(Hello friends I have created this page to keep all the people up to date about computer software,hacking,cracking,its components and other lots of fun stuff. So all those people who want to be up to date about computer info its the right place for them)
Sunday, 4 November 2012
How To Hack Windows 7 And Bypass Firewall And Kaspersky Antivirus
This summary is not available. Please
click here to view the post.
Hijacking Facebook Users With Clickjacking Attack
Hijacking Facebook Users With Clickjacking Attack
Clickjacking is one of most used attack on Facebook. Scammers use this attack to increase like of a Facebook page and spread some malicious links on Facebook user’s profile. Most of the strange looking auto spreading scams on Facebook are Clickjacking attacks.
Clickjacking name is taken from click Hijacking. In this attack, hacker hijacks users’ click to perform some actions on the webpage. This attack is also known as User Interface redress attack, UI redress attack or UI redressing. In this attack, hacker tricks innocent users to click on something which is not the same thing user is clicking. It means user tries to click on some link button for some specific task while the button or link performs something else.
How this attack works?
As the name suggest, hacker hijacks the click of the user. But this sounds complicated. In this attack, hacker use modified frames in the way that only a specific part of the webpage is visible on the page.
For example, imagine a hacker created a web site that has a button on it which says "click here for get free gifts". But, on the top of web page, hacker has embedded an iframe with a button for subscription directly on top of the "free Gifts" button. Victim visitor will try to click on free gifts button but instead actually clicked on the invisible Subscription button.
This attack is performed with the help of 2 iFrame. First of all we will add the target button to the top left of the webpage in an iframe. First IFrame is used to hide all other elements of the webpage which originally contains the button. Hacker hide border and scroll. This will make hard to identify the frame on the web page.
<iframe id="inner" src="http://hackingtricks.in" frameborder="none" scrolling="no" width="1000" height="3000"></iframe>
#inner { position: absolute; left: -600px; top: -600px ;}
Change the position and iframe size according to the button you are adding.
Now add this web page on target web page inside an IFrame at the position where we want to add the button. Second IFrame is used to add this button on the target web page where we want it to be clickjacked. Do not use border and scroll in this frame too. Now add some texts and images around this framed button so that it appears the part of the page. Also put some false message to get users click on the button.
LikeJacking: Likejacking is not the different attack. It is the Clickjacking attack which is used to increase the like of a Facebook page or a Facebook post. Facebook got the solution to prevent this attack in the Facebook’s hacking event Hackathon. Although, Facebook has implemented many security levels to prevent this attack, but hackers always gets some way to perform this on facebook.
Protection against this attack: This is a harmful attack and can be prevented by server side and client side both.
Server Side Protection: Most successful server side protection against this attack is "Defending with Frame Breaking Scripts." In this web developer add a script on the web page which prevents the web page to be framed. This is the code which is used to prevent the page to be framed.
<script type="text/javascript">// <![CDATA[
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
// ]]></script>
But there are few methods which can break the protection.
Client Side Protections: There are some add-ons and tools available which are used to protect browsers against this attack.
NoScript: No doubt, NoScript is the most useful Firefox add-on which protects users from many types of web attacks. This add-on also prevents users from clicking on invisible or “redressed” page elements of embedded documents or applets. This is the best security tool against this attack.
Ghostery: This is also a nice browser extension which is also used to protect users against this attack. This privacy browser enables users to detect and control tags, web bugs, pixels, and beacons on the webpage which can collect data from their web browsers.
As we know that there is no permanent solution exists to prevent this attack from the server side, we should try to add protections to our web browsing. So I will suggest all users to use client side solutions. If you use Mozilla Firefox, then you must have NoScript Add-on in your web browser. This will protect you against many types of web attacks.
Author Bio:
Deepanker verma is a security researcher and a computer programmer. You can follow his articles on http://hackingtricks.in and http://www.tricksndtricks.in
Hack a Facebook password with winspy
Hack a Facebook password with winspy:
Steps to follow: First of all download Winspy keylogger software from link given below:
2. After downloading winspy keylogger to hack Facebook account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.
3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.
4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.
5. Now, Winspy’s main screen will be displayed as shown in image below:
6. Select Remote at top, then Remote install.
7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.
.user - type in the victim’s name
.file name - Name the file to be sent. Use the name such that victim will love to accept it.
.file icon - keep it the same
.picture - select the picture you want to apply to the keylogger.
In the textfield of “Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another emailaccount id,my sugession is using a Gmail id
Thats it. This much is enough. If you want, can change other settings also.
8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Facebook account password.
Subscribe to:
Posts (Atom)