Facebook has become very famous in last 2 year. Orkut which was considered to be the best Social networking website has been sidetracked by emerging Social Networking Websites like Facebook and Twitter. Considering the popularity of Facebook we have collected the Most Essential Hacks of Facebook and presented them to you.

1.How to View the Album of Any User Even if it is Private

You can use this script to view a photo in the original album, even if you’re not friends with the person.

2. How to Remove Annoying Facebook Advertisement

Get rid of some of the Facebook advertising and sponsored by sections with this tool.

3. How to see Real Profiles from Public Pages

This script redirects to real profiles from the Facebook people pages (public profiles). There is a risk of an infinite redirect loop if not logged in, so be logged in.

4. How to Undo Facebook Changes

If you hate some or all of the new Facebook changes, undo them with these scripts and use what you liked previously.

5. How to View All the Photos from a Person

You can search for pictures of a Facebook member who has tight privacy settings and view all his/ her pictures without his/ her consent.

6. How to Find More Friends at Facebook

Suppose some of your friends have newly joined Facebook and you didn’t even knew. Use this script and it will help you go through your friends’ friends list and find them out.

7. How to Share Files from Facebook

With this box widget, you can share files from your computer through Facebook. Isn’t it great?

8. How to Get a Job from Facebook

Looking for a job? This application gives Facebook users unique access to job information, networking opportunities and other career resources.

9. How to Tighten up the Privacy and still Maintain Communication Convenience

The Private Wall combines the best of both worlds of Facebook: online convenience and communication with more serious privacy settings.

10 How to Cheat Facebook Texas Hold em Poker

This is one of my Favorite hacks and that is why I have saved it for the last one. Using this software you can see the cards of any player and the advanced version of this software allows you to even add credits to your account for free.

NOTE: THIS IS ONLY THE DEMONSTRATION OF THIS TECHNIQUE AND FOR EDUCATION PURPOSE ONLY

1. First of all install WebGoat and configure Web browser

2. We will use the tool Achilles. It is a tool designed for testing the security of Web applications. Achilles is a proxy server, which acts as a man-in-themiddle during an HTTP session. For more about Achilles, pls check its official website.

3. Double-click the webgoat.exe icon from the directory containing the WebGoat application.

4. Configure the LAN setting as shown in the below fig

5. Run the Achilles application & select the options of the application as shown in below fig.

Intercept mode ON

Intercept Client Data

Ignore .jpg/.gif

Select Log to File - Save the data

6. Your Achilles screen should look like the following.

7. Open Internet Explorer and Adjust both screens equally on your desktop as shoen below.

8. Click the Start button on Achilles and notice that the status bar along the lower-left side of Achilles will let you know it is running.

9. In the address bar of Internet Explorer, enter the following address:

http://localhost/WebGoat/attack/

10. Press Enter, and Achilles will list the data flowing through to the Tomcat application. Click the Send button in Achilles. You will be presented with a login screen. For the User Name and Password enter the word guest. click the Send button again.

11. Click the Send button again & WebGoat screen will be displayed in the Web browser.

12. Under the Unvalidated Parameters section, specifically the Hidden Field Tampering area. Click on this area.

13. Click the Send button again.

14. WebGoat will appear with a shopping cart as shown below.

15. Click the Purchase button. Within Achilles you will see the QTY=1 & is Price=4999.99. Now if you want to make a purchase, whose actual cost is 4999.99 but you have only 1.99 in your account, Within Achilles edit the 4999.99 to 1.99 and then click the Send button.

16. The sale has completed, with a total charge of $1.99.

. . . . . . . . . . . . . . . . . . . . . . . . . . .

Welcome to the tutorial for SQL Injection. SQL Injection basically means to execute a query in the database which is connected to the website to get personal information out of it, which is not visible to a normal user. Database is most likely to be a part of the websites, which saves all the information like user names, passwords, posts, replies in it. So there is a possibility that you might put some commands or queries or requests whatever you want to call it into the database to get some hidden information out of it.

It is noticed that in the past SQL Injection have been used several times to steal the credit card information, E-mail address and passwords, because most of the users have same E-mail address and passwords into all of their E-mail accounts. So if you manage to hack one of the accounts, you may just get access to all of their accounts. SQL Injection is most likely used by the “Penetration Testers” to check if the website of their clients are vulnerable to some kind of attacks to steal the information. Here, in this article I will show you how do they do it. There are some simple terms expected out of you and one of them is that you understand the basic knowledge of the computer. This tutorial will let you know, how to start? where to stop? what to do? and if you have any further queries you can post them here and i will help you to work with it.

. . . . . . . . . . . . . . . . . . . . . . . . . . .

PLEASE REMEMBER: B4MS take no responsibility of whatsoever damaged is made by you by this knowledge. This is just for the educational purposes so you can secure your own website.

I will divide this tutorial into some points so it can help you in a better way to understand the structure of the SQL Database which is working at the backend of the website to store, save and execute the information.

I will use a LIVE website in this tutorial, so you can try to test it on your own and believe me it really helps to develop your skills.

The website that I will use today is www[dot]rfidupdate[dot]com.

To understand what is an SQL Database, the very simple thing i can explain to you is the “website where you can register, login or create your own profile. Because it will save the data you input into your profile and will execute / display them whenever you provide the correct username or the password. So in the same way the website i mentioned above will give you a chance to be a part of it, it will update you daily about respective news.

1. How to check if the website is vulnerable to SQL Injection?

A: On most of the website i read people saying that try to add “`” at the end [without quotes], and if you get some error that means that the website is vulnerable to SQL Injection. But being an experienced guy in the penetration, i’d rather tell you that this is a TOTAL MYTH. The best way to check the site vulnerability is to

add “+order+by+6753″ at the end of the URL. Because, 97% of the websites don’t have more then 6753. columns. So by adding 6753 number, you will check if it has 6753 columns, which it apperatenly doesn’t have. So it will give you an error, and if it does that means that the WEBSITE IS VULNERABLE. It is generally noticed that a website doesn’t have more than 100 columns at the most in its database. So by entering the number 6753, you are trying to make it sure if the website gives you an error with it. IF it does that means you can proceed further. To check an SQL Injection, its mandatory that the website should be pointing it self to some specific page, i.e. “website.com/index.php?page=11″. So in this case the website is pointing it self to page Number.11 to pull up some specific information. So, to check if the website is vulnerable or not, you can try with the following URL. i.e. “website.com/index.php?page=11+order+by+6753″.

2. How would i find the vulnerable websites?

A.: Google is the best friend of Hackers, when I say this don’t assume that i am just writing it because i am supposed it. I really mean it. There is something called as “google dorks”, which are basically a command which could be put into the Google search to find out specific groups of pages.

here are some Google dorks which you may try to find out the vulnerable websites.

a. inurl:index.php?page=

b. inurl:members.php?member=

c. inurl:index.php?id=

d. inurl:articles.php?page=

This will help you to find out the websites which are connected and working with SQL Databases at the backend. Some of them might be vulnerable to SQL Injection. So you can try to put “order+by+6753″ at the end of the URL to check if its vulnerable.

Step 1 : Finding Vulnerable Page.

Lets start, as you’ll know the website that i will test today is www.RfidUpdate.com. So lets open up the website in the browser. So just a little information about website, RFID means “radio frequency identification”. So on the right hand side you will see that it gives you an opportunity to subscribe to the website. So now it should give you an idea that when you subscribe to it, there has to be a place where your E-mail address should be saved, so it has to have a database! So, now we know that the website is supported by an SQL Database at the backend. So we are on the right track.

Brutus is one of the fastes, most flexible remote password crackers you can get your hands on-it's also free. it is available for Wimdows 9x, NT and 2000, there is no UNIX version available althought it is a posibility at some point in the future.Brutus was first made pubicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new release wiil be available in the near future. Brutus was written oroginally to help me check routers etc. for default and commoins password

Featurs

Brutus versiopn AETS2 is the current release and includes the following authentication types:

HTTP (Basic Authentication)

HTTP (HTML Form/CGI)

POP3

FTP

SMB

Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported int your copy of Brutus. You can create your own types or use other peoples

The current release includes the following fuctionally:

Multi-stage authentication engine

60 simultaneous target connections

No username, single username and multiple username modes

Password list, combo (user/password) list and configurable brute force modes

Highly customisable authentication sequences

Load and resume position

Import and Export custom authentication types as BAD files seamlessly

SOCKS proxy support for all all authentication types

User and password list generation and manipulation functionality

HTML Form interpretation for HTML Form/CGI authetication types

Error handing and recovery capability inc. resume after crash/failure