**REDHAT LINUX TREE**: September 2011

Tuesday 13 September 2011

How to hack facebook accounts or passwords (Step by Step) for educational purpose only (Awareness purpose- digital world now happen anything)

How to Hack Facebook Passwords or Accounts ?

1. First of all download the Facebook Phisher.

2. Extract the rar file now you will get three files as given below:

index.html
passes.txt
write.php

3. Upload all the Three files to any of the free Web hosting server. Remember while creating the account on these servers try the username as nearer as possible to the original URL like faccbook or facobook etc.. As its the most crucial step. Some Free Web hosting servers are given below you can also find few more for yourself.

4. Once you have uploaded all the three files to web hosting server now you have to send these to your victim. This is the most important step regarding smart phishing technique.
Below are some sample mails that will help you to understand how to TRAP victim effectively.

Now You have to edit this mail. Open this email and click on forward now you will see this email in editable mode now remove the forwarded headers etc and forward from Header.
Remember your Name in Gmail must be Facebook and email account should be like noreplyfacebook@gmail.com etc... Now you have to put the Fake link of index.html file that u have got after uploading on the Web hosting server in place of Two exploit points. Remember always put link in href and original text should be as such. And also try to keep the link as much as closer to facebook original link.

5. Now After sending phisher to victim, once the user logs in to his Facebook account using your Phisher, his user ID and password are ours..And these are stored in passes.txt What you have to do is just refresh your Web hosting account files.

6. The Log.txt file will contain the passwords and look like this:

Thats all Now you have hacked the password of victim... Happy Hacking

HOW to Protect Your Facebook Account?

1. Never Follow any link from the any website or email. Always open manually www.facebook.com and then enter credentials. i.e open it in new url bar...

2. Always check the URL in the address bar while joining any Group.

********************ALL THE BEST ***************************by cnuvasan@gmail.com

password expired mail alert script:

#!/bin/sh
#
# Goran Cvetanoski - 19/12/2006
#
# pwage
#
# This script works out the time left before a password expires
#
# It will send a reminder email 10 days and 3 days before the password
# will expire. The email will go to unix.admin@mydomain.com.au unless an
# alternate email address is specified. An email will also be sent if a
# password has expired.
#
# The following command will send results to unix.admin@mydomain.com.au
# pwage oracle
#
# Specify an alternate email address if you would like the results to be
# sent to a different email address.
# ie:
# pwage oracle oracledba@mydomain.com.au
#
#
# CHANGE LOG
# =========================================================================
# 19/12/2006 - Goran Base script created
# 05/08/2009 - Ricky Smith added code to check each user
#

LOG=/tmp/pwage.log

DASHES="-----------------------------"

show()
{
    echo "$DASHES $1 $DASHES" >> $LOG
    shift
    eval "$@" >> $LOG
    echo "" >> $LOG
}

SendMail()
{
    cat $LOG | mailx -s "$1" "$2"
}

reminder ()
{

echo "Date: `date`"
echo ""
echo "Please change your password within the next $EXPIRE days"
}

expired ()
{
echo "Date: `date`"
echo ""
echo "The password for $USER has expired"
echo "$USER last changed their password on $LSTCNG"
echo "The maximum age for the password is $MAX days"
echo "and it has expired $EXPIRE days ago"
}

CheckUser()
{
 USER=$1
 EMAIL=$2

 CURRENT_EPOCH=`grep $USER /etc/shadow | cut -d: -f3`
 if [ "$CURRENT_EPOCH" = "" ]; then
  return
 fi

 # Find the epoch time since the user's password was last changed
 EPOCH=`perl -e 'print int(time/(60*60*24))'`

 # Compute the age of the user's password
 AGE=`echo $EPOCH - $CURRENT_EPOCH | bc`

 # Compute and display the number of days until password expiration
 MAX=`grep $USER /etc/shadow | cut -d: -f5`
 if [ "$MAX" = "" ]; then
  return
 fi
 
 EXPIRE=`echo $MAX - $AGE | bc`

 CHANGE=`echo $CURRENT_EPOCH + 1 | bc`
 LSTCNG="`perl -e 'print scalar localtime('$CHANGE' * 24 *3600);'`"

 WARN=`grep $USER /etc/shadow | cut -d: -f6`
 if [ "$WARN" = "" ]; then
  WARN=0
 fi
 
 if [ "$EXPIRE" -le "$WARN" ]; then
     show "R E M I N D E R" reminder
     SendMail "$USER Password Info On `uname -n`" "$EMAIL"
 elif [ "$EXPIRE" -lt 0 ]; then
     show "E X P I R E D" expired
     SendMail "WARNING: $USER Password Expired On `uname -n`" "$EMAIL"
 fi
}

# Main Code
domain=$1
if [ "$domain" = "" ]; then
 domain=$(dnsdomainname)
fi

minuid=$2
if [ "$minuid" = "" ]; then
 minuid=500
fi

IFS=':'
while read user pass uid gid full home shell
do
 if [ $uid -ge $minuid ]; then
  cat /dev/null > $LOG
  CheckUser $user "\"$full\" <$user@$domain>"
 fi
done </etc/passwd

Friday 9 September 2011

Webmin Setup Howto fot redhat

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. This article will show you how to install Webmin.

1. Go to www.webmin.com and download the Webmin RPM package.

2. Double click the downloaded file to install Webmin.

3. After installing Webmin, configure the firewall to allow traffic on the TCP port 10000. Learn how to configure the firewall.

4. Start the httpd service. Learn how to start and stop services here.

5. From a web browser, connect to https://localhost:10000 and login using root.

6. That’s it. It’s working.

Thursday 8 September 2011

Best Way To Change Sim without code

Way to change sim without code.

1 - put your new sim card inside the phone, but not totaly plugged (the phone don't see the sim and boot without)
2 - put the batterie on but leave a little space to push forward the sim at the end
3 - boot the phone, it will say 'no sim'
4 - push the sim with something slim (a knife ie)
5 - reset the phone with the hard reset code *2767*3855#

additional step apply to the instructions above: when the phone prompt for a code, type 0000 first, optionally after that one the code of the simcard.

that's it.
Don't let the phone turn off, or you will need to re-do the same task again.

Tuesday 6 September 2011

Real Hacking Steps (Remote Hacking):)) For Educational Purposes Only

Real Hacking Steps consists of following:::

1. Information Gathering / Foot printing
2. Port Scanning
3. OS Fingerprinting
4. Banner Grabbing
5. Vulnerability Assessment
6. Search & Build Exploit
7. Attack
8. Maintain Access with help of Root kits and Trojans.

1. Information Gathering / Foot printing

Information gathering is the process to get maximum details of target host. It is a very important

part of remote hacking because the more information about target system we have, more the number of

attacks we can launch.

2. Port Scanning

What is port?

Port is medium for communication between 2 computers. Every service on a host is identified by

a unique 16-bit number called a port.

Some default ports:

Port number Service::

7 Ping

21 FTP(File transfer protocol)

22 SSH (Secure shell)

23 Telnet

25 SMTP (Mail)

43 WHOIS

53 DNS

80 HTTP

110 POP3 (Mail Access)

513 Rlogin

8080 Proxy

What is port scanner?

A port scanner is a piece of software designed to search a network host for open ports. This is often used
by administrators to check the security of their networks and by hackers to identify running services on a
host with the view to compromising it. To portscan a host is to scan for listening ports on a single target
host. To portsweep is to scan multiple hosts for a specific listening port.
Best port scanners: nmap, Hping2, Superscan.
Download link:

3. OS Fingerprinting

OS (Operating System) Fingerprinting is a process to find out victim's Operating
System(Windows, Linux, UNIX)

Introduction:

When exploring a network for security auditing or inventory/administration, you usually want to
know more than the bare IP addresses of identified machines. Your reaction to discovering a
printer may be very different than to finding a router, wireless access point, telephone PBX,
game console, Windows desktop, or Unix server. Finer grained detection (such as distinguishing
Mac OS X 10.4 from 10.3) is useful for determining vulnerability to specific flaws and for
tailoring effective exploits for those vulnerabilities.
Tools: nmap, NetScanTools Pro, P0f.

4. Banner Grabbing

Banner grabbing
or application. Mean after port scanning we found open port 80 (apache) and target os is Linux,
but we don’t know what is version of apache for remote hacking. Like apache 2.0, 2.2, or 2.6 .

5. Vulnerability Assessment

What is Vulnerability Assessment?

The word "
misconfiguration) that allows a system to be attacked or broken into.
vulnerability" describes a problem (such as a programming bug or common
A vulnerability assessment
ranking) the vulnerabilities in a system.
Vulnerability assessments can be conducted for small businesses to large regional infrastructures.
Vulnerability from the perspective of Disaster Management means assessing the threats from
potential hazards to the population and to the infrastructure developed in that particular region. It can be
done in political, social, economic and in environmental fields.

is the process of identifying, quantifying, and prioritizing (orAutomated Tools:

6. Search & Build Exploit

Manual Method: We can find vulnerability manually with help of vulnerability archive sites like
www.milw0rm.com
and http://www.packetstormsecurity.org/
For exploit and final attack, open the websites say Microsoft, adobe or mozilla which provides
you the source code format. You need to download the code and compile them for preparing
exploit for final attack
.
7. Attack
Launch attack on remote system and get reverse shell
.
8. Maintain Access
After getting remote access we place a root kit or Trojan virus for future remote access, without
any password.

9. Covering Tracks

Covering Tracks is a process to delete all logs on the remote system. If target system is linux or
UNIX, delete all entries of /var folder and if it is windows os delete all events and logs.

Friday 2 September 2011

Nokia orginality checking:

Guys Is your Nokia Cell Phone Original or not??????

Nokia is one of the largest selling phones across the World and Globe. Most of us use Nokia phone but are not aware of it’ originality. Are you keen to know whether your Nokia mobile phone is original or not? Your phones IMEI (International Mobile Equipment Identity) number confirms your phone’s originality.
Press the following on your mobile *#06# to see your Phone’s IMEI number(serial number).

Then check the 7th and 8th numbers.
Phone serial no. x x x x x x ? ? x x x x x x x

IF the Seventh & Eighth digits of your cell phone are 02 or 20 this means your cell phone was assembled in Emirates which is very Bad quality.

IF the Seventh & Eighth digits of your cell phone are 08 or 80 this means your cell phone was manufactured in Germany which is fair quality.

IF the Seventh & Eighth digits of your cell phone are 01 or 10 this means your cell phone was manufactured in Finland which is very Good.

IF the Seventh & Eighth digits of your cell phone are 00 this means your cell phone was manufactured in original factory which is the best Mobile Quality.

IF the Seventh & Eighth digits of your cell phone are 13 this means your cell phone was assembled in Azerbaijan which is very Bad quality and also dangerous for your health.

REDHAT LINUX TREE