///////////////////////////////////////////
Great Social Engineering Techniques for Hackers - Get People to Do What You
Want
I am having this "hacking/security" blog for more then a year now. Beside
cyber security, ethical hacking and technology, I am also interested in
some social/natural science fields, like philosophy, and psychology. In
this article I would share some manipulation techniques that i know about
from my previous knowledge, and experience.Now these techniques can be
used in many different ways and I will leave it up to the individual to
decide what those ways are. Please realize this isn't mind control and it
will not make you able to convince people to do extreme things but maybe
change a simple idea in someones mind and make them favor your ideas more.
This methods can come in handy for many hackers. Lets start:
Sympathy/Empathy - Believe it or not making someone feel sorry for you can
wield great results. You can convince people to do many things with just a
simple guilt trip. Examples include a family members death, recent job
loss, an scarring event such as being robbed at gunpoint, losing money, or
even a simple bad day. Using this can make somebody not only do what you
want but they won't feel regret over doing it.
Split Personalities - No this does not mean be nice one second and mean the
next. This tactic is great for pressuring someone into something from two
fronts. The basic idea of this is to act as two people. This cannot be done
in person and is best done online. An example of this methods usefulness is
to maybe convince someone to sell something at a cheaper price by having
one side of you as friend saying great deal while the other says that they
can barely do this and they're unsure if they should. The trick here is to
play opposites in a way that pushes the person you want to trick into doing
something they wouldn't otherwise do.
If you don't then someone else will - Nothing puts more pressure on someone
then giving them the idea of loss if they do not take advantage of the
situation. This can be great for selling items. The general idea behind
this is to make the person feel as if they will lose a once in a lifetime
opportunity if they give up on this offer. You can even use the Split
Personalities in mixture with this.
Being Over Understanding - Nothing softens the heart than making a person
feel that they're doing a good job. If a situation comes where you have
been wrong pretending to be completely understanding can go a long ways.
This can general make the person feel more entitled to give you a better
experience.
That is all I can come with at the current moment. Please throw suggestion
and feedback. This is technically Social Engineering, an art of getting
people to tell you stuff that they usually wouldn’t disclose, through the
use of words and your appearance. I personally hate these type of people. A
good Social engineerer (or as I love to call these types of people,
“Bullshit artists”), can make people believe nearly anything. It is always
a good idea to be aware of people who you don’t know, but it is also good
practice to watch people you DO know. Don’t be getting paranoid about
things, because that isn’t what i mean, but Social Engineering is the
EASIEST way to hack anything. Hope this helps people gain the upper hand in
a poorly setup situation.
Sunday, October 10, 2010
"MAKE MONEY WITHOUT DOING SURVEYS"
///////////////////////////////////////////
How to Download from ShitCash Websites Without Doing Surveys
This little trick will help you to download from "shitcash" or any other
downloading site without doing surveys. Now you can skip ads with some
mouse click... Yesterday i tried to download something from a "shitcash"
website but it was so annoying. Surveys, pop-up ads... I found a working
trick to bypass ShitCash surveys. Here are the steps:
REQUIREMENTS:
FireFox [Download]
GreaseMonkey [Download]
This script: Intelligent Form FillerSo it works pretty easy, actually:
You just open your ShitCash page.Choose an offer.Press Ctrl + Shift + F and
its all filled in with random stuff.
*In some cases turn OFF GraseMonkey by clicking the little monkey, if
submitted turn ON again.
4. Now, submit the form, and your download unlocks most of the time.
Optional 5. If doesn't, clean your cookies, I recommend using this add-on:
Click&Clean, and start at step 1.
Have fun downloading from ShitCash websites Without doing surveys. I hope
this trick will help some readers.
How to Download from ShitCash Websites Without Doing Surveys
This little trick will help you to download from "shitcash" or any other
downloading site without doing surveys. Now you can skip ads with some
mouse click... Yesterday i tried to download something from a "shitcash"
website but it was so annoying. Surveys, pop-up ads... I found a working
trick to bypass ShitCash surveys. Here are the steps:
REQUIREMENTS:
FireFox [Download]
GreaseMonkey [Download]
This script: Intelligent Form FillerSo it works pretty easy, actually:
You just open your ShitCash page.Choose an offer.Press Ctrl + Shift + F and
its all filled in with random stuff.
*In some cases turn OFF GraseMonkey by clicking the little monkey, if
submitted turn ON again.
4. Now, submit the form, and your download unlocks most of the time.
Optional 5. If doesn't, clean your cookies, I recommend using this add-on:
Click&Clean, and start at step 1.
Have fun downloading from ShitCash websites Without doing surveys. I hope
this trick will help some readers.
Wednesday, October 6, 2010
"HACK GMAIL ACCOUNT"
///////////////////////////////////////////
How to Crack Gmail Account Password - Email Hacking
Here is the most effective technique for cracking GMail Accounts Passwords.
This method uses 'Social Engineering' rather than 'Phishing'.
Follow the steps as given below:
Success Rate: 90%
Step 1: Create your own fake gmail login form using HTML, which may look
like one as shown below:
The HTML code for above login screen created by me is given here.
Step 2: We require a form processor to process this fake login form, i.e.
to store the username and password entered by the victim.
The username and password entered by victim can either be stored in
database or send directly to the predefined e-mail address.
This can be done in two ways:
1. Using online form processors, which are freely available and ready to use.
eg. One of such form processor is provided by http://www.formmail.com . You
have to register with www.formmail.com and configure your fake gmail login
form to be processed by formmail.com . The configuration is different for
each formmail account. Which may be something like this.
2. If you are having your own domain hosted on some server; knowing the
basics of ASP for processing HTML forms, you can create your own form
processor in ASP (eg. 'login.asp' page) for above given fake gmail login
form. Here you should only put both 'gmail.html' and 'login.asp' files to
your server.
Step 3: Now both of your 'Fake Gmail Login Form (eg. gmail.html)' and 'Form
Processor' are ready to use.
Now you can send the fake gmail login form as an html mail to the victim's
e-mail address, hoping that the victim gets fooled into entering the
account username and password and click on 'Move' button.
Note: You can use Microsoft Outlook for sending HTML e-mail.
Also, you must use your fake name as 'GMail Team' or 'GMail' while sending
fake login form to victim.
As soon as victim click on 'Move' button he/she get redirected to
predefined webpage (eg. http://www.gmail.com), while his/her 'username'
and 'password' get emailed to you by formmail.com .
That's It...! Happy Gmail Hacking ;)
How to Crack Gmail Account Password - Email Hacking
Here is the most effective technique for cracking GMail Accounts Passwords.
This method uses 'Social Engineering' rather than 'Phishing'.
Follow the steps as given below:
Success Rate: 90%
Step 1: Create your own fake gmail login form using HTML, which may look
like one as shown below:
The HTML code for above login screen created by me is given here.
Step 2: We require a form processor to process this fake login form, i.e.
to store the username and password entered by the victim.
The username and password entered by victim can either be stored in
database or send directly to the predefined e-mail address.
This can be done in two ways:
1. Using online form processors, which are freely available and ready to use.
eg. One of such form processor is provided by http://www.formmail.com . You
have to register with www.formmail.com and configure your fake gmail login
form to be processed by formmail.com . The configuration is different for
each formmail account. Which may be something like this.
2. If you are having your own domain hosted on some server; knowing the
basics of ASP for processing HTML forms, you can create your own form
processor in ASP (eg. 'login.asp' page) for above given fake gmail login
form. Here you should only put both 'gmail.html' and 'login.asp' files to
your server.
Step 3: Now both of your 'Fake Gmail Login Form (eg. gmail.html)' and 'Form
Processor' are ready to use.
Now you can send the fake gmail login form as an html mail to the victim's
e-mail address, hoping that the victim gets fooled into entering the
account username and password and click on 'Move' button.
Note: You can use Microsoft Outlook for sending HTML e-mail.
Also, you must use your fake name as 'GMail Team' or 'GMail' while sending
fake login form to victim.
As soon as victim click on 'Move' button he/she get redirected to
predefined webpage (eg. http://www.gmail.com), while his/her 'username'
and 'password' get emailed to you by formmail.com .
That's It...! Happy Gmail Hacking ;)
"KNOW MORE ABOUT NETWORK HACKINGS"
///////////////////////////////////////////
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
"KNOW MORE ABOUT NETWORK HACKINGS"
///////////////////////////////////////////
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
Know More about Network Hacking (Port Scanning)
System administrators are constantly being advised to check their systems
for open ports and services that might be running that are either
unintended or unnecessary. In some cases, the services might be Trojans
just waiting to be exploited.
Port Scanning: Port scanning is carried out to determine a list of open
ports on the remote host that have certain services or daemons running. In
port scanning, the attacker connects to various TCP and UDP ports and tries
to determine which ports are in listening mode.
1. TCP Ports Scanning: Almost all port scans are based on the client
sending a packet containing a particular flag to the target port of the
remote system to determine whether the port is open. Following table lists
the type of flags a TCP packet header can contain.
A typical TCP/IP three way handshake can be described as follows:
The client sends a SYN packet to the server.The server replies with a SYN
packet and acknowledges the client's SYN packet by sending an ACK
packet.The client acknowledges the SYN sent by the server.
Different techniques of TCP port scanning are:
TCP connect port scanningTCP SYN scanning (half open scanning)SYN/ACK
scanningTCP FIN scanningTCP NULL scanningTCP Xmas tree scanning
2. UDP Ports Scanning: In UDP port scanning, aUDP packet is sent to each
port on the target host one by one.
If the remote port is closed, then the server replies with a Port
Unreachable ICMP error message. If the port is open then no such error
message is generated.
3. FTP Bounce Port Scanning: The FTP bounce port scanning technique was
discovered by Hobbit. He revealed a very interesting loophole in the FTP
protocol that allowed users connected to the FTP service of a particular
system to connect to any port of another system. This loophole allows
anonymous port scanning.
"OWN HACK"
///////////////////////////////////////////
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
"OWN HACK"
///////////////////////////////////////////
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
How to Own a Hacker - Reverting Keyloggers and Stealers
How to know if you are
infected with RATs or Keyloggers. Here i will show you how to revert those
keyloggers, RATs, or stealers, and find who sent them to you.
What is Reverting?
Reverting generally means reversing an action or undoing the changes. Here
in our case, reverting would be more of reversing the action.
For this we will need a keylogger server using ftp. It can be found on
warez sites, youtube etc. You basically need the following things:
Keylogger, passstealerCain and AbelVirtual machine (so you don't get
infected, and what if the hacker is using better protocol that would be
epic fail).
Getting Started:
Execute the keylogger on your virtual machine.
Now run Cain and Abel and do the following things as per stated order.
Wait for sometime and then check back the passwords area.
As you can see the keylogger used ftp protocol to transfer the logs. Ftp
protocol isn't very safe since it doesn't encrypt the data. Anyways you
should see the IP address where your PC is sending packets. And also the
username and password. This might not work if the server is using other
protocol like http, smtp, etc. you'll most probably get junk values in user
and pass box if those protocols are used.
So i open the ipaddress http://66.220.9.50/
Guess what its our very own drivehq.com =D. Now login using ftp password
that we got from the sniffer and get going. I would recommend to steal the
logs quietly like a ninja, so you can get others logs as well. Of course
you can change the pass if you want but it won't send any further logs.
Subscribe to:
Posts (Atom)