How to run the NTO SQL Invader in Ubuntu/Backtrack or any other Linux?

We recently published a news about NTO SQL Invader tool in our Hacking News network ,a new SQL Injection vulnerability scanner and exploiting tool. 
You can download the tool from here:
http://go.ntobjectives.com/l/8672/2011-12-01/DRMN

In order to get the application , you have to enter your email address. They will send the link to the application.I got only NTOSQLInvader_Setup.exe file. I think you know that “.exe” files works only in Windows.(You can also run the .exe files in Linux using Wine Application).

So i installed the application the in Windows xp. When i launched the application , GUI is familiar one for me. Yes, it is written in Java. If it is written in java, then there will be .jar file inside the .exe file. So i extract it and get the jar file (jar files can be run in any OS , if you installed JRE ).

How to run the SQL Invader in Linux?
Requirements:
JRE 1.4 or 1.5 or 1.6 version

Step 1:
Download the .exe file from the given link. 
Place it in desktop.

Step 2: 
Right click on the NTOSQLInvader_Setup.exe file and click the extract here .

Now you can find a NTOSQLInvader_Setup folder in your desktop.

Step 3:
Open the folder ,there you can see three files . We are going to need “NTOSQLInvader.jar ” file only. So delete other two files.

Step 4:
That’s all , copy the .jar file anywhere else or leave it in Dekstop itself.
Double click the file it will start to run.
Enjoy the application in Linux also…!!

You can run the NTOSQLInvader.jar file alone in any operating system(windows,mac,…), if you installed JRE.

Read More

Bluetooth hacking: Essential tools.

Bluetooth is one of the most rapidly growing connection technology. If you are someone who is planning to gain better understanding of Bluetooth Security, you will need some essential tools. This article lists down the Essential Bluetooth Hacking Tools.

1.) BlueScanner: BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device.

2.)BlueSniff: BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices.

 3.) BTBrowser: Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 – the Java Bluetooth specification. .

4.) BTCrawler: BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks.

5.) BlueBugger: BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information..

6.) CIHWB: Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack.

7.) Bluediving: Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode..

8.) Transient Bluetooth Environment Auditor: T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools.

9.) Bluesnarfer: Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data.

10.) BTcrack: BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges.

11.) Blooover II: Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable.

12.) BlueTest: BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices.

13.) BTAudit: BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices.

Read More

How- To Bypass the Passwords in Windows

This post is about an interesting hack to bypass the login passwords in Windows. Application of this hack will result in Windows logging you on everytime as a certain user Follow the steps mentioned below to apply this trick

• Click Start -> Run.
• Type Control userpasswords2
• Press Enter.

• Click to uncheck the box labelled ‘ Users must enter a user name and password to use this computer’.
• Press OK.

• Enter the username and password in the box that appears.
• Click OK.

Read More

How to hack Facebook account ?

Hai friends today I will tell a facebook account hacking method which work’s surely above 80%. Here we trying to Phishing the facebook website through email. Its simply known as Smart Phishing With Email Trap.

This smart phishing is almost undetedable because we send HTML mails to the victim with same header as that of original mails by email address that looks similar to original one. And ask user to join some Group or watch video or read comment etc.. So its quite easier to exploit fact.

Here is the steps for Hack Facebook Passwords or Accounts ?

Step 1.First you have to download the Facebook phisher.

Download

Step 2. Then Extract the rar file now you will get two files as given below:

• index.html

• write.php

Step 3. Now upload all the two files in any free webhosting server because since its cast free. No one want to spend money for hacking. On these servers try the username as nearer to original URL like faccbook or fecabook etc.

Step 4. You Now have done upload and now you have to send these to your victim.Now you reach most important step of smart email phishing.

Here is some sample for your better understand

This the sample email that comes to your email account from facebook.

Now You have to edit this mail. Open this email and click on forward now you will see this email in editable mode now remove the forwarded headers etc and forward from Header.

Remember your Name in Gmail must be Facebook and email account should be like noreplyfacebook@gmail.com etc… Now you have to put the Fake link of index.html file which you have got after uploading in a web hosting server in place of Two exploit points.Mind it always put link in href and original text should be as such. And also try to keep the link as much as closer to facebook original link.

Step 5. After sending phisher to victim, once the user logs in to his Facebook account using your Phisher, his user ID and password are saved in our hosting folder as a text file..And these are stored in passes.txt What you have to do is just refresh your Web hosting account files.

Step 6. And that file will contain the passwords and look like this:

Read More