15 Hidden Android Features You Should Know

While Android has matured by leaps and bounds, it's still going through the refinement phase. Over time, Google has both added and removed many popular features in Android. Sometimes the features are completely removed. However, in many cases, they make it to the Settings page or they are buried under different hidden places inside Android. That's why we have come up with this article where we unearth 15 hidden Android features that are quite interesting and helpful. So, let's go ahead and explore some unique Android features which are available on our Android devices.

Hidden Android Features

Here, we have mentioned several hidden Android features ranging from privacy, security, ease of use and more. Further, we have also added some obscure Android features which were released recently but might have gone under the radar. Now with that said, here are the hidden Android features that you should know and use often.

1. Block Spam Calls

The one feature that I turn on whenever I set up a new Android device is: filter spam calls. It saves me from unwanted calls by telemarketers, fraudsters and spammers. If you use a stock Android device, you must have the Phone app by Google installed as your default dialer. To enable spam call blocking, open the Phone app and tap on the three-dot menu on the top-right corner and open Settings. After that, open "Caller ID and spam" and enable both the toggles. Now, whenever you will receive a call by spammers, the screen won't light up or make any sound. It's almost like DND with Total Silence turned on.

If you are worried that you will miss important calls then fret not. I have been using this feature for a long time and I can vouch that it works flawlessly. While there are other apps like Truecaller with similar features, you should be wary against handing your data to third-party apps, especially given its shady past record.

2. Verification Code Autofill

Many of us have allowed SMS permission to multiple apps for seamless OTP verification. However, this can lead to serious breach as apps can read all your text messages and also build credit profile without your consent. To crack down on this behavior, Google has brought a new API called the SMS Retriever. It allows apps to capture a one-time code without asking for SMS permission. In case, the app developer has not implemented this API, Google will act as a bridge and provide the verification code. That is awesome, right? So to enable this feature, navigate to Settings -> Google -> Verification Code Autofill and enable the toggle. Make sure you have also enabled the Autofill service by Google.

3. Force Dark Mode on all Apps

While the dark mode is slowly becoming the norm, there are still apps like Facebook and WhatsApp which are yet to embrace the dark side. If you want to force dark mode on a range of apps then there is a hidden Android setting that lets you do it. However, you must be on the latest Android 10 build. To enable dark mode for all the apps, navigate to Settings -> About Phone and tap on the Build Number for seven times continuously. A toast notification will show up prompting "Developer Options have been enabled". Now go back, and search for "Override force-dark" in the Settings page. Tap on the first result and then enable the toggle. Just to be sure, restart your device and check if dark mode is working on all apps.

4. Focus Mode

Google has brought a new feature called Focus Mode to Digital Wellbeing with the launch of Android 10. While Digital Wellbeing is great at limiting the screen time of various apps, Focus Mode allows you to block certain apps completely so you can focus on what you are doing. To configure Focus Mode, follow Settings -> Digital Wellbeing -> Focus Mode. Here, you can select apps that you find distracting and can enable Focus Mode straight from the Quick Settings panel.

5. Share WiFi with QR Code

I know the feeling when someone asks you to share your WiFi's password and you can't seem to remember it. If you use a strong password with multiple hashes and characters then it becomes even more tedious to type it out. In such cases, a QR code can help you seamlessly connect to WiFi networks. Thankfully, Android 10 has this not-so-hidden feature under the WiFi Settings page. Open it and you will find the QR code scanner besides the "Add Network" section. Now, scan the QR code and you will be connected in no time.

6. Randomize MAC Address

MAC address is a unique identifier assigned to WiFi-enabled devices including smartphones. Most devices come with a static MAC which can be exploited and used for tracking user movement. So having a random MAC address reduces the chance of tracking and strengthens your privacy. If you are running Android 10 then you can randomize the MAC address from the WiFi Settings page. Tap on the WiFi that you are connected to and open "Privacy". Here, make sure "Use randomized MAC" is your default pick.

7. Force Apps to Resize in Split Mode

Android has some unique features like Split Mode which make it quite distinct from iOS. It lets you run two apps at once so you can effortlessly multitask between them. However, not all apps support Split Mode and that's where this hidden Android feature comes into play. With this feature, you can force any app to resize in split mode, irrespective of the app compatibility. So to enable this feature, open Settings and search for "resizable". Open the first result and enable "Force activities to be resizable". Now, restart your device and you can enjoy any app in the Split mode.

8. Default USB Configuration

If you are someone who regularly connects Android devices to PC then this sneaky feature is going to help you a lot. Android 10 now allows you to choose your default USB configuration. If you transfer files regularly then simply choose the desired settings and you are good to go. To configure USB, open Settings and search for "Default USB" and tap on the first result. Here, choose "File transfer" or any other settings based on your preference.

9. Private DNS

While Private DNS was launched with Android Pie, it still remains one of the least talked features of Android. It allows you to encrypt your DNS query so no one can read it, not even your internet service provider. You can find the Private DNS feature in the "Network and Internet" settings page. Here, open "Private DNS" and choose Automatic for Google's DNS or you can also select some other DNS providers as well. I would recommend you to go with Cloudflare's DNS.

10. Device Theming

Device theming has finally arrived on Android, but it's still hidden under the developer options. You can change the accent color, font and icon shape from a handful of options. To find the desired settings page, open Settings and search for "theming". Tap on the top result and customize your Android device as you prefer.

11. Show Taps While Screen Recording

With the release of Android Oreo, Google removed the ability to show taps while screen recording for security reasons. However, the settings to configure taps is still available and hidden under the developer options. Just open the Settings page and search for "taps". Open the first result and enable the toggle. Now, you can record your screen with taps and that's really convenient.

12. Capitalize Words Quickly

If you want to capitalize words quickly then Gboard has this nifty feature which is super helpful and I simply love it. Just select the words and tap the "Shift" button twice to capitalize a chunk of words at once. You can also make it lowercase by similarly double tapping the shift button. And if you just want to keep the initials capital then tap the shift button once. That's pretty great, right? So go ahead and type hassle-free with Gboard.

13. Uninstall Multiple Apps

One of the best hidden Android features is that you can uninstall multiple apps at once. It works on older versions of Android as well so that is great. All you have to do is open the Google Play Store and tap on the hamburger menu and select "My apps and games". Here, switch to the "Installed" section and then tap on "Storage". After that, simply select apps that you want to uninstall and hit that "Free Up" button. Voila, multiple apps just got uninstalled in just one tap.

14. Clear Site Storage Using Chrome

Chrome is notorious for accumulating a large amount of data in background which makes the performance worse and also takes up crucial storage space. If you want to check what websites are eating up your memory space then a hidden Chrome setting can help you with that. Open Chrome on your Android device and head over to its Settings page. Now, navigate to Site Settings and open Storage. Here, you will find all the websites with their storage space. Open any website and tap on the "Delete" icon to finally free up your internal storage from unnecessary cached data.

15. Street View Layer in Google Maps

Street View is an immersive way to explore places and find new landmarks, hotels, restaurants from anywhere around the world. Now, the Street View Layer has been added to Google Maps and it works pretty well. To check if Street View is available in your region, open Google Maps and tap on the "layer" icon on the top-right corner. Now, tap on "Street View" icon and then zoom out to find blue lines on the map. Finally, tap on the blue lines and Street View will show up for that place. That's cool, right? So go ahead and check out Street View to find some hidden gems around the world.

Note: The blue lines show up wherever street view is available.

@EVERYTHING NT

More info

• Hacking Web
• Aprender Hacking Desde Cero
• Chema Alonso Libros
• Curso Hacker
• Hacking Linkedin
• Hacking Con Buscadores
• Life Hacking
• Raspberry Hacking
• Codigo Hacker

What Is Cybersecurity And Thier types?Which Skills Required To Become A Top Cybersecurity Expert ?

What is cyber security in hacking?

The term cyber security  refers to the technologies  and processes designed  to  defend computer system, software, networks & user data from unauthorized access, also from threats distributed through the internet by cybercriminals,terrorist groups of hacker.

Main types of cybersecurity are

Critical infrastructure security

Application security

Network Security 

Cloud Security 

Internet of things security.

These are the main types of cybersecurity used by cybersecurity expert to any organisation for safe and protect thier data from hack by a hacker.

Top Skills Required to become Cybersecurity Expert-

Problem Solving Skills

Communication Skill

Technical Strength & Aptitude

Desire to learn

Attention to Detail 

Knowledge of security across various platforms

Knowledge of Hacking

Fundamental Computer Forensic Skill.

These skills are essential for become a cybersecurity expert. 

Cyber cell and IT cell these are the department  in our india which provide cybersecurity and looks into the matters related to cyber crimes to stop the crime because in this digitilization world cyber crime increasing day by day so our government of india also takes the immediate action to prevent the cybercrimes with the help of these departments and also arrest the victim and file a complain against him/her with the help of cyberlaw in our constitution.

More information

1. Aprender Seguridad Informatica
2. Blog Seguridad Informática
3. Que Es Growth Hacking
4. Phone Hacking
5. Software Hacking
6. Manual Del Hacker
7. Como Aprender A Hackear Desde Cero

Kali Linux VM Installation And Setup

Preface

From time to time I realize that certain tasks that are trivial for me are not necessarily easy for others, especially if they are just getting started with IT security stuff.

As I am going to be a Facilitator at SANS Munich 2015 on SEC 401, plus we have a few people at work who are just dipping their toe into the wonderful world of Kali Linux, it seemed like a good opportunity to make a short getting started / installation guide on the Kali VMWare VMs that you can download and quickly get started.

On top of that, when I check the statistics of the blog, I always see that the most popular posts are the detailed howtos and tutorials and I assume that it is because there is a need for this kind of posts too, so here it goes! :)

Step -1: Check in your BIOS/UEFI if virtualization is enabled

We are going to use virtualization, so it would be nice to enable it, right?

In BIOS/UEFI menus this is somewhere around "Security" and/or "Virtualization" and it is something like "Intel (R) Virtualization Technology" and "Intel (R) VT-d Feature" that needs to be set to "Enabled".

Step 0: Install VMWare Player or VMWare Workstation

The Kali Linux VMs are VMWare-based, so you need to install VMWare Player (free), VMWare Workstation (paid) or VMWare Fusion (paid, for OS-X).

The more desirable choice is to use VMWare Workstation or VMWare Fusion, as they have a Snapshot feature, while with VMWare Player, you are forced to take a full copy in order to have a sort of rollback feature.

Step 1: Download Kali VM

We need to download the Kali VMs from the "Custom Kali Images" download site, where you can find a 64 bit (amd64) and a 32 bit PAE (i686) too.

There are also Torrent files for the images and based on experience, using Torrent is much more faster and reliable than the HTTP download, so if you can, use that!

Once you have downloaded the VMs, do not forget to check their SHA1 hash!!! On Linux, you can simply use the sha1sum command at a terminal. For Windows, you can use something like the MD5 & SHA Checksum Utility.

Step 2: Change Kali VM default root password

The Kali VM comes with a preset root password, which is "toor" (without the quotes), therefore, it has to be changed.

Here is how you do it:

root@kali:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Step 3: Change Kali VM default SSH keys

The Kali VM also comes with SSH preinstalled, so we need to change the SSH keys to avoid SSH MiTM attacks.

Here is how you do it:

root@kali:~# cd /etc/ssh/
root@kali:/etc/ssh# mkdir default_kali_keys
root@kali:/etc/ssh# mv ssh_host_* default_kali_keys/
root@kali:/etc/ssh# dpkg-reconfigure openssh-server
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
insserv: warning: current start runlevel(s) (empty) of script `ssh' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `ssh' overrides LSB defaults (empty).

Now we can check if the keys are really changed:

root@kali:/etc/ssh# md5sum /etc/ssh/*key*
md5sum: /etc/ssh/default_kali_keys: Is a directory
6abe210732068fa7ca95854c3078dba5  /etc/ssh/ssh_host_dsa_key
1b5f3c1a1b5c48cc3cce31b116e8b6f8  /etc/ssh/ssh_host_dsa_key.pub
8f0f60855e5ab8cac8103d64faab090f  /etc/ssh/ssh_host_ecdsa_key
aace49ae9236815c9a1672f8ecb2b1e2  /etc/ssh/ssh_host_ecdsa_key.pub
cf861a9f743fb4584ab246024465ddf1  /etc/ssh/ssh_host_rsa_key
d5d65d8ad023a6cb1418ae05007bc6d3  /etc/ssh/ssh_host_rsa_key.pub
root@kali:/etc/ssh# md5sum /etc/ssh/default_kali_keys/*key*
c8d5b82320a4ddde59d0e2b6d9aad42a  /etc/ssh/default_kali_keys/ssh_host_dsa_key
6b12ddecd463677cde8097e23d0f219a  /etc/ssh/default_kali_keys/ssh_host_dsa_key.pub
fecf056571a3dfbf3635fc2c50bf23c5  /etc/ssh/default_kali_keys/ssh_host_ecdsa_key
e44b7c50635de42e89b3297414f5047d  /etc/ssh/default_kali_keys/ssh_host_ecdsa_key.pub
e9e0267484e020878e00a9360b77d845  /etc/ssh/default_kali_keys/ssh_host_rsa_key
ceee93d7bbc9f9b9706e18f23d4e81f1  /etc/ssh/default_kali_keys/ssh_host_rsa_key.pub

See http://www.blackmoreops.com/2014/06/19/kali-linux-remote-ssh/ for more info on this.

Step 4: Update Kali VM

Next you need to update your Kali VM so that everything is patched.

Here is how you do it:

root@kali:~# apt-get update
Get 1 http://http.kali.org kali Release.gpg [836 B]               
Get:2 http://security.kali.org kali/updates Release.gpg [836 B]
********************************* SNIP *********************************
Fetched 16.7 MB in 14s (1,190 kB/s)                                                                                                                                                    
Reading package lists... Done
root@kali:~# apt-get upgrade
eading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages have been kept back:
********************************* SNIP *********************************
The following packages will be upgraded:
********************************* SNIP *********************************
241 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
Need to get 740 MB of archives.
After this operation, 130 MB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://security.kali.org/kali-security/ kali/updates/main libc6-i386 amd64 2.13-38+deb7u7 [4,044 kB]
Get:2 http://http.kali.org/kali/ kali/main base-files amd64 1:1.1.0 [77.5 kB]       
********************************* SNIP *********************************
root@kali:~#

Step 5: Create a Snapshot/Copy the VM

Once you are done with all the above, you can make a Snapshot in case of VMWare Workstation or copy the files of the VM in case of VMWare Player, so that you can roll back to this clean stat in case you misconfigure something.

Hope this was helpful. Happy hacking!

More information

• Grey Hat Hacking
• Blog Seguridad Informática
• Growth Hacking Marketing

PKCE: What Can(Not) Be Protected

This post is about PKCE [RFC7636], a protection mechanism for OAuth and OpenIDConnect designed for public clients to detect the authorization code interception attack.

At the beginning of our research, we wrongly believed that PKCE protects mobile and native apps from the so called „App Impersonation" attacks. Considering our ideas and after a short discussion with the authors of the PKCE specification, we found out that PKCE does not address this issue.

In other words, the protection of PKCE can be bypassed on public clients (mobile and native apps) by using a maliciously acting app.

OAuth Code Flow

In Figure 1, we briefly introduce how the OAuth flow works on mobile apps and show show the reason why we do need PKCE.
In our example the user has two apps installed on the mobile phone: an Honest App and an Evil App. We assume that the Evil App is able to register the same handler as the Honest App and thus intercept messages sent to the Honest App. If you are more interested in this issue, you can find more information here [1].

Figure 1: An example of the "authorization code interception" attack on mobile devices. 

Step 1: A user starts the Honest App and initiates the authentication via OpenID Connect or the authorization via OAuth. Consequentially, the Honest App generates an Auth Request containing the OpenID Connect/OAuth parameters: client_id, state, redirect_uri, scope, authorization_grant, nonce, …. 

Step 2: The Browser is called and the Auth Request is sent to the Authorization Server (usually Facebook, Google, …).

• The Honest App could use a Web View browser. However, the current specification clearly advice to use the operating system's default browser and avoid the usage of Web Views [2]. In addition, Google does not allow the usage of Web View browser since August 2016 [3].

Step 3: We asume that the user is authenticated and he authorizes the access to the requested resources. As a result, the Auth Response containing the code is sent back to the browser.

Step 4: Now, the browser calls the Honest App registered handler. However, the Evil App is registered on this handler too and receives the code.

Step 5: The Evil App sends the stolen code to the Authorization Server and receives the corresponding access_token in step 6. Now, the Evil App can access the authorized ressources.

• Optionally, in step 5 the App can authenticate on the Authorization Server via client_id, client_secret. Since, Apps are public clients they do not have any protection mechanisms regarding the storage of this information. Thus, an attacker can easy get this information and add it to the Evil App.

Proof Key for Code Exchange - PKCE (RFC 7636)

Now, let's see how PKCE does prevent the attack. The basic idea of PKCE is to bind the Auth Request in Step 1 to the code redemption in Step 5. In other words, only the app generated the Auth Request is able to redeem the generated code.

Figure 2: PKCE - RFC 7636 

Step 1: The Auth Request is generated as previosly described. Additionally, two parameters are added:

• The Honest App generates a random string called code_verifier
• The Honest App computes the code_challenge=SHA-256(code_verifier)
• The Honest App specifies the challenge_method=SHA256

Step 2: The Authorization Server receives the Auth Request and binds the code to the received code_challenge and challenge_method.

• Later in Step 5, the Authorzation Server expects to receive the code_verifier. By comparing the SHA-256(code_verifier) value with the recieved code_challenge, the Authorization Server verifies that the sender of the Auth Request ist the same as the sender of the code.

Step 3-4: The code leaks again to the Evil App.

Step 5: Now, Evil App must send the code_verifier together with the code. Unfortunatelly, the App does not have it and is not able to compute it. Thus, it cannot redeem the code.

 PKCE Bypass via App Impersonation

Again, PKCE binds the Auth Request to the coderedemption.

The question rises, if an Evil App can build its own Auth Request with its own code_verifier, code_challenge and challenge_method.The short answer is – yes, it can.

Figure 3: Bypassing PKCE via the App Impersonation attack

Step 1: The Evil App generates an Auth Request. The Auth Request contains the client_id and redirect_uri of the Honest App. Thus, the User and the Authorization Server cannot recognize that the Evil App initiates this request. 

Step 2-4: These steps do not deviate from the previous description in Figure 2.

Step 5: In Step 5 the Evil App sends the code_verifier used for the computation of the code_challenge. Thus, the stolen code can be successfully redeemed and the Evil App receives the access_token and id_token.

OAuth 2.0 for Native Apps

The attack cannot be prevented by PKCE. However, the IETF working group is currently working on a Draft describing recommendations for using OAuth 2.0 for native apps.

References

[1] http://mews.sv.cmu.edu/papers/ccs-14.pdf

[2] https://tools.ietf.org/html/draft-ietf-oauth-native-apps-06#section-8.1

[3] https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

Authors

Vladislav Mladenov
Christian Mainka (@CheariX)

Continue reading

1. Chema Alonso Wikipedia
2. Elladodelmal
3. Reddit Hacking
4. Best Hacking Games
5. Python Hacking
6. Growth Hacking Libro
7. Cómo Se Escribe Hacker
8. Hacking Books
9. Hacker Pelicula

RFCrack Release - A Software Defined Radio Attack Tool

RFCrack uses the following hardware with RFCat libraries:

YardStick One: 

https://goo.gl/wd88sr

I decided to cleanup my RF testing harness and release it as a tool named RFCrack

Mostly because it has been pain to set up use-case scenarios from scratch for every device I am testing. Rather then release a tool no one knows how to use. The below video will be a quick but comprehensive tutorial to get you started If you've been following the blogs, this will greatly simplify your testing, in the following ways:

• RFCrack handles all of your data conversions. 
• It allows you to capture, replay and save payloads for use anytime 
• It will handle rolling code bypass attacks on your devices. 
• You can jam frequencies and fuzz specific values 
• It will also allow you to scan specific frequencies in discovery mode or incrementally probe them 
• RFCrack will hopefully have keyless entry & engine bypass support in the near future

This is the first release, everything works as intended but there will be plenty of updates as I continue to do research and find reasons to add features needed for testing. I am still making changes and making it more flexible with modifiable values and restructuring code.  If you have any legitimate use case scenarios or need a specific value to be modifiable, hit me up and I will do my best to update between research, if its a legitimate use case.

You can reach me at:
Twitter: @Ficti0n
http://cclabs.io , http://consolecowboys.com

GitHub Code for RFCrack:

https://github.com/cclabsInc/RFCrack

Full RF Hacking Course in Development:

Not all of the attacks in the tool have been covered in the RF hacking blog series and a few more are in research mode, as such, not yet added to the tool but will probably be covered in a full length online class on Hacking with RF which includes all targets and equipment.  Send an email to info(at)cclabs.io if your interested.

Walkthrough Training Video:

Until Next time: 

Cheers, and enjoy the tool for your personal use testing devices, feedback and bug reports are appreciated.  I have another RF blog coming out shortly based on my friends research into hacking garages/gates and creating keyfobs.  I will post when its ready. 

Continue reading

• Hacking Net
• Tools For Hacking Wifi
• Android Hacking
• Hacking Wifi Kali Linux
• Paginas De Hacking
• Hacking Etico Pdf
• Black Hacker
• Como Hacker

EasySploit: A Metasploit Automation Bash Scripts To Use Metasploit Framework Easier And Faster Than Ever

About EasySploit: EasySploit is Metasploit automation tool to use Metasploit Framework EASIER and FASTER than EVER.

EasySploit's options:

• Windows --> test.exe (payload and listener)
• Android --> test.apk (payload and listener)
• Linux --> test.py (payload and listener)
• MacOS --> test.jar (payload and listener)
• Web --> test.php (payload and listener)
• Scan if a target is vulnerable to ms17_010 (EnternalBlue)
• Exploit Windows 7/2008 x64 ONLY by IP (ms17_010_eternalblue)
• Exploit Windows Vista/XP/2000/2003 ONLY by IP (ms17_010_psexec)
• Exploit Windows with a link (HTA Server)
• Contact with me - My accounts

EasySploit's installation
   You must install Metasploit Framework first.
   For Arch Linux-based distros, enter this command: sudo pacman -S metasploit

   For other Linux distros, enter these command to install Metasploit Framework:    And then, enter these commands to install EasySploit:

How to use EasySploit? (EasySploit video series tutorials)

Disclaimer about EasySploit:

   Usage of EASYSPLOIT for attacking targets without prior mutual consent is ILLEGAL. Developers are not responsible for any damage caused by this script. EASYSPLOIT is intented ONLY FOR EDUCATIONAL PURPOSES!!! STAY LEGAL!!!

You might like these similar tools:

• ISPY: Exploiting EternalBlue And BlueKeep Vulnerabilities With Metasploit Easier
• discover: A Custom Bash Scripts Used To Perform Pentesting Tasks With Metasploit
• Cloak: An Intelligent Python Backdoors Framework
• mkvenom: A simple Bash script to create msfvenom Payloads
• venom: Metasploit shellcode Generator/Compiler/Listener
• Metasploit AV Evasion: A Metasploit Payloads Generator can Bypass Anti-Virus
• Terminator: An Easy way to create Metasploit Payloads
• HackTheWorld: Generating Payloads to Bypass All Antivirus
• Andspoilt: Android Exploit Toolkit
• AutoSploit: An Automated Exploiting tool written in Python 2
• ezsploit: An Automated Linux bash script for Metasploit Framework
• TheFatRat: A Massive Backdoor creator and Exploiting tool

You can support KALI LINUX TRICKS from Patreon.

Download EasySploit

Read more

• Hacking Con Buscadores Pdf
• Hacking Iphone
• Growth Hacking Ejemplos
• Nfc Hacking
• Hacking Quotes
• Hacking Mac
• Que Es Hacker En Informatica
• Curso Hacking Gratis
• Hacker Profesional
• Hacking Pdf
• Tutoriales Hacking
• Hacker En Español
• Penetration Testing A Hands-On Introduction To Hacking
• Que Estudia Un Hacker
• Hacking Health
• Growth Hacking Sean Ellis

HOW TO HACK A FACEBOOK ACCOUNT? STEP BY STEP

Phishing is the way to obtain sensitive information such as usernames, passwords, and credit card details or any other confidential information, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by several ways like email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one. In this tutorial, I will be showing how to hack a facebook account through phishing.

SO, HOW TO HACK A FACEBOOK ACCOUNT?

There are few techniques by which you can hack a facebook account but here the easiest way we'll discuss.

REQUIREMENTS

1. Phisher Creator ( Fake page generator)
2. Hosting ( To host a fake page). Either you can purchase one or also can use free hosting like 110mb.com. But in free hosting, the account will be suspended after a few logins.

STEPS TO FOLLOW

1. Download phisher creator and run it.
2. As you run it, you'll see a screen like the shown below. Here you can type the fields as I have done. 
3. Once you hit the Create Phisher button, it'll create a fake facebook index page and fb_login.php file in the output folder.
4. Now you need to upload these both files index.html and fb_login.php to the hosting account.
5. After uploading the file, open the index.html file path. It will open up a page like same facebook page as you can see below.
6. We're all done, now we just need to copy the URL of our fake page and distribute it to the victims, you just have to trick them with your social engineering that how you convenience them to open this URL to login facebook. Once someone tries to login through your fake facebook page URL, you'll get their account username and password in the log_file.txt in the same directory of hosting where you have uploaded index.php and fb_login.php.

Hope it'll work fine for you and you have learned how to hack a facebook account. If you find any question or query related to this, feel free to comment below or you can also follow another way that might work well for you to hack facebook account.

Continue reading

1. Cosas De Hackers
2. Google Hacking
3. Como Aprender A Hackear
4. Phone Hacking
5. Foro Hacking
6. Growth Hacking Instagram
7. Google Hacking
8. Certificacion Ethical Hacking
9. Retos Hacking
10. Como Aprender A Ser Hacker
11. Hacking Attacks
12. Hacking Language
13. Hacking Time

What Is Keylogger? Uses Of Keylogger In Hacking ?

What is keylogger? 

How does hacker use keylogger to hack social media account and steal important data for money extortion and many uses of keylogger ?

Types of keylogger? 

===================

Keylogger is a tool that hacker use to monitor and record the keystroke you made on your keyboard. Keylogger is the action of recording the keys struck on a keyboard and it has capability to record every keystroke made on that system as well as monitor screen recording also. This is the oldest forms of malware.

Sometimes it is called a keystroke logger or system monitor is a type of surveillance technology used to monitor and record each keystroke type a specific computer's keyboard. It is also available for use on smartphones such as Apple,I-phone and Android devices.

A keylogger can record instant messages,email and capture any information you type at any time using your keyboard,including usernames password of your social media ac and personal identifying pin etc thats the reason some hacker use it to hack social media account for money extortion.

======================

Use of keylogger are as follows- 

1-Employers to observe employee's computer activity. 

2-Attacker / Hacker used for hacking some crucial data of any organisation for money extortion.

3-Parental Control is use to supervise their children's internet usage and check to control the browsing history of their child.

4-Criminals use keylogger to steal personal or financial information such as banking details credit card details etc and then which they will sell and earn a good profit. 

5-Spouse/Gf tracking-if you are facing this issue that your Spouse or Gf is cheating on you then you can install a keylogger on her cell phone to monitor her activities over the internet whatever you want such as check Whats app, facebook and cell phone texts messages etc . 

=====================

Basically there are two types of keylogger either the software or hardware but the most common types of keylogger across both these are as follows-

1-API based keylogger 

2-Form Grabbing Based Keylogger 

3-Kernal Based Keylogger 

4-Acoustic Keylogger ETC . 

====================

How to detect keylogger on a system?

An antikeylogger is a piece of software specially designed to detect it on a computer. 

Sometype of keylogger are easily detected and removed by the best antivirus software. 

You can view  the task manager(list of current programs) on a windows PC by Ctrl+Alt+Del to detect it.

Use of any software to perform any illegal activity is a crime, Do at your own risk.

Continue reading

1. Tools Hacking
2. Libro De Hacking
3. Libro Hacking Etico
4. Herramientas De Seguridad Informatica
5. Tools Hacking

DOWNLOAD SQLI HUNTER V1.2 – SQL INJECTION TOOL

SQLi hunter is a tool to scan for an SQLi Injection vulnerability in a website on auto-pilot. It automates the search of SQLi vulnerable links from Google using different dorks. SQLi hunter can also find admin panel page of any website by using some predefined admin page lists. Download SQLi hunter v1.2.

FEATURES

– Supports 500 results
– Url List can be Imported / Exported
– The setting for connection timeout
– Proxy Settings

If you're not totally satisfied with this tool, you can try other sql injection tools like havij , sqli dumper and sqlmap. These tools are incredibly super flexible with their advanced injection features.

DOWNLOAD SQLI HUNTER V1.2

Related links

• Raspberry Hacking
• Hacking Apps
• Hacking Etico Que Es

WPSeku V0.4 - Wordpress Security Scanner

This summary is not available. Please click here to view the post.