Dette innlegget er merket av Netonhacks
fellesskapet som tvilsomt innhold.
Vær oppmerksom netonhack's oppslag er kun for informasjonsformål. Netonhacks tillater ikke ulovlige handlinger. Oppføre dere! : )
Hvordan hacke Twitter account?? Forklaring her...
Her er det en annet mulig het. dette er et program som gjør det for deg...
You can download Software for FREE here..Free Twitter Hack.Rar
But you must enter activation code. You can download Activation code here..
Free Twitter Hack Activation Code.
Hacking Twitter Account Password: Twitter Phishing for Hacking Twitter
Previously i've posted How to Hack Facebook Password, How to Hack Rapidshare Premium Account Password, How To Hack eBay User ID and Password, How To Hack Gmail Account Password and How to Hack Any Email Password. In this article i'm going to show you how to hack a Twitter Username and Password using phishing.
Now i know most of you already know what is phishing and how can it be used, but for those who don't know here is a short explanation.
It's simply like this... Phishing site is a exactly same page of the normal twitter login page. But when you enter your email and the password on login field, phishing sites save those login details, then the owner of the phishing site can login to your twitter account with your details later! The only way to recognize a phishing site is reading the address bar of the browser. It should be the normal twitter login URL. If you see something like "www.newtwitter.com/login.php", "www.twitterbeta.com/login.php", etc.
Now before we start Please Note: Phishing is legally offensive. I am not responsible for any action done by you.
How to Hack Twitter Account Password?
1. First of all download Twitter Phisher from here.
2. The downloaded file contains:
- twitter.html
- twitter.php
- password.txt
4. Once you have uploaded the files in the directory, send this phisher link (twitter.html) to your victim and make him login to his Twitter account using your sent Phisher.
5. Once he logs in to his Twitter account using Phisher, all his typed Twitter id and password is stored in "password.txt".
6. Now, open password.txt to get hacked Twitter id and password as shown.
Topp 15 Sikkerhet / hacking Verktøy & redskaper
1. NmapJeg tror alle har hørt om dette, nylig utviklet seg til 4.x serien.
Nmap (Network Mapper) er en fri åpen kilde verktøy for nettverk leting
eller sikkerhet revisjon. Den ble utviklet for å raskt skanne store nettverk, men
den arbeider fin mot én verter. Nmap bruker rå IP-pakker i romanen måter å
bestemme hvilke verter er tilgjengelige på nettverket, hvilke tjenester (søknad
Navn og versjon) som verter tilbyr, hvilke operativsystemer (og OS
versjoner) de kjører, hva slags pakke filtre / brannmurer er i bruk,
og dusinvis av andre egenskaper. Nmap kjører på de fleste typer datamaskiner og
både konsollen og grafiske versjoner er tilgjengelige. Nmap er gratis og åpen kildekode.
Kan brukes av nybegynnere (-st) eller ved pros alike (packet_trace). A very
allsidig verktøy, når du fullt ut forstår resultatene.
Get Nmap Here - http://www.insecure.org/nmap/download.html
2. Nessus Remote Security Scanner
Nylig gikk lukket kildekode, men er fortsatt i hovedsak gratis. Fungerer sammen med en klient -
server rammeverk.
Nessus er verdens mest populære sårbarhet skanneren brukt i over 75000
organisasjoner verden over. Mange av verdens største organisasjoner
realisere store besparelser ved å bruke Nessus til tilsynet forretningskritiske
enterprise-enheter og programmer.
Get Nessus Here - http://www.nessus.org/download/
3. John the Ripper
Ja, JTR 1,7 nylig lansert!
John the Ripper er en rask passord sprakk, tilgjengelig for mange
varianter av Unix (11 er offisielt støttet, ikke medregnet annerledes
arkitekturer), DOS, Win32, BeOS, og OpenVMS. Dens hovedformål er å oppdage
svak Unix passord. Foruten flere crypt (3) password hash typer oftest
funnet på forskjellige Unix-varianter, støttet ut av boksen er Kerberos AFS og
Windows NT/2000/XP/2003 LM hashes, pluss flere bidro med patcher.
Du kan få JTR Here - http://www.openwall.com/john/
4. Nikto
Nikto er et Open Source (GPL) webserveren skanner som utfører omfattende
tester mot webservere for flere elementer, blant annet over 3200 potensielt
farlige filer / CGIs, versjoner på over 625 servere, og versjon spesifikk
problemer på over 230 servere. Scan elementer og plugins som oppdateres ofte og
kan automatisk oppdateres (hvis ønskelig).
Nikto er et godt CGI skanner, er det noen andre verktøy som går godt sammen med Nikto
(fokus på http fingeravtrykk eller Google hacking / info samle etc, en annen
artikkelen for bare dem).
Get Nikto Here - http://www.cirt.net/code/nikto.shtml
5. SuperScan
Kraftig TCP-port scanner, Pinger, resolver. SuperScan 4 er en oppdatering av
svært populære Windows-port skanning verktøyet, SuperScan.
Hvis du trenger et alternativ for Nmap på Windows med en anstendig grensesnitt, jeg
foreslår at du sjekker ut dette, det er ganske fint.
Get SuperScan Here - http://www.foundstone.com/index.htm
subnav = ressurser / navigation.htm & subcontent = / resources/proddesc/superscan4.htm
6. p0f
P0f v2 er en allsidig passiv OS fingerprinting verktøyet. P0f kan identifisere
operativsystem på:
- Maskiner som kobles til boksen (SYN-modus),
- Maskiner du kobler til (SYN + ACK-modus),
- Maskinen du kan ikke koble til (RST +-modus),
- Maskiner som kommunikasjon du kan observere.
I utgangspunktet kan det fingerprint noe, bare ved å lytte, den ikke gjøre noen
aktive forbindelser til målet maskinen.
Get p0f Here - http://lcamtuf.coredump.cx/p0f/p0f.shtml
7. Wireshark (Formely Ethereal)
Wireshark er et GTK +-basert nettverk protokoll analysator eller sniffer, som lar deg
fangst og interaktivt bla gjennom innholdet i nettverket rammer. Målet med
prosjektet er å skape en kommersiell kvalitet analysator for Unix og å gi
Wireshark funksjoner som mangler fra lukket kildekode sniffere.
Fungerer fint på både Linux og Windows (med et GUI), enkel å bruke og kan
rekonstruere TCP / IP Streams! Vil gjøre en tutorial på Wireshark senere.
Get Wireshark Here - http://www.wireshark.org/
8. Yersinia
Yersinia er et nettverk verktøy utviklet for å utnytte noen weakeness i
forskjellige Layer 2 protokoller. Det later til å være et solid rammeverk for å analysere
og teste den distribuerte nettverk og systemer. Foreløpig er følgende nettverk
protokoller er implementert: Spanning Tree Protocol (STP), Cisco Discovery
Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration
Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1Q, Inter-Switch
Link Protocol (ISL), VLAN Trunking Protocol (VTP).
Den beste Layer 2 kit finnes.
Get Yersinia Here - http://yersinia.sourceforge.net/
9. Eraser
Eraser er et avansert sikkerhetsverktøy (for Windows), som lar deg
fjerne sensitive data fra harddisken din ved å overskrive det flere
ganger med nøye utvalgte mønstre. Works with Windows 95, 98, ME, NT,
2000, XP og DOS. Eraser er fri programvare og kildekoden er utgitt under
GNU General Public License.
Et utmerket verktøy for å holde dine data veldig trygg, hvis du har slettet den .. foreta
sikker på at det virkelig er borte, trenger du ikke ha det hengende rundt å bite deg i ræva.
Get Eraser Here - http://www.heidi.ie/eraser/download.php
10. PuTTY
PuTTY er en gratis implementering av Telnet og SSH for Win32 og Unix plattformer,
sammen med et xterm terminal emulator. Et must for enhver h4. 0R ønsker å
telnet eller SSH fra Windows uten å måtte bruke crappy standard MS-kommandoen
linje klienter.
Få PuTTY her. - http://www.chiark.greenend.org
11. LCP
Hovedhensikten med LCP programmet bruker regningen passord revisjon og utvinning i
Windows NT/2000/XP/2003. Kontoer informasjon import, passord utvinning, Brute
force økt distribusjon, hashes databehandling.
Et godt alternativ til L0phtcrack.
LCP ble kort omtalt i våre godt lese Rainbow Tabeller og RainbowCrack
artikkelen.
Get LCP Here - http://www.lcpsoft.com/english/download.htm
12. Kain og Abel
Min personlige favoritt for passord sprengning av noe slag.
Kain og Abel er et passordgjenoppretting verktøy for Microsoft-operativsystemer. Det
gir enkel gjenoppretting av ulike slag av passord av snuse nettverket,
cracking krypterte passord hjelp Dictionary, Brute-Force og Kryptoanalyse
angrep, innspilling VoIP samtaler, dekoding scrambled passord, avslørende
passord boksene, avdekke skjulested passord og analyserer ruting protokoller.
Programmet utnytter ikke noen programvare svakheter og feil som kan
ikke fast med liten innsats.
Få Kain og Abel Here - http://www.oxid.it/cain.html
13. Kismet
Kismet er et 802.11 Layer2 trådløst nettverk detektor, sniffer og inntrenging
detection system. Kismet vil fungere med alle trådløse kort som støtter rå
overvåking (rfmon) modus, og kan snuse 802.11b, 802.11a og 802.11g trafikk.
En god trådløs verktøyet så lenge kortet ditt støtter rfmon (se etter en orinocco
gull).
Get Kismet Here - http://www.kismetwireless.net/download.shtml
14. NetStumbler
Ja en anstendig trådløst verktøy for Windows! Dessverre ikke like kraftig som den Linux
kolleger, men det er lett å bruke og har et flott grensesnitt, god for
grunnleggende om krig-kjøring.
NetStumbler er et verktøy for Windows som lar deg oppdage Wireless Local Area
Nettverk (WLAN) med 802.11b, 802.11a og 802.11g. Den har mange bruksområder:
Kontroller at nettverket ditt er satt opp slik du hadde tenkt.
Finn steder med dårlig dekning i WLAN din.
Oppdage andre nettverk som kan forårsake forstyrrelser på nettverket.
Oppdage uautorisert rogue tilgangspunkter på din arbeidsplass.
Hjelp Målet directional antenner for langtransport WLAN links.
Bruk den recreationally for WarDriving.
Get NetStumbler Here - http://www.stumbler.net/
15. hping
Avsluttet, noe litt mer avansert hvis du vil teste TCP / IP
packet monkey ferdigheter.
hping er et kommandolinjeverktøy orienterte TCP / IP packet assembler / analysator. Den, det
Grensesnittet er inspirert til ping unix-kommandoen, men hping er ikke bare i stand til å
send ICMP echo requests. Den støtter TCP, UDP, ICMP og RAW-IP-protokollene, har en
traceroute modus, muligheten til å sende filer mellom en dekket kanal, og mange
andre funksjoner.
Get hping Here - http://www.hping.org/
KeyKeriki
Now 1.5 years after releasing our whitepaper "27Mhz Wireless Keyboard Analysis Report" about wireless keyboard insecurities, we are proud to present the universal wireless keyboard sniffer: Keykeriki. This opensource hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only).
The hardware itself is designed to be small and versatile, it can be extended to currently undetected/unknown keyboard traffic, and/or hardware extensions, for example, a repeating module or amplifier
SIPcrack
SIPcrack is a suite of tools to sniff and crack the digest authentications that are used within the SIP protocol.
The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.
See the README and CHANGELOG file for more information.
Download: SIPcrack-0.4.tar.gz
SHA-1: 3d32c710a4c9bac8a5050ec5e06a6f8d8b015aab
Wyd
wyd is a password profiling tool that extracts words/strings from supplied files and directories. It parses files according to the file-types and extracts the useful information, e.g. song titles, authors and so on from mp3's or descriptions and titles from images.
It supports the following filetypes: plain, html, php, doc, ppt, mp3, pdf, jpeg, odp/ods/odp and extracting raw strings.
Download: wyd-0.2.tar.gz
SHA-1: 45d8bceb158f0f0864be77b0869cc463f6813dc0
saltymd5
saltymd5 is a small and simple tool that automates bruteforce / wordlist attacks against salted MD5 hashes. It supports dictionary input via named pipes and can therefore be used in combination with john.
See the README file for more information.
Download: saltymd5-0.2.tar.gz
SHA-1: 941945c973aedcff9cec7d6506c7c16230d36361
Busting The Bluetooth Myth
During the last year, rumours had come to my attention that apparently it is possible to transform a standard 30USD Bluetooth® dongle into a full-blown Bluetooth® sniffer. Thinking you absolutely need Hardware to be able to hop 79 channels 1600 times a second I was rather suspicious about these claims.
This paper is the result of my research into this area, answering the question whether it is possible or not.
Download: busting_bluetooth_myth.pdf
SHA-1: c6d6a15baa2410ded491b468c902eedea3b87b4c
CUPP v3
People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.
Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities. In password creation, as in many aspects of life, everybody tends to the original solution, but thanks to human nature, we all tend to originality in the same way, leading to almost absolute predictability.
Common User Passwords Profiler version 3 comes with some fixes and new options!
Download: cupp-3.0.tar.gz
SHA-1: 477e8e8c060f0da2e2039dc3af1ba4b17a421cd1
evade_disablecmd_vba_macro.zip
Word Macro to evade disableCMD policy setting. The zip file contains a .doc example file with the macro and a .reg file to set/delete the policy setting. The macro copies the cmd.exe and patches one byte to overcome the disablecmd policy setting. Nothing fancy but working.
Download: evade_disablecmd_vba_macro.zip
SHA-1: 4558149d59a88e748a38e22ef776ecefb09df506
Exe2vba_max
Word Macro to Include & Extract exe within Word. I needed to include an executable into a word macro. Unfortunately the metasploit tool exe2vba is built to integrate the exe into the macro code. That does not work on larger files because of limitation within word. My code is now extracting the exe from the word document itself. I randomized every variable and function name as well as the magic itself. The exe can be attached to existing documents as well. I will remove the code as soon as the metasploit team merges it into their codebase.
Download: exe2vba_msf_patch.tar.gz
SHA-1: 7dbd87510d6346fad5ed76df46f11a72d51cf315
BlueBugger
bluebugger is an implementation of the bluebug technique which was discovered by Martin Herfurt from the Trifinite Group. It can be used to dump data like phonebook and sms from vulnerable mobile phones.
It was tested with the following phones: Nokia 6310i, Nokia N72 and Sony Ericsson T68i.
Download: bluebugger-0.1.tar.gz
SHA-1:2ab01a8b00de145f33875beafc4053e10a217879
Psnuffle
Psnuffle is a credentials sniffer module for the metasploit framework.
It has been removed from our website because it is integrated into the metasploit svn now.
You can get it using the command:
svn co http://metasploit.com/svn/framework3/trunk/
bed
bed (aka 'Bruteforce Exploit Detector') is a plain-text protocol fuzzer that checks software for common vulnerabilities like buffer overflows, format string bugs, integer overflows, etc.
Supported protocols: finger, ftp, http, imap, irc, lpd, pjl, pop, smtp, socks4 and socks5
Co-Author: Eric Sesterhenn
Download: bed-0.5.tar.gz
SHA-1:22a56f64d49df3032f656d687544943018bb68e9
5NMP
5NMP is a SNMP scanner and brute-forcer for MS Windows. SNMP is the Simple Network Management Protocol. It is used by many if not most companies to manage and monitor their infrastructure. It is also often overlooked in terms of security and underestimated as an attack vector. RFC1157.
Download: 5NMP.tar.gz
SHA-1: 1d8310fb505d1f4270406f8d2059a23cf72adac1
Pirelli Discus DRG A225 WiFi Router
Default WPA2-PSK algorithm vulnerability.
Download: Pirelli_Discus_DRG_A225_WiFi_router.pdf
SHA-1:e6bb5aca7f11ab7bca445d282acace7e38056c34
LiquidFM Mod
Increase Quality by Adding an Antenna. Kensington's LiquidFM is a device that transmit audio from my Ipod to my car radio.
The transmission quality suffers especially in crowded areas. By adding an antenna to it, one could enhance the signal strength and therefore get a better sound into your card radio. Checkout the video tutorial for the details.
HotSpotter
Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names.
If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate.
Download: hotspotter-0.4.tar.gz
SHA-1: c573a75dff6386e1dbb98bc3121f0daf4e297afe
Wellenreiter
Wellenreiter is a wireless network discovery and auditing tool. It is one of the easiest to use linux wireless scanning tools available. No card configuration has to be done anymore. The whole look and feel is pretty self-explainatory. It can discover networks (BSS/IBSS), and detect ESSID broadcasting or non-broadcasting networks as well as their WEP capabilities and the manufacturer information automatically.
The development of Wellenreiter has stopped.
Old Project Site: http://wellenreiter.sf.net
ICMPchat
icmpchat is a simple, encrypted chat that is based on the ICMP protocol. The used ICMP codes and types can be manually specified, e.g. ICMP_ECHO for one side and ICMP_ECHOREPLY for the other to hide the conversation.
The payload of the ICMP packet contains the actual data and is encrypted using the AES-256bit algorithm with a SHA-256bit hash of an user-given password.
Download: icmpchat-0.8.tar.gz
SHA-1: e748628263815e4cc7e1994d69f93b24d951ecff
Archive/
Over the years, lots of small codes, papers, etc. have been created that are no longer considered important enough to have their own space on this page.
That is why we moved them into the Archive.
hack a website using c99 script
Using c99 script
This c99 shell allows an attacker to hijack the php enable web server. This script is very user friendly and having very good interface so it is easy to use. You can issue any php command to run on the web server. You can use any of the commands given in the script to run on the web server.
NOTE: This post is only for educational purpose. We advice you not to try this on any website. Use of this script on any website is illegal.
For hacking a website using C99 script follow these steps.
1) Find a php web site with an uploader.
2) Test the file uploader to be secure or not by uploading files with a server executable extension.
3) If uploader is unsecure then upload the shell script.
4) Execute the uploaded code by navigating to the uploaded page.
5) A c99 script GUI will show up with a lot of options and details.
6) Look for the server details if the safe mode is on or off. If safe mode is off then the entire web server can be controlled by the script. If its on then on the directory in which c99 shell script is uploaded can only be controlled by the script.
7) Apart from being able to chmod, modify and delete files c99 also lets its user brute force the ftp but it requires an additional dictionary file which can run into hundreds of MBs.
NOTE: You can also execute this script on the web server by RFI
Search the and download the script from google. or download from link
c99
but upper link may not work because script will soon be deleted by the file host.
