Pro Hack Tricks: March 2015

Friday, March 6, 2015

Steganography

Definition:- Steganography (STEHG-uh-NAH-gruhf-ee, from Greek steganos, means "covered," and graphie, means "writing") is the hiding of a secret message within an ordinary message and the extraction of it at its destination.

Stegnography is the art or practice of concealing a file, message, image, or video within another file, message, image, or video. The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal.

The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples in his Histories.Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.

Modern steganography entered the world in 1985 with the advent of personal computers being applied to classical steganography problems. Development following that was very slow, but has since taken off, going by the large number of steganography software available

Making of Stegnography by CMD

Requirements

Pic
secret message that can be embbed in to it
CMD

Select any one pic from your system.
Write any secret message in notepad or word.(save both files in "d:" )
Open cmd

Commands

copy pic.jpg+secret.txt new pic.jpg

Here you can see the pic and text is combined.

How to see the messege written behing the pic.

.Open the pic (here it is "new pic") so i opened it. Now you will see the actual pic now "right click" and open with "Notepad". See the Message which you have written is in the end. So enter "end" from your keyboard and you will see the message which you have written is their

This was the trick of creating Steganography. Be safe and send encrypted message.

Reference:- http://en.wikipedia.org/wiki/Steganography

Terms & Warning:

Use this post for educational purposes only and for your self knowledge.
Pro Hack Tricks Blog Team, its Author, Admin cannot be held responsible for any legal action or other action taken against you if you use this script illegally. Use at your own risk. But remember no one is untraceable.

Monday, March 2, 2015

Facebook hacking and Security Tips(LOGIN APPROVALS)

Facebook Hacking

Now a days facebook is the key for making new friends, Chatting, Posting your picture sharing your private life to the internet. We are exited to know what our friends, family members, Gf/Bf with whom they are chatting, posting pics etc. So for getting someones information on facebook we are hacking into their accounts and getting their information.. There are many ways to crack someone facebook account. The hackers can only hack your account with your help with out your help nothing is possible.

WAYS OF HACKING FACEBOOK

Phishing
Keylogging
Social Engineering
Sniffing
Brutforce attack

This are the 5 ways by which your account can be hacked. So i want to tell you that without your help no one can crack your facebook account. Facebook doesent have any loopholes so that hacker can not enter into its server and get your id password. To secure your self is yourself is your responsibility. Facebook will provide you the security but its upto you to activate that or not.

Facebook Security

Today i will show you security called LOGIN APPROVALS. This is the security made by facebook like 2step verification. This security basically means when you enter the Id and password while the time of login this is not sufficient you will get OTP(One Time Password). when server will validate the same OTP then it will allow to access to your account. Same thing is their in many Emails,Net banking etc.

In ASIAN Countries this security is not available. But if you are living apart from Asian countries this feature is available. I am curently living in INDIA so this feature is not available. And the good thing is i have LOGIN APROVALS form more than last 6 months.

How to get LOGGIN APROVALS in Asian Countries. Here is the simple way to get LOGIN APROVALS activated in your account(2 step verification).

Download TOR Browser clisk on this link TOR Browser

Install it. After installing click on exe file

Now click on "Start Tor Browser".

The screen will apear like this after starting.

Now type url facebook.com

Enter Login id and Password
Then go to "Option" it is in top right side and select "Settings" as shown in image.

Once you entered in then click on "security" 2nd option on from top left side.

Now click on "App password" and select edit then "Generate app passwords" and follow steps.

You have done with LOGIN APPROVALS now you will get OTP to enter into your facebook id.

NOTE:- This is illegal process of getting LOGIN APPROVALS. IN Asian Countries this feature has not came into play. So keep this for educational purpose only. Do'nt try this.

IDN Homograph Attack (Undetectable Phishing URL)

Phishing pages are detected by many websites and antiviruses. So the phishing attacks are almost over. Here i got some great information about "Undetectable Phishing pages". I will not show you the actual phishing attack by IDN Homograph Attack. I will show you an example for this and it is same as you can use in your Phishing URL.

How attackers can trick users into clicking on links which appear to be genuine but lead to malware or phishing sites etc. I mentioned that one method used would be to replace characters of the genuine URL with characters from other language sets (Russian languages for example) which look the same as the English characters in the browser. In short the attacker can perform a homograph attack.

Internationalized Domain Name(IDN) homograph attack. This kind of spoofing attack is also known as script spoofing. For example, a person frequenting citybank.com may be lured to click a link in which the Latin "C" is replaced with the Russian "С".

Some time you make phishing page, But problem is the link of that phishing page, Due to that link it is possible to detect phishing page by target. Here i will show you how to change the alphabet that looks like english but it is not.

Here i will search my name "urvish sandanshiv" in the normal Google search engine and see what result i got.

The search result i got is 138

And now see the magic what happens with the result same name i search in the Google.

There is no result for my name. So what Google is unable to seach me. Search engines are stronger than me and intelligent too but i fooled them. What i did i just replaced the English character "a" to Russian "a" from my name it looks like same but it is different. And see the result what it happened. The same thing you can do in Phishing URLS. Replace the English characters with Russian character while making Phishing URLS.

Original ;- urvish sandanshiv
Duplicate :- urvish sаndаnshiv

You can not identify this thing so as the search engines.

Now the trick i will show you how to do this. And this can be use in making Phishing URL also. Just open this link Russian character set. You will see some of the letters that are same in English and in Russian but the meaning and pronunciation are different than English. You can make Undetectable phising URL with the help of this.

REFERENCE

en.wikipedia.org

www.securityninja.co.uk/

Terms & Warning:

Use this script for educational purposes only and for your self knowledge.
Pro Hack Tricks Blog Team, its Author, Admin cannot be held responsible for any legal action or other action taken against you if you use this script illegally. Use at your own risk. But remember no one is untraceable.