Tuesday, August 25, 2015

How to Hack Gmail , Facebook with Backtrack 5 or Kali linux

first open your backtrack terminal and type ifconfig to check your IP


Now Again Open Your Backtrack terminal and Type cd  /pentest/exploits/set
Now Open Social Engineering Toolkit (SET) ./set
Now choose option 2, “Website Attack Vectors”.


In this option we will select option 4 “Tabnabbing Attack Method”.
In this option we will choose option 2 “Site Cloner”.
Enter the URL of the site you want to clone. In this case http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue.
Now convert your URL into Google URL using goo.gl and send this link address to your victim via Email orChat.
When victim open in their browser it should be a message that the page is still loading. so victim start to open another tab. As soon as victim open new tab, our fake website start working. That script will redirect the victim to the phishing page your derived.


For Any help and Information Follow me on 

Tab Napping


         



Tab Napping is a new form of phishing that is hitting the internet now. With the conventional form of phishing, for example, you might receive an email that is supposedly from your bank, and it might ask you to login and update or confirm your account details, of course, there would be a link to your banks website in the email for you to click, which would take you to a page that looks identical to your real banks login page.
How does it worksTab napping is more sophisticated than the phishing scams we’ve seen so far, and it no longer relies on persuading you to click on a dodgy link. Instead it targets internet users who open lots of tabs on their browser at the same time (for example, by pressingCTRL + T). if you have multiple tabs open and you are reading the page on your current active tab, any of the other inactive browser tabs could be replaced with a fake web page that is set up to obtain your personal data, the web page will look exactly the same as the page you opened in the tab, you probably wont even even know it has been replaced with a fake page.fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.This may surprise you, but phishers and fraudsters in general can actually detect when a tab has been left inactive for a period of time, which means they can spy on your browsing history, this tells them which websites and web pages you visit on a regularly basis, so they'll know which bank you use and which email account you use, whatever you view, they'll know about it, which means they'll know which fake pages to make to replace the real pages in your inactive tabs, you've now left yourself open to become a victim of tab napping.
How can you protect yourself against tab napping?  Here are five simple ways you can prevent yourself from falling victim: • Make sure you always check the URL in the browser address page is correct before you enter any login details. A fake tabbed page will have a different URL to the website you think you’re using.• Always check the URL has a secure https:// address even if you don’t have tabs open on the browser.• If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again.• Avoid leaving tabs open which require you to type in secure login details. Don't open any tabs while doing online banking - open new windows instead (CTRL + N).
Download Tabnapping Script from Azkan website:
Note: Source link may be malicious, open as your own risk..

PRORAT HOW TO USE AND CONFIGURE FULL GUIDE






Requirements :


1. Prorat- Click here to download Trojan Prorat.
2. Hostname  -  Your IP address would probably be dynamic that it keeps changing everytime you disconnect and reconnect. You need a host name which always automatically keep pointing to your changing IP. Follow these steps -:



1. Log On to www.no-ip.com and register for an account.

2. Go to Hosts/Redirects -> Add Host and choose any free available hostname. Do not change any other option and simply click on Create Host.




3. Downloading and install their DNS update client available here http://www.no-ip.com/downloads.php Run it and enter your credentials. Update your host name and save it.

4. Lets check whether your IP has been associate with chosen host name or not. Go to command prompt and type 'ping yourhostname' (without quotes) , hopefully it should reply with your IP address.

Tutorial for configuring Trojan :


1. Open prorat.exe that you have downloaded.
2. Click on Create  and then Create ProRat Server





3.  Enter your host name in the ProRat Notification field as shown. Uncheck all other options.





4. Click on general settings Tab and have a look at server port,password, victim name. Remember these things.Check out and configure other options as per your need. You can bind server.exe with any genuine file, change its icon etc.





5. Finally click on create  server and now its ready to be sent to victim.  Once victim installs it, it would automatically disable antivirus/firewall



What after victim has run the server part ?
1.Click on ProConnective Tab and start listening to connections. Allow firewall if it asks you to open a port.
2.You will start listening to connections, I mean you will get a notification as shown when victim would be online.








This is for Education Purpose Only ..


Leave Thanks in comments if you like the post

PRORAT HOW TO USE AND CONFIGURE FULL GUIDE






Requirements :


1. Prorat- Click here to download Trojan Prorat.
2. Hostname  -  Your IP address would probably be dynamic that it keeps changing everytime you disconnect and reconnect. You need a host name which always automatically keep pointing to your changing IP. Follow these steps -:



1. Log On to www.no-ip.com and register for an account.

2. Go to Hosts/Redirects -> Add Host and choose any free available hostname. Do not change any other option and simply click on Create Host.




3. Downloading and install their DNS update client available here http://www.no-ip.com/downloads.php Run it and enter your credentials. Update your host name and save it.

4. Lets check whether your IP has been associate with chosen host name or not. Go to command prompt and type 'ping yourhostname' (without quotes) , hopefully it should reply with your IP address.

Tutorial for configuring Trojan :


1. Open prorat.exe that you have downloaded.
2. Click on Create  and then Create ProRat Server





3.  Enter your host name in the ProRat Notification field as shown. Uncheck all other options.





4. Click on general settings Tab and have a look at server port,password, victim name. Remember these things.Check out and configure other options as per your need. You can bind server.exe with any genuine file, change its icon etc.





5. Finally click on create  server and now its ready to be sent to victim.  Once victim installs it, it would automatically disable antivirus/firewall



What after victim has run the server part ?
1.Click on ProConnective Tab and start listening to connections. Allow firewall if it asks you to open a port.
2.You will start listening to connections, I mean you will get a notification as shown when victim would be online.








This is for Education Purpose Only ..


Leave Thanks in comments if you like the post

Evil Twin attack

Evil Twin Attack is attack is frequently carried upon wireless access points with malicious intentions. This attack happens when...