Dirty Side Of FB Connecting The Dots

Facebook like you know it. Isn’t exactly like what you think it is. I think most of you know this, it’s very old, but I don’t see anyone posted it much yet. But for those of you all who don’t know it, read on. Mark Zuckerberg had this intention eversince he started the community. But now if you actually connect the dots, you’ll know what facebook is all about. Yes, the smart hacker who is a founder of facebook made this billion dollar project possible with dirty intentions behind the curtains. Enabling its users to find their mates past bedtime.

Ever opened your browser and had a look at the following screen and had a second thought about what facebook really meant to the world?

Now lets connect the dots and have a look at it again.

Yes, you read it right. It does mean “Sex”.  And this is not just any co-incidence or mistake that just creeped in while designing the homepage. It was created intentionally, to mark that facebook is actually a place for people to  find sex. Its all bout the girls, hooking up, beer , booze and parties. Facebook, what we know of today is now clear that it accepts adult rated content which limits itself from higher level of explicity and nudity. It is also clear from the followin statistics that most of the shared posts are about sex.

It beats Positive content by double its degree. That’s the dirty secret that facebook has been hiding from everyone for years. For those of you all who have watched the movie “The Social Network”. Mark Zuckerberg clearly tells his friend that facebook, formerly known as facemash will help the students finding out which chic is single, which guy is dating, which girl is a slut etc. Its all about sex ever since the beginning.

Thanks for reading guys. I hope you guys enjoyed taste of the truth behind facebook. Comment, and share it on facebook, twitter, whatever if you really think people need to be aware of this.

Hack your BEAM FIBER internet for high speed

This is not actually a hack but a tweak with the beam fiber internet connection and it only works onwin xp, with a torrent client software like utorrent.

The first step is to create a new network connection-

1. Start> control panel> network and internet connections> network connections

2. Create a new connection -> choose connect to the internet, click next.

-> choose set up my connection manually, click next.

-> choose connect using a broadband connection hat requires a username and password,click next.

-> Enter a ISP name of your own. (it can be your own name), click next.

-> Enter the username and password which your internet provider has given you, click next and then finish.

Now the second step -

Assuming you have a torrent client running. (make sure not more than 2 torrents are active)

1. Stay on your beam cable login page. (http://portal.beamtele.com/index.php#content)

2. Open your network connection you created in the 1st step. (Don’t yet connect it)

3. When any 1 torrent hits about 20 kbps, log off your beam fiber login page. Wait for the login options to come and when it does, connect the connection you created in step 1.

Take care u connect the network connection before the torrent speed goes down to 0 kbps.

4. Wait for 20-25 seconds and there you go! You will see speeds that your connection has never seen before… 

BROWSER FINGERPRINTING

In this post, I am going to introduce Browser Fingerprinting and I will also demonstrate on how theBrowser Autopwn exploit works. To introduce you first, that over the time, the privacy on the internet has become the prime concern of the users. So in how many ways you think you are carrying this privacy? Or that your activities aren’t being tracked on the web? It’s by-far very true that disabling cookies or using private browsing keeps you from being uniquely identified. But to bring it to your notice, lol! you can still be uniquely pointed out. Wondering how?

“Its more like, hey dude! I don’t even need your damn IP and cookies to find you out.”

Actually, the modern web browsers that we use, send too much of small bits of information to the websites such as the screen size, colour schemes, detailed browser version, fonts installed, the order in which they are installed, font size, OS information and a whole bunch of similar info. So, these innocent looking information in bits, figure out the unique users on their website. Though this has been raised as an issue by most security researchers, still this technique is being used by some bank and credit card companies to identify if its a legitimate user or not. They call this technique, Client-less Device Identification.

So far so good, I will now show you how browser fingerprinting has been used by attackers for getting into the victim’s computer probably making use of social engineering as well.

Let’s assume that the victim has been using some older versions of the browser (might be IE6,7 or Firefox 4 and so on). The attacker uses the exploit to generate a random URL which serves as the lethal weapon against the victim. All the attacker has to do, is convince or persuade the victim to go to that URL, which might involve something of social engineering. The attacker can as well publish that URL on the web and wait for some connection. As soon as a user, which hereby becomes the victim, goes to that URL, he/she sees a loading notification and on the other end, the attacker can see a session that gets created. His job done. Thereby he exclaims, “WHOOPIE!”. Now he has the complete unbound access of the victim’s computer.

To show you the demo snaps, I opened up Metasploit Framework console, used the browser_autopwnexploit as shown:

Type ‘show options‘ to get the list of default options to use the exploit. LHOST must be the IP address of the attacker. SRVPORT is the port to listen on. I used port 80. URIPATH can be anything. After setting up the option, fire the exploit by typing ‘exploit‘. Check the snap below:

As soon as we type ‘exploit‘, the exploit starts the server, generates random URLs and starts listening at port 80. The URL that’s listed at the end would be like ‘http://192.168.244.1/abhimanyu‘ ( This acts as what we call ‘payload’). The moment the user goes to the URL on his computer, that has been generated on the attacker’s side, exactly the same thing happens as I explained before the demo, eventually creating a session.

So this works out very fine and think over how Browser Fingerprinting plays its role. Note that, the attacker doesn’t even know the victim’s IP initially, even though the attacker successfully creates the session using the exploit.

Disclaimer: This is for educational purpose and to make you aware of the scenarios of various different security breaches. The administrator or the authors of prohackersden will not be responsible for any misuse of this post.

SOCIAL ENGINEERING

Social Engineering is something that is not done through the using the technical hacking strategies. It’s about convincing the authenticity of your exploit. So, when is this used? Exactly when the attackers can’t find the vulnerability for their exploits. Right? Its like playing trickery for the purpose of gathering crucial information from the target users. They might be Human Based or Computer Based.

If it’s Human Based, we have the Shoulder Surfing in this. It like silently peeping into the keyboard while someone is typing the password. If it might be possible that the attacker calls the victim and convinces him to have the permission from authorized source to his system. The victim in turn gets convinced and provides most crucial data to the attacker. The attacker might also make the target believe that he is the employee or the contractor, thus providing him with all the required details. It’s also possible that the attacker goes for the social network profile of the victim, chooses one of his friends (say X) and later convinces the victim that he is the friend of X and he needs to know this.

If it’s Computer Based, the most important source for this attack are the email attachments which convinces the users to open it, promising to be from a trusted source. The moment the user opens it, results in the execution of the malicious code contained in the attachment. The another types of social Engineering technique are the Phishing and the Spear Phishing, the technique that was used to hack theInternational Monitory Fund(IMF) days back. What was done in the case of IMF, according to the sources, that an email was sent from within the IMF to the two groups of employee with the subject “2011 Recruitment Plan” and this was intriguing enough to make them click on the attachment or the links. As an attachment was a file named 2011 recruitment plan.xls, that contained the 0-day Exploit, installing a backdoor through Adobe flash Vulnerability. So this indeed is very actively popular Social Engineering strategy these days. You can take a look for further details @ http://www.castigliola.com/index.php?option=com_content&task=view&id=125&Itemid=1

IP STEALING AND EMAIL TRACING

Each device on a computer network is provided with a unique number notation, through which they communicate with each other. These number notations are known as IP addresses and the standard used for the communication is called as IP or Internet Protocol standard. There are two versions of IP: IPv4and IPv6. Until now, we have been using IPv4 for providing IP addresses, which uses 32 bit notation, but due to growth of more and more internet users, there are issues and testing on implementing IPv6, that uses 128 bits for the addressing, so its hard to get exhausted.

IP STEALING

So, what if we know the IP address of someone you are talking on Instant Messengers? IP addresses are as personal to the owners as are their phone numbers. Using an IP address of someone, you can trace out the general location of the person where he lives. This is on the individual point of view, but with an IP of a target website, the attacker can go for even most serious DDoS attacks. The difference being, you can get the IP address of a website by simple ping command on the command prompt as ‘ping websitename’

To know your own IP: http://www.whatismyip.com/

To find the IP of a particular domain: http://domains.whois.com/domain.php?action=whois

To get an IP address of someone, you just have to make a user click on the link posted by you, either on the Instant Messengers or Emails. So to do it,

1. Go to the DOWNLOADS section, download the file named ‘IP Stealing Script’.
2. Create a blank text file named ip.txt
3. Upload both these files to some web diectory through FTP. Provide ip.txt the CHMOD as 777. Suppose the attacker uploaded it to some directory ‘x’ and he got the link as http://www.website.com/x/ip-stealing-script.php
4. Now the attacker directs the victim to click on the link, or he anyhow flatter him to click on it. (SOCIAL ENGINEERING)
5. The moment the victim clicks on the link, he/she gets redirected to some website specified in the script, as I mentioned ‘google.com’ in it. But behind this everything, the attacker’s job is done.
6. The attacker goes to the say http://www.website.com/x/ip.txt and sees something like this:

Now that you got the victim’s IP, you can easily trace him back through websites likehttp://www.geobytes.com/IpLocator.htm

EMAIL TRACING

In Email tracing, now that you knew how to trace an IP, you just need to know the IP address of the sender’s computer. I am using Gmail to demonstrate this. Now, what you need to do is

1. Open one of your Gmail Inbox mail.
2. You can see a button on top right corner of the mail, expand it as:
3. Now click on the ‘Show Original’ option, you can see something like this:
4. Now that you have the IP address of the sender, you can trace it with HTTP://WWW.GEOBYTES.COM/IPLOCATOR.HTM

Disclaimer: This is for educational purpose and to make you aware of the scenarios of various different security breaches. The administrator or the authors of thecybersaviours will not be responsible for any misuse of this post.

Hope this post was as interesting, keep enjoying!!