welcome to My site

Hack Instagram Account




nder of Break Security found the critical vulnerability in Instagram. Succesful hack allows attacker to access private photos and ability to delete victim’s photos, edit comment and post new photos.
1. Hijack Instagram accounts using the Instagram OAuth (https://instagram.com/oauth/authorize/)
2. Hijack Instagram accounts using the Facebook OAuth Dialog (https://www.facebook.com/dialog/oauth)
He reported a few issues to Instagram Include OAuth Attacks, But the acquisition didn’t closed yet and Facebook Security was unable to put their hands on security issues in Instagram, So I was waiting, Waiting like a good WhiteCollar, Then Facebook Security send me a message, They say even that they were unable to fix this issues because the acquisition didn’t closed yet, They will still payout for this vulnerabilities.
So, first, checked Instagram’s OAuth protocol: (http://instagram.com/developer/authentication/)
While researching Instagram’s security parameters, Nir noticed that Facebook Security had produced some impressive results in regard to their own Instagram OAuth vulnerabilities. They essentially blocked access to any and all files, folders, and subdomains by validate the redirect_uri parameter.
In addition, redirection was only allowed to go to the owner app domain.
Thus, hacker needed to locate some other way to get past their protection. Further complicating the issue was the fact that you can’t use a site redirection / XSS on the victim’s owner app. This is because you have no access to the files or folders on the owner app domain through the redirect_uri parameter.
Block Files Folders
For example:
Allow request:
https://apigee.com
Block requests:
Redirect_uri=https://www.breaksec.com
Redirect_uri=https://a.apigee.com/
Redirect_uri=https://apigee.com/x/x.php
Redirect_uri=https://apigee.com/%23,? or any special sign
As it stands, it appears that the redirect_uri is invulnerable to OAuth attacks.
While researching, I came upon a sneaky bypass. If the attacker uses a suffix trick on the owner app domain, they can bypass the Instagram OAuth and then send the access_token code to their own domain.
For instance:
Let’s say Nir app client_id in Instagram is 33221863xxx and my domain is breaksec.com
In this case, the redirect_uri parameter should allow redirection only to my domain (breaksec.com), right? What happens when we change the suffix in the domain to something like:
Breaksec.com.mx
In this example, the attacker can send the access_token, code straight to breaksec.com.mx. For the attack to be successful, of course, the attacker will have to buy the new domain (in this case, breaksec.com.mx).
PoC Bypass (Fixed By Facebook Security Team):
https://instagram.com/oauth/authorize/?client_id=33221863eec546659f2564dd71a8a38d&redirect_uri=https://breaksec.com.mx&response_type=token
Game Over.
Bug 2.
With this bug, Nir used the Instagram client_id value through the Facebook OAuth (https://www.facebook.com/dialog/oauth).
When you use the Instagram app, it can be integrated with Facebook.
For example:
When a user wants to upload their Instagram photos to Facebook, they allow this interaction and integration to take place.
Instagram Would like to access your public profile and friend list
Nir discovered that an attacker can use virtually any domain in the redirect_uri, next parameter. This was actually sort of baffling, and I don’t know why this happened, but it worked. You can literally use any domain in redirect_uri, next parameter via the redirect_uri in Instagram client_id.
This effectively allows the attacker to steal the access_token of any Instagram user,
With the access_token the attacker will be able to post on the victim behalf in his Facebook account, Access to his private friends list.
PoC (Facebook Already fixed this issue):
https://www.facebook.com/connect/uiserver.php?app_id=124024574287414&next=http://files.nirgoldshlager.com&display=page&fbconnect=1&method=permissions.request&response_type=token
Facebook Tricks

Facebook Tricks

Facebook Tricks

How To Trace Your Facebook Profile Visitors
Now here we found who recently visited your profile.
Follow below steps to know your FB recent visitors.
Step 1) Go to your Facebook Profile Page.
Step 2) Now Press Ctrl + U from your keyboard for see source code of your profile page.
Step 3) Now press Ctrl + F from your keyboard to open search box.
Step 4) Now search this code {“list”:
Step 5) You find some Facebook Profile Ids are like shown below. Click on example image for zoom.
facebook-hacking
Step 6) There are some Facebook Profile Ids of your friends who visited recently.
Step 7) The first one ID’s are showing visits the most number of time.
Step 8) Now if your want to find out, Open a new tab Enter below link :
www.facebook.com/Facebook Profile Id
For Example : www.facebook.com/100001257992988
Enjoy The Trick.. ðŸ™‚
AVOID FRIEND REQUEST BLOCK
We usually send friend requests and if it’s not accepted it is kept in pending.
If there are lots of pending requests it may lead to block.
So this is a simple way to get those requests cancelled and protect your account from being blocked.
Follow below steps :-
1. Go to account settings.
2. Select `download a copy` option.
facebook-tricks
3. Choose `expanded archive` from the next page opened and enter your password and click continue.
4. Select `start my archive`.
5. After few hours you’ll get the download link in your email.
5. Download the file `facebook` and unzip it.
6. Open the folder html and then `friend_requests.htm­l`.
7. You can see the list of your friend requests and pending lists.
Now go to their accounts and click cancel request.
That’s all You are done now. Your account is safe.
Hacking Tools

Hacking Tools


WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 – WAST ] is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.
C4 – WAST gives users the freedom to select individual exploits and use them.
BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits.
WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others’ too for smooth working of exploits included in it.

The Mole: Automatic SQL Injection Exploitation Tool 
the-mole
Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a Boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. Read more

Sqlninja 0.2.6
sql-ninja
Features:
>> Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
>> Bruteforce of ‘sa’ password (in 2 flavors: dictionary-based and incremental).
>> Creation of a custom xp_cmdshell if the original one has been removed
>> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).
>> TCP/UDP portscan from the target SQL Server to the attacking machine, in order
to find a port that is allowed by the firewall of the target network
and use it for a reverse shell.
>> Direct and reverse bindshell, both TCP and UDP
>> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse
shell but the DB can ping your box.
>> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for
a direct/reverse shell, but the DB server can resolve external hostnames
(check the documentation for details about how this works).
>> Evasion techniques to confuse a few IDS/IPS/WAF.
>> Integration with Metasploit3, to obtain a graphical access to the remote DB
server through a VNC server injection.

HexorBase – The DataBase Hacker Tool
To Audit Management and Multiple Databases
hexorbase
HexorBase is a database application designed for management and audit multiple database servers simultaneously from a single location, is able to perform SQL queries and brute force attacks against servers common database ( MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).
This tool is simple to use and very practical, may have to know a little SQL, but the basics.
HexorBase runs on Linux and presumably Windows, and requires:
python-qt4 python python-MySQLdb cx_Oracle python-psycopg2 python-python-qscintilla2 pymssql
To install it you must download and from the console:
root @ host: ~ # dpkg-i hexorbase_1.0_all.deb
Project website and download HexorBase:

Net Tools 5.0 (Net Tools 5.x)
This tools is a hacker friendly. Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It’s an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields. Net Tools is mainly written in Microsoft Visual Basic 6, Visual C++, Visual C# and Visual Studio .NET.
There are 175 tools list in one software.. Tools Content

ARPwner – ARP & DNS Poisoning Attack Tool
ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of SSLstrip and is coded in python.

Intercepter Sniffer
Intercepter is a sniffer tool which offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/
WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/
AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.

Havij v1.15 Advanced SQL Injection
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
havij

Ani-Shell
anishell
Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.
Customization
1. Email Trace back is set to Off as default and emails will not be sent , If you are setting this feature on make sure you change the default email address (lionaneesh@gmail.com) to Your email address , Please Change it before using.
2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better security.
3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed.
Default Login
Username : lionaneesh
Password : lionaneesh
Features
Shell
Platform Independent
Mass – Mailer
Small Web-Server Fuzzer
DDoser
Design
Secure Login
Deletion of Files
Bind Shell
Back Connect
Fixed Some Coding errors!
Rename Files
Encoded Title
Traceback (Email Alerts)
PHP Evaluate
Better Command Execution (even supports older version of PHP)
Mass Code Injector (Appender and Overwriter)
Lock Mode Customization
Latest Version Addition
Mail Bomber (With Less Spam detection feature)
PHP Decoder
Better Uploader
Fixed some Coding errors

SQL MAP 0.9 
sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine.
Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Its a good tools for find Sql Vulnerability.
New Features/Changes–>
Rewritten SQL injection detection engine (Bernardo and Miroslav).
Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
Implemented support for Firebird (Bernardo and Miroslav).
Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
Added support to fetch unicode data (Bernardo and Miroslav).
Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.

DRIL – Domain Reverse IP Lookup Tool:
dril
DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key.
DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too.
There are various other tools which carry out similar tasks