All posts by Manish

B.Tech Student, and a refresher in this IT field, so trying my best to deal with maximum topics. It is my passion and aim to be an ethical hacker. So I try my best to learn and share cool hacking stuffs.

Top Secure VPN For Online Privacy

Now a days, Online Privacy of every person is at risk and most of the people want to secure their information available online. So i am just mentioning some of the best sites for online privacy(VPN).

Stay secured, Stay Protected!!!

 

Pure VPN: Lifetime Subscription

Make sure your personal data and Internet activity are never exposed with the extremely reliable VPN trusted by over a million users. PureVPN’s self-managed VPN network has a wider reach (550+ servers nodes in 141 countries) and allows more simultaneous device connections (five) than pretty much any other VPN out there.

 

OneVPN: Lifetime Subscription

One VPNs offer an invaluable service, cleaning up your internet experience, while keeping you anonymous from hackers and government snoops who may be monitoring your activity. OneVPN provides this secure browsing service on a budget, while maintaining high speeds and offering a variety of features. You’ll be able to use the internet safely, through over 60 servers based in 21 countries.

 

VPNSecure: Lifetime Subscription

Internet threats are a real thing – and surfing the Web on a public connection can result in your personal data falling into the wrong hands. This deal offers you a lifetime of protection so you can explore the Internet worry-free. With the Smart DNS component, you can even bypass those annoying geographical restrictions that block Hulu, and more abroad. Plus, unlike other VPN services that claim to not log your activity, VPNSecure proudly assures that ZERO logs are recorded. Get VPNSecure, and you’ll get a cross-platform VPN service you can trust.

 

Hide My IP: Lifetime Subscription

The easiest way to ensure you’re safe online is with Hide My IP. At just the click of a button you can encrypt your internet connection on any of your devices and safely browse without worrying about hackers or government officials snooping on you. Plus, with the ability to choose between over 110 locations, you can bypass blocked content around the world and keep your IP address hidden.

 

Private Internet Access VPN: 2-Yr Subscription

Block hackers and government spies, even when you’re connected to public Wi-Fi, thanks to Private Internet Access. High-level encryption ensures you’ll put an end to incessant digital advertising, while IP cloaking gives you access to the Internet uncensored from anywhere. With Private Internet Access, the only gateways to the outside Internet are the ones you open.

Best Network Packet Injector Tool

T50: Very Fast Network Stress Tool

3

It is the fastest network packet injector. T50 Sukhoi PAK FA is a mixed as well as fastest network packet injector.

Or you can say that it is a kind of a packet injection free which is generated by Brazilian Nelson Brito who is capable of DoS and DDoS attacks by using the theory of stress testing.

 

With the help of this tool, you can send a very high number of requests for packets just like that the target will not be capable of gathering all over the requests as well as answer them slowly that’s why the target may fall or may be slow down.

Recently, the T50 is capable of copying the following requests:
  • More than one million(1,000,000) packets per second of SYN Flood i.e; +50% of the network uplink on a network 1000BASE-T which is also known as Gigabit Ethernet.
  • More than 120,000 packets per second of SYN Flood i.e; +60% of the network uplink in a 100BASE-TX(Fast Ethernet).

 

Whereas the T50 can also send requests for packets of the protocols ICMP, IGMP, UDP and TCP sequence with the difference of microseconds.
License:
 
GNU General Public License version 2.0 (GPLv2)
 
Features:
  • It supports many network protocols including TCP, UDP, and ICMP
  • It has more than 1,000,000 pps in gigabit networks.
  • It can simulate the attacks of DoS and DDoS

DOWNLOAD HERE

Hack Any WPA2/WEP/WPA Wifi Using Dumpper And Jumpstart [Latest Trick]

Step By Step Guide To Use WinPcap, Dumpper And JumpStart and Get Password:

Download the Dumper File Here

WinPcap: Download here

JumpStart: Download here

 

NOTE: You need to have Microsoft .NET Framework installed on your computer as well, or this will not work.

 

Disclaimer: I (The creator of the post has already stated this, but I’d like to go over it again) do not take any responsibility for your actions regarding this tutorial. This was made by the creator to demonstrate weaknesses in wireless networks and for educational purposes only. Breaching other people’s wireless networks without permission is against the law. If you want to test this tutorial, try it on your own home network.

2a

We will be using Dumpper and Jumpstart and other suites to hijack WPA2/WEP/WPA WiFi networks. It’ll let you join without a password, then you can get the password from inside the network. I’ll show you how towards the end of the tutorial. First, download all of the programs above. Now, follow these instructions for setting it up:

 

Note: Dont STOP the Process. It Takes Several Minutes . Probably 4~5 Hours.(Works Only in Laptops).

Update: We have also Added the Process to Hack Wifi in Desktops Below.

 

Hack WiFi with Dumpper and Jumpstart:

Download and install JumpStart, WinPcap, and Dumpper

Open Dumpper. It’ll be in Spanish, so go to the far right tab and select ‘English’ in between the other two options.Your programs are set up and ready to go, now begin the process:

 

  • In the ‘Networks’ tab, select the network adapter you wish to use. Hit the ‘Scan’ button now.
  • After it completes the scan, go over to the ‘Wps’ tab. In the area that says ‘Connect using JumpStart’, hit ‘Browse’ to select the location of where you installed JumpStart in the previous set-up steps. (By default, it installs in C:\Program Files (x86)\Jumpstart. Don’t open it, just select the ‘Jumpstart’ folder and click ‘OK’)
  • In the area ‘Show default pin’, select ‘All networks’ isntead of ‘Only known networks’.
  • Hit the ‘Scan’ button.
  • Select the network you wish to penetrate. Remember the ‘Pin’ corresponding to your network in the scan results, this will be needed for later.
  • In the previous area ‘Connect using Jumpstart’, hit the ‘Start JumpStart’ button.
  • Under ‘What do you want to do?’, select ‘Join a wireless network’ and hit ‘Next’
  • Under ‘Which setup method do you want to use?’, select “Enter the PIN from my access point” and enter the PIN next to your network in the scan section back in the previous scan results.
  • Finally, select the targeted network from before and hit ‘Next’.Now you’re happily connected to that WiFi network you just penetrated. Do you want to see the password so you can get on from other devices without doing this process? Sure! Follow these simple steps:
  • Open the menu where you join WiFi networks/view the network you’re connected to.
  • Right click on the network you just joined and hit ‘Properties’
  • Under the ‘Security’ tab, you can see the password, but it’s just dots. Check the ‘Show characters’ box under it.
  • The password will then reveal itself.

Done.

 

Hacking The Wifi on Desktops?
So Many People are Doing this Hack in their Desktops.But unfortunately Desktops are not compatible for using this Hack.But Don’t worry, Here is the trick to do the same Hacking process in Destops even. You just need to buy the Wireless Adapter and Install it in your desktop.

It is worth the product and it is only last thing you need. After getting the Product Proceed as Above to hack WiFi with Dumpper and Jumpstart.You will not regret it later for buying.

Doubts? Please use the comments section and feel free to ask any question. I will definitely get it solved.

 

Manage WiFi Connections from your Phone Instantly

Do you wanna know you can stop your neighbors to use your wifi network ?  if you don’t know then let me explain you how to stop neighbors to use your wifi using this WIFI kill PRO android app .

 

What is WIFI KILL

WiFi Kill pro is an android tool that you can use to disable internet connection for a device on constant WiFi network. It is a light-weight tool with simple interface. That is, anyone can use this app without any user guides.

 

How to Use :

Pre-Requisites: Rooted Android Device
(If you don’t know How to Root your Device, check this guide: How To Root any android device
1. Download WiFi Kill Pro [MediaFire Link].
2. Install it on your device.
3. Connect the device to a WiFi network.
4. Open the WiFi Kill Pro and then grant root access to the app.
You will see a window like the below one:

1a

5. Tap at the “start” button. now it will start scanning the network and then display the devices connected to that network
6. If you want disable internet connections of all devices connected to the network, first move the “grab all” button to the right side, and then move “Kill all” button to the right side.
7. If you want to disable internet connection of a particular device, tap on the device IP.
1b

8. Move the “grab” and “kill” buttons to the right side. The device’s internet connection should now be disabled.

 WiFiKill  cannot terminate the internet connection of that device, it can  block the packet data going to device.

  • To run the app in full screen, go to the “Preferences” and then check the “Full Screen” option.
  • To show the network names on the device list, go to “Preferences” and then check “Show network names” option.
  • To show MAC address on the device list, go to “Preferences” and then check “Show MAC” option.
  • To show vendor of the NIC on the device list, go to “Preferences” and then check “Show NIC Manufacturer” option.

Tip : I hope you enjoyed this guide now tap “share” and pay respect us via sharing it with your friends 😀 🙂

Top 10 Free Legal Websites to Download Movie

You might not want to spend money by registering yourself to any site for watching movies. Hence the free Movie Download Websites allow registering yourself for free and you will find the latest movies streaming there. You can then choose your movie from the available option and download it directly without your IP address being detected as an illegal address for downloading movies. The movies uploaded in these sites are high in quality and doesn’t consume a high amount of data.

 

  1. Youtube

1a

Here you can search for any movie, old and new and of any language and watch it. You can also use offline YouTube channel where you store your films and watch it when you want to. You can also watch several videos and episodes of drama series here.

2. Internet Archive

The Internet Archive is the largest online storage of movies and books. You can download the movies in the form of torrents from here. As the files are in torrents, the sizes of these movie files are small hence several can be downloaded at a go. Previously direct links to download movies were also available here which got rejected due to large file size.

3. Retrovision

1b

Here you can get movies of all genres. The menu of this site is made genre specific so that your search becomes easy.

4. Crackle

This website is owned by Sony and allows you to watch movies and TV series for free. You need to go through a process of a signing up and making your playlist. After that you can start watching your favourites. You shall also be recommended movies and TV series according to your taste. On Crackle, Free movie download website, you can catch shows which are usually not made free for watching.

5. Open Culture

It was founded in 2006, It has 6 categories, Movies, Online courses, Language lessons, e-Books, Textbooks, Audiobooks. Here you can watch high quality videos, hear audio books and read e-books online.

6. Popcorn Flix

1c

Owned by Screem Media Ventures, this platform helps you download Public Domain movies containing original contents.

7. Movie Found Online

This website works like the Curator of independent movies, comedy talk shows, short films and documentaries along with full length Films.

8. Classic Cinema Online

1d

If you are an ardent lover of Classics, then this site is just for you.

9. Hulu

1e

Here you can stream more than 100 movies after subscribing and watch them without requiring downloading.

10. Public Domain Torrents

1f

Public Domain Torrents is probably the only no-notorious-activity torrent website that I know about. Here you can find all kind of old movies in various formats to download.

 

HACK REMOTE PC USING BROWSER – JAVASCRIPT WEBSOCKET BACKDOOR

BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener.

b1

BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system.

The JavaScript backdoor in BrowserBackdoor can be used on all browsers that support WebSockets.

First clone BrowserBackdoorServer repository from github, to do so type:

https://github.com/IMcPwn/browser-backdoor.git

b2

Follow the below steps one by one:

cd client

npm install

b3

Now go to the client folder and open index.html file in leafpad and edit the following line now type your kali Linux ip screenshot is given below.

After finishing the above task it will create the Browser backdoor script folder for windows and Linux users

b5

Now type the following command step by step

npm install electron-packager -g

electron-packager . –all

b6

Now go to the server folder in browser-backdoor directory and the following command

Bundle install

b7

After that start browser backdoor by typing in terminal:

ruby bbsconsole.rb

Now send the Brwoserbackdoor-win32-x64 to the victim using any social engineering method when the victim clink on BrowserBackdoor file you can get the victim session example are given below.

Now type the session command to check the active session it will show you the session with id no.

Type the target command with session id to interact with current session sees the following example

Target 0

 Now if you want to more option type the help command you can get the list of all available command

b8

NOTE: This post is only to make people aware of this backdoor i.e. Educational purpose only.

 

CREDENTIALS HARVESTER ATTACK : HACK FACEBOOK

Do you know ,you can hack facebook password with one fake fb page(phishing).

a2
In this tutorial we will use Social Engineering tool i.e Credential Harvester attack in kali linux.
All you need to do is follow the tutorial as it is to see the Credentials Harvester into the action.

WHAT IS CREDENTIALS HARVESTER ATTACK ?

It is a part of SOCIAL ENGINEERING TOOLKIT. In this method the attack started with a creation of phishing page. Attacker set the post back ip address to receive the credentials like usernames and passwords. The attacker can shorten the ip address to make the ip address looks like a genuine url. When the victim visits the url and feed the login details, the post back feature of the page will send all the data to attacker.

Brute-Force Authentication Attack With Burp Suite

Authentication lies at the heart of an application’s protection against unauthorized access. If an attacker is able to break an application’s authentication function then they may be able to own the entire application.

1304956700brute_force

The following tutorial demonstrates a technique to bypass authentication using a simulated login page from the “Mutillidae” training tool. The version of “Mutillidae” we are using is taken from OWASP’s Broken Web Application Project. Find out how to download, install and use this project.

First, ensure that Burp is correctly configured with your browser.

In the Burp Proxy tab, ensure “Intercept is off” and visit the login page of the application you are testing in your browser.

a1

Return to Burp.

In the Proxy “Intercept” tab, ensure “Intercept is on”.

a2

In your browser enter some arbitrary details in to the login page and submit the request.

a3

The captured request can be viewed in the Proxy “Intercept” tab.

Right click on the request to bring up the context menu.

Then click “Send to Intruder”.

Note: You can also send requests to the Intruder via the context menu in any location where HTTP requests are shown, such as the site map or Proxy history.

a4

Go to the IntruderPositions” tab.

Clear the pre-set payload positions by using the “Clear” button on the right of the request editor.

Add the “username” and “password” parameter values as positions by highlighting them and using the “Add” button.

Change the attack to “Cluster bomb” using the “Attack type” drop down menu.

a5

Go to the “Payloads” tab.

In the “Payload sets” settings, ensure “Payload set” is “1” and “Payload type” is set to “Simple list”.

In the “Payload options” settings enter some possible usernames. You can do this manually or use a custom or pre-set payload list.

a6

Next, in the “Payload Sets” options, change “Payload” set to “2”.

In the “Payload options” settings enter some possible passwords. You can do this manually or using a custom or pre-set list.

Click the “Start attack” button.

a7

In the “Intruder attack” window you can sort the results using the column headers.

In this example sort by “Length” and by “Status”.

a8

The table now provides us with some interesting results for further investigation.

By viewing the response in the attack window we can see that request 118 is logged in as “admin”

a9

To confirm that the brute force attack has been successful, use the gathered information (username and password) on the web application’s login page.

a10

Account Lock Out

a11

In some instances, brute forcing a login page may result in an application locking out the user account. This could be the due to a lock out policy based on a certain number of bad login attempts etc.

Although designed to protect the account, such policies can often give rise to further vulnerabilities. A malicious user may be able to lock out multiple accounts, denying access to a system.

In addition, a locked out account may cause variances in the behavior of the application, this behavior should be explored and potentially exploited.

Verbose Failure Messages

a12

Where a login requires a username and password, as above, an application might respond to a failed login attempt by indicating whether the reason for the failure was an unrecognized username or incorrect password.

In this instance, you can use an automated attack to iterate through a large list of common usernames to enumerate which ones are valid.

A list of enumerated usernames can be used as the basis for various subsequent attacks, including password guessing, attacks on user data or sessions, or social engineering.

Scanning a login page

a13

In addition to manual testing techniques, Burp Scanner can be used to find a variety of authentication and session management vulnerabilities.

In this example, the Scanner was able to enumerate a variety of issues that could help an attacker break the authentication and session management of the web application.

 

SOURCE: PortSwigger

How to Send a Spoofed SMS Text Message

Hello everyone, Today I’m going to discuss about How to send spoofed SMS Text message to anyone in the world anonymously.

fake-sms-sender-sms-spoofer

When I was a kid, I used to prank my friends by sending text messages anonymously. Sending anonymous SMS from a fake number is one of the oldest method to have fun with your friends which is still a brilliant prank idea. Sending SMS anonymously lets you hide your identity as you may send anonymous text messages without registration.

Many people still enjoy sending fake text messages, if you are wondering how to text someone from a fake number then you are at perfect place as today I’m going to share top 7 free [fake] SMS sites that lets you send text from fake number.

But before I share the free SMS sites list, let me share the steps involved for anonymous texting.

Sending anonymous text message using free SMS sites is quick and easy. All you have to do is follow these simple steps:

  1. First of all, select your preferred fake SMS site from the below provided free anonymous text messaging sites.
  2. Next is to read the rules. It is very important because if you use anonymous SMS sending service for illegal purpose thinking that you’ll be anonymous then I’m sorry ! You’ll be in serious trouble as even if you are anonymous, your IP can be tracked even if you use proxy sites.
  3. Once you got the point that fake SMS texting service is not for anything other than pranking your friends, type the number of friend(s) you want to send fake text.
  4. Next enter your text SMS. This could be anything that you may use to make fun with the fake SMS receiver.
  5. Finally hit Send button ! You may also be asked to fill the captcha before hitting send button. You’ll instantly get success message which marks that the process is complete.

 

Top 7 Free SMS Sites to Send Anonymous SMS from Fake Number

So here we go with our Free Anonymous SMS provider sites list :

1. TxtEmNow

TxtEmNow is a free way to send anonymous text messages which also supports international numbers. Sending anounymous SMS to any number without registration is simple. You have to just fill the form to send free text messages to your friends.

txtemnow

2. SendAnonymousSMS

Send Anonymous SMS as the name confirms, it is also free site to send a free anonymous SMS text message. It is one of the most trusted and World’s largest free anonymous SMS service provider. It is a web based application using which you may send fake text messages via web.

send-free-anonymous-sms

3. SendAnonymousText

It is also a similar service. In fact, it is just a clone of Send Anonymous SMS as the URL redirects you to the same anonymous SMS provider service as listed above.

4. Textem

If you want to send and receive free text messages including picture messages also then Textem is perfect free SMS site for you. Using Textem, you can send free text messages to any number provided by major cellular services of United States. The best thing is you may also send and receive picture messages for free.

text-em

5. TextForFree

Textforfree is another free text messaging service which offers spam free text messaging service. Using this anonymous SMS provider service, you may send SMS to prank your friends to almost any USA cell phone provider. Though you may send fake text to any top cellular phone services provider in USA but messaging is limited to 140 characters only.

text-for-free

6. TxtDrop

TxtDrop is a completely free text messaging service that lets you send fake text to any number without registration. If you are wondering how to text someone from a fake number then visit TxtDrop and within few seconds you’ll be able to do it yourself.

free-text-sms-and-picture-messaging-prank-your-friends-with-brilliant-prank-ideas

Though you need to provide your email address to get replies securely. The fun part is you may also block your number so that your friends may not prank you using any anonymous SMS service provider.

7. SMS Anonymous [for Australians]

If you want to propose your boy/girl friend and confess something anonymously to someone special and loving friend then this anonymous messaging service is for you. It is completely free. But unfortunately it is only available for Australian numbers.

send-sms-anonymously-prank-your-friends-propose-boyfriend-girlfriend-confess-anonymously

Anyways, if you want to send an anonymous SMS to any Australian number then use this free service to prank your friends with perfect break-up plan. But make sure you don’t hurt someone’s feelings.

The Pro Review from MikeHacks

Though there are many premium anonymous SMS provider services like SMSGlobal who let you send bulk SMS and fake emails anonymously but you need to pay them. Also, there are few other anonymous SMS sites like PimpmySMS and Sharpmail who lets you send fake text message and spoof SMS but I haven’t included them in this list because they require registration before sending fake SMS.

This means, practically they are not anonymous SMS sites. However, you must not forget that using anonymous SMS services for threatening, stalking, fraud activities and other illegal purposes is crime and legal actions may be taken against you if you are found guilty.

If you use anonymous and fake messaging services properly, they may be much more beneficial and life saver than just prank your friends. Want to know how ?

  • Report anonymously to police about crime
  • Report anonymously about smuggling
  • Speak against any social evil anonymously
  • Let your Government know about corrupt political leaders – that too anonymously.

I hope, you got my point !

Disclaimer : MikeHacks never promotes any of the illegal activities, if you use anonymous SMS services for illegal purposes, it is you who would be responsible for it.

COOKIES STEALING: HACK FACEBOOK SESSIONS

Today we’ll be hacking Facebook profiles active on your local network.
You may think, “How is this useful, nobody but me is using my network.” Well, you can use this on other Wi-Fi networks that are available for free (like at Starbucks) and crack their precious Facebook profile!
 

a1

How?

We are going to use a well known method called “The cookie injection method.” This might be far off from becoming “elite”, but you need to get familiar with your Linux distribution first.

Step 1: Get the Right “Stuff”

For this hack, you’ll need a few things. Nothing special, but you’ll need these stuff.

My best suggestion is that you first install BackTrack, Kali Linux, or Bugtraq because they have almost everything we need.

For this little magic trick, we’ll need:

  • A working Linux distribution (preferably Kali, Backtrack or Bugtraq)
  • Wireshark (a packet sniffer)
  • Firefox (web browser)
  • Nmap (scanner)
  • Greasemonkey (addon for Firefox)
  • Cookie injector (script for Greasemonkey)*

Now let’s start doing some magic! :D*

Step 2: Network Scan

First, to actually connect to a target, we’ll need an IP address. In order to get that, you’ll need to do a network scan with Nmap. So go ahead and boot up your terminal and enter the following command:

  • nmap -F 192.168.xx.xx/24

Note: If this doesn’t work, use 10.0.x.x/24 instead.

This command will scan your network for any IP addresses connected to it. The -F gives the console the instruction to use “Fast mode.” If done correctly, you should see something like this:

 

a2

That’s how your Nmap scan should look like.

Step 3: Starting the “Man-in-the-Middle Attack”

Now we’re going to start a man-in-the-middle attack, MITM for short.

In MITM attack, we spoof our MAC address so that when a server responds, person sends a message to the other, he won’t be receiving that message, but he will receive messages that we send, as we’re the Man in the middle.

This might help you understand:

a3

A man-in-the-middle attack!

Starting the Attack

To start, enter the following command in a NEW terminal window:

  • sudo echo 1 >> /proc/sys/net/ipv4/ip_forward

This will forward your IP address. Now we’re starting the MITM by opening a NEW terminal window and entering this command:

  • sudo arpspoof -i [Interface] -t [target] [default gateway]

If you don’t know your interface and default gateway, start a new terminal and enter: ipconfig.

a4

This is the result form the arpspoof.

Open (once again -_-) a new terminal window and enter the following command:

  • sudo arpspoof -i [interface] -t [default gateway] [target]

a5

Another result from the arpspoof!

Note: After you entered both the arpspoof commands DON’T CLOSE THE TERMINALS.

Step 4: Firefox and Wireshark (Almost Done!)

We need a few more things in order to complete this hack!

First install Firefox, then Greasemonkey and the cookie injector script. Then, install Wireshark, which you can do by entering this command into a terminal window:

  • sudo apt-get install wireshark

After that, open up a Wireshark session (open a terminal and enter sudo Wireshark as command). Select your interface and start capturing. At the top, you should see an input box where you can add filters. Now enter this filter:

  • http.cookie contains DATR

Now you should get a list in Wireshark. Search for a cookie that contains the text GET. Locate it, click on it with the left mouse button, select copy, select bytes, select printable text only.

a6

Wireshark result. The one you need is in the black circle.

Now go to Wireshark and go to Facebook. Make sure you’re NOT logged in. If you are, go to settings and delete all the cookies. Then go back to the Facebook log-in page, press [ALT]+C, and paste the cookie. Press OK and refresh the page.

a7

Here you can clearly see the cookie injector script input box.

If my magic worked, you should see the main Facebook timeline. If not, then you’ve done something wrong.

My Final Comments

This hack may seem advanced, but it’s actually really easy. Once you break down all the steps, it’s a piece of cake! 😀

Now that you’ve done this, it should be clear that Facebook security isn’t very strong 😛

Quick note: This only works if your target is actually browsing through Facebook over http (not https) at the time you’re doing the hack.

Note: All contents are provided for educational purposes only. 

External Links:

Greasemonkey: https://addons.mozilla.org/en-US/firefox/addon/748
HTTP Protocol: http://en.wikipedia.org/wiki/HTTP
TCP Protocol: http://en.wikipedia.org/wiki/TCP
Cookies: http://en.wikipedia.org/wiki/HTTP_cookie
Wireshark: http://www.wireshark.org/
Ettercap: http://ettercap.sourceforge.net/
ARP Poisoning: http://en.wikipedia.org/wiki/ARP_spoofing