Showing posts from March, 2013

MAC Address Spoofing

MAC Address Media Access Control (MAC) address is a unique identifier or a serial number assigned to a network interface. This unique identifier is used in the Media Access Control protocol. It is hard coded in the read only memory of your NIC (network interface card). MAC addresses are used for routing packets between physical devices (i.e. network interface cards) on networks. Most important thing is that no two NIC card in the world can have same MAC address.
MAC Spoofing MAC Spoofing is the way of changing the MAC address of a NIC on a network. By using MAC Spoofing, you will never by pass server access control list. It is only used to hide your identity on the network and it allows network devices to impersonate another network device.
In IP Spoofing, response came to the original

MAC Address Spoofing With SMAC SMAC is a nice tool that can help you in spoofing MAC address of your NIC. This tool is available for Windows and works on Windows VISTA, XP, 2003, and 2000 systems. But …

Create your own Trojan horse virus

Here i am going to describe a tool name ProRAT which is used to create Trojan virus. First of all you need to download ProRAT from this linkDownload

You will also get a tutorial with this setup so there's no need to explain more.

Now run the ProRAT. we will create a server, which you will send to the victim. Click "Create", and a window will pop up. Then choose the way how you want to be notified, and fill in the necessary details. If you want to use Pro-connective, then tick the appropriate box.
Now, click on the general settings tab, and choose a name for your victim, and make a password for your server. Tick whatever boxes you want. If you wish to bind with a file, then click on that tab. The last two tabs will allow you to choose an icon and a sever Extension. Now, Click the create server button. Now your server is ready.

Now we have to send this server to the victim, and get their ip. Once you have done this, and victim has got the server, go on to the client, and input…

Packet Sniffer for Android phones

This is a nice app to capture and display WiFi and bluetooth traffic on Android phones. But for using this app, you have to root your phone and have "su" command install.

This app is based on the tcpdump package therefor it have to be installed manually.

1. Download and Install PacketSniffer App from the market or from the following link.

2. Copy the precompiled TCPDUMP file to the "/data"  library on your phone:    
             first make sure your "/data" library has READ and WRITE privileges. if not use:  "chmod 777 data" 
             in order to copy use the following command if you have ADB :"adb push c:\locationOfTheTcpdumpFile /data"
            in case you don't have ADB you can copy the tcpdump file to the SD card and do:  "cat /sdcard/tcpdump > /data/tcpdump 

3. Give the tcpdump file Read Write and Exec privileges :    "chmod 777 /data/tcpdump"

Before you start to capture you can pick weather to save the captu…

Man In the Middle (MITM) method

Man in the middle attack is a type of attack in which the attacker intercept into the existing connection and breaks it in two different connections, one between the client and the attacker and the other between the attacker and the server. Now all the data would go through the attacker and he would be able to read, modify and insert data in the communication. Man in the middle attacks are sometimes known as fire brigade attacks.
This attack is very effective on http protocol because data is seny on plain text form. It is possible to capture session cookies by header and also possible to change.

MITM Attack tools
There are several tools to perform a MITM attack.
PacketCreatorEttercapDsniffAirJackCain e Abel

Session hijacking methodes

When a user log in to the account  it starts a session with that account and this session ends up with log out  In a running session, user is give a session id which is unique identifier of the user for that session and is only valid for that session.It is the type of attack in which hacker gain access to the session id to gain unauthorized access to information or services in this maintain on cookies.Session hijacking is simple method to hack someone id hack like as a Facebook, g mail, Hotmail,twitter etc. Session hijacking is support on cookies...
Session hijacking can be done at 2 levels:

Network level (TCP and UDP session hijacking)Application level (HTTP session hijacking)

Network level (TCP and UDP session hijacking)

     TCP session hijacking
TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. It can be done by following ways.


key logging with XSS

Keylogger is the tool which is used to record the key events. We all know about the keyloggers used int the computer to capture the keystrokes. But this tutorial guide you to create and use a keylogger on a website to capture all keystrokes on that page.

As the name suggest, It only works on the website that are XSS vulnerable. As we know that we can run our own scripts on those website which have XSS vulnerability. We use our Keylogging script on XSS vulnerable website.
For this attack we need three things:
Kelogging script.XSS vulnerable websiteA webhosting
First of all download Keylogging script from Here:


Now create an account in any free hosting web host that supports PHP. PHP will be used to write keystrokes on a text file.

Now open Logger.js and change the URL of your script. Default URL is
Change it to your hosting URL. 

Now host all these scripts on your web host.

Now find a XSS vulnerable website website and include script link like this:


WiFi password crack with fern WiFi cracker

This is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools.

It should work on any version of linux running the following:


For Slax Distributions, download the zipped module package on the download section, and follow the instructions in the "README" file.

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:

root@host:~# dpkg -i Fern-Wifi-Cracker_1.2_all.deb

Icons and Running the application:

Software Icon can be found at the application Menu of the GNOME desk

How to send self-destructing messages

Today i am going to tell you how can you send the self-destructing messages. After reading the message, it will not be available again for reading. 

                                 Follow these steps for sending self-remove  messages.

   1. Click on this Link.

   2. Write any message you want to send Now.

   3. it will give you a link. Send this link to the person by email.

   3. Then click on Create not.The note will self-destruct after being read.

Sniff WhatsApp Messenger

In this post, I came up with a hack for WhatsApp messenger. If you are in a wifi network, you can easily read conversation, being sent and received via WhatsApp in the same Wifi network. You can sniff whatsApp data with an android device by using an app. For this, you need to download and install WhatsAppSniffer in your Android device.

You can only use this app on your rooted Android phone.It sniffs conversation separated by phone numbers. So it is easy to read conversation by phone numbersDownload whatsapp sniffer

Password Cracking With Cain & Able

If you have few knowledge about password cracking and know few password crackers, I am sure you already know about Cain and Able. Cain and Able is one of the most popular password cracking tools. You can learn more about this tool in our security tools gallery.

Installation of Cain and Able is really simple. Just visit the official website and download it for free of cost. 

Download Here

These are the system requirements for this tool

 At least 10MB hard disk spaceMicrosoft Windows 2000/XP/2003/Vista OSWinpcap Packet Driver (v2.3 or above).Airpcap Packet Driver (for passive wireless sniffer / WEP cracker)

After installation, run the program.

Now click on Configuration menu and open configuration dialog box. Here select the desired network interface card which you use.

Here you will find various tabs which you can use to configure the tool for various kind of attacks. You will find, Sniffer, AR, Filter and ports, HTTP Fields, Traceroute and other.

Password Cracking

As I already wrote that it is…


To start, head over to Facebook2Zip and login with your Facebook credentials.

From there, it’s pretty self-explanatory, choose either your own photo albums for download or choose a friend. Choosing a friend is as simple as searching on Facebook itself, just type their name and then select the album(s) of theirs for download.

The album listing is displayed in block format with album titles to help you quickly find the right one.To download multiple albums at once, hold the ‘Ctrl’ key on your keyboard prior to clicking an album. All albums are archived into a single zip file for download, regardless of how many albums you choose.