WhatsApp Tricks and Hacks

WhatsApp Tricks and Hacks

Whatsapp Messenger is a cross platform instant  messaging application.Whatsapp is certain really the foremost fashionable instant electronic messaging for smartphones.WhatsApp Messenger is available for iPhone, BlackBerry, Android, Windows Phone and Nokia and yes, those phones can all message each other!.I am sure you all have heard of it  if you are not using it . These are the some whatsapp hack or tricks you should know if you are using whatsapp. 

1.Whatsapp Hack to spy on some other  account 

So if you people have observed you can not have your whatsapp account logged in in two devices. Means session is given to only 1 mac address. If the MAC [ Media Access Control ] address of the device requesting access changes then whatsapp asks you to re-verify your account!

And common, “whatsapp people” you think Mac address cant be spoofed. But yeah Nice try whatsapp developer’s :p

Here is how to do it-

You need to get access to victim phone to get the victims phone “MAC address + the verifying massage” which is received to verify your device.
Get mac address on your android phone.

Finding MAC address on a Android Phones

• On your HOME screen, click on MENU, goto SETTINGS.

• Click on  About Phone.

• Click on Status. 

And VIEW your Wi-Fi MAC address!

As soon the message s received Push the “MAC address” + “Verifying code” to your server or mail it your ID. That depends on your convince.
Spoof your phone’s MAC address to your Victims address using this tutorial
and install whatsapp and type the “verify code”.
And done guys. You get complete access to the victims whatsapp ID.. where as you can keep spying/watching your victims movements :D
i.e 2 people – U + ur victim are using the same ID from different devices.

2.Whatsapp hack to use it without using your number  !! 

This hack works by tricking the WhatsApp Verification Servers by sending a spoofed request for an authorisation code intended for an alternative phone.

1.Install WhatsApp on your device WhatsApp now starts a counter where it sends a verification message to its servers.

2.Block the messeage service  it can be blocked by changing the message center number or pushing the phone into Airplane mode.

3.WhatsApp now offers an alternative method of verification Choose verify through SMS and fill in your email address. Once you click to send the SMS click cancel to terminate the call for authorisation to the WhatsApp server.

4.Now You have to do sms Spoofing

You can do it using this link For android

Check your outbox and copy the message details into the spoofer application and send the spoofed verification.

-Iphone users can use this :To: +447900347295 From: +(Country code)(mobile number) —-victims Message: (your email address)

5. You will now receive messages intended for the spoofed number on your mobile device and you can communicate with people under the spoofed number 

continue reading WhatsApp Tricks and Hacks

Cracking WEP Using Backtrack - WiFi Hacking Part 2

Cracking WEP Using Backtrack - WiFi Hacking Part 2

In my previous article WiFi Hacking Part 1, i wrote about the necessary tools and stuff  that you require for WiFi Hacking .If you have not read the article, please go through it before reading this one

In this article i will explain how you can crack wireless network's WEP key using Backtrack in six easy steps

WiFi Hacking Part 2
I believe all my blog readers have read the previous article WiFi Hacking Part 1, and know what are the tools and stuff that you require for WiFi hacking

Commonly Used Terms :- 

• WEP - Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
• Access Point (AP)- A wireless router
• MAC Address - Media Access Control address, a unique id assigned to wireless adapters and routers .It comes in hexadecimal format (ie 00:15:eR:21:a3:63)
• BSSID - Access Point’s MAC address
• ESSID - Access Point’s Broadcast name

Cracking WEP Using Backtrack

Step -1 Booting Backtrack

Boot your copy of Backtrack from your USB driveOnce booted you will be prompted for the login details, enter usename as "root" and password as "toor", finally enter "startx " to start backtrack .Now once you have logged in, launch a new konsole terminal by clicking the konsole terminal icon which is there on the task bar .Now plug in your Wifi usb card and type in the following commands in the terminal as shown

ifconfig wlan0 up

where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type" iwconfig "

Step -2 Putting your WiFi card on Monitor Mode

The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air ,It is similar to a Promiscuous mode which is used for packet sniffing in a LAN .You can put your card into Monitor mode by entering the following commands in a terminal

airmon-ng  start (your interface)

Example :- airmon-ng  start wlan0

Now a new interface mon0 or ath0 will be created , You can see the new interface is in monitor mode by entering "iwconfig" as shown

Step -3  Monitor the air for WiFI connections 

Now after putting the card in monitor mode you will need to monitor the air for available wireless networks (WiFi connections)around  you , For this you'll have to use a tool called "airodump" .

So you can start monitoring the air with airodump by enter the following commands

airodump-ng  mon0

where mon0 is the new interface which we created in the previous step

Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type ,

Stop the process by pressing  "ctrl +c " and select your target  ,Since i am only cracking WEP  i will take "johny" as my target from now on

Step -4 Capturing Data with Airodump 

Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands

airodump-ng mon0 --bssid -c (channel ) -w (file name to save )

As my target is broadcasted in channel 2 and has bssid  "98:fc:11:c9:14:22" ,I give in the following commands and save the captured data as "johnywep"

airodump-ng   mon0 --bssid  98:fc:11:c9:14:22   -c 2  -w  johnywep

Do not close this terminal (run the other commends simultaneously in an another terminal)


Step -5 Using Aireplay to Speed up the cracking  

You will have to capture at least 25,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets

The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .

In an active attack  you'll have do a Fake authentication (connect) with the  AP ,then you'll have to generate and inject data packets.This can be done very easily by using a tool called "aireplay"

So you can do a Fake authentication with the AP using aireplay by entering the following commands in a new terminal

aireplay-ng - 1  3  -a (bssid fo the target )  (interface) 

In my case i enter the following

aireplay-ng -1 3  -a 98:fc:11:c9:14:22 mon0 

After doing a fake auth ,now its time to generate and inject Arp (data )packets . To this you'll have to open a terminal simultaneously and enter the following commands

aireplay-ng 3  -b (bssid of target)  -h ( address of your card (mon0))   (interface)

In my case i enter
aireplay-ng 3  -b 98:fc:11:c9:14:22   -h 00:c0:ca:50:f8:32 mon0

If this step was successful  you'll see Lot of data packets in the airodump capture ( step 4  ) as shown

Wait till it reaches at least 25000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the data packets  less the time to crack .once you captured enough number of packets, close all the process's by pressing "Ctrl +c" or by simply clicking the into mark which is there on the terminal

Strep -6 Cracking WEP  key using Aircrack 

Now its time crack the WEP key from the captured data, we use Aircrack to achieve this

Enter the following commands to crack the WEP key

aircrack-ng  (name of the captured file (step 4) )

In my case i enter 

aircrack-ng johnywep-0.1-cap

With in a few minutes Aircrak will crack the WEP key as shown

Voila you have successfully  cracked the WEP key in Six simple steps

continue reading Cracking WEP Using Backtrack - WiFi Hacking Part 2

Wifi Hacking - Part 1

Wifi Hacking - Part 1

As i promised i will be writing  some articles on WiFi (Wireless Network) hacking in the next few days , In this very first article i will list out a few  tools and  things that you require for WiFi Hacking

Wireless adapter
The biggest requirement you'll need is a wireless adapter that's capable of packet injection, there are many cards capable of injecting packets, You can search  Google for the compatibility list of WiFi cards

I use Alfa AWUS036H which is a very popular card and it performs well with Backtrack
                                                                                                                    

BackTrack Live Cd or Usb

Backtrack is a Linux distro with all  the essential tools required for penetration testing , I have already written  articles on how to make a backtrack live CD / USB ,If your new here i would recommend you to read the following articles to get a better understanding of what backtrack is and how you can use it 

• How to Install Backtrack - On Vmware
• How To Make a Bootable Backtrack CD / USB

continue reading Wifi Hacking - Part 1

Hack Facebook / Twitter accounts using Fire Sheep

Hack Facebook / Twitter accounts using Fire Sheep

In my Previous tutorial Hack Facebook /twitter accounts by stealing cookies we hacked Facebook book by side jacking i.e stealing cookies and injecting them in our browser . In this tutorial we will do the same by using a tool Fire sheep .This hack works when computers are connected in  a LAN (Local area network ) or when connected in public WiFi . Best place try out this hack is in schools , collages where computers are connected in LAN and in public places such as airports , hotels  where there's public WiFi



What is Fire Sheep
Fire sheep is an extension developed by Eric Butler for the Firefox web browser. The extension uses a packet sniffer to intercept unencrypted cookies from certain websites (such as Facebook and Twitter) as the cookies are transmitted over networks, exploiting session hijacking vulnerabilities. It shows the discovered identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim's name


Hack Facebook / Twitter accounts  using Fire Sheep

Thing we Need :

1. Firefox Browser

2. Fire sheep Firefox plugin 

Procedure :

1. First Download and install Firefox browser and Fire sheep add on

2. Open Firefox , Now click the (1) view button then select (2) side bar finally click(3) fire sheep or simply press ( ctrl + shift +s ) to open fire sheep

3. Now you can see fire sheep has opened up in the side bar Now select your interface by
 going to preferences as shown

4. Now click  on start capture button and wait for a while ,

5. Now you can see different pre- authenticated  sessions on the  side bar select the session which you want .

6. Now you will be automatically logged in the victims account . You can use this tool to hack Facebook/Twitter accounts

Note :- This Hack works only  when computers are in a LAN or WiFi  

Hope you enjoyed this tutorial . In my next article we will look at some of the countermeasures that we can take against these kind of attacks  .Till then have a nice time ........

continue reading Hack Facebook / Twitter accounts using Fire Sheep

How to Send Encrypted Mail through Gmail (Secure Gmail by Streak)

How to Send Encrypted Mail through Gmail (Secure Gmail by Streak)

Secure Gmail encrypts and decrypts emails you send in Gmail. This happens all on your machine, and the unencrypted text never reaches Google servers. This is useful if you don’t want anyone but the intended recipient to ever read your email (i.e. companies, governments, etc.)

First Install Secure Gmail by Streak plugin in your chrome browser from here

Now refresh your Gmail Click on the lock icon next to the compose button. 

Compose your email and send

Enter a password; your recipient will need to enter the same password.

To decrypt the email, your recipient will also need the Secure Gmail extension installed, as well as the password.

continue reading How to Send Encrypted Mail through Gmail (Secure Gmail by Streak)

Email spoofing: The story of “Congratulations you have won a lottery” like spam emails

Email spoofing: The story of “Congratulations you have won a lottery” like spam emails

Mail vs E-mail
Back in old days when internet was not so common, we had to rely only on the postal/courier services. The only thing that bugs me about the traditional mail is their speed. This is when email comes. It offers numerous benefits, like its blazing fast, most of the time its free,  you can attach from pictures to videos, from management point of view you don’t have to maintain a hard folder, last but not least its environment friendly. In short, email is one of the greatest inventions of all time.

What is a spam?

I’m not that old, but again back in those dial-up connection days, there was no such thing as Gmail, most of people either used Hotmail or Yahoo mail for the emails. The problem with these two email service providers is the spams. Spams are irrelevant emails coming to you, mostly used for marketing a product/service, but they are cases where spam emails have hacked a person through social engineering attack or session hijacking. Phishing is also associated with spoofed emails, phishing is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers“.

If you only use Gmail, you are a lucky person, because Google has got some very intelligent and sophisticated spam filtering mechanism. And frankly speaking I don’t get spams at all in my Gmail, but in case of Ymail or Hotmail … let’s just not talk about it.

What is e-mail spoofing?

In today’s article I will focus on Email spoofing. So, the first question you may ask is what is spoofing? Spoofing in simple terms is when Alice tries to be Bob. Email spoofing is when Alice sends an email to Eve but she keeps her identity to be Bob. When Eve receives an email she thinks that Bob has sent the email but it’s not. 

*PLEASE NOTE THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY. GENERATING SPOOFED EMAILS OR SPAM IS ILLEGAL AND PUNISHABLE UNDER THE LAW. YOU WILL BE RESPONSIBLE FOR YOUR ACTIONS.*

Platform: Windows 7 (also works on MAC and Linux)

How to spoof an e-mail ?

There can be different ways of spoofing an email, but I am going to use “sendmail” program for it. Sendmail is a simple command line program used to send emails via SMTP protocol.

1. Go to Google and type “sendmail google code”. Open the page highlighted below.

2. This is what sendmail on google code looks like.

3. Go to the download section and download the appropriate file, as I m on windows so, I will be downloading the “.exe” file.

Open the command line and call the program “mailsend”. As soon as you type mailsend, the first thing it will ask for is SMTP server. This is a very critical part, if you don’t provide the right SMTP server your email will not be sent. You have to chose a SMTP server that doesn’t require authentication. I will be using PTCL’s SMTP server i.e “smtp.ptcl.com.pk“, this server runs on port 25.

Next in “from”, enter the email ID of the person you want to spoof, In this case I m making a spoof email of Bill Gates i.e “billgates@microsoft.com“

Provide the email id of receiver, I m giving my own email id.

Enter subject and then write your message, after you have completed your message.

Press enter, then press dot button and again press enter, a message will pop that your email has been sent.

Here you can see my inbox has got that spoofed email.

Inbox overview.

Author: This Article Written by Fowz Masood who has completed his bachelor’s in Electrical Engineering (Comp Engg) He is pursuing a master’s degree in Computer Communications and Security from SEECS-NUST, Pakistan. He has wide variety of interests Computer security/Network security

continue reading Email spoofing: The story of “Congratulations you have won a lottery” like spam emails

10 Must Have Free Android Apps

10 Must Have Free Android Apps

Lately i have been in love with my android phone, Once i was a guy who used to see phones as silky small dumb device, but soon things changed when i first purchased my Lg optimus me android phone , Following are some of the apps that i use and cant live without it  :D 



I thought  i should share this article with my readers who use android phones and see how many of you use these apps . The best thing about this post is  i am  actually posting this from my phone (via blogger app)


10 Must Have Free Android Apps

1. SetCPU

Root Required 

SetCPU is a tool for changing the CPU settings capable of overclocking and under clocking  SetCPU allows the user to exert total control over how fast, or slow, the processor runs at any given point in time. As an example, SetCPU can force the processor to sit at its lowest setting whenever the screen is turned off, but to use a range between 240MHz and 806MHz as needed while the phone is awake. For phones that have the ability to drastically overclock, SetCPU can help ensure that they don't overheat by keeping watch on the temperature, and acting accordingly. Overclocking or not, battery savings and overall performance can be greatly enhanced using this app


2. Titanium Backup

Titanium Backup is the most powerful backup tool on Android, and then some.You can backup, restore, freeze (with Pro) your apps + data + Market links. This includes all protected apps & system apps, plus external data on your SD card. You can do 0-click batch & scheduled backups. Backups will operate without closing any apps (with Pro). You can move any app (or app data) to/from the SD card. You can browse any apps data and even query the Market to see detailed information about the app.


3. Lookout

Protect your phone with award-winning security & antivirus from Lookout Lookout is lightweight, free antivirus for Android. it also has other features like finding lost mobile using GPS, Backup  etc


4. SSHDroid

Connect through SSH to your device! SSHDroid is a SSH server implementation for Android.This application will let you to connect to your device from a PC and execute commands (like "terminal" and "adb shell") or edit files (through SFTP, WinSCP, Cyberduck, etc...).


5. Advanced Task Killer

Just because Android apps have no "close" button doesn't mean they shut down when you return to the home page or move on to another app. You calendar, note pad, and programs in which you turn on event notifications might periodically run in the background, depleting your battery. Download and run Advanced Task Killer Free. You'll be amazed at the apps that run on start-up without your knowledge. While you can kill the task killer along with other apps, we recommend letting it run so you can easily use it a couple times throughout the day. Being able to set conditions for killing running apps would be an interesting future touch.

6. Where's My droid

When you lose your phone while the ringer is turned off it can be impossible to find it. Where's My Droid fixes that problem. After texting your phone a custom attention word the app turns the ringer volume up and makes your phone ring. It's also possible to get the GPS location of your phone in latitude and longitude and a link to Google maps


7. Orbot

Enhance your privacy, break through firewalls and communicate more safely.Orbot is the official port of Tor to Android. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.


8. Busy Box

Busybox is often called "the Swiss Army Knife of Embedded Linux," because that's what it basically is. It's not an actual app that you run, but instead provides all the Linux/UNIX commands that we know and love. Without the commands installed, the barebones "Linux" that Android runs on top of can't really do too much, making apps like Terminal Emulator nearly worthless.


9. Wifi Anaylyzer

Turns your android phone into a Wi-Fi analyzer!!Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router.


10. Es File Explorer

ES File Explorer for Android is a free, featured all-in-one file manager & application manager & task killer & drop box client & ftp client which explores your phone and your computer. It allows android users anywhere in the world to manage their resources for free, it makes easy to manage, stay connected using your 3G, EDGE or WiFi, and share with friends, upload photos, watch videos.

continue reading 10 Must Have Free Android Apps