RN-QQHFzQYtPGkUCfyu8eve2qf0

Thursday, 28 August 2014

Can You Hack Someone's Facebook Password Using Some Software Or Website?

0 comments
facebook hacking
Do you know there are over thousands of websites and software that claim to hack Facebook password of any account? They'd ask you the victim's profile ID, maybe your credentials and some money too and will reportedly tell you the password which, to be honest, never works. Ever wonder why? Let me tell you why, they're FAKE! They're a scam which tricks you somehow in losing your money or your own Facebook account. Just give it a thought, why would Zuckerberg and his team spend Billions of Dollars on Facebook if one could hack it in less than a minute? Today, we'll take a look at this topic in detail with some example websites and software and get answers to some common related questions.



The Facebook password cracking Websites and Software

Let's start with some examples here. I googled the subject and picked the top results without order. Didn't care to search harder because there are thousands such and I know that all are FAKE.

So let's look at this GETFBHACK.com.
hacking facebook password
Their FREE Facebook hacker program is said to be capable of cracking the password of any Facebook user within a day. Sounds cool, I could try it out, but my Norton Antivirus rejected the file straight away.

I also picked up another one. This Hack-Fbook-Password asks me to enter the profile ID of a user and it will crack the password. I said Okay and began the process.
facebook hacking
It ran certain algorithms to determine the password and finally landed me on a page that said I could DOWNLOAD the password IF I fill an online survey first. Those of you who've been redirected to surveys would know they don't work and are put just so to get traffic and earn money.

I said maybe I should leave the website now but hey, they gave me a prize!
hacking facebook

So I just became the luckiest person in my city just like that!

Now tell me, how can a sane person believe in all this?

The truth!

Let me get this straight to you, these websites do nothing at all just waste your time and are never able to do the job. In fact, downloaded programs just make the situation worse when you run them. I had my Norton Antivirus to guard me otherwise I could be in severe danger currently.

These software are mostly keyloggers and tracking programs that record your keystrokes and action and steal personal information from your computer in the background and send it to their master servers. So ultimately a hacker wannabe gets hacked, how ironic!

From now on in the post, I'll be using the word 'Hacker' for these websites and software since you're no more in the position to be called that.

Why do these 'Hackers' do all that?

facebook hack
Setting up websites, maintaining them and developing software is not an easy task. It requires some money. So why do these 'hackers' do all the hassle? It's because they get equivalent or more money in return. They can extract your credit card details and other banking info from your system and use it for their advantage. They can hack your account and use it for wrong purposes. Give me one reason why one wouldn't steal money and hack accounts for no loss.

Why people fall in their webs?

facebook hack
Why do people try to use such unreal hacking procedures? It's because it's unreal to me, it's unreal to you but not to those who are not much familiar with the working of a software. They get in the web of these hackers and eventually get screwed up pretty bad without consent.

The websites give guarantees and also portray their 'imaginary' happy customers so as to trick a reader. Such tactics are simple but really powerful and serves to their advantage in most cases. This is also why there are thousands of such websites available.

So is Facebook account an 'unbreakable fortress'?

facebook hacking
Well, NO. Facebook accounts can be hacked. No online service is foolproof and that is because of the flaws and bugs in their software. There are several ACTUAL hackers in the world who can analyse a website's security and use that against it thus making hacking a reality.

But I'm 100% sure none of them uses these scam and fake websites that claim to do the impossible. 


See You All In Next Tutorial

Wednesday, 13 August 2014

Reading Wifite Source : Coding Hacking Tools In Python

0 comments


Today I have a series of tasks for those who want to go a step further and write tools and scripts for others. In this tutorial we will take a look at the source code of Wifite and examine it to see how we can also create our own tools. There are various programming/scripting languages that can be used to accomplish the tasks. Wifite uses python, and that's what we'll start with.



Tasks

  1. Get some basic idea about Python - Take a look here - http://www.codecademy.com/en/tracks/python
  2. Get an idea about GNU General Public License - A good resource here or just take a look at wifite's license terms (optional step but if you're using Linux then it's important to know that the foundation of Linux is on concept of open source software and GNU GPL.
  3. Get a general idea about linux scripting. Use google for that. A comprehensive guide can be found here.
  4. Finally, take a look at the source code of Wifite (it's worth noting that the source code is available openly on because of the fact the it has GNU general public license). 
It's important that you follow the first three steps. The tutorial is about the codes which are important for any hacking tool. I don't cover everything. After reading this tutorial you'll know about the mandatory sections in any hacking tool. If you leave the first three steps (the 4th step is covered by me in this tutorial), then  you won't be able to code your hacking tool.



The wifite code

Now, a few thing which you will observe about Wifite-
  1. It is written in Python.
  2. It is licensed under the GNU General Public License Version 2 (GNU GPL v2).
  3. It is written by Derv Merkler.
  4. The source is quite well documented and easy to read.
Now lets take a look at the source in parts


#!/usr/bin/python

The #! is always going to be the first two letters of any script in linux. It tells linux to treat the code that follows as executable. The next words tell what the scripting language is, for example-
#!/usr/bin/php    for php
#!/usr/bin/perl    for perl
#!/usr/bin/python    for python
#!/bin/bash             for bash scripting
This part is called a shebang.





# -*- coding: utf-8 -*-

This is specific to python. Python recommends that we define the encoding that we'll be using. Take a look here if you need to know more about this - http://legacy.python.org/dev/peps/pep-0263/


General information

A lot of general information and to-do stuff has been written inside a comment. Take a read if you like.

After that there's a list of libraries that were imported. (Quite similar to other languages)
Then all the global variables have been declared. To enhance readability, all the global variables are CAPITAL.

Conditions

At a lot of places conditional statements are used to ensure correct functionality and also that all requirements are met before starting
if os.getuid() != 0:
        print R+' [!]'+O+' ERROR:'+G+' wifite'+O+' must be run as '+R+'root'+W
        print R+' [!]'+O+' login as root ('+W+'su root'+O+') or try '+W+'sudo ./wifite.py'+W
        exit(1)

if not os.uname()[0].startswith("Linux") and not 'Darwin' in os.uname()[0]: # OSX support, 'cause why not?
        print O+' [!]'+R+' WARNING:'+G+' wifite'+W+' must be run on '+O+'linux'+W
        exit(1)
The getuid returns the privilege. If it's not root (0), then wifite returns error and exits. The OS has to be linux.

This code ensures that the output of all the tools doesn't get printed to the wifite screen.

# Create temporary directory to work in
from tempfile import mkdtemp
temp = mkdtemp(prefix='wifite')
if not temp.endswith(os.sep):
        temp += os.sep

# /dev/null, send output from programs so they don't print to screen.
DN = open(os.devnull, 'w')


This is followed by 

###################
# DATA STRUCTURES #
###################

class CapFile:
        """
                Holds data about an access point's .cap file, including AP's ESSID & BSSID.
        """
        def __init__(self, filename, ssid, bssid):
                self.filename = filename
                self.ssid = ssid
                self.bssid = bssid

class Target:
        """
                Holds data for a Target (aka Access Point aka Router)
        """
        def __init__(self, bssid, power, data, channel, encryption, ssid):
                self.bssid = bssid
                self.power = power
                self.data  = data
                self.channel = channel
                self.encryption = encryption
                self.ssid = ssid
                self.wps = False # Default to non-WPS-enabled router.
                self.key = ''

class Client:
        """
                Holds data for a Client (device connected to Access Point/Router)
        """
        def __init__(self, bssid, station, power):
                self.bssid   = bssid
                self.station = station
                self.power   = power


The purpose of the classes is already stated by the author in comments (green).
##################
# MAIN FUNCTIONS #
##################

def main():
        """
                Where the magic happens.
        """

We will have to skim through a lot of code here. Can't cover everything. Some of the code that's easy to understand is shown and explained here.

Checking for the required tools

Wifite does not work independently and uses a lot of tools. For this, the following code is used which checks whether the required programs are installed. It uses conditional statements (if) and looping (for loop). If a program is not found, a prompt is crated. All the aircrack-ng suite tools are clubbed together in one condition, then there's a conditional statement for reaver. If aircrack-ng is not found, the program exits. However, Reaver's absence results in disabling of WPS attack mode only. Then there's code for checking the presense of Pyrit, Cowpatty and tshark. They are optional.

def initial_check():
        """
                Ensures required programs are installed.
        """
        global WPS_DISABLE
        airs = ['aircrack-ng', 'airodump-ng', 'aireplay-ng', 'airmon-ng', 'packetforge-ng']
        for air in airs:
                if program_exists(air): continue
                print R+' [!]'+O+' required program not found: %s' % (R+air+W)
                print R+' [!]'+O+' this program is bundled with the aircrack-ng suite:'+W
                print R+' [!]'+O+'        '+C+'http://www.aircrack-ng.org/'+W
                print R+' [!]'+O+' or: '+W+'sudo apt-get install aircrack-ng\n'+W
                exit_gracefully(1)
       
        if not program_exists('iw'):
                print R+' [!]'+O+' airmon-ng requires the program %s\n' % (R+'iw'+W)
                exit_gracefully(1)
       
        printed = False
        # Check reaver
        if not program_exists('reaver'):
                printed = True
                print R+' [!]'+O+' the program '+R+'reaver'+O+' is required for WPS attacks'+W
                print R+'    '+O+'   available at '+C+'http://code.google.com/p/reaver-wps'+W
                WPS_DISABLE = True
        elif not program_exists('walsh') and not program_exists('wash'):
                printed = True
                print R+' [!]'+O+' reaver\'s scanning tool '+R+'walsh'+O+' (or '+R+'wash'+O+') was not found'+W
                print R+' [!]'+O+' please re-install reaver or install walsh/wash separately'+W

        # Check handshake-checking apps
        recs = ['tshark', 'pyrit', 'cowpatty']
        for rec in recs:
                if program_exists(rec): continue
                printed = True
                print R+' [!]'+O+' the program %s is not required, but is recommended%s' % (R+rec+O, W)
        if printed: print ''    

Exiting when ctrl+c is pressed

        except KeyboardInterrupt:
                print '\n '+R+'(^C)'+O+' interrupted\n'
                exit_gracefully(0)
Also, it is necessary to define the exit_gracefully function at a later stage-

def exit_gracefully(code=0):
        """
                We may exit the program at any time.
                We want to remove the temp folder and any files contained within it.
                Removes the temp files/folder and exists with error code "code".
        """
        # Remove temp files and folder
        if os.path.exists(temp):
                for file in os.listdir(temp):
                        os.remove(temp + file)
                os.rmdir(temp)
        # Disable monitor mode if enabled by us
        disable_monitor_mode()
        # Change MAC address back if spoofed
        mac_change_back()
        print GR+" [+]"+W+" quitting" # wifite will now exit"
        print ''
        # GTFO
        exit(code)

This code makes the program exit properly (i.e. clean every file it created and changes it made, and disable monitor mode) when ctrl+c is pressed. Take a look at the following resources for information about except here-

Conclusion


We now know the basics that we need. It's quite impractical to explain the whole code here. The important part is knowing that the code does the following things-
  1. Starts with the shebang
  2. (Optional) Specify the encoding
  3. Add some comments about the author and licensing stuff
  4. Add important conditions, i.e., whether or not root privileges are available (unless they aren't required to execute your code), and whether the code is executed on a linux environment.
  5. Also check that the programs used by your script are installed in the OS.
  6. Define the required classes to organize data and functioning.
  7. Ensure that your programs exits properly when ctrl+c is pressed.
  8. Do the main coding (depends on what you are making).
It might be worth noting here that we just covered some basics here, which would be common to most tools. With this knowledge you can easily code your own tools.