Friday, 31 January 2014

3 Must Read Hacking Books for no0bs as well as pro's :)

1) Metasploit the Penetration testers guide

2) Backtrack 5 Wireless Penetration testing

3) The Hacker's Underground Handbook - D. Melnichuk (2008) WW.1

Download here :

© Programmed Hackers

Wednesday, 29 January 2014

Hacking a Facebook account using Phishing !

# What is Phishing 
     Phishing is a fake login page designed by an attacker to steal personal info of victim's. Phishing page looks same as Original page of any website or social networking website.

How Phishing works ?      
       As, I told you Phishing is a fake login page that is well designed same as original page to steal personal info of victim's for eg. (ID, Password, E-mail, Contacts, Credit Card Stealing, etc).
An attacker will create a fake login page and host it on any free web hosting sites and attacker will send link of fake page to victim to steal his personal info or data and when victim will provide his personal info such as E-mail ID or Password then victim's E-mail and Password will be stole and get hacked.

How to Prevent and save us from Phishing attack ?      
      Well !! it is easy to detect any Phishing page.
      1. Use best Antivirus and update it daily
      2. Check URL before logging to any website.
      4. Beware of E-mail Spoofer.

How to Create Phishing page and Hack any A/c ?      
      So, Friends here is our main topic, how to create Phishing page and hack any E-mail, Password :D

                      Here, I had just gave all step to create a Phishing Site and hack any a/c

1)    Here, I take Facebook as my Fake Page to hack Facebook ID's

2)    Download Facebook Phishing page from here [Download] (Latest Updated)
3)    Create free a/c on and get free domain
4)    Here, I had already created one a/c for tutorial 

5)    After creating free a/c and domain go to your Control panel > and Click on File Manager

6)    If it will ask for password, then provide your Password
7)    And then go in public_html folder and delete default.php file
8)    After deleting default file, click on upload and you will be redirected to this page

9)    I suggest you to use ZIP archives to upload it's fast and easy :D, so click on choose file
       and select ZIP file you downloaded it step 2.
10)  After uploading your Phishing page you will see this page

11) So after all type your Domain name in Address bar hit enter and you'll get fake fb login page.

12)  And now copy the Address of this page and Go to Google URL Shortener and
       Shortern your URL to make your victim's Fool and not to detect as SPAM

13)  Let's check whether our Phishing page is working or not ? Go on your Phishing page
       and Enter any fake ID and Password in E-mail and Password BOX 

14)  After providing your fake info click on login and you will be redirected to original fb login page
        and victim E-mail ID and Password will be logged.

15)  How to know the Password ? Again Go to your 000webhost dashboard and
        over there you will see anotther file manager 

16) Go in Another file manager > public_html > After Entering in public_html folder       you will see this 4 files  - 

17)  Double click on log.txt file and download it after all open it !! hahahaha !! 

18)  WOW !! Here you can see how Phishing attack works and steal FB password. Enjoy 

Like us on Facebook : Programmed Hackers

Monday, 27 January 2014

DDoS/DoS Attacks !

ALL OF DDoS/DoS Attacks Tutorial 

Recent events that have gone on in my favorite website( have inspired me to inform people of the dangers of DDoS.
Like the art of hacking by "Social Engineering", their is no anti-virus for DDoS. The only cure is knowledge. Informing the people is the only way to keep it from happening to them. Or a nice firewall^^

I know their are a lot more ways to DoS than are shown here, but i'll let you figure them out yourself. If you find any mistake in this tutorial please tell me^^

What is "DDoS"?

Denial of Service attacks (or Distributed Denial of Service attacks[DDoS]) are a form of organized attacks with the goal of taking down a server by overloading it. Often by sending useless information(packets) to a server in massive amounts.

In-fact about a year ago I found one of my websites was accidentally DoS-ing use darksunlight as my webhost) because my PHP script made an infinite loop that sent the same information over and over and over into darksunlight's SQL databases. This one page took this EXTREMELY powerful server down twice in less than a minute. That site has since been deleted.
That story demonstrates that it does not take more than a simple "error" in your code to overload a server.

Keep in mind that altough spreading knowledge is my main goal, performing DDoS attacks is indeed a federal crime in the US.
It is also an international offence and will be punished according to the local laws of the individual's country.

But enough talk. I will now show you a quick example of a DoS attack of sorts you can do on your local computer.

Keep in mind that this is NOT a real DoS attack, but rather an example to visualize how a DoS attack works.

We will take down YOUR computer.

Step 1
Open up notepad, mousepad, or your favored equivalent.
Step 2
Type in this simple batch command
goto a
Step 3
Save as "dossample.bat" making sure you select "All files" from the "File Type" dialog.
Step 4
Run that sucker, but save your work first, as this will crash even the best computers in a matter of minutes.

What did you learn from this?
Observe how the file rapidly replicates itself, opening a new CMD right after it opens another.
An infinite loop has been created that has filled the RAM with useless and massive amounts of CMDs(or Terminals for you Unix folk)

DDoS attacks work much the same way, except instead of replicating an infinite number of CMDs, they send information(packets) to the server over and over and over again until the server crashes.

What information you may ask?
Anything. Your login name, your 'online' status, a new comment, the number of views on a video, your new high score. Absolutely any information that could be resent a massive amount of times to the same server.

Next we will be discussing the simplest form of DDoS.

DDoS by Ping Flood

Please note that I will be pinging my Localhost. You should too.

Perhaps one of the simplest ways to DoS is by using the 'ping' command built into most operating systems, including all windows and Linux distributions.

Step 1
Start up your server. Mine is apache, but that is beside the point, the server type does not matter. If it has an IP address, it can be pinged.
Step 2
Type in the ping command
ping -t -a -l 65500 localhost
Step 3
Press enter and watch it ping the localhost over and over until[/b]
your server crashes, or you get tired of waiting for it to crash.

Since most modern servers can take the stress of the ping flood, you will need to get all your friends to help you ping to bring your server down. Or even slow it down.

Command Explained
ping - tells the computer to ping a server
-t - It will continue to ping the server until the command is closed, or stopped.
-a - Resolves the adress to host names.
-l - Size.

By default the ping will send 32bytes of data to the server, so you must change this to a bigger number. The maximum is 65,500bytes, so that is what we used.

If you send a server any number higher than 65,500bytes it will instantly crash. This is called "Ping of Death".
Like any other thing with the suffix "of Death" it is very rare, and hard to accomplish indeed.

DDoS by Reloading
Something as simple as reloading a page can take down a server if done enough times.

Step 1
Make a page that lets you submit forms. Method='GET' is better than method='POST' for this, but both will work.
(If you do not understand step 1, just find a page that lets you submit information, like a new comment or upload a picture)
Step 2
Fill out the forms and submit
Step 3
Reload the page
If the page uses the POST method your browser will display a dialog asking if you are sure you want to resend the information, or something to that effect. Simply click "Continue" or "OK".(see now why GET is better?)
Step 4
Keep reloading until server is down.

Their are many addons and tools that allow you to autoreload a page. It is a matter of googleing for them. They are widely available and free.

I have just created a program that allows you to Auto-refresh a page using IE. If you are interested please download from:
Host: | Size: 9kb | Format: .zip ultra compressed | Platform: Windows

This method is very primitive as you can see, but it is probably the best way to DDoS.

Low-Orbit Ion Cannon
LOIC (Low Orbit Ion Cannon) is an app, written in C# and developed by praetox, that was used by Anonymous during Project Chanology. It attempts to DoS the target site by using all its bandwidth, sending TCP, UDP, or HTTP requests to the server until it crashes.

Step 1
Download and extract LOIC
Step 2
Open LOIC.exe and fill out the required information.

[Image: loiic.jpg]

Instructions for filling out:
IP or URL = IP or URL that you wish to DoS
TCP / UDP message = information being sent, just write something random. Or leave it as default.
Port = Server's port
Method = Server's Method, leave as TCP if unknown
If you are gonna try to take down a website then use HTTP
Speed = set to "<= faster"
Threads = How many users it should simulate, the higher the number the faster it will crash. Set to 10,000. Note that this might make your computer lag, if so, set to a lower amount.
Step 3
This starts your the program.

Warning: This tool might not seem like much, but many people of all ages have been arrested and convicted for knowingly using this tool. Remember DoS and DDoS are federal crimes, however insignificant it may seem. Use at your own discretion.

Now you know what a DDoS attack is and you can work to better protect your self.

Their are still many other ways to attack a server, but these are the basics of DoS/DDoS.

Protect your servers xD
© Programmed Hackers

Sunday, 26 January 2014

Installing Backtrack on Android !

How to Install BackTrack on Android Mobile and Tablet:

BackTrack is one of my favorite OS. First reason is it is made by world class hackers and second one is all hacking tools are available and last and third one, it is flavor of Linux. I can use it only on PC, Android is booming now these days... Now you can Install Back Track Linux OS on Android smartphones and tablets. Now it is possible to install and run Backtrack on your Android devices.

(1) Root
(2) 1GHZ processor (recommended)
(3) 512MB Ram (recommended)
(4) Android 1.6 or higher
(5) Back Track 5 (
Kernel will loop device support (this is included in most custom ROM’s)
(6) SD card with at least 3.5GB of free space
(7) Data connection on your device

Following Android Apps:

1.BUSY BOX ( : It acts like a installer and needs root permission to has CPU cores and can run Linux kernels on android. click here

2. Superuser ( : This app just grants a superuser power to your phone just like "su " does for Linux. click here

3. Terminal Emulator ( : Terminal Emulator is app that runs a terminal console in android. click here

4. Android VNC ( : Android VNC is a tool for viewing VNC in Android.

How to Install Backtrack on Android Tablet or Phone?

Download the complete set of files you need from here: Extract

to your phones internal SDcard in a directory called “BT5″ (cAsE sEnSiTiVe)
Launch "Terminal Emulator" from your phone and type (everything after the $: or #: is user input):
$: su
#: cd sdcard
#: cd BT5
#: sh bootbt
#: export USER=root
#: vncpasswd
(make up a password"ex: toortoor")
#: tightvncserver -geometry 1280x720

While Backtrack is loaded (when you see a red “root@localhost“) start the VNC server by typing:root@localhost:~#: startvnc (stopvnc kills it)
Open 'AndroidVNC' and fill the form like this:
Nickname : BT5
Password : toortoor
Address :
Port : 5901

Connect it and you will see Backtrack 5 interface.

Remember: Some of the Backtrack tools can’t work properly and do it for your own risk. I hope you can Install Backtrack on Android tablet without any problems, tell me if you get problems.

© Programmed hackers ( Must Share_  )

Hacking an Android APK File

Hacking Android APK Tutorial

Tutorial on hacking an Android APK file, which is an android app file, we decompile, hack it, and recompile. Let's go through the setup and basic commands.

I. Introduction to APK format:

Apps in Android have an extension of .apk format - which is basically a special .zip container that is signed with a certificate. The signer could be somebody like Google Apps Store. The idea is that modifying the .apk file means the signature is invalidated, to prevent installation of modified apps.

The main line of defence from installing malicious APK files is to make sure they are downloaded from the Google Apps Store. But once the APK (app) is in the users’ hands, it is unprotected. Most premium apps can be rooted, so ripping apps is easy.

II. Introduction to modifications:

Modifying an APK file is somewhat difficult, depending on the quality of the app. The Dalvik (Android’s virtual machine), prevents code obfuscation - which is the deliberate act of creating hard to understand code. Since the Dalvik supports reflection, and the virtual machine has to be able to interpret the byte code, no obfuscation can ever hope to compete. Note, reflection is the ability of a computer program to examine and modify the structure and behavior - specifically the values, meta-data, properties and functions of an object at runtime. Obfuscation products like ProGuard may become more advanced with time but intense obfuscation will likely have a very negative impact on performance.

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names. Finally, it preverifies the processed code for Java 6 or for Java Micro Edition.

III. High level overview:

Suppose I have an APK file
I want to decompile it into something like assembly language
We can do that using the APK Tool, which turns decompiles it into a folder with smali files.
You should know what a smali file is – basically assembly code.
Then we dig through the smali code and make change to get our desired results.
I will cover this lightly. Exactly what to change and how to find it is beyond my scope of knowledge, I only understand basic ideas. Also, there textbooks on how to analyse decompiled code.
We recompile the smali file into APK file
Install and test it on the emulator

IV. The Setup:

To start playing with your own modifications, you need several tools.

1. Eclipse, to code your own apps (optional again, but the package manager is nice to use):
2. Java SDK, to do Java development (optional really – but get it anyways):
3. Android SDK, for the Android emulator:
4. APK Tool, to reverse engineer APK files and create smali files:
5. Notepad++, a great program that has syntax highlighting addon pack for smali:
6. Addon syntax highlighting for Smali:
7. Amon_RA’s Testsign tool, for signing the recompiled APK file:

V. The Usage

This will be a walkthrough on how to start your hack.

There’s a nice guide on how to setup everything on the Android SDK website;

To run the Android emulator, use their Android Virtual Devices Manager. Make a choice in what you want your device to be; just keep in mind the higher the resolution the slower it’ll be. Expect the emulator to run with heavy lag. My manager is located at:

C:\Program Files (x86)\Android\android-sdk\AVD Manager.exe
Open up a terminal, cmd. Most of the tools you require are in the ..\android-sdk\platform-tools folder. Some of them may be in ..\android-sdk\tools

In this terminal, there are some commands you want to be familiar with.

VI. Commands and effects:

a). abd install [..\location\someapp.apk]
Effect: Installs to emulator. Make sure emulator is on!
b). adb uninstall [com.someapp]
Effect: Exactly what to type requires a bit of work, it’s basically the path the android uses. I’ll describe it more later.
c). apktool.bat d someapp.apk dump- someapp
Effect: Decompiles your APK to smali files
d). apktool.bat b dump- someapp someapp-new.apk
Effect: Rebuild the edited smali files
e). java –classpath testsign.jar testsign someapp-new.apk
Effect: Fake sign the file with some certificate, so that when we install, emulator goes “oh ok here’s the signature, and it matches the file, we can proceed”

VII. Digging through the decompiled smali code

I’m going to cover this vaguely, because I am not that familiar with it. Basically you look at the smali files, the xml files, and find interesting stuff that you think is relevant to what you want to do.

Start at a point, such an error message, and work backwords. Say the message “Invalid serial key entered!” – trace that back to where the key gets checked.

When bypassing things like serial key checks, look for check conditions:

Since applications don’t have a console to print to, you could have it print to logs or print as a toast popup message. Also, logs can be viewed with the ..\tools\monitor.bat tool.

When you are digging through smali code, you definitely need to refer to Dalvik opcodes for syntax and usage:

© Programmed Hackers :)

How to Root your Android :)

You can root your Android in a lot of Ways but this method is very Simple :

1) Download the Software required to root your Phone at
2) Now enable USB Debugging in your Phone by :

Android 2.x - 3.x devices:
Go to Settings > Application > Development > USB Debugging.

Android 4.x devices:
Go to Settings > Developer Options > USB Debugging

NOTE: For the Samsung Galaxy S4 running 4.2.2, you may need to unlock Developer Options before it is available within the Menu:
  1. Go to Android home screen.
  2. Pull down the notification bar.
  3. Tap "Settings"
  4. Tap "About Device"
  5. Tap on the "Build Number" button about 7 times.
  6. Developer Mode should now be unlocked and available in Settings > More > Developer Options

3) Now open Unlockroot and then click on ROOT : 

4) Now Confirm your Device model and It will Root your Phone.
5) Restart And Enjoy :)

Saturday, 25 January 2014

Why to Root your Android ?

What is rooting?

If you’re an Administrator on a Windows machine, you have access to the entire operating system and you can do whatever you like. That’s essentially what happens if you root your Android device. With root access, you can get around any restrictions that your manufacturer or carrier may have applied. You can run more apps; you can customize your device to a greater degree; and you can potentially speed it up in a variety of ways.

The process involves backing up your current software and then flashing (installing) a new custom ROM (modified version of Android).

Why would you root?

One of the most obvious incentives to root your Android device is to rid yourself of the bloatware that’s impossible to uninstall. You’ll be able to set up wireless tethering, even if it has been disabled by default. You can also access your entire file system, install special apps that require a root, and flash custom ROMs, which can add extra features and streamline your phone or tablet’s performance. A lot of people are tempted by the ability to completely customize the look of their phones. You can also manually accept or deny app permissions.

You won’t find a lot of amazing must-have apps when you root, but there are enough to make it worthwhile. For example, some apps allow you to automatically backup all of your apps and all of their data, completely block advertisements, create secure tunnels to the Internet, overclock your processor, or make your device a wireless hotspot. 

Why wouldn’t you root?

There are essentially three potential cons to rooting your Android.

  • Voiding your warranty: Some manufacturers or carriers will use rooting as an excuse to void your warranty. It’s worth keeping in mind that you can always unroot. If you need to send the device back for repair, simply flash the original backup ROM you made and no one will ever know that it was rooted.

  • Bricking your phone: Whenever you tamper too much, you run at least a small risk of bricking your device. This is the big fear everyone has. The obvious way to avoid it happening is to follow instructions carefully. Make sure that the guide you are following works for your device and that any custom ROM you flash is designed specifically for it. If you do your research and pay attention to feedback from others, bricking should never occur.

  • Security risks: Rooting may introduce some security risks. Depending on what services or apps you use on your device, rooting could create a security vulnerability. For example, Google refuses to support the Google Wallet service for rooted devices.

How to root your Android

Before you actually try to root your device, make sure that you do some reading. The best place to find discussions about rooting, guides, and custom ROMs is definitely the XDA Developers Forum. Look for a thread on your specific device and you’re sure to find a method that has worked for other people. It’s worth spending some time researching the right method for your device.

Preparation for root

Back up everything that’s important to you before you start. You should also always back up your current ROM before you flash a new one.
You’ll want to ensure that your device is fully charged before you begin. You’ll also need to turn USB debugging on. On the Galaxy S3 you’ll find it in Menu > Settings > Developer options and then check the box next to USB debugging. You will likely be plugging your device into your computer in order to root it.
Most Android rooting methods require you to install some software on your computer. It’s likely you’ll need to install the Android SDK. You may find other software is required. Make sure you follow the instructions and install all of it before proceeding.

Unlock your bootloader

You will also need to unlock your bootloader before you begin and the process for that is different depending on your device. The bootloader is just what it sounds like; it basically determines how the operating system loads up on your device. As manufacturers have seen a real demand for customization many of them have provided methods to help you unlock the bootloader, though they are generally provided for developers, and they usually require you to sign up or register an account first.

Some manufacturers and carriers don’t allow bootloader unlocking, but you can often find a way around that with some searching (try the XDA Developers forum).

One-click rooting

One of the easiest methods of rooting, which also supports a long list of devices, is SuperOneClick. You’ll find clear instructions, including a video, on how to use it at this XDA Developers SuperOneClick thread.
You will need to install some software to prepare, but the actual rooting process is one click. It will only take a few minutes to complete and then you’ll need to restart your Android device.
There is software out there that claims to provide one click rooting with no extra installs, but you should not have to pay to root your device and it’s very important to be wary about the method you choose. If in doubt, do more research. The XDA Developers forum is the most trustworthy source for rooting guides.

Your specific device

The reason rooting isn’t more straightforward is that all Android devices are not created equal. There are significant differences between Android smartphones, between manufacturers, and even between carrier specific versions of the same phone model. Make sure that any rooting guide or custom ROM you intend to use does support your specific device or you are asking for trouble.
Once you have found the right guide for your phone or tablet, it’s simply a case of working through the listed steps methodically. It can be a complicated procedure and it can take a while. It can appear intimidating at first glance, but provided you follow it step-by-step, it should be a pain-free process.
 You can post questions in the XDA Developers forum if you run into trouble.

To root or not to root

Gaining full root access to your Android device can be thrilling, especially if you want to tinker with settings and customize your device. How much it changes your experience depends largely on the device you have. If you have a shuttered device, like a Kindle Fire tablet, then it’s a great way to get the full Android experience.

The potential benefits for all Android users include improved battery life, root-only apps, custom ROMs, overclocking, an end to bloatware, improved performance, and the ability to upgrade your phone when you want. If you aren’t excited at the prospect of any of these things, rooting probably isn’t for you.

© Programmed Hackers