7- Linked accounts
A majority of Instagram users have linked their Facebook accounts on them. If you can hack someone’s Facebook account, you willl also get automatic access to
their Instagram account.
This kind of method works with a lot of other social media accounts too. Facebook accounts are also linked to tons of games which means you will also get
access to their game accounts for example Dragon City.
Works with Facebook Mobile Games:
SO IT IS A PERFECT LOOT FOR SOMEONE WHO SELLS ACCOUNTS!!!!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8- Exploits and Vulnerabilities
An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in an application or a system to cause unwanted effects.
The name comes from the English verb to exploit, meaning “to use something to one’s own advantage”.
Basically, this means that the target of an attack suffers from a design flaw that allows people to create the means to access it and use it in his interest.
Among the most well-known web-based security vulnerabilities are: SQL injection attacks, cross-site scripting , cross-site request forgery and broken authentication code or security misconfigurations. In general, exploits can be clasified in two main categories: known and unknown (or zero-day vulnerabilities).
The zero-day vulnerabilities are by far the most dangerous, as they happen when a software contains a critical security vulnerability of which the programmer or the owner of the software is unaware of.
So now that you know what an exploit its let me show you how to abuse them and how to find them.
How to find exploits [ONLY FOR HIGHLY EXPERIENCED HACKERS]:
It’s not like every nth line of code has something exploitable. Software that tries to do certain things, fails in certain ways, over and over and over again.
So mostly we look for the old problems, and port them over to their new hosts.
There are three main strategies for finding bugs.
Design review
Basically just look at what it’s trying to do, and figure out if it did it wrong. Code review — look at how it’s built, either as source code or compiled binaries (both help, both matter). And Fuzzing.
Fuzzing
Fuzzing is basically throwing noise at software, and seeing what happens. Bugs might only show up one out of a million tests, but if you try things a hundred million times, you’re going to get a hundred bugs.
Fuzzing gets smarter each passing year. What that means is that instead of throwing random noise at code, we watch what happens as we talk to the software, and learn from it. Bugs are not random, because software is not random. You have to *reach* a bug, in order to find it.
Alternatively, if you’re twenty levels deep into a program and you find a problem, who knows if that problem is even exploitable. Anywhere along those 19 layers above you might be something that stops you. Often it’s a hassle to figure that out.
SAT and SMT solvers are technologies that automate figuring out if things are exploitable after all. They’re quite effective. These solvers of course are used in a variety of ways; they’re probably the most effective “machine learning” tech in security right now.
Finding Access Vulnerabilities
What generally happens is that an advanced or elite hacker writes a scanning tool that looks for well-known vulnerabilities, and the elite hacker makes it available over the Internet. Less experienced hackers, commonly called "script kiddies," then run the scanning tool 24 x 7, scanning large numbers of systems and finding many systems that are vulnerable. They typically run the tool against the name-spaces associated with companies they would like to get into.
The script kiddies use a list of vulnerable IP addresses to launch attacks, based on the vulnerabilities advertised by a machine, to gain access to systems. Depending on the vulnerability, an attacker may be able to create either a privileged or non-privileged account. Regardless, the attacker uses this initial entry (also referred to as a "toe-hold") in the system to gain additional privileges and exploit the systems the penetrated system has trust relationships with, shares information with, is on the same network with, and so on.
sources: https://www.quora.com/What-is-the-proces...rabilities
YOU DO NOT NEED TO FIND EXPLOITS TO USE THEM!
There are tons of exploits that are public and they are still not fixed because people do not update their system and websites do not pay for any kind of security most of the times. There are well known and legal databases that display every kind of exploit that is public yet.
There are tons of different exploits from different Softwares and Hardwares. Totally free to copy and abuuse.
So here is where you can find them.
The Exploit Database
Vulnerability and Exploit Database
CXSecurity
Vulnerability Lab
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A majority of Instagram users have linked their Facebook accounts on them. If you can hack someone’s Facebook account, you willl also get automatic access to
their Instagram account.
This kind of method works with a lot of other social media accounts too. Facebook accounts are also linked to tons of games which means you will also get
access to their game accounts for example Dragon City.
Works with Facebook Mobile Games:
- Daily Soduko
- Master Archer
- Draw Something
- Words with Friends
- 8 Ball Pool
- Super Dash
- Mahjong Trails Blitz
- Jewel Academy
- Tomb Runner
- Word Life
- Dragon Land
- World Chef
- Dragon Land
- Tasty Town
- Dragon City
- Monster Legends
SO IT IS A PERFECT LOOT FOR SOMEONE WHO SELLS ACCOUNTS!!!!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8- Exploits and Vulnerabilities
An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in an application or a system to cause unwanted effects.
The name comes from the English verb to exploit, meaning “to use something to one’s own advantage”.
Basically, this means that the target of an attack suffers from a design flaw that allows people to create the means to access it and use it in his interest.
Among the most well-known web-based security vulnerabilities are: SQL injection attacks, cross-site scripting , cross-site request forgery and broken authentication code or security misconfigurations. In general, exploits can be clasified in two main categories: known and unknown (or zero-day vulnerabilities).
The zero-day vulnerabilities are by far the most dangerous, as they happen when a software contains a critical security vulnerability of which the programmer or the owner of the software is unaware of.
So now that you know what an exploit its let me show you how to abuse them and how to find them.
How to find exploits [ONLY FOR HIGHLY EXPERIENCED HACKERS]:
It’s not like every nth line of code has something exploitable. Software that tries to do certain things, fails in certain ways, over and over and over again.
So mostly we look for the old problems, and port them over to their new hosts.
There are three main strategies for finding bugs.
Design review
Basically just look at what it’s trying to do, and figure out if it did it wrong. Code review — look at how it’s built, either as source code or compiled binaries (both help, both matter). And Fuzzing.
Fuzzing
Fuzzing is basically throwing noise at software, and seeing what happens. Bugs might only show up one out of a million tests, but if you try things a hundred million times, you’re going to get a hundred bugs.
Fuzzing gets smarter each passing year. What that means is that instead of throwing random noise at code, we watch what happens as we talk to the software, and learn from it. Bugs are not random, because software is not random. You have to *reach* a bug, in order to find it.
Alternatively, if you’re twenty levels deep into a program and you find a problem, who knows if that problem is even exploitable. Anywhere along those 19 layers above you might be something that stops you. Often it’s a hassle to figure that out.
SAT and SMT solvers are technologies that automate figuring out if things are exploitable after all. They’re quite effective. These solvers of course are used in a variety of ways; they’re probably the most effective “machine learning” tech in security right now.
Finding Access Vulnerabilities
What generally happens is that an advanced or elite hacker writes a scanning tool that looks for well-known vulnerabilities, and the elite hacker makes it available over the Internet. Less experienced hackers, commonly called "script kiddies," then run the scanning tool 24 x 7, scanning large numbers of systems and finding many systems that are vulnerable. They typically run the tool against the name-spaces associated with companies they would like to get into.
The script kiddies use a list of vulnerable IP addresses to launch attacks, based on the vulnerabilities advertised by a machine, to gain access to systems. Depending on the vulnerability, an attacker may be able to create either a privileged or non-privileged account. Regardless, the attacker uses this initial entry (also referred to as a "toe-hold") in the system to gain additional privileges and exploit the systems the penetrated system has trust relationships with, shares information with, is on the same network with, and so on.
sources: https://www.quora.com/What-is-the-proces...rabilities
YOU DO NOT NEED TO FIND EXPLOITS TO USE THEM!
There are tons of exploits that are public and they are still not fixed because people do not update their system and websites do not pay for any kind of security most of the times. There are well known and legal databases that display every kind of exploit that is public yet.
There are tons of different exploits from different Softwares and Hardwares. Totally free to copy and abuuse.
So here is where you can find them.
The Exploit Database
- Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more
Vulnerability and Exploit Database
- Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review
CXSecurity
- Independent information about security is a huge collection of information on data communications safety
Vulnerability Lab
- Offers access to a large vulnerability database complete with exploits and PoCs for research purposes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~