Sunday, August 26, 2012

Hack facebook, gmail, yahoo account by phishing

Note : Educational purpose only. Author will not be responsible for any harm.


        Phishing is attempt to aquire usernames, passwords, credit card information from the victim by misleading him/her to a cloned web-page of the original one, which would be hosted on localhost, or on the computer, to which attacker has access to. Once the victim enters account details, it would be sent back to localhost, and the victim would be redirected to the original web page. Which gives attacker, the original account details.

Tools used to perform this attack:

    1. Social-Engineer Toolkit (SET) (Used through Back-Track Linux, which comes preinstalled) If you don't have back-track linux (get from ), to install it on your Linux box, scroll down at the bottom of page, for the guide.

    2. Fake mailer ( )
    3. URL shortner ( )

Steps followed:

First, we need to mirror the login page of the web-page (for example facebook, gmail, or yahoo), of which we want details of the user.

Using Back-Track Linux (or any other GNU/Linux distro of your choise), we fire SET tool
It is present in /pentest/exploits/set directory in Back-Track 5. It may reside somewhere else if you are using other Linux distribution. Switch to that directory. In back-track, enter :

# cd /pentest/exploits/set

To run it, we enter # ./set in a Terminal window, with root's priviliges.
Once we run it, SET tool shows a welcome message, with the menu to select from, which attack we want to proceed.To make a mirror of a webpage, and to host it on the localhost, we select
Website Attack Vectors

That will show sub-menus, one of them is Credential Harvester Attack Method, to do our operation.

Again, we need to clone the site, so we go for Site Cloner and it asks for the URL to clone.

Here, in this example, we enter to mirror its login page.

Once we are done with this, the tool will host that mirrored page for us. Now, what we need is to get the IP address of the local machine and send it to one of our victims.

To get the public IP address of the machine, you can enter $curl command in another terminal window, on GNU/Linux.

Once we get the IP address, we need to spoof it, by using URL shortnining tool to make it look less suspecting. Here, you can use to do your task.

Once we get the “shortned” IP address, what we need is to send it to the victim. If we use one of victim's close person's E-mail address, it will be more “trustable”. So, to do it, we can use fake mailer tool ( ). Here, we can enter the sender's (that is victim's friend/family membet/ close person) and receiver's email addresses, and the link to fake, mirrored site, which is hosted on the localhost saying something like -- check new facebook (or gmail, or yahoo).

Once our victim opens the mail, visits the link given in it, and enters account details, it'd be sent back to out localhost. This is how we can grab account details of our victim.

How to avoid to be a victim to this attack:

1. If you get any of emails, claiming to be directing to original website, check the URL. If it's the exact as the original one, there is no harm. Avoid third party services to use the original one.

2. Once you goto the login page, see the source of the page and check form “action” if it's directing to the original domain. If not, beware! it's “phishing”.

Installing SET on Ubuntu or Fedora:

To fetch the latest code of SET, you nees subversion installed.
To install it on Ubuntu >
$ sudo apt-get install subversion
To install it on Fedora >
$ sudo yum install subversion

Now, you need to fetch to SET code by using svn >
$ svn co set/
In this case, you will need to switch to ~/set directory instead of /pentest/exploits/set

So, instead of cd /pentest/exploits/set, enter cd ~/set

Get access to local Windows machine

Note : Educational purpose only. Author will not be responsible for any harm.

This attack covers a technique to gain Administrator (or any of user's) access to the Windows machine. This needs to have physical access to the machine. Drawback of this attack is that, the original Admin/user will eventually know that, his account was cracked. One needs physical access to the machine. And Administrator of the machine needs to be logged in, to perform following steps.

Tools required: none

Steps followed to perform this attack:
  1. Open C:\Windows\System32 directory. Find the sethc file and change the permissions of the sethc file. It can be done, going by properties > Security > Advanced > Owner > Edit way. Now cut sethc file and paste it to Desktop.
  2. Now, copy the cmd (which is the binary file for the command prompt) file to Desktop. Rename it to sethc. Copy it back to System32 directory.
  3. Now, you are almost done. Whenever you need access to the machine, you have to hit shift key five times, at the login screen. This will invoke cmd instead of StickyKey feature of the Windows operating system. And eventually, you will get access to the command prompt of the machine.
  4. To get the full functionalities, you needs to get access to one of user accounts on the machine.
  5. To do so, in the command prompt, enter : net user <user name> <new password> and by using this new password for the account, you can log in.
Steps to avoid this attack:
  1. On windows machine, the account information is stored in a file called, SAM (Security Accounts Manager). However, the passwords are not in plaintext. They are stored in a hashed format.
  2. On every login, system checks the entered password on this SAM file. If the entered password for account X is same as the password stored on SAM for accound X, system gives access to the user.
  3. By using given technique, the SAM file would be partially enctrypted, so that the password hash values for all local accounts stored in the SAM are encrypted with a key making it hard to intruders to get access.
  4. What we are going to do, is to use this in-built Windows' feature to avoid these kind of attacks.
  5. Steps : Start > Run > SYSKEY > Update > Password Startup then enter password, hit OK, and you are done. This will give protection to the SAM file, and prevent all accounts to be cracked.

Saturday, March 24, 2012

My Desktop

So the blog has been dead for like a month now, had nothing else to post. I thought a screen-shot of my current desktop wouldn't be a bad idea.
       After trying a lot of color schemes and a lot of googling, I've finally settled with this configuration.
The one I'm using for my editor GVim is oceandeep . There are two others I liked, which are wombat and solarized.
      If you're using GVim (Notice not Vim), put the 'theme.vim' file in your '~/.vim/colors/' directory. Start the GVim, and you can select the theme under Edit > Color Scheme.

     I also took time to find the best font for coding, and inconsolata worked for me. There are several "Top 10 Programming Fonts" you can choose from. Once you've installed the font of your choice, you can set it in GVim under Edit > Select Font.

      I prefer saving my configuration in _vimrc so that it loads up every time I start GVim. And I suppose you'll prefer that too, instead of setting your configuration every time. If you do so, you can save the current font in your setting by typing ':mkvimrc!' minus the single quotes. This will save your font choice (and key mappings etc.) into _vimrc file. But it WILL NOT save your color scheme, so here is what to do in order to save your color scheme.
       Open up your _vimrc file by typing ':e _vimrc' and scroll all the way to bottom of file. After the last line, add 'colors themename' replace the themename with your actual theme's name. Restart the GVim and you're good to go.

Thats it for today's post. In case you're wondering which background is it, here you go.

Edit: By default you can't set GVim's transparency. To do so, you can use transset package from Ubuntu's repositories. Install it, run it, and it'll give you a pointer; just click on the window of which you want to set the transparency with that pointer. By default it sets transparency to 0.75 i.e. 75 %. You can specify the transparency you want between range of 0 to 1. If you click on the same window again, the transparency will be reset to 1. Works with almost all windows.

Thursday, February 2, 2012

Geek Vs. Nerd

What do you think, what is the difference between a Geek and a Nerd?
Many peoples think, 'geek'  word is a synonym to 'nerd', if you too, then I think, you are absolutely wrong!
Yes, I found this really nice image (on - mastersinit dot org). So, I am sharing it here, to make more minds clear about it.

Tuesday, January 31, 2012

Learning a programming language

No matter what craft you're practicing, two things are very essential for making progress with that craft and getting better at it, wiz. Theory and Practice.


1. Read (fundamentals of language)
    Reading about the language you're about to learn is the best way of starting off. Grab a book for fundamentals of that programming language. If you're a beginner, its better if you don't skip and keep reading it from the beginning. If you have prior experience of programming another language, it'll be easy for you.
2. Read the example code
    Reading the example code and trying to figure out what its doing is best practice for learning any programming language. Once you get to know about the language while reading, you can skip to reading example code whenever you get bored of reading theory.

3. Type that example code yourself and run it.
    As you type the code yourself into the editor, you'll start getting a hint of whats going on in the program. And also you'll get familiar with the syntax of that programming language. The best practice is to add your own comments while rewriting code and try to explain WHY something is done.
    For example:
int calSquareArea(int side)
 return side*side; // returning square of 'side'   <-- Isn't it obvious? Duh! Not so  helpful, is it?

int calSquareArea(int side)
 return side*side; // formula to calculate area of square is side*side    <-- Ooh, now I get it!

4. Change it.
    Now that you know what the nuts and bolts of example code are, you can tweak it a bit and run again. As the program works differently each time you tweak and run it, you can make it to whatever you want. Its quite an useful skill to modify already existing code and make it do whatever it is that you want to do. You'll learn a lot by this trial & error method of learning a little bit everytime you change something in the program and re-run it.

5. Write your own code.
    Writing your own code is like making your own world with your own terms. You're the God of that world, you get to decide what happens in it. Sounds awesome, doesn't it? So start writing small piece of codes to do some tasks or solve problems. Personally, I would recommend to go after small games like tic-tac-toe. Write a huge number of such small programs. And then move on to taking big projects.

Sunday, January 15, 2012

Recovering a (in use) removed file in GNU/Linux

    This has never happened to me, before. I downloaded a video to my $HOME/Downloads directory and I was watching it in VLC-Player. For some reason, I paused it and started managing files in my $HOME directory. Later, I removed all files from my $HOME/Downloads directory.
    Now, here is the game. I removed the video along with the unwanted files which was still in use by VLC. I didn't realized it that time. I got back to vlc and resumed the playback. After few moments, my jaw was dropped. I didn't really know how did it worked. So, I started working to get that video back. I knew it was still in the memory, but, how to get it back!

    I thought, there would be a 'save' option in the File menu of vlc player. Unfortunately, it wasn't there. So, I had to start digging in. Few days ago, to monitor the 'files in use,' I'd learned the lsof (list open files) command. And it extremely useful to find the file descriptor of that file.

  Here are the steps I followed, to recover that file:

1. Finding the file descriptor:
I wanted the PID number of the process  by which the file was opened. Simply, I got it using ps and grep.

 $ps -e | grep vlc

2. Now, I'd the PID of vlc. And I wanted the FD number of that file.

$lsof -np PID-of-vlc-player

3. Now, simply I wanted to copy this file from that file descriptor which was in /proc file system.

$cp /proc/PID/fd/FDNUM $HOME

    I had my video now. Actually, I could download that video in this time, but, recovering that file was kind of a challenge. That taught me a lesson, too. :-)

Saturday, January 14, 2012

Being elite with 10,000 hours of practice

         So I read in a book called 'Outliers - The Story of Success' that it takes around 10,000 hours of practice in any field to achieve mastery. Speaking of which, I'll be hardly at couple of hundred hours of coding or even less than that (OH YES! I'M A NEWBIE!). But I love coding. Whatever time I've spent on working on my academic projects, or coding in lab while practical hours or at my localhost; I loved it.
         But believe me, being good at studies and being a programming addict at same time isn't possible. So I sort of killed my will to quit college and spend hours of programming at home, as I need to take the degree. Only then I'm gonna get a 'well-paying' job. But apart from working for money, its my hobby and I'm a big fan of Open Source Community. As they say
" The elite software developer is the programmer who spends all day pounding code at work, and after leaving work he writes open source software on his own time."
 Still, what I can do at my best right now is spend as much time as possible on coding. If I spend 5 hours a day coding, it'll take me 5 and a half year to be an elite programmer. Althought it isn't possible literally, I'll try my best to spend most of my time coding at my home. :)

                 Happy Coding everyone. Stay hungry ! Stay foolish ! :D

          A really nice applet to keep track of time you spend coding or working: Project Hamster(Time Tracker)