Monthly Archives: May 2018

Session Hijacking Tutorial [cookie stealing]

First of all, before going any further you have to understand what a cookie is. So what is a cookie? a cookie is a small piece of information that is stored in the user’s client (browser) when a user visits a website. It is generated by the web server and sent to the browser for authentication purpose.  Lets say you login to your facebook account, when you login a session data is being created in the facebook’s server and it sends a cookie file to your browser. when you do some activity in facebook, these two things are compared and matched everytime. So if we manage to steal this cookie file from someone we will access to their account. In this tutorial i will show you how to do this in LAN. (this method will not work if the victim is not connected to your network.)
 
 
So in this tutorial you will be using a tool called Wire Shark   and a firefox add on called Add N Edit Cookies.

When done this process, just minimize Cain And Abel.

Wire shark is a tool used to sniff packets from the network clients. we will be using this to steal our cookies.
Add N Edit Cookies add on is to inject the stolen cookie into firefox browser.

Download and install wireshark, open it up and click on “Capture” from menu bar. select your interface and click Start. this will start to capture all the packets from your network.

Now find the packets using ther filterer http.cookie.
Look for packets which has POST and GET in it. this is the http information sent to server.


Now once you found the cookie, copy its value like this:

Paste it and save it in a notepad file. Now the final thing to do is, open firefox and start the Add N Edit Cookies Add on from tools menu. Now Insert the stolen cookie here, and you’re done! you should be having access to the victim’s account now!

HOW TO JAILBREAK YOUR KINDLE PAPERWHITE 5.6.5

it’s finally possible to jailbreak the Kindle Paperwhite 5.6.5! Some awesome person on mobileread.com who goes by the handle ‘Branch Delay’ figured it out a few months ago, but waited until Amazon had a chance to update and patch the firmware against the hack before releasing it.

Amazon just released Kindle firmware version 5.7.2, so BD, true to their word, released instructions on how to jailbreak the Kindle Paperwhite (versions 2 and 3) running firmware 5.6.5.

Your Kindle should probably be in airplane mode at the moment, if you currently have firmware 5.6.5. If you just got your Kindle, put it in airplane mode immediately before the firmware updates itself automatically.

TO Jailbreak your Kindle:

  1. Download the jailbreak file. It should be called jb.zip.
  2. Unzip the jb.zip file and open the jb folder. Find the file inside called ‘jb’.
  3. Connect your Kindle to your computer and open it (just like a USB).
  4. Copy the jb file you found in step 2 onto your Kindle. Make sure not to put it inside a folder or anything.
  5. Eject your Kindle from your computer, turn off airplane mode and connect to Wi-Fi.
  6. Open the Kindle experimental browser and go to ‘kindlefere.com/jb/’.
  7. Follow the instructions there. They should involve clicking a couple of links on the page.
  8. When the jailbreak tells you to run ;fc-cache, open up the Kindle search function, type in ;fc-cache and then the return/enter button.
  9. When the jailbreak completes (you should see a message saying it was successful), turn airplane mode back on.
  10. Download the jailbreak bridge file. Unzip it and find the file called ‘Update_jailbreak_bridge_1.14.N_install.bin’.
  11. Connect to your computer again and put the Update_jailbreak_bridge_1.14.N_install.bin file onto your Kindle.
  12. Eject the Kindle from your computer, then go to [HOME] -> [MENU] > Settings -> [MENU] -> Update Your Kindle.

TO install KUAL (Kindle Unified Application Launcher):

  1. Connect your Kindle to the computer, download the KUAL-v2.6.zip file, unzip it and put the KUAL-KDK-2.0.azw2 file into the documents folder on the Kindle.
  2. Eject the Kindle and check for the KUAL application in the list of books.

TO install the KUAL MRpackage installer:

  1. Connect your Kindle to the computer, download the kual-mrinstaller-1.6.N.zip file, unzip it and put all the contents onto the Kindle. There should already be a folder called ‘extensions’ on your Kindle; make sure not to delete or overwrite anything already inside it.
  2. Eject the Kindle, run KUAL and check there is a menu item called ‘Helper’.

From here you can install the screensaver hack, and all sorts of other wonderful things (KOReader, anyone?)
The original instructions explain how to install the screensaver hack, so I suggest you follow them if that’s what you want.

If you have any comments or questions, please let me know below!

Why Your Encryption/Passwords Suck ? New Security Methods : 3D Face Analysis, Bio Metrics, ETC

” Treat Your Passwords Like you treat your Toothbrush, Don’t Let anyone Use it and Change it every 6 Months ” – Clifford Stoll, Scientist.
Thousands of Online Services uses Password, Be it Banks, Shops, Social Networking Sites, Email’s And Every other service. These Passwords are lying on the Databases of the companies, Which frequently have very basic security.
And These sites Do Get Hacked, Here Are Some Of The Greatest Attacks :

Sony PlayStation Network : 77 Million Accounts Hacked. Site Down For 24 Days.
Evernote : 50 Million Accounts Hacked, Including Addresses.
LinkedIn : 6.5 Million Accounts Hacked.
Gamigo : 8.24 Million Accounts Exploited.
Yahoo Voices : 450,000 Accounts Hacked.
Twitter : 250,000 Accounts Hacked.

Most Of the Accounts Get Hacked Because the Main Site Server Gets Exploited, But Many Individual Accounts Get Hacked Because people are too damn dumb to use complex password, A Survey done by Mark Burnett for 12 years Indicates that 78% of online users use These passwords :

123456 jordan george yankees
1234 superman charlie 123123
12345678 harley andrew ashley
qwerty 1234567 michelle 666666
dragon fuck love hello
sex asshole jessica amanda
12345 hunter boobs orange
baseball trustno1 legend-ary biteme
football ranger 6969 freedom
letmein buster pepper computer
monkey thomas daniel fuckme
696969 tiger access nicole
abc123 robert 123456789 thunder
mustang soccer 654321 ginger
micheal porn joshua heather
shadow batman maggie hammer
master test starwars summer
wintwe jennifer pass silver
fucking carlover killer william

 

What And How Hackers Do What They Do !

I Don’t Know How, But somebody tricked us into thinking Hackers are Geeks on Laptops ( which we are) but you should also remember that Hackers have great observation skills. Hackers Follow you everywhere, Once they lay their eyes on a target, they dig out every bit of information available about you. They spy on your online photos, They know your cat’s name, Your Car’s Model and everything you might have mentioned in online world.
Hackers Can attack you on many fronts, like : Cracking your Social networking website password, Stealing Data from your personal computer, Phishing you or even using your E-Mail ID to send messages to terrorists.

Methods To Confuse And Avoid Hackers :

Two Factor Authentication :

Many E-mail Providers use Two Factor Authentication like Gmail And Yahoo, And it the strongest method to protect yourself from getting hacked. To access your account, First you have to sign in Using your E-mail and Password, And then An Eight Digit Code is sent to your mobile within a few seconds, Which you have to fill online to get access to your account.
Pros :
Strongest Security Method.
You know when your account is being accessed.
Alert On Your Mobile if someone tries to brute-force your account.
Cons :
Not so Time Efficient.
You Need Your Mobile And Good Signal Reception.

Total Rating :
Security :

Comfort :

 

OPENID :

A Universally Usable ID Is given to you if you use OPENID. UUID are mostly URL specially crafted for you. To Log In into any service, You’ll have to just insert your OpenId, Not your password. Using OpenID is also a good Idea as password have a habit of getting hacked. OpenID is usable on Google, Yahoo, LiveJournal, Hyves, Blogger, Flickr And other sites.

Pros :
One-For-All Username and Password.
Saves Time.
Cons :
Not So-Many Sites Supported.

Total Rating :
Security :

Comfort :

 

Swipe Gestures :

Swipe gestures are a popular way to lock your Android Phones, And they very Are Simple to use, Thus easily crack-able. Anybody can remember your Swipe by seeing it first time, Also Somebody can find out your swipe by observing the scratches on the surface of your screen.
Pros :
Easy And Simple.
Cons :
Easily Hack-able.

Total Rating :
Security :

Comfort :

 

Password Stick :

On Many Operating Systems, You Can create a password stick which can unlock your computer by plugging it in. It is a time saving and secure method, Unless Your hacker is also good at picking pockets.We are not very fond of this method, as your brain is the safest place to store sensitive information.
Pros :
Time Saving.
Easy.
Secure.
Cons :
Danger Of Getting Hacked if stick is stolen.

Total Rating :
Security :

Comfort :

 

Finger Print Scan :

One of the oldest method of securing, Finger print scanners are widely available on Laptops, Netbooks, External USB Scanner etc. Also a rumor has it that the new iPhone Might have a Fingerprint scanner in the home button. It is a good and secure way to protect your data.
Pros :
Easy To Use.
Widely Available.
Cons :
Remember to clear the scanner after each scan or the print left on the scanner can be easily used by hacker.

Total Rating :
Security :

Comfort :

3D Face Analysis :

On Mobile Since Android 4.0, 3D Face Scan is an awkward way to unlock your mobile, It uses your  mobile/laptop camera to take a video of your whole face each time to unlock your device. But we don’t think this type of security method is useful in Mobiles, Tough it is very useful in PC Security and Other stuff that you don’t need to unlock every other second.
Pros :
Very Secure.
Very Difficult To Hack.
Cons :
Good Lightning needed.
Can be cracked by a video of your’s.

Total Rating :
Security :

Comfort :

 

Behavior Pattern :

Everybody has different way of interacting with technology, And the Swedish Firm BehavioSac Has used it to create a new security system. In this method, You Need to enter your password and have to do it in the same way you did before. Other Factors Include : Typing Rhythm, Speed, And on touchscreen Devices : Angle of gestures, pressure of angles and other stuff !
Pros :
Highly Secure.
Easy To Use.
Cons :
Not available on the market Yet.
Could be a pain in the ass when you’re drunk or sleepy.

Total Rating :
Security :

Comfort :

Conclusion :
With the increasing security risk, It Would be a good idea if the services we use everyday would get a security upgrade, And If the users follow some basic security tips, It would make them much more secure in the online world.

Web Pentest Lab Setup using bWAPP in Windows 10

bWAPP, or a buggy web application, is a deliberately insecure web application. It helps security enthusiasts, systems engineers, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful web application penetration testing and ethical hacking projects. It is made for educational purposes.

Some of the vulnerabilities included in bWAPP:

  • SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP and SMTP injections
  • Blind SQL and Blind OS Command injection
  • Bash Shellshock (CGI) and Heartbleed vulnerability (OpenSSL)
  • Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
  • Cross-Site Request Forgery (CSRF)
  • AJAX and Web Services vulnerabilities (JSON/XML/SOAP/WSDL)
  • Malicious, unrestricted file uploads and backdoor files
  • Authentication, authorization and session management issues
  • Arbitrary file access and directory traversals
  • Local and remote file inclusions (LFI/RFI)
  • Configuration issues: Man-in-the-Middle, cross-domain policy files, information disclosures
  • HTTP parameter pollution and HTTP response splitting
  • Denial-of-Service (DoS) attacks: Slow HTTP and XML Entity Expansion
  • Insecure distcc, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
  • HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
  • Unvalidated redirects and forwards, and cookie poisoning
  • Cookie poisoning and insecure cryptographic storage
  • Server Side Request Forgery (SSRF)
  • XML External Entity attacks (XXE)

Download WAMP server here. Select save or run. Click open. After that follow the next steps.

Next you will see the Select Destination Location screen. Click Next to continue.

Next you will see the Ready to install screen. Click Install to continue.

Once the files are extracted, you will be asked to select your default browser. Select your default browser’s .exe file, then click Open to continue.

Once the progress bar is completely green, the PHP Mail Parameters screen will appear. Leave the SMTP server aslocalhost, and change the email address to one of your choosing. Click Next to continue.

Download the latest version of the Software from the here

Extract BWAPP lab setup in the location” C:\wamp\WWW\bWAPP” as is shown below.

Edit the file ‘admin/settings.php’ with your own database connection settings. Leave blank db_password anddb_name options

Browse to the file ‘install.php’ in the directory ‘bWAPP

http://localhost/bWAPP/install.php

Click on ‘here‘ (Click ‘here’ to install bWAPP). The database ‘bWAPP‘ will be created

Again Edit the file ‘admin/settings.php’ and setup the db_name see the screenshot below

Go to the login page. If you browse the bWAPP root folder you will be redirected. http://localhost/bWAPP/

 Login with the default credentials or make a new user.

Default credentials:

User name: bee

Password: bug

Online Activities That Could Send You In Jail

Internet is an unrestricted realm for its users. It brings you latest information, allows you to share movies, images and music without any bounds, allows you to communicate in a split second and share files. It is a medium which is full of advantages, but there are some disadvantages that come with it in some countries. Particularly if you don’t follow certain rules and regulations laid down by these countries while using the Internet.
cyber-crime-hackers-arrested

Cyber crimes and terrorist attacks have dramatically increased over the years and that may be one of the reasons that if one is seen violating rules of Internet, he/she may be put behind the bars.

So, see the below activities that can get you arrested in some parts of the world.

10 Online Activities That Can Get You Arrested

#1 Having An Open Wi-Fi

Have an Open Wi-Fi

Keeping your WiFi Open and not keeping it password protected can sometimes land you in prison. Your open Wi-Fi connection can be used by criminals or terrorists without your knowledge and this can land you in trouble with the law in almost any country.

This happened with a person name Barry Covert whose open WiFi was used by his neighbor to access child pornography websites. Though, police arrested his neighbour after investigations, Barry had to face the police questioning for a month before the correct person was arrested.

It is always better to password protect your Wi-Fi with WEP, WPA (WPA-Personal), and WPA2 (Wi-Fi Protected Access version 2).

#2 Deleting Your Search History

Deleting Your Search History
Sometimes erasing your search history can also land you behind bars. This happened in United States, when a person namely David Kernell was arrested for deleting information on his computer. A University of Tennessee student, Kernell was being investigated by federal authorities for allegedly hacking Yahoo Account of the then vice presidential candidate, Sarah Palin.

India to had brought about laws making it mandatory for users to save their browsing history for 3 months. But the same was scrapped after there was huge public outcry against it.

#3 Offensive Posts, Messages or Tweets

 

Making offensive posts or tweets or sending offensive messages can land you in trouble in any part of the world. Two persons from Leigh Van Bryan aged 26 and Emily Bunting aged 24 tweeted about their upcoming visit to USA, “Free this week for a quick gossip/prep before I go and destroy America”.
They were interrogated for about five hours by the authorities. Bryan and Bunting tried to convince the police that “Destroying” was a British  slang for “Partying.”

 

#4 Using VOIP services

This issue is country specific and only limited to Ethiopia. Using VOIP services like Skype is strictly prohibited in Ethiopia and can land you in prison (An user from Ethiopia has contradicted this). The country’s new telecommunications law strictly prohibits VOIP services, which consist of audio and video communication and transfer of information over VOIP clients. We advise you that if you are citizen or tourist of Ethiopia, kindly check up with authorities before using Skype or any other VOIP services.

#5 Dancing in a Video

This is a serious offence in Iran. In fact, six persons were arrested for dancing to a video from Pharrell Williams song “Happy”. The Iranian judiciary found them guilty and they received 91 lashes as well as year’s prison sentence. Though later, the sentences were suspended and they were let off in six months.

In Russia, a youth was jailed in Russia for 15 days and two women were jailed for 10 days after they were found to be allegedly dancing and making a video near a second world war memorial.

#6 Leaving Internet Comments

Syria is now a battlefield between different warring factions for control of territory. Even then, commenting on the Internet is a crime in Syria. Human Rights Watch reported that in 2007, Syrian authorities arrested two person and they were shifted to unknown place, apparently for offering their comments about the censorship laws in Syria on a website.

#7 Translating Articles

Translating banned books can land you in jail in any country. Thailand authorities arrested an American citizen who translated one such article on his blog. The article was termed as “offensive to the autocracy” by the Thai authorities who consider their King as a supreme being. Even posting on Facebook/tweeting against the King can land you in jail in the Lese Majeste laws.
In Indonesia, a person was put behind bars for two years after he posted “God does not Exist” on “Facebook”.

#8 Gambling

Online gambling is banned in many countries across the globe and can land you behind the bars. This includes if you organize gambling or play online games like Poker, Blackjack etc.

#9 File Sharing

File sharing is a contentious issue. In some countries you are free to share movies, images or files without the worry of the law but in many countries it is illegal to share what is considered as pirated content. In some places even downloading torrents is considered as being unlawful.

#10 Posting Lyrics on Facebook

This may have happened only once. Unites States authorities arrested rapper and school student, Cameron D’Ambrosio for posting rap lyrics on Facebook. The police allege that D’Ambrosio made terrorist threats under the garb of rap. Prosecutors sought to charge D’Ambrosio with threats to make a bomb or hijack a vehicle, carrying a maximum sentence of 20 years in prison.
There are many such laws which can put in a spot of bother while surfing online. Making racist comments or hurting religious sentiments is a strict taboo online like it is in the real world. If you know of any other such unknown laws exist in some country, kindly note them down in the comments section.

dnmap – Distributed Nmap Framework

dnmap – Distributed Nmap Framework
dnmap is a distributed Nmap framework which can hand off Nmap scans to several clients. It reads an already created file with Nmap commands and send those commands to each client connected to it. The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and […]

The post dnmap –…

Read the full post at darknet.org.uk


New feed

How to Chat Using Command Prompt

1) All you need is your friend’s IP Address and your Command Prompt.

2) Open Notepad and write this code as it is…..!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as “Messenger.Bat”.

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:

7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:

8) Now all you need to do is type your message and press Enter.
Start Chatting…….!

 

 

Reveiw Us On Google Play

Everything You Need To Know About Web Shells

Everything You Need To Know About Web Shells
So let’s talk about Web Shells, something many of us are already familiar with, but to level the field – what is a web shell? A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. Infected web servers can be either Internet-facing or internal […]

The post Everything You Need To Know…

Read the full post at darknet.org.uk


New feed

DMitry – Deepmagic Information Gathering Tool

DMitry – Deepmagic Information Gathering Tool
DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU) Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. DMitry has a base functionality with the ability to add new functions, the basic functionality of DMitry allows for information to be gathered about a target…

Read the full post at darknet.org.uk


New feed

Automater – IP & URL OSINT Tool For Analysis

Automater – IP & URL OSINT Tool For Analysis
Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com,…

Read the full post at darknet.org.uk


New feed