Monthly Archives: August 2016

Dropbox Hacked – 68 Million User Accounts Compromised

Dropbox Hacked – 68 Million User Accounts Compromised
So was Dropbox Hacked? There was some rumours going around last week after it sent out a password reset e-mail warning to all users. It seems like it’s limited to users who were active in 2012 and the only ones who would be in trouble are as usual, those who haven’t changed their password since […]

The post Dropbox Hacked – 68 Million…

Read the full post at darknet.org.uk


New feed

Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset

The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. The ETOpen Ruleset is not a full coverage ruleset, and may not be sufficient for many regulated environments and should not be used as a standalone ruleset.

Emerging Threats ETOpen - Anti-malware IDS IPS Ruleset

The ET Open ruleset is open to any user or organization, as long as you follow some basic guidelines. The ET Open ruleset is available for download any time without login.

Requirements

To use this ruleset you needs an IDS such as Snort or Suricata.

For much deeper information on what you should do, how to tune your ruleset and more check here:

What Every IDS User Should Do

You http://doc.emergingthreats.net/bin/view/Main/WhatEveryIDSUserShouldDocan’t and definitely shouldn’t try and run every rule.

 

Rule Categories

  • Attack-Response Rules – These are designed to catch the results of a successful attack. Things like “id=root”, or error messages that indicate a compromise may have happened. Note: Trojan and virus post-infection activity is included generally in the VIRUS ruleset, not here.
  • BotCC Rules – These are autogenerated from several sources of known and confirmed active Botnet and other Command and Control hosts. Updated daily, primary data source is Shadowserver.org.
  • Compromised Rules – This is a list of known compromised hosts, confirmed and updated daily as well. This set varied from a hundred to several hunderd rules depending on the data sources. This is a compilation of several private but highly reliable data sources. Warming: Snort does not handle IP matches well load-wise. If your sensor is already pushed to the limits this set will add significant load. We recommend staying with just the BotCC rules in a high load case.
  • Current_Events Rules – These are rules that we don’t intend to keep in the ruleset for long, or that need to be tested before they are considered for inclusion. Most often these will be simple sigs for the Storm binary URL of the day, sigs to catch CLSID’s of newly found vulnerable apps where we don’t have any detail on the exploit, etc. Useful sigs, but not for the long term.
  • DOS Rules – Intended to catch inbound DOS activity, and outbound indications. Relatively self-explanatory.
  • DROP Rules – This is a daily updated list of the Spamhaus DROP (Don’t Route or Peer) list. Primarily known professional spammers. More info at http://www.spamhaus.org
  • DShield Rules – Daily updated list of the DShield top attackers list. Also very reliable. More indo at http://www.dshield.org
  • Exploit Rules – Rules to detect direct exploits. Generally if you’re looking for a windows exploit, Veritas, etc, they’ll be here. Things like SQL injection and the like, whie they are exploits, have their own category.
  • Game Rules – World of Warcraft, Starcraft, and other popular online games have sigs here. We don’t intend to label these things evil, just that they’re not appropriate for all environments.
  • Inappropriate Rules – Porn, Kiddy porn, sites you shouldn’t visit at work, etc. Warning: These are generally quite Regex heavy and thus high load and frequent false positives. Only run these if you’re really interested.
  • Malware Rules – My personal favorite. This set was originally intended to be just spyware. That’s enough to several rule categories really. The line between spyware and outright malicious bad stuff has blurred to much since we originally started this set. There is more than just spyware in here, but rest assured nothing in here is something you want running on your net or PC. There are URL hooks for known update schemed, User-Agent strings of known malware, and a load of other goodies. If you can only run one ruleset to jsutify your IDS infrastructure, this is it!
  • P2P Rules – Peer to Peer stuff. Bittorrent, Gnutella, Limewire, you name it. We’re not labeling these things Bad(tm), just not appropriate for all networks and environments.
  • Policy Rules – Rules for things that are often disallowed by company or organizational policy. Myspace, Ebay, that kind of thing.
  • RBN Rules – The Russian Business Network. These rules track the networks they’re known to own and regularly used. Updated whenever information changes.
  • Scan Rules – Things to detect reconnaissance and probing. Nessus, Nikto, portscanning, etc. Early warning stuff.
  • VOIP Rules – A new and emerging ruleset. Small at the moment, but we expect it to grow soon.
  • Web Rules – Some SQL Injection, web server overflows, vulnerable web apps, that kind of thing. Very important if you’re running web servers, and pretty reasonable load.
  • Web-SQL-Injection Rules – This is a large ruleset that intends to catch specific attacks on specific applications. There are some general SQL injection rules that work pretty well to catch most of what’s covered here. But these rules are much more specific to apps and web servers. Run this if you run a highly critical web farm, or are interested in having exact information about incoming web attacks.

The entire ruleset is available for download here:

https://rules.emergingthreats.net/

123456 Still The Most Common Password For 2016

So sadly, but also unsurprisingly ‘123456’ is still the most common password for 2016 (based on leaked password lists)

123456 Still The Most Common Password For 2015

Way back in 2006, it clocked in at number 5 in a rather UK centric look at passwords. Interestingly, back in 2006 a weaker version of the same password was number 1, I think 6 digit password requirements hadn’t become commonplace yet.

The top 10 most commonly used passwords for 2015:

1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball

And as you can see this year, 8 characters minimums must have become a thing with 12345678 clocking in at 6th place.

You’d think with all the massive, extremely messy, public hacks that have taken place – people would have wised up a little. But then I always forgot the number of stupid people is a constant, so the more people come on-line or use computers, the greater the absolute number of idiots there are.

The only thing I’m glad about is that football is more popular than baseball.

As for preventing this, use a password generator (preferably the one inside your password manager, because you are using a password manager right?), use separate passwords per site (easier with a password manager), don’t use predictable passwords (yourname, yourname1 etc for each different site).

Bypass Android Screen Lock/PIN/PATTERN/FACE – 2016

Android is one of the most popular SmartPhone Operating System. As of Now there are over a billion android users. Every android user must be familiar with Pattern/PIN lock/Face Recognition,a security feature which ensures authorized access to their devices. But sometimes the users forget the pattern or they try the wrong pattern more than the permitted number of tries allowed,getting locked out. In this guide I have collected almost all possible methods to break/bypass a pattern/PIN/Face protected android device.
Follow the below given methods one by one.

Method 1 ( Only If Custom Recovery like Cwm, Twrp, Xrec,Etc… is Installed:)

Procedure:

1. Download this zip Pattern Password Disable on to your sdcard (using your PC, as you cant get into your phone)
2. Insert the sdcard into your phone
3. Reboot into recovery mode
4. Flash the zip
5. Reboot
6. Done!

Note : After Restarting if it still asks any pattern/PIN,just try some random pattern/PIN

Method 2 (For All Devices With Custom Recovery Installed )

Procedure (Using Aroma File Manager)

1.Download and Copy Aroma File manager.zip to your memory card.

2. Open your recovery (press volume Down + Power button or it can be different according to the phones. Generally the phones who have press able button on the middle they have to press all three buttons. Google for you pattern)

3. There will be an option in recovery called “mount”. Go in that option and then mount all the cache and everything what is there.

4. Then select “update” and select “apply update from SD/external” and select aroma file manger.zip file that you downloaded.

5. After Flashing or updating, the aroma file manger will open. Use volume keys for up/down and power button 2 select like you use to get into recovery.

6. In aroma File manager , Go to menu , which is located in bottom strip and then select Settings.

7. Go to bottom n select “mount all partition in startup ” then exit from aroma file manger.

8. Now after exit , re-update that aroma file again and it will open again.

9. Go to data >> and then System.

Then find ‘gesture.key’ (for pattern lock) and ’password.key’ (for password lock) then long touch on gesture.key or password.key and sum option will be prompted , choose delete and delete that file and restart.

Note : After Restarting if it still asks any pattern/PIN,just try some random pattern/PIN
Method 3 (No Custom Recoveries Installed)

Requirements.

PC(Linux or Windows+Cygwin Installed)
USB Cable and
adb(Android Debug Bridge) installed.

How to install adb(Linux)

Open Terminal Type the below command and hit enter.
sudo apt-get install android-tools-adb

Follow the instructions until everything is installed.

How to install adb(Windows)

Download the .exe and run it. For download & Instrutions refer the guide here

Procedure

Connect the phone to the computer via USB(phone should be turned on).
Open a terminal window(Linux) or cmd(windows).
Type the below commands one by one,pressing enter.
adb devices
adb shell
cd data/system
su
rm *.key
That’s all. Reboot the device.

Note : After Restarting if it still asks any pattern/PIN,just try some random pattern/PIN

Method 4 (All Devices Via Adb – SQL Command)
Open terminal(Linux)/cmd(Windows) and type the following commands,each at a time,followed by enter.
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name=’lock_pattern_autolock’;
update system set value=0 where name=’lockscreen.lockedoutpermanently’;
.quit
Done. Reboot the device.

Note : After Restarting if it still asks any pattern/PIN,just try some random pattern/PIN
Don’t forget to check : Task Hijacking Attack: Another Dreaded Android Vulnerability

Method 5 (All Devices Via Adb – File Removal )

Procedure:

Open terminal(Linux)/cmd(Windows) and type the following command.
adb shell rm /data/system/gesture.key
That’s it. You should be able to use the device without password/Pattern lock now. If it asks for password?pattern at startup just give any random pattern/PIN

Method 6 (All Devices With USB Debugging Enabled )

Procedure: (Primary Steps)
Download & Extract Bypass Security Hack program.
Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
Navigate to By-pass security Hacks folder and open Terminal/Cmd there.
Run the file pull settings.db.cmd this will pull out the setting file out of your phone.
Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
Navigate to Browse data tab, At table there, click to list down the selection & delete secure

Instruction To Remove Pattern Lock:

Continuing the above procedures,find the record named lock_pattern_autolock, and delete it.
Close & save database
Run push settings.db.cmd and reboot your phone

Instruction To Remove PIN Lock:

From the list, find lockscreen.password_type, double-click it & change it’s value to 65536, and apply changes. (Note: If that file is not there create it)
Next find lock_pattern_autolock, and delete record, If doesn’t exist, Ignore
Close & save database
Run push settings.db.cmd and reboot your phone

Instruction To Remove Password Lock:
Find lockscreen.password_salt, Delete Record
Next find lockscreen.password_type, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone

As always give any random password/PIN/Pattern if it asks in the first boot.
Are you a Smartphone User? Then do not forget to read this post : Ad network DDoS Vectors: Using Smartphones For Mass DDoS Attack

Method 7 (Taking Precaution Before Lock Accident) :

As the title says,this method will act as a precaution, before you get locked up,while you still have access to the device.

SMS Bypass [Root Required]- Download & Install It On Your Device.
This App Allows You To Remotely Bypass Your Phone’s Screen Lock By Sending A SMS.
It Removes Your Gesture Pattern Or Password After Receiving A Preset Keyword Along With A Secret Code Via SMS.
SMS Bypass App Requires Root.
Procedure:

1.First, make sure you give permanent root access to the app.
2.Change the secret code to your preferred choice. The default password is : 1234
3.To reset your screen lock, send the following message from another phone:
secret_code reset
Example:

1234 reset

Note 1 : There is a space between your secret code and reset. Also the secret code is case sensitive.
Note 2 : There is an option available to change the preset keyword. Default is : reset – Your phone will restart and your lock screen will be reset.

If None Of The Above Methods Work,Do Factory Reset/Full Wipe The Device

Hacking android on local network via Droid jack 4.4

Droid Jack is one of the best RATs for android. It requires litte setup and offer many functionalities which include :-
+ File Voyager
+ SMS Trekker
+ Call Manager
+ Contacts Browser
+ Remote Eyes
+ Remote Ears
+ Browser
+GPS Locator
+ Message Toaster
+ App Manager
+ Detailed Info

This tutorial is about hacking android if it exists on the same network. A detailed tutorial for remote connection will be updated later. The hack consists of fol Steps :-


1.    Download Droid jack 4.4 Cracked

       The file can be downloaded from Droid jack 4.4
2.    Extract and look for the droid jack.jar. You need java installed to open the file.


3.    Login with any fake username and password as it is already cracked.

 
4.    Now go to apk generator tab. Input file name. Set port number as 1337. You can set it as stealth. which can make the application hidden on mobile but it does not work on all mobiles. The icon of the app can also be changed but it should be 96 x 96.
 
 
5.    Now install the apk on victims phone. It can be done through internet as well or any social engineering method.Now go to devices tab and start listening on port 1337. As soon as victims install the app an alert is generated and victims mobile is shown here.
 
 
6.   Now the victim has been hacked and we can browse through his internet history, contacts and files.
 

Share ZIP, PDF, EXE, APK, RAR and Big Files: Whatsapp

This given whatsapp trick will help you to share zip, pdf, exe, apk, rar and big files from your whatsapp. As we all know whatsapp came with the limitation that you can only send audio, video and images with it. But with the help of this trick, You will be able to send or share ZIP, PDF, EXE, APK, RAR and even big files with your friends on whatsapp

 

Follow below steps to send big files on your whatsapp:

1. First of all install DropBox and CloudSend Application in your mobile

2. Open CloudSend, you will be prompted to link with Dropbox, Click Allow

3. Share the file on CloudSend which you want to share with your friends on whatsapp.

4. File be automatically uploaded to your DropBox server and link will be provided to that file

5. Copy the given link and share it to with your friends on WhatsApp. You friend will simply open that link and can able to download the file in their mobile

The above given whatsapp trick to send big files is very easy to use. If you have any doubts or find any difficulties to use this tricks then you can contact us or comment below. We will solve it as soon as possible.

.

Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset

Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset
The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. The ETOpen Ruleset is not a full coverage ruleset, and may not be sufficient for many regulated environments and should not be used as a standalone ruleset. The ET Open…

Read the full post at darknet.org.uk


New feed

MODULE 7.6 Adware, Scareware, Ransomware – Explained

ADWARE

  • Adware is a well-known type of malware. Many systems are actively infected with this type of malware from the various installations and other activities they perform.
  • When this type of software is deployed onto a victim’s system, it displays ads, pop-ups, and nag screens and may even change the start page of the browser.
  • Typically, this type of software is spread either through a download with other software or when the victim visits a website that deploys it stealthily onto their system.

SCAREWARE

  • A relatively new type of software is scareware. This type of malware warns the victim of potential harm that could befall them if they don’t take some action.
  • Typically, this action involves providing a credit card number or doing something else to buy a utility they supposedly need to clean their system. In many cases, the utility the victim buys and installs is actually something else, such as spyware, adware, or even a virus.
  • This type of software relies on the ignorance or fear of potential victims who do not know that they are being played.

RANSOMWARE

  • This new form of malware is one that is rapidly spreading and can cause lots of problems for those infected.
  • Ransomware functions typically by searching for valuable files or data and encrypting them. Once they’re encrypted, the victim will be informed that they need to pay an amount to get the code to unlock their files.
  • Another form of this type of malware is not to encrypt files but to display pornographic images on their system and stop only if a certain amount is paid in ransom.

 

Thanks For Reading – Any Questions Submit Below !

MODULE 7.5 Spyware Explained

Spyware is a type of malware that is designed to collect and forward information regarding a victim’s activities to an interested party. The defining characteristic is that the application acts behind the scenes to gather this information without the user’s consent or knowledge.

The information gathered by spyware can be anything that the creator of the spyware feels is worthwhile. Spyware has been used to target ads, steal identities, generate revenue, alter systems, and capture other information. In addition, it is not unheard of for spyware to open the door for later attacks that may perform tasks such as downloading software and so on.

Methods of Spyware Infection

Spyware can be placed on a system in a number of different ways, each offering its own benefits. Once the software is installed, it stays hidden and carries out its goals. Methods of infection include, but are not limited to, the following:

Peer-to-Peer Networks (P2P) This delivery mechanism has become very popular because of the increased number of individuals using these networks to obtain free software.

Instant Messaging (IM) Delivering malicious software via IM is easy. Plus, IM software has never had much in the way of security controls.

Internet Relay Chat (IRC) IRC is a commonly used mechanism to deliver messages and software because of its widespread use and the ability to entice new users to download software.

Email Attachments With the rise of email as a communication medium, the practice of using it to distribute malware has also risen.

Physical Access Once an attacker gains physical access, it becomes relatively easy to install spyware and compromise the system.

Browser Defects Many users forget or do not choose to update their browsers as soon as updates are released, so distribution of spyware becomes easier.

Freeware Downloading software for free from unknown or untrusted sources can mean that you also download something nastier, such as spyware.

Websites Software is sometimes installed on a system via web browsing. When a user visits a given website, spyware may be downloaded and installed using scripting or some other means. Spyware installed in this manner is quite common, because web browsers lend themselves to this process. They are frequently unpatched, do not have upgrades applied, or are incorrectly configured. In most cases, users do not use the most basic security precautions that come with a browser; and sometimes users override security options to get a better browsing experience or to see fewer pop-ups or prompts.

Software Installations One common way to install software such as spyware on a victim’s system is as part of another software installation. In these situations, a victim downloads a piece of software that they want, but packaged with it is a payload that is silently installed in the background. The victim may be told that something else is being installed on the system but may click through the installation wizard so quickly without reading anything that they miss the fact that additional software is being placed on their system.

 

Thanks For Reading – Any Questions Submit Below !

MODULE 7.4 The Functioning of Computer Worms

Worms are an advanced form of malware, compared to viruses, and have different goals in many cases. One of the main characteristics of worms is their inherent ability to replicate and spread across networks extremely quickly, as Slammer . Most worms share certain features that help define how they work and what they can do:

  • Do not require a host application to perform their activities.
  • Do not necessarily require any user interaction, direct or otherwise, to function.
  • Replicate extremely rapidly across networks and hosts.
  • Consume bandwidth and resources.

Worms can also perform some other functions:

  • Transmit information from a victim system back to another location specified by the designer.
  • Carry a payload, such as a virus, and drop off this payload on multiple systems rapidly. With these abilities in mind, it is important to distinguish worms from viruses by considering a couple of key points:
  • A worm can be considered a special type of malware that can replicate and consume memory, but at the same time it does not typically attach itself to other applications or software.
  • A worm spreads through infected networks automatically and requires only that a host is vulnerable. A virus does not have this ability.