Monthly Archives: August 2017

EvilAbigail – Automated Evil Maid Attack For Linux

EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended.

EvilAbigail - Automated Evil Maid Attack For Linux

An Evil Maid attack is characterized by the attacker’s ability to physically access the target multiple times without the owner’s knowledge.

 

Scenarios

  • Laptop left turned off with FDE turned on
  • Attacker boots from USB/CD/Network
  • Script executes and backdoors initrd
  • User returns to laptop, boots as normal
  • Backdoored initrd loads:
    • (Debian/Ubuntu/Kali) .so file into /sbin/init on boot, dropping a shell
    • (Fedora/CentOS) LD_PRELOAD .so into DefaultEnviroment, loaded globally, dropping a shell.

Supported Distros

  • Ubuntu 14.04.3
  • Debian 8.2.0
  • Kali 2.0
  • Fedora 23
  • CentOS 7

You can download EvilAbigail here:

EvilAbigail-master.zip

Or read more here.

LastPass Leaking Passwords Via Chrome Extension

  • LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a company protecting millions of people.
  • It’s a shame Passpack isn’t being updated actively as architecturally it seems like a much better product, the UI is shit though and it’s buggy for managing mass user accounts.

    Password vault LastPass is scrambling to patch critical security flaws that malicious websites can exploit to steal millions of victims’ passphrases.

    The programming cockups were spotted by Tavis Ormandy, a white-hat hacker on Google’s crack Project Zero security team. He found that the LastPass Chrome extension has an exploitable content script that evil webpages can attack to extract usernames and passwords.

    LastPass works by storing your passwords in the cloud. It provides browser extensions that connect to your LastPass account and automatically fill out your saved login details when you surf to your favorite sites.

    However, due to the discovered vulnerabilities, simply browsing a malicious website is enough to hand over all your LastPass passphrases to strangers. The weak LastPass script uncovered by Ormandy can be tricked into granting access to the manager’s internal mechanisms, which is rather bad news.

    The script can also be abused to execute commands on the victim’s computer – Ormandy demonstrated this by running calc.exe simply by opening a webpage. A malicious website could exploit this hole to drop malware on a visiting machine. A victim must have the binary component of LastPass installed to be vulnerable to this attack.

    This is a pretty major vulnerability for a company that is supposed to make your passwords MORE secure, not leak them to any malicious site that has also figured out the same stuff Tavis spotted.

    After advocating password managers for a long time, this is not a good look.

    The password manager developer has experience with Ormandy after he found another flaw in its code last year that could compromise a punter’s passwords just by visiting the wrong website.

    “We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement,” Joe Siegrist, cofounder and VP of LastPass, told The Register.

    “We have made our LastPass community aware of the report made by Tavis Ormandy and have confirmed that the vulnerabilities have been fixed. We were notified early on – our team worked directly with Tavis to verify the report made, and worked quickly to issue the fix. As always, we recommend that users keep their software updated to the latest versions.”

    It appears LastPass’s fix for the Chrome extension issue was to quickly disable 1min-ui-prod.service.lastpass.com – although some say the server is still working for them, so they are still vulnerable. That LastPass backend system resolves to 23.72.215.179 for us right now, and is still up.

    There’s also the flip-side that LastPass is a popular product so it’s more likely people are going to find flaws in it, more eyes on it and all that – and in the end, these discovered flaws make the product much more secure than smaller competitors that undergo less public scrutiny.

    Or not, who knows.

    Source: The Register

How to Hack Facebook Account without Downloading Anything – Easily Hack Facebook Online(TRYOUT)

How to Hack Facebook Account without Downloading Anything

Use our facebook online hack tool that could possibly hack someones facebook account you might stumble upon on software that has lot viruses and malware that steal your data on the background. We are proudly introducing to you a systematically advanced tool that will automatically enter facebook secured database and glitched some vital information like account email address and password.

This tool is Online Based/Server Based you will download nothing but the account details of your victim. Easily hack anyone’s facebook account including celebrities or whatsoever account online without the use of any software! Yes, that’s right this tool is working online-based no need to download any fake software.

Hacking facebook accounts has never been this easier. The only cons about this tool are anybody can hack you as well.

NOTE: This tool is free for all and absolutely no software to download. 

We are freely giving out this for a limited time only. After that, we will be gathering some fees to continue providing the top quality tools on the market for every user’s ease and ignorant-free technology

Spoiler

facebook online hack

how to hack facebook account

 

Instructions on how to hack facebook online:

1. Copy the victim’s profile URL. How to do this is go to your victim’s timeline and copy the full profile URL like the picture below

hack facebook online

2. Paste the copied URL on the field where it is required.

hack facebook online

3. Click “Hack Account” and the process will start. Do not open other tabs as it will slow down the process.

facebook online hack

4. Most of the time we have 99.9% success rate. You will most likely get the details you want. After processing you will now need to click “SHARE” and start downloading the hacked details.

facebook online hack

5. The hacked victims details will start downloading. A .txt file contains the victims “Email Address” and “Password”.

We are only giving this on a limited time basis be sure to grab your own spot!

Features:

  • Hack anyone’s facebook account
  • No Software needed
  • No fees to pay
  • 100% Free
  • Free Updates
  • Never get caught
  • Easy to use even kids can use this
  • User-friendly GUI

How to find Facebook ID

If you cannot find the victims facebook id all by yourself. Alternatively, you can use websites that find the victims facebook id for you. Such as http://findmyfbid.com/

Here’s how:

How to Find Facebook ID

Success! – now enter this details to the website:

How to Find Facebook ID 2

Android Oreo: Google has just made app installs from unknown sources a lot safer

Android 8.0 has introduced a new way to protect devices from malicious Android apps installed from the web or third-party app stores.

Until now, Android users could install apps from places other than Google’s Play Store by enabling ‘Install from unknown sources’ in Android Settings. Though it is a convenient option, users are generally not recommended to enable this feature because it can lead to malicious apps being downloaded to their phone.

Moreover, users who enabled ‘Allow unknown sources’ were still exposed to a benign app offering a bogus security update that in fact installs a malicious app. Google calls these “hostile downloaders” and, according to its 2016 Android security report, they’re the second most prevalent threat on the Play Store following Trojans.

In Android Oreo, Google eschewed the setting for a new ‘Install unknown apps‘ permission that’s tied to each app.

Android Oreo users will need to grant permission to each app to allow it to download apps from untrusted sources. So, the user could enable Drive and a third-party store app to download apps outside the Play Store, but block Chrome and Gmail from downloading unknown apps.

This new per-app opt-in model should go some way to preventing hostile downloaders, given that now the user would need to give the app permission to install another app before a hostile downloader can install software with standard trickery.

The Settings app now lists which apps have been approved for installing unknown apps. Users can also revoke the permission in Settings.

Older versions of Android will continue to use the Settings page to either allow or disallow installs from outside of the Play Store.

Google has outlined changes that app developers need to make to use this new behavior. Essentially they’ll need to declare upfront that they could request permission to be able to install apps from Android’s Package Installer.

Apps that haven’t declared this permission are automatically banned from installing other apps.

 

UACMe – Defeat Windows User Account Control (UAC)

UACme is a compiled, C-based tool which contains a number of methods to defeat Windows User Account Control commonly known as UAC. It abuses the built-in Windows AutoElevate backdoor and contains 41 methods.

UACMe - Defeat Windows User Account Control (UAC)

 

The tool requires an Admin account with the Windows UAC set to default settings.

Usage

Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param].

First param is number of method to use, second is optional command (executable file name including full path) to run. Second param can be empty – in this case program will execute elevated cmd.exe from system32 folder.

Examples:

Caveats

  • This tool shows ONLY popular UAC bypass method used by malware, and reimplements some of them in a different way improving original concepts. There exists different, not yet known to general public methods, be aware of these
  • This tool is not intended for AV tests and not tested to work in an aggressive AV environment, if you still plan to use it with installed bloatware AV soft – you use it at your own risk
  • Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware
  • If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code
  • Most of the methods are created for x64, with no x86-32 support in mind. The author doesn’t see any sense in supporting 32-bit versions of Windows or wow64. However, with small tweaks, most of them will run under wow64 as well

You can download UACMe here:

UACME-v2.7.0.zip

LambdaLocker ransomware victim? Now you can decrypt your files for free

Victims of LambdaLocker ransomware can now get their files back for free using a decryption tool released as part of the No More Ransom initiative.

The scheme was launched last year, with the goal of bringing law enforcement and private industry together to fight file-locking malware.

No More Ransom recently celebrated its one-year anniversary, and now offers over 50 decryption tools for use against more than 100 ransomware families.

Now cybersecurity researchers at Avast Antivirus have added a decryption tool for LambdaLocker to the portal, allowing victims to retrieve their files without paying the 0.5 Bitcoin ($2,200) ransom that attackers demand in exchange for the cryptographic key.

LambdaLocker first appeared in January and uses a combination of AES-256 and SHA-256 ciphers to encrypt victims’ files, making them inaccessible and adding the extension ‘.lambda_l0cked’.

 

Like many forms of ransomware, it’s distributed via spam emails. LambdaLocker is also reported to infect victims via game installers from hacked or malicious download sites and peer-to-peer networks.

Following infection, the victim is presented with a note demanding a ransom, complete with instructions on how to buy and use Bitcoin. The note — which is in English and Chinese — also demands victims pay within a month, or risk losing the encrypted files forever.

 

But, thanks to the release of the decryption tool, victims no longer need to worry about paying the ransom and can retrieve their files without lining the pockets of criminals. At least if they’re attacked with a newer version of the ransomware, that is — there’s currently no decryption available tool for older versions.

10 Best Security Live CD Distros Pen-Test Forensics & Recovery

1. BackTrack

The newest contender on the block of course is BackTrack. An innovative merge between WHax and Auditor (WHax formely WHoppix).

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Get BackTrack Here.

2. Operator

Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Get Operator Here

3. PHLAK

PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.

Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.

Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).

4. Auditor

Auditor although now underway merging with WHax is still an excellent choice.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.

Get Auditor Here

5. L.A.S Linux

L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).

Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.

Get L.A.S Linux Here

6. Knoppix-STD

Horrible name I know! But it’s not a sexually trasmitted disease, trust me.

STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

Get Knoppix-STD Here

 

7. Helix

Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Get Helix Here

8. F.I.R.E

A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

Get F.I.R.E Here

9. nUbuntu

nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.

The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.

Get nUbuntu Here

10. INSERT Rescue Security Toolkit

A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).

INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.

The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2

Get INSERT Here

Extra – Knoppix

Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!

Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.

KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.

Get Knoppix Here

New Trojan malware campaign sends users to fake banking site that looks just like the real thing

A notorious banking Trojan is targeting customers of a major bank with a new email spam campaign, which directs victims to a fake login page that’s indistinguishable from that of their real bank.

The credential-stealing Trickbot banking malware has been hitting the financial sector since last year and targets online banking customers in in the US, UK, Australia, and other countries.

Those behind this particular banking Trojan are continually developing it and have even been experimenting with EternalBlue, the Windows exploit that helped spread WannaCry and Petya.

But no matter how advanced malware gets, phishing remains a common attack vector for distributing malicious payloads.

Uncovered by security researchers at Cyren, the latest Trickbot distribution campaign sent over 75,000 emails in 25 minutes, all claiming to be from Lloyds Bank, one of the UK’s biggest banks.

Emails were sent with the subject ‘Incoming BACs’, a reference to BACS, a system that allows users to make payments directly from one email account to another. The emails claim that the target needs to review and sign attached documents.

 

Once a computer is infected with Trickbot, the malware runs in the background and waits for the victim to visit their online bank.

When they do so, Trickbot redirects them to a malicious site, which in this case is a fake version of the Lloyds website that looked exactly like the real thing — complete with the correct URL of the online bank and a legitimate SSL certificate, so a user may not suspect they’re being tricked.

 

“TrickBot evolves and changes almost every day and targets new banks all over the world, so all banks should be on alert,” said Stefnission.

It’s currently not clear who is behind Trickbot, but the way the malware is continually evolving suggests it’s the work of a well-organised, well-funded cybercriminal group.

Remove Blue Ticks WhatsApp Hacks 2017

This is one of the major feature of WhatsApp which have ruined many relationships!! So let’s get started on how you can hide blue ticks on WhatsApp

  1. Get the Latest version of WhatsApp from here https://www.whatsapp.com/download/
  2. Uninstall the old version of WhatsApp and install the latest version (The one you recently downloaded)
  3. Now open WhatsApp and go to Settings > Privacy > Now Disable the “Read Receipts” option
  4. Done!!