INTRODUCTION

You use the internet regularly and one day you're surprised to receive allegations of an intrusion. Evidence indicates that the intruders third party accounts departed from your account, and you have no idea what is happening. Someone may have made use of your account and performed such acts as you. How could this have happened? A strong possibility is that you have become the victim of an attack via "sniffer".

THE MAIN CONCEPT

What are "sniffers"? The main purpose of a sniffer is to capture network traffic. They are used for network analysis purposes, however they can also be used by malicious hackers to capture your passwords, and even IDS systems are based on network sniffers.      These programs also allow you to monitor network activity recording data (usernames, passwords; ect.) each time they access other computers on the network.      These programs aim at monitoring ("sniffing") network traffic to capture access to network services, such as remote mail service (IMAP, POP3), remote access (telnet, rlogin, etc.), file transfer (FTP) etc.. accesses made, capturing packets. Always aimed at getting the most relevant information. When we called the HUB computer and send information from one computer to another, in reality this data is for all ports of the HUB, and therefore for all machines. It turns out that only the machine on which the information was intended to send the operating system. If a sniffer were running on other computers, even without these systems sending data it travels there for the operating system, the sniffer will intercept at the network layer, capturing the data and displaying them to the user, in an unfriendly way. Generally the data is organized by type of protocol (TCP, UDP, FTP, ICMP, etc...) and each package read may have show your content.

PASSWORD CAN BE CAPTURED BY SNIFFERS!

Many local area networks (LANs) are configured sharing the same Ethernet segment. Virtually any computer of the network can run a "sniffer" program to "steal" users passwords. "Sniffers" work monitoring the flow of communication between computers on the network to find out when someone uses the network services previously mentioned. Each of these services uses a protocol that defines how a session is established, such as your account is identified and authenticated and how to use the service. To have access to these services, you first have to have a "log in". The login sequence - is part of the authentication protocol, which occurs at the beginning of each session - the "sniffers" are concerned about this, because it is this part that is your password. Therefore, it is only the filter "strings" keys that the password is obtained.

Basic Usage

The program (WireShark) installed, if you do not then download it. When starting WireShark, the displayed screen will look something like Figure 1:

Before you can start capturing packets, we have to define which interface will "listen" to the traffic. Click Capture > Interfaces

From there, a new window will appear with the list of automatically detected interfaces, simply select the desired interface by clicking the box next to the name of the interface, as in figure 3:

If you click Start, it will begin automatically capturing packets. You can select the interface and only then it will start the capture if necessary.When the capture process starts, you will see several packets traversing the screen WireShark (varying according to the traffic of your machine / network). Will look something like the figure 4:

To stop the capture, simply click the button, "Stop the running live capture".

It is important to remember that you must take care if your network is busy, the data stream may even lock your machine, then it is not advisable to leave the WireShark to capture for a long time, as we will see, we will leave it running only during the process to debug a connection. The greater the amount of packets, the longer it takes to apply a filter, find a package, etc.

Using Filters

There are a plethora of possible filters, but at this moment we will see just how to filter by IP address, port and protocol. The filters can be constructed by clicking on "Filter", then selecting the desired filter (there is a short list of pre-defined filters), or by typing directly into the text box. After you create your filter, just click "Apply", if you wanted to see the entire list of packages again just click "Clear", this will remove the filter previously applied.

 I will use a small filter list as an example:

 It is also possible to group the filters, for example: 

ip.src == 10.10.10.1 && tcp.dstport==80 OR ip.src == 10.10.10.1 and tcp.dstport==80 

Source address 10.10.10.1 

And destination port 80

CAPTURING PASSWORDS

Now we will see how you can capture passwords easily, just by listening to traffic. For this example we will use the POP3 protocol, which sends the data in clear text over the network. To do this, start capturing packets normally and start a session with your POP3 email server. If you use a safer protocol like IMPAPS or POP3 and I just wanted to see the functioning of the mechanism, it is possible to connect via telnet to POP3 without having to add / modify your account, simply run the following:

 telnet serveremail.com 110 

user user@abcdef.com 

pass abcdefpasswd      

Now stop the capture, filter and put "pop" and then click "Apply". now thats done, you see only the packets of POP3 connection. Now click on any of them right, and then click "Follow TCP Stream".

With this we will open a new window with the entire contents of the ASCII connection. As the POP3 protocol sends everything in plain text, you can see all the commands executed, including the password.

This can be transported to any connection in plain text, such as FTP, Telnet, HTTP, etc.. Just to let you change the filter and examine the contents of the connection.

Importing External Captures

Usually in servers, there is no graphical environment installed and with that you cannot use WireShark directly. If you want to analyze traffic on this server and you cannot install WireShark, so you have to capture this traffic elsewhere, the best one can do is write traffic with TCPdump locally and then copy this dump to a machine with WireShark from where a more detailed analysis is made.      

We will capture everything that comes and goes from the host 10.10.10.1 with destination port 80 and save content in capturerabcdef.pcap file from the local folder where the command was executed. 

Run the server:

 tcpdump -i eth0 host 10.10.10.1 and dst  

port 80 -w  

capturerabcdef.pcap      

Once you're finished capturing, simply use CTRL + C to copy the file to the machine WireShark capture and import by clicking on File -> Import. Once imported, you can use the program normally as if the capture had occurred locally.

Connectify Hotspot

• Share your PCs Internet connection with friends and other devices...
• Unlimited Hotspot Uptime – No time restrictions, run your Connectify Hotspot 24/7.
• Share Wi-Fi from 3G/4G Networks – Connectify Hotspot PRO supports sharing Internet from 3G/4G cards in addition to a wide variety of other USB cards and dongles.
• Fully Customizable SSID – Name your hotspot whatever you want! (Hotspot Lite requires your hotspot name to start with 'Connectify-')
• Wi-Fi Extender Mode – Extend the range of your home or office Wi-Fi with just a few clicks.

Its a free entertainment and communication desktop app that brings you amazing daily video including hot Hollywood gossip, news updates, technology & app insight, movie trailers, auto reviews, and daily exclusives! You can also use it to make local and long distance calls to cellphones and landlines in continental North America.

Connectify Hotspot lets you share your computer's Internet connection with other devices over Wi-Fi. As long as your computer is online, your other nearby devices - and friends and colleagues - will be, too.

Unlimited Hotspot Uptime – No time restrictions, run your Connectify Hotspot 24/7.

Share Wi-Fi from 3G/4G Networks – Connectify Hotspot PRO supports sharing Internet from 3G/4G cards in addition to a wide variety of other USB cards and dongles.

Fully Customizable SSID – Name your hotspot whatever you want! (Hotspot Lite requires your hotspot name to start with 'Connectify-')

Wi-Fi Extender Mode – Extend the range of your home or office Wi-Fi with just a few clicks.

Drag & Drop File Transfers – Easily share files of any size, directly to both devices connected to your hotspot, and to other Connectify Hotspot users on the same network.

AutoInternet Selection – Automatically configure your hotspot's Internet sharing settings.

Dispatch Integration - Share your Super-Fast Dispatch Connection with Connectify Hotspot PRO.

Online Obtain Administrator (IDM) is a tool to increase download rates of speed by up to 5 times, continue and schedule installing. Comprehensive error recovery and continue capability will reboot broken or disturbed installing due to lost relationships, network problems, computer shutdowns, or unexpected power failures. Simple graphic user interface makes IDM simple to use and easy to use.

Internet Obtain Administrator has a smart download reasoning decrease that features brilliant powerful file segmentation and safe multipart installing technology to speed up your installing.

Internet Obtain Administrator supports proxies web servers, ftp and http methods, fire walls, blows, biscuits, permission, MP3 audio and MPEG video content handling. IDM combines easily into Microsoft Online Traveler, Netscape, MSN Traveler, AOL, Safari, Mozilla, Mozilla Chrome, Mozilla Firebird, Auparavant Browser, MyIE2, and all other popular internet explorer to instantly handle your installing.

Windows Opponent is program that allows protected your pc against pop-ups, slow performance, and protection risks caused by viruses and other unwanted program by discovering and removing known viruses from your pc. Windows Opponent features Real-Time Security, a monitoring system that suggests actions against viruses when it's recognized, reduces disruptions, and allows you stay productive.

The benefits of installing Windows Opponent include:

Spyware identification and removal,Improved Internet browsing safety,Protection against the latest threats

Windows Opponent is enhanced by SpyNet, a team that brings Windows Opponent users together to identify and share information about viruses. This team reports potential risks identified by the Windows Opponent real-time system agents to the SpyNet servers, which collection and update the system to help protected you from new viruses risks.

Spotflux is a small and reliable application that will protect, secure and make your browsing private. By using extremely minimal interface and powerful features, this small program will surely become your favorite. Just turn it on and it will immediately start protecting your computer, which is perfect for situation when you are connecting on public Wi-Fi networks or you just want to quickly protect yourself from sites that you suspect are gathering information about you. In addition of providing protection against online threats of all kinds, anonymous browsing, manual and automatic proxy channeling,  Spotflux also has built in system wide add-block protection that will work on all browsers and programs you use. This way, you will not waste bandwidth on adds even in browsers and applications that don’t have support for add-block plugins. Spotflux is small, fast, resource light, and gives everyone chance to instantly protect themselves against online threats for free!Here`s how spotflux lets you take control of the internet:

Easy to Install & Use

Security is just a click away. Once you've installed Spotflux, you'll never notice it again if you don't want to. Let us take care of the headaches.

Encrypted & Secure Connection

At home, traveling, or on a public WiFi – Spotflux encrypts and secures your connection, and protects your privacy while browsing.

Malware & Virus Protection

Spotflux continuously scans and protects your connection from inbound threats, such as malware and viruses. So YOU can take control of the internet

.Remove Tracking Cookies

Cookies are great, but imagine them becoming invasive, taking over your kitchen or asking you where you've spent the night. Cookies just feel better in your belly.

Open & Unrestricted Access

We don't believe in limiting or blocking content. Access stays open and unrestricted while Spotflux is enabled, so you can roam the web, free as a bird.

Private & Ad-Free Browsing

Experience clean, ad-free browsing without tracking or targeted advertisements. By saving bandwidth and hiding your IP-address, your location stays private.

Need for Speed: The Run is a racing video game, the eighteenth title in the long-running Need for Speed franchise, and developed by EA Black Box and published by Electronic Arts. The Wii and 3DS versions were developed by Firebrand Games, the team behind Undercover and Nitro(both DS versions). It was released in North America on November 15, 2011 and November 18, 2011 in Europe.

The game is described as an "illicit, high-stakes race across the country. The only way to get your life back is to be the first from San Francisco to New York. No speed limits. No rules. No allies. All you have are your driving skills and sheer determination

Game play

In The Run, players are participating in an "underground world of illicit, high stakes racing," in a race from San Francisco to New York, with stops through Las Vegas, Denver and many other locations, making it the first title in the series to use real locations. The cops aren't the only ones after the player though, as the player "blows across borders, weaves through dense urban traffic, rockets down icy mountain passes and navigates narrow canyons at breakneck speeds."[10] There are over 300 kilometres (190 mi) of track, three times more than Hot Pursuit, making it the biggest Need For Speed game.
A new feature also appears in the Run, Gas stations. Gas stations enable the player to change their vehicle during a race to any other vehicle on the same tier as theirs. The player can choose a body kit and new paint colors for their vehicle if it is available. Some vehicles, like Signature Edition or NFS The Run vehicles, cannot have a different paint or body kit installed. For example, a driver may drive their Camaro ZL1, a Tier 4 car, into a gas station and trade it for a NFS The Run edition Shelby GT500, another Tier 4 car. However, driving one's vehicle into a gas station causes the player to slow down to 50 mph upon exiting the gas station, and causes the player to fall behind by about ten seconds. Also, if the player had an opponent behind him, his opponent would take his place.

 Methodology

There are tons of Facebook users who use a feature called facebook text in order to update a facebook status. If you have enabled this feature all you need to do in order to update your status is to type in your status and send it to "923223265".

However the idea behind this facebook Account status hack is to send a fake sms from your friend's number, therefore the facebook will think that the message has came from the legitimate source and hence it will update the victims Status.

SMS Global

SMSGlobal is a website that allows you send fake sms, The free account only allows you to send 25 SMS, However the business account allows you to send more. All you need to do is to register on SMS global, activate your account. After logging in to your account, click on “Send SMS to a Number”.

Send SMS To: 923223265 (Facebook)

Sender ID From: Victims Mobile Number.

Message: The Status which you would like to be updated

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark. 

Step 1 - First of all download wireshark.

Step 2 - Next open up wireshark click on analyze and then click on interfaces. 

Step 3 - Next choose the appropriate interface and click on start

Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie,

Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only..

Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and thecookieinjector script. Now open up Facebook.com and make sure that you are not logged in. 

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it. ..

Step 10 - Now refresh your page and viola you are logged in to the victims facebook account..

My first post on Phishing was how to install a phishing page and in order to install a phishing page you need one.So in this article I'll give you a sample of a facebook phishing page which i made recently.It is quite easily to make a phishing page once you understand the whole idea behind it. 


File Details:
Download: Facebook Phishing Page
File Size: 4 KB
File Extension: .rar (Compressed Archive) 


What is a Facebook Phishing Page ?

You can go here for more articles on phishing and what it exactly does : What is a Phishing Page ?
How to use it ?

I have made a generalized tutorial on how to use fake login pages and how to set them up for hacking over here : 


How to Install / Setup / Use a Fake Login Page for hacking 

1.After downloading the page extract the files into a directory.

2.Before we get started you should first make a free web hosting account for you to upload your files.I would prefer any one of these,if you know a better one then please use what you wish.For this tutorial I'll be using www.freehostia.com as it is easier for me to explain but you can chose whatever hosting you like. 

www.t35.com

www.110mb.com

www.x10hosting.com

www.000webhost.com

www.blackapplehost.com

www.freehostia.com

3.After registering login to your file manager of you respective hosting and upload all the files of the folder which contains the document. 

4.So by now you should have uploaded the file,CHMODed (Changed Permissions) the files.

5.Now is the time to test.Go the site for example.

Disclaimer: DO NOT use this for fraudulent activities use this just to gain knowledge and not to cause harm to other people in any sort.

If you follow that guide careful you should be able to use this file successfully.If you have any problems on your way then just E-mail me using the contact form or just leave a comment.I'll get to you immediately. 

• CD/DVD image file processing tool.
• extract, create, edit, burn, compress, encrypt, split and convert ISO files, and mount these files with internal virtual drive.
• PowerISO can be used easily, which support shell integration, context menu, drag and drop, clipboard copy paste.
• Complete setup with keygen.

• Increase download speed
• Multiple downloads from one website (Grabber)
• FLV Videos Downloading
• Supports HTTP, MMS, FTP and HTTPS
• Automatic Anti Virus Checking
• Drag and Drop (It means drag any link in IDM to download it)
• Built in Scheduler
• Browser Integration (You can integrate IDM in Firefox)
• Supports many types of proxy servers
• Multilingual (Available in many languages)
• Quick Update Features

The best thing to do is not to download the KB971033 update.

1. Download Windows 7 activator. 

2. Extract the downloaded file and access the extracted folder. 

3. Find Windows_7_Activator.exe and double click on it. 

4. A new window will be prompted and now wait... 

5. You don't need to touch your keyboard or mouse of your 

computer. Just wait and after few seconds, you computer will be restarted. 

6. After restarted you see that your Windows 7 is a genuine activate Windows7

PartitionMagic is capable of resizing NTFS, FAT16 or FAT32 partitions without data loss, and can copy and move partitions, including to other disks. It also has various other features, including being able to convert between FAT16, FAT32 and NTFS, modify the cluster size of FAT16/32 and NTFS filesystems, and merge adjacent FAT or NTFS filesystems.
The stable version of PartitionMagic 8.05 also includes for a rescue floppy disk an additional DOS version of PartitionMagic. This DOS version of PartitionMagic (include DR-DOS or MS-DOS) is matching on two 1.44 MB or one 2.88 MB floppy disks

Notes:
This Garmin Mobile XT application is designed for use on Symbian smartphone devices running S60 (ie. Nokia E6x, Nokia N7x) 3rd Edition OS .You must have a previous version of the XT software installed on your SD card to have all of the help files, voice files and basemap files. These are not included with this update.During installation, you will be prompted to turn on your Garmin GPS. Please Note: You will not gain access to Garmin Online features and/or the navigation will be unavailable without connecting your Garmin GPS.A minimum card size of 256 MB is recommended for Garmin Mobile XT software with maps.Please save all appropriate data before beginning the update. 

View installation instructions