Hacking.BaBa

How to Hack Any Facebook Account...Again!

How to Hack Any Facebook Account...Again!

just to clarify there is no need for any installed apps on the victim's account, Even if the victim has never allowed any application in his Facebook account I could still get full permission on his a…

13 Mar 2013

Kali Linux Released by BackTrack Team With 300+ Hacking Tools

<div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: justify;">Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">After a year of silent development, we are incredibly proud to announce the release and public availability of “Kali Linux“, the most advanced, robust, and stable penetration testing distribution to date.</div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjggASckeiYPpVQYK0M4hdMIGEPcrEItkBf57qSx0-_JkdHpQKMvJvEl3FoBKsRjsxTpooHAH0DSfmrebk_Rd_RX0DiiotL7le68EoED1Sg4QTY-CPkwezEig9BTFmh-n_edJgNaZoZLXN/s1600/kali+linux.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjggASckeiYPpVQYK0M4hdMIGEPcrEItkBf57qSx0-_JkdHpQKMvJvEl3FoBKsRjsxTpooHAH0DSfmrebk_Rd_RX0DiiotL7le68EoED1Sg4QTY-CPkwezEig9BTFmh-n_edJgNaZoZLXN/s400/kali+linux.jpg" width="400" /></a></div><br />Kali is a more mature, secure, and enterprise-ready version of BackTrack Linux. Trying to list all the new features and possibilities that are now available in Kali would be an impossible task on this single page. We therefore invite you to visit our new<a href="http://www.kali.org/" target="_blank"> Kali Linux Website</a> and <a href="http://forums.kali.org/" target="_blank">Kali Linux Documentation</a> site to experience the goodness of Kali for yourself.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpDrAzCsyHOiy9NoyEXjfsX_yQdS1QwlTxG5nmtfwxDffoCJx_C8_7yPCqocccfQxR5GJb92PHWmvHUSmPp226knLBOWSJXQpt8s9irp2EA_z-MuguEXHy0E9_u1xJu_YfVMn4u1yFfLHa/s1600/kali+linux+some+thing+new.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpDrAzCsyHOiy9NoyEXjfsX_yQdS1QwlTxG5nmtfwxDffoCJx_C8_7yPCqocccfQxR5GJb92PHWmvHUSmPp226knLBOWSJXQpt8s9irp2EA_z-MuguEXHy0E9_u1xJu_YfVMn4u1yFfLHa/s1600/kali+linux+some+thing+new.jpg" /></a></div><br />We are extremely excited about the future of the distribution and we can’t wait to see what the BackTrack community will do with Kali. Sign up in the new Kali Forums and join us in IRC in #kali-linux on irc.freenode.net and help us usher in this new era.<br /><br /><div style="text-align: center;"><b>Demo:</b> <a href="http://vimeo.com/57742213">http://vimeo.com/57742213</a></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><b><span style="color: red;">Download Link:</span></b> <a href="http://www.kali.org/downloads/">http://www.kali.org/downloads/</a></div><br /></div><a class="twitter-follow-button" data-show-count="false" href="https://twitter.com/thehackersmedia">Follow @TheHackersMedia</a><script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script></div>

Kali Linux Released by BackTrack Team With 300+ Hacking Tools

Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of th…

13 Mar 2013

ARP Poisoning - FULL EXPLANATION

<div dir="ltr" style="text-align: left;" trbidi="on">Being one of the most active members in this WiFi board I can see that a  lot of people don't understand this in depth but they only know why are  we using it and what is the result. In this thread I will explain to  all of you that already know something about this and to all of you that  doesn't know a thing for this what exactly is ARP and ARP Poisoning. In  this thread I will explain what actually happens in the background of  the attack.<br /><br /><b style="color: black;"><span style="font-size: small;"></span></b><br /><div style="text-align: center;"><b style="color: black;">What is ARP ?</b></div><br /><br />ARP Poisoning is one of the most famous network hacking attacks but only  a few people understand what happens in the background. In order to  understand this attack better first I will explain what exactly is ARP.  ARP or Address Resolution Protocol is a network protocol that resolves  IP addresses to MAC addresses. It is a protocol that connects the  Logical Addressing(IP) with the Physical Addressing(MAC) of the  networking scheme. In networking you have Layers. Imagine them as  different levels. Each layer/level has his own job. These are the 7  Layers according to the OSI Model:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTKLoPPUqF7erCDioVreyhHnc2nFPZnQ5ZSbqfiCjYXZkNDkMn-ypKOxVsoGckBIcjEiQNeqoiGoKIF-CVs79Hh3zGfnyo0Ddf1MPAV8P0w_4UIOAHIG909VMFsdniF-s9Vu9eKoKRyp8V/s1600/osi-model.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTKLoPPUqF7erCDioVreyhHnc2nFPZnQ5ZSbqfiCjYXZkNDkMn-ypKOxVsoGckBIcjEiQNeqoiGoKIF-CVs79Hh3zGfnyo0Ddf1MPAV8P0w_4UIOAHIG909VMFsdniF-s9Vu9eKoKRyp8V/s1600/osi-model.jpg" /></a></div> The Address Resolution Protocol is between the NETWORK LAYER and the  DATA LINK LAYER. I know that this looks a bit strange for those of you  who haven't worked with networking but if you read a bit about the  layers you will understand it better. So once again... ARP is in charge  of RESOLVING IP ADDRESSES TO MAC ADDRESSES. <br /><br /><b><span style="color: black;"><span style="font-size: small;"></span></span></b><br /><div style="text-align: center;"><b>ARP Poisoning</b></div><span style="font-weight: bold;"><br /></span><br />Now that you understand what ARP is I can explain the ARP poisoning to  you. I am not sure when exactly but people found a way to trick the ARP.  Actually ARP Poisoning is a process where we send a fake or "spoofed"  ARP messages to a LAN. Those actually resolve the gateway IP address to  our MAC address. There for all the traffic that is meant to be for the  gateway goes through US ( this is not the UNITED STATES !!! <img alt="Roflmao" border="0" src="http://cdn2.hackforums.net/images/blackreign/images/smilies/roflmao.gif" style="vertical-align: middle;" title="Roflmao" /> ). So actually what we do is we tell the gateway that we are the slave  and we tell the slave that we are the gateway. Illustrated it looks like  this:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJdRve-_d0ZVzHhua6iaU6T9YeF9byWISQMn0IP2JFUuyEQV-SOWeA_-yMXKKd-_83eeWd2e9nWbKwPNrbZbeySk61gmocSYP_EjJ2wUeh2SrXeYPV6XR1E5vgRL1JOlR7Hmmc0H1X7rru/s1600/arp-spoofing.png" imageanchor="1"><img border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJdRve-_d0ZVzHhua6iaU6T9YeF9byWISQMn0IP2JFUuyEQV-SOWeA_-yMXKKd-_83eeWd2e9nWbKwPNrbZbeySk61gmocSYP_EjJ2wUeh2SrXeYPV6XR1E5vgRL1JOlR7Hmmc0H1X7rru/s1600/arp-spoofing.png" width="640" /></a></div> In this image the attacker performed ARP poisoning between 2 users on  the networks. Therefor each traffic that is from slave A for slave B  will first go through the attacker and then he will resend it to its  original destination. And vise versa. Each traffic from slave B for  slave A goes through the attacker. That is why ARP Poisoning is used for  sniffing. All the traffic goes through you and you can analyze the  packets passing by with no problems.<br /><br /><br /><br /></div>

ARP Poisoning - FULL EXPLANATION

Being one of the most active members in this WiFi board I can see that a lot of people don't understand this in depth but they only know why are we using it and what is the result. In this thread I …

13 Mar 2013

Pakistani Student Rewarded by $500 USD for detecting HTML Injection Vulnerability in Facebook

<div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: justify;"><b>Haider Mehmood Qureshi, an independent security researcher from Islamabad has been rewarded with $500 for detecting HTML Injection Vulnerability in Facebook.</b> </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">According to Haider, Facebook was vulnerable in HTML code, their are some serious <span style="background-color: white; color: #333333; line-height: 17px; text-align: left;"><span style="font-family: inherit;">Remote HTML injection. </span></span><span style="color: #333333; line-height: 17px; text-align: left;">Remote User was able to add any brand Name and Radio buttons, hence allowing Remote HTML injection. It was as simple as it sounds. The issue can also cause adding junk/spam entries into the database.</span></div><div style="text-align: justify;"><span style="background-color: white; color: #333333; line-height: 17px; text-align: left;"><span style="font-family: inherit;"><br /></span></span><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEYr_N_xRVXjeFMFwOaxlls7QhRVlw7ZlRwd1RmXSKaiGcGoh7PdljYKTyjXHHsvzEXqrBWJtyv21vDLkGeMfNkv6dS7j0TjpnfLpovw0kZtd812gbDw-ZQQ9TtBvtboUjm_jhC3u96-2O/s1600/facebook.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEYr_N_xRVXjeFMFwOaxlls7QhRVlw7ZlRwd1RmXSKaiGcGoh7PdljYKTyjXHHsvzEXqrBWJtyv21vDLkGeMfNkv6dS7j0TjpnfLpovw0kZtd812gbDw-ZQQ9TtBvtboUjm_jhC3u96-2O/s400/facebook.jpg" width="400" /></a></div><span style="background-color: white; color: #333333; line-height: 17px; text-align: left;"><span style="font-family: inherit;"><br /></span></span></div><div style="text-align: justify;"><span style="background-color: white; text-align: left;"><span style="color: #333333;"></span></span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><b>Bug details:</b></span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><b><br /></b></span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><u><i>Vulnerability title:</i></u> HTML Injection</span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><i><u>Vendor homepage:</u></i> http://m.facebook.com</span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><i><u>Remote/Local:</u></i> Remote</span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><u><i>Tested on:</i></u> Windows 7 64 bit Firefox browser (but should have worked on other OS and browsers (not sure about IE))</span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><i><u>Vulnerability Submitted on:</u> </i>12/1/2013</span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><i><u>Vulnerability Status:</u></i> FIXED</span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><br /></span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;">Vulnerable Parameter: <a href="https://m.facebook.com/survey.php?incorrect_brand&params=">https://m.facebook.com/survey.php?incorrect_brand&params=</a></span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><br /></span></div><div style="text-align: left;"><span style="color: #333333;"><b style="line-height: 17px;">Detail:</b><span style="line-height: 17px;"> Facebook mobile provides a survey to evaluate the mobile user experience as they surf Facebook mobile site. Here is the survey <a href="https://m.facebook.com/survey.php">https://m.facebook.com/survey.php</a> . While entering the mobile phone brands , it provides a list of brands in case you didn't type the correct brand.</span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 17px;"><br /></span></span></div><div class="separator" style="clear: both; text-align: center;"><span style="color: #333333;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZWG_HldfHGA-dTmN3AOpl_mZPwUcB1OpC5qL7fFfWG8YU1p_5lwIjQCHacu1PCcy7V86xmAbag266BXsjwDkKGHqra9eCKsZ0l3mN2yGDTAJnqoQVg60zmug4rguVhn3iLm3uZnvuyEJQ/s1600/parameters.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="319" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZWG_HldfHGA-dTmN3AOpl_mZPwUcB1OpC5qL7fFfWG8YU1p_5lwIjQCHacu1PCcy7V86xmAbag266BXsjwDkKGHqra9eCKsZ0l3mN2yGDTAJnqoQVg60zmug4rguVhn3iLm3uZnvuyEJQ/s640/parameters.jpg" width="640" /></a></span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;"><br /></span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;">The list that was provided contained their HTML code inside the parameter <a href="https://m.facebook.com/survey.php?incorrect_brand&params=">https://m.facebook.com/survey.php?incorrect_brand&params=</a>[HTML code of Brands and Radio Buttons]</span></div><div style="line-height: 17px; text-align: left;"><span style="color: #333333;">Remote User was able to add any brand Name and Radio buttons, hence allowing Remote HTML injection. It was as simple as it sounds. The issue can also cause adding junk/spam entries into the database.</span><br /><span style="color: #333333;"><br /></span><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIIS35-Txp8ukPHZVBHHnHsu-xIdZZYayH5p5sz6TYLcpCns-m-w44QmJmIngVlCbXUPHNGb5ab4bk_bOVjlmvShJJso5drTwiRJNqXbRLCpY_HIg4ZS2Oly8umbseckxporDa7iSaKysA/s1600/reply3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIIS35-Txp8ukPHZVBHHnHsu-xIdZZYayH5p5sz6TYLcpCns-m-w44QmJmIngVlCbXUPHNGb5ab4bk_bOVjlmvShJJso5drTwiRJNqXbRLCpY_HIg4ZS2Oly8umbseckxporDa7iSaKysA/s1600/reply3.jpg" /></a></div><br /></div><div style="text-align: justify;"><span style="background-color: white; color: #333333; line-height: 17px;"><span style="font-family: inherit;"><a href="https://www.facebook.com/stalinqureshi" target="_blank">Haider Mehmood Qureshi</a>, BS Computer Sciences Student from Comsats Intitute of information technology Islamabad. Started learning pentesting/hacking in 2009. Initially was into defacing, later realized to make Pentesting/security auditing as my career. His Friends motivated him to go for bug bounties. </span></span></div><div style="text-align: justify;"><span style="background-color: white; color: #333333; line-height: 17px;"><span style="font-family: inherit;"><b>Contact:</b> </span><span style="font-family: Courier New, Courier, monospace;">haidermehmoodqureshi@yahoo.com</span></span></div><div style="text-align: justify;"><span style="background-color: white; color: #333333; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 17px;"><br /></span></div><span style="background-color: white; color: #333333; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 13px; line-height: 17px;"><br /></span></div><a class="twitter-follow-button" data-show-count="false" href="https://twitter.com/thehackersmedia">Follow @TheHackersMedia</a><script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script></div>

Pakistani Student Rewarded by $500 USD for detecting HTML Injection Vulnerability in Facebook

Haider Mehmood Qureshi, an independent security researcher from Islamabad has been rewarded with $500 for detecting HTML Injection Vulnerability in Facebook. According to Haider, Facebook was vulnerab…

13 Mar 2013