How to Hack Facebook Accounts with Backtrack 5

Step 1 : Open set Tool in Backtrack 5 : To open it follow the step shown above .

Step 2 : Time to set the Website Attack Vectors : Below Menu   enter your choice : 2.Website Attack Vectors and press Enter .

Step 3 : Select your Attacking Method , Here i choose 

3. Credential Harvester Attack Method.

Step 4 : Select Attack Vectors :write  2. Site Cloner and press enter as shown in the image .

Step 5: Enter the Url: To make a clone to facebook login page I entered https://www.facebook.com and press enter . As I press enter it will automatically generate a clone page .

Step 6 : To continue the process you have to put * sign and press enter.

Step 7 : Process will continue as shown in the image above .

Step 8: Open terminal and enter ifconfig command . It will shown your ip address . Now copy the ip address .

Step9 :Open Web Browser and  Paste the system ipaddress into Address bar and it will redirect to the facebook login page .

Now Enter your anything to check it will work or not . 

FOR EXAMPLE: Here I use 

Email : h4x00r

Password:hackingDNA.com

And Press Enter . Let see what happen on the Next step .

Step 10 : In step 7 the process start you remember now when you follow step 8 and step 9  ,then it will come up with  all the details of Username and Password . 

This is how we set a trap and hack victim facebook and password only on Backtrack 5 

Enjoy!

Read More

3 Basic Tips to Prevent A DDoS Attack

3 Basic Tips to Prevent A DDoS Attack

Distributed denial-of-service (DDoS) attacks are always in top headlines worldwide, as they are plaguing websites in banks, and virtually of almost every organization having a prominent online presence. The main cause behind the proliferation of DDoS attacks is that there is a very low-cost that the attacker has to incur to put such attack in motion. Fortunately, today various prevention methods have been developed to tackle such attacks. Before delving further into understanding about the ways to prevent DDoS attack, let’s first understand what exactly a DDoS attack is!

Understanding DDOS Attack

A DDoS (distributed denial-of-service) attack is an attempt made by attackers to make computers’ resources inaccessible to its anticipated user. In order to carry out a DDOS attack the attackers never uses their own system; rather they create a network of zombie computers often called as a “Botnet” – that is a hive of computers, to incapacitate a website or a web server.
Let’s understand the basic idea! Now, the attacker notifies all the computers present on the botnet to keep in touch with a particular site or a web server, time and again. This increases traffic on the network that causes in slowing down the speed of a site for the intended users. Unfortunately, at times the traffic can be really high that could even lead to shutting a site completely.

3 Basic Tips to Prevent a DDoS Attack

There are several ways to prevent the DDOS attack; however, here in this guest post I’ll be covering three basic tips that will help you to protect your website from the DDoS attack.

1. Buy More Bandwidth.

One of the easiest methods is to ensure that you have sufficient bandwidth on your web. You’ll be able to tackle lots of low-scale DDOS attacks simply by buying more bandwidth so as to service the requests. How does it help? Well, distributed denial of service is a nothing more than a game of capacity. Let’s suppose you have 10,000 computer systems each distributing 1 Mbps directed towards your way. This means you’re getting 10 GB of data that is hitting your web server every second. Now, that’s causes a lot of traffic!

So to avoid such issue, you need to apply the same rule intended for normal redundancy. According to this technique, if you wish to have more web servers just multiply around diverse datacenters and next make use of load balancing. By spreading your traffic to various servers will help you balance the load and will most likely create large space adequate to handle the incessant increase in traffic.
However, there’s a problem with this method that is buying more bandwidth can be a costly affair. And as you’ll know that the current DDoS attacks are getting large, and can be a lot bigger exceeding your budget limit.

2. Opt for DDoS Mitigation Services.

A lot of network or Internet-service providers render DDoS mitigation capabilities. Look for an internet service provider having the largest DDoS protection and mitigation network, automated tools, and a pool of talented anti-DDoS technicians with the wherewithal to take action in real-time as per the varying DDoS attack characteristics. A viable alternative is to utilize a DDoS prevention appliance, which is specifically intended to discover and prevent distributed denial-of-service attacks.

3. Restricted Connectivity.

In case you have computer systems that are connected to the web directly, a better idea is to properly install/configure your routers and firewall so as to limit the connectivity. For an instance, while receiving some data from a client machine you can only allow traffic to pass from the machine only on a few chosen ports (like HTTP, POP, SMTP etc.) via the firewall.

Wrapping Up!

Websites are largely getting attacked by hackers every second. Denial-of-service attack is insanely getting huge and is creating a lot of problems for business organizations having strong online vicinity. In this guest post you’ll not only understand what a DDoS attack actually means, but will also come to know about a few type of methods to prevent DDoS attacks. Aforementioned are three tips that I’ll recommend you to run through to at least understand where to get started towards building a resilient web network with chances of surviving a DDoS attack.

Read More

How to Hack Facebook id Using Session hijacking.

How to Hack Facebook Account Using Session Hijacking

This is a tutorial that demonstrates just how simple it is to get access to Facebook accounts without the user’s password or username. This tutorial demonstrates Session Hijacking (discussed here: : Top 10 Ways How Hackers Can Hack Facebook Accounts. This is a simple attack done on an unsecured WiFi network with the permission of all users on the network.

The aims of this tutorial are:

• Educate users on the dangers of using unsecured wireless connections.

• Educate wireless connections managers in the aim that they will protect their wireless network.

• Demonstrate the simplicity of this attack and why there is need to find a solution for this attack.

• Get users to stop using unsecured wireless connections.

Requirements:

• Someone on the network must be on Facebook at the time for you to steal their session information.
• You WiFi adapter must have monitor mode support in order to scan all packets transferred over a network. If it doesn't, you would only be scanning your own packets. To learn more about monitor mode and about enabling monitor mode on your Wireless card, visit http://www.aircrack-ng.org/doku.php?id=airmon-ng

So here is a step by step explanation of how to carry out this attack:

=> First of all, you would need to connect to an unsecured wireless connection that others are using. Then we start capturing packets transferred over this network. Note that your wireless adapter needs to support monitor mode to scan all packets transferred over a network. you can check your wifi card specifications to see if it supports monitor mode.
=>We would then need to use a network sniffing tool so sniff packets transferred over the network. In this case, I am using a tool called Wire shark (http://www.wireshark.org). Within wire shark, there is a menu called “Capture”; Under the capture menu, select interfaces from that menu, and a list of your interfaces will come up:




=> Next you select Start Next to the interface that you have enabled monitor mode on. most times it is the interface that is capturing the most packets. In my case, Microsoft interface is capturing the most packets, so i will select to start capturing with the Microsoft interface. You would leave wire shark to capture packets for a couple of seconds depending on the amount of persons currently using the network. Say 30 seconds if 10 people currently are using the network, or 30 minutes if there is barely network activity going on. While capturing, wire shark will look something like this:



=> After capturing a certain amount of packets, or running the capture for a certain amount of time, stop it by clicking on the stop current capture button.

=> After stopping the capture, you will need to look for the user’s Facebook session cookie which, hopefully was transferred in one of the packets captured. to find this cookie, use the wire shark search which can be found by pressing “Ctrl + f” on your keyboard. In this search interface, select Find: By “String”; Search In: “Packet Details”. and Filter by the string “Cookie”.

=> When you press find, if there is a cookie, this search will find it, if no cookie was captured, you will have to start back at step 2. However, if you're lucky and some cookies we’re captured, when you search for cookie, your interface will come up looking like this in the diagram below. You would notice the cookie next to the arrow contains lots of data, to get the data. the next thing you do is to right click on the cookie and click copy->description.

=> After copying the description, paste it in a text file, and separate each variable to a new line (note the end of every variable is depicted by a semicolon eg – c_user=100002316516702;).

=> After some research and experimenting, i figured out that Facebook authenticated the user session by 2 cookies called c_user and XS. Therefore you will only need the values of these cookies, and then need to inject them into your browser. Before injecting the cookies, here is what my Facebook page looked like:

=> The next thing you would need to do is to inject this information as your own cookie. so firstly you would need to install a cookie manager extension for your browser, I’m using Firefox Cookie Manager. After installing this extension, you will find it under Tools->cookie manager. The interface for cookie manager looks like this:

=> The first thing we would need to do is to clear all cookies, so clear all the cookies you currently have. Then select the “Add Cookie” link to add a new cookie. The first cookie you will add is the c_user cookie which will have the following information:: Domain – “.Facebook.com”, name-”c_user”, value-”the value you copied earlier from the wire shark scanning” and the Path-”/”; leave the is Secure and Expires On values to default:

=> The next thing you do is to hit the “Add” button and the cookie is saved. Repeat the same steps to add the XS cookie with all of the same information, except the value, which would be the XS value you have.

=> After adding these 2 cookies, just go to Facebook.com refresh the page and… Boom!! you will see you are logged in as that user whose cookie information you stole. Here is my Facebook page after i injected those cookies:

Read More