Saturday, 17 November 2012

Clickjacking attack and its variants

Clickjacking is one of the most used attacks by spammers on Facebook. Almost in every month, we face a new type of clickjacking attack on Facebook. Clickjacking is a new type of attack which is performed on web applications. And most of the users do not know about the attack. This attack is complicated and little difficult to understand. It requires some programming skills to perform the attack as it is an advance attack. The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008. These are the persons who first described the attack.

ClickJacking: Clickjacking word comes from the term “Click Hijacking”. This attack is also known as User Interface redress attack, UI redress attack or UI redressing. In this attack, attacker hijacks the users click. This attack is tricking a user to click on a link which is different to what the user is clicking. It means a user will try click on a different link, but the action will be performed on different link. Attacker uses iFrames and CSS to create a good looking page to fool the victim. I know it’s confusing but I am trying to explain the attack in simple words.
Suppose there is webpage A which is created by the attack. In this web page, attacker has included an IFRAME which loads some other website B. And the frame is included in a way that only a button of the page B is visible on the page A. And the border and frame is not visible. The content on Page A around this frame in put i a way that the button on the frame seems to be the part of the page A. Now think the page B is the Facebook and the button is the like button of a page, but it is included on the page A in a way that it does not look like a like button. Misleading User Interface implies that the button serves a different purpose and is a part of site A. On the page A, attacker is claiming something else and requesting users to click on the button.  But user needs to be login on the website B to perform the attack. If the user is not logged in on Facebook, then clicking on the like button will ask him to login and the attack will fail.
Example: There is a web page with a video of a song and a button to play the song. But there is a Amazon affiliate button just inside the play button. As the user clicks on the play, the click will be transformed to the affiliate button. In real, the user tries to "play" the video but actually he/she "buys" the product from Amazon.
I think now it’s clear why this attack is known as click hijacking. But sometimes layers are not exactly the layers. They are the frames which are used to load the external pages on a clickjacked web page. So hackers can use frames or layers to trick a user.
How this attack is performed:
First of all we need to prepare the page where we will load the element from the target website. In this attack we use 2 iframes. First of all we will create a inner page on which we position the button (which we want to be clickjacked) at the top right corner of the page. Then we will load this inner page in a second page suppose it is outer. In the outer page we will keep the frame too small to show only the button from the page.
While creating and loading the target website in the inner page, use the frame code given below.
<head>
<style> body { display : none;} </style>
</head>
<body>
<script>
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>

We have given the ID inner to this frame.  Scrolling=“no” will remove the scroll bars from the frame and frameborder=”none” will remove the border from the frame. This makes the frame look like the part of some page elements. No one can tell that the content is being loaded from an iframe.
Now position this page with CSS to make sure that the subscribe button (which we want to clickjack on some other page) is at the top left. Change the left and top positions to change to location of the frame content on the page.
#inner { position: absolute; left: -600px; top: -600px ;}
After positioning the button at the top left corner of the page, now we will add this page to any page where we want to add this button. Also on the target page, we will use same rules of scrolling and borders. This will force users to think that the button is the part of the page. Add text and other contents around the button. Design a proper layout and theme and add texts according to your button.  You can also request visitors to click on the button by posting some request messages.
Some popular clickjacking incidents: These are some popular incidents of the attack which attracts security researchers attention.



    • Adobe vulnerability which allows attackers to trick enable their webcam and microphone. It was later patched by Adobe.




  • Likejacking attack on Facebook to increase fan page likes.

  • Facebook dislike button scam which posts false messages from the affected profiles.

  • Trick users to follow someone on twitter. It is used by spammers to increase twitter followers.

  • Most of the strange video posts on Facebook which spreads automatically on friend's wall.


Other variants of the attack:
Cursorjacking: Cursorjacking is another type of attack in which the cursor of the users screen is displaced from the position user perceives. So user thinks cursor some other place while it is not there. Thus attacker managed to hijack user’s actions on the webpage.
See the nice demo of cursorjacking attacks on the links below.
http://koto.github.com/blog-kotowicz-net-examples/cursorjacking/
http://www.mniemietz.de/demo/cursorjacking/cursorjacking.html
In these demos, you will see how in actual the attack works.
The most important fact about this attack is that no successful prevention methods have been implemented yet. You can also create your demo page to learn more about the attack. See the java script code below.
<body style="cursor:none;height: 1000px;">
<img style="position: absolute;z-index:1000;" id=cursor src="cursor.gif" />
<button id=fake style="font-size: 150%;position:absolute;top:100px;left:630px;">Please click me</button>
<div style="position:absolute;top:100px;left:30px;">
<a href="#" onclick="alert(/you tried to click on button but you actually clicked on the link /)">Want to click here</a>
</div>
<script>
var oNode = document.getElementById('cursor');

var onmove = function (e) {
var nMoveX = e.clientX, nMoveY = e.clientY;
oNode.style.left = (nMoveX + 600)+"px";
oNode.style.top = nMoveY + "px";
};
document.body.addEventListener('mousemove', onmove, true);
</script>
</body>
NOTE:  In the code given above, change the fake cursor icon’s URL at cursor.gif

You will see that the original cursor is not on the page and the fake cursor is moving. When you try to click on the “Please Click Me” button, the fake cursor clicks on the link at the left side of the page. The code is easy to understand.  Use of NoScript addon can prevent the attack upto a good level. So always try to use that add-on on your firefox web browser.

Likejacking: Likejacking is used for those clickjacking attacks which are related to facebook. In Likejacking attack, attackers tricks website visitors to like a facebook page and post the status message about the website on their wall. This attack was on the peak more than a year ago when After that facebook has managed to get the solution to reduce the attack up-to a level in Facebook's hackathons. Although, Facebook has implemented some security techniques to prevent the attack, but the attack is still possible on the social networking website. And we see a new type of clickjacking or likejacking attack on the facebook which goes viral in few days and flood our walls.
Prevention:
This attack can be prevented from both server and client side. Users can also use some tools and scripts to protect themselves from the attack. And web masters can also use some security measures to protect their visitors and users from the attack.
Client side methods to prevent the attack
NoScript
NoScript is a nice Firefox addon which works on both desktop and mobile version of the browser. It This firefox addon prevents execution of unauthorized malicious scripts on the client browser. It also prevents users from clicking on invisible or "redressed" page elements of embedded documents or applets. This is the best security tool available for free in the market which protects against clickjaking and cursorjacking attacks. Each new update of the scripts adds more security level to the add-on. It is recommended to use No-Script if you use Firefox web browser.
Ghostery
Ghostery is also a nice browser extension which is widely used as a protection against clickjacking attack. This is a privacy browser extension which is available for all the major web browsers. This nice extension         enables users to detect and control tags, web bugs, pixels, and beacons on the webpage which can collect data from their web browsers.
GuardedID
GuardedID is a commercial paid product. Users need to buy this which works on FireFox and Internet explorer. This tool includes client-side clickjack protection for users on their Internet Explorer and Firefox browsers. This tool forces all the frames to be visible on the page. This tool does not interfering with the operation of legitimate iFrames.
Server side methods to prevent the attacks:
X-FRAME-OPTIONS:
This was added with the release of RC1 of Internet Explorer 8. After this website developers have an option to add a page header to detect and prevent frame-based UI redressing. This new added X-Frame Options is used to mark the response that the page should not be framed. There are two options with the tag.
DENY: It prevents everyone to frame the web page
SAMEORIGIN: It only allows the current site to frame the content.
Many web browsers have also adopted this. But this has some limitations. In this method, web developers need to deploy the header policy in each page which can make the development part complicated. Many web proxies also modify header add strip some part. If a web proxy strips the X-FRAME-OPTIONS header then use of this method is waste and website will lose its framing protection.
Defending with Frame Breaking Scripts:
In this method, we embed a script on the web page which we do not want to be framed. Although there are many methods and scripting have been suggested to protect with this method. In these scripts, developers try to force loading the parent page on all the attached frames. So that attacker couldn’t load any attacking buttons or links from some other websites.
All the protection scripts are browser dependent so no proper security mechanism have been deployed yet.
But the best and secure script it this.

<head>
<style> body { display : none;} </style>
</head>
<body>
<script>
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>
Conclusion: This is an advance attack and most of the web developers and users do not know about the attack. This attack is already famous on Facebook. There are various popular video clickjacking scams. Most of the developers also think that protection against CSRF will also fix the clickjacking issue. But this is not the true fact. As you can see that it is just a framing and uses the same page. So referrer checking and token is not going to protect against the attack.
As I have already discussed common and popular defenses against the attack, we developers must use any of the server side method. Users are not too technical to use all these prevention methods. But all these methods can be bypassed with some targeted attacks. As we have already seen that facebook is much affected by this attack while it spends millions on the security.
It is my personal advice to use NoScript add-on while using Firefox web browser. NoScipt add-on is the only successful prevention. NoScript add-on protects users from the clickjacking and other variants of the attack.

Additional reading:
http://www.sectheory.com/clickjacking.htm
http://noscript.net/faq#qa7_1
https://www.owasp.org/index.php/Clickjacking
http://www.contextis.com/research/white-papers/clickjacking/Context-Clickjacking_white_paper.pdf

Friday, 16 November 2012

How To Skip Redirection of Linkbucks, Adf.ly and Other Ads

On the internet, everything is fine but some websites irritate us by showing too much ads. These ads are irritating when we click on a link and we have to wait for some redirection ads. These ads can only be skipped after after 5 seconds.


If you want to get rid of these kind of ads, you can use this nice browser script. This script is called Redirection Helper. It can be installed on Firefox with the help of Grease Monkey and directly to Google Chrome. It not only removed the annoying redirection ads, but also removed Ad Masks.


This script supports these redirection ads

  1. adf.ly

  2. urlcash.net

  3. linkbee.com

  4. lnk.co

  5. pushba.com


This script supports these Ad masks website

  1. turboimagehost.com

  2. imagevenue.com

  3. imageporter.com

  4. imagedunk.com

  5. imageswitch.com

  6. picleet.com

  7. picturedip.com

  8. pixhost.org


 Follow these steps to Install Redirection helper in Google Chrome


IF you are Google Chrome, just click on the link and visit the official website. Find the Install button at the top right corner of the page.
How To Skip Redirection of Linkbucks, Adf.ly and Other Ads

Follow These Steps to Add Redirection Helper in Firefox


In Firefox, we can not directly install this script. First of all, we need to install GreaseMonkey Addon. After installing GreaseMonkey, You will see a monkey icon at the top right corner of the browser. Click on it and then click on "New User Script."

Then install Redirection Helper script to Firefox.

How to Find Person Behind the Email Address

You got an email from an unknown sender and now you want to know about the person. You can directly ask via email. But, sometimes we find it hard or due to circumstances, we cannot ask directly to the person. Then how to do know who is behind the strange email?


Internet is the great resource of finding anything. If the person has some online identity and used the email address in some forums and websites, you will easily find information about the person from Google. Simply, write email address in the search box and press enter. You will find so many useful information about the person from Google search. But what if the person never used the email id for any these kind of activity  Google can not help you enough and you need to perform something else.

1. Find the location of the person by Email Headers


First thing which you can do is finding the location of the person. You can easily do it with the help of email header which contains the IP address of the sender. Open the email header and search for the entry “Received: from" followed by the IP address of the person. In case, you find multiple entries, use the last one.
Now paste this IP address in the IP tracing tools and you will get the IP of the person.

But this method has a limitation. If the email has been sent by using GMail's web interface, you will not get the original IP address of the person. As we know that IP addresses are sensitive information and can be used to get the location of a person. Gmail hides sender's IP address information from outgoing mail headers.

2. Use Identity Search Tools


Use Identity Search Tools to find person behind email


Pipl is a nice identity search tool which can help you in finding a person. Identity search tools are used to find the online identity of a person by his name or email. It will give you the list of all available online profiles, blogs and website that are associated with that email accounts.  It also lists some images so that you get an idea about the person.
With this tool, you can also search all the available profiles of a person from a country with the help of name and country. In most of the cases, this too brings better results

3. Use Facebook Search


Facebook search by email

Facebook also allows users to search other users by email id. If a person has not blocked website in search results, you can easily find about the person on Facebook. Facebook now has more than 1 billion people so there’s a high probability that the sender may also have a Facebook profile.
If you got the Facebook profile, you will be able to get more information about the person.
But it will not help you if the sender uses different email address for social media accounts.

Collection of best hacking books

If you are curious about learning hacking and want to have some good books, this collection will surely help you. First of all, i want to say few words about Indian readers. Never run after self claimed hackers who always fail to show proof of what they have done. In India, hacking workshop is now a big business. Persons who come as trainer show themselves as big hackers but only few of them have real knowledge. I also know few trainers who arrange this kind of workshops and have great command over what they teaching. But most of the Indian self claimed hackers are fake. They publish hacking books by copying other writers content without giving them credits. There are many big names who have done like this. I am just warning to all of you that hacking books written by those writers are only copy paste material and do not have clear idea about what they are writing.


If you want to read some original and real material to know what is hacking, these are some best hacking books. You can also download these books by some tools which allow users to download books from Google Books.
Collection of best hacking books

Hacking For Dummies 
By Kevin Beaver, Stuart McClure


Dummies series always have nice books with unique content. This books also covers some basic part of hacking for beginner students. Apart from hacking, this book also covers about internet safety and protection from hackers.


Hacking the Human: Social Engineering Techniques and Security Countermeasures
By Ian Mann


This book covers one of the most powerful attack, social engineering. Social engineering is really a powerful attack and exploit human nature. This book covers sources of risk from social engineering and basis human vulnerabilities.



Ceh Certified Ethical Hacker Study Guide
By Kimberly Graves


This book covers basic about ethical hacking. It is one of the best guides on CEH preparation.



Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems
By Ec-Council


This book is also a nice guide for CEH preparation by EC-Council. EC-Council is one of the best guide that covers topics in offensive network security, ethical hacking, and network defense and countermeasures.



Hands-On Ethical Hacking and Network Defense
By Michael T. Simpson, Kent Backman, James Corley


This book covers penetration testing methodologies in details. This covers all the latest methods of security and penetration testing. Hands-On Ethical Hacking and Network Defense, Second Edition provides a structured knowledge base to prepare readers to be security professionals who understand how to protect a network by using the skills and tools of an ethical hacker.



Hacking: The Art of Exploitation
By Jon Erickson


This is a nice book on hacking written by Jon Erickson who explains how arcane hacking techniques actually work.

Thursday, 15 November 2012

free download e book : Hacking The Invisible Network




iDefense – Hacking The Invisible Network

 

 
Wireless networking technology is becoming increasingly popular but at the same time, had introduced many security issues. A wireless local area network (WLAN) allows workers to access digital resources without being tethered to their desks. Tools to identify WLANs, break WEP keys and capture traffic is discussed in this book.

 

Download Here

 
http://hotfile.com/dl/78833000/2afe26c/iDefense.rar.html

free download ebook Ethical Hacking (EC-Council Exam 312-50): Student Courseware

 



 
EC-Council E-Business Certification Series

Copyright © by EC-Council


Developer - Thomas Mathew

Publisher - OSB Publisher


ISBN No - 0972936211


 
By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide provides the tools necessary for approaching computers with the skill and understanding of an outside hacker.




Introduction

This module attempts to bridge various aspects of ethical hacking by suggesting an approach for undertaking penetration testing. There are different ways of approaching a penetration test.



  • External Approach



    • With some prior knowledge


    • Without prior knowledge




  • Internal Approach



    • With some prior knowledge


    • With deep knowledge




Whatever the approach adopted, it is a fact that penetration testing is constrained by time and availability of resources, which varies from client to client. To effectively utilize both these telling factors, penetration testers adopt some form of structure or methodology. These can be checklists developed by consulting practices, widely available resources such as Open Source Security Testing Methodology or a customized attack strategy.

There are is no single set of methodology that can be adopted across client organizations. The skeletal frame of testing however is more or less similar. The terms of reference used for various phases may differ, but the essence is the same. As discussed in preceding modules, the test begins with:



  • Footprinting / Information Gathering phase


  • Discovery and Planning / Information Analysis phase


  • Detecting a vulnerability / security loophole


  • Attack / Penetration / Compromise


  • Analysis of security posture / Cover up / Report


  • Clean up


The general objective of a penetration test is to reveal where security fails. The result of a penetration test can be:



  • successful attack - when the objective is met within the scope of the attack


  • a partial success - when there has been a compromise, but not enough to achieve the objective


  • a failure - when the systems have been found to be robust to the attack methodology adopted


Foot printing / Information Gathering phase:



  • Client site intelligence


  • Infrastructure fingerprinting


  • Network discovery and Access point discovery


Discovery and Planning / Information Analysis phase



  • Target Identification


  • Resource and Effort Estimation


  • Modeling the Attack strategy (s)


  • Relationship Analysis


Detecting a vulnerability / security loophole



  • Vulnerability Analysis


  • Scanning


  • Enumeration


  • Zeroing the target


Attack / Penetration / Compromise



  • Exploring viable exploits (new / created / present)


  • Executing the attack / Alternate attack strategy


  • Target penetration


  • Escalating the attack


Analysis of security posture / Cover up / Report



  • Consolidation of attack information


  • Analysis and recommendations


  • Presentation and deliverables


Clean up



  • Clean up tasks and procedures


  • Restoring security posture


Download Here:
http://www.ziddu.com/download/13121682/Ethical_Hacking_and_Countermeasures_EC_Council_Exam_312_50_.rar.html

CEH V7 (Certified Ethical Hacking version 7) Study books Free Download

CEH V7 (Certified Ethical Hacking version 7) is the well known ethical hacking and network security-training program. It meets the security standard and is aimed to train security professionals. CEH V7 training course contains all the latest tools and exploits from underground hackers.
CEH V7 Study books Free Download

If you are preparing for the CEHv7 and looking for the exam guides, you can download CEHv7 eBooks to prepare well.

These are the main chapters in CEH V7


  1. Introduction to Ethical Hacking

  2. Footprinting and Reconnaissance

  3. Scanning Network

  4. Emuration

  5. System Hacking

  6. Trojans and Backdoors

  7. Viruses and Worms

  8. Sniffers

  9. Social Engineering

  10. Denial of Service

  11. Session Hijacking

  12. Hacking Webserver

  13. Hacking Web Applications

  14. SQL Injection

  15. Hacking Wireless Networks

  16. Evading IDS, Firewalls and Honeypots

  17. Buffer Overflows

  18. Cryptography

  19. Penetration Testing


CEH V7 Study books Free Download











Firesheep – Social Network Session Stealing/Hijacking Tool

Stealing sessions/password is now easy with Firesheep and anyone can do it,very easily, which is somewhat scary. This tool provides you a single click hack.
After downloading FireSheep as add-on your mozilla firefox, now you get a side bar.Now log in to a public WiFi spot and click a button "start capturing. You’ll then be shown images and user names of various people using networks such as Facebook, Twitter, Flickr, bit.ly, Google and Amazon in that side bar. With a double click on their image, you’ll be logged in as them immediately. You can log in to any people's account who is using his account in that network.

Download here:
http://github.com/downloads/codebutler/firesheep/firesheep-0.1-1.xpi

How to hack Facebook password using Winspy?

Facebook is the hot topic on my website and my inbox is full of requests to write about easy way to hack Facebook account. So I am writing now a easier way to hack Facebook account.


In this trick, we will use a remote keylogger to hack the password of a Facebook account. First of all I want to say something about the keylogger, I am going to use in this hack. This is one of the best keylogger available in the market but it is not free. It is really safe and comes with customer support. If you are looking for any Facebook hacking tool, i think this one is best. If you are not good in hacking or something like this, you can still use this software easily. It costs very less and all the free versions on some file hosting website comes with Trojan. So I will recommend to buy the tool rather than using the Trojan binded version available for free. If you really want to hack Facebook account, this is the best.


Warning: Hacking into someone's Facebook account falls under the cyber crime. So we will not responsible for anything you do with the help of this post.

Download Here


This is the kelogger which will send you password in your email.


1. First of all get your Winspy keylogger. Download it from the link given below

2. After downloading, run the program and create the user id and pasword. Remember this password as it is required each time you start Winspy and even while uninstalling.
3. Then a new dialogue box will open to show you the hotkey (Ctrl + Shift + F12 ) to start keylogger.
4. Now press the hot key written in last step to go to the login form and enter login details to login.
5. Now you are on main screen of the software. Click on remote at top and then remote install.
user – type in the victim’s name
file name – Name the file to be sent. Use the name such that victim will love to accept it.
file icon – keep it the same
picture – select the picture you want to apply to the keylogger.

In the textfield of “Email keylog to” , enter your email address.
6. click on “Create Remote file”.

Now send this file to the person you want to hack. If victim runs this on his system, you will get all his keylogs in your email. Check keylogs for the password of the victim


see video





Introduction to Keyloggers

The term KEYLOGGER is used for the software and hardware device which are used to moniter the key stroke of a computer system. These programs and hardware device trace every keystroke of a computer system, so the person who installed this on the system can easily get the password and other information which he want to get. The most harmful part of the keyloggers is that it can be bind with a spyware allowing your information to be transmitted to an unknown person via network.

It runs in background and many times it is hidden in task manager process too. It is most harmful for those who use to do e-banking with their computer systems.


A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.
There are other approaches to capturing info about what you are doing.

  • Some keyloggers capture screens, rather than keystrokes.

  • Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.


Hardware Keyloggers A simple hardware keylogger may look something like this:

In this picture you see a hardware keylogger that connects between a PS/2 keyboard and a PC.

Software Keyloggers: These are software programs used to capture keystrokes at a machine. To download these software keyloggers, go to my older posts on keyloggers. There are many software keyloggers available which runs in background and hidden in task managers processes list. It is hard to detect those softwares.


If you have any query on this topic, leave your comment here..

download tab napping script - how to do it??

Tab napping is the newer version of phishing. This type of phishing is more harmful and done to the user using multiple tabs of a web browser simultaneously. This technique is harmful for those users who uses multiple tabs of all their various email accounts and social networking accounts. Because they are easy victim to make fool by the new page because of their habbit of using so many tabs in a time.



In tab napping, if a tab of a browser is idle for some time, it is replaced by a phishing page. It is done by a simple Javascript. Suppose you user was using a web page say A. Now he is Using page B in another tab leaving page A idle. Then this script will redirect page A to the phishing page.

Download Here:
http://www.ziddu.com/download/12640258/tabbednapping.rar.html
http://hotfile.com/dl/84123612/23d451a/tabbed_napping.rar.html  
please comment below if this post is useful for you..

:)

Tab napping | A new technique of phishing

 

In traditional phishing, attacker by email or by any other way sent the phishing page url to the victim which looks like the original login page. But now a days attacker got a new way of phishing. This new way is called TAB NAPPING.
Tab Napping works on the user's assumption that a tabbed web page stays the same when other Internet services are being accessed.Tab napping is more sophisticated than the traditional phishing and it no longer relies on persuading you to click on a link. Instead it targets internet users who open lots of tabs on their browser at the same time.



How does it work:-
By replacing an inactive browser tab with a fake page to obtain your personal data - without you even realising it has happened.Fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.
So don't assume that after you have opened a new tab and visited a web page, that web page will stay the same even if you don’t return to it for a time while you use other windows and tabs. Malicious code can replace the web page you opened with a fake version which looks virtually identical to the legitimate page you originally visited.


How To Detect And Protect Yourself From Tab Napping

Here are the simple and easy steps with which you can detect this new phishing technique “Tab Napping”.

1. Don’t open another tab when your are working with your banking site or any other secure businesswebsite instead open new windows using CTRL+N.
2. Always check the url address of the website if you return from another tab.(Fake page will have differentUrl)
3. Check that the url has secure address “https:// “ or a big green bar in front of the url in address bar which certifies that it is secure and certified website.
4. If you find anything suspicious close the tab and type and open the website in new Tab.

How to hack Facebook fan page

Many times people asked me the tool to hack facebook fan page. I got many mails of those people whose facebook fan page has been hacked. And they need my help to recover that hacked page. Actually there is a small bug in facebook's page settings. In this post i will explain that bug and the way by which you can hack a facebook page.


Facebook page has a page owners and all the members who have liked the page. But admin has an option to make other page members as admin of the page. By using this feature, admin can add as many people as admin as he want.  And admin can also remove other admin. Now the bug exists in this feature. When the admin adds other persons as admin, the new admins will also have all the privileges as the original admin has.




So the new admins added by the admin can add some other persons as admin and they can also remove existing admins. Now the hack works with this feature.




If you want to hack someone's facebook fan page, then request the admin to add you as the admin of that page. Now its up to you how you manage to request admin to add you as admin. Once he added you as the admin of his page, remove him from the admin list. Now you are the owner of the facebook page.

Facebook password hacker tools and online services | truth behind these

One day a girl sent me a mail requesting for a facebook password hacking tool. I was surprised after reading this mail and replied her that i donot have any this kind of software or i think any such tool exists. Then he sent me some links which claims to have such tools and they hack facebook passwords for dollors. she was curious to have that tool and she want to use their service. Most of the online service claim to hack Facebook id only by profile id number which is used in Facebook.
You can also get this kind of services only by searching in google. search "facebook password hacker" or "Facebook password hacking tool".


Some of the service claims that they use old facebook loopholes and their service can retrieve passwords from facebook server within some seconds and blah blah blah..


lolz.. :D


Get your copy of windspy here


Today i am going to describe some truth about those services and passwords. Do you think the number 2 company just behind the google would have these kind of loopholes. Is it easy to intrude in it's server for getting passwords?? Facebook has worlds best security persons in it's security teams. No this kind of intrusion is possible.


Please never believe on those services or tools. They are only claiming this to get some dollors from you and you are going to waste your money for nothing.


Many of you still does not believe me. It's your choice. but please read their notes carefully, you will also get my points. Their claims of accessing password from facebook server or older loopholes and vb scripts. what would vb script do in Facebook which is coded on PHP.


Few days back i got a hacker on Facebook. I am saying hacker as he mentioned hacker word in his name. hehehehehe. He shared a link to a bruteforcer which uses 76 servers to bruteforce Facebook. Now a question to all of you. Can you imagine the cost of 76 servers?? and bruteforcing on Facebook. is it possible on the website which counts invalid login attempts. Impossible. So he was spending money on 76 servers just to give you a tool for free. Do you still believe on him. I asked him the same question and he blocked me on Facebook.


Reality: Most of this kind of websites which offers Facebook hacking tools or services  are not for free. So you will have to pay in advance. WASTE OF MONEY....
If the service is for free, you will have to fill out some survey to unlock the link.. AGAIN A SURVEY SCAM.. In both cases, scammer will earn money and you will only waste your time and money..

Many of you who can use their mind and have some knowledge how internet and website works, will never fall in these scams. But those who blindly wants a tool to hack their gf or bf will sure fall as they do not want to see the truth.


If you want to hack facebook password, read my older post on How to hack facebook 
password. Those are the only way to hack Facebook profile password. do not run and waste money on ready-made password hacking tools and services. All the demo videos are fake and just to make fool.. never trust on those.
Be smart buddies :)

 

 

Monday, 12 November 2012

Hackers Are Sending Free Windows 8 Emails For Phishing Attack

Phishing attacks are now becoming more sophisticated day by day. Now hackers use things which are most demanded and trending. This makes more people to fall in the attack. Few days back, Microsoft released its latest version of operating system, Windows 8 and now it is the weapon of Hackers. People are getting emails that offers free Windows 8 with phishing links.

Security researchers from Sophos labs have found a this new phishing email which is now hitting users' inbox. This phishing email pretends to come from "Microsoft Windows 8 Team" and offers Microsoft's latest Windows 8 for free.
Hackers Are Sending Free Windows 8 Emails For Phishing Attack

This email message reads, "This message is sent to you because, you are a member of the Microsoft window vital user, to Get the new Window 8 freely and fully protected, click the below Microsoft Window 8 premium link and submit, your info on the webpage and click update."

This mail also contains a link at the bottom. Clicking on the link takes users to a phishing page which asks users to give their username, password, email address and server domain name.

Although, it is not hard to detect this phishing attack. But there are so many phishing attacks which are really hard to detect at first look. We can only detect phishing attack with the help of URL of the page we are entering info. We must see the page URL for our safety.

I advice users not to click on any this kind of phishing link sent via emails. If you receive this email claiming free Windows 8, simply delete it.

To know more about Phishing attack and protection against it, you can read following articles:

How to Detect And Prevent Phishing Attacks
How to detect phishing attacks and prevent your account


 

Download Simple Phishing ToolKit - SPT V.0.6.0

SPT is also known as Simple Phishing toolkit. It is an opensource project that aims to educate people and secure minds. This framework is easy to use and identify the weakest links to patch human vulnerability.



As we know that phishing is all about social engineering which exploits the human vulnerability. So this project helps organizations to educate their employees and protect them against this most dangerous attack that is the cause for billion dollars loss every year.

Installation of this toolkit is really simple and company boasts that it will not take more tha 30 seconds to install this framework in the system.

Download SPT Here

Yersinia | Network Exploitation Tool

Yersinia | a network exploitation tool | Network cracking tool | Network hacking tool

 



Yersinia is a network tool designed to take advantage of some weakness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.


Currently, there are some network protocols implemented, but others are coming (tell us which one is your preferred). Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):



  1. Spanning Tree Protocol (STP)

  2. Cisco Discovery Protocol (CDP)

  3. Dynamic Trunking Protocol (DTP)

  4. Dynamic Host Configuration Protocol (DHCP)

  5. Hot Standby Router Protocol (HSRP)

  6. IEEE 802.1Q

  7. IEEE 802.1X

  8. Inter-Switch Link Protocol (ISL)

  9. VLAN Trunking Protocol (VTP)


Attacks
Spanning Tree Protocol



  1. Sending RAW Configuration BPDU

  2. Sending RAW TCN BPDU

  3. DoS sending RAW Configuration BPDU

  4. DoS sending RAW TCN BPDU

  5. Claiming Root Role

  6. Claiming Other Role

  7. Claiming Root Role dual home (MITM)


 
Cisco Discovery Protocol



  1. Sending RAW CDP packet

  2. DoS flooding CDP neighbors table

  3. Setting up a virtual device


 
Dynamic Host Configuration Protocol



  1. Sending RAW DHCP packet

  2. DoS sending DISCOVER packet (exhausting ip pool)

  3. Setting up rogue DHCP server

  4. DoS sending RELEASE packet (releasing assigned ip)


 
Hot Standby Router Protocol



  1. Sending RAW HSRP packet

  2. Becoming active router

  3. Becoming active router (MITM)


 
Dynamic Trunking Protocol



  1. Sending RAW DTP packet

  2. Enabling trunking


802.1Q


  1. Sending RAW 802.1Q packet

  2. Sending double encapsulated 802.1Q packet

  3. Sending 802.1Q ARP Poisoning


802.1X


  1. Sending RAW 802.1X packet

  2. Mitm 802.1X with 2 interfaces


VLAN Trunking Protocol


  1. Sending RAW VTP packet

  2. Deleting ALL VLANs

  3. Deleting selected VLAN

  4. Adding one VLAN

  5. Catalyst crash


Download Here:
Yersinia Network Exploitation Tool

CAT – Web Application Security Test & Assessment Tool

CAT – Web Application Security Test and Assessment Tool


As we know that hackers do not leave a single chance to hack into a website by exploiting its vulnerabilities. So it is really important to find and patch all the vulnerabilities. For this, either you can hire a penetration testing company or you can do this job by your self with some freely available web application security testing and assessment tools.

CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.


There are a number of differences between CAT and currently available web proxies. They include:

  1. CAT uses Internet Explorer’s rendering engine for accurate HTML representation

  2. It supports many different types of text conversions including: URL, Base64, Hex, Unicode, HTML/XML, SQL and JavaScript no quotes

  3. It offers integrated SQL Injection and XSS Detection

  4. Synchronised Proxies for Authentication and Authorisation checking

  5. Faster performance due to HTTP connection caching

  6. SSL Version and Cipher checker using OpenSSL

  7. Greater flexibility for importing/exporting logs and saving projects

  8. Tabbed Interface allows for multiple tools at once e.g. multiple repeaters & different logs

  9. The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)

  10. It’s free!


Download Here:


 

Auto Save Passwords Without Notification in Firefox

Auto Save Passwords Without Notification in Firefox

Hey friends. Today i am going to write about a simple firfox hack which helps you to hack your friends easily. When ever you try to login in any account, firefox shows a notification asking for store user name and password for this website. But aftre using this trick it will never ask to store the password but it would atomatically store all the password. Its ideal trick if you want to get someones login details who uses your computer.

follow these steps:
1) First of all you need to close firefox.
2) Now locate the nsloginmanagerprompter.js file which is normally found in
C:\ProgramFiles\MozillaFirefox\Components\
3) Open nsloginmanagerprompter.js with notepad or other editor. But the editor which would show the line number will be ideal.
4) Replace the entire line 804 to 869 with the following code
var pwmgr = this._pwmgr;
pwmgr.addLogin(aLogin);
After replacing this, save this file
Now it's done. yeppie....
To see the usernames + passwords, go to tools --> options --> security --> saved password

Enema v.1.6 SQL Injection Tool Released


Enema gets an update and releases version v.1.6. Enema is a SQL injection tool but not an automatic tool. So this tool is not so popular and used. This tool is for those who knows what to do. This tool has one more drawback that it only supports latest version of database servers.


Features:



  • Multi-platform.

  • User-friendly graphical interface.

  • Multithreaded.

  • Dump.

  • Customize your queries

  • Plugins to automate attacks


Supported for today:

  • POST, GET, Cookies

  • MSSQL >=2000 and MySQL>=5.0


Injection methods supported:

  • Error based injection.

  • Union based injection (using subquery).

  • Blind Time-based MSSQL(waitfor), MySQL(sleep)


Download: http://code.google.com/p/enema/downloads/list







 

SQL Injection Exploitation Tool - JSQL Injection

SQL injection is one of the most dangerous and popular web vulnerabilities. For new readers, i want to explain that SQL Injection is the web application vulnerability. Hackers use thia attack to hack database driven websites. In this website, hackers inject manual queries to website to get the desired response. After few injections, they also get the username and password for admin account.

There are many automatic tools available that also do the same ask automatically. You just need to enter the URL of the website. I already posted many SQL Injection tools in this website. You can explorer those tools below.
SQL Injection Tools

This post is about a SQL Injection toold coded in Java. This tool is called jSQL-injection that is used to retrieve databse information from a databse server.

jSQL-injection features: 

  • GET, POST, header, cookie methods

  • visual, error based, blind algorithms

  • automatic best algorithms detection

  • data retrieving progression

  • proxy settings


For now this, tool only support MySQL databse server.

Download jSQL-Injection

 

 

How to Sniff WhatsApp Messenger Messages over Wifi with WhatsAppSniffer

WhatsApp is a popular messenger service that can be said the mixture of SMS and Instant messaging service. This is was initially launched for iOS devices only but now available on most of the popular mobile platforms. It is quite popular among youths and you can easily find a person with smartphone using this app. Once installed on your phone, it detects all the person in your contact list using WhatsApp app and allows you to chat with them.




In this post, I came up with a hack for WhatsApp messenger. If you are in a wifi network, you can easily read conversation, being sent and received via WhatsApp in the same Wifi network. You can sniff whatsApp data with an Android device by using an app. For this, you need to download and install WhatsAppSniffer in your Android device. This app shows how whatsapp is vulnerable to sniffing attack because all messages are being sent in plain text.


These are the main features of the app


  • You can only use this app on your rooted Android phone.

  • It sniffs conversation separated by phone numbers. So it is easy to read conversation by phone numbers.

  • It can read conversations outgoing and incoming to Android, iPhone and Nokia phones.


This sniffing app was initially available on Google Play Store. But it has been removed by Google after getting so many complaints.




Notice: You are using this trick and tool on your own risk. I will not be responsible for the damage you caused for your smartphone.

This action also falls under cyber crime catagrory. So you will be responsible for any thing illegal you will do with this trick.

Hide your IP address While Surfing On Chrome

Anonymous surfing is sometimes best privacy option on the internet. We also use this to prevent our IP address being disclosed. Hackers hide their IP to prevent being caught for the crime. There many be so many reasons for anonymous surfing and so many tricks to stay anonymous.

Read : Download UltraSurf and Hide IP address
Read: Unblock blocked website at college and school with UltraSurf

Most of the people use web based proxy serices such as fsurf, hidemayass and others. But I have an easy solution for those who like to surf web on Google Chrome.
There is a nice Google Chrome Extension called HideMyAss Web Proxy which allows Google Chrome users to add a one click proxy service to their web browser.

How to Install Hide My Ass! Web Proxy to Google Chrome


Installation of this extension to Google Chrome is as easy as other extension. Just visit Hide My Ass! Web Proxy page on webstore and click on the Install. In few seconds, it will be added to your browsesr and opens a settings page. Select options and save settings. Now you will see a yellow h icon in the omni bar

How to Use this Extension


Use of this extension is simple. If you are on a web page and you want to open it with proxy, simply click on this h icon. You see that web page is now reloaded with the proxy URL.
If you want to open a new URL in the proxy, open the new tab page in chrome and click on this h icon. It will ask for the URL. Enter the URL and click on Proxy.

It is really easy to use. You will also find it as the simplest proxy solution available.

Add Hide My Ass to Google Chrome

The Hacker’s Underground Handbook | ebook on hacking

The Hacker’s Underground Handbook




The Hacker’s Underground Handbook

Learn What it Takes to Crack Even the Most Secure Systems

By: David Melnichuk

The Hacker’s Underground Handbook will guide you through password hacking, windows hacking, malware, phising, web hacking, network hacking and Linux (intro, installation, etc). All this material fully packed with images, thus being a top step-by-step guide, on the course of which you cannot fail.


A great starting book which will guide you in the right direction, helping you understand the basic concepts of computer security and matters that you should take in consideration.




collection of Hacking books free download

Here i am going to post a large collection of hacking books. There are more than 150 books in this collection on almost every field of computer and network hacking. The name of books are given below with download link at the bottom of the post.Read: Facebook account HackingRead Collection of top hacking books
Read: Hacking Books

this collection includes:

(Ebook - Computer) Hacking The Windows Registry.pdf
(eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf
(eBook pdf) Hacking into computer systems - a beginners guide.pdf
(ebook_-_pdf)_Hacking_IIS_Servers.pdf
0321108957.Addison-Wesley Professional.Honeypots- Tracking Hackers.pdf
0764578014.Wiley.The Database Hacker's Handbook- Defending Database Servers.chm
076459611X.John Wiley &amp_ Sons.Hacking GMail (ExtremeTech).pdf
1246523-Hacking.Guide.V3.1.pdf
1931769508.A-List Publishing.Hacker Linux Uncovered.chm
2212948-Hacker'S.Delight.chm
285063-Hacker.Bibel.pdf
3077366-HackerHighSchool.pdf
731986-Hacker's Desk Reference.pdf
A Beginners Guide To Hacking Computer Systems.pdf
Addison Wesley - Hackers Delight 2002.pdf
addison wesley - web hacking - attacks and defense.chm
Addison Wesley, The Outlook Answer Book Useful Tips Tricks And Hacks (2005) Bbl Lotb.chm
amazon-hacks.chm
Anti-Hacker ToolKit - McGraw Hill 2E 2004.chm
Attacking the DNS Protocol.pdf
Auerbach.Practical.Hacking.Techniques.and.Countermeasures.Nov.2006.pdf
Auerbach.Pub.The.Hackers.Handbook.The.Strategy.Behind.Breaking.into.and.Defending.Networks.Nov.20.pdf
bsd-hacks.pdf
ceh-official-certified-ethical-hacker-review-guide-exam-312-50.9780782144376.27422.pdf
Certified Ethical Hacker (CEH) v3.0 Official Course.pdf
Computer - Hackers Secrets - e-book.pdf
cracking-sql-passwords.pdf
Crc Press - The Hacker'S Handbook.pdf
Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.pdf
DangerousGoogle-SearchingForSecrets.pdf
database hacker handbook.chm
Dummies - Hack How To Create Keygens (1).pdf
ebay-hacks-100-industrial-strength-tips-and-tools.pdf
ebook.oreilly.-.windows.xp.hacks.sharereactor.chm
eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm
ethical hacking, student guide.pdf
excel-hacks.chm
For.Dummies.Hacking.for.Dummies.Apr.2004.eBook-DDU.pdf
For.Dummies.Hacking.Wireless.Networks.For.Dummies.Sep.2005.eBook-DDU.pdf
google-hacks.pdf
Hack IT Security Through Penetration Testing.pdf
Hack Proofing - Your Network - Internet Tradecraft.pdf
Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress -  ISBN 1-928994-34-2.pdf
Hack Proofing Sun Solaris 8.pdf
Hack Proofing Your E-Commerce Site.pdf
Hack Proofing Your Identity In The Information Age.pdf
Hack Proofing Your Network Second Edition.pdf
Hack Proofing Your Network_First Edition.pdf
Hack Proofing Your Web Applications.pdf
Hacker Disassembling Uncovered.chm
hacker ethic.pdf
Hacker Linux Uncovered.chm
Hacker Web Exploitation Uncovered.chm
Hacker'S.Delight.chm
hacker-disassembling-uncovered.9781931769228.20035.chm
Hackers Beware.pdf
Hackers Secrets Revealed.pdf
Hackers Secrets.pdf
Hackers, Heroes Of The Computer Revolution.pdf
Hackers_Secrets.pdf
Hacker_s_Guide.pdf
Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf
Hacking - The Art of Exploitation.chm
Hacking Cisco Routers.pdf
Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf
Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf
Hacking For Dummies 1.pdf
Hacking For Dummies 2.pdf
Hacking For Dummies.pdf
Hacking GMail.pdf
Hacking IIS Servers.pdf
Hacking into computer systems - a beginners guide.pdf
Hacking the Code - ASP.NET Web Application Security Cookbook (2004) .chm
hacking the windows registry .pdf
Hacking Windows XP.pdf
Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf
Hacking-Hacker's Guide.pdf
Hacking-Hackers Secrets Revealed.pdf
Hacking-Hugo Cornwall-The Hacker's Handbook .pdf
Hacking-The Hacker Crackdown.pdf
Hacking.For.Dummies.Access.To.Other.People's.System.Made.Simple.pdf
Hacking.Guide.V3.1.pdf
Hackproofing Oracle Application Server.pdf
hacks.sfv
Hack_Attacks_Revealed_A_Complete_Reference_With_Custom_Security_Hacking_Toolkit.chm
Hack_IT_Security_Through_Penetration_Testing.chm
Halting.The.Hacker.A.Practical.Guide.To.Computer.Security.chm
How to Crack CD Protections.pdf
John Wiley & Sons - Hacking For Dummies.pdf
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook-DDU.pdf
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook.pdf
John.Wiley.and.Sons.The.Art.of.Intrusion.The.Real.Stories.Behind.the.Exploits.of.Hackers.Intruders.
and.Deceivers.Feb.2005.ISBN0764569597.pdf
Jon.Erickson.Hacking.The.Art.Of.Exploitation.No.Starch.Press.2003.chm
linux-server-hacks.pdf
Linux-Server.Hacks-OReilly.pdf
little_black_book_oc_computer_viruses.pdf
mac-os-hacks.chm
McGraw Hill - Web Applications (Hacking Exposed).pdf
McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf
McGraw.Hacking.Exposed.Cisco.Networks.chm
McGraw.Hill.HackNotes.Linux.and.Unix.Security.Portable.Reference.eBook-DDU.pdf
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eB.pdf
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eBook-DDU.pdf
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-.pdf
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-DDU.pdf
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eB.pdf
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eBook-DDU.pdf
Mind Hacks - Tips & Tricks for Using Your Brain.chm
network-security-hacks.chm
No.Starch.Press.Hacking.The.Art.Of.Exploitation.chm
O'Reilly - Online Investing Hacks.chm
O'Reilly.-.Network.Security.Hacks.chm
O'Reilly.Windows.Server.Hack.chm
O'Reilly.Windows.Server.Hack.rar
online-investing-hacks.chm
OReilly  Google Hacks, 1st Edition2003.pdf
OReilly - Flickr Hacks Tips and Tools for Sharing Photos Online (Feb 2006).chm
OReilly - Google Hacks.pdf
Oreilly Access Hacks Apr 2005.chm
Oreilly, Paypal Hacks (2004) Ddu.chm
OReilly,.Digital.Video.Hacks.(2005).DDU.LotB.chm
OReilly,.IRC.Hacks.(2004).DDU.chm
oreilly,.visual.studio.hacks.(2005).ddu.lotb.chm
Oreilly.Amazon.Hacks.eBook.LiB.chm
oreilly.firefox.hacks.ebook-lib.chm
OReilly.Google.Hacks.2nd.Edition.Dec.2004.ISBN0596008570.chm
OReilly.Google.Maps.Hacks.Jan.2006.chm
Oreilly.Linux.Desktop.Hacks.Mar.2005.eBook-LiB.chm
OReilly.Linux.Server.Hacks.Volume.Two.Dec.2005.chm
OReilly.Network.Security.Hacks.chm
OReilly.PayPal.Hacks.Sep.2004.eBook-DDU.chm
OReilly.PC.Hacks.Oct.2004.eBook-DDU.chm
OReilly.Perl.Hacks.Tips.and.Tools.for.Programming.Debugging.and.Surviving.May.2006.chm
OReilly.Skype.Hacks.Tips.and.Tools.for.Cheap.Fun.Innovative.Phone.Service.Dec.2005.chm
OReilly.SQL.Hacks.Nov.2006.chm
OReilly.Statistics.Hacks.May.2006.chm
OReilly.Ubuntu.Hacks.Tips.and.Tools.for.Exploring.Using.and.Tuning.Linux.Jun.2006.chm
OReilly.VoIP.Hacks.Tips.and.Tools.for.Internet.Telephony.Dec.2005.chm
oreilly.windows.xp.hacks.2nd.edition.feb.2005.lib.chm
OReilly.Word.Hacks.Oct.2004.eBook-DDU.chm
OSB.Ethical.Hacking.and.Countermeasures.EC.Council.Exam.312.50.Student.Courseware.eBook-LiB.chm
O_Reilly_-_Windows_XP_Hacks.chm
PC Games - How to Crack CD Protection.pdf
prentice hall - pipkin - halting the hacker- a practical guide to computer security, 2nd edition.chm
Que - UNIX Hints Hacks.chm
Que.Certified.Ethical.Hacker.Exam.Prep.Apr.2006.chm
Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm
SoTayHacker1.0.chm
spidering-hacks.chm
SQL Hacks.chm
SQLInjectionWhitePaper.pdf
Syngress - Hack Proofing Linux (2001).pdf
Syngress - Hack Proofing Your Identity in the Information Age - 2002.pdf
Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf
Syngress -- Hack Proofing Your Wireless Network.pdf
Syngress Hack Proofing Your Identity in the Information Age.pdf
Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
Syngress.Hack.the.Stack.Oct.2006.pdf
Syngress.Hacking.a.Terror.Network.Nov.2004.ISBN1928994989.pdf
The Little Black Book Of Computer Virus.pdf
the-database-hackers-handbook-defending-database-servers.9780764578014.25524.chm
The_20Little_20Black_20Book_20of_20Computer_20Viruses.pdf
tivo-hacks.100-industrial-strength-tips-and-tools.pdf
u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf
Websters.New.World.Websters.New.World.Hacker.Dictionary.Sep.2006.pdf
Wiley.Hacking.Firefox.More.Than.150.Hacks.Mods.and.Customizations.Jul.2005.eBook-DDU.pdf
Wiley.Hacking.Google.Maps.and.Google.Earth.Jul.2006.pdf
Wiley.Hacking.GPS.Mar.2005.ISBN0764598805.pdf
Wiley.Lifehacker.Dec.2006.pdf
Wiley.The.Database.Hackers.Handbook.Defending.Database.Servers.chm
Win XP Hacks oreilly 2003.chm
Windows Server Hacks.chm
WinXP SP1 Hack.pdf
Xbox-hack - AIM-2002-008.pdf
Yahoo.Hacks.Oct.2005.chm
Hackers Beware Defending Your Network From The Wiley Hacker.pdf

Download Here:
Mirror 1
Mirror 2



update:Link is not working now i will update it soon.