Phishing is the most commonly used method to hack hi5. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites like Yahoo, Gmail, MySpace etc. The victim is fooled to believe the fake hi5 page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her hi5 login details are stolen away.

ARP Spoofing/poising Animation

• A laptop.
• Cain and able. Download it from, www.oxid.it/index.html
• A network to sniff.

Now onto how to do this:

1) Download and install cain and able.

2) Set your laptop up and steal an ethernet connection from a nearby computer on the network. Plug the Ethernet cable in. You are now connected. With no restrictions on what you can run.

3) Start cain and able.

4) Now click on the sniffer tab. Now notice the two symbols – the one that looks the same as the one on the sniffer tab and the one that looks like a nuclear sign.

5) Mouse over them and they will tell you that one starts the sniffer and the other starts arp poisoning.

6) Now click on configure -> click on the arp tab and make sure that you are using your real ip and mac address, if you don’t you wont get any hosts or be able to arp poision.
7) Now start the sniffer and press the blue plus sign. This will let you scan for hosts in your subnet.  Now go back to configure and select use a spoofed ip and mac address. Now type an ip from your sub net but the last bit must be numbers that are unused so the network doesn’t get confused.

9) Select all the hosts you find and right click and go resolve host name. Now try to find the router, it will usually stand out easily. The router probably wont have a name as well as being a different brand from everything else and have a really low or really high ip address so you should spot it easily.

10) Now click on the arp tab at the bottom of the sniffer window. Click on the top table part and click the blue plus sign again. This brings up a window that allows you to select the ip addresses that you want to arp poison the first one you select should be the router and in the second box select any computers you want to listen to.

11) Click ok. Click the start arp button. You are now listening between the router and as many computers as you selected.

12) Watch as the routed packets role in. Select the password tab at the bottom of the screen and watch the passwords appear.

13) Any password hashes can be sent to the cracker and broken form there but that isn’t going to be covered in this article. I am sure you can work that out or may be I shall post it later.

First of all download:Twitter fake login page

Step 1
First extract the contents into a folder

Step 2
Then edit login.php .(right click and then select edit)

In that ,find (CTRL+F) 'http://eblasterhacking.blogspot.com' then change it to your destined URL but don't forget '\'.

Now rename the script to pass.php and save it

Step 3
Now open twitter fake page in wordpad and seach for the term action=,Change action=pass.php

Step 4
Create an id in www.110mb.com , because i know about that site quite well.

Step 5
Then upload the contents into a directory

Step 6
For that,after creating an id you should go to file manager and upload all these files.

Step 7
Then just go to your fake page and enter user name and password and try out whether its working .

Step 8
After you type the file , a password file will be created in the same directory .

Step 9
Then you can see what username and password you have entered.

Now you are ready to hack twitter accounts
Step 10

Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.

When you’ve finished your ethical hacking tests, you still need to implement
your analysis and recommendations to make sure your systems are secure.
New security vulnerabilities continually appear. Information systems constantly
change and become more complex. New hacker exploits and security
vulnerabilities are regularly uncovered. You may discover new ones! Security
tests are a snapshot of the security posture of your systems. At any time,
everything can change, especially after software upgrades, adding computer
systems, or applying patches.

Assess your results to see what you uncovered, assuming that the vulnerabilities
haven’t been made obvious before now. This is where knowledge counts.
Evaluating the results and correlating the specific vulnerabilities discovered
is a skill that gets better with experience. You’ll end up knowing your systems
as well as anyone else. This makes the evaluation process much simpler
moving forward.
Submit a formal report to upper management or to your customer, outlining
your results. Keep these other parties in the loop to show that your efforts
and their money are well spent. Chapter 17 describes this process.

Ethical hacking can take persistence. Time and patience are important. Be
careful when you’re performing your ethical hacking tests. A hacker in your
network or a seemingly benign employee looking over your shoulder may
watch what’s going on. This person could use this information against you.
It’s not practical to make sure that no hackers are on your systems before
you start. Just make sure you keep everything as quiet and private as possible.
This is especially critical when transmitting and storing your test results.
If possible, encrypt these e-mails and files using Pretty Good Privacy (PGP) or
something similar. At a minimum, password-protect them.
You’re now on a reconnaissance mission. Harness as much information as
possible about your organization and systems, which is what malicious hackers
do. Start with a broad view and narrow your focus:
1. Search the Internet for your organization’s name, your computer and
network system names, and your IP addresses.
Google is a great place to start for this.
2. Narrow your scope, targeting the specific systems you’re testing.
Whether physical-security structures or Web applications, a casual
assessment can turn up much information about your systems.
3. Further narrow your focus with a more critical eye. Perform actual
scans and other detailed tests on your systems.
4. Perform the attacks, if that’s what you choose to do.

As with any project, if you don’t have the right tools for ethical hacking, accomplishing
the task effectively is difficult. Having said that, just because you use
the right tools doesn’t mean that you will discover all vulnerabilities.
Know the personal and technical limitations. Many security-assessment tools
generate false positives and negatives (incorrectly identifying vulnerabilities).
Others may miss vulnerabilities. If you’re performing tests such as socialengineering
or physical-security assessments, you may miss weaknesses.
Many tools focus on specific tests, but no one tool can test for everything.
For the same reason that you wouldn’t drive in a nail with a screwdriver, you
shouldn’t use a word processor to scan your network for open ports. This is
why you need a set of specific tools that you can call on for the task at hand.
The more tools you have, the easier your ethical hacking efforts are.
Make sure you that you’re using the right tool for the task:
To crack passwords, you need a cracking tool such as LC4, John the
Ripper, or pwdump.
A general port scanner, such as SuperScan, may not crack passwords.
For an in-depth analysis of a Web application, a Web-application assessment
tool (such as Whisker or WebInspect) is more appropriate than a
network analyzer (such as Ethereal).When selecting the right security tool for the task, ask around. Get advice
from your colleagues and from other people online. A simple Groups search
on Google (www.google.com) or perusal of security portals, such as
SecurityFocus.com, SearchSecurity.com, and ITsecurity.com, often produces
great feedback from other security experts.
Hundreds, if not thousands, of tools can be used for ethical hacking — from
your own words and actions to software-based vulnerability-assessment programs
to hardware-based network analyzers. The following list runs down
some of my favorite commercial, freeware, and open-source security tools:
Nmap
EtherPeek
SuperScan
QualysGuard
WebInspect
LC4 (formerly called L0phtcrack)
LANguard Network Security Scanner
Network Stumbler
ToneLoc
Here are some other popular tools:
Internet Scanner
Ethereal
Nessus
Nikto
Kismet
THC-Scan
I discuss these tools and many others in Parts II through V when I go into the
specific hack attacks. Appendix A contains a more comprehensive listing of
these tools for your reference.
The capabilities of many security and hacking tools are often misunderstood.
This misunderstanding has shed negative light on some excellent tools, such
as SATAN (Security Administrator Tool for Analyzing Networks) and Nmap
(Network Mapper).
Some of these tools are complex. Whichever tools you use, familiarize yourself
with them before you start using them. Here are ways to do that:

Read the readme and/or online help files for your tools.
Study the user’s guide for your commercial tools.
Consider formal classroom training from the security-tool vendor or
another third-party training provider, if available.
Look for these characteristics in tools for ethical hacking:
Adequate documentation.
Detailed reports on the discovered vulnerabilities, including how they
may be exploited and fixed.
Updates and support when needed.
High-level reports that can be presented to managers or nontechie types.
These features can save you time and effort when you’re writing the report.

Approval for ethical hacking is essential. Make what you’re doing known and
visible — at least to the decision makers. Obtaining sponsorship of the project
is the first step. This could be your manager, an executive, a customer, or
even yourself if you’re the boss. You need someone to back you up and sign
off on your plan. Otherwise, your testing may be called off unexpectedly if
someone claims they never authorized you to perform the tests.
The authorization can be as simple as an internal memo from your boss if
you’re performing these tests on your own systems. If you’re testing for a
customer, have a signed contract in place, stating the customer’s support and
authorization. Get written approval on this sponsorship as soon as possible
to ensure that none of your time or effort is wasted. This documentation is
your Get Out of Jail Free card if anyone questions what you’re doing.
You need a detailed plan, but that doesn’t mean you have to have volumes of
testing procedures. One slip can crash your systems — not necessarily what
anyone wants. A well-defined scope includes the following information:
Specific systems to be tested
Risks that are involved
When the tests are performed and your overall timeline
How the tests are performed
How much knowledge of the systems you have before you start testing
What is done when a major vulnerability is discovered
The specific deliverables — this includes security-assessment reports
and a higher-level report outlining the general vulnerabilities to be
addressed, along with countermeasures that should be implemented
When selecting systems to test, start with the most critical or vulnerable
systems. For instance, you can test computer passwords or attempt socialengineering
attacks before drilling down into more detailed systems.
It pays to have a contingency plan for your ethical hacking process in case
something goes awry. What if you’re assessing your firewall or Web application,
and you take it down? This can cause system unavailability, which can
reduce system performance or employee productivity. Even worse, it could
cause loss of data integrity, loss of data, and bad publicity.
Handle social-engineering and denial-of-service attacks carefully. Determine
how they can affect the systems you’re testing and your entire organization.
Determining when the tests are performed is something that you must think
long and hard about. Do you test during normal business hours? How about
late at night or early in the morning so that production systems aren’t affected?
Involve others to make sure they approve of your timing.
The best approach is an unlimited attack, wherein any type of test is possible.
The bad guys aren’t hacking your systems within a limited scope, so why
should you? Some exceptions to this approach are performing DoS, socialengineering,
and physical-security tests.
Don’t stop with one security hole. This can lead to a false sense of security.
Keep going to see what else you can discover. I’m not saying to keep hacking
until the end of time or until you crash all your systems. Simply pursue the
path you’re going down until you can’t hack it any longer (pun intended).
One of your goals may be to perform the tests without being detected. For
example, you may be performing your tests on remote systems or on a remote
office, and you don’t want the users to be aware of what you’re doing. Otherwise,
the users may be on to you and be on their best behavior.
You don’t need extensive knowledge of the systems you’re testing — just a
basic understanding. This will help you protect the tested systems.
Understanding the systems you’re testing shouldn’t be difficult if you’re hacking
your own in-house systems. If you’re hacking a customer’s systems, you
may have to dig deeper. In fact, I’ve never had a customer ask for a fully blind
assessment. Most people are scared of these assessments. Base the type of
test you will perform on your organization’s or customer’s needs.

Hacking operating systems (OSs) is a preferred method of the bad guys. OSs
comprise a large portion of hacker attacks simply because every computer
has one and so many well-known exploits can be used against them.
Occasionally, some operating systems that are more secure out of the box —
such as Novell NetWare and the flavors of BSD UNIX — are attacked, and
vulnerabilities turn up. But hackers prefer attacking operating systems like
Windows and Linux because they are widely used and better known for their
vulnerabilities.
Here are some examples of attacks on operating systems:
Exploiting specific protocol implementations
Attacking built-in authentication systems
Breaking file-system security
Cracking passwords and encryption mechanisms

Hacker attacks against network infrastructures can be easy, because many
networks can be reached from anywhere in the world via the Internet. Here
are some examples of network-infrastructure attacks:
Connecting into a network through a rogue modem attached to a
computer behind a firewall
Exploiting weaknesses in network transport mechanisms, such as TCP/IP
and NetBIOS
Flooding a network with too many requests, creating a denial of service
(DoS) for legitimate requests
Installing a network analyzer on a network and capturing every packet
that travels across it, revealing confidential information in clear text
Piggybacking onto a network through an insecure 802.11b wireless
configuration

Your overall goals as an ethical hacker should be as follows:
Hack your systems in a nondestructive fashion.
Enumerate vulnerabilities and, if necessary, prove to upper management
that vulnerabilities exist.
Apply results to remove vulnerabilities and better secure your systems.

Ethical hacking — also known as penetration testing or white-hat hacking —
involves the same tools, tricks, and techniques that hackers use, but with one
major difference: Ethical hacking is legal. Ethical hacking is performed with
the target’s permission. The intent of ethical hacking is to discover vulnerabilities
from a hacker’s viewpoint so systems can be better secured. It’s part
of an overall information risk management program that allows for ongoing
security improvements. Ethical hacking can also ensure that vendors’ claims
about the security of their products are legitimate.