Now you all can invite me on skype for any kind of help required as my username is krackoworld

30 June 2011

Hack Facebook,Gmail,Yahoo,Twitter Email ID And More Via Remote Keylogger

loggerAfter searching a lot of keyloggers and writing a beautiful post on “one of best 2011 keylogger” known as Sniperspy,Today I am presenting you a new type of keylogger which can be installed remotely to hack Accounts at once. In Sniperspy Keylogger the only problem exists that we have to install it physically which may be risk full and not so easy to do in absence of your victims. But now,this problem does not occur as my new remote keylogger(FUD Keylogger) has the capacity to hack Facebook,Gmail etc Accounts without installing it physically.All we have to send it via internet by uploading it to any data sharing site.



Features :

  • Cookie stealing
  • See passwords stored in victims computer
  • You Can Use Gmail Account to get the logs and Activity details
  • Add To Start Up also included
  • It also Kills Task Manager
  • Automatically Hides the virus after infecting the victim
  • Also Disables Registry Editing
  • Stops victim From Ending Your Keylogger's Process
  • New Icon Changer
  • File Binder
  • With Fake Error Message
  • Includes Time Interval

How To Use it :

1.First of all Download this Remote FUD Keylogger Here and Then Extract it to a specified folder.
2.Now open the keylogger and enter your Gmail username with password in order to get all the information about your victims Computer.
3. Then tick mark the options you want to use to hack accounts and set the time interval to 2 minutes.
4.You can also change the name of file which you are going to generate as you want to fool your enemy(by default it is logger.exe).
5.All done,hence click on build and now you can see a file generated it that folder with your given name.
6.Upload that particular file(.exe file) to any sharing site like, etc.
7.Finished,just send the downloading link to your file to your enemy and ask him to download it for various purposes and when it opens the file,all its activities,keys,logs,cookies and more information will be sent to your Gmail account within 2-5 hours.

File Size :

This software or keylogger comes in very small size of 200 Kilobytes.


Enjoy & don’t forgot to comment or Subscribe to our Email updates.

22 June 2011

How to do Dictionary Attacks to Crack Passwords via Brutus

dictionary attackAre you interested in cracking passwords' and more,so why not you try dictionary attacks instead of guessing passwords. So first let me explain what is a dictionary attack or how is it work? Dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.

A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack. In the following example, I will use Brutus, a very common password cracker, to show a dictionary attack against an ftp server. Brutus is a Windows only program, but at the end of this chapter I will list a couple more password crackers, some of which are made for Mac, Windows, and Linux.

Dictionary Attacks
Before I get into the example, you must first know what an FTP server is. FTP stands for File Transfer Protocol. FTP is a simple way to exchange files over the internet. If a hacker got FTP access to my website, he could delete/upload anything he wants on my server. An FTP address looks similar to a website address except it uses the prefix ftp:// instead of http://. I set up an FTP server on my computer so I could demonstrate. You can get Brutus at .

Procedure :

1. First the hacker would choose a target. In this case it’s my home computer and the IP address for your home computer is .
2. By going to I get a pop-up box asking for a username and password.

auth required
3. Next the hacker would launch a program similar to Brutus and attempt to crack the password.

4. In the target you put the IP address of the website and to the right select the appropriate option, which in this case is FTP.
5. The default port is 21 but some websites change this to make them a little more secure. If you find out that the port isn’t 21, you can find the right one by doing a port scan.
6. If you don’t know any of the usernames for the FTP server, then you will have to get a list of the most common usernames.
7. For a dictionary attack you will have to choose the pass mode Word List and browse and select the file containing your word list. You can get some good password lists at . Below are examples of what a username and password list might look like.

8. Once you hit Start the program will attempt to connect to the server and begin to try all the possible combinations from your lists.
9. If you’re lucky, eventually it’ll get the right Username:Password combination. As you can see below, it got the correct combination of username – admin and password – password.

10. A smarter hacker would use a proxy when using a program like this. What a proxy does is cloaks your IP address by sending your connection request through another computer before going to the target. Brutus leaves a huge log of your presence on the target server.

That’s it !

Understanding Cross Site Scripting-XSS

xssHi friends,I hope all you are f9.Today I am going to teach you one of most Web hacking used skill or we can say technique/method known as Cross-site scripting. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, EBay, Apple, Microsoft, and AOL. Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

There are three types of XSS attacks:

1. Local – Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors onto your computer.
2. Non-Persistent – Non-persistent attacks are the most common types of attack and don’t harm the actual website. Non-persistent attacks occur when (- a scripting language that is used for client-side web development.) or HTML is inserted into a variable which causes the output that the user sees to be changed. Non-persistent attacks are only activated when the user visits the URL crafted by the attacker.
3. Persistent – Persistent attacks are usually used against web applications like guest books, forums, and shout boxes. Some of the things a hacker can do with a persistent attacks are:
• Steal website cookies (Cookies are used by web browsers to store your user information so that you can stay logged into a website even after you leave. By stealing your cookie, the attacker can sometimes login without knowing your password.)
• Deface the website
• Spread Worms 
Now that you know what cross site scripting is, how can you tell if a website if vulnerable to it?
1. If there is a search field, enter a word and if that word is displayed back to you on the next page, there’s a chance it is vulnerable.
2. Now we will insert some HTML. Search for <h1>hi</h1>, and if the word “hi” is outputted as a big header, it is vulnerable.
3. Now we will insert JavaScript. Search for <script>alert(“hi”);</script> , if the word “hi” pops up in a popup box, then the site is vulnerable to XSS.
4. As you can see, these examples are non-persistent. Now if a hacker found a guestbook or something else like it that was vulnerable, he would be able to make it persistent and everyone that visits the page would get the above alert if that was part of his comment.
Hackers knowledgeable in JavaScript and PHP will be able to craft advanced XSS attacks to steal your cookies and spread XSS worms, but to show you a simple example of something more realistic then the above examples, I will show you how a hacker could use XSS to help with phishing.

1. Let’s say a hacker wants to phish passwords from If he was able to find an XSS vulnerability anywhere on the website, he would be able to craft a link pointing to the legit website that redirects to his phishing website.
2. In the example with the popup, when I inserted the JavaScript into the search box, a URL was formed that looked like the following:
Here you can see that the code you typed into the search box was passed to the “searchbox” variable.
3. In the URL the hacker would then replace everything in between ?searchbox= and &search with the following JavaScript code:
<script>window.location = “”</script>
4. Now when you go to the finished link, the legitimate site will redirect to the phishing website. Next what the hacker would do is encode the URL to make it look more legit and less suspicious. You can encode the URL at
5. My finished encoded URL is:
6. Once the victim sees that the link points to the legitimate website, he will be more likely to fall for the phishing attack.

Enjoyed this article! Have fun : D

18 June 2011

Get More than 10,000 Quality Backlinks for free- Increase your Website Ranking Instantly

free-backlinks-submitter-toolsIn todays world, Everyone wants to be rich, have their website on top of the alexa ranking,having good PageRank,traffic etc,so therefore these people are struggling very much by writing nice posts,designing template etc. But the main thing they forgot to have such high quality Backlinks. In simple words, the success of an blog or website depends on its Backlinks.  Backlinks play very important role to get " High PR ranking " and " Alexa High Ranking " for free.Therefore today to provide you these backlinks I am going to tell you the procedure by which we all can get more than 10000 backlinks in couple of minutes for free and increase your rankings and traffic as well.


Generating backlinks is quite simple,all you have to do is to visit the below sites and enter your website,keywords,name details and click on the start or generate button. Then the application starts submitting your site to PR 1-10 websites and up to 10000 other sites.

Main Sites -

1. – About 1000 Premium Backlinks For Free

2. IMTalk – About 2500 Premium Backlinks For Free

3. Webmasterdeck – 500 Premium Backlinks For Free

Other Sites containing more than 6000 Backlinks -

Note- Getting these backlinks is an 100% safe and secure method plus do not close the browser or website until the process of generating backlinks is finished as the browser popups many times in this.

Benefits -

1.Increase you Alexa ranking as the rankings are decided by taking the backlinks into consideration.
2.High value of Traffic across the 190 countries.
3.More Google,yahoo,Bing search results.
4.Popularity among the sites.
5.Money associated with the traffic etc.

I hope you like this methods though some tells that this " Black Hat SEO Method To Get High Ranking " but according to me this is Ethical method to " Get Free Backlinks ".

Thank you for reading this article and don't forget to comment below..

14 June 2011

Download Norton Internet Security Antivirus 2012

Norton-Internet-Security-and-Norton-AntiVirus-2012-Public-Beta-300x115As you all know there are many sites which are unsafe and contains malware plus viruses on the internet to harm us. So it is mandatory to have an good antivirus with update to safeguard computer and yourself also. Many of us gets hacked by filling our data at unauthorized sites and then just starts complaining. To solve this issue,today I bring you the top rated antivirus software of Symantec know as Norton Internet Security 2012 which has all in 1 solution of any problem.

Salient Features

  • Norton Protection System includes 4 layers of rock-solid protection designed to proactively protect against the very latest threats – so you can do more on your PC without disruptions.
  • Customizable Control Center gives you the option to choose your preference between a simplified screen or the traditional detailed view.
  • Identity Safe alerts have moved to the Norton Toolbar so there are less interruptions while you are online – but your passwords are still as secure as ever.
  • Bandwidth Management limits Norton’s processes and updates when you have limited bandwidth or monthly downloads.
  • Download Insight 2.0 now tells you how stable a download is before you put your computer at risk for crashes or other bad things to happen.
  • Norton Recovery Tools help remove threats that can be deeply buried in a PC’s operating system.

Other Features

Interface simplification with options to run scans and updates right from the interface. Advanced users can switch to (and set as default) advanced mode which allows them to enable or disable features with a click.

  • Identity Safe 2.0 can now safe data to the cloud so that you can connect to the information from multiple computers. Identity Safe is basically a password manager and form filler.
  • Application Stability Ratings are introduced in Norton 2012. Norton scans the running applications on your PC and displays ratings for them. Applications are rated by their resource usage, trust level and reliability.

norton application ratings

  • Bandwidth Metering is introduced in Norton 2012 products which can limit Norton to only download critical updates or nothing at all.
  • Norton Autofix is an automatic tool that tries to fix problems that you may be experiencing with your copy of Norton Internet Security 2012.
  • Performance has been approved, according to Norton. This includes a smaller footprint, faster startup and shutdown times and faster scans and file access operations.
  • Google Chrome users can now make use of the Identity Safe and Safe Web features, which they previously could not.
  • Norton Power Eraser 2.0 and Sonar 4.0 updates introduce new features. Sonar Policy Enforcement uses behavioral analysis of processes to create profiles. The app looks at a processes previous actions and uses them in its analysis of the process. This increases the chance that malicious processes are discovered.

Download Norton Internet Security Beta version 2012 here.

09 June 2011

What to do when your Gmail Account is Hacked ?

gmail-password-hackedWith the tremendous increase in the hackers over 2008-2011, Security is being the major problem among the people who don’t even know hacking and are newbies. It should be any time when your Account is being hijacked or hacked by an person(usually hacker). As Google provides Gmail which offers good services and facilities than any other, so most of the people are on it. Being hacked by Google account means you lost your other accounts associated with Gmail also like Orkut, Google Checkout, Blogger, AdSense, Google Docs, Picasa accounts etc. So Here are the 3 options suggested by the Google Support team should be taken when you forget your Gmail password or if someone else takes ownership of your Google Account and changes the password:

1. Reset Your Google Account Password

Type the email address associated with your Google Account or Gmail user name at Gmail Forgot Password Link – you will receive an email at your secondary email address with a link to reset your Google Account Password. This will not work if the other person has changed your secondary email address or if you no longer have access to that address.

2. For Google Accounts Associated with Gmail

If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form. It however requires you to remember the exact date when you created that Gmail account.

For Knowing how to find your Gmail Creation date, Please Follow the below steps-

1.By Using Gmail Welcome Mail:
Whenever you create an gmail account you will get a welcome mail from gmail team. So,here is the tip ,this “Welcome Mail” has the same date as your Gmail account creation date.To get this mail and there by the date,Go to Gmail inbox and hit on Oldest
button to get the last message. This message will be welcome mail from Gmail Team.You can note this mail date and this will be your gmail creation date.
But,the problem arises when if you are deleted the welcome mail from you inbox.If you done so the above method will not help you to find the gmail creation read the below method.

2.By Using POP:
This method will work only for accounts created after 2007.
Go to Settings -> Forwarding and POP/IMAP and
under POP Download, look for:
Status: POP is enabled for all mail that has arrived
since “Your Account Creation Date”

Your account creation date can be noted and it will be your Gmail creation date.

3. For Hijacked Google Accounts Not Linked to Gmail

If your Google Account doesn’t use a Gmail address, contact Google by filling this form. This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message. It may be slightly tough to get your Google Account back but definitely not impossible if you have the relevant information in your secondary email mailbox.

SmileComments are Welcomed below and don’t forgot to subscribe our Regular email updates to stay connected with us forever and enjoying the every step of hacking plus Security Tips.

08 June 2011

How to Hack a Website By Remote File Inclusion ?

What is Remote File Inclusion (RFI) Web HackingRFI is one of the popular Web hacking method used by the Hackers in todays world. Remote File Inclusion occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system.
Many servers are vulnerable to this kind of attack because of PHP’s default settings of register_globals and allow_url_fopen being enabled. Although as of PHP 6.0, register_globals has been depreciated and removed, many websites still rely on older versions of PHP to run their web applications. Now let’s go through the steps a hacker would take to exploit this type of vulnerability in a website.

1. First the hacker would find a website that gets its pages via the PHP include() function and is vulnerable to RFI. Many hackers use Google dorks to locate servers vulnerable to RFI. A Google dork is the act of using Google’s provided search tools to help get a specific search result.
2. Website that include pages have a navigation system similar to:
3. To see if a the page is vulnerable, the hacker would try to include a site instead of PageName like the following:
4. If the Google homepage shows up on the website, then the hacker knows the website is vulnerable and would continue to include a shell.
5. A couple of the most popular shells are c99 and r57. A hacker would either upload them to a remote server or just use a Google dork to locate them already online and insert them. To find the a shell the hacker would search Google for: inurl:c99.txt. This will display many websites with the shell already up and ready to be included. At the end of the URL make sure to add a ? so that if anything comes after c99.txt, it will be passed to the shell and not cause any problems. The new URL with the shell included would look like:
6. Sometimes the PHP script on the server appends “.php” to the end of every included file. So if you included the shell, it would end up looking like “c99.txt.php” and not work. To get around this, you would add a null byte (%00) to the end of c99.txt. This tells the server to ignore everything after c99.txt.
7. In step one, I told you that hackers use Google dorks to look for sites possibly vulnerable to RFIs. An example of a Google dork would be: allinurl:.php?page=. This looks for URL’s with .php?page= in them. This is only an example and you most likely won’t find any vulnerable sites with that search. You can try switching around the word “page” with other letters and similar words. Hackers usually search vulnerability databases like for already discovered RFI vulnerabilities in site content management systems and search for websites that are running that vulnerable web application with a Google dork.
8. If the hacker succeeds in getting the server to parse the shell, he will be presented with a screen similar to the following:


The shell will display information about the remote server and list all the files and directories on it. From here the hacker would find a directory that has read and write privileges and upload the shell but
this time as a .php file so that incase the vulnerability is fixed, he will be able to access it later on.
9. The hacker would next find a way to gain root privileges on the system. He can do this by uploading and running local exploits against the server. He could also search the victim server for configuration files. These files may contain username and passwords for the MYSQL databases and such.
To protect yourself from RFI attacks, simply make sure you are using up-to-date scripts, and make sure you server php.ini file has register_globals and allow_url_fopen disabled.

Enjoy Hacking :D

03 June 2011

Hack Rapidshare,Hotfile,4shared,Megaupload Accounts Via Google

As Requested by many readers that how to hack file hosting accounts like rapidshare,hotfile,megaupload etc to upload their data for long time and safely.But the only problem is that we dont have the premium accounts to access fast data and bypass advertisements.So therefore, I found a new trick to hack these services via Google. All you have to do is simply type the below code in the Google search bar and press enter.

1.For 4shared - dir + (for 4shared)
2.For Megaupload - dir + (for megaupload)
3.For Rapidshare - dir + (for rapidshare)
4.For Hotfile - dir + (for hotfile)

And you can also use the above given pattern or sequence to hack other accounts and services on net.


Recent Posts

Review this blog on

Recent Comments

| KrackoWorld (KoW) © 2014. All Rights Reserved | Style By All Web Designing | | Contact |