08-19-2013, 06:56 PM
All information in this tutorial is for educational purposes only. Any illegal activity relating to
this tutorial is not my responsibility, although I would like to say I don't care how you use it, I do. So please do not use this for Black-hat activities. One day when you grow up you might realised that you have been a skid, by using mass-deface techniques and SQLi for your entire life. Do not just hack a site because it is there. I have a few sites of my own and its annoying, unproductive, and pointless.
1 - Android Remort Adminstrator Tool - A RAT is also a shortcut called Remote Administrator Tool. It
is mostly used for malicious purposes, such as controlling Android Phones, stealing victims data,
deleting or editing some files. You can only infect someone by sending him file called Server and
they need to click it.
Here More Information - http://www.hackforums.net/showthread.php?tid=3529624
2- Remort Administrator Tool - A remote access Trojan (RAT) is a malware program that includes a
back door for administrative control over the target computer. RATs are usually downloaded invisibly
with a user-requested program -- such as a game -- or sent as an email attachment. Once the host
system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and
establish a botnet. RATs can be difficult to detect because they usually don't show up in lists of
running programs or tasks. The actions they perform can be similar to those of legitimate programs.
Furthermore, an intruder will often manage the level of resource use so that a drop in performance
doesn't alert the user that something's amiss.
How To Create RAT - http://blackhatcrackers.blogspot.in/2013...tools.html
You Tube Link - http://www.youtube.com/watch?v=3i5vEbnK5xk
Download Link - http://www.2shared.com/file/A1QNxuHf/Cyb...T1075.html
Download Link 2 Official Website - http://www.cyber-software.org/site/
Pdf Version - http://www.eset.com/us/resources/manuals..._Guide.pdf
3- Keylogger - Keyloggers are programs which record each keystroke on the computer they are
installed on. This provides a complete log of text entered such as passwords, emails sent and
websites visited. This log can then be automatically sent over a remote connection without the
person using the computer necessarily knowing about it. Because of this, keyloggers are typically
associated with malicious software and they will usually be picked up and removed by virus scanners.
However, there are also keyloggers which are commercially available for home or office use. In this
way, keyloggers have a distinct set of purposes which make them very useful in certain situations.
How To Create Keylogger - http://blackhatcrackers.blogspot.in/2013...ttack.html
You Tube Link - http://www.youtube.com/watch?v=RusJJjai7BI
Download Keylogger - http://project-neptune.net/download/
Pdf Version - http://www.cs.columbia.edu/~mikepo/paper...osec13.pdf
4- Phishing - In computing, phishing is a form of criminal activity using social engineering
techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and
credit card details, by masquerading as a trustworthy person or business in an electronic
communication. Phishing is typically carried out using email or an instant message, although phone
contact has been used as well. Attempts to deal with the growing number of reported phishing
incidents include legislation, user training, and technical measures.
How To Create Facebook Fake Login Page - http://blackhatcrackers.blogspot.in/2013/01/phishing-
attack.html
You Tube Link - https://www.youtube.com/watch?v=QE-kmk3vU1U
Download fake Login Page - http://www.mediafire.com/download/jjd5no...+fake+page
%28Hackingaday%29.rar
Pdf Version - http://www.fireeye.com/resources/pdfs/fi...-words.pdf
5- Click-Jacking - Clickjacking, also known as a "UI redress attack", is when an attacker uses
multiple transparent or opaque layers to trick a user into clicking on a button or link on another
page when they were intending to click on the the top level page. Thus, the attacker is "hijacking"
clicks meant for their page and routing them to other another page, most likely owned by another
application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a
carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe
they are typing in the password to their email or bank account, but are instead typing into an
invisible frame controlled by the attacker.
What Is Clickjacking ? How It's Work ? -
http://blackhatcrackers.blogspot.in/2013/01/clickjacking.html
You Tube Link - https://www.youtube.com/watch?v=IqN5HyqU...r_embedded
Advanced Tutorial ClickJacking - http://javascript.info/tutorial/clickjacking
Pdf Version - seclab.stanford.edu/websec/framebusting/framebust.pdf
6- Tabnabbing - Tabnabbing is a computer exploit and phishing attack, which persuades users to
submit their login details and passwords to popular websites by impersonating those sites and
convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza
Raskin, a security researcher and design expert. The attack takes advantage of user trust and
inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and
their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing
attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in
one of the open tabs in your browser.
What Is TabNabbing ? How It's Work - http://blackhatcrackers.blogspot.in/2013...bbing.html
You Tube Link - https://www.youtube.com/watch?v=Njrv03jSLLM
TabNabbing In Backtrack 5 - https://www.youtube.com/watch?v=xFo0vvq3R3g
Pdf Version - https://lirias.kuleuven.be/bitstream/123...1/p447.pdf
7- Session Hijacking - The Session Hijacking attack consists of the exploitation of the web session
control mechanism, which is normally managed for a session token. Because http communication uses
many different TCP connections, the web server needs a method to recognize every user’s connections.
The most useful method depends on a token that the Web Server sends to the client browser after a
successful client authentication. A session token is normally composed of a string of variable width
and it could be used in different ways, like in the URL, in the header of the http requisition as a
cookie, in other parts of the header of the http request, or yet in the body of the http
requisition. The Session Hijacking attack compromises the session token by stealing or predicting a
valid session token to gain unauthorized access to the Web Server.
What Is Session Hijacking ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013/01/session-
hijacking-attack.html
You Tube Link - http://www.youtube.com/watch?v=YuERGiQ0naI
Pdf Version - http://www.dtic.mil/dtic/tr/fulltext/u2/a422361.pdf
8- Side Jacking Using Fire Sheep - HTTP session hijacking, better known as “sidejacking”, poses a
major threat to all internet users. This is due to the common use of Wi-Fi networks, which are
inherently unsecure, but also because of the wide-spread misplaced trust in the safety of internet
use on phones and perceived secure connections. It has been demonstrated that wired networks are
also not necessarily safe from sidejacking attempts and even your interactions in an App store can
be at risk as well.
If you are logging into Facebook using the open Wi-Fi network at your local watering hole, an
individual with a simple tool such as Firesheep can gain access to your account, change your
password, and then potentially take advantage of other programs linked to that account. These
sidejacking attacks can be done without any programming knowledge and the problem isn’t simply
limited to the unencrypted Wi-Fi networks we are familiar with. Firesheep can be used to intercept
information sent over any unencrypted HTTP session, whether it is wired or wireless. And what can a
Sidejacker do with my connection to an App store, you may wonder? Great question! Elie Bursztein at
Google cites the various ways your App browsing and buying can be compromised. It can be everything
from password stealing to App swapping, when an attacker’s malware App is downloaded instead of the
actual App that was paid for.The industry is slowly starting to adapt the practice of always on SSL
to protect users, including in App stores. The implementation of always on SSL, or end-to-end
encryption using HTTPS, is a great place to start. It is natural to visit a website and feel secure
because you have logged in to your account with a unique username and password, but the problem is
that if the rest of the traffic is not encrypted, a Sidejacker can gain access to the vulnerable
cookie and then manipulate any personal information within the account. However, when a website is
secured with HTTPS from the time of first access to the time you leave, the entire session is
encrypted in a way that prevents your information from being compromised.
What Is SideJacking Using FireSheep ? - http://www.hacking-tutorial.com/hacking-...firesheep-
http-session-hijacking-tools/
You Tube Link - http://www.youtube.com/watch?v=8qmTVPO2jvI
9 - ARP Poisoning - Address Resolution Protocol (ARP) poisoning is a type of attack where the Media
Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it
is effective against both wired and wireless local networks. Some of the things an attacker could
perform from ARP poisoning attacks include stealing data from the compromised computers, eavesdrop
using man-in-the middle methods, and prevent legitimate access to services, such as Internet
service.
A MAC address is a unique identifier for network nodes, such as computers, printers, and other
devices on a LAN. MAC addresses are associated to network adapter that connects devices to
networks. The MAC address is critical to locating networked hardware devices because it ensures
that data packets go to the correct place. ARP tables, or cache, are used to correlate network
devices’ IP addresses to their MAC addresses.In for a device to be able to communicate with another
device with a known IP Address but an unknown MAC address the sender sends out an ARP packet to all
computers on the network. The ARP packet requests the MAC address from the intended recipient with
the known IP address. When the sender receives the correct MAC address then is able to send data to
the correct location and the IP address and corresponding MAC address are store in the ARP table for
later use.
ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC address so
that the IP address points to another machine. If the attacker makes the compromised device’s IP
address point to his own MAC address then he would be able to steal the information, or simply
eavesdrop and forward on communications meant for the victim. Additionally, if the attacker changed
the MAC address of the device that is used to connect the network to Internet then he could
effectively disable access to the web and other external networks.
What Is ARP Poisoning How It's Work -
http://www.mediafire.com/download/47bybhe5gd5de50/Compromising+Facebook+Account+Via+ARP
+Poisoning.pdf
ARP Poisoning Advanced tutorial - http://openmaniak.com/ettercap_arp.php
You Tube Link - https://www.youtube.com/watch?v=zC4PVbcGLmU
Pdf Version - http://www.harmonysecurity.com/files/HS-...soning.pdf
10- Stealers - It is a small software which steals passwords that are stored in our web browsers,
chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers
FTP server, Usually Stealer's look like keyloggers but there are many differences, Stealer's steal
only passwords that stored in the web browsers they wont capture keystrokes typed by the user
What Is Stealers How It's Work - http://oren-hack.blogspot.in/2012/06/tut...er-63.html
Advanced tutorial - http://www.101hacker.com/2011/09/hack-em...space.html
You Tube Link - http://www.youtube.com/watch?v=mOtXvbC0AMw
11 - Java Drive By - A Java Drive-By is a Java Applet that is coded in Java and is put on a website.
Once you click "Run" on the pop-up, it will download a program off the internet. This program can be
a virus or even a simple downloader. If you'd like to get the source code or wanna know more
information about a Java Drive-By, use Google.
What Is Java Drive By ? How It's Work - http://blackhatcrackers.blogspot.in/2013/03/fud-java-
driveby.html
You Tube Link - http://www.youtube.com/watch?v=UmzyTWbFWak
You Tube Link For Noobs Peoples - http://www.youtube.com/watch?v=LZdB2QAgDvY
12 - Cookie Stealing Attack - Cookies are small files that stored on users computer by websites when
a user visits them. The stored Cookies are used by the web server to identify and authenticate the
user .For example when a user logins in Facebook a unique string is generated and one copy of it is
saved on the server and other is saved on the users browser as Cookies. Both are matched every time
the user does any thing in his account. So if we steal the victims cookie and inject them in our
browser we will be able to imitate the victims identity to the web server and thus we will be able
to login is his account . This is called as Side jacking .The best thing about this is that we need
not no the victims id or password all we need is the victims cookie.
What Is Cookie Stealing Attack ? - http://blackhatcrackers.blogspot.in/2013...-stealing-
attack.html
You Tube Link - http://www.youtube.com/watch?v=-H1qjiwQldw
13 - Social Engineering - Social engineering is the use of deception and manipulation to obtain
confidential information. It is a non-technical kind of intrusion that relies heavily on human
interaction and often involves tricking people into breaking normal security procedures. Social
engineers rely on the fact that people are not aware of the value of the information they possess
and are careless about protecting it. In anti virus computer security software, social engineering
is generally a hacker's clever manipulation of the natural human tendency to trust. The hacker's
goal is to obtain information that will gain him/her unauthorized access to a system and the
information that resides on that system. Typical examples of social engineering are phishing e-mails
or pharming sites.
What Is Social Engineering ? - http://blackhatcrackers.blogspot.in/2013...gineering-
attack.html
You Tube Link - http://www.youtube.com/watch?v=4VeinrY0n7o
Pdf Version - himis.s3.amazonaws.com/social-engineering-techniques.pdf
14 - Botnets - Botnets are not commonly used for hacking facebook accounts, because of it's high
setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of
compromised computer, The infection process is same as the keylogging, however a botnet gives you,
additional options in for carrying out attacks with the compromised computer. Some of the most
popular botnets include Spyeye and Zeus.
What Is Botnet ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013...-to-setup-
botnet.html
You Tube Link - http://www.youtube.com/watch?v=zR3OQdEsRCc
Pdf Version - http://www.korelogic.com/Resources/Prese...s_issa.pdf
15 - Man In the Middle Attacks - A Man-in-the-Middle attack is a type of cyber attack where a
malicious actor inserts him/herself into a conversation between two parties, impersonates both
parties and gains access to information that the two parties were trying to send to each other. A
Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for
someone else, or not meant to be sent at all, without either outside party knowing until it is too
late. Man-in-the-Middle attacks can be abbreviated in many ways including, MITM, MitM, MiM, or MIM.
How They Work ? What Was That - http://www.101hacker.com/2011/03/man-in-...ack-using-
ettercap.html
You Tube - http://www.youtube.com/watch?v=Z19p4nDfeG8
Pdf Version - http://www.cs.umu.se/education/examina/R...iksson.pdf
this tutorial is not my responsibility, although I would like to say I don't care how you use it, I do. So please do not use this for Black-hat activities. One day when you grow up you might realised that you have been a skid, by using mass-deface techniques and SQLi for your entire life. Do not just hack a site because it is there. I have a few sites of my own and its annoying, unproductive, and pointless.
1 - Android Remort Adminstrator Tool - A RAT is also a shortcut called Remote Administrator Tool. It
is mostly used for malicious purposes, such as controlling Android Phones, stealing victims data,
deleting or editing some files. You can only infect someone by sending him file called Server and
they need to click it.
Here More Information - http://www.hackforums.net/showthread.php?tid=3529624
2- Remort Administrator Tool - A remote access Trojan (RAT) is a malware program that includes a
back door for administrative control over the target computer. RATs are usually downloaded invisibly
with a user-requested program -- such as a game -- or sent as an email attachment. Once the host
system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and
establish a botnet. RATs can be difficult to detect because they usually don't show up in lists of
running programs or tasks. The actions they perform can be similar to those of legitimate programs.
Furthermore, an intruder will often manage the level of resource use so that a drop in performance
doesn't alert the user that something's amiss.
How To Create RAT - http://blackhatcrackers.blogspot.in/2013...tools.html
You Tube Link - http://www.youtube.com/watch?v=3i5vEbnK5xk
Download Link - http://www.2shared.com/file/A1QNxuHf/Cyb...T1075.html
Download Link 2 Official Website - http://www.cyber-software.org/site/
Pdf Version - http://www.eset.com/us/resources/manuals..._Guide.pdf
3- Keylogger - Keyloggers are programs which record each keystroke on the computer they are
installed on. This provides a complete log of text entered such as passwords, emails sent and
websites visited. This log can then be automatically sent over a remote connection without the
person using the computer necessarily knowing about it. Because of this, keyloggers are typically
associated with malicious software and they will usually be picked up and removed by virus scanners.
However, there are also keyloggers which are commercially available for home or office use. In this
way, keyloggers have a distinct set of purposes which make them very useful in certain situations.
How To Create Keylogger - http://blackhatcrackers.blogspot.in/2013...ttack.html
You Tube Link - http://www.youtube.com/watch?v=RusJJjai7BI
Download Keylogger - http://project-neptune.net/download/
Pdf Version - http://www.cs.columbia.edu/~mikepo/paper...osec13.pdf
4- Phishing - In computing, phishing is a form of criminal activity using social engineering
techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and
credit card details, by masquerading as a trustworthy person or business in an electronic
communication. Phishing is typically carried out using email or an instant message, although phone
contact has been used as well. Attempts to deal with the growing number of reported phishing
incidents include legislation, user training, and technical measures.
How To Create Facebook Fake Login Page - http://blackhatcrackers.blogspot.in/2013/01/phishing-
attack.html
You Tube Link - https://www.youtube.com/watch?v=QE-kmk3vU1U
Download fake Login Page - http://www.mediafire.com/download/jjd5no...+fake+page
%28Hackingaday%29.rar
Pdf Version - http://www.fireeye.com/resources/pdfs/fi...-words.pdf
5- Click-Jacking - Clickjacking, also known as a "UI redress attack", is when an attacker uses
multiple transparent or opaque layers to trick a user into clicking on a button or link on another
page when they were intending to click on the the top level page. Thus, the attacker is "hijacking"
clicks meant for their page and routing them to other another page, most likely owned by another
application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a
carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe
they are typing in the password to their email or bank account, but are instead typing into an
invisible frame controlled by the attacker.
What Is Clickjacking ? How It's Work ? -
http://blackhatcrackers.blogspot.in/2013/01/clickjacking.html
You Tube Link - https://www.youtube.com/watch?v=IqN5HyqU...r_embedded
Advanced Tutorial ClickJacking - http://javascript.info/tutorial/clickjacking
Pdf Version - seclab.stanford.edu/websec/framebusting/framebust.pdf
6- Tabnabbing - Tabnabbing is a computer exploit and phishing attack, which persuades users to
submit their login details and passwords to popular websites by impersonating those sites and
convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza
Raskin, a security researcher and design expert. The attack takes advantage of user trust and
inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and
their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing
attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in
one of the open tabs in your browser.
What Is TabNabbing ? How It's Work - http://blackhatcrackers.blogspot.in/2013...bbing.html
You Tube Link - https://www.youtube.com/watch?v=Njrv03jSLLM
TabNabbing In Backtrack 5 - https://www.youtube.com/watch?v=xFo0vvq3R3g
Pdf Version - https://lirias.kuleuven.be/bitstream/123...1/p447.pdf
7- Session Hijacking - The Session Hijacking attack consists of the exploitation of the web session
control mechanism, which is normally managed for a session token. Because http communication uses
many different TCP connections, the web server needs a method to recognize every user’s connections.
The most useful method depends on a token that the Web Server sends to the client browser after a
successful client authentication. A session token is normally composed of a string of variable width
and it could be used in different ways, like in the URL, in the header of the http requisition as a
cookie, in other parts of the header of the http request, or yet in the body of the http
requisition. The Session Hijacking attack compromises the session token by stealing or predicting a
valid session token to gain unauthorized access to the Web Server.
What Is Session Hijacking ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013/01/session-
hijacking-attack.html
You Tube Link - http://www.youtube.com/watch?v=YuERGiQ0naI
Pdf Version - http://www.dtic.mil/dtic/tr/fulltext/u2/a422361.pdf
8- Side Jacking Using Fire Sheep - HTTP session hijacking, better known as “sidejacking”, poses a
major threat to all internet users. This is due to the common use of Wi-Fi networks, which are
inherently unsecure, but also because of the wide-spread misplaced trust in the safety of internet
use on phones and perceived secure connections. It has been demonstrated that wired networks are
also not necessarily safe from sidejacking attempts and even your interactions in an App store can
be at risk as well.
If you are logging into Facebook using the open Wi-Fi network at your local watering hole, an
individual with a simple tool such as Firesheep can gain access to your account, change your
password, and then potentially take advantage of other programs linked to that account. These
sidejacking attacks can be done without any programming knowledge and the problem isn’t simply
limited to the unencrypted Wi-Fi networks we are familiar with. Firesheep can be used to intercept
information sent over any unencrypted HTTP session, whether it is wired or wireless. And what can a
Sidejacker do with my connection to an App store, you may wonder? Great question! Elie Bursztein at
Google cites the various ways your App browsing and buying can be compromised. It can be everything
from password stealing to App swapping, when an attacker’s malware App is downloaded instead of the
actual App that was paid for.The industry is slowly starting to adapt the practice of always on SSL
to protect users, including in App stores. The implementation of always on SSL, or end-to-end
encryption using HTTPS, is a great place to start. It is natural to visit a website and feel secure
because you have logged in to your account with a unique username and password, but the problem is
that if the rest of the traffic is not encrypted, a Sidejacker can gain access to the vulnerable
cookie and then manipulate any personal information within the account. However, when a website is
secured with HTTPS from the time of first access to the time you leave, the entire session is
encrypted in a way that prevents your information from being compromised.
What Is SideJacking Using FireSheep ? - http://www.hacking-tutorial.com/hacking-...firesheep-
http-session-hijacking-tools/
You Tube Link - http://www.youtube.com/watch?v=8qmTVPO2jvI
9 - ARP Poisoning - Address Resolution Protocol (ARP) poisoning is a type of attack where the Media
Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it
is effective against both wired and wireless local networks. Some of the things an attacker could
perform from ARP poisoning attacks include stealing data from the compromised computers, eavesdrop
using man-in-the middle methods, and prevent legitimate access to services, such as Internet
service.
A MAC address is a unique identifier for network nodes, such as computers, printers, and other
devices on a LAN. MAC addresses are associated to network adapter that connects devices to
networks. The MAC address is critical to locating networked hardware devices because it ensures
that data packets go to the correct place. ARP tables, or cache, are used to correlate network
devices’ IP addresses to their MAC addresses.In for a device to be able to communicate with another
device with a known IP Address but an unknown MAC address the sender sends out an ARP packet to all
computers on the network. The ARP packet requests the MAC address from the intended recipient with
the known IP address. When the sender receives the correct MAC address then is able to send data to
the correct location and the IP address and corresponding MAC address are store in the ARP table for
later use.
ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC address so
that the IP address points to another machine. If the attacker makes the compromised device’s IP
address point to his own MAC address then he would be able to steal the information, or simply
eavesdrop and forward on communications meant for the victim. Additionally, if the attacker changed
the MAC address of the device that is used to connect the network to Internet then he could
effectively disable access to the web and other external networks.
What Is ARP Poisoning How It's Work -
http://www.mediafire.com/download/47bybhe5gd5de50/Compromising+Facebook+Account+Via+ARP
+Poisoning.pdf
ARP Poisoning Advanced tutorial - http://openmaniak.com/ettercap_arp.php
You Tube Link - https://www.youtube.com/watch?v=zC4PVbcGLmU
Pdf Version - http://www.harmonysecurity.com/files/HS-...soning.pdf
10- Stealers - It is a small software which steals passwords that are stored in our web browsers,
chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers
FTP server, Usually Stealer's look like keyloggers but there are many differences, Stealer's steal
only passwords that stored in the web browsers they wont capture keystrokes typed by the user
What Is Stealers How It's Work - http://oren-hack.blogspot.in/2012/06/tut...er-63.html
Advanced tutorial - http://www.101hacker.com/2011/09/hack-em...space.html
You Tube Link - http://www.youtube.com/watch?v=mOtXvbC0AMw
11 - Java Drive By - A Java Drive-By is a Java Applet that is coded in Java and is put on a website.
Once you click "Run" on the pop-up, it will download a program off the internet. This program can be
a virus or even a simple downloader. If you'd like to get the source code or wanna know more
information about a Java Drive-By, use Google.
What Is Java Drive By ? How It's Work - http://blackhatcrackers.blogspot.in/2013/03/fud-java-
driveby.html
You Tube Link - http://www.youtube.com/watch?v=UmzyTWbFWak
You Tube Link For Noobs Peoples - http://www.youtube.com/watch?v=LZdB2QAgDvY
12 - Cookie Stealing Attack - Cookies are small files that stored on users computer by websites when
a user visits them. The stored Cookies are used by the web server to identify and authenticate the
user .For example when a user logins in Facebook a unique string is generated and one copy of it is
saved on the server and other is saved on the users browser as Cookies. Both are matched every time
the user does any thing in his account. So if we steal the victims cookie and inject them in our
browser we will be able to imitate the victims identity to the web server and thus we will be able
to login is his account . This is called as Side jacking .The best thing about this is that we need
not no the victims id or password all we need is the victims cookie.
What Is Cookie Stealing Attack ? - http://blackhatcrackers.blogspot.in/2013...-stealing-
attack.html
You Tube Link - http://www.youtube.com/watch?v=-H1qjiwQldw
13 - Social Engineering - Social engineering is the use of deception and manipulation to obtain
confidential information. It is a non-technical kind of intrusion that relies heavily on human
interaction and often involves tricking people into breaking normal security procedures. Social
engineers rely on the fact that people are not aware of the value of the information they possess
and are careless about protecting it. In anti virus computer security software, social engineering
is generally a hacker's clever manipulation of the natural human tendency to trust. The hacker's
goal is to obtain information that will gain him/her unauthorized access to a system and the
information that resides on that system. Typical examples of social engineering are phishing e-mails
or pharming sites.
What Is Social Engineering ? - http://blackhatcrackers.blogspot.in/2013...gineering-
attack.html
You Tube Link - http://www.youtube.com/watch?v=4VeinrY0n7o
Pdf Version - himis.s3.amazonaws.com/social-engineering-techniques.pdf
14 - Botnets - Botnets are not commonly used for hacking facebook accounts, because of it's high
setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of
compromised computer, The infection process is same as the keylogging, however a botnet gives you,
additional options in for carrying out attacks with the compromised computer. Some of the most
popular botnets include Spyeye and Zeus.
What Is Botnet ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013...-to-setup-
botnet.html
You Tube Link - http://www.youtube.com/watch?v=zR3OQdEsRCc
Pdf Version - http://www.korelogic.com/Resources/Prese...s_issa.pdf
15 - Man In the Middle Attacks - A Man-in-the-Middle attack is a type of cyber attack where a
malicious actor inserts him/herself into a conversation between two parties, impersonates both
parties and gains access to information that the two parties were trying to send to each other. A
Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for
someone else, or not meant to be sent at all, without either outside party knowing until it is too
late. Man-in-the-Middle attacks can be abbreviated in many ways including, MITM, MitM, MiM, or MIM.
How They Work ? What Was That - http://www.101hacker.com/2011/03/man-in-...ack-using-
ettercap.html
You Tube - http://www.youtube.com/watch?v=Z19p4nDfeG8
Pdf Version - http://www.cs.umu.se/education/examina/R...iksson.pdf