STEPS TO HACK CREDIT CARDS OR DEBIT CARDS

EXACT

STEPS TO HACK CREDIT CARDS OR DEBIT CARDS

His first step would be to turn on Fragrouter, so that his machine can perform IP forwarding

After that, he’ll want to direct your WiFi network traffic to his machine, rather than your data traffic going directly to the Internet. This enables him to be the “Man-in-the-Middle” between your machine and the internet. Using Arpspoof, a simple technique, he determines your IP address is 192.168.1.15 and the Default Gateway of the WiFi network is 192.168.1.1:

The next step is to enable DNS Spoofing via DNSSpoof:

Since he will be replacing the bank or online store’s valid certificate with his own fake one, he will need to turn on the utility to enable his system to be the Man-in-the-Middle for web sessions and to handle certificates. This is done via webmitm:

At this point, he is ready to go. Now he needs to begin actively sniffing your data passing through his machine, including your login and credit card information. He opts to do this with Ethereal, then saves his capture:

He now has the data, but it is still encrypted with 128-bit SSL. No problem, since he has the key. What he needs to do now is simply decrypt the data using the certificate that he gave you. He does this with SSL Dump:

He runs a Cat command to view the now decrypted SSL information. Note that the username is “Bankusername” and the password is “BankPassword.” Conveniently, this dump also reveals the banking site as National City. FYI, the better, more secure banking and online store websites will have you first connect to another, preceding page via SSL, prior to connecting to the page where you enter sensitive information such as bank login credentials or credit card numbers. The reason for this is to stop the MITM-type attack. This helps because if you were to access this preceding page first with a “fake” certificate the next page where you were to enter the sensitive information would not display. The page gathering the sensitive information would be expecting a valid certificate, which it would not receive because of the Man-in-the-Middle. While some online banks and stores do implement this extra step/page for security reasons, the real flaw in this attack is the uneducated end-user, as you’ll soon see:

With this information, he can now log into your online bank account with the same access and privileges as you. He could transfer money, view account data, etc.

Below is an example of a sniffed SSL credit card purchase/transaction. You can see that Elvis Presley was attempting to make a purchase with his credit card 5440123412341234 with an expiration date of 5/06 and the billing address of Graceland in Memphis, TN (He is alive!). If this was your information, the hacker could easily make online purchases with your card.

Bad News for SSL VPN Admins

This type of attack could be particularly bad for corporations, because Corporate SSL VPN solutions are also vulnerable to this type of attack. Corporate SSL VPN solutions will often authenticate against Active Directory, the NT Domain, LDAP, or some other centralized credentials data store. Sniffing the SSL VPN login then gives an attacker valid credentials to the corporate network and other systems.

What an End-User Needs To Know

There’s a big step an end-user can take to prevent this from taking place. When the MITM Hacker uses the “bad” certificate instead of the “good,” valid certificate, the end-user is actually alerted to this. The problem is that most end-users don’t understand what this means and will unknowingly agree to use the fake certificate. Below is an example of the Security Alert an end-user would receive. Most uneducated end-users would simply click “Yes”… and this is the fatal flaw:

By clicking “Yes,” they have set themselves up to be hacked. By clicking the “View Certificate” button, the end-user would easily see that there is a problem. Below are examples of the various certificate views/tabs that show a good certificate compared to the bad certificate:

Left One Good Certificate and right one fake certificate

How an End-User Can Prevent This

• Again, the simple act of viewing the certificate and clicking “No” would have prevented this from happening.
• Education is the key for an end-user. If you see this message, take the time to view the certificate. As you can see from the examples above, you can tell when something doesn’t look right. If you can’t tell, err on the side of caution and call your online bank or the online store.
• Take the time to read and understand all security messages you receive. Don’t just randomly click yes out of convenience.

How a Corporation Can Prevent This

• Educate the end-user on the Security Alert and how to react to it.
• Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials.
• When using SSL VPN, utilize mature products with advanced features, such as Juniper’s Secure Application Manager or Network Connect functionality.

how to hack into a cisco 2960 switch without using a password

Bypassing (recovering) a cisco router or switch password is pretty easy to do.

Here is how it can be done:

• First, we need to reboot the router/switch and interrupt the boot sequence by hitting CRTL+BREAK key. After doing this, we will enter something that is called a ROM monitor mode
• Next, we need to change the configuration register to turn on the bit 6 with the value “0x2142”. The bit 6 is turned off by default. Its default value is “0x2102”.

To turn the bit 6 on, let’s issue the following command :  confreg 0x2142

• After turning the bit 6 on, we need to reset the device by issuing  this command : reset
• Because no startup configuration is loaded at this point, the router will ask you if you want to use setup mode, answer no
• Next, hit Enter to enter user mode
• Next, type enable and hit Enter to go into privileged mode

Note: Notice here that you have not been prompted for a password when entering the privileged mode

• Next, we need to save our new configuration by typing this command: copy startup-config running-config

Note: At this point you can feel free to set a new password.

• Finally, we need to change the configuration register back to the default one by turning off the bit 6 . To do so, type these following commands:

config t

config-register 0x2102

how to hack into your friend pc from your own pc using comand prompt

Connect to Remote Computer

Step

Open the Search charm on your current computer and search for "command prompt." Click "Command Prompt" to open the Command Prompt window.

Step

Type "mstsc /v:" without quotes. Use the remote computer's IP address in place of "." Press "Enter."

Step

Type in the username and password for the user you set up on the remote computer. Press "Enter" to connect.

How to bypass passcode lock screens on iPhones and iPads

With iOS 11, you can still bypass the iPhone lock screen and trick Siri into getting into a person's phone. The bypass is the same as it was in the earlier version of the operating system:

• Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up.
• Say to Siri: Cellular data.

Siri then opens the cellular data settings where you can turn off cellular data.

As was the case before, anyone can do this. It doesn't have to be the person who "trained" Siri.

By also turning off Wi-Fi, you cut off her connectivity access. You will get an error saying, “Siri not available. You are not connected to the internet.” But you don’t care about that error because you have already bypassed the iPhone lock screen.

Other privacy holes remain

Also still an issue: Anyone can use Siri to read your new/unread text messages, send text messages and see your most recent phone call.

To do that, again prompt Siri to wake up using a finger not associated with the phone's authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Say, "Send a text message [person's name]," and Siri will let you dictate a message and send it. Say, "Show me recent calls," and Siri will display your most recent phone call

   

iOS 10.3.2

Apple still has not patched the hole allowing you to bypass the iPhone lock screen. As of iOS 10.3.2 (and the 10.3.3 beta), you can still trick Siri into getting into a person’s iPhone.

It works like this:

• Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up.
• Say to Siri: Cellular data.

Siri will then open the cellular data settings where you can turn off cellular data.

Anyone can do this—it doesn’t have to be the person who “trained” Siri.

By also turning off Wi-Fi, you cut off her connectivity access. You will get an error saying, “Siri not available. You are not connected to the internet.” But you don’t care about that error because you have already bypassed the iPhone lock screen.

Not only can someone trick Siri to turn off cellular data, but they can trick her to read unread text messages and post to Facebook—a major privacy issue.

To do it, again prompt Siri to wake up using a finger not associated with the phone's authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Or say, “Post to Facebook,” and Siri will ask you what you want to post to Facebook.

We tested this with a staffer’s iPhone 7, with someone other than the iPhone owner giving the commands. Siri let the person right in.

While we wait for Apple to patch the hole, your best option is to disable Siri from the lock screen.