2) Go into the category "Cracker" it displays all sub-categories under "Cracker"in left panel.
  5. 5. 3) Select "LM & NTLM Hashes" from left panel and then click on symbol, you will begreeted by a window as shown.
  6. 6. 4) Check "import hashes from local system" and then click "Next". This shows all the activeaccounts on local system like administrator, guest, etc. along with LM and NT hashed values oftheir respective passwords, as shown below.
  7. 7. 5) Right clicking on any username shows all available options using which we can crack itspassword.
  8. 8. 6) Here we select "Brute-Force Attack" and then "NTLM Hashes", since windows uses NTLMhashes to store local users passwords.7) You will be greeted by a window where you can modify properties for brute-force attack suchas password length, character set, etc.
  9. 9. 8) Click on "Start" button.9) On completion it will reveal the exact password.
  10. 10. ShareThis NEXT -: Windows-XP Password Cracking :-Cryptanalisys :- Basically, Cryptanalisys means Operations performed in convertingencrypted messages to plain text without initial knowledge of the crypto-algorithm and/or keyemployed in the encryption.This is the fastest technique of password cracking possible due to "Rainbow Tables".A rainbow table is a file that is used to lookup an unknown plaintext from a known hash for analgorithm that does not usually permit this operation.Steps 1 to 4 i.e upto importing hashes from local system, are similar to previous technique (i.ebrute-force). The steps coming after that are as follows-5) Here, select "cryptanalisys attack" then "NTLM hashes" and then select "via rainbow tables".Here we can choose either OphCrack or RainbowCrack formats of tables. The rainbow tables are
  11. 11. available free to download on internet.Due to large file size of rainbow tables (350MB - 3GB); instead of downloading we can alsocreate at own just by downloading rainbow table generator ( of 181KB) freedownload at ""6) Click on "Add Table"
  12. 12. 7) Browse for the location of rainbow table on your system, select proper table and click "open".
  13. 13. 8) Select the loaded table and then click on "Start" button.9) On completetion it will show the exact password.
  14. 14. To learn windows password cracking techniques properly, one must understand "LM" & "NTLM" algorithms, SAM File, Dumping NTLM hashes from local SAM, Rainbow Tables, etc.......!ShareThis -: IP Spoofing :-The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged(spoofed) source IP address with the purpose of concealing the identity of the sender orimpersonating another computing system.Why it works ?IP-Spoofing works because trusted services only rely on network address based authentication.Since IP is easily duped, address forgery is not difficult.The main reason is security weakness in the TCP protocol known as sequence numberprediction.How it works ?To completely understand how ip spoofing can take place, one must examine the structure of theTCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial
  15. 15. to the process.Internet Protocol (IP) :It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionlessmodel, meaning there is no information regarding transaction state, which is used to routepackets on a network. Additionally, there is no method in place to ensure that a packet isproperly delivered to the destination.Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header)contain various information about the packet. The next 8 bytes (the next 2 rows), however,contains the source and destination IP addresses. Using one of several tools, an attacker caneasily modify these addresses – specifically the “source address” field.Transmission Control Protocol (TCP) :It is the connection-oriented, reliable transport protocol in the TCP/IP suite. Connection-orientedsimply means that the two hosts participating in a discussion must first establish a connection viathe 3-way handshake (SYN-SYN/ACK-ACK). Reliability is provided by data sequencing andacknowledgement. TCP assigns sequence numbers to every segment and acknowledges any andall data segments recieved from the other end.
  16. 16. As you can see above, the first 12 bytes of the TCP packet, which contain port and sequencinginformation.TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0 to4,294,967,295. Every byte of data exchanged across a TCP connection (along with certain flags)is sequenced. The sequence number field in the TCP header will contain the sequence number ofthe *first* byte of data in the TCP segment. The acknowledgement number field in the TCPheader holds the value of next *expected* sequence number, and also acknowledges *all* dataup through this ACK number minus one.TCP packets can be manipulated using several packet crafting softwares available on theinternet.The AttackIP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of trust isdiscovered, along with a trusted host. The trusted host is then disabled, and the targets TCPsequence numbers are sampled. The trusted host is impersonated, the sequence numbers guessed,and a connection attempt is made to a service that only requires address-based authentication. Ifsuccessful, the attacker executes a simple command to leave a backdoor.Spoofing can be implemented by different ways as given below -Non-Blind Spoofing :- This type of attack takes place when the attacker is on the same subnet asthe victim. The sequence and acknowledgement numbers can be sniffed, eliminating thepotential difficulty of calculating them accurately.Blind Spoofing :- Here the sequence and acknowledgement numbers are unreachable. In orderto circumvent this, several packets are sent to the target machine in order to sample sequencenumbers.
  17. 17. Both types of spoofing are forms of a common security violation known as a Man In The MiddleAttack. In these attacks, a malicious party intercepts a legitimate communication between twofriendly parties. The malicious host then controls the flow of communication and can eliminateor alter the information sent by one of the original participants without the knowledge of eitherthe original sender or the recipient. In this way, an attacker can fool a victim into disclosingconfidential information by “spoofing” the identity of the original sender, who is presumablytrusted by the recipient.IP spoofing is almost always used in what is currently one of the most difficult attacks to defendagainst – Denial of Service attacks, or DoS. CounterMeasures 1) Filtering at the Router :- Implementing ingress and egress filtering on your border routers is a great place to start your spoofing defense. You will need to implement an ACL (access control list) 2) Encryption and Authentication :- Implementing encryption and authentication will also reduce spoofing threats. Both of these features are included in Ipv6, which will eliminate current spoofing threats. 3) Initial Sequence Number Randomizing. ShareThis -: The ZIP of Death :- 1) This is a exploit of the compression algorithms to make a small zip that will extract into extream amounts their are more ways and better ones than this one but i will only show how to make a simple 1k = 1m ratio. 1) Make a.txt file 2) Open and type the null character (alt + 255) 3) Press ctrl + a then ctrl + v a couple times to make some null bytes 4) If u have a hexeditor make the hex 00 for about 50 kilobytes. 5) Now make several copies of a.txt and name accordinly
  18. 18. 6) Open cmd.exe 7) Type copy /b *.txt b.txt 8) Now every copy is made into a super copy and repeat 9) Once you have a nice empty big text file like 1gb. Put it in a zip archive. Because of the simple construction of the file, 1gb of null bytes.....! The zip is only 1 mb in size and can really annoy freinds. For added fun hex edit the zip and you will see a bunch of hex 5555 Just add some more and the file will expand amazingly Make sure to not open this after You can always create your zip of death from the command line in linux dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz ShareThis -: Create An Ftp Server On Your PC :-Process-1:First of all u have to get an static IP-Address.Need a a static ip-address for ur FTP Server.Necessity for getting this static ip-address is ur notsuppose to use ur own IP-Address.The main reason is u dont want to show ur IP-Address toeveryone , there are many other reasons too but leave them aside..1) Goto no-ip & create urself a free account.2) Now ur account been created & ll receive ur account password via mail to ur email address.3) After getting ur password login to ur account of no-ip.com4.After getting logged in, click upon add a HOST its on the left menu.5) Type any hostname u want (eg:-abc) & select any domain from da given list ( Click on Submit.6) Now u have owned ur own static address (example:
  19. 19. 7) Now click downloads button which is present above on the page & click on which operatingsystem ur using & den download DNS update client or u can download it from here directly, thisis for microsoft window users..8) After getting downloaded, u have to install this software & login here with ur email addresss& p/w wen asked for it.9) At last tick on da check box present at the static address.10) U have ur own static web address.Process-2:Installation & setting of the FTP-Server1) You have to install Serv-U 4.1.03 , download this software from here2) Run Serv-U & use da wizard to setup ur FTP.3) Click on next until u have been asked for IP-Address, leave it as it is & click upon next.4) Enter ur domain name u have registered (example: it above in da domainfield & click upon next.5) U ll be asked for anonymous access, select No & click upon next.6) Next u ll be asked for creating a named account, select yes & click upon next.7) Choose any user name u wish (eg:-xyz) & clcik upon next.8) Enter password for dis account (eg:-adc341) for security purpose choose difficult password.9) U ll be asked for da home directory for the account which u have created above.Selectdirectory & click upon next.10) Click on yes for locking dis account to da home directory, doing dis da user cannot furthermove up into home directory, click upon next.11) At last ur account has been created click finish.Process-3:Configuring the user accounts which u have been created.1) On the left tree-menu, select da account which u have been created above & den click uponGeneral Tab.
  20. 20. 2) Goto Hide Hidden Files.3) Check Allow only and enter the number one in the box.4) Set da maximum downloading speed upto wat extent u want.As this is an account so many llbe using so set it low(eg:-10-20) to save ur bandwidth.Dont leave it blank as uers can downloadwith full bandwidth.5) choose how many users u want to login at on time.It depends on ur connection speed try these(56 - 1, ISDN - 3, ADSL or cable - 5-6 users.)6) Click upon Dir Access Tab.7) Now u can c home folder here.Highlight it & make ur permission.8) If u want only users to download check only these Read,List & Inherit.9) If u want ur users to upload into ur server & bu tto only 1 particular folder but not todownlaod, click upon dat add button & then select dat folder, Now u have to highlight dat folder& set these permissions on dat folder.Check,Write,Appened,List,Create & Inherit after settingthese permissions click on the arrow which is present at the bottom right-hand corner.U want disupload folder 2 be list first, before da home folder.10) If der is any folder which u dont want anyone to access it, & it is present in the home folder,den click da add button & den select da folder.Now u have to highlight dat folder & see dat noall da checkboxes are left.After doing this click upon upper arrow which is present at bottomright hand corner.11) There are many things u can do, These are only the basics....12) Your server is now ready to be connected..13) Login with your username & password... 1) ShareThis 2) -: Reveal *****(Asterisk) Passwords Using Javascript :- 3) Want to Reveal the Passwords Hidden Behind Asterisk (****) ? Follow the steps given below- 1) Open the Login Page of any website. (eg. 2) Type your Username and Password.
  21. 21. 3) Copy and paste the JavaScript code given below into your browsers address bar and press Enter. 4) javascript: alert(document.getElementById(Passwd).value); 5) 4) As soon as you press Enter, A window pops up showing Password typed by you..! Note :- This trick may not be working with firefox. -: Increase Broadband Speed Using Simple Tweak :- A Simple Tweak (XP Pro only) which will increase your Broadband Speed. Make sure you Log on as Administrator, not as a user with Administrator privileges. Follow the steps as given below- 1) Click on Start Button. 2) Select Run From Start Menu. 3) Type gpedit.msc 4) Expand the [Administrative Templates] branch. 5) Then Expand the [Network] branch. 6) Highlight(Select by Single Click) [QoS Packet Scheduler]7) Double-click [Limit Reservable Bandwidth] (Available in Right Side Panel) 8) Check(Select By Single Click on it) [Enabled] 9) Change [Bandwidth limit %] to 0 % 10) Click [OK] Button. 11) Restart Your PC.
  22. 22. 12) Now Check Your Broadband Speed. -: Wireless Hacking :-Wireless networks broadcast their packets using radio frequency or optical wavelengths. Amodern laptop computer can listen in. Worse, an attacker can manufacture new packets on thefly and persuade wireless stations to accept his packets as legitimate.The step by step procerdure in wireless hacking can be explained with help of different topics asfollows:-1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called astation, providing the network physical layer over a radio link to another station.An access point (AP) is a station that provides frame distribution service to stations associatedwith it.The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long ServiceSet Identifier (SSID) that is also commonly called a network name. The SSID is used to segmentthe airwaves for usage.2) Channels :- The stations communicate with each other using radio frequencies between 2.4GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks usingneighboring channels may interfere with each other.3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used toencrypt packets transmitted between a station and an AP. The WEP algorithm is intended toprotect wireless communication from eavesdropping. A secondary function of WEP is to preventunauthorized access to a wireless network. WEP encrypts the payload of data packets.Management and control frames are always transmitted in the clear. WEP uses the RC4encryption algorithm.4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer isa program that intercepts and decodes network traffic broadcast through a medium. It is easier tosniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanningfor open access points that allow anyone to connect, or capturing the passwords used in aconnection session that does not even use WEP, or in telnet, rlogin and ftp connections.5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of thedevices. A passive network scanner instructs the wireless card to listen to each channel for a fewmessages. This does not reveal the presence of the scanner. An attacker can passively scanwithout transmitting at all.6) Detection of SSID :- The attacker can discover the SSID of a network usually by passivescanning because the SSID occurs in the following frame types: Beacon, Probe Requests, ProbeResponses, Association Requests, and Reassociation Requests. Recall that management framesare always in the clear, even when WEP is enabled.When the above methods fail, SSID discovery is done by active scanning
  23. 23. 7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for uselater in constructing spoofed frames. The source and destination MAC addresses are always inthe clear in all the frames.8) Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEPshared-secret key. The attacker sniffs a large number of frames An example of a WEP crackingtool is AirSnort ( ).9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker beginsprobing (i.e., by injecting packets), the presence and the coordinates of the wireless device canbe detected.10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in bothwired and wireless networks. The attacker constructs frames by filling selected fields that containaddresses or identifiers with legitimate looking but non-existent values, or with values thatbelong to others. The attacker would have collected these legitimate values through sniffing.11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probingactivity injects frames that are observable by system administrators. The attacker fills the SenderMAC Address field of the injected frames with a spoofed value so that his equipment is notidentified.12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination)with a different address is known as IP spoofing. This is a necessary operation in many attacks.13) Frame Spoofing :- The attacker will inject frames that are valid but whose content iscarefully spoofed.14) Wireless Network Probing :- The attacker then sends artificially constructed packets to atarget that trigger useful responses. This activity is known as probing or active scanning.15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and userinterfaces16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signalfrom it than what it receives from a legitimate AP.17) Denial of Service :- A denial of service (DoS) occurs when a system is not providingservices to authorized clients because of resource exhaustion by unauthorized clients. In wirelessnetworks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and thevictim and its clients may not even detect the attacks. The duration of such DoS may range frommilliseconds to hours. A DoS attack against an individual station enables session hijacking.18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens,
  24. 24. baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. Anattacker can unleash large amounts of noise using these devices and jam the airwaves so that thesignal to noise drops so low, that the wireless LAN ceases to function.19) War Driving :- Equipped with wireless devices and related tools, and driving around in avehicle or parking at interesting places with a goal of discovering easy-to-get-into wirelessnetworks is known as war driving. War-drivers ( define war driving as“The benign act of locating and logging wireless access points while in motion.” This benign actis of course useful to the attackers.Regardless of the protocols, wireless networks will remain potentially insecure because anattacker can listen in without gaining physical access. Tips for Wireless Home Network Security 1) 1) Change Default Administrator Passwords (and Usernames) 2) Turn on (Compatible) WPA / WEP Encryption 3) Change the Default SSID 4) Disable SSID Broadcast 5) Assign Static IP Addresses to Devices 6) Enable MAC Address Filtering 7) Turn Off the Network During Extended Periods of Non-Use 8) Position the Router or Access Point Safely 2) -: BlueTooth Hacking :- 3) Discovering Bluetooth Devices :- Before any two bluetooth enabled devices can start communicating with one another, they must carry out a procedure known as discovery. It can be carried out by scanning for other active devices within the range. Recommended Tools It will try to extract as much information as possible for each BlueScanner newly discovered device Download It is a GUI-based utility for finding discoverable and hidden BlueSniff Bluetooth-enabled devices Download It is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth enabled devices. BTBrowser It works on phones that supports JSR-82 - the Java Bluetooth Download specification It is a scanner for Windows Mobile based devices. It also BTCrawler implements the BlueJacking and BlueSnarfing attacks ----- 4) Hacking Bluetooth Devices :- There are a variety of different types of bluetooth related threats and attacks that can be
  25. 25. executed against unsuspecting mobile phone users. Following are some of the most common types of threats :- 1) BluePrinting Attack :- Information gathering is the first step in the quest to break into target system. Even BlueTooth devices can be fingerprinted or probed for information gathering using the technique known as BluePrinting. Using this one can determine manufacturer, model, version, etc. for target bluetooth enabled device. Recommended Tools BluePrint As the name suggests Download It is an information gathering tool that allows attacker to query BTScanner devices without the need to carry out pairing Download 5) 2) BlueJack Attack :- Bluejacking is the process of sending an anonymous message from a bluetooth enabled phone to another, within a particular range without knowing the exact source of the recieved message to the recepient. Recommended Tools FreeJack Bluejacking tool written in JAVA ----- Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Supports CIHWB BlueSnarf, BlueJack, and some DoS attacks. Should work on any Download PocketPC with the Microsoft Bluetooth stack 6) 3) BlueSnarf Attack :- Bluesnarfing is the process of connecting vulnerable mobile phones through bluetooth, without knowing the victim. It involves OBEX protocol by which an attacker can forcibly push/pull sensitive data in/out of the victims mobile phone, hence also known as OBEX pull attack. This attack requires J2ME enabled mobile phones as the attacker tool. With J2ME enabled phone, just by using bluesnarfing tools like Blooover, Redsnarf, Bluesnarf, etc. an attacker can break into target mobile phone for stealing sensitive data such as address book, photos, mp3, videos, SMS, ......! Recommended Tools It is a J2ME-based auditing tool. It is intended to serve as an Blooover auditing tool to check whether a mobile phone is vulnerable. It Download can also be used to carry out BlueBug attack RedSnarf One of the best bluesnarfing tool ----- It downloads the phone-book of any mobile device vulnerable to BlueSnarfer Bluesnarfing Download -: BlueTooth Hacking :-4) Blue Backdoor Attack :- Here, the bluetooth related vulnerability exploits the pairing
  26. 26. mechanism that is used to establish a connection between two bluetooth enabled devices.Notonly does it gives the attacker complete access and control over the target but also allows theattacker to place strategic backdoors for continued access and entry.5) BlueBug Attack :- It was first discovered by Martin Herfurt and allows attackers to gaincomplete control over the data, voice and messaging channels of vulnerable target mobilephones. Recommended Tools BlueBugger Exploits the BlueBug vulnerability Download It is a Bluetooth penetration testing suite. It implements attacks Bluediving like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, etc. Download6) The bluetooth protocol allows devices to use 16 digit long pairing codes.Unfortunately many applications continue to use only 4 digit pairing codes which can beeasily brute-forced. This is known as short pairing codes.Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111,1234, etc. So, easy to crack and gain access...! Recommended Tools BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack BTCrack aims to reconstruct the Passkey and the Link key from Download captured Pairing exchanges -: Other Powerful BlueTooth Hacking Tools :-Transient Bluetooth Environment Auditor :- T-BEAR is a security-auditing platform forBluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffingtools and various cracking tools. DownloadBlueTest :- BlueTest is a Perl script designed to do data extraction from vulnerableBluetooth-enabled devices. DownloadBTAudit :- BTAudit is a set of programs and scripts for auditing Bluetooth-enableddevices. DownloadRedFang :- It is a brute force tool that finds even non-discoverable device. DownloadBlueAlert :- A windows based tool that runs on bluetooth enabled computer and alertsthe user each time a blurtooth device leaves or enters into its range.
  27. 27. BlueFang :- Similar to BlueAlert.Bluestumbler :- One of the best BluePrinting tool.Super Bluetooth Hack :- With this java software you can connect to another mobileand ….Once connected to a another phone via bluetooth you can-  Read his/her messages  Read his/her contacts  Change profile  Play ringtone even if phone is on silent  Play songs  Restart the phone  Switch off the phone  Restore factory settings  Change ringing volume  Call from his phone it includes all call functions like hold, etc.Notes:-1) When connecting devices use a code 00002) At start of program on smartphones do not forget to turn on bluetooth before start ofthe mobile . Download- (99 KB)What is 94FBR ??goto google type like this–>94fbr kaspersky94fbr nero94fbr winrar94fbr avast94fbr adobe photoshopetc94fbr followed by software name or software name followed by 94fbr,then click search you willget the serial and cracks.94FBR was part of a Microsoft Office 2000 product key that was released on the internet thatbypassed Microsofts activation system.Because it is a relatively uncommon term, when you addit to your search queries, it will generally return results of pages listing illegal serial numbers.
  28. 28. enjoy it….Get free domain namesThere are many website which offer free domain names for some time.You can register and can register 3 domains as a free member and 100 domains if you pay them a fee of about $ is a new domain and you can register 3 domains for free and then you must can register 3 domains for free and pay from your 4th domainThere are many othersDisplay Message at Windows StartupThis is a simple registry trick by which you can display your message at windows startup.Youhave to edit your registry.It will pop message just before a user is going to log on.Check thefollowing steps1.Go to your registry2. Navigate toHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWinLogonNow create a new string Value in the right pane named LegalNoticeCaption and enter the valuethat you want to see in the Menu Bar. Now create another new string value and name it:LegalNoticeText Now insert the message you want to display each time Windows startupChange My documents location in xpI think many of you don‟t know about this fact that the storage location of “My Documents” canbe changed. Its is safe , when crash or need to be formattedNormally windows save the “My Documents” folder on your C-drive. But when you right-clickon it and go to properties, you can change the location where you want windows to save yourDocuments folder.Steps
  29. 29. 1.Right-click on My documents2.Go to properties3.Change your locationThis can be very useful when If windows hangs or become crupt and you have to format your C-drive again,Then you documents will not be lost due to formating.Hack Windows XP Administrator PasswordThis is one of the best method to Hack Windows XP Administrator Password.For hackingadmin you must have log in as guest or limited account.This methodod hacking sdmin is veryeasy.You don‟t need any software or live cd.All hacking is done manual.To hack XP adminpassword follow these steps.Please backup your files which we are going to use here.Method1.Go to C:/windows/system322.Copy cmd.exe and paste it on desktop3.Rename cmd.exe to sethc.exe4.Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then clickyes5.Now press shift key 5 times you will get cmd prompt close that6.Now Log out from your guest account and at the login screen,press shift key 5 times.7.You will get commmand prompt thereNow type “ NET USER ADMINISTRATOR mypassword” where “mypassword” can be anypassword and Administrator is name of admin account ,then press enter.8.You will see “ The Command completed successfully” and then exit the command prompt.Thats done…You have hacked administrator passwordIf you have any problem comment here.Please backup your cmd.exe and sethc.exe if you aretrying this on your own computer.This works because of sethc.exe process Vulnerability inWindows XP.You can search google for more information about it.This method of hacking XP admin password can be used in your college lab where you havelimited or guest access to computers.
  30. 30. How to Send Fake & Anonymous email To FriendThere are many website which allows you to send fake and anonymous email.You can put yourown From address, To address, Subject and message and can play a prank with your friend orwhoever you want.Here is a list of some websites which you can use.You can play prank and funwith your friend by sending fake email with his girlfriend email address.Check it out1. – a site that lets you send free fake emails to anyone you like. Not only is itanonymous, you can make it appear to come from anyone you choose.This is a good site to sendfake emails.This is best site to send fake emails.2. a another site to send fake emails email, often referred to as prank email, allows the user to send an email withoutdisclosing their identity. This site is not fully free you have to paid.You can check this bysending fake emails to yourself.If you have more sited to send fake Email To your Friend share it here.Enjoy fake email prankDon’t send any spam or other illegal things . Email is never really fully anonymousIncoming search terms:How to change START Text in XPIts a very powerful tool & you can do almost anything wid this tool. Now since you just wannaknow how to change the “start” button…follow the steps:1) After downloading the file….open ResHacker.exe2) B4 dat go 2 C:WINDOWS n take d backup of explorer.exe & copy it to a different location.Just 4 safety…there‟s no danger in the method3) Now as you‟ve opened ResHacker.exe…goto File –> OpenNow look for explorer.exe in the path C:WINDOWS… click on it & open it4) Once u open it u‟ll see a list of items on d left side starting form Bitmap to 240
  31. 31. 5) Now double click on “String Table”6) Now if you have a “Classic look/style” for windows….double click on 38 else if you arehaving a “Windows XP style” click on 377) When you double-click on either of these. you will see a no. 1033…click on it Now if you are following a Windows XP style then on d text area u will see “start” written ind manner i‟ve written on line no. 578. Give d name u wnt but within d quotes. And 4 WindowsClassic Style…its written on line no. 5959) After you write the name you want….click on compile script, a tabular button on top of textarea10) Now most important…go 2 File & click on SAVE AS button & not save11) Save it with any name u want…in C:WINDOWS folder. For e.g. explorerrahul.exe.Don‟t 4get 2 end the name u‟ve given with d extention .exe & write the word “explorer” in frontof name u‟ve given. It may work if u don‟t write explorer too. But i haven‟t tried it12) Now exit ResHacker.exe & goto Start –> Run….type regedit & hit enter13) Now goto HKEY_LOCAL_MACHINE –> SOFTWARE –> MICROSOFT –> WINDOWSNT –> Winlogon & single click on it. On d right side look 4 “Shell REG_SZ Explorer.exe”.Double click on Shell & write thename u‟d given along with the extention .exe and remember,the name that u had given for the “start”button and the name with which you saved it need not bethe same.Click on Ok & exit. Log off & Log on, That DONE. Guyz it SAFE, plz don‟t worry. Just doexactly as i‟ve said…and everything will run accordingly. You can try different things too…ifYou dare. I‟ve done it !!! ResHacker is power tool. Play around with it. And u‟ll get to knowmore.Add Photos in My Computer Properties..Add your Photos in My Computer PropertiesTodo this:1. Open Notepad.2. Type the following:[General]Manufacturer=”Your company name”Model=Intel® Core™2 Duo[Support Information]Line1= Your phone number
  32. 32. Line2= addressLine3= Your email or website3. Save as “oeminfo.ini” in the System32 folder.(Without Quote)4. Create a bmp file(Your Photo) and save it the System32 folder as “oemlogo.bmp”(Without Quote).5. Now Check your My Computer Properties.And I just have done it………..!XP game cheats:FreecellSecret – Instant WinInstructions – Hold down Ctrl + Shift + F10 during game play. Then you will be asked if youwant to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.Secret – Hidden Game ModesInstructions – In the “Game” menu choose “Select Game”. Enter -1 or -2 to activate the hiddengame modes.HeartsSecret – Show All CardsInstructions – Go to Start, Run, Type: „Regedit‟, OK. Edit this registry key:HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionAppletsHeartsRight click on the Hearts folder, select New, String Value and name it ZB. Right-click on ZB,select Modify and enter a Value Data of 42, OK and close Regedit. Start Hearts (not InternetHearts). Once in a game Press Ctrl + Alt + Shift + F12 to show all the cards.How to make file undetectableUse binding ,this is simple binding.In this tutorial you will see how to bind two files togetherusing WinRAR.This is useful if you are sending a file and you want it to extract and run straightaway.For this tutorial I will be using a simple .exe file (command[1].exe) and game.exe fileStep 1:Get the files you want to bind.Step 2:Highlight them both and add to archive.Step 3:Change the name and select “Create SFX archive”Step 4:Go to the “Advanced” tab at the top and click on “SFX options”
  33. 33. Step 5:In the “General” tab type in the name of the file you want to run after the extraction.Step 6:Go to the “Modes” tab and select “Hide all”Step 7:Go to the “Text and icon” tab and change the icon to something other than the WinRARiconStep 8:Click “OK” on the advanced window and “OK” in the main window and it will create thefile.Now when the user clicks on it extracts and automatically runs command[1].exeThis can be used in a variety of ways, you can experiment with the options to get differentresults.Incoming search termHow to Protect Your Web Server From Hackers ?Creating your own website is not simply about putting some pages and information online.Ensuring the security of your website is a bigger and highly crucial task. Most websites thesedays have a dedicated web server that gives them the leverage to grow and develop further.Basically the websites with a high volume of web traffic, a heavy database and complexapplication specifications require an exclusive web server. It is extremely important to hackproof your web server in order to protect your website and business.There are a great number of hackers out there in the web world who are looking for opportunitiesto exploit your web server and cause serious damage. These hackers look to deface the websiteswith malicious content, use the scripts on the server to send out spam or phish out the personalsensitive information of the website users. Such attacks also attempt to tamper with parametersand gain access to confidential files or cross-site scripting or cookie poisoning to alter thecustomer data. These kinds of invasions can prove to be fatal for e-commerce and finance basedwebsites. To prevent your web server from falling prey to such web attacks, here are someimportant recommendations and anti hacking tips.You need to follow a two-pronged approachto safeguard your web server from any hackers.The first layer is a firewall that exists to block any unwarranted unused Internet ports. A goodfirewall will use a rule based access system to allow only the legitimate users to enter and filterout as well as obstruct any malicious traffic from accessing the server. Also create strongpasswords that use a combination of characters, numbers and special characters in order to keepthe password hackers at bay.The second element is to put in place an intrusion protection service. This is a more sophisticatedapproach to deal with hackers wherein you stop the illegitimate entry of users at the source itself.If a firewall works on the front line, an intrusion protection system works on the back end to dealwith the enemies. This involves putting all the compromised hosts in the quarantine section and
  34. 34. letting the genuine users move through efficiently. But setting up such an anti-hackingarrangement is only the first step. The hackers are moving fast and ahead with newer techniquesto break into and sabotage the web servers. So, you need to continually update and monitor thefilters, blacklists and all other aspects.Incoming search terms:Command Prompt Tricks Tips & HacksThere are lot of command prompt tricks and tips which many of us don‟t know about.Commandprompt can be very useful if you know how to use.Just go to cmd and check the following coolcommands1. systeminfoWith this command, you can retrieve the following information:Host NameOS NameOS VersionOS ManufacturerOS ConfigurationOS Build TypeRegistered Owner etc2. driverqueryGet Installed Driver Information3. ipconfig /allinformation about your network connection and IP address4. subst W: C:windowsMap A Drive Letter to a Folder5. tasklistList All Tasks Running On The Computer6.taskkill /im programnames.exe /fto Kill A Program
  35. 35. There are many other also will update soonBlocking unblocking websites manuallyDo The Following :For eg you want to block !1. Open the folder C:WINDOWSsystem32driversetc2. There you will find a file named HOSTS3. Click on the file and press SHIFT and now right click on it .4. From the right click menu select Open with .5. Now, select Notepad to open the file from the list !6. Now, in the file under the line localhost add another line as Now, File>>Save !For unblocking just follow the same procedure vice versa.Ntoskrnl.exe Missing or Corrupt XPTry the following method to fix this ntoskrnl.exe problem.Hope this will fix your problem1.Start the computer by using your Windows XP CD-ROM. Press any key to boot from the CD.2.After the setup files are finished loading press R to repair using Recovery Console.3.When you are in the recovery console, select the installation to log on to (usually number 1),and then press ENTER.4.Login to the Administrator account by typing the password for this account, and then pressENTER.5.At the recovery console command prompt, type the following command, and then pressENTER:For Uni-Processor systems:expand :i386ntoskrnl.ex_ :Windowssystem32ntoskrnl.exe For Multi-Processor systems:expand :i386ntkrnlmp.ex_ :Windowssystem32ntoskrnl.exe Note In these two commands, the
  36. 36. placeholder represents the drive letter of your CD drive, and the placeholder represents the driveletter of the hard disk on which windows is installed.6.If you receive a prompt to overwrite the file, press Y.7.Type exit, and press ENTER at the command prompt.This method from microsoft support .If this does not work check the following help link FireFox trickscopy the line written in bold in address bar and hit another Firefox inside a tab in the the existing Firefox Opens the Options dialog box inside the Firefox Opens the “Book Marks Manager” inside a tab in the Firefox Opens the History Panel in the Firefox Opens the Extensions window in the current Opens the “cookies window” inside a tab in the Firefox Opens the “Clear Private Data” window inside the current Opens the “About Firefox” Dialog box inside the A scrolling list of name.