crack windows password

How to crack the password of Windows
In this tutorial i will teach you to hack Window 7 password using free open source software called ophcrack. This hack also works on Windows XP and Windows Vista. So let get started.
Opcrack is an open source windows password cracker based on rainbow tables. It comes with Graphical user interface(GUI) and runs on multiple platform such windows, linux and mac. It allows you to recover or hack windows password.
Before you start doing this you will need a blank CD or DVD to burn the live image of ophcrack.
  1. Download Opcrack Live Cd by
clicking here.
2. Download windows xp or windows 7 live cd depending on platform you are wishing to hack. For example:
Windows 7 or Windows Vista: Click on ophcrack Vista/7 LiveCD.
Windows XP: Click on ophcrack XP LiveCD.

2. Now burn the live image on to the cd.
  3. Insert the disc into drive and restart you computer.
  4. If everything goes right you will see screen like above.
5. After you see screen like above wait for ophcrack to boot automatically or you may press Enter to advance.
6. Now you will see several lines of code printed on screen or they might disappear very quickly (you dont need to worry about that).
7. Then you will see screen like below it is ophcrack password recovering software. At the Ophcrack screen it shows the Administrator and Guest account. Notice the word “ empty ”. This means that if the account is enabled you could log in without a password.

8. Ophcrack WILL NOT CRACK THE PASSWORD because the hash table which it needs is not available for free. But it does show the NTLM hash.
9. Copy this hash value which is under
NT Hash field .
10. Navigate to http://crackstation.net/ which is an online hash cracking tool.
11. Type in the hash value you copied down in Step 9, Enter the captche and click on Crack Hashes.

how to hack WhatsApp account II

How to hack WhatsApp account II
1. Read chats from locked WhatsApp
[This workaround don't work after the recent update of WhatsApp]
If you believe locking your whatsapp with password, makes it secure then you are wrong. Even after locking whatsapp with applock, one can read all your chats easily. All they need is access to your device for a minute.
How it's done ?
The secret lies behind the fact, that whatsapp takes daily backup of all your conversation, And if you can get the backup, you can read the chat. Now there is 2 way to get the backup.
First by finding the backup file using the file manager and then send it to other device using Bluetooth. But this file is encrypted. But thankfully this can be extracted. How this can be done, is beyond the scope of this article.
It is in (/sdcard/WhatsApp/Databases/msgstore.db.crypt)
Second method is my favorite which I accidently discovered while I was testing some other app. By using auto backup apps like backup text for whatsapp , one can directly email all the whatsapp chat in plain text.

All you need to do is take your friend’s phone, install this app, take backup, and then send it and once you are done uninstall the app. All this can be done in less than a minute while the whatsapp is locked with password.
How to prevent it?
Block the access to file manager and lock the play store and settings as well and make sure you don’t allow installation from unknown source by going to setting > device security.
2. Read all messages with WhatsApp Sniffer
This application claims to read all the chats taking place over the same WiFi network.
How does it work?
WhatsApp sniffer was once available on PlayStore but was soon removed after the detection it’s vulnerability to WhatsApp. It use ARP request to spoof all the messages. Back then WhatsApp messages were simple plain text, so anyone could read it. But not now, from August 2012 onward WhatsApp has started encrypting it’s messages.
How to prevent it ?
I often see some forums in deepweb that whatsapp sniffer still works. But I asked the same question on several forums and got the same answer. No, WhatsApp sniffer no longer works. However if someone outside your circle is anxious to use your WiFi then be careful.
3. Spoof mac address on android
Many forum has now verified it’s working.More more information on this Click here
How does it work?
Every device have unique mac address and whatsapp uses it to verify that you are not using whatsapp on two different device with same no. So if the hacker is able to spoof mac address than he will be able to see all your whatsapp activity.
How to prevent it?
Unfortunately there is nothing much you can do. But this WhatsApp hack can’t be performed by normal user. It requires rooted phones and deep knowledge of commands, in short advance computer skills. So unless you are having some very interesting WhatsApp conversation, no one is going through that much trouble.
4. Using third-party spyware
There are some websites like bossay, zealspy and other third party spyware which claim to hack WhatsApp conversation. Although I have never use these app, however from what I have read, they are yet another WhatsApp Hack Scam.
App like this are paid and often require you to install small piece of software in victim. Not to forget, there is no guarantee that it will work even after that.
5. Using WhatsDog
So apparently there is new kid in town, called whatsdog. Although this application stands long way from hacking whatsapp, however I found it little creepy.
Whatsdog can track anyone’s whatsapp activity, all you need is their phone number. To get started, you have to enter the phone no. of the victim and the app register it for tracking.
Over time whatsdog keep an eye on the victim’s whatsapp usage and maintain a report. Using whatsdog, one can find out when a person is online, how often are they online, analyse their whatsapp usage by preparing charts and calender.
Whatsdog is no longer available on PlayStore but you can still found them on the internet though.

How to stop it ?
Sadly, there is no way to stop whatsdog. Since it’s not doing anything that goes against whatsapp. If you don’t want people to see your last seen or online activity then turn it off by going to your whatsapp privacy setting. But then you won’t be able to see others time stamp as well.

How to hack an Facebook account

How to Hack Any FB Account Using Cookie Stealing

Today in this  post I am going to explain how to steal cookies of different accounts using Cain – Abel and Wireshark software and how to use it to access our victim's accounts.
First off I need to say that this will NOT steal anyones password unless they log in while you are monitoring them. This will however give you their cookies which you can use to steal there session and have full acess to their account. This will work for Facebook, a lot of emails (sorry no gmail). If you are familiar with SSLstrip you can use this method to hijack any session (paypal, bank websites, any email, etc.)
Facebook Cookie Stealing And Session Hijacking
Wireshark for capture cookies:
Wireshark is the best free packet sniffer software available today. Actually, it was developed for making a network secure. But, the same software is now used by hackers to test for vulnerability and security loopholes in the network and to attack the network accordingly. Cookie stealing being one of the types of hacks implemented using this Wireshark software.
Requirements:
Cain and Abel : http://www.oxid.it/cain.html
Wireshark : http://www.wireshark.org/
Firefox 3 (or one compatable with add n edit) : http://www.oldapps.com/firefox.php?old_firefox=59
Add n Edit (cookie editor for firefox) : https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-cookies/
Acess to the network with user you want to hack(like connect to the same Wi-Fi that victom is using)
(Note: It works if only the victim is using http protocol instead of https)
Network traffic
Download and install all above programs. To add “Add n Edit” to your browser just open firefox, go to tools, then click add-ons. you can drag and drop the program from wherever you saved it into the little box that popped up and install it from there.
Below, I have listed steps on how to capture Facebook and other accounts cookies. This will help you to know how Wireshark and Cain-Abel can be used to sniff packets and capture cookies.
Just follow the following steps to gain access to a Facebook or other account:
Step 1: Gain acess to the Network. Open networks or your own network would be easy but if you have a specific slave you want you should be able to gain acess using Backtrack.
(Note: use reaver to exploit WPS for WPA/WPA2 encryptions, WEPs are easy to crack given time and OPN means there is no password.)
Step 2: Right click on Cain and choose ‘run as administrator.’ on the top bar go to ‘configure’ and be sure to select your wireless card/adapter. now click where it says ‘Sniffer’ then this litte button towards the top left:

Next click any empty white box then the blue “+” symbol near the button you pressed just before. choose okay
It should look like following snapshot:

These are all the devices it was able to detect.
Now we go to APR on the bottom bar. Once again click any empty white box then the blue cross. It’s easiest to just go one by one and choose all possibilities.

Now we have to poison them so we choose the little yellow hazard symbol towards the top left. should now look like the following snapshot:

we are done here, just minimize Cain for now.
Step 3: Run wireshark as administrator. On the top bar choose ‘Capture’ then ‘Interfaces.’ Here you will have to choose your interface that is connected to the Network we are sniffing from. if you wait a few seconds you might see some traffic being collected as seen in my photo, just choose that interface b/c thats most likely it.

Wireshark will list and color-code all the traffic it sees for you. To make this simpler we can use the filter to only see the traffic we want, Type “http.cookie” in the filter. (Something to consider is to just filter to “http” and scroll through the entries looking for ones that start with the word “POST” this means that information was submitted to the webpage noted such as a username and a password! so if you see this just look through the details and you should see the info you want, most passwords will be hashed but use this site to decript them: http://www.md5decrypter.co.uk/ )
Here I provided a snapshot:

You can either look through this information manually or use the search function to find what you want. In my case i want to hijack the session of a user on the forum freerainbowtables.com so i will use the search function (press Ctrl+F, or go to edit -> search) and type in the information i know for sure will be in the entry. if your hijacking someones facebook put ‘facebook’ there. Most of the time to be safe i do not use the first entry i see b/c this will only work if the person is auto logged in, so just go down a few more until you see one you think will work (just use common sense).

What we need are the cookies. Here are what mine look like and how to get there. With practice you will be able to tell which cookies are used for logins and be able to limit failed attempts.

Copy the cookies as value and save them into a notepad (As shown in snapshot above). I would suggest to seperate everywhere you see a “;” bc this suggests that is the begining of the next entry. The text to the left of the = is the name of the cookie and the text to the right is its value.
Step 4: Open up your firefox browser with Add n Edit enabled. You can get to your add ons by going to tools and they should all be listed in the drop down tab. First go to the website you are hijjacking the session from then open your cookie editor. Should look something like below snapshot:

The last thing to do is to change your cookies to match the ones you captured. If the cookies given to you by the site expire (like the ones in my picture do) you will have to delete them and add all the ones we captured earlier in. if they do not expire you can just edit them. Bottom line is all the cookies must match the cookies you captures in the earlier steps EXACTLY! Make sure you do not add any extras and that you did not miss anything. Also all fields must be filled in (Path and Domain as well as Name and Value). My path is “/” and my domain is “.freerainbowtables.com”
mine looks like this:
You are now done, Just close the cookie editor and reload the webpage. If done correctly with the correct cookies you should be logged in as the user you attacked!
So guys, I hope this
Facebook Cookie Stealing And Session Hijacking
will help you to hacking facebook as well as different types of account like hotmail yahoo etc by stealing their coolkies.
If you have any problem in above Facebook Cookie Stealing And Session Hijacking tutorial, please mention it in comments below.

What is meant by https and how is it works?

Know the HTTPS and how is works

HTTPS: HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS was developed by Netscape. Instead of HyperText Transfer Protocol (HTTP), website uses HyperText Transfer Protocol Secure (HTTPS ).
Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.
They use the "code" on a Secure Sockets Layer (SSL) , sometimes called Transport Layer Security (TLS) to send the information back and forth.

How HTTPS works: In the beginning, network administrators had to figure out how to share the information they put out on the Internet.
They agreed on a procedure for exchanging information and called it HyperText Transfer Protocol (HTTP).
Once everyone knew how to exchange information, intercepting on the Internet was not difficult. So knowledgeable administrators agreed upon a procedure to protect the information they exchanged. The protection relies on SSL Certificate to encrypt the online data. Encryption means that the sender and recipient agree upon a "code" and translate their documents into random-looking character strings.
The procedure for encrypting information and then exchanging it is called HyperText Transfer Protocol Secure (HTTPS).
With HTTPS if anyone in between the sender and the recipient could open the message, they still could not understand it. Only the sender and the recipient, who know the "code," can decipher the message.
Humans could encode their own documents, but computers do it faster and more efficiently. To do this, the computer at each end uses a document called an "SSL Certificate" containing character strings that are the keys to their secret "codes."
SSL certificates contain the computer owner's "public key."
The owner shares the public key with anyone who needs it. Other users need the public key to encrypt messages to the owner. The owner sends those users the SSL certificate, which contains the public key. The owner does not share the private key with anyone.

The security during the transfer is called the Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
The procedure for exchanging public keys using SSL Certificate to enable HTTPS, SSL and TLS is called Public Key Infrastructure (PKI).

Upcoming posts:

• How to hack Facebook using cookie hijacking.
• More methods to spy on WhatsApp account.
• Some precautions must be taken to prevent yourself getting hacked.
• How to use WordPress like a pro.