How to get IP address of another computer remotely

 Using some very basic tricks we can find the IP address of any remote computer and then you can start your further hacking into the remote system like port scanning and finding vulnerabilities to enter in to the system and hack it.


There are several methods to get an IP address of the victim but i will share few and specially the best one's that can tell you IP address in just few clicks and also all are free methods and special thing is about it is all are manual methods that means you did not require any tool.




4 ways to get the IP address of the Victim or another Computer:

1. Using PHP notification Script

2. Using Blogs and Websites

3. Using Read Notify service

4. Sniffing during Gmail and yahoo chat  sessions

What is an IP address? 

Basically IP address (Internet Protocol address) is a unique numerical value that is assigned to any computer or printer on a computer network that uses an internet protocol for communication purpose. Protocol is basically rules( for Network its rules for communication). 

IP address serves for two basic purposes:

1. Host or network interface identification

2. Location Addressing

For exploring more about IP addressing read on wikipedia.

How to Find IP address of another computer?

1. Using PHP notification Script

Using this Notification script you can get the IP address in just seconds. Steps of using this PHP script:

a.

code:

<?

?> 

<?php 

    $day = date("l"); 

    $month = date("F"); 

    $year = date("Y"); 

    $date = date("jS"); 

    $hours = date("g"); 

    $minutes = date("i"); 

    $tod = date("A"); 

     

    if(substr($minutes, 0, 1) == 0) 

        $minutes = substr($minutes, 1, 2); 

?> 

<? 

$ip = $_SERVER['REMOTE_ADDR']; 

?> 

<? 

$fp=fopen("ip.html","a"); 

fputs($fp,"$ip*");

fclose($fp);

?> 

save it as index.php

now create a .html file, ip.html

or simply 

 Download the PHP notify script and extract files.

Download PHP notification script here

b. Now you will get two files IP.html and index.php . You need to upload these two files to any free web hosting server.

Example: i used www.my3gb.com to upload these two files. Create an account there and upload these two files there as shown below.

c. Now you will need to send the link of index.php to the victim whose password you want to get. to get the link click on index.php shown in above snapshot. Now a new window will open copy the link in the address bar and send to the victim whose IP address you want.

d. Now when the victim opens the above link nothing will open but his Ip address is written into the ip.html file. So open the ip.html file to get his IP address.

e. That's all this method... I

2. Using Blogs and Websites

This method is for those who have their blogs or websites. Normal users can also do this as blog is free to make. Make a new blog and use any stats service like histats or any other stats widget. Just add a new widget and put histats code there and save template. And send the link of your blog to your friend and get his IP.

That's only.

3. Using Read Notify service

This is an email based service. Steps to use Read Notify service:

a. First open the Read Notify website : RCPT

b. Now register on this website and then it will send you confirmation mail. Verify your account.

c. Once your account is activated. 

Do the following steps use this service:

1. Compose your email just like you usually would in your own email or web email program
2. Type:   .readnotify.com   on the end of your recipients email address (don't worry, that gets removed before your recipients receive the email). Like this: ABC@gmail.com.readnotify.com  
3. Send your email

Some things to remember: 

• don't send to and from the same computer
• if your email program 'auto-completes' email addresses from your address book, you'll need to keep typing over the top of the auto-completed one to add the .readnotify.com
• if you are cc-ing your email to other readers, you must add tracking to all of them 

4.  Sniffing Yahoo and Gmail Chat sessions

With the help of Sniffers like ethereal, wireshark etc we can sniff the Gmail, and yahoo chat sessions while we are chatiing to any our friend and extract the IP address from there.

5. Bonus Method for Online Gamers

We can also get the IP address from online games like counter strike, age of empires in Game ranger etc.. Many counter strike servers use amx mode. Just view which people are connecting and whats their IP addess as plugins show the IP address of people connecting to the game server.  If you have more access to counter strike server you can use status command in console. Just go to console and type "status"(without quotes) and press enter there you can see all players details his steam ID and much more depending upon server.

:)

Read More

Protect yourself from fake login pages

Using fake login pages is the easiest way to hack passwords. Identifying a fake login page is very easy but many people neglect to do some small checks before entering the login details and fall in the trap.  there are many fake websites of banks, yahoomail, gmail,orkut,myspace etc …
This post is an attempt to show what a hacker does to hack your password using fake login pages and how to protect yourself from those fake logins.I will try to keep this post as simple as possible, there may be some technical details which you can safely skip.
Warning: I strongly advice you not to try this on anyone it may spoil your relation with the person on whom you are trying it and you may even end up behind the bars.

What goes on behind when you enter your login details in login form??

When you enter your login details in any login form and hit enter they are submitted to another page which reads these login details and checks the database if you entered the correct username and passowrd, if yes then you will be taken to your account else you will get an error page. What an hacker does??
h hacker creates a fake page which looks exactly same as the original page and some how tricks you to enter your login details in that page. These login details are then submitted to a file.At this stage the hacker has two options, He can either store the login details on his server or he can directly get them mailed to his email id. All the above said things happen behind the scenes, you will have no clue of it. When you enter you login details for the first time your details are submitted to the hacker and you will be directed to a error page ( this is the original error page). When you enter ur login details again you will be logged in to your account. It’s quite common for us to enter the login details wrongly sometimes so you will not become suspicious when you get the error page.

How to identify fake login page traps ??

Never enter you login details in unknown sites.
Always type the address directly in to the browser.
Do not follows the links you get in mails and chatting even if they are from your friends
Always have a keen look in the address bar and verify if the address is correct. Check the screen shot below. Some people buy doamins which look simliar to the original site example: 0rkut for orkut, pay-pal for paypal,yahooo for yahoo. Some times you may over look these small differences and fall in trap.
Please do report to the hosting site or the original site owner when you find a fake login page.
If you feel like you entered your details in a fake login page change your password immediatley.


Now let’s go on with the trick..

You have to upload the fake login page on some server with php support. There are many free web hosting services available on the net, first sign up for anyone of them.Google for some free webhosting services,you will find many. Upload the files in the zipped folder on to your server and give the link of the fake login page to the person whose password you want to know. When the person enters his email id and password in to the fake login page they will be stored in a HTML or text file  file named “passwd.htm” or "anything.txt" on your server in the same directory where you uploaded the login page. Check that text file to get the passwords you wanted.


read my previous post about hack facebook accounts using fake login pages for more technical details

Read More

Cookie Stealing: How to hack Email Accounts

If you are a newbie and don't know about cookie, then for your information, Cookie is a piece of text stored on user computer by websites visited by the user. This stored cookie is used by webserver to identify and authenticate the user. So, if you steal this cookie (which is stored in victim browser) and inject this stealed cookie in your browser, you can imitate victim identity to webserver and enter his Email account easily. This is called Session Hijacking. Thus, you can easily hack Email account using such Cookie stealing hacks.

Tools needed for Cookie stealing attack: -

Cookie stealing attack requires two types of tools: -

1.   Cookie capturing tool

2.   Cookie injecting/editing tool

1.   Cookie capturing tool: -

Suppose, you are running your computer on a LAN. The victim too runs on same LAN. Then, you can use Cookie capturing tool to sniff all the packets to and from victim computer. Some of the packets contain cookie information. These packets can be decoded using Cookie capturing tool and you can easily obtain cookie information necessary to hack Email account. Wireshark and HTTP Debugger Pro softwares can be used to capture cookies.

2.   Cookie injecting/editing tool: -

Now, once you have successfully captured your victim cookies, you have inject those cookies in your browser. This job is done using Cookie injecting tool. Also, in certain cases after injection, you need to edit cookies which can be done by Cookie editing tool. This cookie injection/editing can be done using simple Firefox addons Add N Edit Cookies and Greasemonkey scripts

Drawbacks of Cookie Stealing: -

Cookie Stealing is neglected because it has some serious drawbacks:

·        Cookie has an expiry time i.e. after certain trigger cookie expires and you cannot use it to hijack victim session. Cookie expiry is implemented in two ways: -

                     i.        By assigning specific times tamp(helpful for us).

                    ii.        By checking for triggers like user exiting from webbrowser. So, in such cases, whenever user exits from his browser, his cookie expires and our captured cookie becomes useless.

·        Cookie stealing becomes useless in SSL encrypted environment i.e. for https (Secure HTTP) links. But, most Email accounts and social networking sites rarely use https unless vicitm has manually set https as mandatory connection type.

·        Also, most cookies expire once victim hits on LogOut button. So, you have to implement this Cookie stealing hack while user is logged in. But, I think this is not such a serious drawback because most of us have the habit of checking "Remember Me". So, very few people actually log out of their accounts on their PCs.

So friends, this was a short tutorial on basics of how to hack Email account using Cookie Stealing. As I have stated, Cookie stealing has some disadvantages. But, I think Cookie stealing is a handy way to hack an Email account.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

Read More

What is Brute Force Attack?

Brute force attack is one of the password cracking method. In this method we are trying every possible code, combination, or password by comparing different combination of characters (all possible keys) until you find the right one.

Let us assume the password length is 3. We have characters set (abcdefghijklmnopqrstuvwxyz0123456789) excluding the special characters.

The Number of Permutation takes to crack the password: -

For first character: -

Upper case letters(26 )+Lower Case Letters(26)+10 Numbers =62

Likewise for second and third character we have 62 different ways.
So the total permutation to produce different keys is =62*62*62=238328 ways.

If you include the special characters in character set, then the permutation to crack the password will increase.

If the password length is small, then it will be cracked in small amount of time. This method will take too longer time to crack lengthy passwords. It can take several hours, days, months, years.

The time depending upon the two factors: -

• Password Length
• Upper case and lower case letter combinations.

The difficulty of a brute force attack depends on several factors, such as: -

• How long can the key be?
• How many possible values can each component of the key have?
• How long will it take to attempt each key?
• Is there a mechanism which will lock the attacker out after a number of failed attempts?

Increasing Security Against a Brute Force Attack: -

• Increasing the length of the PIN
• Allowing the PIN to contain characters other than numbers, such as * or #
• Imposing a 30 second delay between failed authentication attempts
• Locking the account after 5 failed authentication attempts

Conclusion: -

For Hackers: -

Hope you understand about brute force attack, also the drawback of this method. You can take advantage if the password is simple and small in length.

For Security needers: -

If you really want to secure your account from hackers, then use the Strong password.

Read More