Monthly Archives: December 2017

WannaCry ransomware: Now the US says North Korea was to blame

North Korea was behind the WannaCry ransomware attack that caused chaos around the world earlier this year, according to the US government.

 

After careful investigation, the U.S. today publicly attributes the massive WannaCry cyberattack to North Korea,” Thomas Bossert, US Homeland security advisor, wrote in an article for the Wall Street Journal.

“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behaviour is growing more egregious. WannaCry was indiscriminately reckless,” Bossert said.

The WannaCry attack in May was the biggest crisis of its type so far. The ransomware demands $300 in bitcoin for unlocking encrypted files — a price which doubles after three days. If the ransom wasn’t paid, users were threatened with having their files permanently deleted.

The malware spread rapidly, and more than 300,000 PCs fell victim.

“It was costly, cowardly and careless. The attack was widespread and cost billions, and North Korea is directly responsible,” said Bossert. The US administration is expected to also make an official statement about WannaCry.

 

The NHS in the UK was particularly affected. In total, one-third of NHS trusts in England were disrupted by the WannaCry attack, with 81 of the 236 trusts impacted and 595 GP practices also hit, resulting in thousands of operations and appointments being cancelled. None paid the ransom demanded by those behind WannaCry.

The ransomware worm is so potent because it exploits a known software vulnerability called EternalBlue. In a twist worthy of a spy novel this Windows flaw was one of many zero-days that apparently was known to the NSA — before being leaked by the Shadow Brokers hacking collective. While a patch existed for the flaw by the time WannaCry hit, many organisations had failed to apply it.

This is not the first time that North Korea has been linked with the WannaCry attack: as early as June this year the UK’s intelligence agencies were investigating a potential link to North Korean hacking operation the Lazarus Group, which has been associated with a number of high-profile cyberattacks in recent years, including the $80m Bangladeshi bank heist and 2014’s Sony Pictures hack. In October a UK government minister also said that North Korea was behind the attack.

So while the accusations are not new, the US statement comes at a time of rising tensions as the White House tries to put more pressure on North Korea over its nuclear programme.

Figuring out what motivated the WannaCry attack in the first place may be even more difficult. In January this year, US intelligence chiefs warned that Pyongyang “remains capable of launching disruptive or destructive cyber attacks to support its political objectives”.

However, it also possible that North Korea is using its hackers to raise cash. Bossert noted that the country is “increasingly using cyberattacks to fund its reckless behaviour and cause disruption across the world”.

If WannaCry was an attempt to generate income for Pyongyang it hasn’t been particularly successful, especially considering the chaos it caused. While the attack cost organisations billions, it didn’t generate much ransom, perhaps as little as $200,000.

And yet, even as recently as last week someone paid a ransom. While the worst of the WannaCry storm has passed, its effects will be felt for some time to come.

 

net-creds – Sniff Passwords From Interface or PCAP File

net-creds is a Python-based tool for sniffing plaintext passwords and hashes from a network interface or PCAP file – it doesn’t rely on port numbers for service identification and can concatenate fragmented packets.

net-creds - Sniff Passwords From Interface or PCAP File

 

Features of net-creds for Sniffing Passwords

It can sniff the following directly from a network interface or from a PCAP file:

  • URLs visited
  • POST loads sent
  • HTTP form logins/passwords
  • HTTP basic auth logins/passwords
  • HTTP searches
  • FTP logins/passwords
  • IRC logins/passwords
  • POP logins/passwords
  • IMAP logins/passwords
  • Telnet logins/passwords
  • SMTP logins/passwords
  • SNMP community string
  • NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc.
  • Kerberos

 

You can download net-creds here:

net-creds-master.zip

Why You Should Be Using a VPN & Which Is Best Vpn For Android

 

What Is a VPN?

Put simply, a Virtual Private Network, or VPN, is a group of computers (or discrete networks) networked together over a public network—namely, the internet. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they’re not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they’re using an untrusted public network.

 

What Makes for a Good VPN?

The best VPNs offer a solid balance of features, server location, connectivity protocols, and price. Some are great for occasional use, others are geared towards getting around the location restrictions companies put on their apps and services, and others are targeted at people who do heavy downloading and want a little privacy while they do it. Here’s what you should look for.

  1. Protocol: When you’re researching a VPN, you’ll see terms like SSL/TLS (sometimes referred to as OpenVPN support,) PPTP, IPSec, L2TP, and other VPN types.
  2. Corporate and Exit Locations: Depending on what you’re using a VPN for, your service’s location—and the exit locations you can choose—are important to consider. If you want to get around a location restriction and watch live TV in the UK, for example, you want to make sure your VPN service provider has servers in the UK.
  3. Logging: When you connect to a VPN, you’re trusting the VPN service provider with your data. Your communications may be secure from eavesdropping, but other systems on the same VPN—especially the operator—can log your data if they choose.
  4. Anti-Malware/Anti-Spyware Features: Using a VPN doesn’t mean you’re invulnerable. You should still make sure you’re using HTTPS whenever possible, and you should still be careful about what you download. Some VPN service providers—especially mobile ones—bundle their clients with anti-malware scanners to make sure you’re not downloading viruses or trojans.
  5. Mobile Apps: If you’re going to spend money on a VPN service provider (or even if you use a free one, frankly), you should be able to get a consistent experience across all of your devices.
  6. Price: Finally, go into your user agreement with both eyes open. You should read the privacy policy for the service you’re interested in, and be very aware of the differences between free and paid services.

Download Free Vpn Services For android from below

 

 

 

 

 

Beware – Keylogger uncovered on hundreds of HP PCs

Hewlett Packard has issued an emergency patch to resolve a driver-level keylogger discovered on hundreds of HP laptops.

The bug was discovered by Michael Myng, also known as “ZwClose.” The security researcher was exploring the Synaptics Touchpad SynTP.sys keyboard driver and how laptop keyboards were backlit and stumbled across code which looked suspiciously like a keylogger.

In a blog post, ZwClose said the keylogger, which saved scan codes to a WPP trace, was found in the driver.

 

While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code — including Trojans — could take advantage of the keylogging system to spy on users.

“I messaged HP about the finding,” Myng said. “They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.”

 

keylogger in the Conexant HD audio driver package, installed in dozens of HP devices. HP quickly rolled out a patch which resolved the issue, which could be used to collect data including passwords, website addresses, and private messages.

10 of the Most Significant Ransomware Attacks of 2017

Here are 10 of the most significant ransomware attacks from the past year.

  1. Unknown

On 26 July 2017, Arkansas Oral & Facial Surgery Center suffered an attack at the hands of an unknown ransomware. The incident didn’t affect its patient database. However, it did affect imaging files like X-rays along with other documents such as email attachments. It also rendered patient data pertaining to appointments that occurred three weeks prior to the attack inaccessible.

At the time of discovery in September 2017, Arkansas Oral & Facial Surgery could not determine whether the ransomware attackers accessed any patients’ personal or medical data. It therefore decided to notify 128,000 customers of the attack and set them up with a year of free credit-monitoring services.

  1. Reyptson

Emsisoft security researcher xXToffeeXx detected a new ransomware threat called Reyptson back in July 2017. Upon successful infection, Reyptson checks to see if Mozilla’s Thunderbird email client is installed on the computer. If it is, the ransomware attempts to read the victim’s email credentials and contact list.

The threat isn’t interested in viewing this data to compromise the victim’s privacy. Instead it leverages those contacts to conduct a spam distribution campaign from the victim’s computer. Each of those spam messages comes with a fake invoice document that contains an executable responsible for loading up the ransomware.

  1. LeakerLocker

McAfee’s research team detected “Android/Ransom.LeakerLocker.A!Pkg,” also known as LeakerLocker, back in July 2017. They found it hiding inside of two Android applications: Booster & Cleaner Pro, an app which had 5,000 installs at the time of discovery, and Wallpapers Blur HD, a program with 10,000 installs.

LeakerLocker doesn’t encrypt an infected device’s files. Unlike other Android-based ransomware, it locks the home screen and claims to access the device’s email addresses, contacts, Chrome history, text messages and calls, pictures, and device information. The threat then displays this information in a WebView and demands $50 in payment if the victim doesn’t want their data shared with all of their phone contacts.

  1. WYSIWYE

In April 2017, Panda Security’s researchers discovered a new type of ransomware that they nicknamed “What You See Is What You Encrypt,” or “WYSIWYE.” The digital threat comes with an interface that an attacker can use to configure their preferences, including the email address that will appear in the ransom note that is sent to the victim. From that interface, they can also go after certain network computers, target specific files, and enter stealth mode.

The threat attacks a computer via a Remote Desktop Protocol (RDP) brute force attack. This type of intrusion oftentimes involves scanning the web for open RDP servers. If they find one, attackers use a tool to try hundreds of thousands of password combinations to steal the RDP credentials. They then deploy WYSIWYE onto the targeted network computer.

  1. Osiris

On 12 December 2016, the Cockrell Hill Police Department in Dallas, Texas learned of a security incident in which a computer virus affected one of its servers. The infection, which the police department contained to a single server, occurred when an employee received spam mail from an email address imitating a department-issued email address.

The Cockrell Hill Police Department traced the infection to a virus known as “Osiris,” which could be in reference to one variant of Locky ransomware. Osiris encrypted Microsoft Office and Excel documents as well as all body camera video, some in-car video, some in-house surveillance video, and some photographs dating back to 2009. It then demanded 4,000 USD in Bitcoin. Cockrell Hill’s police recovered the documents off CDs and DVDs, but without comprehensive data backups, they lost access to the affected video and photographs.

  1. Cerber

Cerber is one of the heavy-hitters in the ransomware sphere. It’s also one of the most prolific crypto-malware threats. Indeed, Microsoft detected more enterprise PCs infected with Cerber than any other ransomware family over the 2016-17 holiday season.

Bad actors have outfitted Cerber with new tactics and techniques since then. Malwarebytes observed one such modification in August 2017 with respect to a campaign that begins with Magnitude Exploit Kit. Upon successful exploitation of a hard-coded vulnerability, Magnitude loads a variant of Cerber that uses binary padding to artificially increase its size and thereby skirt scanning restrictions imposed by most security software.

  1. Locky

Since its discovery in February 2016, Locky and its ever–multiplying variants have relied on spam botnets like Necurs for distribution. The crypto-ransomware went dark in early 2017. However, it resurfaced in August with one of its largest campaigns yet: 23 million spam messages sent out over a 24-hour period.

Detected by AppRiver, the operation sent out emails containing subject lines like “pictures” and “documents” that bore a request to “download it here.” The emails come with a ZIP attachment that contains a Visual Basic Script (VBS) file. This file, in turn, pulls down Locky.

  1. BadRabbit

A week before Halloween, Kaspersky Lab revealed it had received “notifications of mass alerts” of a new ransomware targeting Ukrainian and Russian organizations. Some of the victims included Russian news media outlets Fontanka.ru and Interfax as well as Kiev’s metro system and an airport in  Odessa. ESET researchers believe the ransomware also hit targets in Poland, South Korea, and the United States.

Kaspersky’s researchers ultimately identified the threat as BadRabbit. Unlike WannaCry and NotPetya, BadRabbit did not exploit a Microsoft vulnerability for distribution. Instead it used drive-by attacks to deliver the ransomware dropper, a smaller-scale operation which demanded 0.5 Bitcoins in ransom from only hundreds (not hundreds of thousands) of victims.

  1. NotPetya

News of NotPetya first broke on 27 June when power distributors in Ukraine and the Netherlands confirmed hacking attacks that affected their systems. Not long afterwards, Ukraine’s government, the offices of multinationals in Spain, and the British advertising group WPP confirmed similar incidents. Researchers quickly traced the attacks to Petya, a form of ransomware which encrypts the Master Boot Record. They also observed how those newer variants were abusing the same EternalBlue vulnerability as exploited by WannaCry for distribution.

A closer look by Kaspersky Lab, however, revealed that Petya wasn’t actually involved in the worldwide campaign. The responsible malware borrowed large chunks of code from Petya, but it behaved as a wiper in that it offered no way for users to recover their affected data. For that reason, Kaspersky named the threat “NotPetya.”

  1. WannaCry

On 12 May 2017, an updated version of WCry/WannaCry ransomware called “WanaCrypt0r 2.0” struck hospitals belonging to the United Kingdom’s National Health Service (NHS), internet service provider Telefonica, and other high-profile targets around the world. Each victim subsequently received a note demanding $300 in Bitcoin as ransom. As with other variants, however, meeting the WannaCry attackers’ demand didn’t guarantee that a victim would receive a decryption key for their affected files.

Researchers later determined that WannaCry made its rounds by exploiting EternalBlue, a vulnerability which Microsoft patched in a security bulletin in March 2017. It’s believed bad actors incorporated EternalBlue into WannaCry’s delivery and distribution mechanism after a band of criminals known as the Shadow Brokers leaked EternalBlue and other exploit code stolen from the Equation Group hacker collective onto the public web. In total, WannaCry affected more than 300,000 organizations worldwide.

This ransomware asks victims to name their own price to get their files back

A brand new type of ransomware, which stocks similarities with Locky, lets in its sufferers to barter the associated fee for retrieving their encrypted information.

Scarab ransomware was once first exposed in June, however right through November, it was once abruptly disbursed in thousands and thousands of junk mail emails, in step with researchers at Fortinet. The emails had been disbursed by way of Necurs, the botnet notorious for spreading the highly-successful Locky ransomware.

The file-encrypting malware is deployed when the sufferer runs a VBScript software contained inside of a malicious e mail, which retrieves Scarab from payload internet sites. Researchers at PhishMe stated the script comprises similarities to the mechanism used to ship Locky.

The ones at the back of Scarab have additionally selected to fill the supply code of the ransomware with what seem to be references to Sport of Thrones persona Jon Snow.

john-snow-ransomware-code.png
The Scarab supply code references Sport of Thrones.


Symbol: PhishMe

As soon as put in and done at the sufferer’s pc, the malware will connect with a web page that gives the attacker with the sufferer’s IP deal with and different device knowledge — prone to support the attacker in maintaining a tally of sufferers.

Even supposing the device is taken offline right through the method, the ransomware nonetheless encrypts the information with the .scarab dossier extension and items the sufferer with a ransom observe.

scarab-ransom-note.pngscarab-ransom-note.png
The Scarab ransom observe – with e mail deal with for negotiating cost.


Symbol: PhishMe

However moderately than tough a collection charge to unlock the information, the attackers at the back of Scarab ask the sufferers to e mail them to be able to negotiate a cost in bitcoin — the cryptocurrency incessantly utilized by attackers to assemble ransom bills.

The usage of an e mail deal with suggests the attackers are not as subtle as the ones at the back of different kinds of ransomware. On the other hand, they do appear to be operating to the speculation that if they enable the sufferer to set their very own value for the ransom, they are much more likely to obtain a cost.

See additionally: Ransomware: An govt information to probably the most largest menaces on the internet

“The negotiation procedure inspired by way of the Scarab ransomware is especially fascinating. Whilst coming into into negotiations indubitably makes it much more likely ransom of a few type might be paid, it additionally permits them to differ calls for relying at the price of bitcoin at the moment,” stated Aaron Higbee, co-founder and CTO of PhishMe.

Researchers recommend the upward thrust within the price of bitcoin has performed an element within the shift to the use of this tactic. A charge of round one bitcoin was once incessantly set because the ransom call for right through 2016, when the worth of bitcoin was once underneath $1000. On the time of writing, one bitcoin is price over $16,000.

Attackers are prone to perceive the common sufferer is not going to have the price range to pay this charge, so by way of permitting the sufferer to indicate a worth, the ones at the back of Scarab are much more likely to ensure a payday for his or her legal paintings.

The ones at the back of Scarab additionally try to display they may be able to be relied on to carry up their finish of the malicious handle using a commonplace tactic of ransomware vendors: providing to decrypt some information at no cost. In addition they supply directions on methods to download bitcoin so as in order that they may be able to obtain cost from sufferers.

On the other hand, those are not acts of neighborhood spirit. The attackers are criminals who’re in search of benefit by way of extorting a cost out of the unlucky sufferer — a fact hammered house by way of the ransom observe, which says: “Decryption of your information with the assistance of 3rd events would possibly motive an higher value.” The attackers additionally upload that by way of making an attempt to make use of decryption gear, the sufferer “can grow to be a sufferer of a rip-off”.

Researchers are these days undecided if Scarab might be a short lived ransomware marketing campaign — like Jaff — or if it is going to grow to be a long-standing risk like Locky.

Fresh and similar protection

Ransomware: Safety researchers spot rising new pressure of malware

‘Magniber’ ransomware may doubtlessly be an experiment by way of folks at the back of the Cerber ransomware circle of relatives.

Suppose cybercriminals are glad about the upward thrust of ransomware? Suppose once more

Ransomware is rising, however its upward push has break up opinion amongst cybercriminals.

Bitcoin Trouble: Over $60 Million Lost in NiceHash Hack

  • In India, the Reserve Bank of India (RBI) this week cautioned the “users, holders and traders” of Bitcoins about the security-related risks associated with dealing with such virtual currencies (VCs).

 

  • In a warning for those who wish to invest in Bitcoins to make some big bucks, the cryptocurrency mining market NiceHash has revealed hackers wiped out its entire Bitcoin wallet, resulting in over $60 million loss. “Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours,” the marketplace said in a statement late on Wednesday. “Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken,” it added.
  • Coindesk reported on Thursday that the loss is about 4,736.42 Bitcoins, worth more than $60 million. “Are we going to get our btc? or might as well just forget it. Your press release said nothing about sending us what you owe. I have 4000$ stuck in your wallet which is now almost 4300$,” tweeted a user named Lohit. Another NiceHash user Philip Richardson tweeted: “If I don’t get my BTC back I will never use your service again”.
    Earlier in the day, the value of one Bitcoin had crossed $14,000, a new record high for the cryptocurrency. Bitcoins are created through a complex computer process known as mining and then monitored by a network of computers across the world. A steady stream of about 3,600 new bitcoins are created a day – with about 16.5 million now in circulation from a maximum limit of 21 million, BBC reported.
  • “Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency,” NiceHash said. The company recommends users to change their passwords – both on NiceHash and other services. The incident brings back the memories of the 2014 implosion of the “mtGox” Bitcoin marketplace which lead to losses of millions of dollars.
  • In India, the Reserve Bank of India (RBI) this week cautioned the “users, holders and traders” of Bitcoins about the security-related risks associated with dealing with such virtual currencies (VCs). The apex bank reiterated its stand that “it has not given any licence or authorization to any entity or company to operate such schemes or deal with Bitcoin or any VC”.
  • “In the wake of significant spurt in the valuation of many VCs and rapid growth in Initial Coin Offerings (ICOs), RBI reiterates the concerns,” the central bank said in a statement.

Hacking Vax’s & Unix

Hacking onto a unix system is very difficult, and in this case, we advise
having an inside source, if possible. The reason it is difficult to hack a
vax is this:  Many vax, after you get a carrier from them, respond=>
Login:
They give you no chance to see what the login name format is.  Most commonly
used are single words, under 8 digits, usually the person's name.  There is
a way around this:  Most vax have an acct. called 'suggest' for people to
use to make a suggestion to the system root terminal.  This is usually watched
by the system operator, but at late he is probably at home sleeping or
screwing someone's brains out.  So we can write a program to send at the
vax this type of a message:
A screen freeze (Cntrl-s), screen clear (system dependant), about 255
garbage characters, and then a command to create a login acct., after which
you clear the screen again, then unfreeze the terminal.  What this does:
When the terminal is frozen, it keeps a buffer of what is sent.  well, the
buffer is about 127 characters long. so you overflow it with trash, and then
you send a command line to create an acct. (System dependant).  after this
you clear the buffer and screen again, then unfreeze the terminal.  This is
a bad way to do it, and it is much nicer if you just send a command to
the terminal to shut the system down, or whatever you are after...
There is always, *Always* an acct. called root, the most powerful acct.
to be on, since it has all of the system files on it.  If you hack your
way onto this one, then everything is easy from here on...
On the unix system, the abort key is the Cntrl-d key.  watch how many times
you hit this, since it is also a way to log off the system!
A little about unix architechture: The root directory, called root, is
where the system resides.  After this come a few 'sub' root directories,
usually to group things (stats here, priv stuff here, the user log here...).
Under this comes the superuser (the operator of the system), and then
finally the normal users.  In the unix 'Shell' everything is treated the same.
By this we mean:  You can access a program the same way you access a user
directory, and so on.  The way the unix system was written, everything,
users included, are just programs belonging to the root directory.  Those
of you who hacked onto the root, smile, since you can screw everything...
the main level (exec level) prompt on the unix system is the $, and if you
are on the root, you have a # (superuser prompt).
Ok, a few basics for the system... To see where you are, and what paths
are active in regards to your user account, then type
=> pwd
This shows your acct. seperated by a slash with another pathname (acct.),
possibly many times. To connect through to another path,
or many paths, you would type:
You=> path1/path2/path3
and then you are connected all the way from path1 to path3.  You can
run the programs on all the paths you are connected to.  If it does
not allow you to connect to a path, then you have insufficient privs, or
the path is closed and archived onto tape.  You can run programs this way
also:
you=> path1/path2/path3/program-name
Unix treats everything as a program, and thus there a few commands to
learn...
To see what you have access to in the end path, type=>
ls
for list.  this show the programs you can run.  You can connect to
the root directory and run it's programs with=>
/root
By the way, most unix systems have their log file on the root, so you
can set up a watch on the file, waiting for people to log in and snatch their
password as it passes thru the file. To connect to a directory, use the
command:
=> cd pathname  This allows you to do what you want
with that directory.  You may be asked for a password, but this is a good
ay of finding other user names to hack onto.
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
=> ls /*
Should show you what you can access. The file types are the same as they
are on a dec, so refer to that section when examining file.  To see what is
in a file, use the
=> pr
filename command, for print file.
We advise playing with pathnames to get the hang of the concept.  There
is on-line help available on most systems with a 'help' or a '?'.
We advise you look thru the help files and pay attention to anything
they give you on pathnames, or the commands for the system.
You can, as a user, create or destroy directories on the tree beneath you.
This means that root can kill everything but root, and you can kill any
that are below you.  These are the
=> mkdir pathname
=> rmdir pathname
commands.
Once again, you are not alone on the system... type=> 
who
to see what other users are logged in to the system at the time.  If you
want to talk to them=>
write username 
Will allow you to chat at the same time, without having to worry
about the parser.  To send mail to a user, say
=> mail
And enter the mail sub-system. To send a message to all the users
on the system, say
=> wall
Which stands for 'write all'. By the way, on a few systems,
all you have to do is hit the <return> key to end the message,
but on others you must hit the cntrl-d key.
To send a single message to a user, say
=> write username
this is very handy again!  If you send the sequence of characters discussed
at the very beginning of this article, you can have the super-user terminal do
tricks for you again. 

Privs:
If you want superuser privs, you can either log in as root, or edit your
acct. so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass the
protection.  The wonderful security conscious developers at bell made it
very difficult to do much without privs, but once you have them, there
is absolutely nothing stopping you from doing anything you want to.
To bring down a unix system:
=> chdir /bin
=> rm *
this wipes out the pathname bin, where all the system maintenance files are.
Or try:
=> r -r
This recursively removes everything from the system except the remove
command itself.
Or try:
=> kill -1,1
=> sync
This wipes out the system devices from operation.
When you are finally sick and tired from hacking on the vax systems, just
hit your cntrl-d and repeat key, and you will eventually be logged out.
_______________________________________
The reason this file seems to be very sketchy is the fact that bell has 7
licenced versions of unix out in the public domain, and these commands are
those common to all of them.  I recommend you hack onto the root or
bin directory, since they have the highest levels of privs, and there
is really not much you can do (except develop software) without them.

Crack BIOS Password !!!

Forgot BIOSPassword ?

Do the following :

1. Open the CPU
2. Now, observe the motherboard.
3. You notice a coin like silverBattery(3V).

—————————————– NOTE ——————————————————–
This battery is 24 x 7 power supply for the BIOS, which is used to run the system clock will the main power is off. It also initiates the booting process when power is switched on.
———————————————————————————————————–

4. Remove the battery from the motherboard.
(It is safe to remove the Battery)
5. Wait 30 seconds and place the battery back on the motherboard.
6. Now, when you start your system you won’t be prompted for the BIOS password.

Enjoy !!!
———————————— CAUTION ———————————————–
1. Perform on your own risk !
2. You have to set the time of your computer when you start again.

Cr3dOv3r – Credential Reuse Attack Tool

Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.

Cr3dOv3r - Credential Reuse Attack Tool

 

You just give the tool your target email address then it does two fairly straightforward (but useful) jobs:

  • Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
  • Then you give it this email’s old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) and notifies of any successful logins.

So how would this Credential Reuse Attack Tool work?

Just imagine this scenario:

  1. You check a targeted email with this tool.
  2. The tool finds the email address involved in a leak so you open the leakage link.
  3. You get the leaked password after searching the leak details.
  4. You return to the tool and enter the password to check if there’s any website the user uses the same password in it.
  5. PROFIT

How to use Cr3dOv3r for a Credential Reuse Attack

 

You can download Cr3dOv3r here:

Cr3dOv3r-master.zip

Or read more here.