1.10.13


Few days back an article was published on techworm.in, where a hacker named "Mauritania Attacker" leaked claimed to leak thousands of twitter accounts, the data was made available for public to use and was uploaded on zippyshare.com. The data contained the twitterid, twitternick, oauthtoken nand oauth_token_secret.




How Was the data breached?

Well, it seems to me that the database of a third party app was breached which contained the list of Oauth tokens. In laymen terms oauth is used for authorizing the third party applications without the need of giving them the password. 

The application is granted an access token which it uses to authorize it selves, which means that an attacker having hold of the access token would be able to access the twitter accounts without the need of a password. The Oauth tokens can be easily be by tampering the request with a web application proxy such as Tamper Data, Burp suite etc. Twitter has recently introduced Two step authentication, however it isn't much handy in this case.

How Twitter Users Can Protect Themselves?  

Well, if the attacker keeps compromising database of the third party applications and getting the hold of the oauth tokens, then their is not much that twitter can do, Since they can protect their database from being breached, however they certainly have no hold of the third party application database.

Twitter users are advised to revoke access to all the third party application and reauthorize them, therefore the access tokens would be expired and the attacker would not be able to use them. Twitter users should only use trusted third party applications and when they are not using any of them, they should revoke the access so that the access token would be expired.

Facebook, has also known issues with their oauth in past, Security reseachers have pointed multiple flaws and all of them relied upon stealing of the oauth tokens, The issue with twitter in this case is a bit different, the access tokens were compromised due to a third party app, whereas in facebook oauth tokens could have been compromised due to a flaw inside it's design.

Twitter has denied the claims made by an attacker that any part of the twitter's database was compromised, which seems true to me. The Mauritania Attacker has posted a status on his facebook that he will reveal exactly how the access tokens were compromised today to techworm.

19.7.13

Friends, this is an post which lacks of people search everyday, but they get disappointed by seeing the results in which they are asked to download apps and then they can do direct downloads. But how is it called a direct download if they need to install some apps like 1clickdownloader, uTorrent, Bittorrent and other such apps. Now here, there won't be the need to install, download Or use any apps to download or anything. Don't think that it'll go in the same speed as any torrent downloader. It gives out the same speed as if you're downloading a file from mediafire or any other such file hosting websites.

Now,
I stop my lecture and start saying what you need to do step by step  :-)

Steps For Downloading Torrent Files Without Any App:

Step 1:-
Copy the magnet link of the torrent file you want to download.

Step 2:-
Go to btcloud.io , A Torrent file host from where you can get the link for doing direct download of any thing.


Sign up (Log in button serves the same function as Signing in) using any of the given options such as Facebook, Google and other. If it asks some permissions, accept it (Ex : If you sign up using Google, it'll ask to know what you are in google and other stuff).

Step 3:-
Then you can paste the link in the box given for pasting the magnet link.

After pasting the link, just press Add button at the right side of the box.

Step 4:-
After pressing Add button the file should have been shown in below. You might see some senseless name of the file and file size, but have patience and wait for a minute. Because the file will be downloaded to your cloud storage and the direct link will be given to you!

Step 5:-
After the download of the file has got completed, press on the name of the torrent file you have given for download.

Step 6:-
Click the ZIP button as highlighted below and download the file


Excellent right? You have successfully downloaded a torrent file without using any app! Enjoy and please don't forget to  SHARE

15.7.13


Well, The title is self explanatory. This post would not rely upon my input but it would rely upon your input, We will be gathering here 100 ways to become a better hacker. In other words 100 ways to improve your skills as a hacker.

Rules

1) Every person would get the credit for his submission.

2) The submissions needs to be precise and should be unique from what others have submitted so far.

3) Only the top 100 submissions would be entertained.

4) Once we are finished with accepting and publishing 100 submission, you can still submit your answers, What we would do then is overwrite the existing ones with the better ones.

5) Only submission via comments would be accepted.

100 ways to become a better hacker

1) Learning scripting languages such as PythonPerl and ruby can help you automate your tasks and for sure improve your skills. ~ Rafay Baloch

2) Understanding all possible user inputs is the fastest way to hack into the systems. ~ Shahin Ramezany 

3) When u gain access to an account or whatever u hacking in to, best practice do not alter anything. just monitor the activity and continue fetching information u need. ~ josh odongo

4) Travel and see different countries, it will make you better ~ Egor Homakov

5) Never hesitate for usage of Google and other resources available i.e. exploit-db, and be updated with versions and bugs in each versions, for example, if I talk about WordPress, then one who is looking to hack WordPress website or pentest, then he should be well aware of at least 3.0+ versions updating, so whichever version is being used on the website, he should know the vulnerabilities in that and their exploitation ~ Anonymous

6) RTFM, don't expect handouts. Educated questions, gets you educated answers ~ TomG

7) Move to Linux, learn Programming Languages CPearlLispJava and Html and write open source programs. Improve your functional English. ~ Asfar

8) The most important factor for becoming a good hacker is, you must have your personal interest with computers. Additionally, you have to be definite in your work, such that you should take exactly interest in One thing at a single time. After covering the appropriate level of theory, the learner should try it practically as much as his satisfaction level. Watching Tutorials only for taking points, not really for following them from a to z exactly, because you have to be a good learner only if you have your personal intention for doing the things creatively. ~ Nasruminallah Zeeshan

9) One thing , Learn how old Hackers Started don't focus on new Programs like BACKTRACK , METASPLOIT , Learn Manual Hacking , Learn Coding and be patient ! Knowledge will come with time ! and practice all methods ~ Amie

10) Do not rely on tricks for hacking. As they will keep you a script kiddie, get deep understanding about stuffs. And also don't rush from one topic to another. All those combined will make you a better hacker. "Slow and Steady wins the race"  ~ Bluff Master 

11) A support will always lift you up. Join groups, forums. Keep yourself updated with latest hacking news by reading blogs [Like this ;)], tweets etc. ~ Sahil Sehgal

12) Understand what programming language to use at what moment. You're time is valuable so don't waste it writing something that could have been done faster! (and understand the difference between a scripting language and a programming language, python for example is a programming language. ~ Saikia81

13) During hacking remain mentally intact and focus on your each step. During a step always remember your next steps and the way you have to link them. Dont always use old methods and tricks, try new one and use your own mind too. and remember one thing that there is no shortcut of Hacking, to became a hacker, you have to give your whole passion to hacking. "Hacking is an Art, and Hacker is an Artist".  ~ Ali

14) This Attitude should be there within "SWEAT MORE IN PRACTISE, SO YOU BLEED LESS IN WAR" #defensive #offensive #B31212Y 

15) Whatever you're going to test,start it with a basic stuff. If you dont know any,start learning.
~ Ahmed Ashraff 

16) Enumeration is the key to pwnage, the more you enumerate the more attack surface you get ~ Prakhar Prasad

17) Be patient! Learn different protocols and read the RFCs to understand how they work and if there are some "security by design" issues. After that you should try to understand the context you're in and therefore develop an exploit for this particular context. ~ David Viera Kurz

18) Sleep less, read more. Learn & Think & Try & Fail & Never give up. Remember, "...imagination will take you everywhere". ~ Gökmen GÜREŞÇİ

19) Don't compete anyone, never think you are the best, just compete "the you in the past". There will always be a vulnerability waiting for being discovered, by someone who thinks different. Understanding human logic makes things easier. "Hackers realize, kiddies memorize" ;) ~ Agd_Scorp

20) Learn your own systems inside out, before moving on to other systems. The better you know your own, the more capable you will find yourself when it comes time to make your system work for you. ~ jericho

21) To be a good hacker, you need have good social engineering skills. Try to understand your victim's mentality, it will give you the ability to guess his/her confidential information ~ Shakil Hussain

22) A great person had said "if i had 8 hours to chop down a tree, I'd spend 6 hours sharpening my axe". Apply this on yourself. Prepare yourself! Learn programming, networking, scripting and all, be passionate, motivate yourself then start hacking with your own ideas...You will surely win! #initinpandey 

23) Use your inner power to became a great hacker. Just keep reading.. The more you read..the more you understand things behind the scene. ~ nikhilkulkarni 

24) A startup now can be just a pair of 22 year old guys. A company like that can move much more easily than one with 10 people, half of whom have kids. ~ Anonymous

25) Think of all the psychic energy expended in seeking a fundamental distinction between "algorithm" and "program" ~ Amit Prakash 

26) If you don't have time to do it right, when will you have time to do it over? ~Sunny Rockzzzz 

27) Out in the field, any connection with home just makes you weaker. It reminds you that you were once civilized, soft; and that can get you killed faster than a bullet through the head.”~ Henry Mosquera

28) Most hackers are young because young people tend to be adaptable. As long as you remain adaptable, you can always be a good hacker.” ~ Emmanuel Goldstein 

29) Be very careful. We suggest getting a book on HTML to avoid becoming a real legend in the hacker world. Putting up a web page before you know how to put up a web page is generally a very bad idea. The .gov sites are an exception. ~ th3.d3sty0y3r

30) We were addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses. ~ Defencely.com

31) To be a good hacker you have to learn from yourself. Learn from books like "The basics of ethical hacking and pen testing" and "The web app hackers handbook-Ed.2". Once you learnt these books i promise you will be able to hack systems as well as web apps. ~ Aarshit Mittal

32) Try to see, feel and possibly touch everything that you learn, only then you will be confident about your attacks/defenses. ~ Nishant Das Patnaik

33) Adopt the mindset of a hacker ~ Mohamed Shimran

34) You may not be there yet but with everyday practice you will be closer than yesterday. ~ Anonymous

35) Set of code has to be made by a hacker Don't get caught Learn the basic functionality of a system and network then explore their loop holes Every developer make mistake while developing identify the exploit and notify them to the develop ~ Vinoth Vel o

36) Learn Russian. Every infosecurity geek should know Russian. ~ i Sciurus

37) When you learn something in this field, always put it to good use .Defacing websites will not make you a better hacker, but, helping someone with their security might earn you a respect even higher than what a blackhat may get . ~ Himanshu Sharma

5.6.13

The most popular Flash Games Website Miniclip.com games can be downloaded. Using one simple app called SWF opener. It is a app that can help you view the browser cache (where all the loaded miniclip games get saved). It doesn't just saves it even play or open it at the same time.


So here is the download link for the SWF opener:-
http://www.mediafire.com/download/rgz368bk2a8b7xw/SWFOpenerSetup.exe

And here are the simple steps you will have to follow to get the SWF (miniclip game) for your own:-

1. After downloading install it.

2. Then open the app and go to View option from above, then View SWF Cache


3. As I know this doesn't support Chrome. Now choose which browser you are using to open Miniclip games.


4. After the game in miniclip.com completely you can use refresh button in Swf opener to refresh and to see the items in cache.

5. Now one of the SWF file in the list shown in SWF opener will be the game, click on it, there will be a short preview shown at right side, so there wont be much problem identifying the game.

6. Click Save as and save it with the name you wish, do not change any other option, the saved files will probably go to C:\ (In Win 7, And Win 8).

7. Enjoy playing the game offline!

17.4.13


Wifi Kill:
            
Well, with this app you can disable internet connection for a device on the same network.

 So if someone (anyone) is abusing the internet wasting precious bandwidth for a Justin Bieber videoclips you could just kill their connection and stay happy with a full bandwidth just for yourself.

 Well, with this app you can disable internet connection for a device on the same network.

 After a long long delay, I present to you brand new WiFiKill.


WifiKill 2.2 Apk App 

WifiKill 2.2 Apk App 

 *ROOTED PHONE REQUIRED*

Requirements : Android 4.0 or above

 






WhatsApp Sniffer :  
  WhatsAppSniffer is a tool for root terminals to read WhatsApp conversations of a WIFI network (Open, WEP, WPA/WPA2). It captures the conversations, pictures / videos and coordinates that are sent or received by an Android phone, iPhone or Nokia on the same WIFI network. It has not been tested with Windows Phone terminals. It can't read the messages written or received by the BlackBerry's, as they use their own servers and not WhatsApp's.

 This application is designed to demonstrate that the security of WhatsApp's communications is null. WhatsAppSniffer just use the TCPDump program which reads all the WIFI network packets and filters those which has origin or destination WhatsApp's servers. All messages are in plain text, so it does not decrypt anything, complying fully with the legal terms of WhatsApp (3.C: "While we do not disallow the use of sniffers Such as Ethereal, tcpdump or HttpWatch in general, Any we do going efforts to disallow reverse-engineer our system, our protocols, or explore outside the boundaries of the ordinary requests made by clients WhatsApp .... ")
 For WPA/WPA2 encrypted networks, it uses the tool ARPSpoof (optional).


Features:
 - For now, there is only support for this characters:
 - Read conversations outgoing and incoming to Android, iPhone and Nokia phones.
 - They are separated by phone number
 - Notify when a message has been captured
 - Ability to start a debug session saving all logs

 - It matches phone numbers captured with agenda for coincidences 

 (ROOT REQUIRED)

Legal Terms:
WhatsAppSniffer comes with absolutely no warranty. You use this software on your own risk. The developer is not responsible for any damages caused by WhatsAppSniffer or it´s usage. It´s only the users responsibility to check his country's laws in order to make sure that the usage of WhatsAppSniffer is permitted by law in his country. In some countries stealing someones conversations might be prohibited by law. Always think about what you´re doing! Stealing someones conversations can cause real trouble for him and maybe for you.








Android Blackmarket : 
Blackmart is a tools to get all android application for free. You can use this apps to get various apps without paying for them. Maybe you have using similar application such as appbrain, bestmartket, and other, but blackmart is different.
Also used to update your device apps search for paid apps or upload apps from your device to host so others can download them.
 Also this app is updated quickly you'll be notified if there is an update.
Stop thinking where you will find money to pay any paid app.This app is the answer of your problem.Now get  any app you want for FREE.Try it now!

Requirements :
 Android 2.2+

Download Instructions:
- Download file
- Put the .apk file in your sd card
- Install .apk file in your phone by clicking  on it
- Finished! Enjoy thousands of free apps for your Android



Subscribe to RSS Feed Follow me on Twitter!