50 Tricks to Get More People To Like Your Facebook Page

Here are the tips:

1. Post a Status Update

Post a status update mentioning your facebook page.

Don’t be afraid to outright ask people to join your facebook page. Ask and you shall receive.

Give them a great reason why they should join, tell them news, or find a creative way to mention and link to your page

2. Get fans to upload and tag photos

If you host (or attend) an event with several of your fans take a bunch of pictures, post them to your page, and then ask your friends to tag themselves in the pictures.

If you can get your fans to upload pictures to your page, or tag themselves in pictures you uploaded, this will post to their walls as well and will lead to additional traffic for you.

3. Offer an incentive for people to sign up

Using some static fbml you can create a dynamic facebook landing page with a “reveal tab” that contains content that is visible only to fans of your page.

The more valuable your incentive is, the more people will be compelled to click the “Like” button to access it.

Examples of exclusive content could be: An exclusive Video, an exclusive whitepaper/.pdf, exclusive pictures.

Stay tuned to ProHackingTricks. In one of our upcoming posts will explain how to set up a “reveal tab.”

The image below shows different levels of increasing effectiveness for acquiring new fans.

Involver offers apps (and several of them are totally free) that make it easy to create a “Fan Gate” containing incentives, like a file or coupon, that will cause more people to “Like” your page.

4. Contact admins of groups related to your page

Groups are more powerful than pages in terms of their messaging ability. Pages send updates, but groups send messages directly to a users facebook inbox, triggering an email alert.

If you contact the admin of a facebook group with some valuable content that adds value to their readers then this can help them nurture their community and help you build yours.

5. Get people to join your page via SMS

Send a text message to 32665 (FBOOK) with the words “fan yourusername” OR “like yourusername” (without the quotes).

This feature is ideal when you’re in front of a live audience.

6. Install a page Badge

Facebook Badges are a simple, yet effective way to link to your facebook profile.

Unlike widgets, badges are simply images, and will load much faster.

7. Install a facebook “Like Box” into your site

Installing a “Like Box” is an excellent way to allow visitors to your site become fans without even leaving your page.

The like box builder tool makes it easy to customize the size of your like box, the number of connections to display, and even the color scheme.

Shown in the image below is the rarely used “dark” color scheme.

8. Use status tagging

Status tagging is a cool and fairly new feature of facebook.

This feature allows you to tag any page or person by entering the @ sign and then typing the name of the page or person you want to tag.

9. Suggest your page to friends

Use the “suggest to friends” feature of your page. Use this feature sparingly. Personally, I try to only invite people go my page once because I know it annoys me when multiple people invite me.

If you have many friends you might want to consider using the “invite all” Google chrome extension, rather than clicking hundreds or thousands of times.

10. Install a Like Button into your site

Installing a like button allows visitors to like your page, and when they do this posts the their activity stream.

This can send more traffic to your site and if you have a facebook “Like Box” and other content promotion your fan page, since this will help you convert your visitors into fans.

11. Connect your page to Twitter

Connecting your page to Twitter is an excellent way to convert your twitter followers into facebook fans.

Using this strategy will cause all of your posts to be sent to twitter, with a link back to the facebook version of the post.

www.facebook.com/twitter

12. Link to Your Page as a Place of Employment

The info box uner profile pictures is being phased out, so now if you want an omnipotent link on your profile to your page you will need to list your Page under employment. Once you do this your Facebook Page will appear under your name on your Profile.

13. Install commenting on your landing page

This will allow people to comment on your page, even if they are not a fan.

Any comments made can broadcast to news feeds and lead to more traffic to your page.

Setting up facebook commenting requires registering a facebook application, so act on this tip with caution unless you are comfortable with code.

14. Leverage Traditional Media

Since facebook is so widespread you can use any forms of traditional media and achieve results.

Newspapers, Media Buys, Radio, and TV all work, but are often very costly.

To maximize your promotion offer a free gift to those who join you page.

15. Newsletter Promotion

If you do email marketing send a message to your subscribers letting them know about your fan page and consider including a link to your fan page in every email.

16. Email Signature

Every email you send is an opportunity to link to your facebook page.

Check out the email signature tool wisestamp for a creative way to link to your social profiles.

17. Get business cards promoting your Facebook page

Business cards are cheap.

You can get 500 business cards from Vista Print for $1.99.

For this minimal investment you can get up to 500 new fans for your page!

Throw a link on your card and people will almost certainly check it out.

If you’re pressed for space in your design all page urls can be shortened from facebook.com to fb.me, or fb.com.

For example, www.facebook.com/prohackingtricks, www.fb.me/prohackingtricks, and www.fb.com/prohackingtricks all point to the same page.

18. Fiverr

Fiverr is an online marketplace where services are sold for five bucks.

Check out their “Social Marketing” and “Advertising” section and here you will find some people who are willing to suggest your page to 5,000 of their friends for just $5.

You will need to make the person who will suggest your page to their friends an admin in order for them to do this for you, but if you are willing to place your trust in someone to do this and they come through for you this will allow you to pick up dozens if not hundreds of new fans.

19. Create a Landing Page with Static FBML

By creating a custom landing tab for your facebook page you can increase the conversion of visitors to fans.

20. Run a “fans only” contest

An excellent way to run a fans only contest is using wildfireapp.

There are rules and regulations around running a contest on facebook so be sure to check out the facebook Statement of Rights and Responsibilities (“Statement”) before you run one.

21. Link to your page from your profile

Edit your Facebook profile information to include promotion for your Fan Page.

At the bottom of the info section of your profile you can include links to any websites you are affiliated with.

The more links you can build to your Page, the more traffic you will be able to send to your Facebook Fan Page. I am constantly seeking new opportunities to build links that will send traffic to my Fan Page.

22. Blog Commenting

Comment on blogs and in the website section use a link to your fan page.

23. Link to your facebook page from your linkedin profile

Linkedin gives every user three slots for links to whatever you’d like right on your profile.

You can make the anchor text of these links whatever you like, so I recommend using a call to action such as: Join my facebook page.

24. Upload video to facebook

Facebook video is very underrated, and exceptionally powerful.

When you embed a facebook video on another website this video includes a watermark link in the top left corner to the fan page it came from.

25. Watermark your videos with a link to your website

Using a video editing program include a link to your website.

I use camtasia to add my watermarks, and to record any screencast I create, and this program comes with a free 30 day trial.

26. Create a memorable URL

If you go to facebook.com/username you will be able to create a custom URL for your page.

Remember that this cannot be changed once it is set, so choose wisely.

27. Deliver an exceptional experience

Although facebook pages are no longer officially considered “fan pages” if you work to create fans of your brand many of them will certainly seek out and join your facebook page.

Strive to deliver an awesome experience for those who interact with your brand. Go above and beyond when engaging with your community and they will spread the word.

A famous article called 1,000 true fans maintains that they are all you need to create a thriving business. Don’t try just to get people to click “like” but instead seek to create raving true fan who will spread your word far and wide.

28. Link it up

This tip comes from @garyvee and it’s a good one: link it up!

Hyperlinks are what weave the web together so use them often and every time you do you are opening up another gateway into your fan page.

29. Flip the funnel

Drive your fans back to your website for new blog posts.

Make sure that your blog has social sharing and many of your fans will “like” your blog posts and tweet it out to their followers on twitter as well.

30. Track your growth with Facebook insights

Facebook insights shows you how many fans you have over time, and some fairly detailed demographic information as well.

Using this knowledge you can analyze what activities drive the most growth, and then duplicate your success.

31. Analyze your demographics with insights

Facebook demographics are a powerful feature of insights that allows you to determine the gender and age of the people in your page. Once you know this information you can focus your content to appeal to the age group and gender of your fans.

Here is the demographic information of the FacebookFlow fan page:

32. Talk and Blog about your page

Word of mouth does not start itself. Get the conversation going by mentioning your facebook page in blog posts and in every day conversation.

33. Learn more about Facebook

The more you know about facebook the more you can use this knowledge to drive the gowth your community.

34. Drive more traffic to your website

Use these tips to get more free traffic to your website. Make sure that your “Like Box” is featured prominently, and plenty of this traffic will “Like” your page.

35. Produce Epic Content

If your blog content is epic this will drive the growth of your page in a serious way.

Epic content has the best chance of going viral and if a blog post goes viral this also causes it to move up in the rankings in Google, leading to even more traffic, a percentage of which will convert to fans.

36. Install a like button into your posts

Installing a like button into your posts will help drive extra traffic to your posts and it will also show that facebook is an integral part of your brand.

If you have a self hosted wordpress blog I recommend installing the WP FB Like plugin.

The more you can integrate facebook with your site the more likely people will be to join your facebook page.

37. Make a Facebook like sign

Blue Sky Factory created a Facebook “Like” sign tool that you can use to create a cool image that will help promote your facebook page.

38. Buy Them

Although I do not recommend this option, there are several services out there that sell facebook likes.

The first 1,000 fans are usually the hardest to get so a service like this might help you get the critical mass needed to get more genuine organic fans.

39. Run a targeted ad campaign

Facebook advertising is exceptionally powerful due to the ability it offers to hyper target your market.

Facebook ads can be targeted based on age, location, and interests.

40. Turn your customers into fans

If someone likes you enough to buy your product then there is a good chance that they will like you on facebook as well.

Rig up your “thank you” page with a facebook “Like Box” and you’ll be good to go!

41. Advertise your page

The more you advertise your page the more fans you will be able to achieve.

Facebook advertising is a smart way to promote since you can target specific demographic and interest groups.

You will need a sales funnel in place in order to justify an advertising budget and I recommend setting this up prior to advertising on Facebook.

42. Use Hootsuite to manage your page

By using Hootsuite to manage your facebook pages you can maximize engagement by scheduling your posts ahead of time to go out when they will get the most attention.

Facebook posts get the most engagement early in the morning and a few hours before bed.

43. Get an attractive profile picture

A picture says a thousand words, so to really optimize your business page you should use the largest profile picture possible.

Currently the maximum profile picture size is 200 x 600 pixels.

44. Do a “fan of the month” promotion

By highlighting one of your best fans every month you indirectly encourage fans to engage more, so that they can win the coveted fan of the month title the next month.

Offer a monthly prize, such as a cool free product or service related to your brand, and the competition for this title will only increase.

45. Message your friends and ask them to join

This tried and tested method takes more ground work, but this method will allow you to build relationships and target the friends that you think are the most relevant to your page.

46. Include a link to your fan page in your forum signature

If you are active in any forums you will have the option to attach a “signature” to every post that you write.

Throw a link in your signature to your facebook page, and it will be clicked.

Do your best to add value and answer questions with your posts, and people will be more inclined to click your link and join your page.

A link with a call to action is more likely to get clicked than a link alone, so go with “Join my Facebook Page: www.facebook.com/prohackingtricks” instead of simply: “www.facebook.com/prohackingtricks”

47. Create a redirect URL

Creating a redirect to your facebook fan page is one way to “presell” the people who click it on joining your page.

For example, if your link is: www.yourdomain.com/joinmyfacebookpage anyone who clicks it will probably join your page.

48. Give away fan page swag

Websites like Zazzle make it easy for people to customize swag, such as the nifty “you like this” t-shirt below.

If you gave away shirts (or mugs, or stickers) like this with your facebook url included you could easily amass an army of walking billboards for your facebook page.

49. Find more facebook friends

The more friends you have, the better your chances will be that some of these friends will join your fan page.

Facebook has a “Find Your Friends Tool” that allows you to import your contact list from a variety of email clients, or an email list.

This tool also displays “People you may know” which I have found is very good at suggesting people that have many mutual friends as me.

50. Share this article with your facebook friends

If you share this post with your facebook friends and it will become obvious to them that getting more fans important to you, and if you have included a link to your facebook page in your info box or the “Website” section of your website there is a good chance that they will click it.

How to:Read a Cookies

Cookies provide a means in Web applications to store user-specific information, such as history or user preferences. A cookie is a small bit of text that accompanies requests and responses as they go between the Web server and client. The cookie contains information that the Web application can read whenever the user visits the site.

The browser is responsible for managing cookies on a user system. Cookies are sent to the server with a page request and are accessible as part of the HttpRequest object, which exposes a Cookies collection. You can read only cookies that have been created by pages in the current domain or path.

Procedure
To read a cookie

Read a string from the Cookies collection using the cookie's name as the key.

The following example reads a cookie named UserSettings and then reads the value of the subkey named Font.
Visual Basic

If (Request.Cookies("UserSettings") IsNot Nothing) Then
Dim userSettings As String
If (Request.Cookies("UserSettings")("Font") IsNot Nothing) Then
userSettings = Request.Cookies("UserSettings")("Font")
End If
End If

Code in C#:

if (Request.Cookies["UserSettings"] != null)
{
string userSettings;
if (Request.Cookies["UserSettings"]["Font"] != null)
{ userSettings = Request.Cookies["UserSettings"]["Font"]; }
}

Compiling the Code

This example requires:

An ASP.NET Web page.
A cookie written previously named UserSettings

ULTIMATE KEYLOGGER PACK

A keylogger is software that runs secretly on a computer and records every key that is pressed, then delivers it to an email of your choosing. Its easy to use and it has guarantied results.
I have made pack that contains more than 10 keyloggers and keylogger making programs easy for you to use. You can download it here.
In this pack is the best keylogger available on my opinion. Its named elite keylogger (ek_setup.exe) it has to be registered and to do that you have to input serial key and username (also included in a text file).

Here are the features of elite keylogger:
Elite Keylogger (Keystroke Recorder) main features:

Keystroke Recorder: Elite Keystroke Recorder will record all keystrokes typed, staying completely undetectable to users! Elite Keylogger lets you know what was typed, in which applications, and who typed what: passwords, logins, addresses, names.
100% Undetectable: None of known or unknown anti keyloggers will reveal Elite Keystroke Recorder. Your privacy is safe and logs are inaccessible to anyone. We update the core of our keystroke recorder every day to keep it invisible.
Chats, IMs, E-mail Sniffer: Record keystrokes typed in any chat, internet messengers or e-mail clients: user name, password, keystrokes, instant messages (MSN/AOL/ICQ/AIM/Gtalk)…
Clipboard Monitoring: Most of the users copy and paste logins and passwords instead of typing them manually. Elite Keystroke Recorder will crack into clipboard as well! Unlike others Elite Keylogger also grabs clipbord graphics.
Application Activity Recorder: Elite Keystroke Recorder can record all applications launched and the text anyone typed there. You will know the exact time, date, path, window caption and other parameters of the programs launched on your PC.
Winlogon and passwords tracker: Elite Keystroke Recorder offers low-core monitoring with its kernel mode driver. This will ensure all logons and passwords are captured! Yes, we say: ABSOLUTELY ALL!
Screenshots Maker: Elite Keystroke Recorder regularly takes screenshots of Windows Desktop and applications running, like an automatic surveillance camera hidden from all users!
Sends logs to email or FTP: Elite Keylogger secretly sends your logs to email, uploads to FTP or network drive. So you are 100% aware of all PC activities with our keystroke recorder.
Elite keylogger isn’t detected by ANY ANTIVIRUS SOFTWARE!!!!!!!!!!!!!!!!

Elite Keylogger is compatible with Win 2000/XP/Vista/7 x32 (64-bit edition is in development)
For the password to unlock the keyloggers contact me at
k4kirtanparmar@in.com

How To Find Location Of Anyone On Internet

Let’s say you are chatting on msn, and someone you don’t know is starting a conversation with you. If you want to know from where is the person you are chatting with, or check if she/he is telling the truth, you can trace the location (country, city, etc. ), and IP Address of the person. There are several methods of doing it but here’s an easy one. The only thing you have to do is to actually make the person click a link you send him. When that person clicks the link, you will receive information like IP Address, Country, Host name, Operating System /Browser Details and region name. Just follow instructions below:
1. Visit this link and enter your email id in it. You will receive your trace reports in it.
2. You will receive a unique link in your inbox like this http://acmepeers.com/?u=vyg (Mostly its in Spam Folder)
3. When someone clicks that link you will receive tracing reports to your email .
You can click the above link yourself to check the accuracy of the system by tracing yourself.
It looks like this:

How To Hack Into Computers Through WiFi

The internet is ever growing and you and I are truly pebbles in a vast ocean of information. They say what you don’t know can’t hurt you. When it comes to the Internet believe quite the opposite. On the Internet there a millions and millions of computer users logging on and off on a daily basis. Information is transferred from one point to another in a heartbeat. Amongst those millions upon millions of users, there’s you.
In this tutorial i am going to show you how to to access someone’s facebook, youtube, and many other accounts which is using the same WiFi as you.
You need:

Mozilla Firefox
Firesheep – A Firefox extension that demonstrates HTTP session hijacking attacks.
WinPcap – WinPcap is an open source library for packet capture and network analysis for the Win32 platforms. It includes a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a high-level and system-independent library.

Step 1: Install WinPcap then drag the Firesheep add-on, and put it on the Firefox icon. Firefox will open and will ask you to install the add on. Install it and restart Firefox.
Step 2: Open the add-on (You can do it by clicking on View -> Sidebar -> Firesheep), then click on Start Capturing and it’ll start capturing, and as soon as somebody logs in any account it’ll show up the logs, and then you can access their account.
Simple, but functional and VERY effective method to hack someones facebook, youtube, myspace, etc. account through WiFi.

Get a Free License for Avast Internet Security 2010

Today I’m going to give you this working serial number for Avast internet Security 2010.
Active internet users need greater protection for themselves as they shop and bank on-line. To secure against threats from infected web sites and the growing risk of identity theft, avast Internet security provides you with continuous protection from its layers of antivirus, anti-spyware, anti-rootkit protection, firewall and antispam.
Features Of the Program
* Continuous protection against viruses and spyware
* Ensures all mails sent and received are clean
* Keeps you protected from “chat” infections

* Stops attacks from hijacked websites
* Lets you safely browse suspicious websites or run unknown applications
* Blocks hacker attacks to protect your identity
* Keeps your mailbox free from spam
* Allows safe and uninterrupted gaming
* Compatible with Win XP, Vista and 7
How to Download and Install?
Step 1. Download Avast IS 2010 from here.
Step 2. Download the Serial Number from here.
Step 3. Install Avast Internet Security.
Step 4. Open Avast
Step 5. Go to Maintenance
Step 6. In Maintenance click Subscription
Step 7. Click Insert lincense file
Step 8. Find and open the License file
The License for Avast Last untill 24/4/2012

Delete files without moving deleted files to Recycle Bin

Whenever a file is deleted , it moves into recycle bin.But not from the hard disk.So to remove any file from hard disk directly without moving it to Recycle Bin just follow these steps:

>>Go to Start>Run , type gpedit.msc to open group policy editor

>>In group policy editor , expand User Configuration>Administrative Templates>Windows Components and select Windows Explorer

>>On right window pane you can see Setting : Do not move deleted files to recycle bin

>>Double Click it and select Enabled and click Ok

>>That's it now you can delete files in your hard disk without moving it in Recycle Bin

Alternate:You can also delete files from hard disk without placing it in hard disk by selecting file and pressing Shift + Delete keys at a time

Top ten free Anonymous surfing sites

The anonymous surfing sites are the sites from which you can view any sites anonymously and also view blocked websites .Also you can hide your ip-address by using these sites.You can now browse any websites which are blocked in specific country,school,office etc. by entering your blocked site in these free anonymous surfing sites.These sites uses proxies which hide your ip-address .So any site cannot track your information and you can be hidden for any site.All the below sites contains no pop-up ads and are fast and free

With anonymous surfing

moonpath.info

proxyraf.info

4proxycz.info

broadsurf.info

vpndog.info

fewadssurfing.info

vtunnel.com

How to hack with Trojan | Prorat tutorial

Prorat a famous trojan for hacking system, facebook, gmail, yahoo, twitter and other accounts. Today i wil show you step by step guide to hack with Prorat.

First of download Prorat from the given link
ProRat

Then disable your antivirus. It is necessary other wise your downloaded trojan will be detected and deleted. Don't worry, it will not harm your system at this stage.

Now run Prorat.exe
You will see the prorat window. There are so many options but you have to create a server first.

So click on create server.
There will be 3 options

Create Prorat server
Create Downloader Server
Create Cgi Victim List & usage

now click on create prorat server

A new window will popup. which will have a lots of options in side bar.

Notifications
General settings
Bind with Files
Server extnsions
Server Icons

You have to use all options one by one to create a server.
Now in Notofication. Mark on Use Mail Notification and enter your email id. there will be a default id. Erase it and enter your. Then Test. It will send a testing mail to your email. Check your spam too.

Then Go to general settings and select all the options which you want to have in your trojan.

Then go to Bind with file and select file to bind your trojan with.
At last select your server extension and icon. Then click on Create server.
Now you have created a server.

Send this server file to the victim you want to hack, but before sending this file to victim make it FUD (Fully UnDetectable) with FUD cryptors. Search for this website for FUD articles.
after creating server FUD, it is ready to send to the victim.

Send this file to the victim. If the victim will run the server in the system, Trojan server will send you the notification email with the IP address of the victim. Use this ip and run your prorat.

At the top there is an option for IP and port. Enter thr IP and port and click on connect.
wait to connect.
After getting connected to the victim's system.. you can use any of the options available on the prorat to hack the user's system

aircrack-ng – WEP and WPA-PSK Key Cracking Program

aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact, aircrack is a set of tools for auditing wireless networks.

Aircrack-ng is the next generation of aircrack with lots of new features:

Better documentation (wiki, manpages) and support (Forum, trac, IRC: #aircrack-ng on Freenode).
More cards/drivers supported
New WEP attack: PTW
More OS and platforms supported
Fragmentation attack
Improved cracking speed
WEP dictionary attack
Capture with multiple cards
New tools: airtun-ng, packetforge-ng (improved arpforge), wesside-ng and airserv-ng
Optimizations, other improvements and bug fixing

Download the latest version of aircrack-ng here:

Linux – aircrack-ng-0.9.1.tar.gz
Windows – aircrack-ng-0.9.1-win.zip

15 Hacking Tools & Security Utilities

A hacking tool is a program designed to assist with hacking, or a piece of software which can be used for hacking purposes.

Examples include Nmap, Nessus, John the Ripper, SuperScan, p0f, and Winzapper. Bribes, have also been designated as among the most potent hacking tools, due to its potential exploitation in social engineering attacks. Occasionally, common software such as ActiveX is exploited as a hacking tool as well and i'll be sharing most of this tools with you today.

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here

3. John the Ripper

Yes, JTR 1.7 was recently released!

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.

Get p0f Here

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.

Get Wireshark Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.

Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4x0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
    * Verify that your network is set up the way you intended.
    * Find locations with poor coverage in your WLAN.
    * Detect other networks that may be causing interference on your network.
    * Detect unauthorized “rogue” access points in your workplace.
    * Help aim directional antennas for long-haul WLAN links.
    * Use it recreationally for WarDriving.

Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Get hping Here

Password Cracking with Rainbowcrack and Rainbow Tables

What is RainbowCrack & Rainbow Tables?

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

You can find the official Rainbowcrack project here, where you can download the latest version of Rainbowcrack.

In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

Basically these types of password crackers are working with pre-calculated hashes of ALL passwords available within a certain character space, be that a-z or a-zA-z or a-zA-Z0-9 etc.

These files are called Rainbow Tables.

You are trading speed for memory and disk space, the Rainbow Tables can be VERY large.

Be warned though, Rainbow tables can be defeated by salted hashes, if the hashes are not salted however and you have the correct table, a complex password can be cracked in a few minutes rather than a few weeks or months with traditional brute forcing techniques.

So where do I get these Rainbow Tables?

You can generate them yourself with RainbowCrack, this will take a long time, and a lot of diskspace.

Project Shmoo is offering downloads of popular Rainbow Tables via BitTorrent.

http://rainbowtables.shmoo.com/

If you wanted to, you could even buy the tables from http://www.rainbowtables.net/.

Or these guys, not free but cheap http://www.rainbowcrack-online.com/

Some free tables here http://wired.s6n.com/files/jathias/index.html

What software is available for use with Rainbow Tables?

There is of course the original RainbowCrack as mentioned above.

Then there is:

Ophcrack

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance.

Cain and Abel (newly added support for Rainbow Tables)

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Abel is personally my favourite fully featured password whacking tool, it also has a good packet sniffer, which grabs and decodes passwords and many methods for password cracking. The interface is decent too. I’ll write more on how to get the most out of Cain later.

L0phtcrack or LC5

LC5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.

Please note this is a COMMERCIAL product.

LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003

Thankfully there is a freeware alternative to LC5 in the form of LCP.

Other Resources

http://www.rainbowcrack.com/
http://sarcaprj.wayreth.eu.org/
http://passcracking.com/
http://www.md5lookup.com/
http://www.plain-text.info/
http://ap0x.headcoders.net/xHashBrutter.rar
http://www.loginrecovery.com/

THC-Hydra - A very fast network logon cracker

A very fast network logon cracker which support many different services. Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa!

Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

Version 6.x was tested to compile cleanly on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX.

Currently this tool supports:

TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, irc, RSH, RLOGIN, CVS, SNMP, SMTP, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, XMPP, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA (incorporated in telnet module).

For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest are supported.

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

Disclaimer

This tool is for legal purposes only!
The GPLv3 applies to this code.
A special license expansion for OpenSSL is included which is required for the debian people

The Art of Downloading: Source and Binaries

1. The source code of state-of-the-art Hydra: hydra-6.3-src.tar.gz
(compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)

2. The source code of the stable tree of Hydra in case v6 gives you problems on unusual platforms:
hydra-5.9.1-src.tar.gz

3. The Win32/Cywin binary release: --- not anymore ---
Install cygwin from http://www.cygwin.com
and compile it yourself. If you do not have cygwin installed - how
do you think you will do proper securiy testing?

4. ARM and Palm binaries here are old and not longer maintained:
ARM: hydra-5.0-arm.tar.gz
Palm: hydra-4.6-palm.zip

SIPVicious Tool Suite v0.2.6 – SIP/VoIP Security Auditing Tool

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. Why the name? Because the tools are not exactly the nicest thing on earth next to a SIP device. And the play on the sound seems to work. As an extra bonus, it rhymes with the name of Sex Pistol’s bass player.

It currently consists of five tools:

svmap – this is a sip scanner. Lists SIP devices found on an IP range
svwar – identifies active extensions on a PBX
svcrack – an online password cracker for SIP PBX
svreport – manages sessions and exports reports to various formats
svcrash – attempts to stop unauthorized svwar and svcrack scans

Requirements

Python – SIPVicious works on any system that supports python 2.4 or greater.

There’s a good blog post covering the new stuff here too, mainly svcrash:

How to crash SIPVicious – introducing svcrash.py

You can download SIPVicious v0.2.6 here:

sipvicious-0.2.6.zip

Angry IP Scanner 3.0 Beta 5

Scanning of computer networks (searching for addresses with known properties) is a practice that is often used by both network administrators and crackers. Although it is widely accepted that activity of the latter is often illegal, most of the time they depend on exactly the same tools that can be used for perfectly legitimate network administration – just like a kitchen knife that can be used maliciously.

Thanks to the recent activity of mass-media on the subject (that popularized the wrong term for a cracker – a 'hacker'), nowadays every educated person more or less understands the reasons and goals that stand behind malicious cracking: curiosity, stealing of information, making damage, showing self-importance to the world, etc. But why do administrators need to scan their own networks?

There are plenty of answers: to check status of computers and various network devices (are they up or down), find spare addresses in statically-addressed networks, monitor the usage of server-type or P2P applications, make inventory of available hardware and software, check for recently discovered holes in order to patch them, and much more things that are even difficult to foresee.

Angry IP Scanner is widely-used open-source and multi-platform network scanner. As a rule, almost all such programs are open-source, because they are developed with the collaboration of many people without having any commercial goals. Secure networks are possible only with the help of open-source systems and tools, possibly reviewed by thousands of independent experts and hackers alike.

Certainly, there are other network scanners in existence (especially single-host port scanners), however, most of them are not cross-platform, are too simple and do not offer the same level of extensibility and user-friendliness as Angry IP Scanner. The program's target audience are network administrators, consultants, developers, who all use the tool every day and therefore have advanced requirements for usability, configurability, and extensibility. However, Angry IP Scanner aims to be very friendly to novice users as well.

You can download Angry IP Scanner here:

Angry IP Scanner

Skipfish 1.94b Released - Web Application Security Scanner

What is Skipfish?

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Why should I bother with this particular tool?

A number of commercial and open source tools with analogous functionality is readily available (e.g., Nikto, Websecurify, Netsparker, w3af, Arachni); stick to the one that suits you best. That said, skipfish tries to address some of the common problems associated with web security scanners. Specific advantages include:

High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances have been observed, with a very modest CPU, network, and memory footprint. This can be attributed to:

Multiplexing single-thread, fully asynchronous network I/O and data processing model that eliminates memory management, scheduling, and IPC inefficiencies present in some multi-threaded clients.
Advanced HTTP/1.1 features such as range requests, content compression, and keep-alive connections, as well as forced response size limiting, to keep network-level overhead in check.
Smart response caching and advanced server behavior heuristics are used to minimize unnecessary traffic.
Performance-oriented, pure C implementation, including a custom HTTP stack.

Ease of use: skipfish is highly adaptive and reliable. The scanner features:

Heuristic recognition of obscure path- and query-based parameter handling schemes.
Graceful handling of multi-framework sites where certain paths obey a completely different semantics, or are subject to different filtering rules.
Automatic wordlist construction based on site content analysis.
Probabilistic scanning features to allow periodic, time-bound assessments of arbitrarily complex sites.

Well-designed security checks: the tool is meant to provide accurate and meaningful results:

Handcrafted dictionaries offer excellent coverage and permit thorough $keyword.$extension testing in a reasonable timeframe.

Three-step differential probes are preferred to signature checks for detecting vulnerabilities.
Ratproxy-style logic is used to spot subtle security problems: cross-site request forgery, cross-site script inclusion, mixed content, issues MIME- and charset mismatches, incorrect caching directives, etc.
Bundled security checks are designed to handle tricky scenarios: stored XSS (path, parameters, headers), blind SQL or XML injection, or blind shell injection.
Report post-processing drastically reduces the noise caused by any remaining false positives or server gimmicks by identifying repetitive patterns.

Some users had a problem getting it running, it does have a dependency – assuming you are on a Debian based distro, all you need to do is:

apt-get install libidn11

The minum syntax required to run the tool would be:

./skipfish -o /home/youruser -W dictionaries/standard.wl http://yoursite.com

That should be enough to get you started!

It’s a pretty powerful tool and likely to pick up issues that Nessus or Nikto might miss.

You can download Skipfish 1.94b here:

skipfish-1.94b.tgz

xSQL Scanner: Security Audit Tool For MS-SQL & MySQL & Database Password Cracker

xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers.

The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers.

Features

Test for weak password fast;
Test for wear/user passwords;
Wordlist option;
Userlist option;
Portscanner
Range IP Address audit and more.

Windows – xsqlscanner-1.2.zip
Linux – xsqlscan-mono.tgz

MagicTree v1.1 – Penetration Testing Productivity Tool

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? I have certainly did, and when I heard about the release of this tool, my heart was filled with joy, at last I can now spend time doing the real thing, you know what i mean:).

Lets get it straight for those that don't or haven't had about it.

MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, "Tree" is because all the data is stored in a tree structure, and "Magic" is because it is designed to magically do the most cumbersome and boring part of penetration testing - data management and reporting.

Updates

Rapid 7 NeXpose XML import (both simple XML and full XML formats are supported)
Arachni XML import (as of 0.4.0.2. Thanks to Herman Stevens of Astyran for contribution)
OWASP Zed Attack Proxy XML import (development snapshot as of 6-Feb-2012)
New matrix query interface
Bug fix (#224) Remove orphan projects does not work anymore
Bug fix (#226) NPE in dumpData()
Bug fix (#239) “Uncaught exception in Swing thread: null. null” when saving a custom query into the repo
Bug fix (#241) Corrupted reference links in report templates
Bug fix (#242) Updated report templates to honor “ignore” status

You can download MagicTree here

Speed your browser by changing your DNS

Most people use the default DNS settings provided by their ISP, and while they are usually sufficient for most purposes, there are plenty of free options out there, like OpenDNS and Google DNS. Namebench is a free app that checks to see whether your current settings are optimized and, if not, which free option is best for you. Here's how to use it:

Download and install Namebench.

Fire it up and choose your settings. Keep the top two boxes checked. If you're concerned about network censorship, check the third box, and if you want to help the developers, check the last box. You can tweak the rest if you're outside U.S. or want to experiment with different browsers.

Click Start Benchmark and wait while Namebench runs its tests. It should take several minutes. A browser tab should pop open when Namebench is done and give you a list of DNS servers and how much faster they are than the one you're currently using, unless yours are already the fastest possible.

Namebench does not change your settings, but it's generally pretty easy to do it yourself. Check with the instructions you got from your ISP to set up your modem and/or router and just substitute the DNS addresses you received from Namebench for the addresses given by your ISP. It's best to do this with your router, as it will assign that DNS address for all the devices attached to it.

That's it! This can dramatically improve your browsing speed, and it's fairly easy to work through.

Nmap 6 Released For Download - Network Discovery & Security Auditing Tool

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, Nmap accounts for the network conditions (latency fluctuations, network congestion, the target interference with the scan) during the run. Also, owing to the large and active user community providing feedback and contributing to its features, Nmap has been able to extend its discovery capabilities beyond simply figuring out whether a host is up or down and which ports are open and closed; it can determine the operating system of the target, names and versions of the listening services, estimated uptime, type of device, and presence of a firewall.

Nmap runs on GNU/Linux, Microsoft Windows, Solaris, HP-UX and BSD variants (including Mac OS X), and also on AmigaOS and SGI IRIX. GNU/Linux is the most popular Nmap platform with Windows following it closely.

Major Improvements in v6.00

NSE Enhanced – The Nmap Scripting Engine (NSE) has exploded in popularity and capabilities. This modular system allows users to automate a wide variety of networking tasks, from querying network applications for configuration information to vulnerability detection and advanced host discovery. The script count has grown from 59 in Nmap 5 to 348 in Nmap 6, and all of them are documented and categorized in our NSE Documentation Portal. The underlying NSE infrastructure has improved dramatically as well.

Better Web Scanning – As the Internet has grown more web-centric, Nmap has developed web scanning capabilities to keep pace. When Nmap was first released in 1997, most of the network services offered by a server listened on individual TCP or UDP ports and could be found with a simple port scan. Now, applications are just as commonly accessed via URL path instead, all sharing a web server listening on a single port. Nmap now includes many techniques for enumerating those applications, as well as performing a wide variety of other HTTP tasks, from web site spidering to brute force authentication cracking. Technologies such as SSL encryption, HTTP pipelining, and caching mechanisms are well supported.

Full IPv6 Support – Given the exhaustion of available IPv4 addresses, the Internet community is trying to move to IPv6. Nmap has been a leader in the transition, offering basic IPv6 support since 2002. But basic support isn’t enough, so we spent many months ensuring that Nmap version 6 contains full support for IP version 6. And we released it just in time for the World IPv6 Launch. We’ve created a new IPv6 OS detection system, advanced host discovery, raw-packet IPv6 port scanning, and many NSE scripts for IPv6-related protocols. It’s easy to use too—just specify the -6 argument along with IPv6 target IP addresses or DNS records. In addition, all of our web sites are now accessible via IPv6. For example, Nmap.org can be found at 2600:3c01::f03c:91ff:fe96:967c.

New Nping Tool – The newest member of the Nmap suite of networking and security tools is Nping, an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping’s novel echo mode lets users see how packets change in transit between the source and destination hosts. That’s a great way to understand firewall rules, detect packet corruption, and more.

Better Zenmap GUI results viewer – While Nmap started out as a command-line tool and many (possibly most) users still use it that way, we’ve also developed an enhanced GUI and results viewer named Zenmap. One addition since Nmap 5 is a “filter hosts” feature which allows you to see only the hosts which match your criteria (e.g. Linux boxes, hosts running Apache, etc.) We’ve also localized the GUI to support five languages besides English. A new script selection interface helps you find and execute Nmap NSE scripts. It even tells you what arguments each script supports.

Faster scans – In Nmap’s 15-year history, performance has always been a top priority. Whether scanning one target or a million, users want scans to run as fast as possible without sacrificing accuracy. Since Nmap 5 we’ve rewritten the traceroute system for higher performance and increased the allowed parallelism of the Nmap Scripting Engine and version detection subsystems. We also performed an intense memory audit which reduced peak consumption during our benchmark scan by 90%. We made many improvements to Zenmap data structures and algorithms as well so that it can now handle large enterprise scans with ease.

You can download Nmap v6.00 here:

Linux: nmap-6.00.tar.bz2
Windows: nmap-6.00-win32.zip

sdr

ads