How To Crack Cpanel Passwords

This article is written by one of my guests

Ok now lets talk about something different today.. many hackers just
deface index pages for fame, many wants to get the hold on the server...
some are genious and some are script kiddies... what if you got access
to the server with limited permissions... and you have targeted a
website on that server... what would you do at that time...!

And the real game STARTS NOW... we will learn how to crack a
Cpanel password for all the websites that are hosted on that server or
the particular one with the help of this method "Cpanel Cracking/Hacking!"...!!

First of all...we need a cpanel cracking shell on that server to crack
the passwords of the websites that are hosted on that server!!

Step 1

First we have to upload cp.php cpanel cracking shell on that server to start our journey...!!

Step 2

Second thing we need, is the mother of this method!! Yes...we need
Usernames of the websites and a Extremely capable password dictionary to
crack!!

Now lets start...

Grab all the usernames of websites hosted on the website with the help these commands

1- "ls /var/mail"
2- "/etc/passwd"

Now you will see all the usersnames of the websites and the password list you have provided! Just press the "Go" button and just wait and watch your success!

If you have supplied strong enough password list then you will the a
good response from the server ;) like this "Cracking success with
username "ABC" with password "XYZ"

else it will show you negative response like this "Please put some good passwords to crack username "ABC" :( "

Inshort... the success of cracking usernames is directly proportional to the password dictionary provided ;)
About The Author:

This article is writen by Mirza Burhan baig, He is an Independent Security Researcher & love to Break and Fix Things,
running his own security firm BlackBitZ!

About 83 Million Accounts Fake on Facebook!!

According to Facebook, there are about 83 million accounts on their network that they believe to be fake.

Earlier this week, Facebook produced documents in
front of the Securities and Exchange Commission that stated that out of
the social network's 955 million users 8.5% are thought to be bogus.
Out of these 8.5% accounts 4.8% belong to users who maintain duplicate
accounts.

Maintaining duplicate accounts does violate the terms
and conditions of Facebook but the largest proportion of fake accounts
is comprised of it. Users usually prefer two accounts in order to keep
their personal and social life separate. Totally understandable, right?
No one wants to mingle these two parallel universes to collide with each
other.

The second largest proportion of bogus accounts comprises of
'user-misclassified' accounts. These accounts have been created by
people in honour of their cat, dog, business, favourite soccer team and
what not. Basically, some 2.4% of 8.5% accounts are 'user-misclassified'
and created in adoration of a 'non-human entity'. We wonder if making a
Facebook page is too complicated a process for the 2.4%.

The third and final award goes to a group of people that we admire the
most because Rafay's Geniuses are paid to write about these mean, green,
viral machines! 1.5% or 14 million of 83 million fake accounts are
categorised as 'undesirable' by Facebook. These accounts are created for
the purpose of sending out spam or malicious content and links to other
Facebook users.

872 million users on Facebook are genuine and legit. These users need to
be able to breathe freely on Facebook without the fear of getting
attacked by viruses. I mean, c'mon! We choose to socialize on our
laptops rather than face to face so that we wouldn't have to bear the
extra baggage that comes along with it. We deserve to feel safe, as safe
as heaven, on a site where we spend hours and share our life's
''status'' on! It only makes sense that companies running businesses and
advertising on Facebook through pages would want genuine 'likes' from
genuine profiles too. Hence, telling us why these accounts are known as
'undesirable'.

Facebook also states that these fake accounts are 'customary' in
countries where Facebook isn't as established, for example, Turkey and
Indonesia. But the real question is, is Facebook going to 'face' an
issue regarding these bogus accounts (pun intended).

Bogus or not, its going to be very difficult for Facebook to separate
the fake from the real as very few credentials are needed to create
Facebook accounts. Whatever the case maybe, enjoy while you still can
dear Fakers!

My Porn Blocker - Block Porn sites and Protect your Kids

Has Your Child Been Exposed to Porn?

Do you want to Protect your children from Watching Porn videos?

The average age of first Internet exposure to pornography is 11 years old.One in five children ages 10-17 have received a sexual solicitation over the Internet.Most of the parents are worried about their Children and Exposure to pornography can have a serious impact on children since it has the ability to easily distort the tender minds. If you are a parent, then you are most likely reading this because you are in search of a Porn Blocker to block Internet Porn.Well Below is the Porn blocker which i recommend and is used by most parents that want to Protect their Childrens to being exposed to porn

My Porn Blocker - No 1 Porn blocking software:

Features of Porn blocker:

1.Block offensive content -Works behind the scenes and stops harmful websites before they appear, including newsgroups

Integration With All Search Engines-This means your children can't search on a search engine and even see links to blocked sites. This new internet safety feature enables better protection against pornographic images when doing an "image only" search.

Stop Illegal File Sharing / P2P Software-Only program on the net to block over 50 File Sharing Programs

Works with IE 5.0+, FireFox, Netscape, Opera-Smart and effective content filtering works with any and all the popular browsers!

Stealth Mode: - Run silently and completely hidden from the task bar, system tray, process list, start menu and add/remove programs section!

Block All Chats - Chat can be fun but it's also a very dangerous place where sex predators like to target kids, restrict chat effortlessly

Blocking/Limiting social Networking sites -Blocking or limited access to popular but potentially inappropriate services such as MySpace and Facebook

Automatic ScreenShots:
Secretly take high quality pictures of the screen every every x minutes and then view a handy DVD style slide show later to see everything!)

And much more!

Why Porn Blocker?

Most similar programs check ONLY the URL of the requested page against a database of supposed "indecent" addresses - and these databases have to be updated constantly. This way of porn blocking is not GUARANTEED effective because hundreds of new sites appear online every minute - YES! EVERY MINUTE.

Unlike these other programs, MyPornBlocker™ has special functions that allow specific analyzing of the page content itself. It doesn't rely on a database of URLs or suspicious sites...

It checks and double checks the actual content that is being loaded and displayed on the PC itself.

So what are you Waiting for Go and grab the best Porn blocker software Online! Just Click the below button for Download links

How To Spy A Mobile Phone? - CellPhone Spying Software

Have you ever wanted to spy on your spouse, kids, friends or employees? Or just play ''Secret Service'' 'cause you know, restraining order can only get you so close?! You certainly are in for a treat. Now, you can play make-belief all you want with a software that works just as well.

SpyBubble is a software that allows you to log in from any computer and access any smartphone that it is installed on. Through SpyBubble, you can monitor and supervise any smartphone simply by entering your login username and password.

SpyBubble has the following features that can be very useful in certain situations:

Call Tracking

1. Access call logs and see how many calls were received and answered on the smartphone, how many calls were made on specific numbers, at what time and the duration they lasted.

SMS Tracking

2. Sent and received messages are saved into your SpyBubble account as they are generated, so you can read them even if they are deleted from the smartphone.

GPS Location Tracking

3. Using SpyBubble you can pinpoint the exact position of the phone (and the person using it) via Google Maps.

Phone Book Access

4. Every phone number saved in the smartphone memory can be viewed through SpyBubble.

Email Tracking

5. Incoming and outgoing emails are saved and can be seen via Email Tracking.

URL Tracking

6. SpyBubble let's you view the user's browsing history.

Photo Tracking

7. All photos sent and received on the phone are logged into SpyBubble website where you can view them.

For a detailed list of the smartphones SpyBubble supports, please click here.

How To Download And Install SpyBubble On A Smartphone:

Step 1. Open the Web Browser on your target phone and type in the following address and press Enter.

http://www.spybubble.com/symbian/sbubble.sis

Step 2. The download process will then start.

Step 3. When prompted to install SpyBubble, click on Yes and then on Continue as shown in the following screenshots.

Step 4. After SpyBubble has been installed, you will see the following screen. Switch the phone off and then on.

Step 5. Register your license key as shown below.
To get you license key, go to: SpyBubble Setting Page (you may have to log into the system first) You can also go to the member control panel and click on the Configuration menu to get it.

Step 6: Log in to SpyBubble Login Panel to verify if your account is working flawlessly.

Irresistable Features include:

Has GPS tracking.

Can spy on text messages.

Can get contact book info from phone.

Can check out call log.

Popular Smart Phones supported.

Can be used to back up your own phone’s information.

100% undetectable.

Get your copy of SpyBubble today by Clicking here and let us know if it works for you. Till then,

Need Support (On Facebook G+ and Twitter)

Cool Hacking Tricks is a blog about Hacking, windows, facebook and computer tricks. Learn to do cool tricks with your computer. Download Free Ebooks on hacking and computer programming, Video Tutorials and softwares.Tutorials Here are simple to follow and any begineer can do them. I need your support, i will be posting new articles soon and please do following for this blog. Like, comment, subscribe, +1 on google.

Friends Follow this blog,like,share and subscribe

Follow Cool Hacking Tricks

Follow on Twitter

Like on Facebook

+1 Our page on Google+ (on the right below facebook widget)

Follow on Google+

Mobile Hack Tricks

Call Forging:

To call someone from their own number or any number.1. Go to http://www.mobivox.com and register there for free account.

2. During registration, remember to insert Victim mobile number in "Phone number
"field as shown below.

3. Complete registration and confirm your email id and then login to your account.
click on "Direct WebCall".

4. You will arrive at page shown below. In "Enter a number" box, select your country
and also any mobile number(you can enter yours). Now, simply hit on "Call Now"
button to call your friend with his own number.

5. That's it. Your friend will be shocked to see his own number calling him. I have
spent last two days simply playing this cool mobile hack prank.

Note: This trick will only knowledge purpose...
Just try this trick only known person.

Trace MObile Location:

Click On Below Link To Trace Unknown Number ->
Trace Mobile Location

Get USER info of any reliance No.

http://myservices.relianceada.com/captureInstantRecharge.do

1. Enter the number of whom u want details..

2. Enter any fake email id.

3. And then click Continue.

And now u will get a screen with the number and customer name.

Advance Phishing Attacks Via HTML5 Fullscreen API

We realise that its human nature to take advantage of inventions and innovations without having the slightest hint of the name of the developer/inventor him/herself. Ah, how cruel is our mind for playing tricks on us in the most desperate of times.

Talking about hidden and unknown developers, we must mention one man in particular - Feross Aboukhadijeh, who happens to be the developer of the YouTube Instant Search Engine. Aboukhadijeh is an independent security researcher, web designer and Standford Computer Science student who has recently become the talk-of-the-town for his achievement in developing a phishing attack concept. The concept exploits HTML5's vulnerability that exists in the fullscreen application programming interface.

The Fullscreen Application Programming Interface or API is a widely used feature within communities that benefit from Facebook and YouTube and the Web Developers find it to be a pretty handy tool. The feature enables the user to view enlarged photos or watch fullscreen videos on their Personal Computers (yeah, we have gone old-school). But exploiting the feature is different in a you-must-pay kind of a way as it allows the 'Phisher' to trigger the feature programmatically thus, victimising absolutely anyone at all.

According to Feross;

"You can trigger fullscreen mode with this code:

elementToMakeFullscreen.requestFullScreen();

The main restriction that the API places on developers is that fullscreen must be triggered in reaction to a click or keypress. Presumably, this is so that sketchy sites can’t immediately put you into fullscreen when you land on their site.

// Assuming jQuery is available // Fullscreen the HTML document on click$('#fullscreen-button').on('click', function() {  var doc = document.documentElement;  if (doc.requestFullscreen) {    doc.requestFullscreen();  }});

Note that in practice, you need to use the prefixed versions (mozRequestFullScreen() andwebkitRequestFullScreen()) since the spec is still not final yet."

Feross goes on to explain the height of this potential threat on his blog. He begins his fairytale by asking the visitor to click on a simple, unthreatening link of Bank of America. As soon as it is clicked on, your browser enters a fullscreen mode where you will be able to see a fake version of the Bank of America's website. The website itself is equipped with OS and browser UI which gives you the impression that you are safe under the website's protective wing. Of course, all of it is fake but not many people would be able to tell the difference between the real and the fake. That's because the attackers take into account the UI of the browser that you are on.

In order to fool the victim, you will need to be proficient and create a link to a site that is devoid of all flaws that the human mind can contemplate. If someone with a higher IQ sees your website, they will figure out that its as fake as the Rolex sold on the streets of Karachi!

According to the man himself;

Visit <a href="https://www.bankofamerica.com">Bank of America</a> for mediocre banking services.

The user can hover their mouse over the link and their status bar will showhttps://www.bankofamerica.com, as expected.

However, when the user clicks the link, call event.preventDefault() to prevent the browser from actually navigating to the link. Instead, trigger fullscreen mode and insert fake OS and browser UI into the page, along with a fake version of the site to be phished.

$('html').on('click keypress', 'a', function(event) {

  // Prevent navigation to legit link
  event.preventDefault();
  event.stopPropagation();

  // Trigger fullscreen
  if (elementPrototype.requestFullscreen) {
    document.documentElement.requestFullscreen();
  } else if (elementPrototype.webkitRequestFullScreen) {
    document.documentElement.webkitRequestFullScreen(Element.ALLOW_KEYBOARD_INPUT);
  } else if (elementPrototype.mozRequestFullScreen) {
    document.documentElement.mozRequestFullScreen();
  } else {
    // fail silently
  }

  // Show fake OS and browser UI
  $('#menu, #browser').show();

  // Show fake target site
  $('#target-site').show();
});

It’s important that the fake OS and browser UI match the user’s system. So, if Chrome user on OS X clicks the link, we show a fake OS X menu bar and fake Chrome UI with a green padlock for HTTPS on Bank of America."

Various browsers show different or no signs of attack whatsoever. Apple's Safari browser (V 6.01 and later) shows some or no signs of the activations of the full-screen mode. Google Chrome (V 22 and later) shows a few signs and symptoms of the attack but as put by Feross, the notification is 'subtle and easily missed' by the untrained eye. Mozilla Firefox (V 10 and later) alerts the user with a discernible notification. This tells us that the OS and browser UI will not always be perfect for all users. Some will even be able to tell that its 'counterfeit'. Not everyone can recognise subtle changes though which will result in, as Feross says, 10% of the internet population getting phished.

According to Mozilla's John Dyer,

Browser vendors are well aware of the potential security issues with fullscreen. For example, a malicious site could show a full screen Windows or Mac login window and steal a password. That’s why they are disabling keyboard support by default and only enabling by explicitly asking.

Which explains that at some point while developing and releasing the Fullscreen API, Mozilla was aware of the baggage that it carried. The attacking concept, however, seems to be more about social engineering than flawed code.

Stay safe people. We need our loyal fanbase alive, well and phish-free!

How to view saved password in google chrome ?

Previously i had showed you how to view password behind asterisk. In this post i will show you a simple but very powerfull trick to view or hack saved password in google chrome. It does not matter for which website the password is saved it will work on all of them. It will work on Facebook, Gmail, Yahoo, twitter and many more. If you get your hands on your friend computer you can hack their password with this simple little trick. It does not require any software or addons to be installed on your computer. Lets get started.

How to do that ?

1. Open any website where password is saved by user. Here i will demonstrate with facebook but it will work on any website.

2. Right click on password(Dots or asterisks) as shown in below image.

3.Then click on Inspect element.

4.Then change Password to text as shown in below picture.

Before changing it will look like below:

After changing it will look like below:

5. Done now asterisk or dots will changed to text. Still confused or did not got any steps then watch video below but make sure to watch it in high defination. If you like it then like the video.

Still confused watch the video below

Download Lubuntu 12.10

Finally we've updated the download links. Only ISOs, for the moment, in a few days the Torrent files will follow onto the list (our apologies for this inconvenience, but we're currently managing servers quotes). Anyway, you can download the disc images here:

Intel x86 desktop
AMD64 desktop
Mac 64bit

Stay tuned to the official Lubuntu website and the torrents will appear soon.

Hands Up u brats - This is a PC-jacking! The Wonders of Steam Browser Protocol Vulnerability.

For our readers who are unaware of the wonder that is 'Steam', here's a small description of how it influences our life. Steam is a digital distribution and digital rights management platform for games and various other softwares and can run on Windows, MacOS X and Linux. The company, Valve Corporation, that owns it says that Steam offers over 2,000 titles and has more than 40 million active user accounts.

When a user clicks on a steam:// URL in a program, the URL is passed to Steam client for execution which means that it registers itself as a steam:// URL protocol handler when it is installed on a system. This Steam:// URL consists of steam protocol commands which enable the system to install/uninstall, update and backup files amongst many other supported actions.

It sounds simple enough until attackers start exploiting these commands or vulnerabilities to remotely control your PC.

Security Researchers and Founders at ReVuln, Luigi Auriemma and Donato Ferrante, state in their report that attackers can exploit vulnerabilities in the Steam client or the games installed through the program resulting from the way browsers and other applications automatically divert steam:// protocol URLs to the Steam client without asking for confirmation or permission from the user.

Different browsers tend to respond differently to the steam:// URL. Internet Explorer 9, Google Chrome and

Opera flash warnings to the user along with the full or partial steam:// URLs before the transferring them to the Steam client for execution. Firefox requests user confirmation only. And in this competition, Safari comes out as the weakest of the lot, by automatically executing steam:// URLs without asking for permissions from the user (feeling a bit rebellious, are we?)

“Mac OS is the secondary platform used on Steam and many games are available for this platform so it has a wide user base,” Auriemma said. Hence, proving that Mac OS is more prone to such attacks.

The Geniuses of ReVuln state:

“All the browsers that execute external URL handlers directly without warnings and those based on the Mozilla engine (like Firefox and SeaMonkey) are a perfect vector to perform silent Steam Browser Protocol calls,” the researchers said. “Additionally for browsers like Internet Explorer and Opera it’s still possible to hide the dodgy part of the URL from being shown in the warning message by adding several spaces into the steam:// URL itself.”

Attackers can also use JavaScript code inscribed on malicious pages to redirect browsers to URLs such as steam:// URL.

Normally, browsers are subservient to their masters (us) and they ask for permission for every single deed that they do. But some of us change our browser settings and allow the URLs to automatically execute their purpose by default through the Steam client.

According to Auriemma;

"It’s highly possible that many gamers already have the steam:// links directly executed in the browser to avoid the annoyance of confirming them all the time.”

You can also be a witness to this awesomely frightening new revelation by clicking here to view the video released by the researchers in which they have also explaining how a user can be vulnerable to threats via Steam vulnerabilities and game portals.

If we take an example of how Steam protocol can be used, here's a tip for you. The Steam protocol's "reinstall" command can load a malformed TGA splash image file exploiting Steam client vulnerabilities to execute malicious code in the context of its process.

In another example exploiting the same steam:// URL vulnerability, the attacker can execute legitimate commands in Valve's Source Game Engine to write a .bat format file with attacker-controlled content inside of Windows Startup folder. Files within the Windows Startup directory are automatically triggered when users log in. The Source Game Engine is quite a hit with the players who spend hours on Half-Life, Counter-Strike and Team Fortress. These games alone are massive hits and have tens of thousands of users playing it all the time. Games like APB Reloaded and MicroVolts are also prone to being abused via steam:// URLs through the auto-update feature.

Apart from Stream, another game engine known as Unreal is known to be vulnerable as well.

According to ReVuln researchers;

"Another popular game engine called Unreal supports the loading of files from remote WebDAV or SMB shared directories through command line parameters. A rogue steam:// URL can be used to load a malicious file from such a location that exploits one of the many integer overflow vulnerabilities found in the game engine to execute malicious code."

How to Protect Yourself?

Users can protect themselves being PC-hijacked by disabling the steam:// URL protocol handler manually or with an application with the sole purpose of disabling it. The easiest way would be to use a browser that doesn't automatically, without permission from the user execute steam:// URLs.

Auriemma says, “The downside is that the gamers who use these links locally (shortcuts) or online (web browser) to join servers or use other features of this protocol will be unable to use them.”

At another point he stated, "In our opinion Valve must remove the passing of command-line parameters to games because it’s too dangerous and they can’t control how these third parties software can act with malformed parameters.”

Valve hasn't commented on the security matter at hand.

“In the recent months Valve invested a lot in the Steam platform launching the beta version of Steam for Linux, adding the GreenLight service where users can vote what games they would like to see available on Steam, added the Software section, added more games and some highlighted games available full for limited time, tons of free-to-play games and much more,” the researcher said. “There was no better moment to notice these issues than now.”

Cheers!