Showing posts with label Tricks Hacks. Show all posts
Showing posts with label Tricks Hacks. Show all posts

Thursday, November 17, 2016

Hack Locked Computer using $5 Device (PoisionTap)



If you think that your computer is safe when it is locked with a strong password, then Samy Kamkar’s device PoisionTap will make you wrong. This cheap exploit tool takes just 30 seconds to install a privacy-invading backdoor into your computer.

PoisionTap, a tiny $5 Raspberry Pi Zero microcomputer loaded with Node.js code and attached to a USB adapter. Inventor has publicly released the source code to PoisionTap, so that any would-be hacker can try it out for themselves.

If you are a hacker and want to hack or get information of any of your coworker in your office. All you need is to plug this device in the target computer and wait. PoisonTap targets the victim’s browser cache and injects the malicious code there.

Once the hacking tool is recognized by the target machine, it is loaded as a low-priority network device that starts impersonating a new Ethernet connection and runs a DHCP request across it. The machine sends a DHCP request to the tool that in response tells it that the entire IPv4 address space is part of PoisonTap’s local network. In this way, the entire traffic it routed through the PoisonTap device before reaching the legitimate gateway to the Internet. With this trick, it intercepts all unencrypted Web traffic and steals any HTTP authentication cookies used to log into private accounts as well as sessions for the Alexa top 1 Million sites.

PoisonTap will give you an invisible position on the local network to connect to the intranet site and send data to a remote server. Now this computer will be in your control even after this tool is unplugged from the targeted computer. Since it uses siphons cookies, you can also hijack the target user's online accounts even they are secured with two-factor authentication (2FA).

Inventor says “it can also bypass many other security mechanisms, including same-origin policy (SOP), HttpOnly cookies, X-Frame-Options HTTP response headers, DNS pinning and cross-origin resource sharing (CORS). Whenever the websocket is open, the attacker can remotely send commands to the victim and force their browser to execute JavaScript code

There is no easy fix available for users as long as a web browser application is running in the background.





Monday, July 21, 2014

To Hack Windows Administrator Password


This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.
Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So, if you are somewhat in a same kind of situation, here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer.
You can do this with a small tool called  Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features:
  • You do not need to know the old password to set a new one.
  • This tool can detect and unlock locked or disabled out user accounts!
  • There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence, it is necessary that you boot off your computer and access this sam file via the boot menu. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.
The download link for both CD and floppy drives along with the complete instructions is given below:
It is recommended that you download the CD version of the tool since the floppy drive is outdated or doesn’t exist in today’s computer. After the download, you’ll get a bootable image which you need to burn it onto a blank CD. Now boot your computer from this CD and follow the screen instructions to reset the password.

Another simple way to reset non-administrator account passwords:

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task:
  1. Open the command prompt (Start->Run->type cmd->Enter)
  2. Now type net user and hit Enter
  3. Now the system will show you a list of user accounts on the computer. Say for example, you need to reset the password of the account by name John, then do as follows:
  4. Type net user John * and hit Enter. Now, the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.
So, in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

Friday, May 9, 2014

Make your Windows Xp GENUINE



This will allow you to bypass the Microsoft Genuine Validation thing by this method works better than many others I've tried before.
forget the cracks and injectors etc... this is the BEST WAY

1) start > run > "regedit" (without the quotes of course)

2) go to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\WPAEvents\OOBETimer    and doubleclick on it.
Then change some of the value data to ANYTHING ELSE...delete some, add some letters...just change it!now close out regedit.

3) go to start > run > "%systemroot%\system32\oobe\msoobe.exe /a" (again, dont type the quotes)

4) the activation screen will come up, click on register over telephone, then click on CHANGE PRODUCT KEY, enter in this key: JG28K-H9Q7X-BH6W4-3PDCQ-6XBFJ.
Now you can do all the updates without activating,
and the Genuine Microsoft Validation won't bug you no more!!
Works with most WinXP versions though there are some exceptions...