Ethical Hacking - Rafayhackingarticles

Learn How To Hack With MrCracker InnerCircle

2012-05-23T05:31:00.000-07:00

Few weeks ago we announced on our Facebook Page that we are going to partner with mrcracker.com in order to offer an amazing training for you. Mrcracker.com is one of the widely recognized Internet security blogs, offering tons and tons of useful stuff related to Ethical hacking and security. Therefore RHA has partnered with MrCracker.com to offer amazing Ethical Hacker Training! Watch the video for more information.

USE COUPON CODE: RAFAY25 FOR 25% OFF ALL MRCRACKER.COM INNER CIRCLE MEMBERSHIPS AND LEARN HOW TO HACK TODAY!

Frequently Asked Questions

There's a LOT of information inside the Academy! Will it cost me thousands to get access to it?
You'll be excited to know that EVERYTHING in the MrCracker Inner Circle is available to the general public for just $47 per month. For the cost of a couple nice dinners out, you'll be tapping into the most in-depth and easy-to-use Ethical Hacker training community ever offered. Honestly, it's a no-brainer.
Is this one of those membership sites where you guys put some material in it and never update it again?
Sorry if you've had that experience before, but that's not the way we roll. When you activate your membership, the MrCracker Inner Circle will have a lot of training and resources ready to roll. Enough to keep you busy for a long time.

PLUS... we'll keep adding more valuable lessons, strategies, tools, and resources every single month. Sometimes even more frequently than that. Why? Because the security/hacking scene is fast-moving and always changing.
We're committed to keeping you "in the know" with the latest and greatest techniques to keep your hacker skills moving in the right direction. And the best way we know how to make that happen for you is to continually give you the most up-to-date training material available anywhere.
What if I know I'm going to love it - is there a "Lifetime" membership available so I don't have to worry about monthly dues?
Yes. For those who want to guarantee lifetime access to everything in the MrCracker Inner Circle - both now and in the future - a Lifetime Membership is available.

The cost for the Lifetime Membership is one time payment of $497.
If I decide to give it a try, will I be locked into the MrCracker Inner Circle for a long time?
The MrCracker Inner Circle is completely month-to-month with no long-term commitments. If you're not happy with what we have to offer, we don't want you spending your hard-earned money on it.
What do the hacker training courses consist of?
Each courses consist of reading parts, if you don't like to read, there are audio parts, video parts where I show you first hand how to complete the hacker techniques taught and finally a haxercise. Haxercise are practice environments where I allow you to safely and legally practice the hacker techniques taught.

Hacking Software - oclHashcat-plus v0.08

2012-05-12T10:44:00.000-07:00

What is oclHashcat-plus v0.08 ? oclHashcat-plus v0.08 worlds first ''GPU" based rule engine.It is also the worlds fastest phpass, mscash2,md5crypt and WPA/WPA2 cracker.

Description - oclHashcat-plus v0.08 ius an advanced password hacking software which is highly efficient and works faster than any other software of it's genre.There are a number of algorithms implemented in it and it has many features which make it the best software available for password cracker.

Some of it's Features

1.Multi-GPU (up to 16 gpus)

2.Multi-Hash (up to 24 million hashes)

3.Multi-OS (Linux & Windows native binaries)

4.Multi-Platform (OpenCL & CUDA support)

5.Supports reading words from file.

6.Supports reading words from stdin

7.Integrated thermal watchdog And many more..

Algorithms implemented -

1.Joomla.
2.MD5.
3.Oracle 11g.
4.MSSQL - 2000.
5.MSSQl -2005.
6.MySQl.
7.Phpass.
8.Oracle 7-10g.
9.SHA256.
10.NTLM.
11.MD4.
12.OSX10.7.
13.CISCO-PIX MD5.
14.Double MD5.
15.SSHA.
16.SHA-1(Base64), nsldap, Netscape LDAP SHA.
17.SSHA-1(Base64), nsldaps, Netscape LDAP.
18.DCC,mscash.
19.OSX v10.4, v10.5, v10.6.
20.SHA1.

Modes of Attack-

1.Straight
2.Combination
3.Brute-force
4.Permutation
5.Hybrid dict + mask
6.Hybrid mask + dict

Cracking a WPA handshake with OclHashcat-Plus(Video)

About The Author

This article is written by Shikhil Sharma, He blogs at www.hacking-tweaks.blogspot.com/.

Facebook Strengthen's It's Security By Launching Antivirus MarketPlace

2012-05-11T11:40:00.003-07:00

From last few months Facebook users are facing lots of trouble due to dramatic growth of malware and spams on facebook .We here at RHA have covered lots of facebook related spams like Facebook Scammers Exploit Steve Jobs Death , DAD CATCHES DAUGHTERS ON WEBCAM -Beware Facebook Viral Scam , Hijacking Facebook Users With Clickjacking Attack etc.

Seeing these repetitive attacks , Facebook yesterday launched Antivirus Marketplace to increase the protection of Facebook users. McAfee, TrendMicro, Sophos,Microsoft and Symantec will will augment Facebook's URL blacklist system with their own URL blacklist databases.

The Antivirus Marketplace will also let facebook users to download full version antiviruses with no charge for 6 months ! This service for free download is available to Mac as well as Pc users and a user can download any one antivirus of his choice from his account.

But the big question is what will happen after the 901 million facebook users have ended up their 6 month free full version,how many of them will bother to spend bucks to renew it ? !

About The Author:

This article is written by Shikhil Sharma.

Officially Launching IncomeFigure

2012-05-06T13:06:00.000-07:00

I am extremely proud to say that I am officially launching my next big project "Income Figure". Apart from an Ethical hacker, I am also a blogger, Internet Marketer and a SEO expert. I have been getting requests from lots and lots of my readers to post SEO related stuff on RHA. However, I have restricted the content of RHA strictly to Ethical hacking and Penetration testing. As I want to target a specific piece of audience who are interested in hacking and security. Therefore I didn't wanted to mix up my content with stuffs like Wordpress SEO, Blogger SEO etc. That evolved the idea of building up a blog like incomefigure.com.

What's Our Aim?

Our mission is simple, It's to help newbie bloggers and webmasters who get easily fooled by so called people like "Internet Marketing Guru", "Money Making Guru". Our aim is also to help college, university students to become full time bloggers with least amount of effort. There are couple of authors working with me on this project, However I will try to be as frequent as possible. If you want to contribute along with me, kindly shoot me an email to rafayhackingarticles@gmail.comHow Can You Help RHA?

Since past few years RHA has served the hacking community with up to date material related to Ethical hacking and security, If you would like to return us a favor. Kindly suggest/promote our blog to your friends, relatives etc. Note: Do not forget to show your love by liking IncomeFigure on Facebook Fan Page , and circling it on Google Plus.

Google Raises Bug Bounty - Great News For Hackers

2012-04-26T06:46:00.000-07:00

A good news for the hacking community- The internet giant Google has raised the bounties from $3133 to $20,000.Most companies that are in the business of providing software or services are willing to pay industrious and benevolent hackers who find bugs in the code. Google has been making use of these folks for quite some time, but now Mountain View is increasing its rewards dramatically in an effort to encourage more people to join the bug hunt. Google previously handed out a maximum of $3133.70, but now will offer up to $20,000 per bug.

"When we get more bug reports, we get more bug fixes," Google security team manager Adam Mein told AFP. "That is good for our users; that is good for us."

Google has paid out approximately $460,000 since it established the Vulnerability Reward Program.This rate change increases the incentive for security researchers and the average denizen of the internet to disclose the bugs spotted in Google web services to the source.

At Google’s Pwnium contest in March, Google paid out $60,000 prizes to anyone that could exploit the Chrome browser. Two people managed to do so, and collected the money. Even at that rate, security researchers have made it clear the exploits would have been worth more if sold to malicious individuals. Google’s $20,000 top payment is likely still far below the market rate.

Not all bugs will warrant the new $20,000 payout. Only “critical bugs” that allow remote code execution will be at that level. SQL injections or authentication bypasses will still net you a hefty $10,000 prize, but amounts will vary depending on which Google service is affected."We want them to know the reward is there for them if they find the most severe bugs," Mein said.

Bugs found in more sensitive services such as Google smartphone "Wallet" software tends to merit more generous rewards. So start working and earn.

Author:
This article is written by Ajit Singh, Who is newest member of our team, He blogs at www.coolestwebsite.in. If you would like to become a member of our team, Kindly email at rafayhackingarticles@gmail.com

How to Join Anonymous Army ?

2012-04-26T06:40:00.000-07:00

What to join Anonymous army ? So are you like expecting from me that i will tell you that enrollment forms are out to join The Anonymous ? No, No such news ! And you cannot join anonymous ! In fact no one can !

Anonymous is not an organization,not a club too,nor a party.Anonymous has no ideology,no gurus and no leaders too.

Anonymous are like people who are with each other for a small time to bring do a task,be it good thing or bad.But as soon as that task is complete those people may or may not be together.You can compare them to a group of people traveling small distance together just like the passengers of a bus.

How do people from Anonymous communicate ?

Anonymous are regarded both as Heroes or Villains of cyber world by person to person.And just like every other person members of anonymous also communicate via the social network-facebook,skype,yahoo etc.

How to recognize members of Anonymous ?

Members of Anonymous have no different characteristics.A person you meet or see everyday may be a member of anonymous and you have no idea about it.There is no age,sex,caste,country barrier to be a member of anonymous,anyone and everyone can be a member.All you require to be a member are - Skills !

During public appearances members of anonymous are often seen wearing Guy Fawkes Masks.

Is it Good or Bad to be a member of Anonymous ?

It is totally up to you ! If you are good you remain good being a member of anonymous too and vice verse !

Being associated with anonymous does not bring you any ''Bad'' image as it is often misunderstood by people.

Anonymous group never asks it's members for their personal information or identity proof.

How many Anonymous are there ?

There are many of them,more than we can think ! And as i had said,they are with each other for short time and they keep on adding every time they are together.

About The Author:

This article is written by Shikil sharma, Who is the newest member of RHA team. He blogs at http://hacking-tweaks.blogspot.in/

Hack Facebook Accounts With Reverting

2012-04-23T15:13:00.002-07:00

Facebook pays millions of dollars to security experts and penetration tester to keep the privacy of their users as safe as possible. So therefore we cannot use direct methods such as bruteforcing, dictionary attacks in order to hack facebook account due to account lockout feature. However, Also i would like to clear one more doubt that there is no such software which will hack a facebook password for you by just entering your email address. There are also methods such as Phishing, keylogging etc, which can help you hack facebook account, which are also suggested ones.

However here in this tutorial we will be exploiting a bug inside facebook in order to hack a facebook account. The vulnerability exploits trusted friends feature inside facebook which could be used to reset some one's facebook password.

Note: If you would like to learn about more advanced methods to hack a facebook account, Kindly refer my post How To Hack Facebook Password.

1. The thing which we use is to trick the Three Friend Account Recovery Method of facebook

2. The homework i was talking about is that you will have to make three fake account and make sure that they are in the friend list of the person you want to hack.

3. Once you are done with the above two steps you can start the hacking business.

4. Go to Forgot Password area of facebook.

5. It will show victims e-mail address and may be mobile phone at which he can be reached,choose ''no longer access to these'' option.

6. Now you will be prompted to enter an alternate e-mail address, type your e-mail address or create a new one.

7. Now you will be asked the ''Security question". Make random guesses,if you know the victim you might just get the right answer,if you don't-no worries !

8. If you have not succeeded in getting the answer right you will get to our main aim ''The Trusted Friends" recovery option.

9. Here click on ''continue'',choose 3 trusted friends-The Three fake accounts you have created and they are friends with the victim.

10. After you have chosen them,facebook will supply you with some codes on those fake accounts,follow the procedure and victims account is yours ! You've hacked them ! :)

About The Author:

This article is written by Shikil sharma, Who is the newest member of RHA team. He blogs at http://hacking-tweaks.blogspot.in/

Anonymous Hacks Formula 1 Website

2012-04-22T10:33:00.001-07:00

Hacking Group Anonymous recently brought down the website of Formula 1 !

They did it by DDos-Distributed Deniel of Services attack. The website which was attacked is www.formula1.com.

The F1 world was already in news because of controversial hosting of Grand Prix in Bahrain this weekend where protest are taking place before this attack on the website took place.

Anonymous hackers also defaced another website associated with Fromula 1 racing and also posted a press release.

The message was against the King Hamad bin Ali Khalifa of Bahrain. A part of the exact message posted :

“For over one year the people of Bahrain have struggled against the oppressive regime of King Hamad bin Al Khalifa. They have been murdered in the streets, run over with vehicles, beaten, tortured, tear gassed, kidnapped by police, had their businesses vandalised by police, and have tear gas thrown in to their homes on a nightly basis.

Still the regmine persists to deny any meaningful reform and continues to use brutal and violent tactics to oppress the popular calls for reformation. Not only is the Human Rights situation in Bahrain tragic, it becomes more drastic with each passing day. For these reasons the F1 Grand Prix in Bahrain should be strongly opposed. The Al Khalifa regime stands to profit heavily off the race and has promised to use live ammunition against protestors in preparation. They have already begun issuing collective punishment to entire villages for protests and have promised further retribution "to keep order" for the F1 events in Bahrain. The Formula 1 racing authority was well-aware of the Human Rights situation in Bahrain and still chose to contribute to the regime's oppression of civilians and will be punished.”

In the DDoS attack which anonymous used a large number of computers ping the website together at the same time which result in overloading of the server.

DDoS attack is considered as one of the best used and favourite attacks of Anonymous as earlier this month Anonymous had launched DDoS attack against websites of British Home Office and 10 Down Street.

About The Author:

This article is written by Shikil sharma, Who is the newest member of RHA team. He blogs at http://hacking-tweaks.blogspot.in/

Stuxnet Worm Was Loaded Iran DoubleAgents!

2012-04-21T02:08:00.000-07:00

Stuxnet virus was the virus which damaged Iran’s nuclear program. A recent report revealed that it was implanted by Israeli proxy-an Iranian and used a corrupt memory Usb stick which was revealed by former and serving U.S. intelligence officials said.

"Iranian Double Agents” had most probably helped to target most vulnerable spots of the system. In October 2010 intelligence minister of Iran said that "Nuclear spies” had been arrested in connection with stuxnet.33.virus.

Since it's discovery in 2010 it is being considered as the most sophisticated computer virus ever created , It's programming was so complex that it took months for researches to unravel it !

Infected computers in various countries :

Country Infected computers

Iran 58.85%

Indonesia 18.22%

India 8.31%

Azerbaijan 2.57%

United States 1.56%

Pakistan 9.2%

What is Stuxnet after ?

The Stuxnet does not steal your money ,identity nor the passwords,It has specified targets ! It Targets centrifuges in a top secret Iranian facility ! This virus has started a future concern for more attacks on power plants, water systems or nuclear plants !

How does Stuxnet work ?

Stuxnet does a little harm to your computer and network if they do not meet required configuration.The virus makes itself inert if Siemens software is not found on the target computer.

Stuxnet attacks with different layers for these three systems:

1.Siemens PCS7,WinCC and STEP7.

2.Siemens S7 PLCs

3.Windows.

How to Remove it ?

Siemens released a tool kit which detects and removes Stuxnet.

You can download it here http://greatis.com/security/stuxnet_remover.html

Possibilities of Origin ?

Israel , United States and other Western nations working together or separately are till now named to be the possible creators !

Author information -

This article is written by shikhil, he is the newest RHA team member and blogs at http://hacking-tweaks.blogspot.in/.

Nikjju Injection Compromises More Than 180,000 Pages !

2012-04-19T12:56:00.002-07:00

Effect - Hackers have compromised above 180,000 pages by this new SQL injection vulnerability against ASP sites and the number is growing very fast.

The effect is also seen on blogger users as their ‘’Traffic sources’’ area shows traffic from the infected links.

Script Used- The script used in the process :

What it does - The script redirects the users to a Fake AVs like best-antivirus…something. Or http://www4.savegco-antivir.com ….

Protection - You can check if your site has been infected or not ,go here http://sitecheck.sucuri.net/scanner/

And scan your website.

Information on Nikkju- It has been found that domain named nikjju.com was registered on 1^st April and attack most probably began after 4^thapril.

Some government sites affected by it :

jnd.xmchengdu.gov.cn

study.dyny.gov.cn

www.cnll.gov.cn

www.bj.hzjcy.gov.cn

www.mirpurkhas.gov.pk

www.tdnyw.gov.cn

gcjs.kaifeng.gov.cn

Till now no way has been found to prevent this Mass attack though google and other authorities are working on it.

The amount of pages it is effecting is increasing at a very rapid rate.

Precaution - Do not open untrusted links and the links starting from ''antivir...something or www.savegro-antivir.com...".

Author:

Shikhil Sharma is the newest RHA member. If you would like to contribute to RHA, Kindly email rafayhackingarticles@gmaill.com.

Protect Your Website Against SQL Injection

2012-04-19T07:50:00.002-07:00

Hacker-one: “ YES, I DID IT !!! “

Hacker-two: “What ? “

Hacker-one:” I HACKED ANOTHER SITE!!! “

Hacker-two: “Great!!! How did you do that? “

Hacker-one:” SQL INJECTION !!! :p “

Yes, one of the common methods that are being used by hackers is SQL INJECTION.

Sites get hacked by the sql injection due to the loop hole that is left by developers most of the times while developing a web application.

I will be explaining you today how to avoid SQL INJECTION when you are developing a web application with PHP.

I will be explaining with the help of an example, suppose we have text fields on our form

1. User Name

2. Password

and a login button.

When we login, the validation for the valid user is checked on the back-end. If the user is a valid user, he logs into the system else an error message “incorrect username or password” is shown.

What happens on the back-end,

$userName=$_POST[‘userName’];

$password =$_POST[‘password’];

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password= ‘”.$password.”’ ; ”;

This is where the developer has left a loop hole if instead of password I enter ‘ or ‘a’=’a the password field has the value

$password is ‘or ‘a’=’a

Lets place this value in query and the query becomes

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password=’ ‘or ‘a’=’a’; ”;

You can see clearly , password doesn’t match but the other statement a=a matches so OR operator will work and the user will login into the system without knowing the actual password. I can even give you the names of some famous websites where you can inject sql or use this technique.

HOW TO AVOID IT ???

Don’t treat the field values as mentioned above

Use this function

function BlockSQL Injection($str){

return str_replace(array("'",""","'",'"'), array("'",""","'","""), $str);

}

This will replace the characters( that can break the string) in the string.

So you can use this function as

$userName= BlockSQL Injection ($_POST[‘userName’]);

$password = BlockSQL Injection ($_POST[‘password’]);

Now the hacker wont be able to break the QUERY STRING.

We have many frameworks in PHP that provide this functionality such as quotes_to_entities($string) in CODE IGNITER.

Use some desgin pattern when you are building a big application, model, controller, your view layers and DAO (data access object layer) must be implemented to make it losely coupled and extensible.

A huge number of sites have been developed in core php, where we don’t use any framework. Wordpress is very secure but when it comes to PLUGINS (that we donwload and use), they can have the loop holes inside them. Stay alert while developing web applications, you never know when you are gonna get hacked. Stay blessed! :)

Good Luck !

About The Author

Danyal Sandeelo is a Software Developer at "breezecom", He is the newest member of Team RHA, He blogs on http://blog.votemypic.com.

Penetration Testing In Real World - "Codename: Samurai Skills"

2012-04-18T08:04:00.001-07:00

How to hack?, This is the same question that is asked to me every single day. Infact it's one of the most searched and widely spoken topics on the internet. There are tons and tons of guides and how to's available on the internet related to hacking and pentration testing. However, the problem is that unless you can't learn how to hack unless you don't practice the stuff you learned. Which brings us to the next question, Where do I practice what I learn?

Another problem with today's Ethical hacking and penetration testing courses is that they fail to offer real world attack scenario in order for the students to practice and learn in a much better way. Most of the courses you would find on the internet would commonly suggest you the following for the lab.

1. Backtrack (Attacker)
2. Windows Xp (Victim)

And you would end up practicing on a vulnerable target of your choice, However penetration testing in the real world is extremely difficult and require creative thinking and you are faced up against lot of different security mechanisms such as Firewalls, IDS, IPS etc.

A couple of months before we wrote a complete review on "elearnsecurity Penetration testing course for beginners" and received extremely positive response from our readers. Recently this week I came across a Penetration testing course that gravitated my attention in the first look. The name of the course is "Codename: Samurai Skills".

"Codename: Samurai Skills" by ninja sec team is a medium level penetration testing course which provides students with a good base of both theoretical and practical knowledge. The approach of this course is similar to elearnsecurity and offensive security.

The whole course is divided into eight different modules. Each of the modules contains a PDF material along with the videos related to the topic. The course starts by giving a solid introduction related to Penetration testing, different types of approaches and methodology. The next chapter directly dive into the practical demonstrations of various penetration testing tools on backtrack related to information gathering.

Module 3: Scanning and Assessment

the author does not only introduces you to different types of scanning tools and methodologies but also provides handy tips in order to bypass different types of protections such as firewalls, IDS etc.

Module 4: Network Attacking Techniques

In this module author introduces the students to various types of different network attacking and exploitation techniques. Going beyond just using ms08_067_netapi exploits which is a common exploit used in almost every training. The module also covers topics like network password cracking, man-in-the-middle, ARP spoofing, password sniffing and common targeted protocols.

Module 5: Windows & UNIX Attacking Techniques

This module introduces the student to various types of vulnerabilities inside windows xp found inside windows Xp hashing mechanism. The module also talks about unix attacking techniques. However, I was expecting a bit more of material related to UNIX attacking techniques.

Module 6: Windows & UNIX Post-Exploitation Techniques

This module covers Windows and Unix post exploitation techniques in depth introducing the student to various topics such as meterpreter, privilege escalation, local password cracking, impersonation, routing / pivoting and other topics, for both Windows and UNIX.

Module 7: Web Exploitation Techniques

This module is the longest module of all with around 5 hours of practical demonstrations. The module starts by explaining various scanning and application footprinting techniques. Right after the scanning part the author directly dives the students inside web application exploitation techniques such as SQL injection and Blind SQLi, File Upload and Remote File Include (RFI) vulnerabilities, Command Injection, Cross Site Scripting (XSS) (both reflected and stored), and Cross-Site Request Forgery (CSRF).

Module 8: Windows Exploit Development

This module was by far my favorite as the instructor has done tremendous job in explaining the windows exploit development process. The module covers a step by step process of development of a buffer overflow exploit. The instructor has made the complex exploit development process look so easy for the students that even script kiddies can learn it with a little bit of effort.

The ninja-sec team also offers a certificate for any one who completes the following lab challenges:

The end goal is to collect a key.txt file inside of impossible network.

Click Here To Enroll Your self

How To Hack Windows 7 And Bypass Firewall And Kaspersky Antivirus

2012-04-17T13:15:00.007-07:00

Ever tried to hack a windows 7?, Ever tired of bypassing antiviurs?, Then this is the tutorial for you.Ok, so you want to know how to attack a fully secured and protected windows 7 sp1 x64 with all security defenses working and running ( UAC,DEP,ASLR,EMET,etc.)

Not just that but also there is Kaspersky internet security 2012 activated and updated till this moment and running with default options like (firewall, application control, proactive defense, etc.)

As we know that windows 7 sp1 doesn’t have any remote exploits like (ms08-067) for xp and (MS09-050) for vista/ Because windows 7 is more secured and exploitation (exploit development) is very hard (good job Microsoft). Most internet users have Firefox, chrome and internet explorer not all of them but one for two of them (I am using all of them at once J )

And they have flash player from adobe and java from oracle so they watch online clips/movies from YouTube and enjoy online games and applications that requires java and flash payer. Most of them have anti-virus with firewall enabled by default, they use

( eset,avira,avast,Kaspersky,bitdefender,etc.)

Let’s take a look at the best anti-virus in the world "Real World" Protection Test - chart updated!

And download

http://www.av-comparatives.org/images/stories/test/dyn/avc_factsheet2012_03.pdf

We can see that Kaspersky internet security 2012 and bit defender are the best

But Kaspersky is the best one from my point of view J

Let’s imagine this scenario:

I am working as a penetration tester in a big security company; they asked me to conduct a penetration testing (client side/social engineering) no web penetration testing, network/wireless penetration testing just client side for a big customer

I said ok let’s do it.

We finished all paper work and other legal stuff then I am thinking now how I can penetrate this company???

My big company told me that the big customer web site URL is (http://www.bigx.com)

I made a quick search using Google

Then I used another tool called (the harvester), you can find it in backtrack 5 r2 or download it from http://www.edge-security.com/theHarvester.php

I found many emails:

That is good, now I have a starting point to target and attack all emails I found

Now I know that this is a big customer and a big company so they must use a big security as well

And they have anti-virus and modern and secured operating systems like (windows 7 sp1)

So public exploits against IE,Firefox,flash,adobe and other local programs will not work and I will got detected using Anti-virus that will detect my exploits that I will send to my targets and remove it

So the best chance I have is to use an evil java applet to trick the victim to open it

But the victim must have java installed on his system

Ok this is good as many internet users have java installed including me J

Ok, time to hunt them all ….

I searched in pipl.com

I entered all emails I have and found many interesting information like:

Note: this is FAKE I cannot disclose sensitive information about the big Company J

As you can see ( name,age,location,genere) and also Facebook account

I added this admin@bigx.com as a friend in Facebook and we are now friends

I chatted with him about his company and some general talk

After some time we have a small trust with each other (I can send him images or links)

Now I will start my backtrack 5 r2 machine and run this cool program

(Social engineering toolkit) AKA (SET)

Now time to attack my target

I will create an evil java applet

I will choose

2) Website Attack Vectors

Then

1) Java Applet Attack Method

After that

1) Web Templates

And then

4. Facebook

Now the most important part, we must use a payload that is not detected by any security products like ( AV,IPS)

I know that my victim is using Kaspersky internet security 2012 and windows 7 sp1, I asked him in our facebook chat “what is the best anti-virus you recommended?”

He replied “Oh, the best one is Kaspersky internet security 2012, we are using it in our company and I personally use it installed on windows 7”

I tried in my penetration testing lab many of payloads and most of them detected by Kaspersky L

But the payload number 11

11) SE Toolkit Interactive Shell Custom interactive reverse toolkit designed for SET

Is working like charm and no AV detects it J

Then I choose it and choose port 443 to b my local port that payload will connect to me

Note: I opened two ports in my router ( 443,80) , so the victim can connect to me when payload is successfully executed

Now we are good and ready

Now we must send our external ip to victim, we can use this website

Getip.com

And you will find your external ip like this

And we can hide our external ip by using bit.ly website to shorten and conceal it

You can see that my external ip is hidden now!

http://bit.ly/HPTZN0

Now I can send him this link and when he click on it he will see facebook.com loaded with your java applet exploit. Note that Kaspersky is running

And he will click run (he is secured and don’t fear from anything J )

Now he clicked run and I can see

Kaspersky is running and java is running and everything is secure J

But I have a remote shell on my target machine

Now I can do many things like:

Just press 1 to start interacting with the opened session

And then type help to view all supported commands

I always like a pure windows command shell

I will type “shell “

And I will type “tasklist” to view all running process and services

Then

OMG “Kaspersky is running :)”

This is time to view files and download /upload and do some Real World Windows Post exploitation

And we owned our victim and found many sensitive Bigx.com files like usernames and passwords and some private docs and photos J and found filezilla ftp username and passwords and connect with those ftp credentials and you know the rest ……

“Man , WE Defeated Them all !!”

Now it is time to write a nice report

I hope you enjoyed this (FAKE) Real World scenario

About The Author

Mohamed Ramadan is a security researcher from Egypt. He is interested in Penetration Testing, Malware Reverse Engineering, Securing Websites and Servers and Forensics.He also teaches Penetration Testing at Ninja-Sec.com.

elearnSecurity Penetration Testing Professional V2 - Review

2012-04-16T10:46:00.001-07:00

Few months back we reviewed elearnsecurity Penetration testing student course. We received tremendous amount from feedback from our readers who took the course. Therefore i decided to review elearnsecurity's newly launched Penetration Testing Course Professional v2. elearnsecurity offers one of the finest training related to Ethical hacking and Penetration testing in the market. Version 1 of the elearnsecurity training course has had over 2,000 students from 82 different countries in the world and professionals Military agencies and Fortune 50.

The whole course is divided in to following parts:

1. System Security
2. Networking Security
3. Web Application Security

System Security

Module 1 : Introduction
Module 2 : Cryptography and Password cracking
Module 3 : Buffer overflow
Module 4 : Shellcoding
Module 5 : Malware
Module 6 : Rootkit coding

The module starts by covering the basics of C++, ASM and x86 Architecture and than graudually starts moving towards advanced topics such as Cryptography, bufferoverflows, shellcoding etc. I must say that I was impressed the way they explained a complex topics like "Buffer Overflows" and "Shell coding". Module 4 "Shellcoding" is something you won't find in majority of courses on Penetration testing.

Just for your information if by looking at Module 5 "Malware" you probably think that this module will only cover script kiddie stuff such as Prorat, netbus etc usage. Then you are wrong. A thorough and detailed classification of types of malware is the introduction of a module featuring the most advanced and obscure techniques used by modern malwares.

Webapplication Security

Module 1: Introduction
Module 2: Information Gathering
Module 3: Vulnerability assessment
Module 4: Cross site scripting
Module 5: SQL Injection
Module 6: Advanced Web Attacks

Since past few years attacks have gravitated towards layer 7. Since it's really easily to exploit then networks where you have to bypass tons of security mechanisms such as IDS, IPS, firewall etc. elearnsecurity's V2 makes a great coverage of webapplication security.

The section starts by introducing the students to basics of webapplications such as basics of http protocol, cookies etc. Then it dives into information gathering, which include tons of tips and trcks in order to gather information about the target which will be used to exploit the webapplication later.

The "SQL Injection" module is one of the best and offers wide variety of knowledge related to different techniques and tools used to exploit different type of SQL Injection vulnerabilities such as blind sql injection, time based, error based sql injection etc.

After "XSS" and "SQL Injection" the webapplication section takes you to "Advance Web Application attacks such as CSRF, Remote file inclusion, restricted file uploads etc.

There is also an availability of colliseum lab where you can practice all kinds of attacks you learned in this section, which makes the section even more interesting.

Userfreindly Design And Format

The whole course is presented in a very user-friendly format. I have personally reviewed tons and tons of courses related to Ethical hacking and penetration testing here on RHA and found elearnsecurity design and format to be one of the best and easy to learn format.

Certification

On submitting the exam report, You will receive an eCPPT certification. The eCPPT designation stands for "eLearnSecurity Certified Professional Penetration Tester". eCPPT is a highly respected Ethical Hacking and Penetration Testing Professional certification.

What Should Be Improved?

elearnsecurity team has made a great job in providing intermediate level Penetration testing course, However I personally would like to see more stuff in Network security section.

Conclusion

elearnsecurity's team certainly have made some dramatic changes with it's version 2. It's highly recommended to any one who wish to improve their concepts and knowledge related to Ethical hacking and Penetration testing.

Click Here To Visit The Official Website For The eCPPT Course

How To Bypass Surveys For Free

2012-04-13T15:12:00.000-07:00

We often come across sites in which we have to forcefully do a survey because we have to download a file or see some content.In all of these surveys we are forced to disclose our personal information like our phone number , email id etc.
Later these sites irritate you with their sms's spam mails of offers in which you not at all are interested !
So i've found a way by which you can get through these sites without leaking out your personal information !

Let's start -

1. Download this add on called ''greasemonkey'' for mozilla firefox (mozilla is needed ).

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

After installing it,it would appear like this in your browser -

2. After installing it download this script which runs with the help of this add on(greasemonkey) --

http://userscripts.org/scripts/show/2560

Install this script and make sure the monkey on the right side of your mozilla screen is colored (which means greasemonkey is activated,to activate or deactivate just click on it)

3. Now go to the site which tells you to do the survey and asks for your information etc..

4. You'll see an option on top left side of the page which says '' Press CTRL+SHIFT+F to fill in form. ''

Do as directed..press CTRL+SHIFT+F and you will see that the form gets filled on its own and all the information filled out there is completely random !

Click on submit and you are registered on the site and now you can easily download what you wanted to ! :)

This is all random stuff filled by the script.

BUT

5. Some sites may tell you to verify your identity by logging into your mail and opening some url or to get some pin ! For this all you have to so is go to http://www.yopmail.com/en/ . Go to this site and you'll get a temporary email id for around 15-30min.>paste that temporary email id at the place of email id which your intelligent form filler has randomly filled>click on submit form.

Here ''yoyo@yopmail.com'' is the yopmail email id which is replaced by the default id given by ''form filler''

Here ''yoyo@yopmail.com'' is the yopmail email id which is replaced by the default id given by ''form filler''

6. Check http://www.yopmail.com/en/ Inbox for the mail from the site>Get the pin or confirmation link>you are done !

Here as you can see two mails from the site where we have to forcefully register and the confirmation link plus password (other mails are just spam,ignore them).

OR

7. Some sites may ask you for voice calls confirmation ..I have the solution for that too :)
In that case go to this site http://www.k7.net/ ..on this site you can receive voice calls via mail ! So you bypass Survey again without giving any details !

Register here and you'll be able to receive voice calls via mail.

Author information -

This article is written by shikhil, he is the newest RHA team member and blogs at http://hacking-tweaks.blogspot.in/.

New Malware Detected in "Angry Birds Space"

2012-04-12T11:14:00.001-07:00

The newly launched “Angry Birds Space” is found to have a new malware ! The malware was detected by Lookout Security which is a famous anti virus available for android phones. The malware is said to be a new version of Legacy Native (LeNa) which helps to gain unauthorized privileges from android phone.
This new variant of LeNa hides its payload just past the “End of Image” marker of an otherwise fully-functional JPEG.

This latest version of LeNa has recently emerged in alternative markets, and it is not believed to have been in the Google Play market. Among the apps in which this payload appears, however, is a fully functional copy of the recently released Angry Birds Space.

How it Functions?

LeNa would reportedly trick the user into activating its payload by invoking the SU utility which is used by rooted users to selectively grant super user privileges to applications that request them. After the app gained root access, it performs normally while also secretly installing a native binary file and granting it remote control. But due to its dependence on the SU tool, its spread was limited to rooted devices.

How to Prevent and Be safe :

1 .If phones starts working in an unusual manner then there is a possibility that it is affected.

2. Before downloading the app do look for the comments and reviews of people and also the name of
the developer .

3. Download an anti virus for your mobile. Lookout anti virus, NetQin are some of the trusted names.

About the author:

Shakil is the newest member of RHA, if you would like to become a part of our team, Kindly send an email to rafayhackingarticles@gmail.com

Facebook Hacking: Remote File Inclusion Attack

2012-04-11T04:01:00.002-07:00

Facebook being the world's largest social networking website has became the major target for the hackers, attackers and other malicious users. Facebook has hired the team world's leading security experts in order for them to improve their website's security. Moreover facebook also pays 500$ to any one who can identify any sort of vulnerability inside facebook.
The facebook security team has done a very great job in improving and taking facebook's security to the maximum level. However, the problem is that Facebook applications are not coded or monitored by facebook, and it's also not possible that facebook to monitor every single app for vulnerabilities. These facebook apps are mostly coded by common programmers who are not well aware of how a code is written securely. Which leaves facebook apps poured with common vulnerabilities like XSS ( CROSS SITE SCRIPTING), Clickjacking, Remote file inclusion etc.

Out of all of these web application vulnerabilities, Remote file inclusion is a very common web application attack which occurs because the application is not able to validate included files. According to imperva, 21% of the apps on facebook are vulnerable to remote file inclusion attack.

Here is how the attack is carried out:

Step 1 - The attacker creates a malicious jpg file, because the upload of PHP is mostly banned on webservers with user level privileges. Therefore the hacker renames a PHP shell to some thing like shell.php.jpg in order to upload it to the webserver.

Step 2 - Next the hacker exploits RFI vulnerability in order to reference malicious JPG, which paramtere is something like.

.php?page=url of your malicious image

Step 3 - Next the attacker takes control of the server by just going to the url of the JPG image.

Mitigation:

Imperva suggests a four step mitigation process which can be found inside the image below, However it includes the deployment of web application firewall, but what if some one is not using a WAF, However will he be protected.

Exploiting RFI And Mitigation

You might also like:

How hack facebook Password

@Al-Qaeda Goes Dark For 12 Days

2012-04-08T07:04:00.001-07:00

Now, when the king Osama-bin-laden has been killed, his organization Al-qaeda has weakened in many ways. "The main internet forum of Al-Qaeda has been down since 12 days", further proves the above lines.

The backbone of the groups communication has gone down suddenly. The websites have seen the longest downtime of 12 days, which is the longest in history. Along with the several other forums that Al-Qaeda used, many top sites of the terrorist organization have gone to dark and are not functional.

Yet no organization has taken the responsibility of bringing the forums down, but there are rumors that these attempts have been made by a government authority may be an American hacking group or an individual."The digital sabotage could have been carried out by any number of governments or private hackers", said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies.

There are also news from several agencies that the websites have been taken down by the admins in order to increase the security as there were attempts to infiltrate the websites few days back.

The Shumkah site went live again with a message that the cyber-attack was “a failed, miserable campaign,” according to a translation of the message by security consultant Flashpoint Partners.“The enemies of Allah who boast of their freedoms have not spared any effort to eradicate our blessed media,” the forum said. “Even if it succeeded in stopping the forum, it didn't succeed in achieving its desired aims and goals.” Aaron Zelin, a jihadi website reasercher in Brendis university said that "Its significant because it is Al-Qaeda's lifline to communicate to the outside world".

May be the American army has made this attempt to further break Al-Qaeda after killing the leader, and make the communication between the groups difficult. Whatever be the reason and whoever be the doer, the incident speaks that even the biggest and the most powerful terrorist group is not cyber-safe, and the hackers all over the world have reached a height that they cannot be defeated, doesn't matter who the victim is.

Author:

Ajit Singh is the newest member of RHA team, He blogs at www.coolestwebsite.tk, If you would like to join our team of authors, Feel free to email at rafayhackingarticles@gmail.com

Android Malware Detected - "Roar of the Pharaoh"

2012-04-07T11:59:00.000-07:00

A Chinese again tries to hack android, and this time from behind a game named "The Roar of the Pharaoh". The bug was spotted by a security researcher from Sophos. The game has no security or permission issues while it is installed which lets the Android user believe that it is a non-malicious software and will not harm the system.

But, on the contrary, what the game does is that it collects all the sensitive information from the device and sends it to the authors via an SMS with premium rates, without taking the user's permission. The Trojan sends information like the phonebook entries, SMSs, IMEI number, phone number, OS version etc. Though no cases illegal usage of the users information have been reported yet.

According to the vendor, the malware masquerades as a service called "GameUpdaterService", which sounds like a legitimate name for an application, yet another indication of the social engineering element part of the campaign, next to the actual brand-jacking of a legitimate game’s name.

The application has been detected as an Stinter-A, the mobile phone companies process the money to the authors before the application user gets the bills.Michael Sutton, vice president of security research at cloud-based security provider Zscaler, said "the fake "The Roar of the Pharaoh" app for Android reflects the shift of malware authors to target the Android platform, whether smartphones or tablets. Fake game apps that are really Trojans are increasing and "this is a typical scam for Android now," he added.

The interests of the hackers has now shifted towards the Android phones from computers. The android officials have not spoken anything much about this application, but have warned its users to beware of such malicious applications.

The authors have not been caught yet, and the Chinese Security is still working to put them behind the bars.

Author:

Ajit Singh is the newest member of RHA team, He blogs at www.coolestwebsite.tk, If you would like to join our team of authors, Feel free to email at rafayhackingarticles@gmail.com

FBI:"We are not winning."

2012-04-04T01:59:00.001-07:00

The cyber division of the FBI says that they are losing the war against hackers. "We are not winning", were the words of the FBI assistant director Shawn Henry who is the main-man since more than two decades in the organization. Also, few of the top government officials have said that America is not able to handle the stream of cyber attacks which are increasing every other moment.

Another official Richard Clarke said that almost every big company has already been breached by the Chinese hackers.The FBI cyber team is finding data stolen from the servers of the big companies,without the company getting any hint about it.

The top-cop Richard Henry in a press meeting said, "We have found their data in the middle of other investigations,They are shocked and, in many cases, they've been hacked for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially".

Author:

Ajit Singh, If you would like to join our team of authors kindly email at rafayhackingarticles@gmail.com

Hijacking Facebook Users With Clickjacking Attack

2012-03-31T13:09:00.001-07:00

Clickjacking is one of most used attack on Facebook. Scammers use this attack to increase like of a Facebook page and spread some malicious links on Facebook user’s profile. Most of the strange looking auto spreading scams on Facebook are Clickjacking attacks.

Clickjacking name is taken from click Hijacking. In this attack, hacker hijacks users’ click to perform some actions on the webpage. This attack is also known as User Interface redress attack, UI redress attack or UI redressing. In this attack, hacker tricks innocent users to click on something which is not the same thing user is clicking. It means user tries to click on some link button for some specific task while the button or link performs something else.

How this attack works?

As the name suggest, hacker hijacks the click of the user. But this sounds complicated. In this attack, hacker use modified frames in the way that only a specific part of the webpage is visible on the page.

For example, imagine a hacker created a web site that has a button on it which says "click here for get free gifts". But, on the top of web page, hacker has embedded an iframe with a button for subscription directly on top of the "free Gifts" button. Victim visitor will try to click on free gifts button but instead actually clicked on the invisible Subscription button.

This attack is performed with the help of 2 iFrame. First of all we will add the target button to the top left of the webpage in an iframe. First IFrame is used to hide all other elements of the webpage which originally contains the button. Hacker hide border and scroll. This will make hard to identify the frame on the web page.

<iframe id="inner" src="http://hackingtricks.in" frameborder="none" scrolling="no" width="1000" height="3000"></iframe>

#inner { position: absolute; left: -600px; top: -600px ;}

Change the position and iframe size according to the button you are adding.

Now add this web page on target web page inside an IFrame at the position where we want to add the button. Second IFrame is used to add this button on the target web page where we want it to be clickjacked. Do not use border and scroll in this frame too. Now add some texts and images around this framed button so that it appears the part of the page. Also put some false message to get users click on the button.

LikeJacking: Likejacking is not the different attack. It is the Clickjacking attack which is used to increase the like of a Facebook page or a Facebook post. Facebook got the solution to prevent this attack in the Facebook’s hacking event Hackathon. Although, Facebook has implemented many security levels to prevent this attack, but hackers always gets some way to perform this on facebook.

Protection against this attack: This is a harmful attack and can be prevented by server side and client side both.

Server Side Protection: Most successful server side protection against this attack is "Defending with Frame Breaking Scripts." In this web developer add a script on the web page which prevents the web page to be framed. This is the code which is used to prevent the page to be framed.

<script type="text/javascript">// <![CDATA[

if (self == top) {

var theBody = document.getElementsByTagName('body')[0];

theBody.style.display = "block";

} else {

top.location = self.location;

}

// ]]></script>

But there are few methods which can break the protection.

Client Side Protections: There are some add-ons and tools available which are used to protect browsers against this attack.

NoScript: No doubt, NoScript is the most useful Firefox add-on which protects users from many types of web attacks. This add-on also prevents users from clicking on invisible or “redressed” page elements of embedded documents or applets. This is the best security tool against this attack.

Ghostery: This is also a nice browser extension which is also used to protect users against this attack. This privacy browser enables users to detect and control tags, web bugs, pixels, and beacons on the webpage which can collect data from their web browsers.

As we know that there is no permanent solution exists to prevent this attack from the server side, we should try to add protections to our web browsing. So I will suggest all users to use client side solutions. If you use Mozilla Firefox, then you must have NoScript Add-on in your web browser. This will protect you against many types of web attacks.

Author Bio:

Deepanker verma is a security researcher and a computer programmer. You can follow his articles on http://hackingtricks.in and http://www.tricksndtricks.in

Hacker Arrested For leaking 6 Million Passwords

2012-03-28T10:43:00.000-07:00

The Chinese Police has arrested a suspect, nicknamed Zeng, who was nabbed in Wenzhou east China's Zhejiang Province, on February 4 after an investigation into the case. He is reported to have stolen around 6 million passwords from China's software developer network. He is in police custody on charges of illegal data acquisition. According to the officials the leaked information contained ids, passwords and other personal information in plain text.

Looking at the hacked information the police officials were sure that the data was hacked before July 2010. Zeng got caught because he himself had once posted that he has gained the control of the CSDN database and wanted to contribute for the website. He has accepted that he entered the database through a system loophole.

After the arrest, the Beijing Police has punished CSDN for keeping poor security of the database. CSDN has announced that its database has been completely secured since September 2010 and the customers need not fear of another security breach.

Author

Ajit Singh(www.coolestwebsite.co.cc)

Is It Possible To Crack A Facebook Account?

2012-03-22T01:18:00.004-07:00

We have discussed alot about popular password cracking methods such as Bruteforce, Dictionary attack and Rainbow tables. However a question I get asked frequently is if it's possible to crack a Facebook account. So I wish to clear concepts related to Hacking/Cracking Facebook accounts. First of all "Hacking a Facebook account" and "Cracking a facebook account" are both different terminologies.

Hacking a facebook account refers to foolproof methods such as Phishing, keylogging, Social engineering etc.
However the terminology cracking refers to the methods such as Bruteforce, Dictionary attacks etc.

Brute Force Attacks

Bruteforce is one of the most common and most reliable password cracking methodologies. A bruteforce attack tries all possible combinations against the medium, until the correct password is found. However the problem with a bruteforce attack is that as the password complexity increases, the time taken to crack a password also increases.

The chart above illustrates the time the estimated time taken by a computer in order to bruteforce a password, assuming that if it's capable of trying 10,000 passwords per second. However, the time taken can be reduced by adding the number of processors to the task. Therefore the only flaw with the attack is that it requires lots of potential.

Dictionary Attacks

The only difference with a bruteforce attack and Dictionary attack is that "A Dictionary attack tries the passwords which we want it to try". Confusing?. In a dictionary attack we have the freedom to choose a huge list of words that people commonly use in their password (Depending upon the situation). The following video will help you understand more about Dictionary attacks.

Is It Possible To Crack A Facebook Account?

Coming back to the main topic of this article. A few hours back while I was watching hacking related videos on securitytube.net, I came across to a video in which the hacker claimed that one can use "Hydra To Crack A Facebook Password". However here is why a bruteforce attack won't work against a facebeook account.

Facebook and all other popular social networking websites lock an email account, after few unsuccessful login attempts. They either have introduced an "Account Lockout Feature" or they either have introduced an "Account Lockout" feature, which prevents an automated password cracking method to work. However, even if you get it working, A minimum facebook password length is about 6-characters. kindly refer to the chart and find out your success rate.

Likewise, if you have any questions, Feel free to ask.

NSA Building the World's Biggest Spy Center ever

2012-03-20T10:10:00.004-07:00

Forget NASA, CIA, FBI or any other agency that can intercept your calls,emails and internet connections.In Bluffdale ,USA National security Agency is busy building the largest Spy center in the history of the world.The immensely secretive and high-priority project is to be completed in 2013.This will make NSA the largest, most covert, and potentially most intrusive intelligence agency ever.

The center will serve the purposes of NSA which are related to communications between humans as well as machines.It will have the power to intercept,decipher,analyze and store mammoth data collected from satellites,optical fibres and local and international networks.The under construction $2 billion center will be capable of storing contents of private emails,cell phone calls and messages,Google searches and activities on social networks.Besides these it will have all sorts of personal data-trails parking receipts,bookstore purchases and other digital “pocket litter.”

Accoding to a senior security official,who until recently was involved with the program “this is more than just a data center.It is also critical for breaking codes”.He went on to say , code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents—will be heavily encrypted. According to another top, the agency made a huge breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems .

The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

About The Author

Aneeq Fasi covers hacking news at RHA. You can follow him on twtter under - https://twitter.com/#!/aneeqfasi. If you would like to become a part of our team, Kindly email to rafayhackingarticles@gmail.com.

Facebook Hacker V1.0 - A Keylogging Software

2012-03-19T11:58:00.002-07:00

We have wrote several articles on Facebook Hacking, The most recent one we wrote was on "Top 10 Ways How Hackers Can Hack Facebook Accounts In 2012". Which received tremendous amount of responses. However in today's article we would like you to introduce you a software named "Facebook Hacker. Hacking facebook accounts using phishing methods are out of the fashion these days. A new tool known as facebook hacker is introduced. A dangerous tool for the people in need of other’s username and passwords.

This tool is extremely easy to connect and use. All you have to do is give an email address and a password where the stolen information is to deliver. Can’t be easier than that.

Just type in the email address and password and then click on the build button. A new “SERVER.EXE” file will be created and most of the work is already done. Now the big part comes. Just send this file to the victim. Rename it, change the icon and make it more presentable so that the victim opens it for sure.

As soon as the victim opens the file, Server.exe will get all the passwords saved and facebook account credentials and will give them to you. To avoid detection, the facebook Hacker will also look for all the processes related to a security suite and kill them upon detection. The most important thing this software does is it kills all the security suite detecting it.

You should know how to protect yourself from such threats. BitDefender detects this as a Trojan. In order to stay safe ensure that you update your antivirus regularly. Also, remember not to run files you may receive as attachments or via IM, or at least, to scan them beforehand.

Download Facebook Hacker V1.0 here

About The Author

This article has been written by Amin Motiwala, He is the newest member of our team. If you would like to become a member of our team, Kindly shoot an email to rafayhackingarticles@gmail.com

Ethical Hacking - Rafayhackingarticles

Learn How To Hack With MrCracker InnerCircle

Frequently Asked Questions

Hacking Software - oclHashcat-plus v0.08

Facebook Strengthen's It's Security By Launching Antivirus MarketPlace

Officially Launching IncomeFigure

Google Raises Bug Bounty - Great News For Hackers

How to Join Anonymous Army ?

Hack Facebook Accounts With Reverting

Anonymous Hacks Formula 1 Website

Stuxnet Worm Was Loaded Iran DoubleAgents!

Nikjju Injection Compromises More Than 180,000 Pages !

Protect Your Website Against SQL Injection

Penetration Testing In Real World - "Codename: Samurai Skills"

How To Hack Windows 7 And Bypass Firewall And Kaspersky Antivirus

elearnSecurity Penetration Testing Professional V2 - Review

System Security

Network Security

Webapplication Security

Userfreindly Design And Format

Certification

What Should Be Improved?

Conclusion

How To Bypass Surveys For Free

New Malware Detected in "Angry Birds Space"

Facebook Hacking: Remote File Inclusion Attack

@Al-Qaeda Goes Dark For 12 Days

Android Malware Detected - "Roar of the Pharaoh"

FBI:"We are not winning."

Hijacking Facebook Users With Clickjacking Attack

Hacker Arrested For leaking 6 Million Passwords

Is It Possible To Crack A Facebook Account?

Brute Force Attacks

Is It Possible To Crack A Facebook Account?

NSA Building the World's Biggest Spy Center ever

Facebook Hacker V1.0 - A Keylogging Software