0 Hack A Facebook Account By Exploiting Facebook's Trusted Friend Feature

Facebook is constantly trying to improve their website's security by introducing new security features that would help facebook users to stay safe and secure. We recently published a report that around "83 Million Facebook Accounts Are Fake", therefore facebook is having a tough time improving their services and making it spam free and more secure. One of those important security features that facebook introduced  in late 2011 named "Trusted Friends Feature".

This feature enabled a facebook user to recover his/her facebook account by choosing 3trusted friends who will be provided a key (code) by facebook and the facebook user would need to call the trusted friends and ask for the codes, Once the facebok user has entered all three of the keys, he would regain access to his/her facebook account.

Exploiting Facebook's Trusted Friends Feature To Hack A Facebook Account:

However this feature can be easily exploited to hack a facebook account, A hacker can easily create 3 fake facebook profiles and add it to victims account, Thus making it simple for a hacker to hack into a facebook account.

Demonstration





However this process is not so simple as it looks, facebook has made this process a bit more difficult by adding certain security measures, Below is the comment of a facebook employee who works on site's integrity team.

Hi my name is Jake and I work on the Site Integrity team at Facebook. The attack described in this article is misleading in that it is relying on the notion that Facebook users will not only get tricked into adding fake accounts as friends, but then they’ll trust strangers with being their Trusted Friends over friends or family or someone the user actually knows. In addition to the fact that we are constantly working to identify and remove fake accounts, the assertion that any that are on the site could systematically trick users into giving them a backdoor into their account is a big stretch.

It should also be noted that Facebook has safeguards in place to prevent attacks such as these. We have detection systems that flag and block not only fake accounts, but friend requests that seem fraudulent (i.e. the sender and recipient do not know each other). We also have systems that detect suspicious logins and block access to your account if a hacker is trying to login as you.

If you have not set Trusted Friends and are trying to go through account recovery, we require you to pick friends from different clusters (e.g. coworkers, classmates, family) specifically to prevent gaming of this recovery process. Furthermore, if the attack vector described in this article, which seems extremely unlikely, were to succeed, a 24 hour lockout period occurs at the beginning of any account recovery done through Trusted Friends. Notifications are sent to any contact information confirmed on the account, giving the user the ability to lock down their account, disavow the recovery and reclaim access to their account.

How To Secure Your Facebook Account

The easiest way of securing your facebook account against this attack is by using a trusted friends:

What are trusted friends?

Trusted friends are friends you can reach out to if you ever get locked out of your Facebook account (ex: you turn on login approvals and then lose your phone, you forget your Facebook password and can’t get into your login email account to receive a password reset). If you get locked out, we’ll send each of your trusted friends a security code. All you need to do is call your friends and collect the codes.

You’ll only need 3 codes to get back into your account, but we recommend picking 5 trusted friends so you have back-up. Your trusted friends should be people you can easily call and who are likely to respond to you quickly.

You can pick your trusted friends from your Security Settings page.


How do I set up trusted friends?

To set up trusted friends:

1. Go to your Security Settings page (Account > Account Settings > Security)
2. Click on the Trusted Friends section
3. Click Choose Trusted Friends
4. Scroll through your friends or search for specific friends
5. Select 5 friends and confirm your choices

Note that you can edit your list of trusted friends from this page anytime.

If you would like to learn the exact techniques which hackers use to hack a facebook account, I would recommend you to take my "Facebook Hacking Course".

0 Hacking Facebook - Fb Status Hack (updatin status Fb orang)

Ini adalah metode hacking di mana Anda akan memerlukan banyak keterampilan rekayasa sosial. Ini adalah hack menarik dan Anda bisa mendapatkan sejumlah korban dalam trap. Ikuti langkah ini

1. Kirim link ini ke korban-

https://m.facebook.com/upload.php?_rdr

2.  Pastikan korban dalam keadaan  Login.

3.  Korban akan di kirimi m.facebook jenis / sesuatu dari Id e-mail dimana mereka harus      membuka email. 

4. Id dari email itu  akan di kirim ke akun mail anda (gmail, yahoo, dll) dan apa yg ingin anda ingin tulis di status Korban akan meletakan itu sebagai " Subjek " Dari surat

5. YOU ARE DONE.!! <TAU ARTINYA KAN.!?>

1 CARA MENDAPAT LIKE Atau JEMPOL BANYAK DI STATUS FACEBOOK 2012

Status Tergila Ѳ҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆Ѳ Райбэяай Ҝофоҝ Ѳ҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆҆Ѳ

 

Auto like status atau facebook 

auto like adalah cara otomatis like / suka terhadap status sendiri di facebook. Trik cara otomatis like / suka statusfacebook sendiri anda juga berlaku untuk otomatis like / suka komentar facebook teman anda

CARA MENDAPAT JEMPOL BANYAK DI STATUS FACEBOOK MENGGUNAKAN AUTO LIKE, BOM Like 2012

Untuk masuk ke aplikasi ini, kamu setidaknya harus berusia 18 tahun, karena kamu hanya dapat menggunakan fitur ini jika mengizinkan berlangganan (subscribe) di akun facebook kamu, dan bisa berlangganan hanya jika kamu berusia 18 tahun


Aktifkan berlangganan (subscribe) disini!

kalau kamu masih dibawah umur,
silahkan ganti tahun lahir kamu jadi 1993
gantinya di profil fb > info (tentang)

kalau udah aktifkan tab pelanganmu disini!

terus privasi facebook dan pelangan kamu buat publik ( semua orang )
selesai itu anda dapat menggunakan bom like 

  Sebelum gunaiin AutoLike kita Gunain app buat update status yuuk,!
Biar lebih exis.! haha

‍‍‍‍‍‍‍‍‍‍>Update Status With Aplikasi<

{{ Update 11 -12 -13 Agustus 2012 }}

>>> Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM

• 1  http://powerlike.org   
• 2. http://powerlike.net/
• 3. http://clownlike.blogspot.com/  < Tinggal masukin Id post aja
• 4. www.super-liker.us
• Mau update Status Melalui BB atau yg lain
  Disini Sob.!

_

{{ Update 11- 12  -13 Agustus 2012 }}

_

JIKA ANDA PUNYA ALAMAT  Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM yang WORK 100% ,, Yuks kita berbagi ( sharing ) sesama jempoler Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM di komentar dibawah..

 

.

Keterangan == Jika memang error..dikarenakan kamu terlalu sering memakai atau facebook admin telah hapus script Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM

Bagaimana menanganinya ..??? ya kamu jangan sering kali memakai Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM,, paling enggak 1-2 kali aja sehari,,,kalau kamu sering memakai Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM,,ya itu akibatnya gak bisa pakai  Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM lagi.

JIKA ANDA PUNYA ALAMAT  Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM yang WORK 100% ,, Yuks kita berbagi ( sharing ) sesama jempoler Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM di komentar dibawah..
Tolong di-review apa yang kurang dan apa yang lebih :P
Kalo punya ide buat  ini, silahkan komen dibawah, gak usah ragu dan bimbang, disini gak ada yang master gak ada yang newbies, semua masukan dianggap special (biarpun keluar dari be'ol ayam, kalo itu telor, ceplokin aja, goreng, ber-vitamin!! :D)
Kalo punya masukan Auto like , Bom Like , Bomb thumb, Arisan jempol, F8F, Jempol SM yang WORK 100%, silahkan cara, dan link urlnya dikomen bawah.

Jadi nantikan terus update :

   http://www.facebook.com/b4dut

0 Hack Gmail Password With Gmail Hacker

Previously i have posted alot of articles on Gmail hacking. Recently the number of users Gmail users have increased, therefore Gmail have been the major target of lots of hackers.People use Gmail as a primary email and therefore if hackers can gain access to their primary email accounts so therefore they can also hack other accounts associated witth your Gmail account.

While browsing on the internet I came across a piece of tool that can help hackers with goodsocial engineering skills hack gmail passwords easily, the tool itself is extremely simple to configure and very user friendly. The gmail hacking software is so easy to use, all you need to do is to download the gmail hacking software from the link mentioned below, build your server and send the server to the victim.

Gmail Hacker - Hack Gmail Passwords

Here is how a hacker can use Gmail hacker to hack gmail passwords:

Requirements:

• Download .Net Framework
• Gmail hacker
• Winrar (In order to extract the files) 

Step 1 - Extract the arhive named gmail.rar on your computer, Once you have extracted you will see the following files:

Step 2 - On opening Gmail hacker builder.exe you will see the following:

Step 3 - Next you need to enter your gmail address where you would receive logs. However I would recommend you to create a fake email address and use it for receiving logs. 

Step 4 - Once you have entered your credentials, click on the build button. 

Step 5 - A file named gmailhacker.exe would be created, On executing the file, the victim will see the following: 

Now you need to apply your social engineering skills in order to make the victim enter his/her credentials on to the software. The simplest way of accomplishing this is to tell the victim that the application Gmailhacker.exe is itself a gmail hacking software, You just need to the victim's username, your own gmail ID and your own gmail password, where you would receive victims passwords and click "Hack Them".

Step 6 - Once the victim clicks on the "Hack Them" button, his own gmail credentials that he entered would be sent to you on the email you typed while configuring the software. 

Well, here is an interesting part, when the victim will click on the button "Hack them", he will receive the following error, making him thinking that their is a problem with the software:

If you would like to learn a more advanced way of hacking gmail accounts, I would recommend you to view my blog posts on Remote Password hacking Software Sniperspy. 

0 Dropbox Accounts Hacked !!!

The minimized tragedy of dropbox.com few weeks back was soon yet revealed with the spam attacked the site and it came to conclusion few accounts were hacked.



 "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," Dropbox said.

"A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."

 After the attack, security measures were taken to improve the security of website. This includes a new two-factor authentication system that requires two types of identity proof, new mechanisms to identify suspicious activity and an activity monitoring page for users to review all activity on their accounts.

0 450k Voice Passwords Breached Confirmed by Yahoo

450000 login details were posted online from a group of hackers called D33ds they claimed that all these details came from an un identified Yahoo service and they obtained it through the traditional method of SQL injection. The worst thing is that all the log in credentials were posted on their official website (d33ds.co) but the site went down.
First it was linkedIn now its Yahoo, Hackers are gone wild in 2012. If you are a Yahoo voice's user here is a peice of advice for you, Go change your password right now, We are waiting for your right here because if you don't there is a great possibilty that your information will leak and yeah do change the passwords of all the other services you are using which are connected with your Yahoo voice id.

Yahoo confirmed the whole scene and gave a statement which is as follows:

"An older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, Of these, less than 5% of the Yahoo! accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."

The 450k usernames and passwords were publically posted on internet. Most of the websites went down due to this but the files can still be downloaded from torrents. The worst parted is all the credentials posted were not even encrypted. Just plain text revealing the info.

There is one more bad news for Yahoo voice users, Hackers got access to the complete database not just the username and the password but also name, phone number, address, bio, education details and much more about the 450k users, you can't change everything.

Now lets see what the hacker group has to say about this, D33ds says "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," Well now its completly upto you what do you want to believe and how you protect your personal information online

Sql injection is now one of most popular method of hacking. Is your website safe? Learn: How To Protect Your Website Against SQL Injection

0 || HOW TO CRACK SOFTWARES ||

HELLO GUYS TODAY I'M SHARING A BEAUTIFUL VIDEO TUT MADE BY MY FRIEND ON CRACKING A SOFTWARE ALSO KNOWS AS "REVERSE ENGINEERING'.

THIS IS A BASIC TUT

Reverse engineering is basically the reverse process of Engineering. Software reverse engineering involves reversing a program’s machine code (the string of 0s and 1s that are sent to the logic processor) back into the source code that it was written in, using program language statements. Normally we use dissemblers to view the assembly language instructions of a software rather than binary code (0s and 1s) which are difficult to play around.

you can aslo reverse the keylogger/RAT servers to get the information of hacker u can play with many softwares which have no encryption nd good security :D!!


 OllyDbg


OllyDbg is a 32-bit assembler level analysing debugger for Microsoft^® Windows^®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download

TUTTORIAL BY Devendra Saini OWNER OF http://devzcyberarena.blogspot.in 

0 || RAT DETAILED TUT WITH PICTURES ||

Hello Guys this is AV It’s been a long time I have posted anything

So here is my new tut on creating RAT (REMOTE ADMINISTRATIVE TROJAN)

What will be learning today?

       Port forwarding for rat

2      Making account on no-ip.com

3      Setting up your RAT (ill be using DARKCOMMET RAT for the tut)

Sadly Darkcommet project has come to and end. Its was the best free rat tool available on the net a big thanks to the creator DarkcoderSC for creating this tool.

Ok Guys lets start First thing is port forwarding

Go to Run-->Cmd--> and type ipconfig

You will see default gateway address. Enter that in your browser to enter your router settings

See port forward option in your router. Im using MTNL so ill tell how I port forward in my router

Go to Advanced Setup-->NAT-->Virtual Server you will see the following screen

Port 1604 is recommended for Darkcommet

In you local ip address enter your IPv4 address you got from ipconfig

Just save it

And to confirm that your port is running visit

http://www.canyouseeme.org/ to confirm it

ok here is the end of part one related to port forward

Now the second part is creating host on www.no-ip.com

Go to www.No-ip.com and register your account, activate and login in to your account you will see the below screen

Click on ADD Host

Add a hostname and select no-ip.info or whatever of your choice

Now go n click on create host

 Once its done you will see the below screen

Then go to download and download DNS update client according to your OS

Install it in your pc

When you open it you will see the below screen

Just enter your no-ip.com id and password

After that when it enters you will see the below screen

Here you should see the hostname you created on no-ip.com

Tick mark on it and save..

And finally if all things are done correctly. You will see the below screen

Ok Guys Now our Port forward + host is ready. Now will Move to our darkcommet

First Download Darkcommet from the below link
https://www.dropbox.com/s/sxk2l8jl20wdv0l/DarkCometRAT531.rar 
Pass:- hackerzadda.com
  
Once u download  it extract and open it
Note:- AV will start detecting it as virus so disable it
once you run it below screen you will see

 Once you Open it click on word Darkcommet and go to client settings

Once you do that below screen will Pop up. in that go to no-ip updater
Note:- to have darkcommet skin like me go to client setting and in Main Window Border Style Select Ubuntu

In No-Ip Host write the host name you created on n0-ip.com
and enter you username and password of no-ip.com and click on update
and the close it and go back to Darkcommet


Ok Now will create rat Click again on Darkcommet-->server Module-->full editor
you will see the below screen

Give profile Name whatever you want..you can see Process Mutex after that Random Button click on it for 5-10 times


Now click on network settings

Enter your no-ip Created Dns in IP/DNS and port 1604 and click on ADD.
Then go to Module Startup

Just Have the same settings or change as per you need.
Remeber Never tick mark on Melt File after first execution.
Then go to install message
ill skip that if you want to give any message when your file is run tick mark it and write your message
Go to Module Shield and keep the below settings or as per your need

 Then Click on Keylogger By default Active keylogger on server Startup is tickmared. But if you want keyloges to your FTP account you owned. JUst set it accordingly.
Then Go to File Binder. Browse the file which you want your RAT to be combined. Browse it and click on ADD File
Then go to choose icon choose icon whichever you want
and den go to stub finalization

And click on Build the stub and save it where you want
Now you RAT is ready :)
Make a Google search and search for Crypters or Method to Make your RAT FUD
Spread you rat via torrents or use innovative ways like with Some hacking SOftware name etc..
Go to Darkcomet n click on listen port and eneter 1604 and click on listen

Once your rat is Run you will see Victim in Users like this

Thanks Guys For reading the tut hope you will it. For any queries or any problem please fill free to comment


Note:- Tut is only for educational purpose. The writer for website is not responsible for any Damage done or Caused because of the above Mentioned Tut. Do it at your own risk!!