Sunday 23 December 2012

Hack E-Mail,Facebook,twitter etc Passwords Using RATs

How to Hack Email Account Passwords Using ProRat?


1. First of all Download ProRat. Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. The password will be "pro".


2. Open up the program. You should see the following:



3. Next we will create the ProRat Trojan server. Click on the "Create" button in the bottom. Choose "Create ProRat Server".



4. Next put in your IP address so the server could connect to you. If you don’t know your IP address click on the little arrow to have it filled in for you automatically. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.



5. Now Open General settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager.


Here is a quick overview of what they mean and which should be checked:



6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. A good suggestion is a picture or an ordinary text document because that is a small file and its easier to send to the people you need.



7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. I prefer using .exe files, because it is cryptable and has icon support, but exe’s looks suspicious so it would be smart to change it.



8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document.


9. After this, press Create server, your server will be in the same folder as ProRat. A new file with name "binded_server" will be created. Rename this file to something describing the picture. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it.


Very important: Do not open the "binded_server" file on your system.


10. You can send this trojan server via email, pendrive or if you have physical access to the system, go and run the file. You can not send this file via email as "server.exe", because it will be detected as trojan or virus. Password protect this file with ZIP and then email it. Once your victim download this ZIP file, ask him to unlock it using ZIP password. When the victim will double click on the file, he will be in your control.


11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.


Once the victim runs the server on his computer, the trojan will be installed onto his computer in the background. The hacker would then get a message telling him that the victim was infected. He would then connect to his computer by typing in his IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to the victims computer and have full control over it.



12. Now the hacker has a lot of options to choose from as you can see on the right. He has access to all victim's computer files, he can shut down his pc, get all the saved passwords off his computer, send a message to his computer, format his whole hard drive, take a screen shot of his computer, and so much more. Below I’ll show you a few examples.



13. The image below shows the message that the victim would get on his screen if the hacker chose to message him.



14. Below is an image of the victims task bar after the hacker clicks on Hide Start Button.



15. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen.



As you saw in the above example, a hacker can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won’t get infected. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti-virus programs.


Hacking Facebook Account Password using Free Emissary Keylogger


Everyday I get emails wherein my readers ask me How to Hack a Facebook Account? You as the reader are most likely reading this because you want to hack into someone’s facebook account. So in this post I have decided to uncover the real and working way to hack any facebook account. Actually there are many ways to hack someones facebook password like PhishingKeylogging or using Hacking softwares used to hack facebook password. In this post i'm going to show you how to hack someones facebook account password using a keylogger - Emissary Keylogger.


How to Hack Facebook Password using Keylogger?


1. First of all Download Emissary Keylogger. It takes screenshots of the victim's computer and sends it to your gmail along with the logs.

2. Make sure that you have Microsoft .Net Framework installed in your Windows. You can download it fromwww.microsoft.com/net/. Else it won't work.

3. Extract the files using WinRar or any other zip/unzip program.

4. Open "Emissary.exe" to see something like this:



5. Now, fill in your Gmail username and password in respective fields (You can create a gmail account that you're going to use only for keylogging). Enter the email adress where you wanna receive facebook passwords. Choose a name for the server.exe file. You can set timer as you wish. This timer controls the time interval between two logs emails.

6. In the "Options" section you can see what this evil little buddy can do ;)

  • Block AV Sites: Blocks VirusScanning Websites on victim's computer
  • Add to Startup: Adds to Startup via Registry
  • Antis: Anubis, BitDefender, Kaspersky, Keyscrambler, Malwarebytes, NOD32, Norman, Ollydbg, Outpost, Wireshark
  • Disable TaskManager: Disable TaskManager on victim's PC
  • Disable Regedit: Disable's Regedit on victim's PC

7. Check "Trojan Downloader" to Downloade and Execute a trojan on victim's PC. You can also create a fake error message and scare your victim, like:


8. After you're done, hit on "Build" and you will get server keylogger file created in current directory.

9. Now, to hack facebook password, you have to send this server file to victim and make him install it on his computer. You can use BinderCrypter or Fake Hacking Software to bind this server file with say any .mp3 file so that whenever victim runs mp3 file, server is automatically installed on his computer without his knowledge.

10. Now because this is a server.exe file you can't send it via email. Almost all email domains have security policy which does not allow sending .exe files. So to do this you need to compress the file with WinRar or upload it to Free File Storage Domains, like Mediafire, Speedyshare, Ziddu.com, etc.

11. Once the victim runs our sent keylogger file on his computer, it searches for all stored passwords and send you email containing all user-ids and passwords, like:


Now you have all victim email passwords in your inbox and you can now hack victim facebook accounts easily. I have personally tested this free keylogger and found it working 100%. Enjoy Hacking.
 
HOW TO HACK FACEBOOK, MYSPACE, TAGGED, ORKUT, HOTMAIL, GMAIL.

HOW TO HACK FACEBOOK, MYSPACE, TAGGED, ORKUT, HOTMAIL, GMAIL.



Well this is the question in every bodies mind that how can we hack a email account or How do others do it. When I started reading about Hacking I also search about this question and search for the Soft wares that can do it for me but there was nothing that work. Then comes the websites like hackfacebook.net that claim to hack 98% of facebook accounts for only 140 euros. But that is a BIG FRAUD. So question comes to mind How do we Hack the Accounts.

In real there are 5 ways to hack any account and they all work but there are not easy and not 100% efficient but with time you can master them all. The ways Are

1): Key logging
2): Phising
3): Brute force
4): Social Engineering (I call it Hacking the human ;) )
5): Guessing the Security Password.

I will Post a detailed Articles about all these ways soon but summaries are as following.

KEYLOGGING: Keylogging is the way in which you sent a Keylogger remotely or install it on a computer to which you have Physical access. Keylogger is a Program that note down every thing a user write on a computer and some Keyloggers also capture the Pictures of the screen. SO with this way you can Know the Password that the user write.

Phising: Phising is the way in which a person is tricked to go to a Fake website exactly like the real one (e.g. Facebook). And if that person enter the password then the password is stored in the website that the Hackers can get. This way works very well with Stupids ;)

Brute Force: Brute force is the way of hacking in which software try every possible password. This way is 100% accurate but it can take millions of years to complete. So it is complete failure most of times.

Social Engineering: This way is really efficient with your friend whome you can trick to tell you the sensitive information like asking them to accept a keylogger an trick the to tell you their security Question’s answer.

Guessing the Security Password: This way can be the easiest or most difficult. But if you know the person then you can easily answer the question
HOW TO BECOME ADMIN ON YOUR SCHOOL NETWORK

HOW TO BECOME ADMIN ON YOUR SCHOOL NETWORK


This way works for most schools.


This tutorial is for those newbies out there, wanting to “hack” their school.

Im gonna start by saying, if your going to hack the school, theres a high probability your get caught, and dont do anything dumb like deleting the network. Its lame, and you will get flamed for doing it. This hack will only allow you to hack the computer at a terminal connected to the network. If you want to remote hack your school, ask google.

Firstly get a feel for the layout of the network.. you can do this quickly by:

Start > Programs(Right Click) > Explore

this will give you a map of the network, and you’ll probably be able to edit and run files this way, but with DOS there’s more options…

The basics for school hacking is accessing the command prompt, and 90% of school will have blocked this.

So to get around this you can do two things:

1) input this into the IE address “C:windows\system32\cmd.exe”

however this is very likely to be disabled.

2) Creating a Bat file to open Command Prompt.

You can do this by, opening IE > view > source.

once you have notepad open, where gonna make a .BAT file.

we want the BAT file to open up command prompt, so we type:

“CMD” without the “” press ENTER then save it as file.BAT.

Now you should be able to open Command Prompt by clicking on the file. If it fails to open, it is most likely that the CMD.exe is disabled and you dont have the privilages to run it.

So try using the file COMMAND instead. This does not have the same power as CMD, but is better than nothing.

Once we have it open now comes the good bit….

Before doing this, make sure you know a good lot of DOS commands.

Heres a great list www.computerhope.com/msdos

These are a few that you might like to try:

Net send * “Haseeb’s articles are cool”

Shutdown -s -f –m\\ip-of-computer– rarely works (you can find Ip with Ip scanner)

These will only work if you have the privilages to use them.

After you have access into Command Prompt, to get access to some programs that you are not allowed to use, DIR for Shortcuts (lnk). Then save them onto floppy disk. A shortcut is good, because it is smaller and quicker to save than a whole exe file.

There is also a good chance that the network will have RAT’s installed. A RAT is a (Remote Administration Tool). Used by Admins to manage networks… a bit like a friendly trojan.

This shouldnt be hard to find, and once you have found the EXE or LNK save it to a floppy, – Now you have control over every computer!!

You could use the RAT to use the admins machine, here possibilites are endless!

FACEBOOK COOKIE STEALING AND SESSION HIJACKING


THIS ARTICLE IS ORIGINALLY WRITTEN BY RAFAY BALOCH. HE BLOGS ATwww.rafayhackingarticles.net
Three days ago I finished the series on Gmail Session Hijacking and Cookie Stealing , due to a tremendous response of readers I planned to write a post on Facebook cookie stealing and Session hijacking. Facebook session hijacking can also be accomplished via a very popular tool called Firesheep(On a Wifi Network Only), which I won't be explaining here because I have already written it before in my post Facebook Hacking Made Easy With Firesheep
In this tutorial I will explain you how an attacker can capture your authentication cookies on a local area network and use them to hack your facebook account,  Before reading this tutorial I would recommend you to  part1, part2 and part 3 of my Gmail Session Hijacking and Cookie stealing series, So you could have better understanding of what I am doing here.

Facebook Authentication Cookies

The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:
Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

How To Steal Facebook Session Cookies And Hijack An Account? 

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.




Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.


Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.



Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.


Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.


Step 10 - Now refresh your page and viola you are logged in to the victims facebook account.



Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.


Countermeasures

The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.